FBI Director James Comey is advocating for amending the Electronic Communications Privacy Act, ECPA, to force tech firms to provide this browsing data — current language allows these companies to refuse demands for data. But Comey wants to fix this and allow special agents to issue National Security Letters. NSLs do not require a judge’s approval, and the FBI could use them to demand “electronic communication transactional records,” or ECTRs. Holy acronyms, Batman.
But the data the FBI seeks doesn’t include the content of the sites you visit — just the protocol address and how much time you spend on a particular website. For example, if you visit Digital Trends’ website, authorities would only see digitaltrends.com and for how long you stayed on the site. They wouldn’t be able to tell if you clicked into specific parts of the site, according to the Washington Post.
Regardless, Silicon Valley, along with various privacy and civil rights organizations, aren’t taking this lightly. Dubbed the “ECTR Coalition,” companies such as Google, Yahoo, and Facebook have joined the likes of the Electronic Frontier Foundation, the American Civil Liberties Union, Human Rights Watch, Restore the Fourth, and more to highlight what the FBI is really trying to do: expand the surveillance powers of the government.
More than 300,000 NSLs have been issued in the past 10 years.
“This expansion of the NSL statute has been characterized by some government officials as merely fixing a ‘typo’ in the law,” the coalition writes in a letter. “In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users’ online activities without court oversight.”
The Senate Judiciary Committee is considering an amendment this week penned by Senator John Cornyn, R-Texas, to reform the ECPA. And the Senate Intelligence Committee voted on the Intelligence Authorization bill with the NSL amendment. These NSLs issued by the FBI would also come with a gag order, which means companies wouldn’t be able to disclose if they shared a user’s data.
More than 300,000 NSLs have been issued in the past 10 years, according to the Electronic Frontier Foundation.
“The new categories of information that could be collected using an NSL — and thus without any oversight from a judge — would paint an incredibly intimate picture of an individual’s life,” the coalition writes. “For example, ECTRs could include a person’s browsing history, email metadata, location information, and the exact date and time a person signs in or out of a particular online account.”
The coalition goes on to say this data could reveal a person’s political affiliation, medical conditions, religion, substance abuse history, sexual orientation, and even their movements throughout the day.
“Given the sensitive nature of the information that could be swept up under the proposed expansion, and the documented past abuses of the underlying NSL statute, we urge the Senate to remove this provision from the Intelligence Authorization bill and oppose efforts to include such language in the ECPA reform bill, which has never included the proposed NSL expansion,” the coalition writes.
You can read the full letter, with the list of signed companies and organizations, here.
