Did FBI overstep its bounds in requesting information from Twitter?

The FBI regularly issues secret National Security Letters that require companies to release information about their users without a warrant.

On Friday, Twitter published two FBI National Security Letters (NSLs) that requested information on specific users in 2015 and 2016. The release of the NSLs marked the first time the FBI allowed the company to publish any such requests. 

Twitter joins companies like Google, Yahoo, and the Internet Archive in publishing NSLs in an effort to promote transparency within their organizations and shed light on the NSLs themselves, which some criticize as overstepping the FBI's legal boundaries.

The release of various NSLs in recent months has been hailed by privacy advocates and tech officials as a step in the right direction against the information requests, which do not require a warrant to be implemented. NSLs do not require the persons under scrutiny to be informed of the information request, and are often supported by gag orders that prevent the companies from discussing in any kind of detail the requests they do receive.

According to a written statement by Elizabeth Banker, associate general counsel at Twitter, the two individuals under investigation per the newly-released NSLs have now been informed of the information requests. From one account, the FBI wanted information dating as far back as 2014 to the present (as of 2015); from the other, information from the inception of the account to the present (as of 2016). Specifically, the requests asked for "the name, address, length of service, and electronic communications transactional records for all services provide to the individual" listed by the NSL.

The NSLs also stated, however, that Twitter should not provide any information that would "disclose the content of any electronic communications" between individuals.

National Security Letters have been available to the FBI since the 1970s. The requests are "an extraordinary search procedure that gives the FBI the power to compel the disclosure of customer records held by banks, telephone companies, Internet Service Providers, and others," according to the Electronic Privacy Information Center. 

"While the actual NSLs request a large amount of data, Twitter provides a very limited set of data in response to NSLs consistent with federal law and interpretive guidance from the U.S. Department of Justice," Banker said in the statement.

Since NSLs are kept secret under gag orders and do not require a warrant, they are difficult to oversee. And in the years since Sept. 11, 2001, the use of NSLs has been on the rise, particularly for technology companies. Every year, the FBI issues tens of thousands of the requests.

In December, Google was also able to release some of its NSLs to the public. As Steven Porter previously reported for The Christian Science Monitor:

The Federal Bureau of Investigation, which issued the secret subpoena-like requests for digital records between 2010 and 2015, gave the company permission in October to make the records public, lifting nondisclosure requirements that had legally prevented Google from even acknowledging publicly that the letters exist. Privacy advocates praised the news as a positive, albeit modest, step toward protecting free speech by reining in government surveillance.

"It’s a small amount of progress," Andrew Crocker, staff attorney for the Electronic Frontier Foundation (EFF), tells The Christian Science Monitor in a phone interview. "It’s only eight out of tens of thousands, really hundreds of thousands over the course of the years that FBI has been using these in this way."

In 2008, a legal memo from the Justice Department limited the use of NSLs, saying the practice should be confined to phone billing records. Privacy advocates have taken the few public releases of NSLs to indicate that the FBI regularly oversteps these bounds with its informational requests, with Google alone reporting that it has received around 2,000 letters since 2009.

Twitter is similarly critical of NSL practices, but has fought it in court against the US government, arguing that gag orders violate the company's First Amendment rights to provide its users with specific information about the requests. Releasing the two letters is a step in that direction, says Banker, but only a small one.

"We continue to believe that reporting in government-mandated bands does not provide meaningful transparency to the public or those using our service," she said in the statement.

The two NSLs are now available to the public online, with some information redacted for reasons of privacy. 

This article contains material from Reuters.