Ten years later, Nick Merrill still can’t discuss the details of the data request that came hand delivered to him from the FBI. If he could, Merrill says, people would be shocked by the implications for their online privacy.

The request came by way of a National Security Letter, or NSL. The letters are not well known, but since 9/11 they’ve helped to dramatically expand the government’s ability to collect information about Americans directly from phone companies and Internet providers. Any FBI office can issue an NSL, without a court’s review and with a gag order.

The NSL that Merrill received at his small web-hosting firm, Calyx, was one of 56,507 sent in 2004, according to figures from the Justice Department. The letter, embedded below, instructed Merrill that he was to “personally” deliver the records requested of him. It asked for a client’s name, addresses, “electronic communication transactional records” and “all e-mail header information.” Due to security concerns, the order read, “you should neither send the records through the mail nor disclose the substance of this request in any telephone conversation.”

“I was terrified to talk to anyone about it,” Merrill said in the above excerpt from Part Two of the FRONTLINE investigation, United States of Secrets. “I didn’t call any of my colleagues. I didn’t speak to anyone about it.”

Merrill was not even sure he could discuss the letter with his attorney, but unconvinced the order was legal, he chose to challenge it on constitutional grounds.

The decision set Merrill apart. Until 2013, no major Internet or phone company is known to have questioned the constitutionality of a National Security Letter. And while revelations by former NSA contractor Edward Snowden have shown that tech companies have often aided government surveillance unwittingly, the industry’s broad compliance with NSLs underscores its frequent role as a partner.

“To litigate is expensive,” Barton Gellman, who broke the Snowden story for The Washington Post, told FRONTLINE. “When you’re getting tens of thousands of these letters a year — to litigate any substantial number of them is ruinous — besides which, the big companies that are receiving these letters have regulatory business before the U.S. government and they don’t want to annoy the authorities.”

Nick Merrill’s National Security Letter:







National Security Letter sent to Nick Merrill (PDF)

National Security Letter sent to Nick Merrill (Text)

