
A Decade-Old Gag Order, Lifted - mmastrac
https://www.aclu.org/blog/speak-freely/decade-old-gag-order-lifted
======
jimrandomh
This is reporting that Nick Merrill, who was under a gag order restricting his
ability to talk about a subpoena he received in 2004, is no longer gagged. It
links to an editorial he wrote (anonymously) about that gag order,
[http://www.washingtonpost.com/wp-
dyn/content/article/2007/03...](http://www.washingtonpost.com/wp-
dyn/content/article/2007/03/22/AR2007032201882.html) , in which he writes:

> "Based on the context of the demand -- a context that the FBI still won't
> let me discuss publicly -- I suspected that the FBI was abusing its power
> and that the letter sought information to which the FBI was not entitled."

This new article does not disclose who that subscriber was, but the article,
and the earlier op-ed, seem to imply that the subscriber's identity alone is
enough to suspect an abuse of power. We'll probably hear more about that in
the near future, but I'd like to make a prediction. The most likely
interpretation is that this was a critic of the FBI or of the US government as
a whole, and that the subpoena - which seeks to unmask the subject's identity
- would be a prelude to retaliation.

The article goes on to describe how the FBI has materially misrepresented its
use of National Security Letters to Congress, and that the practice of sending
them has twice been struck down by the courts as unconstitutional. By all
appearances, a significant chunk of the US law enforcement apparatus has
simply gone rogue, stopped respecting Congress and the courts and is instead
focused on increasing its own power.

~~~
raquo
> By all appearances, a significant chunk of the US law enforcement apparatus
> has simply gone rogue, stopped respecting Congress and the courts and is
> instead focused on increasing its own power.

I truly don't understand why nothing is done about that. Why doesn't anyone
lose their job over this, let alone go to jail? I mean, I've gotten used to
such indifference in Russia, but US seemed like the country that shouldn't
tolerate shit like this.

~~~
jamoes
> I truly don't understand why nothing is done about that. Why doesn't anyone
> lose their job over this, let alone go to jail?

My suspicion is that the FBI and various three-letter-agencies have dirt on
most of the elected representatives. The mass surveillance apparatus is the
perfect tool for collecting blackmail material on current and future leaders.

~~~
tptacek
That is certainly the most amusing and dramatic explanation of what's
happening.

A simpler explanation might just be that Congress broadly supports what DOJ is
doing, and cares a _lot_ less about the integrity of specific online services
than they do about DOJ's role in combating terrorism, nuclear proliferation,
and foreign intelligence services.

~~~
saosebastiao
The FBI's founding director had this very tactic as his modus operandi. It
isn't hard to speculate that the culture of the FBI has supported political
extortion for well over 80 years now.

~~~
tptacek
That's true. J Edgar Hoover did do this. Of course, Hoover is also one of the
great villains of US history, and there was a major course-correction in the
1970s regarding the legal process federal law enforcement has to adhere to.

"The FBI is run by the modern equivalent of J. Edgar Hoover" is also an
amusing and dramatic interpretation of the facts we have now. But they don't
square well with other facts we know, such as Ashcroft's hospital-bed refusal
to reauthorize STELLARWIND. And that was John Ashcroft, who is not exactly a
cuddly Sesame Street muppet on these issues.

In case I need to make this clear:

I don't think sacrificing the integrity of online services for DOJ goals is a
good tradeoff. The wins seem very marginal, and the long-term costs are huge.
But I'm a technologist with a security/privacy concentration, and Congress is
composed mostly of lawyers.

~~~
jacquesm
Hoover had plenty of apologists who were arguing that he was using these
tactics only for good causes (such as against communism, today it would be
terrorism or child pornography), it took a long time before anybody dared to
speak out against this, he was simply too powerful.

Most likely today such direct blackmail of (domestic) politicians and other
officials is not the case but you can't really rule it out completely.

