The FBI used National Security Letters -- a form of surveillance that privacy watchdogs call "frightening and invasive" -- to surreptitiously seek information on Google users, the web giant has just revealed.
Google’s disclosure is "an unprecedented win for transparency," privacy experts said Wednesday. But it’s just one small step forward.
"Serious concerns and questions remain about the use of NSLs," the Electronic Frontier Foundation’s Dan Auerbach and Eva Galperin wrote. For one thing, the agency issued 16,511 National Security Letters in 2011, the last year for which data was available. But Google was gagged from saying just how many letters it received -- leaving key questions unanswered.
"The terrorists apparently would win if Google told you the exact number of times the Federal Bureau of Investigation invoked a secret process to extract data about the media giant’s customers," Wired’s David Kravets wrote. He described the FBI's use of NSLs as a way of "secretly spying" on Google's customers.
National Security Letters are a means for the FBI to obtain information on people from telecommunications companies, authorized by the Electronic Communications Privacy Act (ECPA) and expanded under the Patriot Act. It lets the agency seek information on a subscriber to a wire or electronic communications service, although not things like the content of their emails or search queries, Google said.
And thanks to secrecy constraints built into NSLs, companies that receive them usually aren’t even allowed to acknowledge the request for information. Citing such extreme secrecy, privacy experts have decried the use of these letters in the past.
"Of all the dangerous government surveillance powers that were expanded by the USA PATRIOT Act, the National Security Letter (NSL) power … is one of the most frightening and invasive," the EFF wrote. "These letters … allow the FBI to secretly demand data about ordinary American citizens' private communications and Internet activity without any meaningful oversight or prior judicial review."
Thanks to negotiations with the government, Google finally opened the smallest chink in the armor, allowing the search giant to reveal the fact that it had received these requests for data, as well as some general information about them.
"Visit our page on user data requests in the U.S. and you’ll see, in broad strokes, how many NSLs for user data Google receives, as well as the number of accounts in question," Richard Salgado, Google’s legal director of law enforcement and information security, wrote in a Tuesday blog post.
A new table posted to Google’s Transparency Report site outlines the details; it tabulates how many requests for information the company has received over each of the past four years: some undisclosed number between 0 and 999. With those NSLs, the FBI sought information on somewhere between 1,000 and 1,999 users/accounts.
"People don’t always use our services for good, and it’s important that law enforcement be able to investigate illegal activity," Salgado wrote.
No other technology company presently disclose such basic information about government requests, experts noted.