By Ellen Nakashima
Washington Post Staff Writer
Tuesday, August 10, 2010; A02
For six years, Nicholas Merrill has lived in a surreal world of half-truths, where he could not tell even his fiancee, his closest friends or his mother that he is "John Doe" -- the man who filed the first-ever court challenge to the FBI's ability to obtain personal data on Americans without judicial approval.
Friends would mention the case when it was in the news and the normally outspoken Merrill would change the subject.
He would turn up at the federal courthouse to hear the arguments, and in an out-of-body moment he would realize that no one knew he was the plaintiff challenging the FBI's authority to issue "national security letters," as they are known, and its ability to impose a gag on the recipient.
Now, following the partial lifting of his gag order 11 days ago as a result of an FBI settlement, Merrill can speak openly for the first time about the experience, although he cannot disclose the full scope of the data demanded.
"To be honest, I'm having a hard time adjusting," said the 37-year-old Manhattan native. "I've spent so much time never talking about it. It's a weird feeling."
Civil liberties advocates hope that Merrill's case will inspire others who have received the FBI's letters and have concerns to come forward, and to inform the public debate on the proper scope of the government's ability to demand private data on Americans from Internet and other companies for counterterrorism and intelligence investigations.
"One of the most dangerous and troubling things about the FBI's national security letter powers is how much it has been shrouded in secrecy," said Melissa Goodman, a lawyer with the American Civil Liberties Union who helped Merrill sue the government in April 2004 and was one of only a handful of people outside the FBI -- all lawyers -- who knew Merrill had received a letter.
The government has long argued, as it did in this case, that "secrecy is often essential to the successful conduct of counterterrorism and counterintelligence investigations" and that public disclosure of the receipt of a letter "may pose serious risks to the investigation itself and to other national security interests." FBI spokesman Mike Kortan said, "The FBI needs the ability to protect investigations, sources and methods."
The recent request by the Obama administration to amend the law governing the letters has prompted debate in Congress over which types of electronic records should require a judge's permission before the FBI can seek them, and which types should not, as is the case with national security letters. A letter may be issued by a FBI field office supervisor if they think the data will be relevant to a terrorism probe.
The FBI between 2003 and 2006 issued more than 192,500 letters -- an average of almost 50,000 a year. The Justice Department inspector general in 2007 faulted the bureau for failing to adequately justify the issuance of such letters, though progress has been made in cleaning up the process.
On a cold February day in 2004, an FBI agent pulled an envelope out of his trench coat and handed it to Merrill, who ran an Internet startup called Calyx in New York. At the time, like most Americans, he had no idea what a national security letter was.
The letter requested that Merrill provide 16 categories of "electronic communication transactional records," including e-mail address, account number and billing information. Most of the other categories remain redacted by the FBI.
Two things, he said, "just leaped out at me." The first was the letter's prohibition against disclosure. The second was the absence of a judge's signature.
"It seemed to be acting like a search warrant, but it wasn't a search warrant signed by a judge," said Merrill. He said it seemed to him to violate the constitutional ban against unreasonable searches and seizures.
The letter said that the information was sought for an investigation against international terrorism or clandestine intelligence activities. Merrill said he thought it "outlandish" that any of his clients, many of whom were ad agencies and major companies as well as human-rights and other nonprofit groups, would be investigated for terrorism or espionage.
Although Merrill cannot further discuss the types of data sought, he said, "I wouldn't want the FBI to demand stuff like that about me without a warrant." The information an Internet company maintains on customers "can paint a really vivid picture of many private aspects of their life," he said, including whom they socialize with, what they read or write online and which Web sites they have visited.
Goodman said Merrill's letter "sought the name associated with a particular e-mail address" and other data that, in a criminal case, likely would require a court order.
Merrill confided in his lawyer, who suggested they turn to the ACLU. The civil liberties group decided to file a case, Doe v. Ashcroft, referring to then-Attorney General John Ashcroft.
The case yielded two significant rulings. The first was a September 2004 district court decision that the national security letter statute was unconstitutional, which prompted Congress to amend the law to allow a recipient to challenge the demand for records and the gag order. The second was a December 2008 appeals court decision that held that parts of the amended gag provisions violated the First Amendment and that, to avoid this, the FBI must prove to a court that disclosure would harm national security in cases where the recipient resists the gag order. Senior administration officials have said the FBI has adopted that ruling as policy.
The FBI withdrew its letter to Merrill in November 2006.