The FBI regularly uses these legal powers — known as national security letters — to compel credit giants to turn over non-content information, such as records of purchases and locations, that the agency deems necessary in national security investigations. But these letters have no judicial oversight and are typically filed with a gag order, preventing the recipient from disclosing the demand to anyone else — including the target of the letter.
Only a few tech companies, including Facebook, Google, and Microsoft, have disclosed that they have ever received one or more national security letters. Since the law changed in 2015 in the wake of the Edward Snowden disclosures that revealed the scope of the U.S. government's surveillance operations, recipients have been allowed to petition the FBI to be cut loose from the gag provisions and publish the letters with redactions.
Tech companies have used "transparency reports" to inform their users of government demands for their data. But other major data collectors, like credit agencies, have failed to publish their figures altogether.
Three lawmakers — Democratic senators Ron Wyden and Elizabeth Warren, and Republican senator Rand Paul — have sent letters to Equifax, Experian, and TransUnion, expressing their "alarm" as to why the credit giants have failed to disclose the number of government demands for consumer data they receive.
"Because your company holds so much potentially sensitive data on so many Americans and collects this information without obtaining consent from these individuals, you have a responsibility to be transparent about how you handle that data," the letters said. "Unfortunately, your company has not provided information to policymakers or the public about the type or the number of disclosures that you have made to the FBI."
Spokespeople for Equifax, Experian, and TransUnion did not respond to a request for comment outside business hours.
It's not known how many national security letters were issued to the credit agencies since the legal powers were signed into law in 2001. The New York Times said the national security letters to credit agencies were a "small but telling fraction" of the overall half-million FBI-issued demands made to date.
Other banks and financial institutions, as well as universities, cell service and internet providers, were targets of national security letters, the documents revealed.
The senators have given the agencies until December 27 to disclose the number of demands each has received.