A U.S. federal appeals court on Monday upheld nondisclosure rules that allow the FBI to secretly issue surveillance orders for customer data to communications firms, a ruling that dealt a blow to privacy advocates.
A unanimous three-judge panel on the 9th U.S. Circuit Court of Appeals in San Francisco sided with a lower court ruling in finding that rules permitting the FBI to send national security letters under gag orders are appropriate and do not violate the First Amendment of the U.S. Constitution’s free speech protections.
Content distribution firm CloudFlare and phone network operator CREDO Mobile had sued the government in order to notify customers of five national security letters received between 2011 and 2013.
Andrew Crocker, an attorney for the Electronic Frontier Foundation, which represented the companies in the consolidated case, said no immediate decision whether to appeal to the U.S. Supreme Court had been made. He called the ruling disappointing.
Several major technology firms, including Microsoft and Twitter, have mounted a variety of legal challenges in recent years to U.S. government restrictions limiting what they can disclose, both to affected users and to the public, about the surveillance requests they receive.
National security letters, or NSLs, are a type of government subpoena for communications data sent to service providers. They are usually issued with a gag order, meaning the target is often unaware that records are being accessed, and they do not require a warrant.
Tens of thousands of NSLs are issued annually, and some gag orders last indefinitely.
Writing for the panel, Judge Sandra Ikuta said the gag orders meet a compelling U.S. government interest, are sufficiently narrow and allow for appropriate judicial review.
Ikuta, appointed by former Republican President George W. Bush, said recent changes to the law passed by Congress in 2015 bolstered oversight of NSL use.
The FBI’s use of NSLs has drawn increased scrutiny from privacy groups in recent years as new transparency laws have allowed companies to publish some of them.
In June of last year the U.S. Senate narrowly rejected a Republican-backed proposal to expand the kinds of telephone and internet records the FBI could request under an NSL to include senders and recipients of emails, some information about websites a person visits and social media log-in data.
The legislation failed, but lawmakers have said they intend to pursue the expansion again.