FBI's Spy Tool Details Exposed After Gag Order Is Lifted

Following an 11-year battle, Nicholas Merrill finally gets to publicly talk about the FBI's National Security Letter, which demanded he hand over a wide swath of private information about one of his ISP customers.



8 iPhone Security Apps To Keep Your Data Safe (Click image for larger view and slideshow.)

Nicholas Merrill, founder of a small ISP, disclosed publicly on Monday how broadly the FBI has secretly issued National Security Letters (NSLs) that allow the collecting of data about US citizens without a warrant or judicial oversight.

Merrill's disclosure -- which follows an 11-year legal battle -- is made even more chilling when one considers that an NSL almost always comes with a built-in gag order. This order prevents the recipient from disclosing the letter to its target, or to the public.

That unrestrained gagging was central to the decision by a federal district court to invalidate the gag order in full.

U.S. District Judge Victor Marrero on Aug. 28 found that "the non-disclosure requirement enforced against him [Merrill] was overly broad and could not be supported by a 'good reason.' "

[Read The NSA, Surveillance, And What CIOs Need To Know.]

There was a stay on the order for 90 days to allow for an appeal. Since there was none, as of this week, Merrill is free to speak about the case.

He told Reuters that Judge Marrero's ruling is significant "because the public deserves to know how the government is gathering information without warrants on Americans who are not even suspected of a crime."

The NSL became part of the USA Patriot Act in the wake of the Sept. 11, 2001 terror attacks. According to a Justice Department inspector general report, the FBI issued 143,074 NSLs between 2003 and 2005. Merrill's case marks the first time an NSL gag order has been lifted in full, according to a Yale Law School blog post.

"For more than a decade, the government has refused to allow Mr. Merrill and other NSL recipients to tell the public just how broadly the FBI has interpreted its authority to surveil individuals' digital lives in secret using NSLs," the blog noted.

Merrill's legal journey began in 2004 when the FBI issued him an NSL targeting one of the customers of his ISP, Calyx Internet Access, in New York. The FBI subsequently dropped the demands, but Merrill fought the gag order attached to the NSL.

"The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," Merrill told Ars Technica.

According to court documents, the FBI was asking for:

DSL account information

Radius log

Subscriber name and related subscriber information Account number

Date the account opened or closed

Addresses associated with the account

Subscriber day/evening telephone numbers

Screen names or other on-line names associated with the account

Order forms

Records relating to merchandise orders/shipping information for the last 180 days

All billing related to account

Internet service provider (ISP)

All e-mail addresses associated with account

Internet Protocol (IP) address assigned to the account

All website information registered to the account

Uniform Resource Locator (URL) address assigned to the account

Any other information which you consider to be an electronic communication transactional record

In 2007, Merrill wrote an anonymous op-ed piece for the Washington Post in which he accused the FBI of withholding documents. "The inspector general's report confirms that Congress lacked a complete picture of the problem during a critical time [re-authorization of the Patriot Act]: Even though the NSL statute requires the director of the FBI to fully inform members of the House and Senate about all requests issued under the statute, the FBI significantly underrepresented the number of NSL requests in 2003, 2004 and 2005, according to the report," he wrote.

President Obama's Intelligence Review Group in 2013 noted that there are about 60 NSLs issued per day.

NSLs are routinely sent to major tech firms such as Facebook and Microsoft.

Perhaps sensing that the tide is turning against the government, President Obama told the Justice Department to amend the gag order in January 2014 so that it is not permanent.

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.