Documents Show The FBI Is Targeting Financial Institutions, Credit Reporting Agencies, And Universities With NSLs

from the third-parties-are-the-best-parties dept

We've written several times before about the FBI and its unnatural love for National Security Letters. NSLs make the FBI tick. They're super handy, too. The FBI issues them to itself and then hands them to a variety of third parties, eliminating any judicial oversight. The fact that third parties are recipients make the Fourth Amendment (mostly) irrelevant. These work so well the FBI has used NSLs to get info the FISA court has already said it can't have.

Thanks to some modifications to NSLs by the USA Freedom Act, we're finally seeing recipients posting NSLs they've received. NSLs used to come with "forever" gag orders, preventing recipients from discussing them, much less posting the documents themselves. The new law, along with a decision from the DC Circuit Court, requires the FBI to periodically review its NSLs and decide whether the gag orders are still justified. Companies are also now allowed to demand gag order reviews themselves, rather than wait three years for the FBI to get around to it.

The end result has been the release of several un-gagged NSLs by tech companies like Facebook, Google, Yahoo, and Automattic. A FOIA lawsuit by the EFF has resulted in the largest NSL document dump to date. The released files were shared with the New York Times (which, in turn, is sharing the documents with everyone else), showing that NSLs are not just limited to tech companies and service providers. They also target any entity that might conceivably have third-party records on hand.

The F.B.I. has used secret subpoenas to obtain personal data from far more companies than previously disclosed, newly released documents show. The requests, which the F.B.I. says are critical to its counterterrorism efforts, have raised privacy concerns for years but have been associated mainly with tech companies. Now, records show how far beyond Silicon Valley the practice extends — encompassing scores of banks, credit agencies, cellphone carriers and even universities.

While many tech companies are proactively posting un-gagged NSLs, most of the other recipients listed here haven't felt obligated to engage in transparency. Banks, credit agencies (Equifax, TransUnion, etc.), universities, and cable providers have not been publishing the NSLs green-lighted by the FBI's review process. What's included in the 1,000+ pages released to the EFF is hundreds of letters from the FBI to third party NSL recipients informing them they can publish the cleared NSLs. Many of these entities haven't.

What isn't in this stack of PDF pages are the NSLs themselves. The FBI may have cleared them for publication, but it's up to the recipients to actually publish them. If these entities aren't going to take this step, it really doesn't matter that gag orders have been lifted. Maybe the targeted customers have been informed of the FBI's interest in them. Maybe not. But the general public isn't being served by entities that are more than happy to gather voluminous amounts of information about their customers (and students) but unwilling to discuss how often they turn over that information to the federal government.

The documents also show that the FBI's review process isn't really resulting in that much more transparency. Roughly 750 letters were released to the EFF. That's a very small percentage of the NSLs whose gag orders were reviewed by the agency.

According to the new documents, the F.B.I. evaluated 11,874 orders between early 2016, when the rules went into effect, and September 2017, when the Electronic Frontier Foundation, a digital rights group, requested the information.

The release looks like a generous document dump by the FBI, but only if all context is removed. That's some of it right there: the 6% rate of return. The letters stating the FBI is fine with recipients discussing NSLs was only turned over to the EFF after a FOIA lawsuit. Finally, the NSLs we've seen published to date are the result of law that was passed in response to leaked documents that exposed the NSA and FBI's incredible surveillance powers… and how often they've abused these authorities. The government isn't being any more transparent. It's just unable to avail itself of as much opacity as it used to.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: credit agencies, fbi, financial firms, gag order, national security letters, nsl, secrecy, universities