The F.B.I. has used half a million secret subpoenas to obtain personal data from numerous companies, newly released documents show.
The documents, obtained by the Electronic Frontier Foundation through a Freedom of Information Act (FOIA) lawsuit and shared with The New York Times, still only cover about 750 subpoenas, which is about 0.1% of the total secret subpoenas issued since 2001. Still, the documents expose how broad the scope of the F.B.I.’s demands were. It was previously thought that these requests targeted primarily tech companies, but these records show that the practice extends to banks, credit agencies, cellphone carriers, and universities.
The demands can gather large amounts of information, including IP addresses and records of purchases. They do not require a judge’s approval and generally come with a gag order. Less than 20 companies, most of the tech companies, have ever revealed that they’ve received the subpoenas, which are called national security letters.
National security letters, which have always been controversial, have been in use by the F.B.I. since that 1980s, but the standards for issuing one has gone from “specific and articulable facts” suggesting that the target was a foreign agent to certifying the information is “relevant” to counterintelligence, terrorism or leak investigation.
One of the biggest points of contention in the debate on national security letters is focused on the gag orders, which usually indefinitely ban the target from revealing even the letter’s existence. A series of court rulings found the gag orders violated the First Amendment, which caused Congress to establish review requirements, but a small fraction of the gag orders have actually been reviewed and rescinded. A federal judge observed there are “several large loopholes” in the requirements, which will mean a “large swath” of gag orders will never be reviewed.