Revealed: What Info the FBI Can Collect With a National Security Letter

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.

Troubling?

[fustakrakich]

What's troubling is that people allow it to happen. The polls all say that they want it. The reelection rates confirm it.

Re:Troubling?

[fizzer06]

"Article the sixth...

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Impy the Impiuos Imp]

There he is! The leftist who declares we should not be bound by 200 year old documents, because it gets in the way of the arrogation of power into the government, the kinds of which dictators like. He fancies himself better than they, and a wise wielder of it, and that there is no danger of it ever being used to form a dictatorship, so it's safe.

You ask the wrong question. Do not ask "What else from 1776 would you use?" That is a fraud's rhetorical device.

Ask instead what problem they were trying to sol

Re: Troubling?

[dryeo]

The truth is that the old document can use some updates. Examples include adding electronic documents to the 4th, explicitly listing the cases where government can limit speech such as national security and perhaps child porn. These are cases where the courts have extended the Constitution (or didn't) in ad hoc ways.
Discussion can also start on issues like is it OK for businesses to violate your rights, and if so, is it OK for them to do it for the government. Then there are questions about whether you own your data.
The American Constitution is a fine document but has suffered bitrot and you get the courts making rulings like how the 1st only protects some speech which sets a precedent that can be extended in the future.
Even simple things like is the Air Force constitutional. The constitution mentions defence but gives different powers to Congress to form a navy and an army with the idea of a standing army discouraged (at the time it was recognized that a standing army often led to tyranny and a militia was a superior option). Would have been really easy to amend the Constitution to allow an Air force rather then once again depending on the courts interpretation.
There are other parts such as the Interstate commerce clause that may be better defined as well.

Re:

[spire3661]

The 4th ALREADY covers electronic documents. 'Papers and EFFECTS'. Take your CP argument and shove it up your ass. I dont care how repugnant you find it, i am not willing to give the government a blank check in stopping it. NO AMENDMENT should list CP anywhere in it.

Re:

[rtb61]

That is the balance in law, the government has to be allowed to do something to do it and citizens have to be actually banned from doing something. It the government does not have permission from citizens to do something, than it is pretty illegal to do it and if citizens have not been banned from doing something it is pretty much legal to do it. So citizens have rights and governments do not, they have the set rules they must operated under us democratically defined by it's citizens. So we have agencies a

Re:

[dryeo]

The 4th ALREADY covers electronic documents. 'Papers and EFFECTS'.

Your Supreme Court has thought differently at times. Olmstead v. United States (1928) basically ruled that wiretapping was not a search as no trespass had happened and electrons are not physical property.
While Katz v. United States (1967) ruled that the 4th was as much about privacy as physically entering your property and overruled Olmstead, it was not unanimous and to quote Justice Black in his dissenting opinion,

It is significant that such a rule [protecting electronic privacy] appears nowhere in the tex

Re:

[Agripa]

Oddly enough I agree with the court but not for the reasons they give. No matter what court ruling exists, the government is going to collect every electronic record that they can whether legal or not and when used as part of an investigation, it will be laundered to prevent court review of the collection. Consider the DOJs current position that electronic records are not searched and seized *unless* they are actually reviewed by a human. Copying them off of the wire for storage is not a seizure as far a

Re:

[dryeo]

They (the 3 letter agencies) won't be happy unless they have the capability to read everything. Even requiring warrants isn't a fix as long as there are rubber stamp Judges and warrants can be issued in secret and kept secret.
The courts will also bend under public pressure and as long as politicians use fear to control and advance their agenda, the courts are likely to throw more rights out the window.

Re:

[akgooseman]

I love the idea of updating the Constitution to bring it up to our times. But the problems we privacy minded people have with the current interpretation and execution of Constitutional power will only be amplified by the current group of knuckleheads in control of this country.

Re:

[dryeo]

Yes, it would be opening a huge can of worms. The only good thing is that with the required super majority requirement to amend, only the simplest amendments, such as my Air Force example, are likely to pass.

Re:

[wyHunter]

You've hit the nail on the head. The left - and now the right - merely wish to destroy the country. Actually, they already have.

