A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy.
If passed, the change would expand the reach of the FBI’s already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs — most commonly, information about the name, address, and call data associated with a phone number or details about a bank account.
Since a 2008 Justice Department legal opinion, the FBI has not been allowed to use NSLs to demand “electronic communication transactional records,” such as email subject lines and other metadata, or URLs visited.
The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill’s provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.”
Wyden did not disclose exactly what the provision would allow, but his spokesperson suggested it might go beyond email records to things like web-surfing histories and other information about online behavior. “Senator Wyden is concerned it could be read that way,” Keith Chu said.
It’s unclear how or when the provision was added, although Sens. Richard Burr, R-N.C., — the committee’s chairman — and Tom Cotton, R-Ark., have both offered bills in the past that would address what the FBI calls a gap and privacy advocates consider a serious threat to civil liberties.
“At this point, it should go without saying that the information the FBI wants to include in the statue is extremely revealing — URLs, for example, may reveal the content of a website that users have visited, their location, and so on,” Andrew Crocker, staff attorney for the Electronic Frontier Foundation, wrote in an email to The Intercept.
“And it’s particularly sneaky because this bill is debated behind closed doors,” Robyn Greene, policy counsel at the Open Technology Institute, said in an interview.
In February, FBI Director James Comey testified during a Senate Intelligence Committee hearing on worldwide threats that the FBI’s inability to get email records with NSLs was a “typo” — and that fixing it was one of the FBI’s top legislative priorities.
Greene warned at the time: “Unless we push back against Comey now, before you know it, the long slow push for an [electronic communication transactional records] fix may just be unstoppable.”
The FBI used to think that it was, in fact, allowed to get email records with NSLs, and did so routinely until the Justice Department under George W. Bush told the bureau that it had interpreted its powers overly broadly.
Ever since, the FBI has tried to get that power and has been rejected, including during negotiations over the USA Freedom Act.
The FBI’s power to issue NSLs is actually derived from the Electronic Communications Privacy Act — a 1986 law that Congress is currently working to update to incorporate more protections for electronic communications — not fewer. The House unanimously passed the Email Privacy Act in late April, while the Senate is due to vote on its version this week.
Sen. John Cornyn, R-Texas, is expected to offer an amendment that would mirror the provision in the intelligence bill.
Privacy advocates warn that adding it to the broadly supported reform effort would backfire.
“If [the provision] is added to ECPA, it’ll kill the bill,” Gabe Rottman, deputy director of the Center for Democracy and Technology’s freedom, security, and technology project, wrote in an email to The Intercept. “If it passes independently, it’ll create a gaping loophole. Either way, it’s a big problem and a massive expansion of government surveillance authority.”
NSLs have a particularly controversial history. In 2008, Justice Department Inspector General Glenn Fine blasted the FBI for using NSLs supported by weak evidence and documentation to collect information on Americans, some of which “implicated the target’s First Amendment rights.”
“NSLs have a sordid history. They’ve been abused in a number of ways, including … targeting of journalists and … use to collect an essentially unbounded amount of information,” Crocker wrote.
One thing that makes them particularly easy to abuse is that recipients of NSLs are subject to a gag order that forbids them from revealing the letters’ existence to anyone, much less the public.
Update: May 26, 2016
This story has been updated to provide a comment from Wyden’s office.
First came the Never Trumpers, and I did not speak out, because they stood against Donald Trump. Then came the Lincoln Project, and I did not speak out, because their videos went viral. Then came the Chamber of Commerce, and by then it was too late.