This ongoing conflict, happening largely behind the scenes, was brought to public attention earlier this month when Yahoo published three national security letters (NSL), government requests for user information, on their website. A close reading by experts reveals that the FBI may have overstepped its legal boundaries in at least one of the NSLs, by asking for subscriber information, headers and browser histories.
Yahoo went public with the requests after receiving a letter from the FBI stating, "consistent with the requirements of the USA Freedom Act of 2015 and the Termination Procedures for NSL Nondisclosure Requirement, the FBI … reviewed whether to continue the nondisclosure requirement," in three NSLs issued to us, "and … determined that nondisclosure is no longer necessary."
In a Transparency Report document, Yahoo stated, "Specifically, we produced the name, address, and length of service for each of the accounts identified in two of the NSLs, and no information in response to the third NSL, as the specified account did not exist in our system. Each NSL included a nondisclosure provision that prevented Yahoo from previously notifying its users or the public of their existence." Out of 13,000 NSLs sent last year, the three requests published by Yahoo are the only ones to be made public to date.
The FBI continued to send NSLs to tech companies even though the DOJ told the agency a court order was required.
Robyn Greene, policy counsel for the Open Technology Institute, said, "It seems that the FBI has again crossed the line when it comes to ECTRs (electronic communication transactions records), even after being explicitly told, under the Bush administration, no less, that they were not legally authorized to demand these personal records absent a court order."
Senator Ron Wyden (D-OR) said, "The Justice Department told FBI officials that if they want to demand Americans’ email records, they need a court order. It is very troubling that the FBI has apparently not been adhering to that guidance."
One tactic the FBI employs to get more information than they are legally allowed to possess is to send companies a long list of requests and let the recipient figure out the legal niceties. This is particularly difficult for smaller companies who don’t have the resources to sift through all the legislation.
"Essentially, the FBI believes they can ask for the sun, the moon and the stars in an NSL, while knowing that tech companies don’t have to turn over anything more than name, address and length of service," said Chris Soghoian, chief technologist at the American Civil Liberties Union.
"The FBI asks for so much, because it is banking that some companies won’t know the law and will disclose more than they have to. The FBI is preying on small companies who don’t have the resources to hire national security law experts."
"It’s been very clear that the FBI has been continuing to request things that they’re not supposed to get," said Michael German, a fellow at the Brennan Center for Justice and former FBI agent. German stated, "There’s a behind the curtains push" to pressure "groups who either don’t want to fight or are otherwise inclined to help the FBI get the records they want. And it’s all happening in secret."