The latest surveillance battle gripping the technology industry is focused on a rewrite of US surveillance law that would mean the justice department would be able to access a citizen's web browsing history, location data and some email records
without approval from a judge using a so-called national security letters (NSLs).
The FBI contends that such data is covered implicitly under current statute, which was written years ago and only explicitly covers data normally associated with telephone records.
Director James Comey now is lobbying Congress to extend the current definition to include internet data.
Technology companies including Google, Facebook and Yahoo have sent a letter warning Congress that they would oppose any efforts to rewrite law in the FBI's favor.
This expansion of the NSL statute has been characterized by some government officials as merely fixing a 'typo' in the law, the companies wrote:
In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users' online activities without court oversight.
A sly attempt to grant the FBI warrantless access to people's browser histories in the US has been shot down by politicians.
Unfortunately, the Electronic Communications Privacy Act (ECPA) Amendments Act of 2015, which would have brought in some privacy safeguards for Americans, was cut down in the crossfire.
The bill was halted because of an amendment tacked on by Senator John Cornyn on Tuesday that would allow the FBI to obtain someone's internet browsing history and the metadata of all their internet use without a warrant. If Cornyn's amendment was
passed, the Feds would simply have to issue a National Security Letter (NSL) to get the information.
The bill's sponsors, Senators Patrick Leahy and Mike Lee, told a session of the Senate Committee on the Judiciary that Cornyn's amendment had wrecked years of careful bipartisan negotiations and would seriously harm US citizens' privacy. As such,
they weren't prepared to let the bill go forward.
The US Senate has struck down an amendment that would have allowed the FBI to track internet histories and communications without judicial oversight, but a re-vote could be called under Senate rules.
The amendment to the Commerce, Justice, Science, and Related Agencies Appropriations Act would have given the FBI the right to use National Security Letters (NSLs), which compel communications companies to hand over a customer's transactional
records, including their browsing history, time spent online, and email metadata, but not the content of messages.
In addition, it would have made permanent a provision in the Patriot Act that would allow the same powers for those deemed to be individual terrorists to be treated as agents of foreign powers, a measure aimed at tracking so-called lone
It was introduced on Monday by Senators John McCain and Richard Burr. Senator John Cornyn has named the issue the FBI's top legislative priority and has tabled a further amendment to allow similar powers to law enforcement.
EFF and 23 other civil liberties organizations sent a letter to Congress urging Members and Senators to oppose the CLOUD Act and any efforts to attach it to other legislation.
The CLOUD Act (
S. 2383 and
H.R. 4943 ) is a dangerous bill that would tear away global privacy protections by allowing police in the United States and abroad to grab cross-border data without following the privacy rules of where the data is stored. Currently, law
enforcement requests for cross-border data often use a legal system called the Mutual Legal Assistance Treaties, or MLATs. This system ensures that, for example, should a foreign government wish to seize communications stored in the United
States, that data is properly secured by the Fourth Amendment requirement for a search warrant.
The other groups signing the new coalition letter against the CLOUD Act are Access Now, Advocacy for Principled Action in Government, American Civil Liberties Union, Amnesty International USA, Asian American Legal Defense and Education Fund
(AALDEF), Campaign for Liberty, Center for Democracy & Technology, CenterLink: The Community of LGBT Centers, Constitutional Alliance, Defending Rights & Dissent, Demand Progress Action, Equality California, Free Press Action Fund,
Government Accountability Project, Government Information Watch, Human Rights Watch, Liberty Coalition, National Association of Criminal Defense Lawyers, National Black Justice Coalition, New America's Open Technology Institute, OpenMedia, People
For the American Way, and Restore The Fourth.
The CLOUD Act allows police to bypass the MLAT system, removing vital U.S. and foreign country privacy protections. As we explained in our earlier letter to Congress, the CLOUD Act would:
Allow foreign governments to wiretap on U.S. soil under standards that do not comply with U.S. law;
Give the executive branch the power to enter into foreign agreements without Congressional approval or judicial review, including foreign nations with a well-known record of human rights abuses;
Possibly facilitate foreign government access to information that is used to commit human rights abuses, like torture; and
Allow foreign governments to obtain information that could pertain to individuals in the U.S. without meeting constitutional standards.
You can read more about EFF's opposition to the CLOUD Act
The CLOUD Act creates a new channel for foreign governments seeking data about non-U.S. persons who are outside the United States. This new data channel is not governed by the laws of where the data is stored. Instead, the foreign police may
demand the data directly from the company that handles it. Under the CLOUD Act, should a foreign government request data from a U.S. company, the U.S. Department of Justice would not need to be involved at any stage. Also, such requests for data
would not need to receive individualized, prior judicial review before the data request is made.
The CLOUD Act's new data delivery method lacks not just meaningful judicial oversight, but also meaningful Congressional oversight, too. Should the U.S. executive branch enter a data exchange agreement--known as an "executive
agreement"--with foreign countries, Congress would have little time and power to stop them. As we wrote in our letter:
"[T]he CLOUD Act would allow the executive branch to enter into agreements with foreign governments--without congressional approval. The bill stipulates that any agreement negotiated would go into effect 90 days after Congress was notified
of the certification, unless Congress enacts a joint resolution of disapproval, which would require presidential approval or sufficient votes to overcome a presidential veto."
And under the bill, the president could agree to enter executive agreements with countries that are known human rights abusers.
Troublingly, the bill also fails to protect U.S. persons from the predictable, non-targeted collection of their data. When foreign governments request data from U.S. companies about specific "targets" who are non-U.S. persons not living
in the United States, these governments will also inevitably collect data belonging to U.S. persons who communicate with the targeted individuals. Much of that data can then be shared with U.S. authorities, who can then use the information to
charge U.S. persons with crimes. That data sharing, and potential criminal prosecution, requires no probable cause warrant as required by the Fourth Amendment, violating our constitutional rights.
The CLOUD Act is a bad bill. We urge Congress to stop it, and any attempts to attach it to must-pass spending legislation.