The table below summarizes the National Security Requests we received during the six month periods between January 1, 2010 – June 30, 2017. “National Security Requests” include National Security Letters and FISA court orders.

 National Security Requests Received User Accounts Affected
2017: Jan 1 – Jun 30 None. None.
2016: Jul 1 – Dec 31 0-249 0-249
2016: Jan 1 – Jun 30 None. None.
2015: Jul 1 – Dec 31 None. None.
2015: Jan 1 – Jun 30 None. None.
2014: Jul 1 – Dec 31 None. None.
2014: Jan 1 – Jun 30 None. None.
2013: Jul 1 – Dec 31 None. None.
2013: Jan 1 – Jun 30 1-249 5-249
2012: Jul 1 – Dec 31 2-249 9-249
2012: Jan 1 – Jun 30 None. None.
2011: Jul 1 – Dec 31 None. None.
2011: Jan 1 – Jun 30 None. None.
2010: Jul 1 – Dec 31 None. None.
2010: Jan 1 – Jun 30 2-249 2-249

We are pleased to report that we received no National Security Requests during 2011, 2014, 2015, and so far in 2017.

For other periods, we don’t think the disclosures allowed by current Justice Department rules allow us to paint a truthful picture. Reporting National Security Requests in bands of 250 obfuscates rather than clarifies the volume of National Security Requests we and other small tech companies receive. While the disclosure regime may work well for larger companies with a high volume of requests, like the ones that worked with the Justice Department to craft these rules, they do not work well for smaller companies like Automattic.

Twitter is currently suing the Justice Department to disclose full, truthful information about the number of National Security Requests they receive. We fully agree with Twitter’s position in this lawsuit and joined with other companies to file this amicus brief to support their case.

By preventing us from sharing a more precise number of requests, the current disclosure rules diminish the trust that our users place in us and our services. For now, we are disclosing the maximum amount of information allowed by law.

It is our policy to invoke the “reciprocal notice” procedure in 18 U.S.C. § 3511 for any national security letters (NSLs) served on Automattic. This process ensures that a court will review all nondisclosure restrictions issued with NSLs we may receive. If and when a nondisclosure restriction is lifted, our policy is to share the contents of the NSL with any affected users (where possible), as well as to publish a redacted version of the NSL.

In 2017, we shared some information about the process we followed to lift the nondisclosure restrictions associated with five NSLs received in previous years and provide copies of our correspondence with the government on this subject here. We hope this information will be useful to other companies who may wish to take advantage of the legal options that are currently available to challenge NSL nondisclosure orders.

Based on our correspondence with the government, we’ve developed a form reciprocal notice request here in Google Docs format. If your company has received an NSL in the past and you would like the government to review the letter’s nondisclosure requirement, this form may be useful to you.