White House proposal would ease FBI access to records of Internet activity
Thursday, July 29, 2010
The Obama administration is seeking to make it easier for the FBI to compel companies to turn over records of an individual's Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation.
The administration wants to add just four words -- "electronic communication transactional records" -- to a list of items that the law says the FBI may demand without a judge's approval. Government lawyers say this category of information includes the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user's browser history. It does not include, the lawyers hasten to point out, the "content" of e-mail or other Internet communication.
But what officials portray as a technical clarification designed to remedy a legal ambiguity strikes industry lawyers and privacy advocates as an expansion of the power the government wields through so-called national security letters. These missives, which can be issued by an FBI field office on its own authority, require the recipient to provide the requested information and to keep the request secret. They are the mechanism the government would use to obtain the electronic records.
Stewart A. Baker, a former senior Bush administration Homeland Security official, said the proposed change would broaden the bureau's authority. "It'll be faster and easier to get the data," said Baker, who practices national security and surveillance law. "And for some Internet providers, it'll mean giving a lot more information to the FBI in response to an NSL."
Many Internet service providers have resisted the government's demands to turn over electronic records, arguing that surveillance law as written does not allow them to do so, industry lawyers say. One senior administration government official, who would discuss the proposed change only on condition of anonymity, countered that "most" Internet or e-mail providers do turn over such data.
To critics, the move is another example of an administration retreating from campaign pledges to enhance civil liberties in relation to national security. The proposal is "incredibly bold, given the amount of electronic data the government is already getting," said Michelle Richardson, American Civil Liberties Union legislative counsel.
The critics say its effect would be to greatly expand the amount and type of personal data the government can obtain without a court order. "You're bringing a big category of data -- records reflecting who someone is communicating with in the digital world, Web browsing history and potentially location information -- outside of judicial review," said Michael Sussmann, a Justice Department lawyer under President Bill Clinton who now represents Internet and other firms.
The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information "not permitted by the [surveillance] statute."
One issue with both the proposal and the current law is that the phrase "electronic communication transactional records" is not defined anywhere in statute. "Our biggest concern is that an expanded NSL power might be used to obtain Internet search queries and Web histories detailing every Web site visited and every file downloaded," said Kevin Bankston, a senior staff attorney with the Electronic Frontier Foundation, which has sued AT&T for assisting the Bush administration's warrantless surveillance program.
He said he does not object to the government obtaining access to electronic records, provided it has a judge's approval.
Senior administration officials said the proposal was prompted by a desire to overcome concerns and resistance from Internet and other companies that the existing statute did not allow them to provide such data without a court-approved order. "The statute as written causes confusion and the potential for unnecessary litigation," Justice Department spokesman Dean Boyd said. "This clarification will not allow the government to obtain or collect new categories of information, but it seeks to clarify what Congress intended when the statute was amended in 1993."
The administration has asked Congress to amend the statute, the Electronic Communications Privacy Act, in the fiscal year that begins in October.
Administration officials noted that the act specifies in one clause that Internet and other companies have a duty to provide electronic communication transactional records to the FBI in response to a national security letter.
But the next clause specifies only four categories of basic subscriber data that the FBI may seek: name, address, length of service and toll billing records. There is no reference to electronic communication transactional records.
Same as phone records?
The officials said the transactional information at issue, which does not include Internet search queries, is the functional equivalent of telephone toll billing records, which the FBI can obtain without court authorization. Learning the e-mail addresses to which an Internet user sends messages, they said, is no different than obtaining a list of numbers called by a telephone user.
Obtaining such records with an NSL, as opposed to a court order, "allows us to intercede in plots earlier than we would if our hands were tied and we were unable to get this data in a way that was quick and efficient," the senior administration official said.
But the value of such data is the reason a court should approve its disclosure, said Greg Nojeim, senior counsel at the Center for Democracy and Technology. "It's much more sensitive than the other information, like name, address and telephone number, that the FBI gets with national security letters," he said. "It shows associational information protected by the First Amendment and is much less public than things like where you live."
A Nov. 5, 2008, opinion from the Justice Department's Office of Legal Counsel, whose opinions are binding on the executive branch, made clear that the four categories of basic subscriber information the FBI may obtain with an NSL were "exhaustive."
This opinion, said Sussmann, the former Clinton administration lawyer, caused many companies to reevaluate the scope of what could be provided in response to an NSL. "The OLC opinion removed the ambiguity," he said. "Providers now are limited to the four corners of what the opinion says they can give out. Those who give more do so at their own risk."
Marc Zwillinger, an attorney for Internet companies, said some providers are not giving the FBI more than the four categories specified. He added that with the rise of social networking, the government's move could open a significant amount of Internet activity to government surveillance without judicial authorization. "A Facebook friend request -- is that like a phone call or an e-mail? Is that something they would sweep in under an NSL? They certainly aren't getting that now."