WSJ: Google: FBI Sought Data on Thousands of Accounts Without a Warrant

http://blogs.wsj.com/digits/2013/03/05/google-fbi-sought-data-on-thousands-of-accounts-without-a-warrant/

March 5, 2013

Google: FBI Sought Data on Thousands of Accounts Without a Warrant

By Jennifer Valentino-DeVries

The Federal Bureau of Investigation made warrantless requests for data on at least 1,000 Google accounts last year, using a controversial and secretive technique known as a "national security letter," Google said Tuesday.

These letters allow the government to seek financial, phone and Internet data without going before a judge or grand jury, if it's relevant to a national security investigation. NSLs are typically subject to gag orders so strict that companies can't even acknowledge getting such letters at all.

The secrecy surrounding national security letters means that Google's report [1] is remarkable even though it provides only vague information; the search giant is the first Internet company to reveal such data.

Google said it received between zero and 999 NSLs in 2012 and that the letters sought information on a total of 1,000 to 1,999 users or accounts. (The number of users suggests Google got at least one NSL last year, not zero, but the company wouldn't comment beyond its report.)

The company also gave similar numbers back to 2009, saying it received between zero and 999 letters each year. In 2010, the letters sought information on more users -- between 2,000 and 2,999 that year, Google said.

The company said it reported ranges rather than exact numbers "to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations."

A Justice Department spokesman declined to comment on the Google report.

Google also for the first time laid out [2] some of its policy for responding to NSLs, saying it does not believe the FBI can use the letters to obtain "Gmail content, search queries, YouTube videos or user IP addresses."

The FBI last year disclosed parts of its templates [3] for NSLs, which indicated that requests for electronic information involve "transaction/activity logs" and email "header information." This includes things such as the "to" and "from" lines of a message.

Several of the FBI's NSL templates included a list of specific items that "may be considered" by companies to be responsive to the requests. The list for electronic data had 13 bullet points, but the information next to those was redacted.

It's still not clear what most other companies' policies are Facebook told the Journal last year that it interpreted the law as applied to Facebook "to require the production of only two categories of information: name and length of service." At the time, Twitter and Google simply said they comply with "valid legal process," and Verizon and AT&T sa id they don't comment on national security matters at all.

[1] http://googleblog.blogspot.com/2013/03/transparency-report-shedding-more-light.html

[2] https://www.google.com/transparencyreport/userdatarequests/faq/

[3] http://blogs.wsj.com/digits/2012/06/27/the-fbis-secret-surveillance-letters-to-tech-companies/