> Over 300,000 NSLs have been issued in the past 10 years alone. The most NSLs issued in a single year was 56,507 in 2004. In 2013, President Obama’s Intelligence Review Group reported; that the government continues to issue an average of nearly 60 NSLs every day. By contrast, in 2000 (the year before the passage of the USA PATRIOT Act that loosened NSL standards), 8,500 NSLs were issued.<p>[<a href="https://www.eff.org/issues/national-security-letters/faq#5" rel="nofollow">https://www.eff.org/issues/national-security-letters/faq#5</a>]<p>* - formatting
> we have been freed of nondisclosure obligations.<p>> the Act restricts the use of indefinite gag restrictions that prevent providers from ever notifying customers<p>Did Google say anywhere in that blog post that they've notified the users the NSLs were targeted at?<p>EDIT: no, but from the TC article[1]<p>> A Google spokesperson said the usernames were redacted to protect user privacy and that the targeted individuals had been notified.<p>[1] <a href="https://techcrunch.com/2016/12/13/google-national-security-letters/" rel="nofollow">https://techcrunch.com/2016/12/13/google-national-security-l...</a>
The interesting aspect of NSLs to me has always been authentication. One gets a fax, and one faxes some crap back? Trivially hackable. One contacts the phone number listed on the NSL? Ditto. How difficult would it be for the Chinese or the Russians to slide in their own "NSL" in the 30K / year "legitimate" ones?<p>In fact the feds make it intentionally difficult to authenticate requests; for instance they prohibit taking copies of federal IDs, they often won't submit them for actual inspection, and they have no directory of employees to consult. If one wants to confirm that one is speaking to a bona fide FBI agent you're looking at minimum an hour in phone tag, and then there is the issue of if they are relating a bona fide request or going off the reservation.
Tangential: it always annoys me how difficult it is to highlight text in a Google blog post and look it up. Drag doesn't work and right click clears the selection. My only working approach is highlight and hit menu key.
From the statute (and in the letters):<p>> the information sought is relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution of the United States.<p>Of course they could still lie but you can't be investigated just for your protected speech. Not defending the whole thing, but didn't realize that requirement until now.<p>[edit: formatting]
It's interesting that most of these are only for:<p>>>...name, address, length of service, and electronic communications transactional records for all services, as well as accounts...<p>Makes me think they would submit two requests: one for metadata and one for content. This would allow them to let google publish more "innocuous" letters while continue to gag order letters where they request more intrusive information.<p>Would love to hear the opinion, however, of someone who unlike myself knows what they are talking about.
Interesting. As a service provider (hosting) we have received many "court orders" that are very similar to these NSLs... but they were not NSLs. Now that I see these NSLs, I am not that freaked out by them. I'm not sure of all the hub bub, at least for these particular NSLs. The scope of these is basically limited to identifying the user. These specifically say to <i>not</i> provide content of the account to the FBI. The not-NSL court orders we have received have included verbage to not disclose the request to the subject of the request.<p>I thought NSLs were supposedly non-contestible, broad and were for communication detail. These don't seem to be any if that.<p>The requests we have received have been from a variety of organizations (but signed by a magistrate) ranging from local law enforcement to three letter acronyms and one entity that is neither. While the requests don't say why the order is being issued, we usually receive a call from the agent/detective beforehand and dialog ensues in which they explain what's going on.<p>While many companies will just give the info, we scrutinize the request and ask the agent/detective politely and apologetically that we can help, but only if they acquire a court order. We have caught not-legitimate requests before, so we verify the request is legit before responding. We have never been asked for content of communications. If Google is not doing the same thing... oof. Just as a matter of process I assume they do. I recall in the past some networks having right in their WHOIS info, how/where Law Enforcement can send FAX requests.
They redacted the NSL letter number on the top left of the second pages, but kept the file reference number "In reply, please refer to NSL 10-272979" both in the address box on first page and the name of the PDF file.
I only looked at one of them, but it seems that these are able to be released as they have the same illegal language as the Internet Archive release. Their language makes it sound like they were released due to the government being forced to review if they should be upheld.
Has anyone on HN ever been notified by Google/Yahoo/other that they were the subject of an NSL? I wonder if the people most likely to care about that are unlikely to ever be targeted?
> In 2015, Congress passed the USA Freedom Act<p>Really?! That is a terrible name for a piece of legislation - it says <i>nothing</i> - even before you consider that it was messing with gag orders about executive overreach.
This is probably a better link: <a href="https://blog.google/topics/public-policy/sharing-national-security-letters-public/" rel="nofollow">https://blog.google/topics/public-policy/sharing-national-se...</a>