Skip to main content

Glossary Procedure

National security letter

Also: NSL, FBI national security letter

Origin: 18 USC § 2709 (electronic communication transactional records) and related statutes; the modern NSL framework was substantially expanded by the USA PATRIOT Act of 2001 and modified by the USA FREEDOM Act of 2015.

An administrative subpoena issued by a US federal agency — most often the FBI — compelling production of specified categories of subscriber records and electronic communications metadata in the course of a national-security or counter-intelligence investigation. The letters are issued without prior judicial review and typically carry a non-disclosure obligation.

Reviewed

A national security letter is an administrative subpoena issued by a US federal agency, most often the FBI, compelling production of specified categories of subscriber records and electronic communications metadata in the course of a national-security or counter-intelligence investigation. The instrument is statutory — principally 18 USC § 2709 for electronic communications transactional records, with parallel authorities for financial records and credit records — and operates outside the judicial-warrant framework that would otherwise govern compelled production.

The procedural distinction from a traditional subpoena is significant. The letter is issued under the recipient agency’s own authority rather than upon application to a court; the recipient is given a defined window within which to comply; and the letter typically carries a non-disclosure obligation prohibiting the recipient from acknowledging receipt or the underlying investigation to anyone other than counsel and the personnel necessary for compliance. The USA FREEDOM Act of 2015 introduced a periodic review of the non-disclosure obligation, requiring the issuing agency to assess whether the gag remains necessary; the procedural change has not produced public statistics showing a meaningful incidence of obligations being lifted.

NSLs are a US procedural creature; they have no extra-territorial reach on their own terms. A foreign operator — for instance, a Swiss-registered or Icelandic-registered hosting operator — is not under the FBI’s compulsory process. Where the FBI seeks data held by a foreign operator the lawful channel is an MLAT request to the operator’s home government. The operator may, of course, receive a voluntary-cooperation request from a US agency outside the MLAT framework; the operator’s policy on such requests is documented in the Privacy policy and the publication has set out the operator’s position in the journal articles on legal demands and warrant canaries.

A warrant canary, where one is published, is the principal public-facing signal an operator can use to communicate about receipt of NSL-class process under the non-disclosure constraint.