The FBI has used secret subpoenas to obtain personal data from far more companies than previously disclosed, The New York Times reports. The requests, which the bureau says are critical to counterterrorism efforts, have raised privacy concerns but have been associated mainly with tech companies. Records show how far beyond Silicon Valley the practice extends, encompassing scores of banks, credit agencies, cellphone carriers and universities. The demands can gather a variety of information, including user names, locations, IP addresses and records of purchases. They don’t require a judge’s approval and usually come with a gag order. Fewer than 20 entities, most of them tech companies, have disclosed that they’ve received the subpoenas, known as national security letters.
The documents, obtained by the Electronic Frontier Foundation through a Freedom of Information Act lawsuit, shed light on the scope of the demands and raise questions about the effectiveness of a 2015 law that was intended to increase transparency around them. More than 120 companies and other entities were mentioned in the filing. “This is a pretty potent authority for the government,” said University of Texas law Prof. Stephen Vladeck. “The question is: Do we have a right to know when the government is collecting information on us?” The documents provide information on 750 subpoenas, a small fraction of the half-million issued since 2001, when the Patriot Act expanded their powers. Among those receiving letters were credit agencies Equifax, Experian and TransUnion and the Bank of America, Western Union and the Federal Reserve Bank of New York. Other entities received smaller numbers of requests, including Kansas State University and the University of Alabama at Birmingham, probably because of their role in providing internet service. Other companies included major cellular providers such as AT&T and Verizon, as well as tech giants like Google and Facebook.