Government Affairs Blog
August 24, 2017
WHEN MAY A COMMUNICATIONS SERVICE PROVIDER DISCLOSE THE EXISTENCE OF A NATIONAL SECURITY LETTER?
Last month the Ninth Circuit Court of Appeals issued a ruling that touched the intersection between communications service providers (CSPs), public safety, and subscriber privacy. The issue was whether a CSP may disclose the existence of a national security letter (NSL) seeking subscriber data for an FBI investigation. According to the Ninth Circuit, the NSL nondisclosure rule meets the “strict scrutiny” standard of the first amendment. What does the ruling mean for CSPs?
The Purpose of an NSL
When the FBI conducts a national security investigation and finds it must collect subscriber records from a CSP, the agency may obtain the records using the special authority of an NSL. An NSL has the same due process power as a subpoena, except it is available only to the FBI, and it is used only for gathering information in national security cases, such as the pursuit of a suspected terrorist cell or foreign spying operation.
The classified nature of NSLs requires special handling. An FBI agent delivers the NSL to the CSP by hand, not by electronic means. When the agent collects the targeted data, he does not leave behind the original version of the document, though he usually provides a redacted version called a trust certificate.
The NSL Nondisclosure Clause
An NSL typically contains a nondisclosure clause ordering the receiving CSP not to tell anyone about the nature of the NSL, or even mention the fact that the NSL exists. Tipping off a suspected terrorist or spy that he or she is subject to a national security investigation could cause the person to take drastic action. The suspect might launch a terrorist attack, kill potential witnesses, or flee the country.
A CSP may disclose an NSL to only three types of people: (1) those needed to help comply with the NSL; (2) an attorney, for purposes of complying with the NSL or challenging its validity; or (3) others, but only with the FBI’s consent.
Despite the above guidelines, what if a CSP wants to disclose the existence of an NSL as an exercise of First Amendment Constitutional rights? Prior restraints on the content of speech, especially political speech, are viewed with extreme skepticism in the American legal system. Courts review the validity of such restraints by applying a standard of “strict scrutiny.”
Why would a CSP want to compromise the secrecy of a national security investigation? Most CSPs don’t take such risks. But for certain dominant Internet providers the situation is not so simple. They market to foreign consumers, many of whom regard U.S. law enforcement with suspicion. To earn the trust of that global audience, the competitors have increasingly challenged the authority of U.S. law enforcement. Other network owners are champions of privacy who want their subscribers to enjoy the full benefit of their constitutional rights. Hence the emergence of lawsuits such as the one in the Ninth Circuit.
The Ninth Circuit Decision
Applying the strict scrutiny test to the NSL nondisclosure requirement, the Ninth Circuit in July 2017 found that the speech restriction was “narrowly tailored” to meet a “compelling state interest.” The compelling state interest was the need to solve national security investigations such as probes of terrorist plots. The rule was narrowly tailored based on the CSP’s right to challenge the validity of the NSL, the requirement that the nondisclosure clause must be reassessed after three years, the fact that the nondisclosure period expires at the end of the investigation, and a post-9/11 compromise between industry and government that lets CSPs publicize aggregate statistics on the volume of NSLs they receive.
The CSP involved in this case argued that the nondisclosure rule was not narrowly tailored. Their argument was premised on two grounds. First, the rule prohibits disclosure even for a CSP that serves millions of subscribers – a condition under which no one could realistically tie a disclosed NSL to any particular person. Second, the rule gives the FBI complete discretion in deciding what third parties may be informed of an NSL, without considering limits on that discretion, which might permit broader disclosures.
The Ninth Circuit rejected the CSP’s arguments. At the time the FBI applies for an NSL, the Court said, the presiding judge already has the discretion to consider factors such as the CSP’s subscriber base, so that factor does not render the nondisclosure rule unconstitutional. As for the FBI’s discretion to include third parties in the disclosure group, the Court said that is only one element of a rule that is still narrowly tailored as a whole.
The Outcome for CSPs
Further appeals in the Ninth Circuit proceeding are possible. Meanwhile, CSPs may continue to follow NSL nondisclosure orders without worrying about their legality.
July 21, 2017
SHOULD CONGRESS RESTORE THE POWER OF US LAW ENFORCEMENT TO COLLECT COMMUNICATIONS CONTENT STORED ABROAD?
Last year a US appeals court decision interpreted a federal statute in a manner that stopped American law enforcement agencies from using judicial warrants to gather communication content stored abroad. Certain congressmen responded with proposed legislation to restore the status quo meaning of the law. What does the bill propose, and would it fairly balance the interests of public safety, subscriber privacy, and the needs of communication service providers (CSPs)?
May 19, 2017
EXPANDING COMMUNICATIONS SERVICE TO THE EU WHILE COMPLYING WITH MANDATES FOR PRIVACY AND LAW ENFORCEMENT
As American communications service providers expand their networks to the European Union they’ll confront a phalanx of new privacy laws and evolving mandates to assist law enforcement. The following examines the regulatory hurdles.
April 28, 2017
HOW CALEA SOLUTIONS IMPROVE SECURITY IN COMMUNICATION NETWORKS
Communication service providers in the US are generally required by the federal CALEA statute to equip their networks with hardware/software solutions that facilitate lawful electronic surveillance. CALEA solutions provide the technical capabilities law enforcement agencies need to conduct court-ordered surveillance in criminal and terrorist investigations. For example, a state police department may need to intercept the calls of a criminal suspect using a cell phone. Or the FBI may monitor the broadband signals of a terrorist suspect communicating on the Internet.
December 12, 2016
HOW WILL THE UK’S NEW SURVEILLANCE LAW IMPACT AMERICAN COMMUNICATION SERVICE PROVIDERS?
On November 29th the United Kingdom adopted a surveillance law that raised a novel issue of law enforcement assistance and privacy. How does the new law impact U.S.-based communication service providers?
The UK’s new Investigatory Powers Act
The UK’s existing Data Retention and Investigatory Powers Act of 2014, or “DRIPA,” already requires UK communication service providers to facilitate lawful surveillance and retain data on their subscribers’ past communications. To meet the data retention mandate, a service provider must store records on every subscriber’s past voice communications, emails, and text messages, and disclose them to the government upon lawful request.