President Obama’s National Security Letter Reforms: UPDATE

On January 17, 2014, President Obama addressed the nation with his plan to revamp government surveillance activities.  The President outlined five key changes he hopes to implement moving forward.  You can take a look at our post from the day the speech was released for a full recap; but, for now, I want to focus on the fourth section of reforms introduced by the President regarding National Security Letters (NSLs).

Specifically referencing NSLs—issued by the government and requiring private companies to provide the government with information about their customers (and often subjecting such companies to a gag order)—President Obama stated:

Now, these are cases in which it’s important that the subject of the investigation, such as a possible terrorist or spy, isn’t tipped off.  But we can and should be more transparent in how the government uses this authority.

President Obama represented, therefore, that he would direct the Attorney General to

amend how we use national security letters so that this secrecy will not be indefinite, so that it will terminate within a fixed time unless the government demonstrates a real need for further secrecy.  We will also enable communications providers to make public more information than ever before about the orders that they have received to provide data to the government.

Now for the update:

Threat Post reports that a Department of Justice ruling, accompanied by a Deputy Attorney General letter sent to certain private entities, was released last week easing the gag order and providing companies with two new reporting options:

• First, companies may report the number of Foreign Intelligence Surveillance Act (FISA) orders for content and non-content, and the number of customer accounts affected for each in bands of 1000 requests.  (Reports may be published every six months, but subject to delay when necessary).
• Second, companies may report all national security requests received through either NSL or FISA order, as well as the number of customer accounts affected with exact numbers (up to 250 requests and thereafter in bands of 250).