In 2012, Google may have received 500 National Security Letters, requests from the FBI for identifying data -- such as name or address -- about one or more Google users. The number of NSLs may have actually been 200, though. Or possibly 950. Or perhaps (but almost certainly not) zero. In fact, all we know is that Google received between zero and 999 NSLs in 2009, as well as 2010, 2011, and 2012. That's not a lot of useful data, but it's more than we knew even one day ago.
Google today announced it's attempting to shed light on how the FBI is using controversial NSLs to obtain information about Google users. In a nutshell, an NSL is a request from the FBI or other federal agencies conducting national security investigations. Agencies can play the NSL card to obtain a communication-service customer's name, address, length of services, or local and long-distance toll billing records through NSLs.
The FBI is not required to get court approval to issue an NSL. According to Google, an NSL can't be used in ordinary criminal, civil, or administrative matters. Additionally, FBI can't use NSLs to obtain anything else from Google, such as Gmail content, search queries, YouTube videos, or user IP addresses, according to the company.
"The FBI has the authority to prohibit companies from talking about these requests. But we've been trying to find a way to provide more information about the NSLs we get -- particularly as people have voiced concerns about the increase in their use since 9/11," wrote Richard Salgado, legal director of law enforcement and information security at Google.
To that end, Google has secured the feds' blessing to share strikingly vague data on the NSL requests it has received from the FBI since 2009. "You'll notice that we're reporting numerical ranges rather than exact numbers. This is to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations," Salgado explained.