Re:

[davester666]

Exactly. The constitution really only applies to things that existed when the document was written. Things invented since then, particularly the internet and wireless communication aren't covered by it.

The President and the NSA told me so. They have a secret legal opinion of an interning lawyer that says so. And they only had to get 12 of them written before getting the one they wanted.

Re:

[knightghost]

It is very private because bits and pieces were kept separate - each entity had only what it needed. Now everything is lumped together and data mined to far more previously private information than you even know about yourself. That's a fundamental and horrible violation.

We have met the enemy, and it is us.

Re:

[Impy the Impiuos Imp]

I also point out the idiocy of the "metadata" concept in relation to constitutional design. In this cas, good old King George III would indeed have happily warrantlessly tracked founding father phone calls to see who was in their network.

As such the founding fathers would have banned it, sans warrant.

Again, warrants are all we ask. Do not build the tools of dictatorship. Disallow government those powers. That is the central constitutional design principle.

Re:

[TheCarp]

Not a public transmission, not in any way. Its a private transmission, facilitated by a third party under contract.
I would no more expect the telephone company to feel free to disclose such information as I would expect any other business to talk freely about the private nature of their business dealings with clients.

I would consider the privacy of such dealings to be pretty well implied in the very nature of a contract to facilitate private communications.

Re:

[Holi]

With a warrant, sure not unreasonable at all. Without a warrant? that's where you start getting into problems. Do you really think the government should be building a database of it's citizen's movements in a supposed free society?

Re:

[known_coward_69]

while this is true, it's perfectly legal to issue a subpoena or some other court order to collect evidence of a crime or a plan of future criminal activity. that's what a NSL is. and you are not searching anyone's home or property under an NSL, you are searching the records of their public interactions with the rest of society. so unless you search the inside of their car or the data on their cell phone, you don't need a warrant now go back to elementary school and maybe post those stupid meme's of the fo

Re:

[Anonymous Coward]

A subpoena is issued by a court, upon the sworn testimony of a government official, typically a law enforcement officer. An NSL is issued by a law enforcement agency under it's own cognizance, with no oversight. That's the difference. An NLS is not a subpoena, and can be a violation of the fourth amendment. The lack of court oversight might be a violation of the sixth amendment. The Freedom Act has not yet been fully vetted by the courts. Certainly parts of the Patriot Act were on their way to being invalid

Re:

[NormalVisual]

while this is true, it's perfectly legal to issue a subpoena or some other court order to collect evidence of a crime or a plan of future criminal activity.

That court order is called a "warrant". Subpoenas are also issued by the court or its officers, but only in conjunction with a pending court case. The main point is that the court issues both of those documents, not an executive agency under its own authority. Also, note that the Fourth Amendment covers "persons, houses, papers, and effects", not j

Re:

[fustakrakich]

The Queen of England has more power than hollow words without the will and the balls it takes to enforce them.

Re:

[wyHunter]

flip both those names and you 've got it.

Re:

[Impy the Impiuos Imp]

Every politician has had a little birdie sing softly into their ear, "Imagine the next attack, and you are on the record as hampering government from its panopticon of observation."

Re:

[account_deleted]

Comment removed based on user account deletion

Re: Troubling?

[MyAlternateID]

That's a lot like saying, "Some people don't like freedom."

A lot of people really don't like freedom. Real liberty might mean that other people can do things you don't approve of. They might adopt a lifestyle you don't like. They might want to marry a same-sex partner. They might want to smoke a joint in their own home. They might want to have consentual sex between adult people in which money is involved, or a position other than missionary. A willing buyer might want to purchase alcohol from a willing seller on a Sunday. Someone might want to own a gun in certain areas, or carry that gun concealed, both with no intention of shooting anyone unless mortally threatened. They might want to buy raw milk with a full understanding of any risk involved. They might want to collect rainwater. They might want to install roll bars (a safety feature) on their vehicle. They might want to generate their own electricity and go off-grid without the city condemning their property.

In some parts of the world they might want to practice an unapproved religion, educate their daughters, hear a woman sing, or explore their feelings for another consenting adult of the same sex.

