March 6, 2013
Internet Company Releases Info on National Security Letter Requests for First Time
Google, for the first time, has revealed the FBI attempted to obtain data on more than 1,000 Google accounts last year without a warrant.
The FBI can issue a National Security Letter (NSL) to obtain “identifying information about a subscriber from telephone and Internet companies,” said Richard Salgado, Google’s legal director for law enforcement and information security, in a blog post.
“The FBI has the authority to prohibit companies from talking about these requests,” Salgado said. “But we’ve been trying to find a way to provide more information about the NSLs we get — particularly as people have voiced concerns about the increase in their use since 9/11.”
Google has found a solution — sort of. In order to include data about NSLs in its Transparency Report and still comply with the law, the technology giant has been forced to be pretty vague in reporting actual numbers.
According to the report, each year — from 2009 to 2012 — Google was issued fewer than 3,000 NSLs in the U.S.
In 2009, 2011 and 2012, the report indicates the NSLs were linked to between 1,000 and 2,000 Google user accounts. In 2011, however, the letters were connected to between 2,000 and 3,000 accounts.
The FBI does not require court approval to issue NSLs, but they can only be used in matters related to national security, not for ordinary criminal, civil, or administrative matters, Google revealed. The FBI also can’t use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos or user IP addresses.
While in most cases it is standard practice for Google to notify users about legal demands, the FBI can prohibit the company from disclosing it has received an NSL, if it certifies the disclosure may result in “a danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person.”
Google’s revelations on NSLs come a month-and-a-half after it released its July to December period of its 2012 transparency report.
The report indicated government requests for Google’s users’ data continues to rise globally, but the highest number came from the U.S.
The United States issued 8,438 requests for information on about 14,791 users in the six-month period.
The report also detailed the legal processes used by American authorities making the requests.
• Sixty-eight percent of the requests were via subpoenas. These are requests for user-identifying information, issued under the Electronic Communications Privacy Act (ECPA) and are the easiest to get because they typically don’t involve judges.
• Twenty-two percent were through ECPA search warrants. These are, generally speaking, orders issued by judges under ECPA, based on a demonstration of “probable cause” to believe that certain information related to a crime is presently in the place to be searched.
• The remaining 10 percent were mostly court orders issued under ECPA by judges or other processes that are difficult to categorize.
Google complied with 88 percent of requests from authorities made by subpoena or search warrant.