Senate Considers Troubling Expansion of National Security Letter Authority

June 7, 2016

Washington -The U.S. Senate Judiciary Committee is currently reviewing various amendments in anticipation of its Thursday markup of the Email Privacy Act, which won unanimous passage from the House of Representatives earlier this year. One of the proposed amendments offered by Senator John Cornyn purports to “improve the provisions relating to the privacy of electronic Communications,” but is more commonly known as the “ECTR fix.” Senator Cornyn’s amendment is unrelated to reform of the Electronic Communications Privacy Act (ECPA), and troublingly proposes to dramatically expand the scope of the FBI’s surveillance capabilities without judicial oversight.

Currently, the FBI can solicit non-content information from ISPs through National Security Letters (NSLs) for authorized terrorism and foreign intelligence investigations. These letters, essentially administrative subpoenas, allow the FBI to self-certify that they are obtaining and using information for purposes relevant to an authorized investigation. They are also usually accompanied by a gag order, which prevents recipients from sharing with others that they received such a request.

Sen. Cornyn’s amendment would drastically increase the breadth of information the FBI can request from providers through NSLs to include electronic communication transactional records (ECTR). Under current law, the FBI can demand the production of records limited to name, address, length of service, and local and long distance toll billing records—without a court order. The amendment would create many new categories of detailed, content-related data that would be accessible, including account number, login history, other account identifying information, length of service, type of service, and IP address, including any “any temporarily assigned IP or network address, communication addressing, routing, or transmission information.” The information included in this amendment, which is echoed by language in the proposed 2017 intelligence authorization bill, would give the government deep insights into significant aspects of the lives of providers’ customers.

Congress has historically never permitted such information to be obtained from providers without judicial oversight. At present, most of the aforementioned data types can only be obtained pursuant to court orders under the Stored Communications Act or Foreign Intelligence Surveillance Act. In 2008, the Department of Justice’s Office of Legal Counsel Memorandum stated that the FBI was precluded from requiring the disclosure of electronic communications transactional records via NSLs issued to providers electronic communications services as contrary to congressional intent.

In fact, the recent trend has been to significantly limit the power of NSLs. The USA Freedom Act of 2015 specifically prohibits the bulk collection of records under NSLs and allows exceptions to gag orders when necessary, and in 2014, President Obama ordered the FBI to limit the ordinary duration of gag orders following his Administration’s review of signals intelligence activities.

Granting the FBI the power to collect detailed information of user’s interactions on the Internet via national security letters erases any independent oversight of their surveillance behavior, furthering the propensity for abuse, misuse or error. The history of NSL use is rife with such instances. The Office of the Inspector General released a 2007 Review of the FBI’s Use of NSLs that found the total number of NSLs issued was vastly underreported, while records of their use were incomplete and inaccurate. The accompanying gag orders have also been employed indefinitely and indiscriminately, to the detriment of providers’ ability to be transparent with their customers.

The expansion of the national security letter authority would also put a greater strain on small providers’ ability to respond to requests. The increased scope, reduction in oversight, and associated secrecy requirements would mean a greater volume of requests without recourse, harming providers’ relationships with customers, who demand transparency.

The Senate Judiciary Committee is poised to markup the Email Privacy Act later this week. Approving the ECTR “fix” would expand the FBI’s NSL authority in a manner contrary to the wishes of Congress and even the Bush Administration, and would ultimately undermine ECPA reform, which is centered on a judicially-approved warrant-for-content requirement. We urge the Senate Judiciary Committee to act in favor of online privacy rights and pass the Email Privacy Act without such an amendment.

To see a coalition letter asking Senators to reject this expansion of NSLs, which CCIA signed, click here.

Related Articles

CCIA To Testify Before FTC On Privacy Thursday

Sep 8, 2022

Washington –The Computer & Communications Industry Association will testify Thursday during the Federal Trade Commission’s Public Forum on Privacy. CCIA supports baseline federal privacy rules for the Internet ecosystem. CCIA Chief of Staff and Senior Vice President Stephanie Joyce will tell the FTC that federal law should protect sensitive user data that can be linked…

CCIA Submits Comments To California’s Privacy Protection Agency

Aug 18, 2022

Washington – The Computer & Communications Industry Association filed comments ahead of next week’s deadline in response to California’s request for information as it implements the California Privacy Rights Act.  CPRA is the most comprehensive set of enacted guidelines in the country. CCIA offered comments on how to ensure the regulations reflect the mandates in…

CCIA Response to House Commerce Committee Advancing New Version of Privacy Bill

Jul 20, 2022

Washington – The House Commerce Committee has marked up and approved H.R. 8152, the American Data Privacy and Protection Act (ADPPA), sending it out of committee today by a vote of 53-2. Several representatives of the digital technology sector, including the Computer & Communications Industry Association, have lauded the prospect that H.R. 8152 could establish,…