Google has posted a “Transparency Report” that provides a range of how many National Security Letters (NSLs) it has received and a range of how many users/accounts were specified in these NSLs each year since 2009. Of course, your first question may be: What is an NSL?
An NSL is a special search vehicle by which the FBI has the authority to demand the disclosure of customer records maintained by banks, Internet Service Providers, telephone companies and other entities. When this happens, these entities are prohibited from revealing to others their receipt of an NSL. There have been reports that the issuance of NSLs has expanded significantly since the Patriot Act increased the FBI’s power to issue them.
Getting back to Google, its Transparency Report details that for each of the years 2009, 2010, 2011, and 2012, it received between 0 and 999 NSLs. And for the years 2009, 2011, and 2012, these NSLs specified between 1,000 and 1,999 users/accounts, while the range was between 2,000 and 2,999 for the year 2010.
Google only was able to reveal these numerical ranges after it had engaged in negotiations with government officials.
Because NSLs are generally handled in secret, understanding their use and frequency has been difficult. Also, there has been little oversight when it comes to NSLs, which makes them controversial.
According to the San Francisco Chronicle, Google has stated that the NSLs can be used to compel companies to identify the name, address, length of service and local and long-distance toll billing records of a customer — but not Gmail content, search queries, YouTube videos or user IP addresses. The FBI has issued an average of nearly 50,000 NSLs per year for the time period 2003 to 2006, The Washington Post has reported.
NSLs are supposed to address national security investigations. They are not designed to focus on usual criminal, civil, or administrative matters.
The foregoing numbers seem to suggest a fairly broad use of NSLs. We must hope that they have been used as intended. Without much oversight, it is not easy to know for sure if that indeed has been the case.
Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him at ejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.