The FBI greatly expanded data sharing requests under the controversial Section 215 of the Patriot Act when tech firms tried to resist the bureau’s better-known National Security Letters. The requests may have blanketed millions of records.
Section 215 allows the FBI to require business records and any ‘tangible things’ for an authorized terrorism or clandestine foreign intelligence investigation. A subject of hot debate since the issuing of the act in the wake of the September 2001 terrorist attack, the provision was criticized for the possible broad interpretation of its wording and the possible impact on privacy.
The provision came into spotlight recently, after it was revealed that the US government is involved in a massive domestic surveillance program. The disclosure to FBI of millions of customer metadata records by Verizon, which was reported last week, was done under a secret Foreign Intelligence Surveillance Court (FISC) order issued in response to a Section 215 request.
Such requests are similar to another controversial practice by the FBI, the so-called national security letters (NSLs), which was greatly expanded after the Patriot Act. Both types of requests go with a ‘gag order’, which bars the targeted business from disclosing to the public the fact that it was ordered to share client data with the government.
The FBI dramatically increased the use of Section 215 requests between 2009 and 2010, reports NBC. In 2009, the Justice Department told Congress that there had been 21 applications for business record under the provision, all of which were granted. In 2010, the number of requests jumped to 205. The latest report showed that in 2012, there had been 212 Section 215 requests – again all of them approved.
The tenfold increase drew little public attention because the number of NSLs issued by the bureau was much higher – 15,229 in 2012. But as the example of Verizon showed, a Section 215 request may be used to obtain a broad array of records involving millions of people. The order was later revealed to be part of a broad practice of collecting communication information stretching back at least seven years.
The expansion of Section 215 requests happened in response to tech companies’ resistance to the use of NSLs by the bureau, FBI Director Mueller wrote to the Congress back in 2009.
“Beginning in late 2009, certain electronic communications service providers no longer honored NSLs to obtain” records because of what their lawyers cited as “an ambiguity” in the law. The FBI move to seek the same data under Section 215. “This change accounts for a significant increase in the volume of business records requests,” Mueller explained.
The NSLs themselves, which are issued by the FBI without any court warrant, were ruled unconstitutional by a federal judge in March. The practice was deemed illegal because of the gag order, which the judge said violates freedom of speech.
The issue of surveillance in the US was further fuelled by the revelation of a program called PRISM, under which the FBI and the NSA obtain access to data stored on central servers of major communication companies. The data includes photos, videos, emails, documents, audio files, and connection logs, according to reports. PRISM was exposed by Edward Snowden, a former CIA employee and private contractor for the NSA, who leaked classified documents on the surveillance to the press.
Amid the unfolding scandal, some of the tech companies are seeking more transparency over their cooperation with the government agencies. The companies including Microsoft, Facebook and Google want to mitigate the damage to their public image by proving that the privacy of their clients was not compromised as much as the media allege.