What do the ACLU, the former director of the NSA and a tech industry lawyer all have in common (and this is not a joke)? They believe that the government's recent request to let the FBI get Americans' internet use records in national security investigations without going to court, and without any suspicion of wrongdoing, is a huge expansion of authority that would open floodgates of sensitive information to the FBI.
National security letters (NSLs) are rather informal requests for records the FBI can use to obtain people's communication, financial and credit information. These requests are not approved by a court, and the FBI does not have to suspect you of actually being a terrorist, spy or criminal; the only thing they have to do to get your records is certify to themselves (not a court) that you are "relevant" to an investigation. To make matters worse, the FBI has the power to prohibit any internet service provider, bank or credit company from which it demands sensitive customer records from ever disclosing anything about the record demand. (The ACLU has challenged the constitutionality of this "gag" power in three cases). An audit by the Department of Justice Inspector General found that in the mid-2000s, the FBI issued upwards of 50,000 national security letters, often to get information about U.S. citizens, and sometimes to get info on people two or three times removed from an actual suspect. There is currently no information on the total numbers of NSLs issued every year.
The FBI is asking that the statute that allows it to issue NSLs for phone records, and a limited set of email records, be expanded to allow the FBI to demand a wide range of internet activity records as well. The FBI isn't defining what kinds of internet records it wants. But some have pointed out that the FBI's proposal could allow them to get things like all of the websites you visit, your web search history, location information or social network activity.
If you're reading this, you obviously use the internet and know what incredibly sensitive information you put out there each day in an attempt to learn, read, educate yourself and communicate with others. We believe, as you probably do, that internet records are especially sensitive and need to be protected from FBI snooping by a court order and suspicion requirements. Looking at a list of websites a person visits can tell you a lot more about his or her life than a list of phone numbers. It can tell you a huge amount of information that could include a person's illness or mental health issues, his financial situation, the political groups he is involved with and his religious affiliation.
From what we've seen publicly, know from past experience and have heard from folks on the Hill, the administration has four arguments for giving the FBI this expanded power:
- The lack of authority is due to a long-overlooked typo. The administration says the fact it can't get all sorts of internet activity records under the current statute is a mistake; Congress intended to give them this authority, but a drafting error prevented it from coming true.
But this so-called "mistake" was made in 1993, when the internet was in its infancy, and NSLs were limited to collecting information only about suspected terrorists and spies. Congress could not logically be making an informed decision that the FBI should have easy access to massive amounts of innocent Americans' highly private internet activity records; Congress knew nothing of modern-day internet usage and the NSL statute still required the FBI to have suspicion about someone before it could use an NSL (that didn't change until the Patriot Act). Besides, regardless of intent, Congress wrote a law whose words plainly protect these records. The administration is now asking Congress to affirmatively take those protections away. Instead, Congress should write clear and unambiguous protections for our most sensitive records into the statute.
- What's the difference? The Obama administration says internet records are the same as the phone records that they are already getting with NSLs. But looking at a list of websites a person visits can tell you a lot more about his or her life than a list of phone numbers and, as mentioned above, law enforcement can create a complete picture of the most sensitive aspects of a person's life by obtaining a list of his or her internet habits.
- Trust us: The administration claims that it can't get "content," or the meaning of your communications, just the records of who you contact. However, there isn't a clear and binding rule on whether or which internet records are content. The administration has said in the past — and has not yet clarified in this debate — that it considers some internet records to be content and protected by court order. It is essentially asking Congress and the public just to trust them to make a call on what internet records should be obtained by the FBI. Regardless of what legal jargon the administration unilaterally has decided covers internet records, they need to be protected. Congress has the ability and the responsibility to protect our privacy, and it needs to reject administration attempts to authorize this collection.
- Terrorist threats overrule privacy protections (as usual): Just as the government always argues in its attempts to eviscerate the role of the courts, the Obama administration says it needs to be more "nimble," and going to court is prohibitively burdensome. But getting innocent Americans' private records is not supposed to be easy, nor should it be. There must be a check of an independent judge and a requirement that you are suspected of doing something wrong.
The Fourth Amendment creates a presumption of privacy and does not contain an "inconvenient paperwork" exception. If we are talking about true emergencies, the government already has the authority to get records and follow process after the fact. All of our national security laws have emergency exceptions that allow them to respond to immediate threats. Besides, the Justice Department Office of Legal Counsel memo (PDF) clarifying that most internet records could not be obtained by NSL was written in November 2008. The administration has undoubtedly been getting these records through other means for almost two years, just with tools that have at least minimal checks and balances. This is not ultimately about getting the records; but about doing so in a way that trades convenience for privacy.