Congress Has No Idea How Much Web Browsing Data the FBI Collects

By Janus Rose, VICE

24 May 20

The Patriot Act is about to be reauthorized, but we still don't know basic facts about how our web browsing habits are being collected.

ith Congress looking to renew the PATRIOT Act, privacy advocates are scrambling to re-attach a provision that would prevent law enforcement agencies from collecting Americans’ web histories without a warrant.

But as usual, fighting the government’s secretive spying powers means taking shots in the dark. For one, Congress doesn’t even really know how much web browsing data federal agencies are collecting.

On Thursday, Sen. Ron Wyden (D-OR) sent a letter to acting Director of National Intelligence Richard Grenell, asking whether the numbers disclosed in the government’s annual transparency report include the collection of web browsing data and search history. The report includes the number of “unique identifiers” collected by federal agencies under Section 215 of the PATRIOT Act, which allows for domestic mass-surveillance—but it’s unclear how those identifiers might apply to the collection of web browsing data.

“While this may help put into context the scale of the government’s collection of email communications, I am concerned it does not necessarily apply to web browsing and internet searches,” Wyden wrote in the letter. “This ambiguity creates the likelihood that Congress and the American people may not be given the information to realize the scale of warrantless government surveillance of their use of the internet.”

Last week, Wyden co-sponsored an amendment to the PATRIOT Act reauthorization bill that would explicitly ban federal agencies from using the law to collect web browsing data. But the amendment failed by one vote after several Senators who would have voted “yes” failed to show up.

Nevertheless, the numbers proved there is support in both the Senate and the House for the privacy measures. As the bill prepares to move through the House, activists are demanding that House Speaker Nancy Pelosi and other Congressional leaders adopt the Wyden-Daines privacy amendment back into the House’s version of the bill.

Over 50 organizations have signed a letter to Pelosi asking for the privacy amendment to be re-added. And next week, Fight For the Future is planning a virtual day of action calling on Congress to rescue the privacy measures.

Wyden's full letter can be read below.

May 20, 2020

The Honourable Richard Grenell
Acting Director

Office of the Director of National Intelligence
Washington, DC. 20511

Dear Director Grenell,

I am writing to inquire whether public reporting on the use of Section 215 of the PATRIOT Act would capture the government?s collection of web browsing and internet searches. As you know, on May 13, 2020, 59 U.S. Senators voted to prohibit this form of warrantless surveillance, rejecting the broad, bipartisan View that it represents a dangerous invasion of Americans? privacy.

There have also been long-standing concerns about the inadequacy of public reporting on the use of Section 215, including whether the data released annually by the Director of National Intelligence adequately captures the extent of the government?s collection activities and its impact on Americans. These concerns are magnified by the lack of clarity as to how the public reporting requirements would apply to web browsing and internet searches.

Current law requires the DN1 to report publicly on the number of targets of Section 215 collection and the number of unique identifiers used to communicate information? the government collects. In its annual Statistical Transparency Report, the Office of the Director of National Intelligence has used email addresses as an example of a unique identifier. While this may help put into context the scale of the government?s collection of email communications, 1 am concerned it does not necessarily apply to web browsing and internet searches. This ambiguity creates the likelihood that Congress and the American people may not be given the information to realize the scale of warrantless government surveillance of their use of the internet. I therefore request that you respond to the following questions:

How would the government apply the public reporting requirements for Section 215 to web browsing and internet searches? In this context, would the target or unique identifier be an IP address?

If the target or unique identifier is an IP address, would the government differentiate among multiple individuals using the same IP address, such as family members and roommates using the same WiFi network, or could numerous users appear as a single target or ?unique identifier?

If the government were to collect web browsing information about everyone who visited a particular website, would those visitors be considered targets or ?unique identi?ers? for purposes of the public reporting? Would the public reporting data capture every internet user whose access to that website was collected by the government?

If the government were to collect web browsing and internet searches associated with a single user, would the public reporting requirement capture the. scope of the collection? In other words, how would the public reporting requirement distinguish between the government collecting information about a single visit to a website or a single search by one person and a month or a year of a person?s internet use? Thank you for your attention to this important matter.

Sincerely,

Ron Wyden
United States Senator