I have written before about the infamous National Security Letters that the government issues to people that demands not only that they turn over any information the government asks for but forbids the recipient from telling anyone, even their lawyers or spouses, that they even received such a letter. As a result, I had never even seen such a letter even though the government sent out 56,607 such letters in 2004 alone
But thanks to a few courageous individuals who challenged the government in court, we can now see one. Nick Merrill was the owner of a small webhosting company and he was one of those who got a letter in 2004 and you can see it at the above link.
Ten years later, Nick Merrill still can’t discuss the details of the data request that came hand delivered to him from the FBI. If he could, Merrill says, people would be shocked by the implications for their online privacy.
“I was terrified to talk to anyone about it,” Merrill said in the above excerpt from Part Two of the FRONTLINE investigation, United States of Secrets. “I didn’t call any of my colleagues. I didn’t speak to anyone about it.”
Merrill was not even sure he could discuss the letter with his attorney, but unconvinced the order was legal, he chose to challenge it on constitutional grounds.
The decision set Merrill apart. Until 2013, no major Internet or phone company is known to have questioned the constitutionality of a National Security Letter. And while revelations by former NSA contractor Edward Snowden have shown that tech companies have often aided government surveillance unwittingly, the industry’s broad compliance with NSLs underscores its frequent role as a partner.
Meanwhile, Ladar Levison explains why he shut his company encrypted email service company Lavabit (Edward Snowden was reportedly one of the company’s 410,000 clients) rather than comply with the government’s demands.
My legal saga started last summer with a knock at the door, behind which stood two federal agents ready to serve me with a court order requiring the installation of surveillance equipment on my company’s network.
I had no choice but to consent to the installation of their device, which would hand the US government access to all of the messages – to and from all of my customers – as they travelled between their email accounts other providers on the Internet.
But that wasn’t enough. The federal agents then claimed that their court order required me to surrender my company’s private encryption keys, and I balked. What they said they needed were customer passwords – which were sent securely – so that they could access the plain-text versions of messages from customers using my company’s encrypted storage feature. (The government would later claim they only made this demand because of my “noncompliance”.)
Bothered by what the agents were saying, I informed them that I would first need to read the order they had just delivered – and then consult with an attorney. The feds seemed surprised by my hesitation.
People have been so cowed down by this kind of naked display of government power that the authorities expect everyone to meekly comply with any demand they make. And as we have come to know, they want complete access to all our information, irrespective of whether we are suspected of having any connection to any crime.
The largest technological question we raised in our appeal (which the courts refused to consider) was what constitutes a “search”, i.e., whether law enforcement can demand the encryption keys of a business and use those keys to inspect the private communications of every customer, even when the court has only authorized them to access information belonging to specific targets.
The problem here is technological: until any communication has been decrypted and the contents parsed, it is currently impossible for a surveillance device to determine which network connections belong to any given suspect. The government argued that, since the “inspection” of the data was to be carried out by a machine, they were exempt from the normal search-and-seizure protections of the Fourth Amendment.
More importantly for my case, the prosecution also argued that my users had no expectation of privacy, even though the service I provided – encryption – is designed for users’ privacy.
Levinson found himself trapped in a system in which even the courts did not give him the leeway to argue that his and his clients’ rights were being violated. So he decided that the only way to carry out his promise to preserve his clients’ confidentiality was to shut the company down. He tells us what he learned from his experience
If my experience serves any purpose, it is to illustrate what most already know: courts must not be allowed to consider matters of great importance under the shroud of secrecy, lest we find ourselves summarily deprived of meaningful due process. If we allow our government to continue operating in secret, it is only a matter of time before you or a loved one find yourself in a position like I did – standing in a secret courtroom, alone, and without any of the meaningful protections that were always supposed to be the people’s defense against an abuse of the state’s power.
The government should not be allowed to force people to not even tell what the government has asked them to do and to deny them the right to go to court to protest the government’s actions. That type of government secrecy is a menace to democracy.