The FBI can keep sending surveillance orders to tech companies and ban them from disclosing those requests, an appeals court ruled Monday.
Internet company Cloudflare and wireless network operator CREDO Mobile sued the federal government to be allowed to disclose public national security letters they have received. They argued that the letters, which are administrative subpoenas issued by the government to gather information for national security purposes, are unconstitutional because they violate the First Amendment’s freedom of speech protections.
Critics of national security letters — like the Electronic Frontier Foundation, which represented Cloudflare and CREDO in the case — say they “allow the FBI to secretly demand data about ordinary American citizens’ private communications and internet activity without any meaningful oversight or prior judicial review.” Companies that receive national security letters, or NSLs, are subject to gag orders, which means they can’t even disclose they’ve received such orders unless the letters become declassified. And those gag orders last indefinitely.
A three-judge panel on a US court of appeals in San Francisco on Monday upheld a lower court ruling that NSLs can remain secret. In their unanimous ruling, they said the Supreme Court “has concluded that some restrictions on speech are constitutional, provided they survive the appropriate level of scrutiny.”
The law behind national security letters considers that disclosing the orders could result in danger to the national security of the US, interference with an investigation, interference with diplomatic relations; or danger to the life or physical safety of any person, the judges said in their opinion.
“We therefore conclude that the 2015 NSL law is narrowly tailored to serve a compelling government interest, both as to inclusiveness and duration,” the opinion said. “Accordingly, we hold that the nondisclosure requirement … survives strict scrutiny.”
Andrew Crocker, an attorney with EFF, said in a statement that he’s disappointed the court “failed to recognize that the NSL statute violates the free speech rights of technology companies that are required to turn over customer data to the FBI and banned indefinitely from ever publicly discussing the requests.”
He added that NSLs prevent companies from being open with their customers.
“Unfortunately, the Ninth Circuit avoided addressing the serious First Amendment problems with NSLs, particularly the fact that they are often left in place permanently,” Crocker said. “We’re considering our options for next steps in challenging this unconstitutional authority.”
CREDO and the FBI weren’t immediately available to comment. Cloudflare didn’t immediately have a comment.
NSLs were enabled by the USA Freedom Act, which passed in 2015. As part of the regulations, the FBI has to re-examine past NSLs and decide which can be declassified. Those started being reported by recipients a year ago.
Cloudflare and CREDO aren’t the only companies that have received NSLs. Apple in May disclosed that one of the thousands of security orders it’s received came in the Twitter disclosed in January that it received two from the FBI in the last two years that previously came with gag orders not to discuss them. Google, Yahoo and Cloudflare also have published NSLs received from the FBI, some dating back to 2013.. And
Reuters earlier reported on Monday’s ruling.
Intolerance on the Internet: Online abuse is as old as the internet and it’s only getting worse. It exacts a very real toll.
It’s Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.