06:15 PM
Connect Directly
Repost This

Amid Government Data Gathering, Businesses Mull Their Options

A Justice Department proposal that ISPs retain records for two years is just the latest in a growing list of data collection initiatives by federal agencies.

The FBI appears to be liberal in its use of national security letters. The Washington Post reported last year that the government issues 30,000 such letters annually. A Justice Department spokesman said that's inaccurate but declined to provide a better estimate. The Justice Department doesn't track the number of subpoenas issued by its own agencies or by the 94 U.S. attorneys' offices.

Nor does Justice monitor the costs those subpoenas impose on recipients, which can be considerable. At AOL, a dozen employees handle about 12,000 law enforcement requests a year, a spokesman says. About one in five of those requests results in some form of information sharing.

Meantime, the ground rules are changing. Presaging the U.S. push for mandated electronic archives from ISPs, the European Parliament and Council in December approved rules that require telecom companies to retain phone and Internet records for two years for anti-terror investigations. Microsoft, in a statement, says it's reviewing its internal data-retention policies "in light of European Union data-retention regulations."

Who Gets What
  Customs and Border Protection
Manifests for trucks entering U.S.
  Homeland Security
Passenger names and records
  Justice Department
Web search terms, URLs, other records
ISPs, software security
Passenger data
  National Security Agency
Phone call records
  Treasury Department
Suspicious Activity Reports
TSA Passenger data and itineraries
Federal subpoenas issued to individual companies
Federal purchases of data from database marketers
Businesses sometimes resist government requests for archived data and other information. Google did and, following a court ruling, ended up providing less data than the Justice Department originally requested. "What the ruling means is that neither the government nor anyone else has carte blanche when demanding data from Internet companies," Google associate general counsel Nicole Wong writes on the company blog.

Brett Glass, owner of, a small ISP in Laramie, Wyo., says his company has never been asked for customer data and would put up a fight if it were. "If the federal government--be it Congress, the FCC, or an executive branch agency--were to mandate that we supply it, we'd consider filing suit or joining a suit to void such a request," he says. "We owe it to our users."

For companies that do share data, there can be technical challenges, especially if they don't have a central data warehouse, consultant Richard Winter says. Government agencies might seek records scattered across IT systems that are difficult to pull together. Many companies have a hard enough time sifting disparate data for their own use, Winters notes.

Data sharing is a touchy subject. EarthLink, Microsoft, and Visa declined to discuss it. Google admits to receiving government subpoenas, but it won't say how many.

Disarray And Distrust

Homeland Security's agreement with the EC is spelled out far better than its Secure Flight program. The Transportation Security Administration admitted in October that Secure Flight's plan to integrate real-time transactional data, such as passengers with boarding passes, with other information, such as terrorist watch lists, would be difficult to implement without major upgrades to airline IT systems.

Some airlines have been publicly chastised for not doing more to protect customer privacy. JetBlue drew criticism when it was revealed in 2003 that it allowed Acxiom, acting as a contractor, to transfer 5 million records for more than 1.5 million passengers to Torch Concepts, which was developing a data mining tool to analyze the characteristics of people seeking access to military installations. JetBlue had agreed to participate after a written request from the TSA. JetBlue CEO David Neeleman later acknowledged that the data transfer was a violation of his company's privacy policy.

2 of 3
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.