The bad thing is that the reputation of the FBI and other such agencies is now
such that an analogy with the Hoover days can no longer be rejected out of
hand 'because they'd never do such a thing'.

They did in the past, for many years with many people, we know that for sure,
and they quite possibly still do, see the thread linked here, after all what
use could a decade old gag order have and do you actually believe that 100's
of _thousands_ of gag orders and NSLs can actually have a legitimate
foundation?

That's to me beyond belief, that there are 100's of thousands of instances
where the authorities issue _permanent_ gag orders with respect to information
gathering on individuals and that this is all somehow both legal and
proportional use of powers vested in these agencies.

~~~
dmix
> The bad thing is that the reputation of the FBI and other such agencies is
> now such that an analogy with the Hoover days can no longer be rejected out
> of hand 'because they'd never do such a thing'.

Not only that but when someone's life is as public as a politician - and their
career dependent on that credibility - it takes far less than Hoover-era style
blackmail to ruin such a person.

So even if the FBI is no longer acting like the Hoover era agents there are
significant careers risks in standing up to the three-letter agencies, (and
their similarily-powerful network of friends and former employees). Those
risks have only grown as the power of the NSA/FBI have grown with the spread
of technology/internet.

The bar for making such a claim is much lower than in the 1950s, especially in
the context of a politician.

~~~
tptacek
You're giving the FBI a whole lot of credit for their ability to orchestrate
what would be one of the great conspiracies of the last 100 years: despite the
fractious nature of modern politics, with politicians charging through
revolving doors of office and then lobbying jobs all the while accusing the
sitting President of being a traitor or even a foreign agent, _not one_ of
these attempts at blackmail has ever been brought to light, _or even alleged_
, by any member of Congress on either side of the aisle.

~~~
raquo
There might be plenty of reasons why we don't know of such instances.

For example, those being blackmailed might not know or have any proof that
it's FBI who's blackmailing them. The FBI of course has endless opportunities
of plausible deniability, starting with "rogue contractor".

It all boils down to incentives: what exactly do you have to win from
disclosing? What is the chance that people will believe you given that you
have no evidence? And what would you even expect your audience to do about it?
And how does that scenario compare to the worst that your blackmailer is
willing to do?

It would be fairly easy for someone with the power of the FBI to rig the
subject's incentives heavily in their favor, and to only pursue blackmail on
subjects where they are fairly certain of success. At some point of
proficiency a casual observer might not be able to distinguish it from
lobbying!

We don't know if these things happen or not, but they're entirely possible.
Stranger things have been leaked and declassified over the years.

~~~
karmacondon
It's difficult for the FBI to use mass surveillance techniques to blackmail
anybody. Sure they can make allegations, even true ones, but if they present
evidence it would be pretty clear where it came from. Only so many entities
have the ability to gather the kind of data necessary to separate fact from
rumor.

In terms of incentives, blackmail is generally a lower tier crime in terms of
likelihood of success. Think about if someone tried to blackmail you. There's
a good chance you'd think "Sure I can give in to their demands now, but
they'll just ask for something else later and they never have to stop asking".
Unless the crime being covered up involves significant jail time, most people
would rather face the consequences than live the rest of their lives under
someone else's control. Many former politicians have successful careers even
after mundane scandals (Weiner and Spitzer come to mind).

And depending on the nature of the secret, most politicians would get some
slack from the public for having the courage to standup to FBI blackmail. They
might even be able to spin themselves as a flawed hero. In fact, having a
three letter agency try to blackmail you right now is kind of a get out of
jail free card.

