Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Legal

What is National Security Letter?

An administrative subpoena issued by U.S. federal agencies (primarily the FBI) for national security investigations. NSLs come with gag orders preventing recipients from disclosing their existence, making them controversial tools of surveillance.

Also known as: NSL

National Security Letters are controversial because they operate in secret. Companies receive them, must comply, and can't tell anyone—not even the user being investigated.

How NSLs Work

  1. FBI issues NSL to company
  2. Company must provide requested data
  3. Automatic gag order prevents disclosure
  4. No judge approval required
  5. Target never knows

What NSLs Can Request

Subscriber Information

  • Name, address
  • Session logs
  • Payment information
  • Account details

Limitations

  • Cannot request content of communications
  • Cannot request browsing history
  • Limited to "relevant" information
  • Supposed to be used sparingly

The Gag Order Problem

Perpetual Secrecy (Previously)

  • Companies couldn't disclose receipt
  • Couldn't challenge in court easily
  • Users never informed

Current Law (Post-2015)

  • Can challenge gag order after 1 year
  • Some gag orders have been lifted
  • Warrant canaries emerged as workaround

Warrant Canaries

How They Work

  • Company publishes statement: "We have not received any NSLs"
  • If statement disappears, inference is clear
  • Can't be forced to lie (in theory)

Effectiveness

  • Uncertain legal status
  • Some companies use them
  • FBI has indicated disapproval
  • Better than nothing

Legal Challenges

Key Cases

  • Doe v. Ashcroft (2004): First constitutional challenge
  • Mozilla's challenge: Gag order lifted after 10 years
  • Ongoing reform efforts

Constitutional Concerns

  • Fourth Amendment (unreasonable search)
  • First Amendment (gag order)
  • Due process

NSL Statistics (From Transparency Reports)

  • Thousands issued annually
  • Many target large tech companies
  • Most involve subscriber info
  • Vast majority have gag orders

Protecting Against NSLs

For Companies

  • Challenge unconstitutional requests
  • Use warrant canaries
  • Minimize data collection
  • Publish transparency reports

For Users

  • Assume companies in US jurisdiction can receive NSLs
  • Use services with minimal data retention
  • End-to-end encryption protects content
  • Consider jurisdiction of providers

Related Terms

Five Eyes

An intelligence alliance between the United States, United Kingdom, Canada, Australia, and New Zealand that shares surveillance data and signals intelligence. Privacy advocates consider Five Eyes countries higher risk for hosting privacy-focused services.

Subpoena

A legal order requiring a person or company to provide testimony, documents, or other evidence in legal proceedings. Service providers may receive subpoenas demanding user data, which is why privacy-focused services minimize data collection.

Have more questions?

Use our guided flow to get the right next privacy step for National Security Letter.

Open Guided Flow