There are two kinds of subpoenas that federal law enforcement can serve on internet service providers and online communications companies if they want to spy on a users' email or Twitter account. Both kinds frequently have gag-orders attached - which means, users are none the wiser that their account has been breached. And both types of subpoenas are being served to ISPs at an unprecedented rate. The ACLU's Jameel Jaffer explains why what you don't know can hurt you.
BOB GARFIELD: This is On the Media. I'm Bob Garfield.
BROOKE GLADSTONE: And I'm Brooke Gladstone. A few weeks ago, Twitter took a bold stand and won the right to disclose to a few users, users purportedly connected to WikiLeaks, that their accounts were the subject of a Justice Department subpoena. It was a rare example of an online communications company breaking the silence that’s imposed when, as in this case, it comes with a gag order. When the government, in the course of investigating a crime, wants to ferret out information online, it can choose either of two kinds of subpoenas. The first requires a judge’s approval and may include a gag order. Companies can appeal the gag order, like Twitter successfully did, and alert their users that the Feds are on their trail, but few do. The second kind of subpoena is more severe and is used in cases that involve national security. It’s called a National Security Letter, and until recently it imposed mandatory unending silence on whoever received one. Both kinds of subpoenas are so useful that they're being used these days at an unprecedented rate. Nobody knows exactly how many regular subpoenas are issued, but ISPs are starting to cry uncle because they can't keep up. Meanwhile, the federal government itself estimated that they are serving 50,000 National Security Letters every year.
BOB GARFIELD: In the last few years, legal challenges have at least chipped away at the secrecy that accompanies the National Security Letter, allowing an appeal before a judge. And so far, out of the hundreds of thousands of National Security Letters served, a whopping three organizations have won the right to just say they got one. Jameel Jaffer at the American Civil Liberties Union has challenged the National Security Letters in court. He says that winning even three people the ability to speak through the gag of silence is progress.
JAMEEL JAFFER: The FBI can still issue these National Security Letters, but it used to be that there was secrecy in every single case and that it was virtually impossible for anyone who received one of these things to challenge the requirement that they not talk about the letter. That’s changed. When ISPs challenged the nondisclosure orders in court, courts now give real meaningful scrutiny to the FBI’s claim that secrecy is necessary. Now to say that it’s possible for an ISP to do that is not the same thing as saying that ISPs actually do it.
BOB GARFIELD: Now in a moment we're going to speak with Nicholas Merrill who was, in fact, the proprietor of the ISP to which you referred and the first to challenge the government on this issue. But what puzzles me is why, if these provisions in the original Patriot Act and the subsequent tweaks of it were declared unconstitutional by federal courts, why thousands and thousands and thousands of National Security Letter recipients haven't materialized to talk about their experiences.
JAMEEL JAFFER: Nick is one of three. The other National Security Letter cases that have gone public involved librarians in Connecticut, and then there was another NSL served on the Internet Archive. But I think it’s reasonable to ask why more ISPs aren't coming forward and challenging either the nondisclosure order or the FBI’s demand for information. And I think that the answer to that, or at least a partial answer to that, is that the ISPs don't often have an interest in asserting their subscribers’ rights. It’s not the ISP’s information that’s at stake, and none of the subscribers ever know that the FBI has asked the ISPs for information. And so the ISPs have really very little incentive to come forward and take on the government.
BOB GARFIELD: Although, as we've seen, some of these large corporations are beginning to rethink the issue because they are so inundated with government requests for data about their clients that it’s becoming time consuming simply for them to comply. Ten and twenty National Security Letters or subpoenas per day coming into companies like Google?
JAMEEL JAFFER: I think that’s right. Many of these large corporations, these large Internet service providers, are rethinking their privacy policies, and that’s in part because of the volume of the demands that the FBI is serving on them. And I think it’s also in part because they are increasingly recognizing that customers are picking their online service providers, in part, on the basis on privacy policies. Now, I think that that is changing very slowly, and obviously privacy is only one of many, many factors that customers or prospective customers take into account. And I think as individuals become more aware of the way that their information is being collected and stored and analyzed and retained and disseminated, what you will see is a shift in consumer behavior.
BOB GARFIELD: One company that’s pushed back is Twitter, which is not an Internet service provider but obviously does all of its business online. What is it doing to fight the government on indiscriminate issuances of subpoenas?
JAMEEL JAFFER: Well, basically what Twitter is doing is notifying the people whose privacy rights are at stake. Initially, there was a nondisclosure order but ultimately the nondisclosure order was lifted. As a result, Twitter’s users have the ability now to go to court and challenge the government’s demand if they want to. That’s a very important thing because ultimately we all now entrust so much information to third parties, and if those third parties hand over our information without ever informing us that the government has demanded the information, then we lose control not only over the information but all of the aspects of our lives [LAUGHS] that come with that information.
BOB GARFIELD: Now, when the government overreaches, it’s very easy to summon outrage, but it’s equally easy to forget that behind all of this, at least, is the government’s genuine interest in national security and preventing crime, especially terrorism, for example. And I wonder what effect this kind of transparency will have on cases when there, you know, are real live terrorists conspiring to commit a real live act of mass murder, and Twitter or an ISP or somebody else notifies the subjects that the government is on the trail?
JAMEEL JAFFER: I think it’s a totally legitimate concern. The problem though is that the statute now allows the FBI to use National Security Letters not only to gather information about suspected terrorists and criminals, but to gather information about anyone at all, so long as, in the FBI’s view, the information is relevant to an ongoing investigation. It’s the difference between a targeted investigatory tool and what we have now, which a tool that the FBI can use to go essentially on fishing expeditions and gather information about people who are one or two or three or more degrees removed from the target of any actual investigation. And I think that’s part of the reason why the FBI issues so many of these National Security Letters every year.