In a disappointing opinion issued on Monday, the Ninth Circuit upheld the national security letter (NSL) statute against a First Amendment challenge brought by EFF on behalf of our clients CREDO Mobile and Cloudflare. We applaud our clients’ courage as part of a years-long court battle, conducted largely under seal and in secret.
We strongly disagree with the opinion and are weighing how to proceed in the case. Even though this ruling is disappointing, together EFF and our clients achieved a great deal over the past six years. The lawsuit spurred Congress to amend the law, and our advocacy related to the case caused leading tech companies to also challenge NSLs. Along the way, the government went from fighting to keep every single NSL gag order in place to the point where many have been lifted, some in whole and many in part. That includes this case, of course, where we can now proudly tell the names of our clients to the world.
No matter what happens with these particular lawsuits, we are not done fighting unconstitutional use of NSLs and similar laws.
Making sense of a disappointing ruling
National security letters are a kind of subpoena issued by the FBI to communications service providers like our clients to force them to turn over customer records. NSLs nearly always contain gag orders preventing recipients from telling anyone about these surveillance requests, all without any mandatory court oversight. As a result, the Internet and communications companies that we all trust with our most sensitive information cannot be truthful with their customers and the public about the scope of government surveillance.
NSL gags are perfect examples of “prior restraints,” government orders prohibiting speech rather than punishing it after the fact. The First Amendment embodies the Founders’ strong distrust of prior restraints as powerful censorship tools, and the Supreme Court has repeatedly said they are presumptively unconstitutional unless they meet the “most exacting” judicial scrutiny. Similarly, because NSLs prevent recipients from talking about the FBI’s request for customer data, they are content-based restrictions on speech, which are subject to strict scrutiny. So NSL gags ought to be put to the strictest of First Amendment tests.
Unfortunately, the Ninth Circuit questioned whether NSLs are prior restraints at all. And although the court did acknowledge they are separately content-based restrictions on speech, it said the law is narrowly tailored even though it plainly allows censorship that is broader in scope and longer in duration than the government actually needs. As a result, the court held the government’s interest in national security overcomes any First Amendment interests at stake.
The ruling is seriously flawed.
In order to find that the law satisfied strict scrutiny, the court overlooked both the overinclusiveness and indefinite duration of NSL gag orders. Narrow tailoring requires that a restriction on speech be fitted carefully to just what the government needs to protect its investigation and that no less speech-restrictive alternatives are available.
But NSLs are often wildly overinclusive. For example, they prevent even a company with millions of users like Cloudflare from simply saying it has received an NSL, on the theory that individual users engaged in terrorism or espionage might somehow infer from that fact alone that the government is on their trail.
The court admitted that a blanket gag in this scenario might well be overinclusive, but it simply deferred to the FBI’s decisionmaking. But of course, under the First Amendment, decisions about censorship aren’t supposed to be left to officials whose “business is to censor.” And here, we know that NSLs routinely issue to big tech companies with large numbers of users like both Cloudflare and CREDO, and only in rare circumstances does the FBI allow these companies to report on specific NSLs they’ve received.
Similarly, the FBI often leaves NSL gags in place indefinitely, sometimes even permanently. Indeed, the FBI has told our client CREDO that one of the NSLs in the case is now permanent, and the Bureau will not further revisit the gag it imposed to determine whether it still serves national security. Here again, the court acknowledged that at the least, narrow tailoring requires a gag “must terminate when it no longer serves” the government’s national security interests. But instead of applying the First Amendment’s narrow tailoring requirement, the court declined to “quibble” with the censoring agency, the FBI, and its loophole-ridden internal procedures for reviewing NSLs. Nevertheless, these procedures “do not resolve the duration issue entirely,” as the Ninth Circuit understatedly put it, since they may still produce permanent gags, as with CREDO. As a result, the court suggested that NSL recipients can repeatedly challenge permanent gags until they’re finally lifted.
The problem of prior restraints and judicial review
However, that points to the other fundamental problem with NSLs: they are issued without any mandatory court oversight. As discussed above, prior restraints are almost never constitutional. The Supreme Court has said that even in the rare circumstance when prior restraints can be justified, they must be approved by a neutral court, not just an executive official. But the NSL statute doesn’t require a court to be involved in all cases; instead, judicial review takes place only if NSL recipients file a lawsuit, like our clients did, or if they ask the government to go to court to review the gag using a procedure known as “reciprocal notice.”
The Ninth Circuit had two responses to this lack of judicial oversight.
First, it wrongly suggested the law of prior restraints simply does not apply here. The theory is that unlike cases involving newspapers that are prevented from publishing, NSL recipients haven’t shown a preexisting desire to speak, and when they do, they’re asking to publish information they supposedly learned from the government. But as we pointed out, that’s inconsistent with case law that says, for instance, that witnesses at grand jury proceedings—which are historically both secret and subject to court oversight—cannot be indefinitely gagged from talking about their own testimony. NSL gags go much further.
Second, the court suggested that even though the burden is on NSL recipients to challenge gags, this is a “de minimis” burden that doesn’t violate the First Amendment. When Congress passed the USA FREEDOM Act in 2015, it gave recipients the option of invoking reciprocal notice and asking the government to go to court rather than filing their own lawsuit. That’s simply not good enough; the First Amendment requires the government be the one to go to court to prove to a judge it actually requires an NSL accompanied by a gag. Not to mention that forcing companies that receive NSLs to fight them in court and defend user privacy may actually be a heavy burden.
Big progress nonetheless
Despite these considerable errors in the Ninth Circuit’s opinion, we shouldn’t lose sight of progress made along the way. Nearly all of the features of the NSL statute that the court pointed to as saving graces of the law—the FBI’s internal review procedures and the option for reciprocal notice most notably—exist only because Congress stepped in during our lawsuit to amend the law.
So what’s left to providers that receive NSLs? Push back on the gags early and often. The “reciprocal notice” process, which the government says only requires a short letter or a phone call, should be done as a matter of course for any company receiving an NSL. And since the Ninth Circuit said that courts retain the ability to re-evaluate the gags as long as they remain in place, gagged providers should ask a court to step in and make sure the FBI can still prove the need for the gag—potentially over and over—until the gag is finally lifted. EFF wants to help with this, and we’re happy to consult with anyone subject to an NSL gag.
We’ve also encouraged technology companies to make the best of the reciprocal notice procedure as part of our annual Who Has Your Back? report. If the government continues to argue that recipients don’t necessarily “want to speak” about NSLs, we can now point to the growing trend of major tech companies—Apple, Adobe, and Dropbox, among others—that have committed to invoking reciprocal notice and challenging every NSL they receive.
Finally, we’ve seen other courts question gag orders in related contexts, and we’ve supported companies like Facebook and Microsoft in these fights. We’re confident that in the long run, these prior restraints will be roundly rejected yet again.