Amid Government Data Gathering, Businesses Mull Their Options
A Justice Department proposal that ISPs retain records for two years is just the latest in a growing list of data collection initiatives by federal agencies.
The FBI appears to be liberal in its use of national security letters. The Washington Post reported last year that the government issues 30,000 such letters annually. A Justice Department spokesman said that's inaccurate but declined to provide a better estimate. The Justice Department doesn't track the number of subpoenas issued by its own agencies or by the 94 U.S. attorneys' offices.
Nor does Justice monitor the costs those subpoenas impose on recipients, which can be considerable. At AOL, a dozen employees handle about 12,000 law enforcement requests a year, a spokesman says. About one in five of those requests results in some form of information sharing.
Meantime, the ground rules are changing. Presaging the U.S. push for mandated electronic archives from ISPs, the European Parliament and Council in December approved rules that require telecom companies to retain phone and Internet records for two years for anti-terror investigations. Microsoft, in a statement, says it's reviewing its internal data-retention policies "in light of European Union data-retention regulations."
Who Gets What
Customs and Border Protection
Manifests for trucks entering U.S.
Passenger names and records
Web search terms, URLs, other records
ISPs, software security
National Security Agency
Phone call records
Suspicious Activity Reports
TSA Passenger data and itineraries
Federal subpoenas issued to individual companies
Federal purchases of data from database marketers
Businesses sometimes resist government requests for archived data and other information. Google did and, following a court ruling, ended up providing less data than the Justice Department originally requested. "What the ruling means is that neither the government nor anyone else has carte blanche when demanding data from Internet companies," Google associate general counsel Nicole Wong writes on the company blog.
Brett Glass, owner of Lariat.net, a small ISP in Laramie, Wyo., says his company has never been asked for customer data and would put up a fight if it were. "If the federal government--be it Congress, the FCC, or an executive branch agency--were to mandate that we supply it, we'd consider filing suit or joining a suit to void such a request," he says. "We owe it to our users."
For companies that do share data, there can be technical challenges, especially if they don't have a central data warehouse, consultant Richard Winter says. Government agencies might seek records scattered across IT systems that are difficult to pull together. Many companies have a hard enough time sifting disparate data for their own use, Winters notes.
Data sharing is a touchy subject. EarthLink, Microsoft, and Visa declined to discuss it. Google admits to receiving government subpoenas, but it won't say how many.
Disarray And Distrust
Homeland Security's agreement with the EC is spelled out far better than its Secure Flight program. The Transportation Security Administration admitted in October that Secure Flight's plan to integrate real-time transactional data, such as passengers with boarding passes, with other information, such as terrorist watch lists, would be difficult to implement without major upgrades to airline IT systems.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.