News
News
6/2/2006
06:15 PM
Connect Directly
RSS
E-Mail
50%
50%

Amid Government Data Gathering, Businesses Mull Their Options

A Justice Department proposal that ISPs retain records for two years is just the latest in a growing list of data collection initiatives by federal agencies.

The FBI appears to be liberal in its use of national security letters. The Washington Post reported last year that the government issues 30,000 such letters annually. A Justice Department spokesman said that's inaccurate but declined to provide a better estimate. The Justice Department doesn't track the number of subpoenas issued by its own agencies or by the 94 U.S. attorneys' offices.

Nor does Justice monitor the costs those subpoenas impose on recipients, which can be considerable. At AOL, a dozen employees handle about 12,000 law enforcement requests a year, a spokesman says. About one in five of those requests results in some form of information sharing.

Meantime, the ground rules are changing. Presaging the U.S. push for mandated electronic archives from ISPs, the European Parliament and Council in December approved rules that require telecom companies to retain phone and Internet records for two years for anti-terror investigations. Microsoft, in a statement, says it's reviewing its internal data-retention policies "in light of European Union data-retention regulations."

Who Gets What
 
Agency
Data
Industry
  Customs and Border Protection
Manifests for trucks entering U.S.
Trucking
  Homeland Security
Passenger names and records
Airline
  Justice Department
Web search terms, URLs, other records
ISPs, software security
  NASA
Passenger data
Airline
  National Security Agency
Phone call records
Telcos
  Treasury Department
Suspicious Activity Reports
Financial
  TSA
TSA Passenger data and itineraries
Airline
  Plus:
Federal subpoenas issued to individual companies
Federal purchases of data from database marketers
Businesses sometimes resist government requests for archived data and other information. Google did and, following a court ruling, ended up providing less data than the Justice Department originally requested. "What the ruling means is that neither the government nor anyone else has carte blanche when demanding data from Internet companies," Google associate general counsel Nicole Wong writes on the company blog.

Brett Glass, owner of Lariat.net, a small ISP in Laramie, Wyo., says his company has never been asked for customer data and would put up a fight if it were. "If the federal government--be it Congress, the FCC, or an executive branch agency--were to mandate that we supply it, we'd consider filing suit or joining a suit to void such a request," he says. "We owe it to our users."

For companies that do share data, there can be technical challenges, especially if they don't have a central data warehouse, consultant Richard Winter says. Government agencies might seek records scattered across IT systems that are difficult to pull together. Many companies have a hard enough time sifting disparate data for their own use, Winters notes.

Data sharing is a touchy subject. EarthLink, Microsoft, and Visa declined to discuss it. Google admits to receiving government subpoenas, but it won't say how many.

Disarray And Distrust

Homeland Security's agreement with the EC is spelled out far better than its Secure Flight program. The Transportation Security Administration admitted in October that Secure Flight's plan to integrate real-time transactional data, such as passengers with boarding passes, with other information, such as terrorist watch lists, would be difficult to implement without major upgrades to airline IT systems.

Some airlines have been publicly chastised for not doing more to protect customer privacy. JetBlue drew criticism when it was revealed in 2003 that it allowed Acxiom, acting as a contractor, to transfer 5 million records for more than 1.5 million passengers to Torch Concepts, which was developing a data mining tool to analyze the characteristics of people seeking access to military installations. JetBlue had agreed to participate after a written request from the TSA. JetBlue CEO David Neeleman later acknowledged that the data transfer was a violation of his company's privacy policy.

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.