By Jennifer Valentino-DeVries
The F.B.I. has used secret subpoenas to obtain personal data from far more companies than previously disclosed, newly released documents show.
The requests, which the F.B.I. says are critical to its counterterrorism efforts, have raised privacy concerns for years but have been associated mainly with tech companies. Now, records show how far beyond Silicon Valley the practice extends — encompassing scores of banks, credit agencies, cellphone carriers and even universities.
The demands can scoop up a variety of information, including usernames, locations, IP addresses and records of purchases. They don’t require a judge’s approval and usually come with a gag order, leaving them shrouded in secrecy. Fewer than 20 entities, most of them tech companies, have ever revealed that they’ve received the subpoenas, known as national security letters.
The documents, obtained by the Electronic Frontier Foundation through a Freedom of Information Act lawsuit and shared with The New York Times, shed light on the scope of the demands — more than 120 companies and other entities were included in the filing — and raise questions about the effectiveness of a 2015 law that was intended to increase transparency around them.
“This is a pretty potent authority for the government,” said Stephen Vladeck, a law professor at the University of Texas who specializes in national security. “The question is: Do we have a right to know when the government is collecting information on us?”
The documents provide information on about 750 of the subpoenas — representing a small but telling fraction of the half-million issued since 2001, when the Patriot Act expanded their powers.
The credit agencies Equifax, Experian and TransUnion received a large number of the letters in the filing. So did financial institutions like Bank of America, Western Union and even the Federal Reserve Bank of New York. All declined to explain how they handle the letters. An array of other entities received smaller numbers of requests — including Kansas State University and the University of Alabama at Birmingham, probably because of their role in providing internet service.
Other companies included major cellular providers such as AT&T and Verizon, as well as tech giants like Google and Facebook, which have acknowledged receiving the letters in the past