Filed Date: March 14, 2013
Case Ongoing
Clearinghouse coding complete
For the complete Civil Rights Litigation Clearinghouse collection of FISA Matters, see our special collection.
This Clearinghouse entry describes litigation between the government and the internet infrastructure company Cloudflare about National Security Letters. For a similar case involving phone company CREDO Mobile, see here (the "prior case").
This case involves a dispute over administrative subpoenas known as National Security Letters (NSLs). In 1986, Congress empowered the FBI to issue NSLs as part of authorized investigations to protect against international terrorism and clandestine intelligence activities. NSLs are directed to electronic communications service providers in order to obtain specified limited information; they are not used to obtain the content of communications. Because of national security interests, the NSL statute imposes a nondisclosure obligation on the NSL recipient. In 2006, Congress revised the nondisclosure provisions in order to avoid unnecessary disclosure restrictions: the nondisclosure requirement no longer applied automatically, and Congress provided a specific statutory mechanism for judicial review of a nondisclosure requirement itself, separate from review of the NSL. But on March 14, 2013, Judge Susan Illston of the U.S. District Court for the Northern District of California declared the nondisclosure provisions unconstitutional on First Amendment grounds in the prior case.
Around the same time, Cloudflare received two NSLs issued by the government under 18 U.S.C. § 2709. On March 14, 2013, it filed this petition under 18 U.S.C. § 3511 to disclose and set aside the NSLs in the U.S. District Court for the Northern District of California. The Electronic Frontier Foundation represented Cloudflare, and the case was assigned to Judge Illston. For the first three years of litigation, Cloudflare remained under a nondisclosure order and, as a result, it could not reveal its identity. Many documents in this case were partially or fully sealed; for example, we do not have access to a docket.
Although Judge Illston had found §§ 2709 and 3511 unconstitutional in the prior case, she declined to enjoin enforcement of the NSLs in this case because an appeal in the prior case was pending before the Ninth Circuit Court of Appeals. Instead, she reviewed Cloudflare's NSLs and determined that the government had produced enough evidence to justify enforcing the NSL on August 12, 2013. Cloudflare appealed, and the Ninth Circuit consolidated its appeal with the appeal pending in the prior case.
On December 9, 2013, the Ninth Circuit denied Cloudflare's motion to stay the district court's August 12 decision pending appeal.
While the Ninth Circuit considered these appeals, Congress passed the USA FREEDOM Act on June 2, 2015. This new law replaced the USA PATRIOT Act, which had expired the previous day. The new law was intended to remove the constitutional concerns surrounding NSL nondisclosure orders and provided an avenue for judicial review of the orders. With this in mind, the Ninth Circuit remanded the case to the district court.
On remand, the district court found, through confidential in camera briefings, that the government had met its burden to justify nondisclosure of the NSLs in this case. In the same March 29, 2016 opinion, the district court also found the revised nondisclosure requirements constitutional. The court reasoned that the revised § 2709 allowed NSL recipients to require the government to seek judicial review of nondisclosure requirements, and the revised § 3511 required courts to "rule expeditiously" when reviewing NSL nondisclosure requirements. Moreover, the government would bear the burden of proof in the subsequent proceedings and had to provide specific facts to support a claim that disclosure could cause harm. Finally, the new § 3511 allowed the FBI and courts to authorize limited disclosures, which showed that the statute was narrowly tailored. Cloudflare appealed.
While the appeal was pending, the FBI updated the NSLs' nondisclosure requirements. As a result, Cloudflare could disclose its identity. (Cloudflare could not, however, disclose the information it provided to the FBI.)
In an opinion issued on July 17, 2017, Judge Sandra S. Ikuta, joined by Judges N. Randy Smith and Mary H. Murguia, found that the revised versions of § 2709 and § 3511 were constitutional. She determined that, since nondisclosure censored speech based on content, the statute was subject to strict scrutiny. So, while national security was a concern "of the highest order," any restriction on disclosure had to be narrowly tailored for that purpose. Here, she found that the restrictions on disclosure were narrowly tailored because they granted national security officials a range of disclosure options, courts could re-tailor restrictions, and nondisclosure requirements were not indefinite. She also noted that the procedural safeguards in the judicial review process, in which the government bore the burden of proof, were enough for § 2709 not to constitute an unlawful prior restraint of speech. 863 F.3d 1110.
On May 11, 2022, the Ninth Circuit issued an amended version of its July 17, 2017 opinion that made two minor changes and added a concurrence. 33 F.4th 1058. The court also declined to rehear the case en banc.
The Clearinghouse does not know whether Cloudflare continues to challenge any remaining aspects of the NSLs.
Summary Authors
Jessica Kincaid (2/8/2015)
Ellen Aldin (6/16/2020)
Timothy Leake (3/9/2021)
Ted Molina (11/10/2024)
In re National Security Letter (3 cases), Northern District of California (2011)
Ard, B.J. (Connecticut)
Baranetsky, D. Victoria (Virginia)
Bloch-Wehba, Hannah (Connecticut)
Borg, Jennifer (New Jersey)
Brandi, Dianne (New York)
Bressler, Steven Y. (District of Columbia)
Cole, James M. (District of Columbia)
Delery, Stuart F. (District of Columbia)
Letter, Douglas (District of Columbia)
Levy, Jonathan H. (District of Columbia)
McIntosh, Scott R. (District of Columbia)
Mizer, Benjamin C. (District of Columbia)
Baranetsky, D. Victoria (Virginia)
Bloch-Wehba, Hannah (Connecticut)
Chadwick, James M. (California)
Kennedy, John B. (District of Columbia)
Kirby, Kathleen (District of Columbia)
Koonce, Lacy H. III (New York)
Lewis, Greg (District of Columbia)
Malone, Phillip R. (California)
Matteo-Boehm, Rachel (California)
Miller, Eric David (Washington)
Morgan-Prager, Karole (California)
Rotenberg, Marc (District of Columbia)
Scheer, Peter E. (District of Columbia)
Steinman, Linda Jane (New York)
Last updated April 22, 2024, 3:05 a.m.
Docket sheet not available via the Clearinghouse.State / Territory: California
Case Type(s):
Special Collection(s):
Foreign Intelligence Surveillance Act -- All Matters
Foreign Intelligence Surveillance Act -- Telephony Metadata
Foreign Intelligence Surveillance Act—Internet Metadata
Key Dates
Filing Date: March 14, 2013
Case Ongoing: Yes
Plaintiffs
Plaintiff Description:
Telecommunication company that received National Security Letters from the FBI, later revealed to be Cloudflare
Plaintiff Type(s):
Public Interest Lawyer: Yes
Filed Pro Se: No
Class Action Sought: No
Class Action Outcome: Not sought
Defendants
Federal Bureau of Investigation, Federal
Defendant Type(s):
Case Details
Constitutional Clause(s):
Special Case Type(s):
Warrant or subpoena application
Available Documents:
Outcome
Prevailing Party: Plaintiff
Source of Relief:
Issues
General/Misc.: