Friday , 9 December 2016

Reddit Latest Site Hit With National Security Letter

It has recently come to light that the popular online conglomeration website Reddit has most likely been hit with a National Security Letter recently.  A NSL, as they are often referred to, is a secret direct order for a company to disclose information such as information about its users and their activities.

The interesting thing is that Reddit didn’t quite say they had received this order – but rather, they implied it had gotten one by simply not stating it had not received one.  Basically an NSL has a built in gag order whereby a company cannot disclose that it had received an NSL.  However, many companies began a habit with a sort of “canary” call by including in their yearly transparency reports a note that a company had not gotten a National Security Letter in that year.  However, when a company fails to include that indicator statement in their report, it is implied that they had gotten a letter that year.  It’s all very cloak and dagger, and only adds to the frustration of people fighting to keep power away from the government in situation such as these.

According to WIRED magazine, the section describing the receipt of NSL letters was conspicuously absent from Reddit’s annual transparency report.

In Reddit’s transparency report for 2014, it indicated in a section titled “national security requests” that it had received no National Security Letter during that year, or any order issued by the Foreign Intelligence Surveillance Court.

“As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information.” The company also noted in the last sentence of that section, “If we ever receive such a request, we would seek to let the public know it existed.”

Now, in Reddit’s transparency report for 2015, that entire section is missing.

National Security Letters are extremely powerful, and their use is not well overseen.  In fact there have been reports documenting their abuse.  They have been around since the 1980s however since the Patriot Act the information and kinds of data they could be used to procure has been expanded greatly.  They are rarely discussed inside or outside of Congress, and the public has only become aware of a handful of the almost 300,000 NSLs that have been issued in the past 10 years or so.

So, in the face of the gag order that the NSL comes with many companies have instituted the “warrant canary” to notify the public that they have received an NSL…without actually doing so.  For example, as in Reddit’s case, if they continue to report that they haven’t gotten an NSL then they haven’t….but once they stop stating that or omit mentioning it, then it can safely be assumed that they had become the target of an NSL.

Although the government can’t force a company to lie–or continue the facade of having not received an NSL, the canary method hasn’t been challenged in court, and it’s unknown what the outcome would be.  Reddit is in fact the first company that has “killed” its canary.

The reason that so many people are upset over this is because it seems that the government has too much power in this case–power that is being left unchecked.  They can basically issue one of these letters anytime they want, and if the company does not comply it will be destroyed, fined astronomical amounts, or the people in the company held in contempt of court.

Do you think the government is overreaching with these NSLs?  How do you think the situation could be amended?  Leave a comment below.

About Bill Gordon

Bill Gordon has been writing on tech and malware subjects for 6 years and has been working in the internet and tech industry for over 15 years. He currently lives in Southern California.

Leave a Reply

Your email address will not be published. Required fields are marked *