Cloudflare Discloses Four-Year Fight Against Unconstutional National Security Letter And Gag Order

Cloudflare, a provider of web performance and security services, revealed that it received a National Security Letter (NSL) in 2013 and that it was only now legally allowed to talk about it. The Electronic Frontier Foundation (EFF) helped Cloudflare fight the NSL, which it believes is an unconstitutional authority often abused by the government.

The Many Problems With NSLs

An NSL is an administrative subpoena served by the government that doesn't require a judge's approval. The problem with this is that judges are meant to ensure that the government can’t abuse its power by going around and searching everyone’s homes or personal files whenever it feels like it. NSLs are written into the Patriot Act in such a way that allows them to bypass judges and operate in almost total secrecy.

An even bigger problem with NSLs is that the government can--and usually does--also serve a gag order along with it. Therefore, the company or person receiving the NSL can’t talk about it, ensuring that the order stays secret.

Another problem with NSLs is that the gag orders are typically for an indefinite amount of time unless they are challenged in court, which most companies or people are unlikely to do. So far, the FBI has served hundreds of thousands of NSLs, and only a handful of them have been made public after many years of court battles.

The USA Freedom Act passed required the FBI to regularly review which NSL gag orders are no longer necessary, but there’s no additional oversight, which means the FBI can keep the vast majority of gag orders in place.

Cloudflare’s NSL

Cloudflare received an NSL in February, 2013, and after asking the EFF to join its court battle, it succeeded in getting the gag order removed. Shortly after Cloudflare started its lawsuit, the FBI withdrew its information request, so the customer information sought by the FBI was never shared. The gag order remained in place, however, likely so Cloudflare would never make the episode public.

This shows once again how trivial it is for the FBI to abuse NSLs and gag orders. If the information the FBI requested under secret order was so vital to its investigation, then it wouldn’t have given up so easily.

Microsoft’s recent lawsuit against the government showed that almost half of the data requests made to the company were accompanied by gag orders. This makes it seem like the government serves gag orders mainly because it can, and not because doing so is a necessity.

According to Cloudflare, a few months after the FBI served it the NSL, the company tried to convince a key Congress staff member working on counter-terrorism and judicial issues, who remained unnamed, that NSLs are unconstitutional. However, because of the gag order, Cloudflare’s counsel couldn’t actually tell the Congress staff member that the company had already received an NSL.

As such, the staff member continued to believe that an NSL couldn’t even be served to Cloudflare because the services it offers wouldn’t fall under the NSL statute. Clearly, the staffer was either wrong, or they were right and the FBI misinterpreted what the NSL statute allows it to do. Either way, Cloudflare was served with an NSL that it should never have received, according to the staffer.

Because NSLs are almost always accompanied by gag orders and because virtually no one takes on the U.S. government to challenge them, that also means the FBI can choose to misinterpret the statute whenever it wants. When someone does challenge an NSL, the FBI can just withdraw it, as it did with Cloudflare, and hope that the company or individual drops the case altogether.

Cloudflare said that it’s now able to publish a more accurate transparency report and it hopes this case will help change the minds of policymakers about the constitutionality and potential for abuse of NSLs by the U.S. government.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • metathias
    Appreciate the staff here at Toms allowing these types of articles to be posted. This information does not fall on deaf ears.
    Reply
  • 3ogdy
    Yeah, we deserve to be up to date with the latest and greatest from pigs around the world, especially murrica.
    One thing, doe: How was that...unconst...what?
    Reply
  • Ramudown
    30GDY, the FBI is pretty much throwing their weight around. Since they don't need to go through a judge to get the NSLs out they just give em out to make sure the companies don't go public. Kinda like a big brother doing something to a younger brother but telling them they will hurt them worse if they tell. In other words they are putting NSLs out and a gag order to keep the ones they gave out illegally under the cover of a "gag order".
    Reply
  • chicofehr
    Why hasn't anyone anonymously leaked these documents already? Would this be covered under whistle blowers legislation?
    Reply
  • drajitsh
    Why do they criticize Chinese censorship?
    Reply
  • John_561
    The patriot act is such BS. Needs to be nerfed.
    Reply
  • mavikt
    This'll only get better with Donald (duck) as POTUS! The US should really get the "Ombudsman"a system going.... Anonymous serving of justice isn't justice! If justice is juste, it's public. Otherwise it walks like a duck and talks like a duck...
    Reply
  • 3ogdy
    19143949 said:
    30GDY, the FBI is pretty much throwing their weight around. Since they don't need to go through a judge to get the NSLs out they just give em out to make sure the companies don't go public. Kinda like a big brother doing something to a younger brother but telling them they will hurt them worse if they tell. In other words they are putting NSLs out and a gag order to keep the ones they gave out illegally under the cover of a "gag order".

    I'm not sure you understand what I posted, you've just explained a concept I fully understand and am against. Cops shouldn't be able to do this. I praised Tom's for writing about it and people apparently have a problem with that, LMFAO.
    Reply