The standoff between the FBI and Silicon Valley may be over in the San Bernardino iPhone case, but a new battlefront has emerged as tech companies press lawmakers to resist the bureau’s effort to expand warrantless government access to internet users’ browser history and other data.
The Senate Judiciary Committee is set to consider the issue Thursday, when lawmakers review suggested amendments to a larger email privacy bill that seeks to strengthen and modernize protections for Internet users.
One controversial amendment would expand the scope of data that the FBI can access via national security letters — administrative subpoenas that require no judicial oversight. The amendment would authorize the FBI to demand a person’s internet browser history and internet protocol address, enabling investigators to see what websites a person visits, how much time is spent on a particular site and the location of the internet user.
Current law already requires service providers to comply with requests seeking names, email addresses, length of service and billing records of subscribers.
A broad coalition of civil liberties groups, privacy rights organizations, and tech companies submitted a letter to Congress this week voicing opposition to the amendment, written by Sen. John Cornyn, arguing that it would dramatically broaden the FBI’s ability to collect sensitive information about individuals.
“The new categories of information that could be collected using an [national security letter] — and thus without any oversight from a judge — would paint an incredibly intimate picture of an individual’s life,” reads the letter, signed by Yahoo, Google, Facebook, Human Rights Watch, the American Civil Liberties Union, the Electronic Frontier Foundation and others. “This information could reveal details about a person’s political affiliation, medical conditions, religion, substance abuse history, sexual orientation, and, in spite of the exclusion of cell tower information in the Cornyn amendment, even his or her movements throughout the day.”
The groups also express concern over the potential for abuse of the national security letter actions, which are often accompanied by gag orders that ban companies from disclosing information about any subscriber requests they receive.
FBI Director James Comey has characterized the need for the amendment as a top legislative priority, calling the omission of the broader authority “a typo” that has led tech companies to refuse to hand over data to which the FBI believes it should already be covered under the law.
“It is ordinary, but it affects our work in a very, very big practical way,” Mr. Comey said of the omission during a congressional oversight hearing in February.
Mr. Cornyn, Texas Republican, said his amendment “would fix an oversight or scrivener’s error in the statue that is hamstringing our counterintelligence and counterterrorism efforts.”
But the amendment appears to be threatening approval of the underlying Electronic Communications Privacy Act Amendments (ECPA) Act, which would require police and other law enforcement agencies to get a warrant if they want a look at Americans’ stored emails.
A House version of the bill, which did not contain any language similar to the Cornyn amendment, was passed unanimously in April. The Senate Judiciary Committee was scheduled to mark up its version of the legislation in May, but the bill was held over as lawmakers sought to work through the amendments.
The broader ECPA bill would close a loophole in a 1986 law written well before the advent of web-based email such as Gmail or Yahoo allowed users to store communications in the virtual “cloud” rather than on their computers.
Even if the Cornyn amendment is removed, a similar provision has been included in the Intelligence Authorization Act already approved by the Senate Select Committee on Intelligence.
Sen. Ron Wyden, an Oregon Democrat who was alarmed by the expansion of warrantless government surveillance powers, said he plans to work with colleagues to strip the provision from the intelligence act.