As tptacek said, this is really fascinating fiction but it's just wildly
impractical in real life. Blackmail is messy and has a lot of moving parts
that are difficult to control. The FBI is better off doing exactly what they
do now: asking Congress for money and getting it.

~~~
raquo
Parallel construction should work for blackmail just as well as it does in the
courts I think to obscure the true source of information. And people don't do
bad things alone, there are always other people involved who could
simultaneously be plausibly claimed as source and plausibly deny this. A
"stolen hard drive" could explain anything.

Any crimes that the politicians are involved with probably do carry
significant jail times, given how corruption and pedophilia apparently still
exist.

> depending on the nature of the secret, most politicians would get some slack
> from the public for having the courage to standup to FBI blackmail

I don't really see this playing out in the politician's favor.

Politician: FBI is blackmailing me! Press: with what? Politician: ... Press:
do you have any proof it's FBI? Politician: Nope FBI: We're not doing anything
FBI: (anonymously releasing some info) Politician: resigns / get jailed Press:
boo bad politician!

Or:

Politician: FBI is blackmailing me! Press: with what? Politician: They say I
stole a billion dollars FBI: we're not doing anything, but we should
investigate this FBI: wow this guy really did steal a billion dollars, we
can't ignore this Press: politician announces he stole $1 billion dollars,
gets jailed

I don't get one thing: if politicians' decisions can be purchased by campaign
donations and lobbying, why would they be any more resistant to something more
persuasive? Again, to reiterate, blackmail does not need to be letters with
threats compiled from newspaper cutouts. There's a whole range of methods they
could be using that rely on the information they collect.

------
jacquesm
Props to the man for sticking this out for so long. He _first_ point blank
refuses to comply, the FBI then withdraws the NSL but keeps the gag order in
place and he then fights them for an additional decade to get the gag order
lifted. That's tenacity.

This reminds me of the Lavabit case, wonder why the one shut down their
service and the other managed to simply reject the requests:

[https://en.wikipedia.org/wiki/Lavabit](https://en.wikipedia.org/wiki/Lavabit)

~~~
tptacek
The Lavabit case was complicated by Ladar Levison's handling of the DOJ's
request, and by the fact that his security architecture was "all-or-none" in a
way that did not allow him to selectively disclose only the encrypted messages
DOJ asked for.

[https://news.ycombinator.com/item?id=7774823](https://news.ycombinator.com/item?id=7774823)

~~~
jacquesm
I see. So he should have simply stonewalled at the very _first_ request, not
wait until it dealt with someone he wanted to protect.

On the other hand the story above does not relate whether or not there were
previous requests there _is_ a passage that indicates that the operator of the
service had knowledge of the person involved.

"Nick wasn’t sure why the FBI was demanding the information, but he knew a
little about the subscriber the FBI was apparently investigating, and he
doubted that the investigation was a legitimate one. "

He also wondered why the FBI did not involve a judge and in the Lavabit case a
judge clearly was involved.

~~~
tptacek
To protect his users and avoid imprisonment, he would have had to fix _both_
problems: not taunting and slow-rolling the DOJ, and doing that having
designed a system that either (a) didn't give him the technical ability to
decrypt messages or (b) allowed him to easily do that selectively.

The real problem with Lavabit is that it was incompetently designed and made
security promises it was flatly and obviously unable to keep. From the
transcripts, it seems like Levison tried to represent to the DOJ that his
system was stronger than it was, when it was clear to anyone technical that he
could easily comply with DOJ's demands.

Regarding judges: it may be that Levison happened after reform of the national
security letter laws, so that simply as a result of timing, Levison's
predicament had to involve a judge. However: even if that hadn't been the
case, a judge would have been involved as soon as Levison (or Calyx) refused
to comply.

~~~
jacquesm
I think he agreed with that perspective, otherwise he would not have shut it
down, clearly it was not salvageable at that point.

Still, in spite of the damage done and the technical flaws that was quite the
holding action and I think quite a few companies would have folded and _much_
earlier.

~~~
tptacek
What was the point of his "holding action"? DOJ not only got what it wanted,
but, as a result of Levison's hapless attempt to wriggle out of their request,
they got Lavabit's TLS keys as well! Had Levison simply complied up front,
he'd have held on to the keys, and been able to fold the site up gracefully,
losing only the specific account DOJ targeted.

~~~
jacquesm
Panic. When cornered people make strange moves. It's easy enough to look at
this rationally after the fact but I'm trying to imagine being in the focal
point of such a powerplay and I'm not sure I'd make every move by the book.

~~~
tptacek
Ok. You see, though, how his holding action probably harmed his users, right?

~~~
guelo
Still a hero though.

~~~
jacobush
Agreed. There has to be a place for principles in this world.

~~~
jacquesm
If we're apparently putting people in jail for their intentions then
definitely, intentions matter when the situation is the reverse as well. The
guy tried to make a stand, messed up under pressure (and who here would dare
to say they would not, I'm pretty steadfast but when that sort of power is
aimed directly at you and your small company it takes some serious mental
fortitude to even consider rejecting the request) and unfortunately made some
bad technical decisions.

All in all, nothing but good intentions and with a bit more foresight it would
have ended quite differently. I sincerely hope that if I'm ever the subject of
such pressure that I'll do half as good, hopefully better but definitely no
guarantees there.

And trying to protect Edward Snowden was - especially at that moment in time -
something that was a very hot issue as an American citizen well within reach
of the arm of the law.

~~~
tptacek
Hold on, don't move the goalposts. Levison did not design Lavabit under
pressure from the DOJ. He had years to work on the design, the precedent of
Hushmail to work from, and, let's be clear: until the DOJ requested documents
that violated his own political leanings, he was compliant with other DOJ
requests.

~~~
jacquesm
> until the DOJ requested documents that violated his own political leanings,
> he was compliant with other DOJ requests.

And that's his mistake. He should not have cared at all about _which_ users
the DOJ wanted info about, he should have realized that if he was capable of
complying with their demands at all that his system should be fixed rather
than kept that way.

I can see how this happens though. Imagine your average TOR exit node
operator. This person may have noble intentions and dreams about supporting
dissidents. Then finds out the exit node is used to peddle all kinds of gore.
The temptation to become involved in determining what is and what is not
supported use of 'your' exit node must be tremendously strong. Especially if
some of that traffic is personally revolting, offensive or in some other way
against your own personal philosophies.

So Levison may have thought that doing his bit, aiding the DOJ and
purposefully having these holes was a net positive for society. But looking
back I think he'd be the first to agree that that was a very bad mistake.

~~~
tptacek
We disagree, for whatever it's worth. To me, his mistake was in attempting to
provide government-proof email without taking the time to build the expertise
required to do so.

The Internet is littered with broken attempts at providing government-
resistant messaging systems. They're a plague. There experts trying to deliver
the same systems, but securely; they get drowned out because their UX isn't as
smooth as that of Lavabit's --- which took full advantage of the UX benefits
of _total insecurity_ to get more users.

~~~
jacquesm
> To me, his mistake was in attempting to provide government-proof email
> without taking the time to build the expertise required to do so.

It is very hard to find someone who knows what he does not know. _Much_ more
capable people than Levinson have been bitten by that particular failure.

> There (are) experts trying to deliver the same systems, but securely; they
> get drowned out because their UX isn't as smooth as that of Lavabit's ---
> which took full advantage of the UX benefits of total insecurity to get more
> users.

Agreed. Conclusion: user experience counts. What I wonder is why those experts
in crypto can't get their act together and deliver a user experience that's at
least good enough not to get in the way of acceptance. Wherever there is a
conflict between 'good crypto' and 'user experience' the crypto wins out in
one product and the user experience wins out in another. Users
_overwhelmingly_ choose the packages with the good user experience and the bad
crypto.

This may not be fixable in the case of conflicts but for many of the issues
they may in fact be simply a matter of attention to detail, after all if the
effort can be expended to make good crypto then a similar effort should go
into the user experience since in the eyes of the users _both_ are important.
Delivering great crypto in an impractical package is a non-contribution.

That is going to be an uphill battle if the past is anything to go by.

------
emiliobumachar
Key quote:

"According to the Justice Department’s inspector general, the FBI issued a
staggering 143,074 NSLs between 2003 and 2005. And every NSL was accompanied
by a categorical and permanent gag order."

That's almost one per 2000 americans. I wonder how does this number compare to
actual court orders.

