Amid Government Data Gathering, Businesses Mull Their Options - InformationWeek
06:15 PM

Amid Government Data Gathering, Businesses Mull Their Options

A Justice Department proposal that ISPs retain records for two years is just the latest in a growing list of data collection initiatives by federal agencies.

To protect the public from terrorism and other hazards, the U.S. government mines its vast databases for signs of trouble. Increasingly, the feds are requesting--even demanding--that businesses share their data, too. But such cooperation isn't cheap or easy, and several industries are pushing back to protect their customers' privacy.

Not long after forcing Internet companies to submit search terms, search result URLs, and other information as part of its enforcement of the Child Online Protection Act, the Justice Department is going a step further. Attorney General Alberto Gonzales is now asking the likes of Google, AOL, and Verizon to keep subscriber information and other customer data for at least two years, just in case the government needs it for criminal investigations. Currently, Internet companies are under no obligation to save that data at all.

Attorney General Gonzales wants Internet companies to keep customer data--just in case

Attorney General Gonzales wants Internet companies to keep customer data--just in case

Photo by Joshua Roberts/Reuters
People want the government to have the data needed to fight crime and terrorism; it's the potential misuse of personally identifiable data--names, addresses, Social Security numbers, Web search histories--that is deeply worrisome.

Just last week, the European Court of Justice ruled that an airline passenger data-sharing agreement between the European Commission and the Department of Homeland Security's Customs and Border Protection division violates European privacy law. The arrangement was crafted in 2004 to keep out terrorists. The two sides have four months to rethink the terms of how data gets shared, at the risk of disrupting trans-Atlantic travel if they don't (see story, "Illegal EU Data-Sharing Deal With The U.S. Shows Transparency Not Always Enough").

These are only the latest examples of federal harvesting of company data. The National Security Agency is reportedly building a massive database of phone call records provided by AT&T and other telecom companies. Trucking companies share electronic manifests as their rigs cross into the United States, an information exchange that will become mandatory later this year. Financial firms report suspicious transactions. Subpoenas are used to get data from individual companies.

The feds have been mostly successful in getting businesses to cooperate. Following the 9/11 terrorist attacks, the government looked to transportation companies, especially airlines, to hand over information that can be used to match passengers and transportation workers with names on terrorist watch lists. However, while they initially complied with Homeland Security projects such as the Computer Assisted Passenger Pre-Screening System and Secure Flight, some airlines have said they're uneasy with the government's ability to safeguard their data from loss or misuse.

Privacy advocates worry about the volume of data being collected (millions of records and many terabytes of data), the length of time it's stored, and the level of detail. Under the existing agreement, participating European airlines provide Customs and Border Protection with up to 34 bits of information on each passenger, ranging from name and method of payment to meal requests. Homeland Security can keep the data up to 3-1/2 years. Those terms are now subject to renegotiation before the Sept. 30 deadline set by the EC court.

Yet even as one data-sharing arrangement comes under scrutiny, another arises. The U.S. Centers for Disease Control and Prevention has requested that international airlines store passenger emergency contact information for six months in the event of a bird flu outbreak. "This requires still more manpower and more costs," says David Henderson, manager of information for the Association of European Airlines.

Subpoena Power

Government requests for data come in the form of a subpoena or a "national security letter." A subpoena must be approved by a judge and can be fought in court if it's too vague or burdensome to a business, as Google did earlier this year. A national security letter is a special type of subpoena issued by the FBI without the need for a judge's signature, entitling the FBI to bank, insurance, phone, ISP, and credit report records (but not medical records). Unlike a subpoena, a company receiving a national security letter cannot discuss the fact that it has received one.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll