FBI tries again to get warrantless access to your browser history
Two more attempts coming down the line
US legislators are making another attempt to give the FBI access to anyone's web browser history with a new amendment to the pending review of the Electronic Communications Privacy Act (ECPA) Amendments Act of 2015.
Senator John Cornyn (R-TX) introduced the amendment [PDF], which would allow the FBI to use National Security Letters (NSLs) to demand a target's "electronic communication transactional records," including domains visited, IP addresses, and session times and duration of electronic communications.
The FBI issues thousands of NSLs every year and they don't require a judge's formal approval, as a warrant would. NSLs can be ordered by either an FBI deputy assistant director or by the special agent in charge of a field office.
In the past, the FBI had claimed that the existing laws gave it the power to use NSLs for just this purpose, but in 2008 the agency was slapped down [PDF] by the Justice Department's Office of Legal Counsel, which ruled against the FBI on the matter.
In addition, the expansion of the NSL's provisions has also been added into the 2017 Intelligence Authorization Act. The wording of the bill, and the increased provisions, were passed by the Senate Select Committee on Intelligence and revealed by member Senator Ron Wyden (D-OR).
"This bill takes a hatchet to important protections for Americans' liberty," he said.
"This bill would mean more government surveillance of Americans, less due process, and less independent oversight of U.S. intelligence agencies. Worse, neither the intelligence agencies nor the bill's sponsors have shown any evidence that these changes would do anything to make Americans more secure."
The double privacy whammy shows yet more evidence that the FBI is not willing to give up trying to get warrantless access to internet users' histories. Technically, the NSL can only be issued for terrorism or spying investigations, but the FBI has abused such powers in the past.
The moves have kicked up a stink with technology firms and internet rights groups, which had been supportive of the new form of the ECPA. Now they are threatening a boycott of the legislation.
"We would oppose any version of these bills that included such a proposal expanding the government's ability to access private data without a court order," the open letter reads.
"Given the sensitive nature of the information that could be swept up under the proposed expansion, and the documented past abuses of the underlying NSL statute, we urge the Senate to remove this provision from the Intelligence Authorization bill and oppose efforts to include such language in the ECPA reform bill, which has never included the proposed NSL expansion." ®
Sponsored: Becoming a Pragmatic Security Leader