~~~
scrollaway
Another key quote:

> I found it particularly difficult to be silent about my concerns while
> Congress was debating the reauthorization of the Patriot Act in 2005 and
> early 2006. If I hadn't been under a gag order, I would have contacted
> members of Congress to discuss my experiences and to advocate changes in the
> law. The inspector general's report confirms that Congress lacked a complete
> picture of the problem during a critical time: Even though the NSL statute
> requires the director of the FBI to fully inform members of the House and
> Senate about all requests issued under the statute, the FBI significantly
> underrepresented the number of NSL requests in 2003, 2004 and 2005,
> according to the report.

~~~
eric_h
Wow - it's astonishing that you can't even speak about NSLs with people who
(or at least some of whom) have top secret clearance...

~~~
caseysoftware
Just because you're cleared in one area/agency doesn't mean you have access to
anything of that level or lower. Clearances are entirely need to know.

I'm not sure of the rules today, but 10 years ago clearances in some
agencies/departments didn't even transfer to other agencies due to differing
requirements.

(I'm not saying that this system is good, just describing how it works.)

~~~
eric_h
Thank you for the clarification.

Nevertheless, I feel like there should be some recourse in the system to
appeal to a branch of government other than the secret judicial branch in
circumstances like this...

~~~
simoncion
You can always choose to be a whistleblower, and hope that what you have to
say motivates someone powerful to protect you from the life-destroying
shitstorm that will be dropped on your head.

------
mjevans
I am once again reminded that the ACLU and EFF are wonderful organizations
that attempt to keep the legal system barely sane for everyone else.

~~~
kpennell
Sad that the ACLU operated at a loss last year:
[http://www.charitynavigator.org/index.cfm?bay=search.summary...](http://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=3247)

------
kpennell
Just a reminder to donate: The ACLU operated at a loss of 18 million last
year:
[http://www.charitynavigator.org/index.cfm?bay=search.summary...](http://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=3247)

Donate: [https://www.aclu.org/donate/join-renew-
give](https://www.aclu.org/donate/join-renew-give)

------
tracker1
This is part of why the ACLU, EFF and NRA are the institutions I'm most in
favor of donating to. The encroachment of civil liberties, increasingly
intrusive actions from our own government and the like are getting pretty
rediculous.

~~~
peteretep

        > ACLU, EFF and NRA
    

I consider my neighbour being able to own an assault rifle as an encroachment
of my civil liberties.

~~~
giardini
Please explain.

Do you feel the same way when they buy a new car? Is this "keeping up with the
Joneses"?

Perhaps you should buy an assault rifle for yourself (and another for the wee
wifie)!

~~~
peteretep
You know how Americans feel about Iran getting nuclear weapons? That's how I
feel about my neighbours acquiring weapons intended for war zones.

------
post_break
So how do we see the attachment?

Found the link, at the bottom of the article, hidden in the last
sentence....... [https://www.aclu.org/legal-document/merrill-v-lynch-
unredact...](https://www.aclu.org/legal-document/merrill-v-lynch-unredacted-
attachment-2004-nsl)

------
blahblehbluh
Almost all major internet companies have to deal with NSLs. For example:

Facebook:
[https://govtrequests.facebook.com/country/United%20States/20...](https://govtrequests.facebook.com/country/United%20States/2015-H1/)

Google:
[https://www.google.com/transparencyreport/userdatarequests/U...](https://www.google.com/transparencyreport/userdatarequests/US/)

Dropbox:
[https://www.dropbox.com/transparency](https://www.dropbox.com/transparency)

More could be found at: [https://www.accessnow.org/pages/transparency-
reporting-index](https://www.accessnow.org/pages/transparency-reporting-index)

------
Estragon
The only plausible presidential candidate who'll put a stop to these kinds of
abuses is Bernie Sanders. Be sure to vote for him in your Democratic Primary.

~~~
cvwright
Isn't Rand Paul also making similar promises on the Republican side?

