EFF: Telcos over-disclose private data to FBI

Powered by SC Magazine

Investigation violations.

The Electronic Frontier Foundation has found some United States' based internet service providers and telcos are “too willing” to comply with FBI requests for customer data, frequently disclosing too much information that ends up being kept in US Federal files.

The EFF has produced a report on “patterns of misconduct” in FBI investigation practices, based on 2,500 pages of documents it forced US agencies to hand over last year.

The documents revealed details of 768 violations by FBI personnel that were handed to the Intelligence Oversight Board – a Presidential-level body that is supposed to maintain oversight of US intelligence activities.

The EFF estimated that the FBI “may have committed as many as 40,000 violations” in the decade since 9/11.

Some of those violations related to internal oversight processes – with the documents revealing it took on average of 2.5 years for a suspected violation to be submitted to the Intelligence Oversight Board, according to EFF.

However, many more reported violations related to the FBI’s issue of National Security Letters (NSLs) – “secret administrative subpoenas used by the FBI to obtain records from third-parties without judicial review”, EFF said.

The types of information typically sought with an NSL included subscriber and billing information from telephone companies as well as “electronic communications services”.

The EFF said its analysis found the FBI “committed violations involving… telephone and electronic communications records twice as often as it did for financial and credit records” orders.

“Perhaps most startling, however, was the frequency with which companies receiving NSLs — phone companies, internet providers etc — contributed to the FBI’s NSL abuse,” EFF said.

“In over half of all NSL violations reviewed by EFF, the private entity receiving the NSL either provided more information than requested or turned over information without receiving a valid legal justification from the FBI.

“Companies were all too willing to comply with the FBI’s requests, and — in many cases — the Bureau readily incorporated the over-produced information into its investigatory databases.”

The EFF produced one case where the FBI sought “email header information for two email addresses” used by a US citizen. In response on two separate occasions, the email service provider “returned two CDs containing the full content of all emails in the accounts”.

The EFF has called for an investigation by Congress this month before portions of the US Patriot Act expire and are potentially renewed.

Copyright © iTnews.com.au . All rights reserved.

EFF: Telcos over-disclose private data to FBI
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx