Justice Department Sues Telecom for Challenging National Security Letter

Photo: Gini/Flickr

Last year, when a telecommunications company received an ultra-secret demand letter from the FBI seeking information about a customer or customers, the telecom took an extraordinary step — it challenged the underlying authority of the FBI’s National Security Letter, as well as the legitimacy of the gag order that came with it.

Both challenges are allowed under a federal law that governs NSLs, a power greatly expanded under the Patriot Act that allows the government to get detailed information on Americans’ finances and communications without oversight from a judge. The FBI has issued hundreds of thousands of NSLs and been reprimanded for abusing them — though almost none of the requests have been challenged by the recipients.

After the telecom challenged its NSL last year, the Justice Department took its own extraordinary measure: It sued the company, arguing in court documents that the company was violating the law by challenging its authority.

That’s a pretty intense charge, according to Matt Zimmerman, an attorney for the Electronic Frontier Foundation, which is representing the anonymous telecom.

“It’s a huge deal to say you are in violation of federal law having to do with a national security investigation,” says Zimmerman. “That is extraordinarily aggressive from my standpoint. They’re saying you are violating the law by challenging our authority here.”

The government’s “Jabberwocky” argument – accusing the company of violating the law when it was actually complying with the law – appears in redacted court documents that were released on Wednesday by EFF with the government’s approval. Prior to their release, the organization provided them to the Wall Street Journal, which first reported on the case Tuesday night. The case is a significant challenge to the government and its efforts to obtain documents in a manner that the EFF says violates the First Amendment rights of free speech and association.

It’s only the second time that such a serious and fundamental challenge to NSLs has arisen. The first occurred in 2004 in the case of a small ISP owner named Nicholas Merrill, who challenged an NSL seeking info on an organization that was using his network. He asserted that customer records were constitutionally protected information.

But that issue never got a chance to play out in court before the government dropped its demand for documents.

With this new case, civil libertarians are getting a second opportunity to fight NSLs head-on in court.

NSLs are written demands from the FBI that compel internet service providers, credit companies, financial institutions and others to hand over confidential records about their customers, such as subscriber information, phone numbers and e-mail addresses, websites visited and more.

NSLs are a powerful tool because they do not require court approval, and they come with a built-in gag order, preventing recipients from disclosing to anyone that they have even received an NSL. An FBI agent looking into a possible anti-terrorism case can self-issue an NSL to a credit bureau, ISP or phone company with only the sign-off of the Special Agent in Charge of their office. The FBI has to merely assert that the information is “relevant” to an investigation into international terrorism or clandestine intelligence activities.

The lack of court oversight raises the possibility for extensive abuse of NSLs under the cover of secrecy, which the gag order only exacerbates. In 2007 a Justice Department Inspector General audit found that the FBI had indeed abused its authority and misused NSLs on many occasions. After 9/11, for example, the FBI paid multimillion-dollar contracts to AT&T and Verizon requiring the companies to station employees inside the FBI and to give these employees access to the telecom databases so they could immediately service FBI requests for telephone records. The IG found that the employees let FBI agents illegally look at customer records without paperwork and even wrote NSLs for the FBI.

Before Merrill filed his challenge to NSLs in 2004, ISPs and other companies that wanted to challenge NSLs had to file suit in secret in court – a burden that many were unwilling or unable to assume. But after he challenged the one he received, a court found that the never-ending, hard-to-challenge gag orders were unconstitutional, leading Congress to amend the law to allow recipients to challenge NSLs more easily as well as gag orders.

Now companies can simply notify the FBI in writing that they oppose the gag order, leaving the burden on the FBI to prove in court that disclosure of an NSL would harm a national security case. The case also led to changes in Justice Department procedures. Since Feb. 2009, NSLs must include express notification to recipients that they have a right to challenge the built-in gag order that prevents them from disclosing to anyone that the government is seeking customer records.

Few recipients, however, have ever used this right to challenge the letters or gag orders.

The FBI has sent out nearly 300,000 NSLs since 2000, about 50,000 of which have been sent out since the new policy for challenging NSL gag orders went into effect. Last year alone, the FBI sent out 16,511 NSLs requesting information pertaining to 7,201 U.S. persons, a technical term that includes citizens and legal aliens.

But in a 2010 letter (.pdf) from Attorney General Eric Holder to Senator Patrick Leahy (D-Vermont), Holder said that there had “been only four challenges,” and those involved challenges to the gag order, not to the fundamental legality of NSLs. At least one other challenge was filed earlier this year in a secret case revealed by Wired. But the party in that case challenged only the gag order, not the underlying authority of the NSL.

When recipients have challenged NSLs, the proceedings have occurred mostly in secret, with court documents either sealed or redacted heavily to cover the name of the recipient and other identifying details about the case.

The latest case is remarkable then for a number of reasons, among them the fact that a telecom challenged the NSL in the first place, and that EFF got the government to agree to release some of the documents to the public. The organization provided them to the Wall Street Journal, before releasing them on its web site, with the name of the telecom and other details redacted. The Journal, however, using details left in the court records, narrowed the likely plaintiffs down to one, a small San-Francisco-based telecom named Credo. The company’s CEO, Michael Kieschnick, didn’t confirm or deny that his company is the unidentified recipient of the NSL.

The case began sometime in 2011, when Credo or another telecom received an NSL from the FBI.

EFF filed a challenge on behalf of the telecom (.pdf) in May that year on First Amendment grounds, asserting first that the gag order amounted to unconstitutional prior restraint and, second, that the NSL statute itself “violates the anonymous speech and associational rights of Americans” by forcing companies to hand over data about their customers.

Instead of responding directly to that challenge and filing a motion to compel compliance in the way the Justice Department has responded to past challenges, government attorneys instead filed a lawsuit against the telecom, arguing that by refusing to comply with the NSL and hand over the information it was requesting, the telecom was violating the law, since it was “interfer[ing] with the United States’ vindication of its sovereign interests in law enforcement, counterintelligence, and protecting national security.”

They did this, even though courts have allowed recipients who challenge an NSL to withhold government-requested data until the court compels them to hand it over. The Justice Department argued in its lawsuit that recipients cannot use their legal right to challenge an individual NSL to contest the fundamental NSL law itself.

“It was eye-opening to us that they followed that approach,” Zimmerman says.

After heated negotiations with EFF, the Justice Department agreed to stay the civil suit and let the telecom’s challenge play out in court. The Justice Department subsequently filed a motion to compel in the challenge case, but has never dropped the civil suit.

“So there’s still this live complaint that they have refused to drop saying that our client was in violation of the law,” Zimmerman says, “presumably in the event that they lose, or something goes bad with the [challenge case].”

Justice Department spokesman Wyn Hornbuckle declined to comment on the case.

The redacted documents don’t indicate the exact information the government was seeking from the telecom, and EFF won’t disclose the details. But by way of general explanation, Zimmerman said that the NSL statute allows the government to compel an ISP or web site to hand over information about someone who posted anonymously to a message board or to compel a phone company to hand over “calling circle” information, that is, information about who has communicated with someone by phone.

An FBI agent could give a telecom a name or a phone number, for example, and ask for the numbers and identities of anyone who has communicated with that person. “They’re asking for association information – who do you hang out with, who do you communicate with, [in order] to get information about previously unknown people.

“That’s the fatal flaw with this [law],” Zimmerman says. “Once the FBI is able to do this snooping, to find out who Americans are communicating with and associating with, there’s no remedy that makes them whole after the fact. So there needs to be some process in place so the court has the ability ahead of time to step in [on behalf of Americans].”

It remains to be seen, however, whether that issue will finally get its day in court.

Megaupload Judge Steps Down After Declaring U.S. ‘the Enemy’

Kim Dotcom. Photo: Kim Dotcom

The New Zealand judge overseeing the extradition proceedings of accused file-sharing kingpin and Megaupload founder Kim Dotcom is recusing himself from the case after making a public remark that the United States was “the enemy.”

Auckland District Judge David Harvey was commenting at a copyright conference earlier this month when he said, “We have met the enemy, and he is (the) U.S.”

The court’s chief judge, Jan-Marie Doogue, said Wednesday that Harvey recognizes his comments “could reflect on his impartiality and that the appropriate response is for him to step down from the case.”

The U.S. government wants New Zealand to extradite Dotcom and Megaupload associates Mathias Ortmann, Bran van der Kolk and Finn Batato.

Among other things, the government is demanding New Zealand authorities send the four, who remain free on bail following their January arrest, to the United States to face trial on racketeering, money laundering, copyright infringement and other charges.

The United States claims Megaupload facilitated copyright infringement of movies, music, television programs, electronic books, and business and entertainment software on “a massive scale.” The government said Megaupload’s “estimated harm” to copyright holders was “well in excess of $500 million.”

An extradition hearing in New Zealand is not expected until March.

Here in the United States, Dotcom is is attempting to vacate orders that led to the seizure of Megaupload’s domain names, U.S.-based severs and $50 million in assets.

According to Dotcom, the only parties having been found so far to have violated the law in this case are New Zealand police, who a court found raided his house with an invalid order, and the FBI, which secretly made copies of Kim Dotcom’s computers and shipped them out of the country — contrary to court order.

Dotcom and Megaupload associates are seeking to break the legal impasse by offering last week to fly to the United States without an extradition hearing.

In return, Dotcom demands a fair trial guarantee and return of money to support their families and to pay legal fees, which are thought to be in the millions of dollars after several months of court battles.

YouTube Offers Face-Blurring Tool to Protect Dissidents

Saying it wanted to help to protect dissidents who appear in videos shared on YouTube, Google launched a tool Wednesday that can blur their faces in footage uploaded to its servers.

Google hopes the tool will encourage more people speaking out, though it was careful to call it only a “first step” towards providing safety to people who could face harsh repercussions from governments or drug cartel if they were identified in a video.

But the company says face-blurring doesn’t have to be just for protests.

