Senate Considers Troubling Expansion of National Security Letter Authority

June 7, 2016

Washington -The U.S. Senate Judiciary Committee is currently reviewing various amendments in anticipation of its Thursday markup of the Email Privacy Act, which won unanimous passage from the House of Representatives earlier this year. One of the proposed amendments offered by Senator John Cornyn purports to “improve the provisions relating to the privacy of electronic Communications,” but is more commonly known as the “ECTR fix.” Senator Cornyn’s amendment is unrelated to reform of the Electronic Communications Privacy Act (ECPA), and troublingly proposes to dramatically expand the scope of the FBI’s surveillance capabilities without judicial oversight.

Currently, the FBI can solicit non-content information from ISPs through National Security Letters (NSLs) for authorized terrorism and foreign intelligence investigations. These letters, essentially administrative subpoenas, allow the FBI to self-certify that they are obtaining and using information for purposes relevant to an authorized investigation. They are also usually accompanied by a gag order, which prevents recipients from sharing with others that they received such a request.

Sen. Cornyn’s amendment would drastically increase the breadth of information the FBI can request from providers through NSLs to include electronic communication transactional records (ECTR). Under current law, the FBI can demand the production of records limited to name, address, length of service, and local and long distance toll billing records—without a court order. The amendment would create many new categories of detailed, content-related data that would be accessible, including account number, login history, other account identifying information, length of service, type of service, and IP address, including any “any temporarily assigned IP or network address, communication addressing, routing, or transmission information.” The information included in this amendment, which is echoed by language in the proposed 2017 intelligence authorization bill, would give the government deep insights into significant aspects of the lives of providers’ customers.

Congress has historically never permitted such information to be obtained from providers without judicial oversight. At present, most of the aforementioned data types can only be obtained pursuant to court orders under the Stored Communications Act or Foreign Intelligence Surveillance Act. In 2008, the Department of Justice’s Office of Legal Counsel Memorandum stated that the FBI was precluded from requiring the disclosure of electronic communications transactional records via NSLs issued to providers electronic communications services as contrary to congressional intent.

In fact, the recent trend has been to significantly limit the power of NSLs. The USA Freedom Act of 2015 specifically prohibits the bulk collection of records under NSLs and allows exceptions to gag orders when necessary, and in 2014, President Obama ordered the FBI to limit the ordinary duration of gag orders following his Administration’s review of signals intelligence activities.

Granting the FBI the power to collect detailed information of user’s interactions on the Internet via national security letters erases any independent oversight of their surveillance behavior, furthering the propensity for abuse, misuse or error. The history of NSL use is rife with such instances. The Office of the Inspector General released a 2007 Review of the FBI’s Use of NSLs that found the total number of NSLs issued was vastly underreported, while records of their use were incomplete and inaccurate. The accompanying gag orders have also been employed indefinitely and indiscriminately, to the detriment of providers’ ability to be transparent with their customers.

The expansion of the national security letter authority would also put a greater strain on small providers’ ability to respond to requests. The increased scope, reduction in oversight, and associated secrecy requirements would mean a greater volume of requests without recourse, harming providers’ relationships with customers, who demand transparency.

The Senate Judiciary Committee is poised to markup the Email Privacy Act later this week. Approving the ECTR “fix” would expand the FBI’s NSL authority in a manner contrary to the wishes of Congress and even the Bush Administration, and would ultimately undermine ECPA reform, which is centered on a judicially-approved warrant-for-content requirement. We urge the Senate Judiciary Committee to act in favor of online privacy rights and pass the Email Privacy Act without such an amendment.

To see a coalition letter asking Senators to reject this expansion of NSLs, which CCIA signed, click here.

Related Articles

Senate Commerce Hearing On Privacy; CCIA Welcomes Push To Fund FTC, Pass Privacy Legislation

Sep 29, 2021

Washington — The Senate Commerce Committee held a hearing today on consumer privacy with Chairwoman Maria Cantwell focusing on the need to pass baseline federal privacy and to ensure the FTC has adequate resources to address privacy. Ahead of the hearing, the Computer & Communications Industry Association sent a letter to committee leaders expressing appreciation…

Industry Groups Urge Protection of Fundamental Principles and Rights in the Digital Services Act

Jul 9, 2021

Brussels, BELGIUM — The Computer & Communications Industry Association (CCIA) today joined other industry organizations in a joint statement asking EU Member States to respect the fundamental principles of the e-Commerce Directive during the negotiations of the Digital Services Act (DSA)  The signatories support an ambitious DSA and its objectives to protect consumers and their…

CCIA Statement on the Enactment of the Colorado Privacy Act

Jul 8, 2021

Washington – Governor Jared Polis has signed the Colorado Privacy Act into law, making Colorado the third U.S. state to enact comprehensive consumer privacy legislation. New rules are set to take effect July 1, 2023. The Computer & Communications Industry Association welcomes Colorado lawmakers’ successful efforts to enact new rights and protections for consumer privacy.…