Secret subpoenas issued by the FBI for personal data go far deeper than previously known, according to new documents obtained by the Electronic Frontier Foundation through a Freedom of Information Act (FOIA) lawsuit, according to the New York Times.
The agency says the sweeping requests are crucial to counterterrorism efforts - however the new records reveal that the FBI requests go far beyond Silicon Valley; "encompassing scores of banks, credit agencies, cellphone carriers and even universities," according to the report.
The demands can scoop up a variety of information, including usernames, locations, IP addresses and records of purchases. They don’t require a judge’s approval and usually come with a gag order, leaving them shrouded in secrecy. Fewer than 20 entities, most of them tech companies, have ever revealed that they’ve received the subpoenas, known as national security letters. -New York Times
"This is a pretty potent authority for the government," said University of Texas law professor, Stephen Vladeck. "The question is: Do we have a right to know when the government is collecting information on us?"
According to the documents - which contain information covering about 750 of the subpoenas "representing a small but telling fraction of the half-million issued since 2001" - credit agencies Experian, TransUnion and Equifax received a large number of national security letters. Also included were Western Union and the Federal Reserve Bank of New York.
Equifax, Experian and AT&T received the most termination letters: more than 50 each. TransUnion, T-Mobile and Verizon each received more than 40. Yahoo, Google and Microsoft got more than 20 apiece. Over 60 companies received just one. -NYT
Aside from these new names - we've long known about tech companies receiving national security letters, including Verizon, AT&T, Google and Facebook "which have acknowledged receiving the letters in the past" per the Times.
The Federal Bureau of Investigation determined that information on the roughly 750 letters could be disclosed under a 2015 law, the USA Freedom Act, that requires the government to review the secrecy orders “at appropriate intervals.”
The Justice Department’s interpretation of those instructions has left many letters secret indefinitely. Department guidelines say the gag orders must be evaluated three years after an investigation starts and also when an investigation is closed. But a federal judge noted “several large loopholes,” suggesting that “a large swath” of gag orders might never be reviewed.
According to the new documents, the F.B.I. evaluated 11,874 orders between early 2016, when the rules went into effect, and September 2017, when the Electronic Frontier Foundation, a digital rights group, requested the information. -New York Times
"We are not sure the F.B.I. is taking its obligations under USA Freedom seriously," said EFF lawyer Andrew Crocker. "There still is a huge problem with permanent gag orders."
National Security letters have been the subject of controversy for decades. Issued since the 1980s, the agency is required to show "specific and articulable facts" that the target of such letters was an agent of a foreign power. That criterion has since been eroded to a target simple needing to be "relevant" to a terrorism, counterterrorism or a leak investigation.
"NSLs are an indispensable investigative tool," said the DOJ while replying to the FOIA case - adding that information contained in the letters both helps identify criminals while clearing the innocent of suspicion.