“Whether you want to share sensitive protest footage without exposing the faces of the activists involved, or share the winning point in your 8-year-old’s basketball game without broadcasting the children’s faces to the world, our face blurring technology is a first step towards providing visual anonymity for video on YouTube,” wrote Amanda Conway, a YouTube policy associate in a separate blog post.

The technology looks similar to the technology Google introduced to prevent identification of people photographed by its Street View mapping cars, breaking faces into blurry blocks.

YouTube uploaders who choose to use the feature can check the video frame-by-frame to see if the blurring was effective or not. After applying the filter, the user is given the choice to delete the original from Google’s servers, the company said.

So-called Human Rights videos have been powerful ways to effect political change in recent years, including graphic videos from Syria and Egypt that have been used to get news out when reporters are barred from an area and to encourage growth of political movements.

Google warns that simply blurring faces isn’t always going to be enough to preserve anonymity from a determined foe, especially one that is capable of spying on the network used to share videos:

1. Assess your risk. You and the people you film may face risk by posting video online. You may risk your own safety and that of your subjects while filming sensitive footage, during the editing process, and when you distribute your film online. After assessing the vulnerability you and your subjects face, you can make more informed decisions about when to film, whether to distribute your footage, and how widely you want to share it.

2. Consider other information which may give away identity. Video footage of your face is not the only way someone can detect your identity. Other factors that may be caught on video can also identify you or your subjects. Watch out for vocal identifiers, like recognizable voices or saying someone’s name on camera. Other footage can give away identity like a license plate, a name tag, or even the background scenery. Make sure that the imagery in your videos does not give away information about your location or identity.

3. Protect yourself when uploading. Consider, for example, local laws that may allow authorities to track the mobile device from which you upload. In certain countries, merely purchasing a sim card puts users at risk of tracking by government.

The feature is found in Video Enhancements Tool under the additional features.

Pentagon, CIA Sued for Lethal Drone Attacks on U.S. Citizens

Armed MQ-9 Reaper drones like this one are used by both the U.S. military and the CIA. Photo: USAF

Survivors of three Americans killed by targeted drone attacks in Yemen last year sued top-ranking members of the United States government, alleging Wednesday they illegally killed the three, including a 16-year-old boy, in violation of international human rights law and the U.S. Constitution.

“The government has killed three Americans. It should account for its actions. This case gives us an opportunity to do that,” Jameel Jaffer, deputy legal director with the American Civil Liberties Union, said in a press call.

The suit, (.pdf) is being litigated by the Center for Constitutional Rights and the ACLU. It seeks unspecified damages and highlights the government’s so-called unmanned “targeted killing” program. The ACLU and the Center maintain the drone attacks have killed thousands, including hundreds of innocent bystanders overseas. (Other estimates of the campaign come to widely different conclusions.)

The suit, the first of its kind, alleges the United States was not engaged in an armed conflict with or within Yemen, prohibiting the use of lethal force unless “at the time it is applied, lethal force is a last resort to protect against a concrete, specific, and imminent threat of death or serious physical injury.” The case directly challenges the government’s decision to kill Americans without judicial scrutiny.

At bottom, Jaffer said, “the question is whether the government is justified in killing without charging them or trying them for anything.”

The suit is brought on behalf of Anwar Al-Awlaki, a radical cleric and a native of New Mexico. He was originally known for his incendiary blog and YouTube videos. But according to the Obama administration, Awlaki’s role morphed from marketer to operational planner and recruiter for al-Qaida in the Arabian Peninsula. U.S. authorities claim he had contacts with the 9/11 hijackers, the underwear bomber and others.

He was killed Sept. 30 last year. Also killed was Samir Khan, the editor of the English magazine Inspire, which allegedly was published by Al-Qaida in the Arabian Peninsula.

Two weeks later, the cleric’s 16-year-old son, Abdulrahman Al-Awlaki, was killed in a separate Yemen attack.

The defendants include Defense Secretary Leon Panetta, CIA Director David Petraeus, U.S. Navy Adm. William H. McRaven and U.S. Army Maj. Gen. Joseph Votel.

Citing U.S. officials, the Washington Post has reported that the son and Khan were not intended targets.

The Justice Department did not immediately respond for comment. The administration refuses to release the Justice Department memo that legally justifies targeting Americans, and according to the New York Times, President Obama approves or denies who gets added to the “kill list.”

But Attorney General Eric Holder said in a March speech at Northwestern University Law School that “Our legal authority is not limited to the battlefields in Afghanistan.” He said the legal authority Congress passed following the Sept. 11, 2001 terror attacks covers Yemen and Somalia, where other unmanned drone attacks have been carried out.

Holder said the administration takes action with “the consent of the nation involved or after a determination that the nation is unable or unwilling to deal effectively with a threat to the United States.”

In another suit, the ACLU is invoking the Freedom of Information Act seeking details of the government’s drone program. In that case, the CIA refuses to confirm or deny the covert military use of drones to kill suspected terrorists overseas.