Watson Institute for International and Public Affairs
Costs of War

Data Privacy

Before 9/11, the FBI could not secretly compel personal information from United States banks and internet firms unless the person was suspected of wrongdoing and under an authorized investigation. Since then, personal information has been more readily accessible without any individualized suspicion through a “National Security Letter” (NSL). 

Post-9/11, the Patriot Act has allowed the FBI such access even if a person was not the subject of an authorized investigation. The FBI could demand that phone companies, internet service providers, banks, insurance companies, and a laundry list of businesses that deal in cash—even the US postal service—turn over information about an American's transactions, without any court order or independent review. Federal guidelines further expanded the FBI’s authority by elevating what had once been known as “preliminary inquiries” to the level of “investigations,” allowing the use of NSLs to gather information on people who are not suspected of wrongdoing.

As a result, tens of thousands of American citizens—and tens of thousands of non-citizens—have had their financial and communications records swept up by the FBI. The agency has also been collecting “Open Source” information from social networks and commercial data-collection companies. These data-collection authorities and practices have resulted in people “two or three steps removed” from the original subject of an investigation being swept in.


Key Findings

  • "National Security Letter" (NSL) powers can be used to obtain records of virtually everything purchased with debit or credit cards.

  • In the process of complying with the FBI’s counter-terrorism efforts, businesses have provided the government with access to the private information of millions of Americans. 

  • The data of a person whose information is swept in to the FBI’s database is then accessible to tens of thousands of government employees.


Recommendations

  • In line with ACLU recommendations, telecommunications companies should demand warrants when the government requests consumer information, and notify consumers of these requests.

Also following ACLU recommendations, Congress should pass legislation:

  • Requiring the government to obtain warrants before demanding location information from telecommunications companies; and

  • Banning the bulk data collection of Americans’ private information, as mandated by the USA Freedom Act.

(Page updated as of March 2015)