June 6, 2016
Dear Senator,
The undersigned civil society organizations, companies, and trade associations strongly oppose an expansion of the National Security Letter (NSL) statute, such as the one that was reportedly included in the Senate’s Intelligence Authorization Act for Fiscal Year 20171 and the one filed by Senator Cornyn as an amendment to the ECPA reform bill.2 We would oppose any version of these bills that included such a proposal expanding the government’s ability to access private data without a court order.
This expansion of the NSL statute has been characterized by some government officials as merely fixing a “typo” in the law. 3 In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users’ online activities without court oversight. The provision would expand the categories of records, known as Electronic Communication Transactional Records (ECTRs), that the FBI can obtain using administrative subpoenas called NSLs, which do not require probable cause. Under these proposals, ECTRs would include a host of online information, such as IP addresses, routing and transmission information, session data, and more.4
The new categories of information that could be collected using an NSL—and thus without any oversight from a judge—would paint an incredibly intimate picture of an individual’s life.5 For example, ECTRs could include a person’s browsing history, email metadata, location information, and the exact date and time a person signs in or out of a particular online account. This information could reveal details about a person’s political affiliation, medical conditions, religion, substance abuse history, sexual orientation, and, in spite of the exclusion of cell tower information in the Cornyn amendment, even his or her movements throughout the day.
The civil liberties and human rights concerns associated with such an expansion are compounded by the government’s history of abusing NSL authorities. In the past ten years, the FBI has issued over 300,000 NSLs, a vast majority of which included gag orders that prevented companies from disclosing that they received a request for information.6 An audit by the Office of the Inspector General (IG) at the Department of Justice in 2007 found that the FBI illegally used NSLs to collect information that was not permitted by the NSL statutes.7 In addition, the IG found that data collected pursuant to NSLs was stored indefinitely, used to gain access to private information in cases that were not relevant to an FBI investigation, and that NSLs were used to conduct bulk collection of tens of thousands of records at a time.8
Given the sensitive nature of the information that could be swept up under the proposed expansion, and the documented past abuses of the underlying NSL statute, we urge the Senate to remove this provision from the Intelligence Authorization bill and oppose efforts to include such language in the ECPA reform bill, which has never included the proposed NSL expansion.
Sincerely,
Access Now
Advocacy for Principled Action in Government
American Association of Law Libraries
American Civil Liberties Union
American Library Association
American-Arab Anti-Discrimination Committee
Amnesty International USA
Association of Research Libraries
Brennan Center for Justice
Center for Democracy & Technology
Center for Financial Privacy and Human Rights
CompTIA
Computer & Communications Industry Association
Constitutional Alliance
Demand Progress
Electronic Frontier Foundation
Engine
Facebook
Fight for the Future
Foursquare
Free Press Action Fund
FreedomWorks
Google
Government Accountability Project
Human Rights Watch
Institute for Policy Innovation
Internet Infrastructure Coalition / I2Coalition
National Association of Criminal Defense Lawyers
New America's Open Technology Institute
OpenTheGovernment.org
R Street
Reform Government Surveillance
Restore the Fourth
Tech Freedom
The Constitution Project
World Privacy Forum
Yahoo
1 Press Release, Sen. Ron Wyden, Wyden Opposes 2017 Intelligence Authorization Act that Expands Government Surveillance and Undermines Independent Oversight Board (May 24, 2016), https://www.wyden.senate.gov/news/press-releases/wyden-opposes-2017-intelligence-authorization-act-that-expands-government-surveillance-and-undermines-independent-oversight-board.
2 Amendment to the Electronic Communications Privacy Act Amendments Act of 2015, S. 356, 114th Cong. (2016), available at https://www.judiciary.senate.gov/download/s356-cornyn1_-oll16601.
3 Hearing on Worldwide Threats Before the S. Comm. On the Judiciary, 114th Cong. (Feb. 9, 2016) (Statement of James Comey, Dir., Fed. Bureau of Investigation) available at http://www.intelligence.senate.gov/hearings/open-hearing-worldwide-threats-hearing.
4 Supra note 2.
5 A recent study showed that simply by using phone call metadata, one could identify specific individuals with high accuracy and make reasonable inferences about their general location, relationship status, and sensitive traits such as religious affiliation and general health. See Johnathan Mayer et. al., Evaluating the Privacy Properties of Telephone Metadata, 113 PROCEEDINGS OF THE NAT’L ACAD. OF SCI. (May 16, 2016), http://www.pnas.org/content/113/20/5536.full.
6 See National Security Letters, ELECT. FRONTIER FOUND. (last visited June 2, 2016), https://www.eff.org/issues/national-security-letters/faq; Hearing on Reauthorizing the USA Patriot Act Before the S. Comm. On the Judiciary, 111th Cong. 6 (Sep. 3, 2009) (Statement of Glenn A. Fine, Inspector Gen., U.S. Dept. of Justice) (Stating that a random sample of NSLs examined by the Department of Justice during the preparation of the report cited infra at n. 7 found that “97 percent of the NSLs imposed non-disclosure and confidentiality requirements”).
7 OFF. OF INSPECTOR GEN., A REVIEW OF THE FEDERAL BUREAU OF INVESTIGATION’S USE OF NATIONAL SECURITY LETTERS 86-99 (2007) available at https://oig.justice.gov/special/s0703b/final.pdf [hereinafter, “OIG Report”]. In addition, a recently disclosed NSL suggests that the FBI requested ECTR from Yahoo! despite a DOJ Office of Legal Counsel memorandum in 2008 stating that only “name, address, length of service, and local and long distance toll billing records” could be obtained using an NSL under the Electronic Communications Privacy Act. See, Memorandum from Daniel L. Koffsky, Dep. Asst. Att’y Gen., Fed. Bureau of Investigation, Requests for Information Under the Electronic Communications Privacy Act (Nov. 5, 2008), available at https://fas.org/irp/agency/doj/olc/ecpa.pdf; Letter from Donald Freese, Special Agent in Charge, Fed. Bureau of Investigation to Yahoo! (March 29, 2013), available at https://www.wired.com/wp-content/uploads/2016/06/Redacted_NSLs-Yahoo.pdf.
8 Mike German, ACLU Roadmap of Justice Department Inspector General’s Review of the FBI’s Use of National Security Letters, ACLU (March 19, 2007), https://www.aclu.org/letter/aclu-roadmap-justice-department-inspector-generals-review-fbis-use-national-security-letters; OIG Report, supra note 7 at 36, 92, 110.