In a not-at-all-shocking revelation, the New York Timesreports the FBI has been using secret subpoenas to collect data from more than just big tech companies.

Documents show the subpoenas — which can include requests for usernames, locations, IP addresses, and purchase records — were sent to credit agencies including Experian and Equifax, numerous banks such as Bank of America and Chase, and even universities, including Kansas State.

Previously, Twitter, Google, Facebook, and Apple publicly acknowledged getting the requests, known as National Security Letters, via transparency reports. Telecom companies such as Comcast, AT&T, and Verizon have done the same.

The Timesobtained the documents via the Electronic Frontier Foundation (EFF), which had filed (and won) a Freedom of Information Act lawsuit against the FBI over the bureau's "gag orders issued with National Security Letters (NSLs)."

The subpoenas, allowed under expansions to the Patriot Act, are part of the FBI's counter-terrorism efforts and the bureau and the Department of Justice have argued that the secrecy of such documents is necessary so as not to tip-off suspects about how data on them is being collected.

Mashable Light SpeedWant more out-of-this world tech, space and science stories?Sign up for Mashable's weekly Light Speed newsletter.By signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

The EFF reports over 500,000 have been issued since 2001, but few have been made public due to the gag orders.

SEE ALSO:Hey, internet companies: Pay attention to the FBI's new take on conspiracy theories

Congress passed the USA Freedom Act in 2015, which was supposed to limit these kinds of investigations, including the gag orders issued by the FBI. Yet the new documents appear to show that the FBI, as EFF attorney Andrew Crocker told the Times, isn't "taking its obligations under USA Freedom seriously."

In a statement to Mashable, Crocker said:

Our FOIA lawsuit about national security letters points to an ongoing failure of transparency into the bureau's secret requests requiring companies to turn over customer information.  In 2015 Congress ordered the FBI to evaluate whether companies that have been gagged from talking about these secret requests should continue to be silenced about them. The results of our lawsuit show either that the law isn't having its intended effect, or that the FBI isn't taking its obligation seriously, or both. Permanent gag orders continue to be a problem. Just as concerning is the revelation, uncovered in our FOIA documents, that many companies decide not to tell customers that they gave account information to the government, even when they have been cleared to do so. National security letters are a uniquely invasive form of surveillance with little to no judicial oversight or accountability, and users deserve more transparency about their use.

The DOJ and FBI declined comment.

UPDATE: Sept. 20, 2019, 3:49 p.m. EDT Updated with EFF statement

TopicsCybersecurityPolitics