The bipartisan bill (H.R. 7072) seeks to limit the use of non-disclosure orders that government prosecutors often issue to prevent companies from telling their users about requests for such data made under the Stored Communications Act. These so-called gag orders are designed to protect potential crime victims and shield ongoing investigations from being compromised, though they’ve drawn criticism from digital rights advocates for concealing data requests that infringe on people’s privacy, sometimes without an end date.
“The issue here is that the government comes and gets your data, but you never find out because companies are prevented from telling you,” said Andrew Crocker, a senior staff attorney on the nonprofit Electronic Frontier Foundation’s civil liberties team. Unlike physical searches of a person or their belongings, searches of information stored digitally happens “behind closed doors,” Crocker said.
There’s not much publicly available data on the use of non-disclosure orders in this context, aside from figures published by tech companies that are typical targets of the orders. Microsoft, for example, said it received 2,400 to 3,500 secrecy orders each year between 2016 and 2021, representing at least a quarter of all the legal demands the company faced from federal law enforcement.
The bill, known as the NDO Fairness Act, would make government prosecutors demonstrate in more detail why a gag order is necessary and limit how long the orders last. The House passed the measure by voice vote June 21, teeing up consideration in the Senate.
The bill is backed by a group called the Reform Government Surveillance coalition, which represents companies including Google, Microsoft, and
Google is seeing non-disclosure orders issued for “an increasing number” of government requests for user data, according to Kent Walker, the company’s president of global affairs and chief legal officer.
“This reform will ensure that gag orders are issued only where warranted and for reasonable periods,” Walker said in a blog post on the bill.
Companies like Microsoft have challenged the secrecy orders in court, arguing they unjustly restrain free speech. Courts have typically found that, to survive legal scrutiny, the government needs to give a compelling reason why such speech must be restricted with a non-disclosure order.
In the face of legal pushback, the Justice Department issued a policy in 2017 that tightened the guidelines for secrecy orders, directing prosecutors to apply for them only when the facts of a case support their issuance. The policy also generally forbids the use of non-disclosure orders that last indefinitely.
The Justice Department’s press office didn’t immediately respond to a request for comment. A Google spokesperson declined to comment beyond its blog post. A spokesperson for Microsoft declined to comment beyond the company’s public statements supporting the bill.
Another factor propelling interest in further changes to non-disclosure orders is their recent use in Justice Department efforts to seize emails and phone records from journalists and members of Congress.
Under the House-passed NDO Fairness Act, courts would need to provide a written decision making clear why it’s necessary that the subject of a digital search shouldn’t know about it. This revision is meant to address digital rights advocates’ concerns that courts “rubber stamp” secrecy orders, especially when national security issues are cited.
The legislation would encourage judges to be “a bit more specific and rigorous” in reviewing government requests for a non-disclosure order, said Kellen Dwyer, a former Justice Department official who co-leads Alston & Bird LLP’s national security and digital crimes practice.
That “higher bar” could make a difference in some cases, though it’s still similar to the DOJ’s current stance, Dwyer said.
Writing stricter standards into the Stored Communications Act could help ensure that secrecy orders are justified, rather than letting prosecutors simply reference reasons listed in the statue like potential interference with an investigation, said Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union.
“So it has to go beyond policy,” Granick said. “There’s no teeth in the statute.”