Filed Date: March 14, 2013
Clearinghouse coding complete
For the complete Civil Rights Litigation Clearinghouse collection of FISA Matters, see our special collection.
This Clearinghouse entry describes litigation between the government and the internet infrastructure company Cloudflare about National Security Letters. For a similar case involving phone company CREDO Mobile, see here (the "prior case").
Around the same time, Cloudflare received two NSLs issued by the government under 18 U.S.C. § 2709. On March 14, 2013, it filed this petition under 18 U.S.C. § 3511 to disclose and set aside the NSLs in the U.S. District Court for the Northern District of California. The Electronic Frontier Foundation represented Cloudflare, and the case was assigned to Judge Illston. For the first three years of litigation, Cloudflare remained under a nondisclosure order and, as a result, it could not reveal its identity. Many documents in this case were partially or fully sealed; for example, we do not have access to a docket.
Although Judge Illston had found §§ 2709 and 3511 unconstitutional in the prior case, she declined to enjoin enforcement of the NSLs in this case because an appeal in the prior case was pending before the Ninth Circuit Court of Appeals. Instead, she reviewed Cloudflare's NSLs and determined that the government had produced enough evidence to justify enforcing the NSL on August 12, 2013. Cloudflare appealed, and the Ninth Circuit consolidated its appeal with the appeal pending in the prior case.
On December 9, 2013, the Ninth Circuit denied Cloudflare's motion to stay the district court's August 12 decision pending appeal.
While the Ninth Circuit considered these appeals, Congress passed the USA FREEDOM Act on June 2, 2015. This new law replaced the USA PATRIOT Act, which had expired the previous day. The new law was intended to remove the constitutional concerns surrounding NSL nondisclosure orders and provided an avenue for judicial review of the orders. With this in mind, the Ninth Circuit remanded the case to the district court.
On remand, the district court found, through confidential in camera briefings, that the government had met its burden to justify nondisclosure of the NSLs in this case. In the same March 29, 2016 opinion, the district court also found the revised nondisclosure requirements constitutional. The court reasoned that the revised § 2709 allowed NSL recipients to require the government to seek judicial review of nondisclosure requirements, and the revised § 3511 required courts to "rule expeditiously" when reviewing NSL nondisclosure requirements. Moreover, the government would bear the burden of proof in the subsequent proceedings and had to provide specific facts to support a claim that disclosure could cause harm. Finally, the new § 3511 allowed the FBI and courts to authorize limited disclosures, which showed that the statute was narrowly tailored. Cloudflare appealed.
While the appeal was pending, the FBI updated the NSLs' nondisclosure requirements. As a result, Cloudflare could disclose its identity. (Cloudflare could not, however, disclose the information it provided to the FBI.)
In an opinion issued on July 17, 2017, Judge Sandra S. Ikuta, joined by Judges N. Randy Smith and Mary H. Murguia, found that the revised versions of § 2709 and § 3511 were constitutional. She determined that, since nondisclosure censored speech based on content, the statute was subject to strict scrutiny. So, while national security was a concern "of the highest order," any restriction on disclosure had to be narrowly tailored for that purpose. Here, she found that the restrictions on disclosure were narrowly tailored because they granted national security officials a range of disclosure options, courts could re-tailor restrictions, and nondisclosure requirements were not indefinite. She also noted that the procedural safeguards in the judicial review process, in which the government bore the burden of proof, were enough for § 2709 not to constitute an unlawful prior restraint of speech. 863 F.3d 1110.
The Clearinghouse does not know whether Cloudflare continues to challenge any remaining aspects of the NSLs.
Jessica Kincaid (2/8/2015)
Ellen Aldin (6/16/2020)
Timothy Leake (3/9/2021)
Ard, B.J. (Connecticut)
Baranetsky, D. Victoria (Virginia)
Bloch-Wehba, Hannah (Connecticut)
Borg, Jennifer (New Jersey)
Brandi, Dianne (New York)
Bybee, Jay S. (Nevada)
Callahan, Consuelo Maria (California)
Christen, Morgan (Alaska)
Hurwitz, Andrew David (Arizona)
Ikuta, Sandra Segal (California)
Illston, Susan Yvonne (California)
Leavy, Edward (Oregon)
Murguia, Mary Helen (Arizona)
Silverman, Barry G. (Arizona)
Smith, Norman Randy (Idaho)
Last updated June 28, 2023, 3:09 a.m.Docket sheet not available via the Clearinghouse.
State / Territory: California
Filing Date: March 14, 2013
Case Ongoing: No reason to think so
Telecommunication company that received National Security Letters from the FBI, later revealed to be Cloudflare
Public Interest Lawyer: Yes
Filed Pro Se: No
Class Action Sought: No
Class Action Outcome: Not sought
Special Case Type(s):
Prevailing Party: Plaintiff
Source of Relief: