Amid Government Data Gathering, Businesses Mull Their Options - InformationWeek
06:15 PM

Amid Government Data Gathering, Businesses Mull Their Options

A Justice Department proposal that ISPs retain records for two years is just the latest in a growing list of data collection initiatives by federal agencies.

To protect the public from terrorism and other hazards, the U.S. government mines its vast databases for signs of trouble. Increasingly, the feds are requesting--even demanding--that businesses share their data, too. But such cooperation isn't cheap or easy, and several industries are pushing back to protect their customers' privacy.

Not long after forcing Internet companies to submit search terms, search result URLs, and other information as part of its enforcement of the Child Online Protection Act, the Justice Department is going a step further. Attorney General Alberto Gonzales is now asking the likes of Google, AOL, and Verizon to keep subscriber information and other customer data for at least two years, just in case the government needs it for criminal investigations. Currently, Internet companies are under no obligation to save that data at all.

Attorney General Gonzales wants Internet companies to keep customer data--just in case

Attorney General Gonzales wants Internet companies to keep customer data--just in case

Photo by Joshua Roberts/Reuters
People want the government to have the data needed to fight crime and terrorism; it's the potential misuse of personally identifiable data--names, addresses, Social Security numbers, Web search histories--that is deeply worrisome.

Just last week, the European Court of Justice ruled that an airline passenger data-sharing agreement between the European Commission and the Department of Homeland Security's Customs and Border Protection division violates European privacy law. The arrangement was crafted in 2004 to keep out terrorists. The two sides have four months to rethink the terms of how data gets shared, at the risk of disrupting trans-Atlantic travel if they don't (see story, "Illegal EU Data-Sharing Deal With The U.S. Shows Transparency Not Always Enough").

These are only the latest examples of federal harvesting of company data. The National Security Agency is reportedly building a massive database of phone call records provided by AT&T and other telecom companies. Trucking companies share electronic manifests as their rigs cross into the United States, an information exchange that will become mandatory later this year. Financial firms report suspicious transactions. Subpoenas are used to get data from individual companies.

The feds have been mostly successful in getting businesses to cooperate. Following the 9/11 terrorist attacks, the government looked to transportation companies, especially airlines, to hand over information that can be used to match passengers and transportation workers with names on terrorist watch lists. However, while they initially complied with Homeland Security projects such as the Computer Assisted Passenger Pre-Screening System and Secure Flight, some airlines have said they're uneasy with the government's ability to safeguard their data from loss or misuse.

Privacy advocates worry about the volume of data being collected (millions of records and many terabytes of data), the length of time it's stored, and the level of detail. Under the existing agreement, participating European airlines provide Customs and Border Protection with up to 34 bits of information on each passenger, ranging from name and method of payment to meal requests. Homeland Security can keep the data up to 3-1/2 years. Those terms are now subject to renegotiation before the Sept. 30 deadline set by the EC court.

Yet even as one data-sharing arrangement comes under scrutiny, another arises. The U.S. Centers for Disease Control and Prevention has requested that international airlines store passenger emergency contact information for six months in the event of a bird flu outbreak. "This requires still more manpower and more costs," says David Henderson, manager of information for the Association of European Airlines.

Subpoena Power

Government requests for data come in the form of a subpoena or a "national security letter." A subpoena must be approved by a judge and can be fought in court if it's too vague or burdensome to a business, as Google did earlier this year. A national security letter is a special type of subpoena issued by the FBI without the need for a judge's signature, entitling the FBI to bank, insurance, phone, ISP, and credit report records (but not medical records). Unlike a subpoena, a company receiving a national security letter cannot discuss the fact that it has received one.

1 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll