For years, tech companies have received demands from federal law enforcement for users’ data — and they’ve had to keep those demands a secret. Today, Yahoo is finally able to share three of the National Security Letters it has received from the FBI.
The release of the three letters is the first time a tech company has been able to disclose specifics about the NSLs it has received; previously the government has only allowed companies to say how many such demands they’ve received in ranges of zero to 499.
Yahoo credited the disclosure to the recent passage of the USA Freedom Act. “We’re able to disclose details of these NSLs today because, with the enactment of the USA Freedom Act, the FBI is now required to periodically assess whether an NSL’s nondisclosure requirement is still appropriate, and to lift it when not,” Yahoo’s head of global law enforcement, security, and safety Chris Madsen wrote in a blog post announcing the disclosure. “We believe this is an important step toward enriching a more open and transparent discussion about the legal authorities law enforcement can leverage to access user data.”
Two of the letters Yahoo revealed came from the Dallas FBI office in 2013. The third letter came from the Charlotte FBI office in 2015. The names and accounts of the users targeted in the NSLs are redacted, but Madsen says Yahoo informed the users directly that they were the subject of an NSL.
Despite the redactions, the disclosure highlights how far-reaching the government’s requests for user data can be. The NSLs required Yahoo to provide the names, addresses and length of service for each account. One of the letters also asked for associated bank accounts, IP addresses and other email accounts related to the user.
According to Madsen, Yahoo provided the name, address and length of service information in response to two of the letters; for the third letter, Yahoo was unable to respond because the requested account did not exist.