Thursday, July 1, 2021

About National Security Letters (NSL)

From time to time in the past we've made reference to "National Security Letters" (NSLs), as commonly used by the FBI in counterintelligence and counter terrorism investigations. The virtually certain use of NSLs in the various Russia Hoax related investigations also raised issues concerning the type of investigations that were opened.

This morning I was reading Jen Dyer's ruminations on the Tucker Carlson matter--Asking the right questions about the monitoring of Tucker Carlson. For the most part Dyer is discussing the same issues that we referred to (more briefly) here and here.

Dyer's questions are, of course, the right questions--she has the background to understand the importance of those questions for grasping what's going on. The bottom line, as we've discussed, is that the real issue is not that NSA is collecting data that pertains to USPERs like Tucker Carlson. The NSA collects all available data regarding all of us. But the real question is, What investigative agency is acquiring data pertaining to Tucker and using it in an investigation of some sort? The overwhelmingly most likely answer to that question is: The FBI.

What Dyer brings up in her article, in passing, touches on a slightly different matter, but one that is well worth understanding and keeping in the back of your mind. I'll reproduce here that brief passage, then unpack it a bit:

A detour through the cloud

Before resuming the discussion of why Carlson’s source named NSA as monitoring him, a brief stop in the IT cloud is in order.

An alternative possibility is that someone, presumably the FBI, has been examining Carlson’s files in whatever IT cloud he uses, as Rudy Giuliani said was done with his iCloud files in 2019.

Just a computer living and working in the cloud. Pixabay

Files in the cloud are not communications. Keystroke logs and temporary files, stored as documents are being updated, are not communications. Texts and emails that get stored on a cloud server are not communications in the same functional way such data files are when they undergo send-receive transactions via telecom processes.

But it’s quite possible the information Carlson’s source quoted to him, which seemed to come from Carlson’s own texts and emails, could have been abstracted from working files in his IT cloud. Cloud data is obtained via subpoena to the cloud providers, such as Google, Microsoft, and others.

It’s not routinely amassed and stored in a government cyber-vault, as telecom data is. NSA can’t issue a subpoena for it; at the federal level, DOJ has to do that, and NSA will never even see it.

Curiously enough, concerns about government monitoring and privacy in the cloud have just been raised anew in Congress this week.

First, to be clear, NSA--at least as far as I personally know--doesn't routinely acquire and store cloud files. That's what Dyer states, and I defer to her on that. Therefore, NSA would likely not have obtained Tucker related data from cloud files. In that sense, the issue of the cloud is moot--as far as we can tell.

However, the fact that someone at NSA was aware of the content of Tucker's communications--and that seems to be the case--suggests that some investigative agency has obtained NSA collection relating to Tucker. That would be telecom data and acquiring such data would normally be done via FISA. From a legal standpoint, FISA is a somewhat painstaking process, and involves having an open Full Investigation

That doesn't mean that Tucker is the official 'target' of any investigation at all--his communications may have been acquired as part of an investigation of other persons, foreign or domestic, who were in communication with Tucker. The collection of Tucker data under a FISA would thus be 'incidental,' but presumably somehow relevant to the investigation. If the Tucker data weren't viewed as somehow relevant it would have been 'minimized'.

Again, all this is about the cloud is--as far as we can tell at this point--likely irrelevant to the Tucker matter. From what we know it seems far more likely that FISA is involved.

On the other hand, the example that Dyer brings up of Rudy Giuliani's experience with the FBI accessing his cloud files tells us that this is an aspect of government investigating that we should be aware of. Constantly. I have no idea what sort of privacy/security measures public figures typically take. I presume that Tucker has access to knowledgeable advice on that score, but security is basically a pain in the ass, so whether advice is followed is an entirely different matter. Just ask Rudy.

What interests me in this whole matter of the cloud and NSLs is the legal aspect, because no matter what skullduggery the intel agencies get up to, we know from the Russia Hoax that they at least follow the legal forms, they check the legal boxes. They may fib or obfuscate or commit perjury or even--a la Kevin Clinesmith--commit forgery, but all that is fit inside a legal framework. Indeed, the Clinesmith example points up what can happen when a clearly indefensible step is taken--you get spanked with a wet noodle. The smart path is to always maintain deniability, the claim that you actually believed what you said or wrote, however implausible. Even Clinesmith did that--speaking of implausibility--and that gave the judge what he needed to give Clinesmith the wet noodle treatment.

So, what is this legal aspect? Dyer refers to obtaining cloud files via subpoena. Now, the use of a subpoena requires a grand jury. But, in National Security investigations--and I'm betting dollars to donuts that Tucker is caught up in a National Security investigation since NSA is involved (National Security Agency, right?)--there's another very commonly used method for obtaining cloud documents: National Security Letters (NSLs).

