First AT&T Transparency Report Shows 2,000+ NSL Requests

AT&T, in its first transparency report, said that it received at least 2,000 National Security Letters and nearly 38,000 requests for location data on its subscribers in 2013.

AT&T, in its first transparency report, said that it received at least 2,000 National Security Letters and nearly 38,000 requests for location data on its subscribers in 2013.

The new report from AT&T is the latest in a growing list of publications from telecom companies, Web providers and cell phone carriers who have been under pressure from privacy advocates and security experts in the wake of the Edward Snowden NSA surveillance revelations. Telecoms had been resistant to providing such information in the past and it’s really only in the last month or so, since the Department of Justice loosened its restrictions on the way that companies can report NSL and Foreign Intelligence Surveillance Act requests that more companies have come around on the issue.

AT&T’s report shows a higher number of NSLs and subpoenas in 2013 than its most relevant competitor, Verizon. In January, Verizon’s first transparency report showed that the company received between 1,000 and 1,999 NSLs in 2013 and 164,000 subpoenas. AT&T said it got 2,000-2,999 NSLs and 248,343 subpoenas last year. AT&T also received nearly 37,000 court orders and more than 16,000 search warrants.

Interestingly, the number of demands for location information that AT&T received last year is pretty close to what Verizon saw. AT&T got nearly 38,000 requests for location information for its subscribers, including more than 12,500 requests for real time information. Verizon received about 35,000 requests for location data in 2013.

“We take our responsibility to protect your information and privacy very seriously, and we pledge to continue to do so to the fullest extent possible and always in compliance with the law of the country where the relevant service is provided. Like all companies, we must provide information to government and law enforcement agencies to comply with court orders, subpoenas, lawful discovery requests and other legal requirements. We ensure that these requests are valid and that our responses comply with the law and our own policies,” AT&T said in its report. “Interest in this topic has increased in the last year. As you might expect, we may make adjustments to our reporting processes and create ways to track forms of demands in the future.”

Of the more than 301,000 total criminal and civil requests from United States agencies that AT&T received in 2013, the company only rejected or challenged about 3,700 of them and provided partial or no data in about 13,700 cases.

The FISA request data in the AT&T report only covers the first six months of 2013, per the Department of Justice regulations, and it shows that the company received between 0-999 FISA requests for content covering more than 35,000 customer accounts. By contrast, the company got the same range of non-content requests, but they only covered fewer than 1,000 accounts.

Image from Flickr photos of Mike Mozart.

Suggested articles

Cybercrime Getting More Sophisticated: How to Protect Your Business?

Attackers continuously expand their capabilities and take advantage of limited cybersecurity awareness among businesses. With multiple attack vectors, they sabotage or bypass the victim’s security strengths while targeting their weaknesses. Hence it is more crucial than ever to have a Next-gen WAF.


Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.