Privacy By Design For Everyone

New York Times - Twitter Shines a Spotlight on Secret F.B.I. Subpoenas

New York Times - Twitter Shines a Spotlight on Secret F.B.I. Subpoenas

By Noam Cohen - The New York Times

The news that federal prosecutors have demanded that the microblogging site Twitter provide the account details of people connected to the WikiLeaks case, including its founder, Julian Assange, isn’t noteworthy because the government’s request was unusual or intrusive. It is noteworthy because it became public.

Even as Web sites, social networking services and telephone companies amass more and more information about their users, the government — in the course of conducting inquiries — has been able to look through much of the information without the knowledge of the people being investigated.

For the Twitter request, the government obtained a secret subpoena from a federal court. Twitter challenged the secrecy, not the subpoena itself, and won the right to inform the people whose records the government was seeking. WikiLeaks says it suspects that other large sites like Google and Facebook have received similar requests and simply went along with the government.

This kind of order is far more common than one may think, and in the case of terrorism and espionage investigations the government can issue them without a court order. The government says more than 50,000 of these requests, known as national security letters, are sent each year, but they come with gag orders that prevent those contacted from revealing what the agency has been seeking or even the existence of the gag orders.

“It’s a perfect example of how the government can use its broad powers to silence people,” said Nicholas Merrill, who was the first person to file a constitutional challenge against the use of national security letters, authorized by the USA Patriot Act. Until August, he was forbidden to acknowledge the existence of a 2004 letter that the company he founded, the Calyx Internet Access Corporation, received from the F.B.I.

Mr. Merrill is now free to speak about the request, but part of the gag order remains in place, and he is still barred from discussing what information he had been asked to provide. As a result, he said, before he gives a talk he consults a six-page guide prepared by his lawyers at the American Civil Liberties Union to be sure that he complies with the order to avoid risking a punishment of five years in prison.

The government cites national security as the reason the contents of the letters — even their existence — are kept secret. The F.B.I. is trying to prevent plots as they are being hatched, according to Valerie Caproni, the general counsel of the agency, and thus needs stealth.

In the case of a small Internet service provider like Calyx, which was located in downtown Manhattan and had hundreds of customers, even mentioning that the F.B.I. had been sniffing around could harm an investigation, she said, especially if “the target is antsy anyway.”

Mr. Merrill, a 38-year-old from Brooklyn who studied computer science and philosophy, said he created Calyx in 1994 when it was “really pretty easy, there wasn’t really any competition.” His clients included “dozens of nonprofit organizations and alternative media outlets.”

Mr. Merrill challenged the constitutionality of the letter he received in 2004, saying the request raised “red flags” of being politically motivated. As a result of his suit and two later ones, the law governing the letters has been overturned and then revised by Congress.

In 2007, the F.B.I.’s inspector general found that the agency had abused its own guidelines by including too many peripheral people in its searches. The letters now receive the “individualized scrutiny” of the agents who are filing them, Ms. Caponi said.

All sides agree that it has become significantly easier to challenge the letters’ requests as well as their secrecy. At the moment, there are no new challenges in the court system, the government and the A.C.L.U. say.

The program, whose use has “ticked up” a bit in recent years, Ms. Caproni said, is humming along. She added, however, that the government had become more selective about the types of companies to which it sent letters. “All other things being the same, one of the things investigators think about is, ‘Who are we serving this? Are they comfortable with this?’ ” she said. “Most of these N.S.L.’s are filed on large companies. Why would they want to disclose that? Most companies view it as good corporate citizenry.”

One critic of the law, former Senator Russ Feingold, said in a statement that it was long past time for Congress “to rein in the use of national security letters.”

“This is not a partisan issue,” Mr. Feingold said, “it is about the legislative branch providing an adequate check on the executive branch. Republicans advocating limited government should take a close look at these statutes and consider supporting changes.”

Mr. Merrill argues that the blanket gag orders have prevented a full public debate on the subject. He himself largely left the I.S.P. business in 2004, independent of his legal case, and only now has returned to hosting a couple of clients as part of a nonprofit project, the Calyx Institute, which aims to study how to protect consumers’ privacy.

Regarding the news about Twitter, he wrote in an e-mail: “I commend Twitter’s policy of notifying their customers of government requests for their private data and for their challenging and subsequently removing the gag order. This is a great example of the government’s misuse of secrecy provisions and of exemplary privacy ethics on behalf of Twitter.”

Ms. Caproni, who has testified before Congress about the program, said that it had been more than amply debated. “People at the A.C.L.U. and the press” think the letters are “a bigger deal than the companies.”

To one of Mr. Merrill’s A.C.L.U. lawyers, Jameel Jaffer, the smooth operation of the system is a sign that it is not working. The privacy rights at stake are not those of the companies who hold the information, Mr. Jaffer said, but “about people whose records are held.” And those people should be told, he said.

“People used to be the custodians of their own records, their own diaries. Now third parties are custodians of all that,” he said. “Everything you do online is entrusted to someone else — unless you want to go completely off the grid, and I’m not even sure that is possible.”

A version of this article appeared in print on January 10, 2011, on page B3 of the New York edition.