Subscribe To Our Daily Enewsletter:

FBI Non-Disclosure Agreements (NDAs): Implications for Service Providers

Background: The Federal Bureau of Investigation (FBI) often uses National Security Letters (NSL) containing non-disclosure agreements (NDAs). The NDAs prohibit service providers from telling their customers about government requests for their data. Two service providers, CloudFlare and Credo Mobile, challenged the letters in court. But so far, courts have ruled in favor of the FBI. In the blog below, Nixon Peabody’s Eric M. Ferrante explains a recent court ruling involving the FBI’s use of NSLs — and the implications for service providers. — Joe Panettieri, editor, MSSP Alert


Author: Nixon Peabody’s Eric Ferrante

In July, The United States Court of Appeals for the Ninth Circuit rejected a constitutional challenge to the Federal Bureau of Investigation’s (FBI) use of National Security Letters (NSL) that prohibit service providers that receive such letters from telling their customers about government requests for their data. The court held that nondisclosure requirements in NSLs, although content-based restrictions on speech, do not violate the First Amendment.

An NSL is “an administrative subpoena issued by the FBI to a wire or electronic communication service provider requiring the provider to produce specified subscriber information that is relevant to an authorized national security investigation.” 18 U.S.C. § 2709(a) (hereinafter, the “NSL Law”).

By statute, an NSL may include a requirement that the recipient not disclose the fact that it has received such a request if the FBI Director or his designee certifies that disclosure may result in one of four enumerated harms: (i) a danger to the national security of the United States; (ii) interference with a criminal counterterrorism, or counterintelligence investigation; (iii) interference with diplomatic relations; or (iv) danger to the life or physical safety of any person.

Service Providers Question FBI NSLs

In 2011, 2012 and 2013, cloud-based hosting service CloudFlare and telephone service provider Credo Mobile received several NSLs containing nondisclosure requirements. The companies challenged the letters’ nondisclosure requirements in the Northern District of California, where the requirements were upheld.

On appeal to the Ninth Circuit, the companies conceded that the law served a compelling state interest, but argued it was not narrowly tailored and failed to provide the procedural safeguards required when the government attempts to prospectively restrict speech based on its content. The Ninth Circuit rejected both arguments.

  • First, the Ninth Circuit held the nondisclosure requirement in 18 U.S.C. § 2709(c) is a content-based restriction on speech that is subject to strict scrutiny, and that the nondisclosure requirement withstands such scrutiny.
  • Further, the court held the law was narrowly tailored because it applied to one specific type of speech and nondisclosure could only be ordered if a high ranking government official certified that one of four specific types of harms may result from disclosure.
  • Finally, the court held the law provided the necessary safeguards required of content-based restrictions of speech as it gave the party subject to the nondisclosure requirement the ability to obtain judicial review and required the FBI to re-evaluate the necessity of nondisclosure at specified times.

Thus, the Ninth Circuit affirmed the lower court’s ruling, and, for the time being, the FBI may continue to require recipients of NSLs to not disclose the existence of the letter and the sharing of customer information with federal investigators.

Eric Ferrante is an associate in Nixon Peabody’s Commercial Litigation group, where he represents public and private companies in commercial litigation matters. Read more Nixon Peabody blogs here.

Return Home

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *