Federal judges challenged attorneys on Wednesday to clarify the rationale and constitutionality of government data requests, in a line of questioning that may ultimately introduce greater transparency into what is now a tightly cloaked process.
The hearing, held in a federal appeals court in San Francisco, focused on National Security Letters, or NSLs, a type of data request commonly used by the Federal Bureau of Investigation to obtain information from companies, ostensibly for the purposes of investigating national security matters. The government issues these data requests to telecommunications and Internet providers such as Google and Verizon without any review by a court, and the letters almost always have a gag order attached to prohibit the recipients from saying much about them.
Wednesday's hearing followed a ruling last year by the U.S. District Court for Northern California, in which the judge struck down the gag orders as being unconstitutional. The plaintiff in that case, the digital rights group Electronic Frontier Foundation, represented an unnamed service provider that argued the NSL it received restricted its free speech rights and was served without adequate oversight. The government appealed the ruling, arguing that the standards around NSLs are in fact constitutional.
Wednesday's appeal hearing was held before a panel of three judges. They heard oral arguments from two attorneys: a Justice Department lawyer supporting NSLs as they stand, and an attorney from the EFF. The EFF argued NSLs are unconstitutional for several reasons and the process around them needs to be changed or eliminated.
NSLs typically seek information such as names, addresses and communications records, not the contents of messages themselves. But privacy advocates have argued this type of "non-content" data can still violate people's privacy, especially if it reveals the connections between people, which the Supreme Court has ruled is protected free speech under the First Amendment.
The gag orders also prohibit companies from saying anything about these sorts of data requests, beyond disclosing the number of requests they've received, and then only in broad ranges. This violates companies' free speech rights under the First Amendment, restricting them from entering into constructive public debate around online privacy and government surveillance, privacy advocates say.
While the government has argued that NSLs are constitutional, courts have been split on the issue. The judges in San Francisco did not issue a ruling on Wednesday, but their questions to lawyers showed they had concerns around the free speech implications of NSLs, the process under which they're disseminated, and what recourse companies have to challenge them.
One judge, Norman Randy Smith, questioned whether the law should be changed to make it easier for companies to challenge NSLs in court after they receive them. Only a handful of NSLs have ever been challenged in court, partly due to what the EFF has called a "chilling" effect that makes companies afraid to speak out. Recipients can petition a court to kill the NSL request, but typically the government files an affidavit to protect the order, and the company must wait a full year to challenge it again.
"There should be some obligation on the part of the government to end the [NSL] order" after a company challenges it, said Judge Smith. "Why is the company going to be gagged for as long as the government so desires?" he said.
All three judges asked whether the government, including the FBI, should more closely evaluate companies' objections to NSLs.
It could be weeks or months before the judges rule on the case. But when they do, the losing side may appeal the case to the U.S. Supreme Court, which might determine the fate of NSLs and perhaps other types of government data demands.
"This is the best chance yet we have in getting the laws around NSLs struck down," said Kurt Opsahl, the arguing attorney for the EFF, in an interview following the hearing.
While the sort of data collected through an NSL might serve a purpose in investigating national security matters, it should be gathered with oversight, closer to the way subpoenas and court orders are handled, he said.
Douglas Letter, the Justice Department attorney, said during the hearing that NSLs were an "extremely useful and important tool used in counter-espionage, cybersecurity and counter-terrorism investigations."
"If we don't have that tool, we'll be hamstrung in our ability to provide protection around national security," he said.
Government requests for user data have become a key issue in a larger debate around online privacy and government surveillance. Many companies, including Google, Facebook, Verizon and Microsoft, now regularly release "transparency reports," which outline the number and types of government data requests they receive and their responses to them. But the information included in those reports is limited by the restrictions the government imposes on them.
It's not just privacy advocates calling for increased transparency. Twitter sued the government this week, seeking to say more about the data requests it receives.
Congress and a presidential commission have taken steps toward reforming the laws around NSLs. One such move, the USA Freedom Act, would tighten the standards for issuing them but still let them go through without court approval. No proposal thus far has addressed all the flaws in the process, the EFF has said.
Wednesday's hearing was focused on NSLs, not data requests made under the Foreign Intelligence Surveillance Act, which target content such as actual email messages.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.