Back in 2013, a federal judge ruled that the FBI couldn't force ISPs to hand over a users' private data without the suspect being informed first. Now, however, a change in the law means that's no longer the case. Thanks to a federal appeals court ruling on Monday, ISPs, financial institutions and phone carriers are now completely prohibited from informing a user if the FBI is investigating them. Under the new 'gag' ruling, the FBI can still issue a National Security Letter (or NSL) without immediately notifying their target, but must instead review the need for an NSL three years after the letter was sent. On top of that, the FBI must also completely terminate their prying into the user's online activities once the national security investigation in question has concluded.
This means that the bureau's intended targets can no longer challenge the investigation, as they won't be aware that they're under scrutiny for at least three years. Thanks to the recent court case, we now also know what an NSL actually allows the FBI to do. National Security investigations give the Bureau access to a complete record of a suspect's online purchases as well as the IP addresses of everyone that they have corresponded with.
With an NSL not requiring a judge's signature, this largely leaves the FBI free to investigate who they please. Unsurprisingly, many see this new ruling as a breach of the first amendment. Digital rights group, the Electronic Frontier Foundation (EFF) was behind the successful challenge of the act in 2013, previously winning ISPs and other companies the right to inform the FBI's targets.
Now, the EFF is exploring its options about appealing the courts latest ruling. "Our position, in general, is when an ISP gets an NSL, they should tell the user so that they can contest that request," reaffirms Andrew Crocker to Ars Technica, a staff attorney with the Electronic Frontier Foundation.
Thankfully, the EFF has setup a website that shows when a company has been forced to comply with the FBI. Canary Watch tracks the status of statements on sites which say that the company hasn't received national security requests. Once those statements disappear, Canary Watch will update its database, reflecting that the site in question has received a request without breaking any laws. While this won't help inform the individuals who are under investigation, it's currently the best shot that the public has of knowing which sites the FBI is interfering with.
Given the government's previous comments on Americans' right to internet use, however, none of this should really come as much of a surprise.