PRIVACY + SECURITY BLOG

News, Developments, and Insights

National Security Letter - NSL

Did you know that the FBI can issue a letter to an Internet Service Provider or a financial institution demanding that they turn over data on a customer? The letter doesn’t require probable cause. No judge must authorize the letter. The FBI simply issues the letter and gets the information. There’s a gag order, too, preventing the institution receiving the letter from mentioning this fact.

A recent lengthy Washington Post article examines National Security Letters (NSLs) in depth:

The FBI now issues more than 30,000 national security letters a year, according to government sources, a hundredfold increase over historic norms. The letters — one of which can be used to sweep up the records of many people — are extending the bureau’s reach as never before into the telephone calls, correspondence and financial lives of ordinary Americans.

Issued by FBI field supervisors, national security letters do not need the imprimatur of a prosecutor, grand jury or judge. They receive no review after the fact by the Justice Department or Congress. The executive branch maintains only statistics, which are incomplete and confined to classified reports. The Bush administration defeated legislation and a lawsuit to require a public accounting, and has offered no example in which the use of a national security letter helped disrupt a terrorist plot.


There are several NSL provisions lodged in various federal statutes:

1. Electronic Communications Privacy Act, 18 U.S.C. § 2709 (FBI can compel communications companies to disclose customer information)

2. Right to Financial Privacy Act, 12 U.S.C. § 3414(a)(5) (FBI can compel financial institutions to disclose customer information).

3. Fair Credit Reporting Act, 15 U.S.C. § 1681u (FBI can compel credit reporting agencies to disclose records on individuals).

I believe that NSLs provide far too much unfettered power to the FBI. If the FBI wants to obtain information about a person, why not go to court and obtain a search warrant by demonstrating probable cause? Instead, NSLs cut the courts out of the process; and they do not require probable cause.

According to the Washington Post article:

Resistance to national security letters is rare. Most of them are served on large companies in highly regulated industries, with business interests that favor cooperation. . . . . National security letters give them a shield against liability to their customers.

Kenneth M. Breen, a partner at the New York law firm Fulbright & Jaworski, held a seminar for corporate lawyers one recent evening to explain the “significant risks for the non-compliant” in government counterterrorism investigations. A former federal prosecutor, Breen said failure to provide the required information could create “the perception that your company didn’t live up to its duty to fight terrorism” and could invite class-action lawsuits from the families of terrorism victims. In extreme cases, he said, a business could face criminal prosecution, “a ‘death sentence’ for certain kinds of companies.”

The volume of government information demands, even so, has provoked a backlash. Several major business groups, including the National Association of Manufacturers and the U.S. Chamber of Commerce, complained in an Oct. 4 letter to senators that customer records can “too easily be obtained and disseminated” around the government. National security letters, they wrote, have begun to impose an “expensive and time-consuming burden” on business.

Originally posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01