All of these things are illegal somewhere. The urge to pry into the lives of others and worry about what other people are doing, how they are living, and find ways to stop them is rampant. There are large numbers of small-minded busybodies who seem to have no lives of their own, thus they need a piece of someone else's. Achieving the force of law is their ultimate wet dream. They like "freedom" when it means "things I personally approve of", which makes a mockery of what freedom actually is. Yes, one can reasonably conclude that lots and lots of people really don't like freedom.

If these UFOs people keep reporting actually are advanced aliens from a distant star system, it's no wonder they don't make open contact. They're looking down at us and saying, "clearly they aren't ready yet. All they seem to care about is controlling each other. They most admire the ones who are best at it, calling them great leaders."

Re:

[NormalVisual]

They like "freedom" when it means "things I personally approve of", which makes a mockery of what freedom actually is.

Insightful quote of the day.

Re:

[lakeland]

This is a beautiful post, thank you.

Re:

[Holi]

People did not vote on this. We are not a direct democracy. Our representatives voted on this, all of them, regardless of how you, their constituents, feel about it. Why? because we are no longer a representative democracy. We are rapidly shifting to a representative oligarchy where, regardless of who you elect, they do the bidding of those who paid for their seat.

The perception of corruption was the reason behind our campaign reforms, but with the current Court now limiting it to direct quid pro quo all

Re:

[Agripa]

Ya, that will work. I'll just vote for the *other* politician. Err, wait . . .

Re:

[Agripa]

We are rapidly shifting to a representative oligarchy where, regardless of who you elect, they do the bidding of those who paid for their seat.

How many politicians do you have to own to get your way?

Both of them.

Re:

[currently_awake]

I don't recall this ever coming up as an election issue. You can't vote to correct a problem if you don't know about it, and they work very hard to ensure you don't know. Simple solution: mandatory disclosure of released information after 1 year. Sufficient for police work, will strongly discourage fishing expeditions.

Re:

[fustakrakich]

I don't recall this ever coming up as an election issue.

Exactly...

Simple solution: mandatory disclosure of released information after 1 year.

That won't happen until it becomes an election issue. Without it, there is no incentive. We are on our own...

Re:

[jonwil]

The problem is that the US government via their friends in the mainstream mass media have brainwashed the sheeple into thinking that the only way to prevent the next 9/11 is to carry out unconstitutional wholesale surveillance on everyone on the planet.

Unless you can stop the brainwashing and get the sheeple to realize that no, violating everyone civil liberties and constitutional rights is NOT going to help stop the terrorists, nothing is going to change.

Re:

[Agripa]

Exactly! The people reelected either a Republican or Democrat so they must want a ubiquitous surveillance state!

Re:

[Anonymous Coward]

The FBI believes that NSL's have no limits and would like to keep it that way.

From TFLA [theintercept.com]:

The FBI issues the letters, known as NSLs, without any judicial review whatsoever. And they come with a gag order.

But a federal District Court judge in New York ruled in September that the continuous ban on Merrill’s speech about the order was not justified, considering that the FBI’s investigation was long over and most details about the order were already openly available.
[...]
The court ruling noted that the FBI is no longer requesting this type of information using NSLs, but wants to maintain the possibility of doing so in the future.

The question of whether law enforcement should be required to get a warrant before obtaining detailed cell site location information is currently being reviewed in several federal District Courts, though the Supreme Court recently turned the case down.

No Surprises

[Anonymous Coward]

I see no surprises. Everything that they have revealed has been known or suspected by anyone that gave it any real thought.

Also no surprise... The VAST majority of American citizens are to self-centered to care. They just don't care! 'It's not happening to me(that I know of) and I don't give a flying fuck about you.'

People are too stupid to care. This situation will get a hell of a lot worse before anyone tries to do anything about it. The perfect example is last Sunday's lie that the NSA was ceasing broad collection. Nobody knows about it, even fewer care about it and the NSA sure as hell didn't stop shit! But, who cares, right?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[geekmux]

Most people are too scared to say anything at all so that they don't have their lives intruded upon.

