Last September a US District Court struck down (pdf) an 11-year-old gag order imposed by the FBI on Nicolas Merrill, the boss of a small ISP forcibly muted from talking about government requests for user data. Merrill was first gagged back in 2004, and has been fighting the government ever since -- even going so far as to launch a new ISP focused specifically on user privacy in the expanding domestic surveillance age.
In 2001, the Patriot Act expanded the FBI’s authority to unilaterally demand that businesses and ISPs turn over user records -- and never talk about the request -- simply by sending a National Security Letter (NSL) claiming the data was needed for national security purposes.
For the first time, a court filing released on Monday clearly illustrates how the FBI uses NSL's to force companies and individuals to turn over large sums of personal data without a warrant.
In short, the documents show how the FBI used NSL's to dance around the Fourth Amendment and grab absolutely massive swaths of personal data without Judicial oversight. The freshly-ungagged Merrill released a full list of the data demanded of him, which included everything from cell location data to user online purchase histories.
"For more than a decade, the government has refused to allow Mr. Merrill and other NSL recipients to tell the public just how broadly the FBI has interpreted its authority to surveil individuals’ digital lives in secret using NSLs," Merrill said in a recent press release by his organization. "Tens of thousands of NSLs are issued by FBI officers every year without a warrant or judicial oversight of any kind."
The ACLU has offered a
handy graphic detailing how it took more than a decade of legal battles to get to this point of transparency. Merrill, meanwhile, now runs a "non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption" under the banner of the
Calyx Institute.