AT&T Fields Thousands of National Security Requests for Customer Data

AT&T Global Network Operations Center, Bedminster, New Jersey (Image courtesy of AT&T)
AT&T Global Network Operations Center, Bedminster, New Jersey (Image courtesy of AT&T)

NSLs, subpoenas issued by the FBI in regard to counterterrorism or counterintelligence, are limited to basic information, such as a list of phone numbers dialed or subscriber information – not the actual content of specific messages. But it in the first half of 2013, AT&T also received up to 999 Foreign Intelligence Surveillance Act (FISA) requests for “content” information on between 35,000–35,999 accounts – and up to 999 requests on up to 999 subscribers for “non-content” information. These court orders issued pursuant to FISA require communications providers to respond to government requests for data related to national security investigations, such as international terrorism or espionage.

Government surveillance is of increasing consumer concern in the wake of the Edward Snowden leaks about the activities of the US National Security Agency and others to track the communications of American citizens. The US Department of Justice accordingly recently lifted some of the restrictions on the way that companies can report NSL and FISA requests, including the ability to reveal a range when it comes to actual totals – hence the “give or take 999 NSLs” wording. The telco is prohibited from otherwise releasing specifics.

Outside of the national security realm, for the total year, AT&T said that it also received and 248,343 subpoenas, nearly 37,000 court orders and more than 16,000 search warrants. It also had nearly 38,000 requests for location data on its subscribers in 2013. The latter included more than 12,500 requests for real-time information.

Of the more than 301,000 total criminal and civil requests from US agencies that it handled in 2013, AT&T rejected or challenged about 3,700 of them and provided partial or no data in about 13,700 cases.

AT&T made a simple introduction to the numbers: “We take our responsibility to protect your information and privacy very seriously, and we pledge to continue to do so to the fullest extent possible and always in compliance with the law of the country where the relevant service is provided. Like all companies, we must provide information to government and law enforcement agencies to comply with court orders, subpoenas, lawful discovery requests and other legal requirements. We ensure that these requests are valid and that our responses comply with the law and our own policies.”

It added, “Interest in this topic has increased in the last year. As you might expect, we may make adjustments to our reporting processes and create ways to track forms of demands in the future.”

Fellow incumbent Verizon issued its first transparency report in January, showing that the company fell into a lower NSL bracket: it fielded between 1,000 and 1,999 NSLs in 2013. It also had 164,000 subpoenas and about 35,000 requests for location data in 2013. In all it had 320,000 requests from local, state and federal law enforcement.

What’s hot on Infosecurity Magazine?