Uh, I hate to burst your bubble here, but most people are actually overbearing narcissists addicted to social media who are hell-bent on ensuring their online lives intrude upon yours.

We're in the middle of a discussion about intelligence agencies acting illegally under citizens that ignore it. Don't try and paint the average citizen as suddenly caring about privacy or legality, because they could give a shit about either.

What?

[s.petry]

I have no idea who your generalization is supposed to be covering. "Most" people would fall into the original comment. People who are too brainwashed to do anything, or care about anything, that the media does not tell them to do, or care, about. Mindless drones who sit staring at a 2.5x3" screen occasionally banging it with their thumbs. Reading 100 character strings for their life philosophy, and shouting down anyone that disagrees with their 140 character and 2 meme opinion.

I wish that was a scary ex

Surveillance is for Cows

[Anonymous Coward]

You are all Cows. Cows say nothing. nothing. nothing! nothing cows nothing! nothing say the cows. YOU GAG ORDERED COWS!!!

Re:

[cellocgw]

Cows say nothing. nothing. nothing! nothing cows nothing! nothing say the cows

Not true at all. I've seen them on TV. Some cows chat with each other about how contented they are, and how that makes their milk taste better. Other cows hold up picket signs that read "Eat more Chikin."

What is truly "troubling"

[geekmux]

"The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling,"

Really? THAT is what you call extremely troubling?

Here's what is truly troubling...the fact that every owner of a smart phone already did this in some way when they agreed to the EULA attached to the power button, and yet none realize it.

It didn't take governments to eliminate privacy or security. Cheap-ass consumers hell-bent on demanding all services be given to them for free did that.

Re:

[whoever57]

Another part that is troubling, but also interesting, is that various courts have already decided that gathering some of this data without a warrant is unconstitutional. Just because an NSL is used to get the data doesn't magically make it legal.

Re:

[currently_awake]

A judicial ruling that this is unconstitutional means the government can't pass a law or use an executive order or issue a NSL to do this. It would require a constitutional amendment.

Re:

[almechist]

A SCOTUS ruling that this is unconstitutional means the government can't pass a law or use an executive order or issue a NSL to do this. It would require a constitutional amendment.

FTFY

Re:

[whoever57]

You didn't "fix" anything. It doesn't require a SCOTUS ruling. All it requires is a ruling that is not appealed (or the higher courts refuse to hear an appeal).

Re:

[almechist]

You didn't "fix" anything. It doesn't require a SCOTUS ruling. All it requires is a ruling that is not appealed (or the higher courts refuse to hear an appeal).

The US government has continued to do many things that various lesser judges have ruled unconstitutional at one point or other, but a Supreme Court ruling puts the matter to rest for good (barring a constitutional amendment). And if SCOTUS refuses to hear a case, well, that's a ruling of a sort, too. You need SCOTUS to settle the matter, either way.

Re:

[Impy the Impiuos Imp]

People are fine with it as a tracking device. Even the concept of a nearby business sending a quick coupon is cool.

It is unauthorized access by government that is a serious issue. By that I mean warrantless. Attaching a tracking device to a car without a warrant was ruled unconstiutional.

Just get the damned warrants.

What is metadata?

[swillden]

NSLs are restricted to allowing collection only of "non-content information", or metadata. But what does that mean? In the case of telephone calls, it's pretty clear. With web history, though, it's much less clear, because a list of URLs is a list not only of which servers you connected to, but in most cases also what information you retrieved. The URL doesn't contain the information itself, but it's trivial for someone else to retrieve it and find out what you read.

Cell location information is another debatable case. While in some sense it is metadata if we consider the content to be what you talk about on the phone, the data you send/receive, etc., it's also tantamount to having a tracking device on almost everyone. Courts have ruled that GPS tracking without a warrant is unconstitutional, and it really seems that this is the same thing. The precision is lower, but it's still pretty darned good.

As for purchases, it would seem that information about what you bought and how much you paid for it would constitute "content", while the times and locations of the transactions would be metadata.

IP addresses of people you corresponded with... that seems like pure metadata, and is unsurprising to me.

Re:

[DarkOx]

The problem is metadata is a description that only makes sense in context. One person's metadata is data to someone else.

