Report: FBI Subpoenaed Data From Banks, Credit AgenciesCorporations Received 'National Security Letters' Demanding Information
The FBI has issued hundreds of subpoenas to major banks, the big three credit rating agencies and other corporations as part of an ongoing counterterrorism program that collects personal and financial data, the New York Times reports.
See Also: Top 50 Security Threats
The news report is based on records obtained by the Electronic Frontier Foundation as a result of a Freedom of Information Act lawsuit it filed against the FBI and the U.S. Department of Justice.
Among the corporations that have received FBI subpoenas, the Times reports, are Bank of America, Western Union, the Federal Reserve Bank of New York, Equifax, Experian and TransUnion.
In addition, a number of telecommunications companies and universities received subpoenas as part of these FBI investigations, according to the Times.
None of the companies mentioned in these documents commented to the Times on the matter. And both the FBI and the Department of Justice declined to comment.
Earlier news reports described how the FBI had subpoenaed information from a number of technology firms, including Microsoft and Google.
Identifying Who Got Subpoenas
The Electronic Frontier Foundation’s lawsuit demanded that the FBI release information related to the gag orders that the agency issued to any company receiving a “national security letter” as part of a counterterrorism investigation. Under a 2015 federal law, called the USA Freedom Act, once the FBI has closed an investigation, it's obligated to notify companies that the gag order has been lifted and some information about the investigation can be released, according to the foundation.
National Security Letters force companies to hand over data like customer info, phone numbers, and purchase records—without judicial approval, and with a gag order.— EFF (@EFF) September 20, 2019
Only a handful have ever been made public.
We sued—and learned about hundreds more.https://t.co/r7RapNACpk
"If these procedures worked as Congress intended, the government should be regularly notifying companies that they could speak about the NSLs they received and publish the letters themselves," the foundation said when a judge ruled in its favor in August.
As a result of the lawsuit, the FBI and Justice Department reviewed about 11,000 subpoenas issued between 2016 and 2017, and released about 750 documents, according to the Times.
The documents that were released to the Electronic Frontier Foundation informed companies that an investigation had concluded and the gag orders had been lifted, the Times reported. The documents don't reveal what information was subpoenaed from these companies, but they do indicate which companies received the requests for data, according to the Times.
"Permanent gag orders continue to be a problem," says Andrew Crocker, a senior staff attorney with the Electronic Frontier Foundation. "Just as concerning is the revelation, uncovered in our [Freedom of Information Act] documents, that many companies decide not to tell customers that they gave account information to the government, even when they have been cleared to do so. National security letters are a uniquely invasive form of surveillance with little to no judicial oversight or accountability, and users deserve more transparency about their use."
Since 2001, the FBI has increased its use of national security letters to collect information from companies and individuals primarily as part of counterterrorism investigations, sending out more than 500,000 of these orders, according to the Electronic Frontier Foundation.
The letters give the FBI extraordinary search powers to compel the disclosure of customer records, according to the Electronic Privacy Information Center.
Financing Terrorism and Crime
One possible reason why the FBI has made so many requests for information from financial institutions and credit rating agencies is that the nature of terrorism and crime financing has changed - especially with the introduction of virtual currencies such as bitcoin, says Tom Kellermann, chief cybersecurity officer for Carbon Black.
"The FBI is improving its efforts to combat terrorist financing," Kellermann tells Information Security Media Group. "However, anti-money laundering efforts must be modernized to address the ubiquitous use of virtual currencies in criminal conspiracies. Forfeiture laws must evolve as well so that virtual currencies used in cyber conspiracies can be confiscated and deployed for critical infrastructure protection."
The FBI’s collection of information from corporations in the name of national security raises many questions, privacy and security experts say.
"Do we have a right to know when the government is collecting information on us?" asks Stephen Vladeck, a law professor at the University of Texas who specializes in national security, according to the Times.