In traditional e-discovery, you usually know when you’ve been served, and you know who is going after your data.
But it doesn’t always work that way—especially when the US government is involved and the data demands involve alleged threats to national security.
National Security Letters—administrative subpoenas issued by the federal government to wire and electronic communication service providers seeking user information—have many detractors. One of their most controversial aspects is a provision in federal law allowing the government to prohibit service providers from disclosing to users that their data has been sent to the government.
In the latest legal challenge to national security letters, the 9th US Circuit Court of Appeals has rejected a constitutional challenge to the prohibition against notifying users, holding that the prohibition does not violate the First Amendment. In re National Security Letter, No. 16-16067 (9th Cir. July 17, 2017).
Electronic Frontier
Founded in 1990, the Electronic Frontier Foundation (EFF) is a non-profit lobbying organization advocating for digital civil liberties. EFF is often viewed as a left-of-center organization advocating for less restrictive copyright laws, putting it at odds with many content companies, such as producers of motion pictures, music, and video games.
Part of EFF’s mission on the electronic frontier is digital privacy, and the organization believes the way the government issues national security letters violates the US Constitution.
Representing two of its clients, Cloudflare and CREDO Mobile, EFF mounted a constitutional challenge to the national security letter non-disclosure requirements of 18 U.S.C. § 2709(c).
Specifically, EFF argued the gag order provisions of section 2709(c) preventing wire and communications providers, such as Cloudflare and CREDO Mobile, from disclosing government data demands violated the free speech provisions of the First Amendment.
Gag Orders on Crime
National security letters are controversial even without the accompanying gag orders, but the non-disclosure provisions of federal law make them even more controversial, and the government-ordered secrecy has also triggered other litigation.
For instance, in Twitter Inc. v. Sessions (formerly Twitter Inc. v. Holder), No. 14-cv-4480 (N.D. Cal.), the social media company argued its First Amendment rights were violated when the US government refused to allow it to publish an unredacted version of its biannual Twitter Transparency Report.
The Transparency Report covers, among other things, government requests for user data. Twitter submitted the report in question in the litigation to the US government for review in April 2014. When the government replied five months later, it said the report could not be released in its entirety because information in it was classified and did not comply with the reporting framework under the Federal Intelligence Surveillance Act (FISA) and the National Security Letter statutes.
Like the EFF plaintiffs, in its suit, Twitter argued the national security letter gag orders constituted an unlawful, content-based prior restraint on speech in violation of the First Amendment.
In both cases, the government has argued that the restrictions are legal under federal law and that they are necessary because if investigative subjects knew they were being investigated, it could compromise the work of law enforcement.
Surviving Strict Scrutiny
When analyzing whether a government action violates the free speech provisions of the First Amendment—or laws pertaining to certain other fundamental constitutional provisions, such as race-based laws—the action must survive what is called “strict scrutiny.” It is exceptionally difficult to prevail when the strict scrutiny is the level of judicial review.
However, as we see with the government's win in the EFF litigation, it’s not impossible.
In the EFF case, the 9th Circuit conceded that strict scrutiny applied to consideration of section 2709(c)’s non-disclosure requirement, a content-based government restriction on speech. However, the court held the gag order requirement survived strict scrutiny.
In determining whether the non-disclosure requirement survives strict scrutiny, the central question is: Is the 2709(c) gag order requirement narrowly tailored to serve a compelling government interest?
The “compelling government interest” part of the test was the easiest in this case. Almost no one disputes that national security is a compelling government interest. Thus, the question centers on whether the non-disclosure requirement is narrowly tailored to serve that compelling government interest of national security.
In determining whether a law is narrowly tailored, courts will analyze whether there is a less-restrictive alternative available.
The EFF clients argued the law was not narrowly tailored because there were less-restrictive alternatives available. Specifically, they argued it was overly broad because it barred merely notifying the data user and because it allowed the government to keep the gag order in effect indefinitely.
The court rejected the EFF argument that it must examine each separate provision of the law to determine whether the law as a whole was narrowly tailored. Citing the US Supreme Court’s decision in Williams-Yulee v. Fla. Bar, 135 S. Ct. 1656 (2015), the court wrote, “This granular focus cannot be reconciled with the Supreme Court’s direction that narrow tailoring is not perfect tailoring.”
Why the National Security Letter Litigation Matters
When Frank Sinatra—or Liza Minelli, if one prefers—sang New York, New York, one of the lines was, “If you can make it there, you can make it anywhere.” One of the main reasons the 9th Circuit’s National Security Letter decision matters is that, if the government can win this kind of case at the 9th Circuit, it can win one anywhere.
The historically liberal 9th Circuit may have been the best venue national security letter opponents could have found, but they still couldn’t carry the day.
For data privacy advocates, it was another disappointing defeat. Among other things, privacy advocate Max Schrems argued the former EU-US Safe Harbor Framework for international data transfers should be ended because of US government access to data in violation of EU law. Schrems won, the Safe Harbor is gone, and court holdings such as the 9th Circuit’s National Security Letter decision don’t help.
Such decisions make cross-border e-discovery more difficult. e-Discovery practitioners and clients should remember that—although most of the time they are very well aware of what data adversaries have—when it comes to national security letters, you and your lawyers will almost never know.
As we’ll be discussing in October at the Relativity Fest session, e-Discovery with the Government: What You Need to Know, customary rules of e-discovery go out the window when the government is your adversary, and national security letters are an excellent—albeit, admittedly somewhat rare—example.
In our Orwellian era of the 21st Century, Big Brother can always get the data—even when you don’t know about it.
