Monday, August 2, 2010

FBI Access to Web Data Raises Concerns

Associated Press


Invasion of privacy in the Internet age. Expanding the reach of law enforcement to snoop on e-mail traffic or on Web surfing. Those are among the criticisms being aimed at the FBI as it tries to update a key surveillance law.

With its proposed amendment, is the Obama administration merely clarifying a statute or expanding it? Only time and a suddenly on guard Congress will tell.

Federal law requires communications providers to produce records in counterintelligence investigations to the FBI, which doesn't need a judge's approval and court order to get them.

They can be obtained merely with the signature of a special agent in charge of any FBI field office and there is no need even for a suspicion of wrongdoing, merely that the records would be relevant in a counterintelligence or counterterrorism investigation. The person whose records the government wants doesn't even need to be a suspect.

The bureau's use of these so-called national security letters to gather information has a checkered history.

The bureau engaged in widespread and serious misuse of its authority to issue the letters, illegally collecting data from Americans and foreigners, the Justice Department's inspector general concluded in 2007. The bureau issued 192,499 national security letter requests from 2003 to 2006.

Weathering that controversy, the FBI has continued its reliance on the letters to gather information from telephone companies, banks, credit bureaus and other businesses with personal records about their customers or subscribers - and Internet service providers.

That last source is the focus of the Justice Department's push to get Congress to modify the law.

The law already requires Internet service providers to produce the records, said Dean Boyd, a spokesman for the Justice Department's national security division. But he said as written it also causes confusion and the potential for unnecessary litigation as some Internet companies have argued they are not always obligated to comply with the FBI requests.

A key Democrat on Capitol Hill, Senate Judiciary Committee chairman Patrick Leahy of Vermont, wants a timeout.

The administration's proposal to change the Electronic Communications Privacy Act "raises serious privacy and civil liberties concerns," Leahy said Thursday in a statement.

"While the government should have the tools that it needs to keep us safe, American citizens should also have protections against improper intrusions into their private electronic communications and online transactions," said Leahy, who plans hearings in the fall on this and other issues involving the law.

Critics are lined up in opposition to what the Obama administration wants to do.

"The FBI is playing a shell game," says Al Gidari, whose clients have included major online companies, wireless service providers and their industry association.

"This is a huge expansion" of the FBI's authority "and burying it this way in the intelligence authorization bill is really intended to bury it from scrutiny," Gidari added.

Boyd, the Justice spokesman, said the changes being proposed will not allow the government to obtain or collect new categories of information; rather it simply seeks to clarify what Congress intended when the statute was amended in 1993, he argued.

Critics, however, point to a 2008 opinion by the Justice Department's Office of Legal Counsel which found that the FBI's reach with national security letters extends only as far as getting a person's name, address, the period in which they were a customer and the numbers dialed on a telephone or to that phone.

The proposed amendment would add the category "electronic communications transactional records" to the section of the law that currently lists only those items cited in the Justice legal opinion. Those four words are already in another section of the law.

The problem the FBI has been having is that some providers, relying on the 2008 Justice opinion - issued during the Bush administration - have refused to turn over Internet records such as information about who a person e-mails and who has e-mailed them and information about a person's Web surfing history.

To deal with the issue, there's no need to change the law since the FBI has the authority to obtain the same information with a court order issued under a broad section of the Patriot Act, said Gregory Nojeim, director of the Project on Freedom, Security and Technology at the Center for Democracy and Technology, a nonprofit Internet privacy group.

The critics say the proposed change would allow the FBI to remove federal judges and courts from scrutiny of its requests for sensitive information.

"The implications of the proposal are that no court is deciding whether even that low standard of 'relevance' is met," said Nojeim. "The FBI uses national security letters to find not just who the target of an investigation e-mailed, but also who those people e-mailed and who e-mailed them."