Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access “electronic communication transactional records” (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a “national security letter” (NSL) that doesn’t require a judge’s approval.
It’s worth noting that ECTRs don’t amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read “engadget.com” and how long for, rather than the specific page links. Additionally, the ECTRs won’t include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.
Nonetheless, this data is extremely important to the bureau. FBI Director James B. Comey told the Senate Intelligence Committee in February that the agency’s inability to make requests affects its work in “a very, very big and practical way.” He also said that the new legislation essentially fixes “a typo” in the Electronic Communications Privacy Act (ECPA) that has led tech firms to refuse to provide the bureau with ECTRs. The proposals are being considered this week by the Senate Judiciary Committee as an amendment to the ECPA.
Tech companies and privacy advocates are not happy with the proposed changes. The “ECTR coalition,” which includes tech giants like Facebook, Foursquare, Google and Yahoo and non-profits like the American Civil Liberties Union, Amnesty International and Human Rights Watch, has signed an open letter warning against the legislation. In it, they argue that the expansion of the NSL powers would reveal “incredibly intimate” details of an individual’s life. “This information could reveal details about a person’s political affiliation, medical conditions, religion, substance abuse history, sexual orientation and … even his or her movements throughout the day.”
The letter also highlights the FBI’s past use (and abuse) of NSLs. It states that the FBI issued over 300,000 letters over the past decade, and also claims that the “vast majority” included gag orders that stopped companies disclosing the requests. It then points to a 2007 audit by the Office of the Inspector General (IG) that found “the FBI illegally used NSLs to collect information that was not permitted by the NSL statutes.”
The IG also found the bureau had stored that data indefinitely, and it was used in cases not relevant to an FBI investigation. Finally, NSLs were used to collect “tens of thousands” of records at once, rather than being carefully targeted. The letter ends urging the senate to “oppose efforts to include such language in the ECPA reform bill.”