The new documents, released through a Freedom of Information Act lawsuit by the Electronic Frontier Foundation, a civil liberties group, underscore ongoing questions about the effectiveness of a 2015 law designed, in part, to bring some transparency to the issuing and enforcing of NSLs.
Atop the list of companies the documents show received NSLs are credit agencies Equifax, Experian and TransUnion; telecommunications providers AT&T, T-Mobile and Verizon; financial services companies Bank of America, Western Union and Capital One; and technology companies Google, Microsoft and Facebook. Some received dozens; others, just a few.
None of the companies commented Friday on the disclosures aside from saying that they comply with the requirements of NSLs, as mandated by law. The law specifically permits the FBI to issue NSLs to companies in these industries. The New York Times first reported on the publication of the new documents by EFF on Friday.
Some of the technology companies have been public about their receipt of NSLs and, in some cases, have published redacted versions of the letters to raise awareness of the practice, released tabulations of their numbers in regular reports or fought the gag orders in court.
Companies in other industries, such as telecommunications and banking, typically have complied with the demands for information, which government officials have said are crucial to pursuing investigations of terrorism or intelligence matters.
Hundreds of thousands of NSLs have been issued since the 9/11 attacks, which prompted an expansion in the government’s collection of evidence from records kept by private companies.
The documents released by EFF included more than 750 “termination letters” that lifted the gag orders on companies that had received NSLs. The letters were produced during an FBI review of its NSL gag orders, as directed by the 2015 law. The bureau considered nearly 12,000 gag orders during its review and ordered that they be lifted in 6 percent of them, records show. The FBI, which declined to comment on the documents, issues thousands of new NSLs each year.
“They’re sending these out faster than they are removing them,” said Andrew Crocker, a senior staff attorney for EFF, based in San Francisco. “So that’s a recipe for increasing the amount of secrecy, not decreasing it.”
NSLs are written directives from the FBI demanding confidential communication or financial transaction records. They are used most often to obtain records of telephone and electronic communications but also to get financial records and consumer credit information.
While NSLs date to the 1980s, the FBI’s use of them as an investigative tool spiked after the 2001 terrorist attacks.
The push to overhaul the use of NSLs grew out of the broad public backlash to revelations by former National Security Agency contractor Edward Snowden in 2013. His trove of internal NSA documents showed how the government’s sweeping surveillance systems collected data whenever people worldwide — and in some situations, U.S. citizens — shared emails, chatted on the phone or engaged with video calls with loved ones.
NSLs, compared with the NSA’s technological data collection tools, are a more targeted way to gather information but have long drawn complaints from privacy and civil-liberties advocates because of their lack of judicial oversight and transparency. Search warrants require approval from a judge to establish probable cause. The legal standard for NSLs is lower: The records being sought must be considered relevant to an investigation.
Officials defending NSLs say they allow investigators to follow leads in sensitive cases without targets knowing that they are under suspicion — a tactic that can potentially increase the possibility of arrest or even head off violent attacks.