Revealed: What Info the FBI Can Collect With a National Security Letter

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.

NSL = for things that DO NOT require a warrant

[daveschroeder]

Note what this (or any) NSL does not request, for good or ill given the explosion in digital communications since Smith v Maryland in 1979 and subsequent case law (which effectively says that metadata, as "business records" provided to a third party, do not have an expectation of privacy and are not covered by the Fourth Amendment): CONTENT of communications.

Note what is also missing here: the target. People assume it's an innocent US Person. The fact is, if a NSL is used, the person is almost certainly a foreign intelligence target under active investigation, and the reason why requests are "dropped" is because IF a NSL was used in the first place, we don't want to reveal any further sources, methods, or what we know.

Unless and until the Supreme Court of the United States speaks on this matter again -- and it very well may, and it very well may rule differently given how the communications landscape has changed in 35+ years -- that is the law of the land. Not peoples' opinions, not tech commentator know-it-alls, not self-proclaimed security experts.

If something doesn't legally require a warrant, it amounts to a formal request. I'm not saying it's always perfect execution, but the whole purpose of a NSL is so that it runs through its own legal process -- which, again, is for information that does NOT require a warrant. I know people think it has no oversight, but either something requires judicial oversight, or it doesn't. And NSLs DO have massive amounts of LEGAL oversight, just not a warrant signed by a judge -- repeating myself here -- because one isn't required for information sought by a NSL.

And like information that we seek under Intelligence Community authorities, we don't want the target of the collection or surveillance knowing we are targeting them, or where, or how. Yeah, it sucks, and it's imperfect, and all that, but even in a democratic society, you can't just say every single national security or intelligence issue has to be in the open. That's not how even democratic societies work, or can work, or should work, when it comes to national security matters. Some things tilt too far in one direction based on national events, or politics, etc. Then they tilt back. It's never fast enough for proponents or critics.

The main issue is that people say that something like a NSL is "bad" because it doesn't have judicial oversight in the form of a warrant. If the information sought doesn't legally require a warrant, I don't know what to tell them. Then when we do actual court orders and warrants when required for foreign intelligence collection, issued by the very court whose sole purpose is to protect the rights of Americans under the law and Constitution in the context of foreign intelligence collection, they complain because the evidence is heard and rulings are issued in secret.

A NSL at its core is nothing more than a formal process and notification, with a lot of other legal considerations surrounding it, that is the equivalent of someone saying, "Hey, can you help us out...and oh, by the way, here's a bunch of other legal crap which justifies this. And don't tell anyone, because this is a national security issue." I understand why people make an issue of it, because they'll say, ok, even if it's used for all "bad guys" it still "could be abused". Uh, and? Any government power at all "can be abused". Secret ones "can be abused" in secret.

And yet, the government still has to have powers, and some of them on the national security and intelligence side are necessarily cloaked in secrecy. And in the conduct of war, diplomacy, law enforcement, and counterterrorism as the United States, with our myriad interests at home and abroad, we do all of these things for a reason. No, it's never perfect, and it never will be. People act surprised when the use of something like NSLs skyrockets since the late 90s...well, guess what else skyrocketed since the late 90s? The goddamned internet, which we invented, and our enemies are literally using it against us. No, not bullshit lik