In a case that’s lasted more than a decade, a court filing released Monday showed how the FBI used secret interpretations to determine the scope of national security letters (NSLs).
Nicholas Merrill, founder of internet provider Calyx Internet Access, who brought the 11-year-old case to court after his company was served a national security letter, won the case earlier this year.
National security letters are almost always bundled with a gag order, preventing Merrill from speaking freely about the letter he received.
While it was known that national security letters can demand customer and user data, it wasn’t known exactly what.
In a statement on Monday, Merrill revealed the FBI has used its authority to force companies and individuals to turn over complete web browsing history; the IP addresses of everyone a person has corresponded with; online purchase information, and also cell-site location information, which he said can be used to turn a person’s phone into a “location tracking device.”
According to a release, the FBI can also force a company to release postal addresses, email addresses, and “any other information which [is] considered to be an electronic communication transactional record.”
Merrill said in remarks: “The FBI has interpreted its NSL authority to encompass the websites we read, the web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs.”
Federal district judge Victor Marrero described in his decision that the FBI’s position was “extreme and overly broad.”
He also found that the FBI’s overbroad gag order on Mr. Merrill “implicates serious issues, both with respect to the First Amendment and accountability of the government to the people.”
Merrill is the first person who has succeeded in completely lifting a national security letter gag order.
The Patriot Act expanded the reach of national security letters when it was signed into law a month after the September 11 attacks in 2001.
More than ten thousand national security letters are issued by the FBI every year, without a warrant or judicial oversight.
These letters have been surrounded with controversy for years, leading to many unsuccessful attempts to litigate against them. Major companies, including Google, have challenged national security letters, with little luck. Microsoft recently challenged an order, which led to the FBI to withdraw the demand.
In 2008, a US court found the National Security Letter statute, amended by the Patriot Act in 2001, was unconstitutional.
In a separate case in 2013, the gag order provision was found to be in breach of the First Amendment. The government appealed the ruling.