Dissenter FeaturedLatest NewsThe Dissenter

Appeals Court Rules Against CREDO And CloudFlare’s Challenge To FBI’s National Security Letters

A federal appeals court affirmed the Federal Bureau of Investigation’s use of gag provisions when issuing national security letters or NSLs and argued nondisclosure requirements do not violate the First Amendment.

Between 2011 and 2013, CREDO Mobile received three NSLs, and CloudFlare received two NSLs in 2012. Both filed a lawsuit to challenge the government’s gag provisions and “sought to enjoin the government from “issuing additional NSLs and from imposing additional nondisclosure requirements.”

The government responded by seeking to compel the companies to comply with the NSL.

National security letters, as defined by the Electronic Frontier Foundation (EFF), which represented CREDO and CloudFlare, are law enforcement investigative tools similar to subpoenas.

The government uses NSLs to “obtain information from companies as part of national security-related investigations.” They give the FBI (and in some instances, other federal agencies) the ability to “demand that companies turn over data about their customers’ use of services such as banking, telephone, and internet usage records.”

National security letter law was amended by the United States Congress in 2015, as part of the USA FREEDOM Act, which was passed in response to National Security Agency whistleblower Edward Snowden’s disclosures.

The changes were key to the Ninth Circuit’s decision to rule against CREDO and CloudFlare.

A district court ruled in 2011 that the gag and judicial review provisions violated CREDO’s First Amendment rights. The government was enjoined from issuing information requests and enforcing the NSL’s gag provisions. But the district court stayed its decision so the government could appeal.

When Congress amended the law, it required the Attorney General to develop procedures for periodic review and termination of gag provisions associated with any NSLs.

The appeals court interpreted, “Under these procedures, any nondisclosure requirement must terminate when the underlying investigation is closed or ‘on the three-year anniversary of the initiation’ of the investigation, unless ‘the FBI makes a determination that one of the existing statutory standards for nondisclosure is satisfied.'”

Once the FBI determines secrecy is no longer necessary, the FBI is supposed to terminate the gag provision requirements and notify companies or individuals, who were issued the NSLs.

The same law also made it permissible for a person to “disclose aggregate data regarding the number of NSLs that the person received,” such as 0 to 99 or 0 to 999.

The changes to NSL law led the Ninth Circuit to vacate the district court’s decisions and remand the case to the district court to reassess the constitutionality of the law.

There is a content-based restriction imposed on companies and individuals, the appeals court concluded. However, the law with the changes in the USA FREEDOM Act are “narrowly tailored” to “serve a compelling government interest, both as to inclusiveness and duration.”

“We reject the recipients’ argument that this provision gives the government unfettered discretion and therefore creates a system of insufficiently cabined prior restraints,” the appeals court declared. “Even if the NSL law is determined to be the type of regulation for which procedural safeguards are required, the law as a whole imposes narrow, objective, and definite standards on the government before it can issue a nondisclosure requirement.”

But EFF maintained the USA FREEDOM Act did not go far enough when it came to NSLs.

“Congress changed some parts of the statute in 2015, but retained the basic elements of the gags,” EFF previously declared in a press statement in October 2016. “In fact, EFF’s clients still cannot identify themselves publicly or share their experiences as part of the debate over government surveillance of technology services.”

“Our clients want to be able to issue accurate transparency reports and talk to their customers about how they try to defend users from overreaching government investigations,” EFF Staff Attorney Andrew Crocker declared. “But instead, the FBI instituted indefinite gag orders to shield its demands for information. This is an unconstitutional restriction of our clients’ First Amendment rights.”

EFF emphasized the fact that both CREDO and CloudFlare were unable to fully contribute to the debate when Congress considered reforms to NSL law.

From a redacted brief [PDF], either CREDO or CloudFlare hoped to “illustrate the failings of the reciprocal notice process,” which is the right to request that a court review a gag order accompanying an NSL.

Either CREDO or CloudFlare was positioned to discuss how they had fared with the “reciprocal notice” process, “especially the lengthy amount of time a final resolution actually takes under that process (over three years at the time of the debate over the USA FREEDOM Act and now over five years).”

Both were effectively gagged from arguing to members of Congress, their staff, and members of the public that certain measures in the USA FREEDOM Act would not protect against what they viewed as the FBI’s unconstitutional exercise of power.

Kevin Gosztola

Kevin Gosztola

Kevin Gosztola is managing editor of Shadowproof. He also produces and co-hosts the weekly podcast, "Unauthorized Disclosure."