But more recently, many service providers receiving national security letters have limited the information they give to customers’ names, addresses, length of service and phone billing records.
“Beginning in late 2009, certain electronic communications service providers no longer honored” more expansive requests, FBI officials wrote in August, in response to questions from the Senate Judiciary Committee.
This marked a shift from comments made last year by Obama administration officials, who asserted then that most service providers were disclosing sufficient information when presented with national security letters.
Investigators seeking more expansive information over the past two years have turned to court orders called business record requests. In the first three months of this year, more than 80 percent of all business record requests were for Internet records that would previously have been obtained through national security letters, the FBI said. The FBI made more than four times as many business records requests in 2010 than in 2009: 96 compared with 21, according to Justice Department reports.
In response to concerns expressed by administration officials, Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) has introduced a measure that would establish that the FBI can use national security letters to obtain “dialing, routing, addressing and signaling information.” It would not include the content of an e-mail or other communications, the administration has said.
The administration, which last year contemplated legislation to expand the authority of national security letters, has not taken a formal position on the Leahy measure, officials said. But the FBI has told Congress that the number of business record orders will continue to grow unless a legal change gives the agency more routine access to customer data.
Civil liberties groups said Leahy’s measure, included in a bill to modernize the Electronic Communications Privacy Act, would expand the government’s authority to obtain substantial data about the private communications of individuals without court oversight.
“Our view is data like e-mail ‘to-from’ information is so sensitive that it ought to be available only with a court order,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology.
Privacy advocates said they support requiring the FBI to use court orders to seek the data. “This is an example of how the system should work,” said American Civil Liberties Union legislative counsel Michelle Richardson.
Business record requests are also known as Section 215 orders, after a provision in the Patriot Act, the law passed after the Sept. 11, 2001, terrorist attacks. The provision allows the government to obtain “any tangible thing” if officials can show reasonable grounds that it would be relevant to an authorized terrorism or espionage investigation.
The ACLU and the Electronic Frontier Foundation on Wednesday plan to separately sue the government to force disclosure of its interpretation of Section 215. The groups are following the lead of Sen. Ron Wyden (D-Ore.), who has accused the administration of inappropriately withholding information about the law’s use.
On Oct. 19, Assistant Attorney General Ronald Weich wrote to Wyden, saying the government has briefed Congress on the classified uses of Section 215. “We do not believe the Executive Branch is operating pursuant to ‘secret law,’ ” Weich wrote.