National Security

The table below summarizes the National Security Requests we received during the six-month periods between January 1, 2010 – June 30, 2023. “National Security Requests” include National Security Letters and FISA court orders.

Six-Month Period National Security Requests ReceivedUser Accounts Affected
2023: Jan 1 – Jun 30None.None.
2022: Jul 1 – Dec 31None.None.
2022: Jan 1 – Jun 30None.None.
2021: Jul 1 – Dec 31None.None.
2021: Jan 1 – Jun 30None.None.
2020: Jul 1 – Dec 31None.None.
2020: Jan 1 – Jun 30None.None.
2019: Jul 1 – Dec 311-2491-249
2019: Jan 1 – Jun 30None.None.
2018: Jul 1 – Dec 31None.None.
2018: Jan 1 – Jun 30None.None.
2017: Jul 1 – Dec 31None.None.
2017: Jan 1 – Jun 30None.None.
2016: Jul 1 – Dec 310-2490-249
2016: Jan 1 – Jun 30None.None.
2015: Jul 1 – Dec 31None.None.
2015: Jan 1 – Jun 30None.None.
2014: Jul 1 – Dec 31None.None.
2014: Jan 1 – Jun 30None.None.
2013: Jul 1 – Dec 31None.None.
2013: Jan 1 – Jun 301-2495-249
2012: Jul 1 – Dec 312-2499-249
2012: Jan 1 – Jun 30None.None.
2011: Jul 1 – Dec 31None.None.
2011: Jan 1 – Jun 30None.None.
2010: Jul 1 – Dec 31None.None.
2010: Jan 1 – Jun 302-2492-249

We are pleased to report that we received no National Security Requests during 2011, 2014, 2015, 2017, 2018, 2020, 2021, 2022, and 2023.

For other periods, we don’t think the disclosures allowed by current Justice Department rules allow us to paint a truthful picture. Reporting National Security Requests in bands of 250 obfuscates rather than clarifies the volume of National Security Requests we and other small tech companies receive. While the disclosure regime may work well for larger companies with a high volume of requests (like the ones that worked with the Justice Department to craft these rules), they do not work well for smaller companies like Automattic.

Twitter’s (now known as X) 2014 lawsuit against the Justice Department — to disclose full, truthful information about the number of National Security Requests they received — was dismissed in 2020. However, we fully agree with their position in this lawsuit and joined with other companies to file this amicus brief to support their case.

By preventing us from sharing a more precise number of requests, the current disclosure rules diminish the trust that our users place in us and our services. For now, we are disclosing the maximum amount of information allowed by law.

It is our policy to invoke the “reciprocal notice” procedure in 18 U.S.C. § 3511 for any national security letters (NSLs) served on Automattic. This process ensures that a court will review all nondisclosure restrictions issued with NSLs we may receive. If and when a nondisclosure restriction is lifted, our policy is to share the contents of the NSL with any affected users (where possible), and publish a redacted version of the NSL.

In 2017, we shared some information about the process we followed to lift the nondisclosure restrictions associated with five NSLs received in previous years and provided copies of our correspondence with the government on this subject here. We hope this information will be useful to other companies who may wish to take advantage of the legal options that are currently available to challenge NSL nondisclosure orders.

Based on our correspondence with the U.S. government, we’ve developed a form reciprocal notice request here in Google Docs format. If your company has received an NSL in the past, and you would like the government to review the letter’s nondisclosure requirement, this form may be useful to you.