~~~
pheroden
He said plausible.

~~~
icelancer
Which makes neither of the candidates relevant.

------
samclearman
This stuff is much worse than NSA data collection. Gag orders are evil, and
secret courts are even worse. I really wish people would stop worrying about
government surveillance - who cares what people know about you? - and start
worrying about this instead.

------
shmerl
A pity crowdfunding for Calyx ISP failed:
[https://www.indiegogo.com/projects/the-calyx-
institute#/](https://www.indiegogo.com/projects/the-calyx-institute#/)

I'm still puzzled why so few people cared. In today's techno-social climate,
it should go like hot cakes.

------
golergka
1) Journalists say that the identity of the FBI's target imply the abuse of
power

2) Ten years later, all legal restrictions are removed

3) The identity of the person, which was supposed to prove that FBI's actions
were abuse of power, is still not released

Why?

------
profeta
now that the gag order is not in place, can we learn who the FBI was spying
on? was it legitimate? if not, who approved it?

this is a pointless victory unless we use it for accountability.

~~~
ars
> can we learn who the FBI was spying on?

It seems to me that only that person themself should reveal that, or not, as
they choose.

~~~
cpeterso
But do they even themselves know? Did the gag order prevent Nicholas Merrill
from alerting the subscriber?

Based on the redacted latter, it appears the subscriber's email address is
about 23 or fewer characters.

[https://upload.wikimedia.org/wikipedia/commons/f/f4/4610_001...](https://upload.wikimedia.org/wikipedia/commons/f/f4/4610_001_redactednsl.pdf)

~~~
rhizome
That could be, but I did notice from the gradual reveals of the NSL that it
seems like they have a minimum mark-size, like 1/2", even if (or especially
if) it's just one letter.

------
RankingMember
I was hoping to see the item they show screenshotted in various states of
redaction, but I don't see any link to it. Anyone see one?

~~~
lambda
[https://www.aclu.org/legal-document/merrill-v-lynch-
unredact...](https://www.aclu.org/legal-document/merrill-v-lynch-unredacted-
attachment-2004-nsl)

~~~
RankingMember
I meant the other one that they showed screenshots of in various states of
redaction.

~~~
lambda
Isn't that the one I linked to? It's just the final unredacted version, but I
don't know how interesting the redactions would be.

------
bitwize
A lot of people opine that instead of the Global War on Terra we should treat
terrorism strictly as a concern for law enforcement.

However, the LE attitude to the terrorism problem is "we can't wait until
crimes have been committed to start making arrests; we have to identify and
neutralize potential terrorists _before_ they do something awful". And, absent
a _Minority Report_ pre-crime unit, this is where we end up: with the FBI
aggressively and warrantlessly sniffing around, looking for a terrorist under
every rock, and even falling on the wrong side of the sting/entrapment divide
and _goading_ people it thinks might be terrorists into participating in fake
terror schemes to round them up.

I don't have any ready solutions to the terrorism problem, but it seems as if
leaving it to the military, intelligence community, or law enforcement each
comes with its own set of severe drawbacks which undermine human rights.

------
yuhong
Full resolution image with text readable is at
[https://www.aclu.org/sites/default/files/styles/blog_main_wi...](https://www.aclu.org/sites/default/files/styles/blog_main_wide_580x384/public/field_image/web15-blog-
doc1-1160x768.jpg)

------
duanesmithla79
Gag orders are like ancient laws (e.g. no horses allowed in front of church);
they just stay on the books until somebody notices.

