"National security letters" have been in the news a lot lately.
Since last year, Microsoft, Facebook, Yahoo, Adobe, Twitter, Cloudflare, and most recently Apple have all disclosed that they have received at least one of these highly secretive letters, known as NSLs, in the past few years. Up until recently these companies were prevented from disclosing them to anyone.
While these letters, issued by the FBI, have been called a "very important tool" for national security investigations, they're controversial among the tech and telecom industry.
Here's everything you need to know about NSLs -- and why you should care.
What is an NSL?
An NSL is a request for information for a national security investigation. Almost any individual or company can be served an NSL, such as a tech company or phone provider, a credit reporting agency and other financial institutions, travel agencies, and even libraries.
NSLs are almost exclusively served in secret alongside an indefinite gag order, which prevents anyone from disclosing the contents of the letter to anyone. That means with the exception of someone who is necessary for carrying out the request, nobody else in your company, your family, or even your spouse can know about the very existence of a letter.
What kind of data can NSLs force companies to turn over?
The FBI can compel companies and individuals to turn over vast sums of personal data without a warrant, including every record associated with a customer's account, such as the time and place of a phone call or email -- but not the contents of those calls or emails.
That can still amount to a lot of information, or so-called metadata, such as the IP addresses of everyone a person has corresponded with, online purchase information, email records, and also cell-site location information, among other data, according to a 2015 letter that was released following a decade-old court battle.
Under what authority are NSLs served?
NSLs are served as part of FBI investigations to "protect against international terrorism or clandestine intelligence activities."
Several laws authorize the FBI (and other agencies, in rare circumstances) to issue NSLs, but the Patriot Act, signed into law in 2001 after the Sept. 11 terror attacks, greatly expanded their powers, after which the number of letters issued by the FBI spiked.
Since then, government watchdogs have found several cases where the FBI abused its NSL powers.
ZDNet revealed in 2014 how some of these requests are served. In many cases, serving an NSL involves federal agents showing up at a company's offices with the letter. According to a New Yorker profile, Internet Archive founder Brewster Kahle was served an NSL in 2007, and was told by his lawyers: "Lock the doors, you'll be the only person who hears about this."
"They said that, according to the law, you have to give them the information they want, and you can only talk to people such that you can fulfill this request. Other than that, there's nothing else you can do, and then you can't ever mention it to anybody, ever," said Kahle.
Are NSL gag orders ever lifted? Who can lift them?
NSLs and their gag orders are typically indefinite, but there have been several legal cases, brought by privacy and rights groups, in which the FBI withdrew demands for data with an NSL.
Now, thanks to a change in the law following the Snowden disclosures, the Freedom Act has tightened the rules for issuing NSLs, and it compels the FBI to periodically review the gag orders. This is what led to a slew of historical letters becoming public for the first time -- albeit some three years after the law was first passed.
What makes NSLs so controversial?
NSLs are controversial because they're kept secret for an indefinite amount of time and do not require a judge's approval.
As the Electronic Frontier Foundation said, these letters allow the FBI "to secretly demand data about ordinary American citizens' private communications and Internet activity without any meaningful oversight or prior judicial review."
But surely gag orders affect constitutional rights to freedom of speech?
The constitutionality of NSLs is a hotly debated subject. For the most part, those opposed to NSLs argue that the gag orders are an unconstitutional infringement of the First Amendment's right to free speech.
In 2013, a federal district court judge in San Francisco, Calif., ruled that NSL gag provisions violated the Constitution and ordered the FBI to cease enforcing gag orders on all cases. But the feds appealed the decision, and the current legal standing, as amended by the USA Freedom Act, reaffirms NSLs as constitutional, gag orders included.
What happens if a company breaks the gag order?
The penalty for violating a gag order can lead to a five-year prison sentence, which was added to the reauthorization of the Patriot Act in 2006. The government has long argued that gag orders are necessary to prevent a suspect in a national security case from destroying evidence, or fleeing.
Can companies fight NSLs?
In most cases, yes. The NSL statute was amended a decade ago to allow NSL recipients to petition a federal district court to revise or throw out the NSL's request for records and the accompanying gag order.
In 2014, Microsoft successfully challenged an NSL it received in regard to one of its enterprise customers. Microsoft's general counsel argued that the NSL's gag order violated the company's right to free expression by "hindering our practice of notifying enterprise customers when we receive legal orders related to their data." The FBI withdrew its NSL after Microsoft's challenge in a Seattle federal court.
And, how many NSLs are issued each year?
Per the latest transparency report by the Office of the Director of National Intelligence, the number of NSLs is decreasing year over year.
In 2016, the FBI issued 12,150 NSLs, a decline of five percent from the year prior. That's compared to the number of letters issued in 2004, peaking at 56,507 letters, or over 150 letters every day.
ZDNet's Natalie Gagliordi and Charlie Osborne contributed to this report.