Google’s Report on NSLs: What we still don’t know

Every year, the FBI issues tens of thousands of “national security letters”—or NSLs—demanding that internet service providers, telephone companies, credit card companies, and others hand over information about their customers if it is “relevant” to a counterterrorism or counter-intelligence investigation. That information could include the web sites we visit, the email addresses of our contacts, or even information linking us to our anonymous political speech online. This practice has been shrouded in secrecy, though, because the FBI gags recipients of NSLs—preventing companies from telling their customers that the government has asked for records about them.

Yesterday, in an unprecedented move, Google partially sidestepped that gag-imposed silence—after consultation with the government—and disclosed information about the number of times it has received NSLs.

The numbers are not particularly surprising: the government has issued NSLs for information about thousands of Google users or accounts over the past four years. Take a look:

Google deserves a lot of credit for releasing this information. Indeed, this is just the latest effort by Google to reveal how many times the government comes to it for information about its customers. (You can see Google’s other transparency reports here.)

But this latest bit of information about the government’s surveillance authorities shouldn’t obscure a larger truth: We still know far too little about how the government is using its sweeping surveillance powers and even about what some of those powers allow the government to do.

We have known for some time that the government issues a staggering number of NSLs every year: forty to fifty thousand in some years. We also know, based on inspector-general reports (more info here), that NSLs have been repeatedly abused. And we know that, ever since our lawsuit challenging the gag-order provisions of the NSL statute, companies like Google are allowed to force the government to justify those gags in court, so that customers are not needlessly and indefinitely kept in the dark about the disclosure of their private information to the government.

But we still know very little about whether companies are standing up for the rights of their customers by actually challenging the gag orders. Here, Google and other companies are in a unique position to help us find out more. Now that Google has disclosed that it has received NSLs for information about thousands of its users, other companies should follow suit—and also take the next step by revealing how often they challenge the gag orders that come with NSLs, and whether they ever succeed in those challenges and notify their customers.

Why is information about the gags—and, more generally, government surveillance—so important? Look no further than our recent loss in the Supreme Court in Clapper v. Amnesty International. Last week, the Supreme Court threw out our challenge to the most sweeping surveillance statute that Congress has ever passed, the FISA Amendments Act of 2008, which authorizes the dragnet and warrantless surveillance of Americans’ international communications. The Supreme Court tossed our suit because the plaintiffs—who included lawyers for suspected terrorists, journalists reporting in conflict zones, and researchers working with foreign dissidents—could not prove that the government had tapped their communications.

As you can see, secrecy is the name of the game. Secret government surveillance is difficult to hold to account. Unless we as Americans insist that the government release basic information about what its surveillance powers authorize and how it is using those powers, there is little reason to believe that the surveillance abuses of the past will not be repeated.

Google should be applauded for its efforts to date. We hope this is just the beginning of a trend.