AT&T said on Tuesday that it received secret orders under the Federal Intelligence Surveillance Act in the first half of last year involving up to 37,000 customer accounts. Those accounts were included in up to 2,000 orders from the Justice Department; half of those requests were for actual content from customers in as many as 36,000 accounts. The other half demanded just account data.
As many as 2,999 other requests came from the FBI as “National Security Letters,” and involved up to 4,999 accounts. Those letters can only demand information about a customer account, not personal data such as documents or emails.
The Justice Department in late January, to settle a lawsuit the companies had brought seeking more transparent reporting, relaxed reporting standards and allowed the FISA data to be made public for the first time. Companies that choose to report the FISA requests and NSL requests combined can use ranges of 0–249; if data is separate, it must be reported in larger ranges — 0-999.
FISA data can cover both the total number of orders made and how many accounts were involved. It can also be broken out by requests for customer information, such as subscriber name, or actual content, such as an e-mail. National Security Letters are limited to only customer information, not content.
AT&T on Tuesday also released its first ever data on non-national security related civil and criminal court requests for user data and information. Other communications and internet companies, such as Google, have been releasing “transparency reports” with this data for several years.
During 2013, AT&T received an average of 827 requests a day from law enforcement — 301,816 for the years, most involging criminal cases and issued by subpoenas, which are believed to typically only cover data about a user and account, not content created. Just under 1 in 5 requests came via more powerful court order or warrant. Only about 1% of requests were rejected by AT&T and for about 5% of the requests, AT&T had no or only partial information to release.
About 100,000 “emergency” requests were received, such as those related to a 911 call. About 38,000 request were for a customer’s location, as well as all numbers for a particular cell tower.