Even with the the phone company. What cell you were connected to and when is metadata to the billing division. To them data is which customer, using what service, for how long. (roaming aside) What cells you were using are not important that is data about where the other data came from. To the groups that do network operations and capacity planning: They don't care about who mostly,

Re:

[geekmux]

I don't think the legal system should be trying to declare what is or isn't metadata, certainly not for the sake of making some qualitative judgment about if its subject to constitutional protections. We should stick to the reasonable expectation of privacy test, that has been used in the past. If someone would reasonably expect the known dispositions of whatever data they are sending/producing/modifying would be private the government should need a warrant!

Agreed. And if you're looking for a test group to validate a reasonable expectation, I'd say let's start with lawmakers.

After all, I'm certain they'll consider their own data benign and inconsequential, especially after someone tells them their life fucking story, armed with just their "meta" GPS data...

Re:

[Scutter]

Do you have any idea how incredibly valuable "metadata" is for signals intelligence?

Re:

[swillden]

Do you have any idea how incredibly valuable "metadata" is for signals intelligence?

Yes. What's your point?

TIL: The FBI learned how to increase system noise

[gestalt_n_pepper]

The result of this strategy, of course, is a small population of ever more skilled people who can hide illegal activities via encryption, message splitting, or other methods, while making the noise (i.e. banal, legal activity) more voluminous, easy to get, expensive to process, and meaningless.

Re:

[currently_awake]

The Paris attack happened because the intelligence agencies are spending so much time/money/manpower spying on "law abiding" citizens that they don't have time to actively watch the known troublemakers. The Paris attackers were on watch lists, they were known to be a threat.

Truly troubling

[chihowa]

The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL.

The truly troubling part is not the specifics of what they collect, but the fact that they think that they should operate with no accountability to the citizenry. A government operating on secret interpretations of laws is entirely at odds with a democratic system.

Re:Truly troubling

[Fire_Wraith]

This is it exactly.

We're never going to be able to completely put the genie back in the bottle short of throwing away all of our phones and computers. The communications, the data, it's out there. Furthermore, just like there are times we want the FBI/Police etc to get a wiretap, there are times we'd want them to be able to monitor someone. That's never been the concern - it's always been about accountability and oversight.

The government, be it FBI/DOJ or NSA/CIA/etc, shouldn't have the power to freely go demanding, let alone collect and store, all of this stuff without some kind of external oversight, just like they've been prevented from freely coming into your house and going through your personal papers. If they really have cause to do so, they can go to a judge and get a warrant. That won't prevent every abuse, sure, but it at least provides a paper trail and accountability for later, as well as the means to challenge that original action if the FBI/etc goes overboard.

NSL = for things that DO NOT require a warrant

[daveschroeder]

Note what this (or any) NSL does not request, for good or ill given the explosion in digital communications since Smith v Maryland in 1979 and subsequent case law (which effectively says that metadata, as "business records" provided to a third party, do not have an expectation of privacy and are not covered by the Fourth Amendment): CONTENT of communications.

Note what is also missing here: the target. People assume it's an innocent US Person. The fact is, if a NSL is used, the person is almost certainly a f

Re:

[ISoldat53]

Wonderful, but if the NSL is truly for National Security, make it illegal to use information gained using one in a domestic criminal investigation or give it to any corporation for their commercial use.

Re:

[daveschroeder]

Your whole extended statement fell apart with the title.

"NSL = for things that DO NOT require a warrant"

Actually, warrants are the mechanism by which a free society achieves balance between personal and collective rights. Absent that...

Nope. Not everything government does requires a warrant. That is an undeniable fact. The case law which says metadata, for example, affirmatively does not require a warrant, has no expectation of privacy, and is not covered by the Fourth Amendment, is over 35 years old.

It got

A most see talk from a couple of years ago

[Lennie]

https://media.ccc.de/v/27c3-42... [media.ccc.de]

Should be assumed

[mbone]

"The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling,"

You should always treat your cellphone as a tracking device.

Tell this motherfucker to regret it self.

[rawtatoor]

NSL They didn't send me one yet. I wish the passive aggressive