Google Shines the Light On Shadowy National Security Letters


Internet giant Google is breaking the rules of National Security letters (NSL). These letters are a large part of government data surveillance. These FBI requests for user’s private information come complete with a gag orders. The first role any company that receives an NSL is that it doesn’t talk about receiving an NSL.

On Tuesday, Google released their transparency report titled Shedding more like one National Security letters. Google legal director Richard Salgato writes, “Our users trust Google with a lot of very important data, whether it’s emails, photos, documents, posts or videos. We work exceptionally hard to keep that information safe—hiring some of the best security experts in the world, investing millions of dollars in technology and baking security protections such as 2-step verification into our products.”

“Of course,” he continues, “people don’t always use our services for good, and it’s important that law enforcement be able to investigate illegal activity. This may involve requests for personal information. When we receive these requests, we:

  • scrutinize them carefully to ensure they satisfy the law and our policies; 
  • seek to narrow requests that are overly broad; 
  • notify users when appropriate so they can contact the entity requesting the information or consult a lawyer; 
  • And require that government agencies use a search warrant if they’re seeking search query information or private content, like Gmail and documents, stored in a Google Account. ”

“When conducting national security investigations, the U.S. Federal Bureau of Investigation can issue a National Security Letter (NSL) to obtain identifying information about a subscriber from telephone and Internet companies,” Salgato continued. “The FBI has the authority to prohibit companies from talking about these requests. But we’ve been trying to find a way to provide more information about the NSLs we get—particularly as people have voiced concerns about the increase in their use since 9/11.”

take our poll – story continues below Completing this poll grants you access to Freedom Outpost updates free of charge. You may opt out at anytime. You also agree to this site’s Privacy Policy and Terms of Use.

Google confirmed that they would begin including data about NSLs in their Transparency Report, beginning March 5, 2013. You can visit their page on user data requests in the U.S. and see how many NSLs for user data Google receives, as well as the number of accounts in question. Additionally, Google has provided a Frequently Asked Questions page regarding NSLs.

Andy Greenberg at Forbes writes:

In the second half of 2012, for instance, Google says that it received requests for at least some data from 14,791 accounts. More than 10,000 of those users were targeted with subpoenas, and another 3,000 had their information requested with a search warrant.

But Google previously labeled another 1,249 accounts as having had their data requested by “other” means. With more than a thousand users affected by NSLs sent to Google in 2012, it seems a significant chunk of those users had their data taken from Google’s servers using the FBI’s un-discussable letters.

The Electronic Frontier Foundation reports on the dangers of government surveillance powers:

Of all the dangerous government surveillance powers that were expanded by the USA PATRIOT Act the National Security Letter (NSL) power under 18 U.S.C. § 2709 as expanded by PATRIOT Section 505 is one of the most frightening and invasive. These letters served on communications service providers like phone companies and ISPs allow the FBI to secretly demand data about ordinary American citizens’ private communications and Internet activity without any meaningful oversight or prior judicial review. Recipients of NSLs are subject to a gag order that forbids them from ever revealing the letters’ existence to their coworkers to their friends or even to their family members much less the public.

The FBI’s systemic abuse of this power has been documented both by a Department Of Justice investigation and in documents obtained by EFF through a Freedom of Information Act request.

EFF has fought for years to spread awareness of National Security Letters and add accountability and oversight to the process.

CATO’s Julian Sanchez writes, “It’s illuminating to compare the minimum number of users affected by NSLs each year to the numbers we find in the government’s official annual reports. In 2011—the last year for which we have a tally—the Justice Department acknowledged issuing 16,511 NSLs seeking information about U.S. persons, with a total of 7,201 Americans’ information thus obtained. That’s actually down from a staggering 14,212 Americans whose information DOJ reported obtaining via NSL the previous year. Remember, this total includes National Security Letters issued not just to all telecommunications providers—including online services like Google, broadband Internet companies, and cell phone carriers—but also “financial institutions,” which are defined broadly to include a vast array of businesses beyond such obvious candidates as banks and credit card companies.”

What ought to leap out at you here is the magnitude of Google’s tally relative to that total: They got requests affecting at least 1,000 users in a year when DOJ reports just over 7,000 Americans affected by all NSLs—and it seems impossible that Google could account for anywhere remotely near a seventh of all NSL requests. Google, of course, is not limiting their tally to requests for information about Americans, which may explain part of the gap—but we know that, at least of a few years ago, the substantial majority of NSLs targeted Americans, and the proportion of the total targeting Americans was increasing year after year. As of 2006, for instance, 57 percent of NSL requests were for information about U.S. persons. So even if we reduce Google’s minimum proportionately, that seems awfully high.

“There’s a simple enough explanation for this apparent discrepancy,” writes Sanchez. ” The numbers DOJ reports each year explicitly exclude NSL requests for ‘basic subscriber information,’ meaning the ‘name, address, and length of service’ associated with an account, and only count more expansive requests that also demand more detailed ‘electronic communications transactional records’ that are ‘parallel to’ the ‘toll billing records’ maintained by traditional phone companies.”

“But the obvious inference from comparing these numbers, unless Google gets a completely implausibly disproportionate percentage of total NSLs, is that the overwhelming majority of NSLs are just such “basic subscriber information” requests, and that the total number of Americans affected by all NSLs is thus vastly, vastly larger than the official numbers would suggest,” Sanchez concludes.

In the end, what Google does not specify clearly is what information does fall into the category of “toll billing records.” More than likely, the information covered would be similar to that found on the phone bill. In other words, this would be who is communicating with whom the emails or instant messaging. Presumably, these kinds of requests are so limited in scope that they don’t pose civil liberty concerns. However, this was the means used to strip away that digital anonymity of the biographer of CIA director David Petraeus, Paula Broadwell.

Therefore, those engaging in activity using Google’s Service should be aware of privacy issues and how act accordingly, because it is quite apparent that not all of these requests are done “by the book” and it seems that the Constitution gets trampled in certain instances by the very people who have taken an oath to support and defend it.

Don’t forget to Like Freedom Outpost on Facebook and Twitter, and follow our friends at