06:15 PM

Amid Government Data Gathering, Businesses Mull Their Options

A Justice Department proposal that ISPs retain records for two years is just the latest in a growing list of data collection initiatives by federal agencies.

The FBI appears to be liberal in its use of national security letters. The Washington Post reported last year that the government issues 30,000 such letters annually. A Justice Department spokesman said that's inaccurate but declined to provide a better estimate. The Justice Department doesn't track the number of subpoenas issued by its own agencies or by the 94 U.S. attorneys' offices.

Nor does Justice monitor the costs those subpoenas impose on recipients, which can be considerable. At AOL, a dozen employees handle about 12,000 law enforcement requests a year, a spokesman says. About one in five of those requests results in some form of information sharing.

Meantime, the ground rules are changing. Presaging the U.S. push for mandated electronic archives from ISPs, the European Parliament and Council in December approved rules that require telecom companies to retain phone and Internet records for two years for anti-terror investigations. Microsoft, in a statement, says it's reviewing its internal data-retention policies "in light of European Union data-retention regulations."

Who Gets What
  Customs and Border Protection
Manifests for trucks entering U.S.
  Homeland Security
Passenger names and records
  Justice Department
Web search terms, URLs, other records
ISPs, software security
Passenger data
  National Security Agency
Phone call records
  Treasury Department
Suspicious Activity Reports
TSA Passenger data and itineraries
Federal subpoenas issued to individual companies
Federal purchases of data from database marketers
Businesses sometimes resist government requests for archived data and other information. Google did and, following a court ruling, ended up providing less data than the Justice Department originally requested. "What the ruling means is that neither the government nor anyone else has carte blanche when demanding data from Internet companies," Google associate general counsel Nicole Wong writes on the company blog.

Brett Glass, owner of, a small ISP in Laramie, Wyo., says his company has never been asked for customer data and would put up a fight if it were. "If the federal government--be it Congress, the FCC, or an executive branch agency--were to mandate that we supply it, we'd consider filing suit or joining a suit to void such a request," he says. "We owe it to our users."

For companies that do share data, there can be technical challenges, especially if they don't have a central data warehouse, consultant Richard Winter says. Government agencies might seek records scattered across IT systems that are difficult to pull together. Many companies have a hard enough time sifting disparate data for their own use, Winters notes.

Data sharing is a touchy subject. EarthLink, Microsoft, and Visa declined to discuss it. Google admits to receiving government subpoenas, but it won't say how many.

Disarray And Distrust

Homeland Security's agreement with the EC is spelled out far better than its Secure Flight program. The Transportation Security Administration admitted in October that Secure Flight's plan to integrate real-time transactional data, such as passengers with boarding passes, with other information, such as terrorist watch lists, would be difficult to implement without major upgrades to airline IT systems.

Some airlines have been publicly chastised for not doing more to protect customer privacy. JetBlue drew criticism when it was revealed in 2003 that it allowed Acxiom, acting as a contractor, to transfer 5 million records for more than 1.5 million passengers to Torch Concepts, which was developing a data mining tool to analyze the characteristics of people seeking access to military installations. JetBlue had agreed to participate after a written request from the TSA. JetBlue CEO David Neeleman later acknowledged that the data transfer was a violation of his company's privacy policy.

2 of 3
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 19, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.