To protect our national security, a number of government agencies are given the power to collect intelligence and enforce laws. Information must be gathered and shared among government agencies to ensure a full understanding of a potential threat, as various agencies can have different pieces of the full picture. One of the ways that governments collect personal information from individuals is through the use of National Security Letters (“NSLs”). NSLs refer to a collection of statutes that sanction certain government agencies to acquire information and simultaneously impose a secrecy obligation upon the recipient of the letter.
In Canada, besides the Prime Minister, The Minister of Public Safety and Emergency Preparedness is responsible for the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), the Royal Canadian Mounted Police (RCMP), and Public Safety Canada. The Minister of National Defense is responsible for the Communications Security Establishment (CSE), the Department of National Defense and the Canadian Armed Forces. Bill C-51(the Anti-terrorism Act, 2015) created the Security of Canada Information Sharing Act (SCISA), which established an additional authority for national security information sharing. It provides all federal government institutions with a new, explicit authority to disclose information related to an “activity that undermines the security of Canada” to certain designated federal institutions with national security responsibilities.
In the United States, four statutes permit government agencies to issue NSLs: (1) the Electronic Communication Privacy Act,(2) the Right to Financial Privacy Act, (3) the National Security Act, and the (4) Fair Credit Reporting Act.
In general, most of the NSLs permit a requesting agency to prevent an organization that receives the NSL from disclosing the fact that it received the request, or the type of information that was requested, if disclosure may result in a danger to national security, interfere with a criminal, counterterrorism, or counterintelligence investigation, interfere with diplomatic relations, or endanger the life or physical safety of a person.
Should you receive a NSL, it is recommended that you consider the following questions when deciding how to respond?
- What is your organization’s internal procedure or protocol for how to respond to a government information request, and specifically to a NSL?
- Can you independently confirm with the issuing agency that the request is authentic and that they in fact, want you to produce personal information?
- How does the statute upon which the agency relies apply to your organization?
- Will complying with the NSL conflict with any contractual, statutory, or international privacy obligations?