April 09, 2013, 12:22 PM — For the first time, Microsoft and Google have publicly revealed roughly how often they have been issued National Security Letters (NSL), which allow the Federal Bureau of Investigation to get private customer information without a judge's approval. It highlights why the letters, created in their current form by the Patriot Act, should be done away with -- and a recent court ruling may lead the way to doing just that.
The Patriot Act allows the FBI to issue NSLs to companies seeking a customer's "name, address, length of service, and local and long distance toll billing records" without a judge's prior approval. An FBI agent only needs to say that the request is "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." A superior at the FBI must approve each request, but otherwise, there's no oversight.
The law has a gag provision that bans the company from saying anything about NSLs, not even so much as acknowledging that it has received one. That provision is invoked if the FBI deems that the disclosure would be a "danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person."
Again, there's no oversight.
In early March, under a deal with the Obama administration, Google became the first company to publicly reveal anything about the NSLs it has received from the FBI. Under the deal, it can disclose a range of the number of NSLs, but not the precise number. Still, the disclosure is revealing. In a " transparency report," Google said the company had received between 0 and 999 NSLs each year for 2009, 2010, 2011 and 2012.Those requests covered between 1,000 and 1,999 accounts each year, except for 2010, when they covered between 2,000 and 2,099.
Several weeks after Google released its report, Microsoft followed suit. Microsoft has been targeted more heavily than Google -- in 2009 it received between 0 and 999 NSLs for between 2,000 and 2,999 accounts; in 2010 it received between 1,000 and 1,999 NSLs for between 5,000 and 5,999 accounts; in 2011 it received between 1,000 and 1,999 NSLs for between 3,000 and 3,999 accounts; and in 2012 it received between 0 and 999 NSLs for between 1,000 and 1,999 accounts.