The Obama administration is seeking to amend surveillance law to give the FBI explicit authority to access a person’s internet browser history and other electronic data without a warrant in terrorism and spy cases.
The administration made a similar effort six years ago but dropped it after concerns were raised by privacy advocates and the tech industry.
FBI Director James B. Comey has characterized the legislation as a fix to “a typo” in the Electronic Communications Privacy Act, which he says has led some tech firms to refuse to provide data that Congress intended them to provide.
But tech firms and privacy advocates say the bureau is seeking an expansion of surveillance powers that infringes on Americans’ privacy.
Now, at the FBI’s request, some lawmakers are advancing legislation that would allow the bureau to obtain “electronic communication transactional records” using an administrative subpoena known as a national security letter. An NSL can be issued by the special agent in charge of a bureau field office without a judge’s approval.
Such records may include a person’s internet protocol address and how much time a person spends on a given site. But they don’t include content, such as the text of an e-mail or Google search queries. There’s also a limit to how much visibility the bureau would have into which part of a website a person had visited. For instance, according to the bureau, if the person went to any part of The Washington Post’s website, law enforcement would see only washingtonpost.com – nothing more specific.
Comey said that making this change to the law is the bureau’s top legislative priority this year.
The inability to obtain the data with an NSL “affects our work in a very, very big and practical way,” he told the Senate Intelligence Committee in February.
The Senate panel recently voted out an authorization bill with the NSL amendment. The Senate Judiciary Committee this week is considering a similar provision introduced by Sen. John Cornyn, R-Texas, as an amendment to ECPA, a law governing domestic surveillance.
Cornyn said that what he characterized as a “scrivener’s error” in the law is “needlessly hamstringing our counterintelligence and counterterrorism efforts.”
But privacy groups and tech firms are again warning that the expansion of power would erode civil-liberties protections.
The fix the FBI seeks would “dramatically expand the ability of the FBI to get sensitive information about users’ online activities without oversight,” said a coalition of privacy and civil society groups and industry organizations in a letter sent to the Hill Monday.
The new categories of information that could be collected using an NSL “would paint an incredibly intimate picture” of a person’s life, said the letter, signed by the American Civil Liberties Union, Amnesty International USA, the Computer & Communications Industry Association, Google, Facebook and Yahoo, among others. For example, a person’s browsing history, location information and certain email data could reveal details about a person’s political affiliation, medical conditions, religion and movements throughout the day, they said.
In addition, the NSL would come with a gag order preventing the company from disclosing it had a received a government request, said Neema Singh Guliani, ACLU legislative counsel. The letter noted that over the past 10 years, the FBI has issued more than 300,000 NSLs, most of which had gag orders. “That’s the perfect storm of more information gathered, less transparency and no accountability,” Gulani said.
But a law passed last year, the USA Freedom Act, requires the Justice Department to review gag orders periodically to assess whether they are still justified.
The amendment being considered by the Judiciary Committee on Thursday is part of a broader effort by lawmakers to update ECPA to require law enforcement to get a warrant for all e-mail content, no matter if it’s one day or one year old.
Privacy groups and tech companies support the broader ECPA update, versions of which some lawmakers have sought for years.
But the groups and tech organizations in their letter said that if the ECPA bill includes the NSL provision, they will pull their support.
A November 2008 opinion from the Justice Department’s Office of Legal Counsel made clear that ECPA allows the FBI to obtain with an NSL only four types of basic subscriber information from internet companies: name, address, length of service and telephone bill records. There is no reference in the law to browser history, for instance. The opinion said the four existing categories were “exhaustive.”
The FBI’s Office of General Counsel, however, has argued that electronic communication transactional records are the functional equivalent of telephone billing records. To eliminate any uncertainty, the FBI wants the law to explicitly cover such data.
Sens. Patrick Leahy, D-Vt., the ranking member on the Judiciary Committee, and Mike Lee, R-Utah, a committee member, oppose the Cornyn amendment. They say they will push for a clean version of the ECPA update similar to a bill passed by the House earlier this year.