Washington -The U.S. Senate Judiciary Committee is currently reviewing various amendments in anticipation of its Thursday markup of the Email Privacy Act, which won unanimous passage from the House of Representatives earlier this year. One of the proposed amendments offered by Senator John Cornyn purports to “improve the provisions relating to the privacy of electronic Communications,” but is more commonly known as the “ECTR fix.” Senator Cornyn’s amendment is unrelated to reform of the Electronic Communications Privacy Act (ECPA), and troublingly proposes to dramatically expand the scope of the FBI’s surveillance capabilities without judicial oversight.
Currently, the FBI can solicit non-content information from ISPs through National Security Letters (NSLs) for authorized terrorism and foreign intelligence investigations. These letters, essentially administrative subpoenas, allow the FBI to self-certify that they are obtaining and using information for purposes relevant to an authorized investigation. They are also usually accompanied by a gag order, which prevents recipients from sharing with others that they received such a request.
Sen. Cornyn’s amendment would drastically increase the breadth of information the FBI can request from providers through NSLs to include electronic communication transactional records (ECTR). Under current law, the FBI can demand the production of records limited to name, address, length of service, and local and long distance toll billing records—without a court order. The amendment would create many new categories of detailed, content-related data that would be accessible, including account number, login history, other account identifying information, length of service, type of service, and IP address, including any “any temporarily assigned IP or network address, communication addressing, routing, or transmission information.” The information included in this amendment, which is echoed by language in the proposed 2017 intelligence authorization bill, would give the government deep insights into significant aspects of the lives of providers’ customers.
Congress has historically never permitted such information to be obtained from providers without judicial oversight. At present, most of the aforementioned data types can only be obtained pursuant to court orders under the Stored Communications Act or Foreign Intelligence Surveillance Act. In 2008, the Department of Justice’s Office of Legal Counsel Memorandum stated that the FBI was precluded from requiring the disclosure of electronic communications transactional records via NSLs issued to providers electronic communications services as contrary to congressional intent.
In fact, the recent trend has been to significantly limit the power of NSLs. The USA Freedom Act of 2015 specifically prohibits the bulk collection of records under NSLs and allows exceptions to gag orders when necessary, and in 2014, President Obama ordered the FBI to limit the ordinary duration of gag orders following his Administration’s review of signals intelligence activities.
Granting the FBI the power to collect detailed information of user’s interactions on the Internet via national security letters erases any independent oversight of their surveillance behavior, furthering the propensity for abuse, misuse or error. The history of NSL use is rife with such instances. The Office of the Inspector General released a 2007 Review of the FBI’s Use of NSLs that found the total number of NSLs issued was vastly underreported, while records of their use were incomplete and inaccurate. The accompanying gag orders have also been employed indefinitely and indiscriminately, to the detriment of providers’ ability to be transparent with their customers.
The expansion of the national security letter authority would also put a greater strain on small providers’ ability to respond to requests. The increased scope, reduction in oversight, and associated secrecy requirements would mean a greater volume of requests without recourse, harming providers’ relationships with customers, who demand transparency.
The Senate Judiciary Committee is poised to markup the Email Privacy Act later this week. Approving the ECTR “fix” would expand the FBI’s NSL authority in a manner contrary to the wishes of Congress and even the Bush Administration, and would ultimately undermine ECPA reform, which is centered on a judicially-approved warrant-for-content requirement. We urge the Senate Judiciary Committee to act in favor of online privacy rights and pass the Email Privacy Act without such an amendment.
To see a coalition letter asking Senators to reject this expansion of NSLs, which CCIA signed, click here.