What is an NSL, in a legal sense? It's a type of what's called an "administrative subpoena." That means that an admin subpoena is a subpoena that is NOT issued by a grand jury--it's issued by an executive or administrative agency. In other words, an NSL is issued by bureaucrats rather than by a grand jury or--if you liken these legal instruments to searches--by a judge.

Here's the Wikipedia short version of what's up with administrative subpoenas generally--which are controversial, despite their long established use:

An administrative subpoena under U.S. law is a subpoena issued by a federal agency without prior judicial oversight. Critics say that administrative subpoena authority is a violation of the Fourth Amendment to the United States Constitution, while proponents say that it provides a valuable investigative tool.

Ha ha! This is one of those cases where both sides may be right!

Now, Wikipedia on the special form of admin subpoenas called National Security Letters:

A national security letter (NSL) is an administrative subpoena issued by the United States government to gather information for national security purposes. NSLs do not require prior approval from a judge. ... By law, NSLs can request only non-content information, for example, transactional records and phone numbers dialed, but never the content of telephone calls or e-mails.[1]

NSLs typically contain a nondisclosure requirement forbidding the recipient of an NSL from disclosing that the FBI had requested the information. ...

Read that carefully. Dyer stated that cloud files are not communications, even though they may allow the reconstruction of content. Here I believe Wikipedia misstates the case. Clearly, as Dyer states, keystroke files are not communications. Neither are financial records, and I've used admin subpoenas many times to obtain financial record. So, "non-content" information is a bit misleading.

Why am I going through all this? For the sake of this next step.

Recall that I keep saying that to obtain a FISA warrant the FBI needs to have a Full Investigation open. As a practical matter, that amounts to something like the criminal standard of probable cause--51/49 probability. That is not the case with NSLs. NSLs can be obtain when only a Preliminary Investigation is open. Here's what the National Security Investigation Guidelines say about Preliminary Investigations--and, no, they don't require anything like probable cause:

Initiation (U)

A field office or FBI Headquarters may initiate a preliminary investigation:

a. when there is information or an allegation indicating the existence of a circumstance described in Part II.B.l of these Guidelines, in order to determine whether the basis exists for a full investigation; or 

b. in order to identify potential assets, to determine the suitability or credibility of an individual as an asset, or to collect information to maintain the cover or credibility of an asset or employee- in connection with activities related to a threat to the national security.

If you use your imagination I think you can see how almost anyone could end up involved in a Preliminary Investigation.

Now, as to the legal standard for issuing an NSL ...

What’s the legal standard for issuing an NSL?

Under the most commonly used NSL statute, the FBI must certify that the records sought are “relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities.” While the statute does prohibit investigations “conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States,” this provides little actual protection as there is no judicial oversight of NSLs.

Mere 'relevance' is the standard, and that standard is being reviewed by a career bureaucrat who has an interest in the matter--not by a supposedly impartial judge.

Tucker Carlson is a very high profile target for the Zhou Baiden regime. The fact that NSA and presumably FISA (and the FBI) are involved suggests how high the stakes are here. At the same time, I hope you can see how NSLs may be used to target at a slightly lower level, with similar results. Just keep this in mind as the Domestic War On Terror goes forward.


  1. Tucker Carlson is a friend and correspondent of Hunter Biden.

    I wonder if the "target" in this situation is Hunter Biden, and Tucker Carlson is just the incidental person.

  2. It has always been my understanding that any data on a cloud service is subject to a NSL. Meaning it is held to a lower standard of property rights because it is not stored "on your person", meaning on your local hard drive.

    Example, photos being backed up to say google photos or texts/emails being backed up to Google drive, the data type is irrelevant to the storage process involved... That however is a simple example.

    Almost every major corporation today running for cloud and virtual servers and the software designers are shuffling them right to it. "Software licensing" is going away and everything is moving to PaaS and SaaS. (Platform/software as a service)

    I've always described cloud / virtual services as dangerous to privacy for that reason.

    The problem has become people do not think out the processes of hops involving data especially where that data is being backed up and, to be more complicated... The back up of that back up (on both sides of communication) involving P/SaaS in applications such as antivirus, MS office and 360, exchange, cellular provided data back up. Then also the back of of that data by the service provider, your isp, etc. (The possibilities of exposure become infinite)

    It's been a while since I've sat down with a knowledgeable attorney on the subject but I'm betting the rules have only given broader authority.

    1. While I didn't doubt that an NSL would work for data stored on the cloud, I hadn't given much thought to the scope of the data that might be so readily available.

  3. “The NSA collects all available data regarding all of us.”

    This should not happen, period. It’s wrong, fundamentally wrong, antithetical to our Constitution, antithetical to the American way of life.

    Our experiment is truly unique and rare in humanity’s history.

    Heinlein was correct, freedom is always snuffed out.