Originally posted on ZDNet by Zack Whittaker

Picture two federal agents knocking at your door, ready to serve you a top secret order from the U.S. government, demanding that you hand over every shred of data you own — from usernames and passwords, phone records, emails, and social networking and credit card data.

You can’t tell anyone, and your only viable option is to comply.

For some U.S. Internet service providers (ISP) and phone companies, this scenario happens — and often. Just one ISP hit by a broad-ranging warrant has the potential to affect the privacy of millions of Americans.

But when one Atlanta, Georgia-based Internet provider was served a top-secret data request, there wasn’t a suited-and-booted federal agent in sight.

Why? Because the order was served on a so-called “trusted third-party,” which handles the request, served fresh from the secretive Washington D.C.-based Foreign Intelligence Surveillance (FISA) Court. With permission from their ISP customers, these third-parties discreetly wiretap their networks at the behest of law enforcement agencies, like the Federal Bureau of Investigation (FBI), and even intelligence agencies like the National Security Agency (NSA).

By implementing these government data requests with precision and accuracy, trusted third-parties — like Neustar, Subsentio, and Yaana — can turn reasonable profits for their services.

Little is known about these types of companies, which act as outsourced data brokers between small and major U.S. ISPs and phone companies, and the federal government. Under the 1994 law, the Communications Assistance for Law Enforcement Act (CALEA), any company considered a “communications provider” has to allow government agencies access when a valid court order is served. No matter how big or small, even companies whose legal and financial resources are limited do not escape federal wiretapping laws…

Read at ZDNet

Download PDF here