Crafty plan to give FBI warrantless access to browser histories axed

Email safeguards catch a bullet, too


A sly attempt to grant the FBI warrantless access to people's browser histories in the US has been shot down by politicians.

Unfortunately, the Electronic Communications Privacy Act (ECPA) Amendments Act of 2015, which would have brought in some privacy safeguards for Americans, was cut down in the crossfire.

The ECPA Amendments Act is very simple: it amends the 1986 Electronic Communications Privacy Act, which gives cops and agents warrantless access to any email that has been read or is more than 180 days old.

That 30-year-old act made sense back in the day of 20MB hard drives and when we stored own emails on our own computers: if we deleted something to save space or to simply destroy it, it was gone. But in today's cloudy world, where we have no real control over our information, it has proven a privacy nightmare. (By the way, the ECPA was used against Microsoft by the Feds in New York in 2014 to demand emails from a data center in Ireland.)

The ECPA Amendments Act of 2015 would have eliminated the 180-day rule, and ensures investigators get a warrant for the contents of emails.

In a stunning display of bipartisanship, the House of Representatives voted unanimously for their version of the updated law, the Email Privacy Act, in April, and the President gave it his full backing. The ECPA Amendments Act was expected to therefore breeze through the Senate, and into the law books, but now it's been put on hold by its sponsors.

The reason for the halt is the amendment [PDF] tacked on by Senator John Cornyn (R-TX) on Tuesday that would allow the FBI to obtain someone's internet browsing history and the metadata of all their internet use without a warrant. If Cornyn's amendment was passed, the Feds would simply have to issue a National Security Letter (NSL) to get the information.

Organizing an NSL is a lot easier than getting a warrant, and the FBI posts thousands every year with very little judicial oversight. In the past, the Feds claimed the letters granted them access to citizens' internet history, but this was ruled unlawful [PDF] in 2008.

The bill's sponsors, Senators Patrick Leahy (D-VT) and Mike Lee (R-UT), told a session of the Senate Committee on the Judiciary that Cornyn's amendment had wrecked years of careful bipartisan negotiations and would seriously harm US citizens' privacy. As such, they weren't prepared to let the bill go forward.

"The Cornyn National Security Letters amendment is something that I cannot in good conscience have attached to this bill," said Lee. "We want to make sure that when we get this passed, it enhances rather than diminishes our interests protected by the Fourth Amendment."

Youtube Video

Responding to Senator Cornyn's claims that his amendment allows g-men to get their hands on "just metadata" cut no ice with people who understand how revealing this information can be. Lee also accused Cornyn of sharp practice by waiting until the last few days before a vote could be scheduled to introduce his controversial amendment, which would not be accepted by the House.

His cosponsor, Senator Leahy, was equally cutting, accusing Cornyn of introducing a "poison pill" amendment to the legislation at the last minute that wouldn't pass in the Senate or the House of Representatives. He accused Cornyn of trying to "tank" the bill.

"I worry about getting into what has been a slippery slope in the past with these National Security Letters," Leahy said. "We all know the real scandal in the FBI – even under good leadership – when National Security Letters were used by low-ranking members of the FBI for what appeared to be vendettas, sometimes destroying people's businesses."

That law enforcement promised that they would be used wisely wasn't reassuring, he said, because similar assurances had been given in the past. J Edgar Hoover had used his powers to make the FBI into an instrument of control and that could not be allowed to happen again, he opined.

But Senator Cornyn was unfazed by the furor and said he would carry on pushing for his amendment, saying it was critical in the fight against terrorism. He said getting access to this metadata was the "number-one legislative priority" of the FBI's director, James Comey, and that the House of Representatives would support it "whether they liked it or not."

"I've been in the Senate not as long as some members of the committee, but I don't know when we ever said that just because a bill passed the House that the Senate should stand down and swallow the House bill hook, line, and sinker, particularly when there's good policy reasons for amending it," he said.

So now the bill will lie fallow while the politicians argue about a single amendment. In the meantime, clean up your inboxes. ®

Similar topics


Other stories you might like

  • FBI warning: Crooks are using deepfake videos in interviews for remote gigs
    Yes. Of course I human. Why asking? Also, when you give passwords to database?

    The US FBI issued a warning on Tuesday that it was has received increasing numbers of complaints relating to the use of deepfake videos during interviews for tech jobs that involve access to sensitive systems and information.

    The deepfake videos include a video image or recording convincingly manipulated to misrepresent someone as the "applicant" for jobs that can be performed remotely. The Bureau reports the scam has been tried on jobs for developers, "database, and software-related job functions". Some of the targeted jobs required access to customers' personal information, financial data, large databases and/or proprietary information.

    "In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually," said the FBI in a public service announcement.

    Continue reading
  • LGBTQ+ folks warned of dating app extortion scams
    Uncle Sam tells of crooks exploiting Pride Month

    The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.

    According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer.

    Such sextortion scams have been going on for years in one form or another, even attempting to hit Reg hacks, and has led to suicides.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • Five Eyes alliance’s top cop says techies are the future of law enforcement
    Crims have weaponized tech and certain States let them launder the proceeds

    Australian Federal Police (AFP) commissioner Reece Kershaw has accused un-named nations of helping organized criminals to use technology to commit and launder the proceeds of crime, and called for international collaboration to developer technologies that counter the threats that behaviour creates.

    Kershaw’s remarks were made at a meeting of the Five Eyes Law Enforcement Group (FELEG), the forum in which members of the Five Eyes intelligence sharing pact – Australia, New Zealand, Canada, the UK and the USA – discuss policing and related matters. Kershaw is the current chair of FELEG.

    “Criminals have weaponized technology and have become ruthlessly efficient at finding victims,” Kerhsaw told the group, before adding : “State actors and citizens from some nations are using our countries at the expense of our sovereignty and economies.”

    Continue reading
  • Beijing-backed baddies target unpatched networking kit to attack telcos
    NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points

    State-sponsored Chinese attackers are actively exploiting old vulnerabilities to "establish a broad network of compromised infrastructure" then using it to attack telcos and network services providers.

    So say the United States National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which took the unusual step of issuing a joint advisory that warns allied governments, critical infrastructure operators, and private industry organizations to hurry up and fix their IT estates.

    The advisory states that network devices are the target of this campaign and lists 16 flaws – some dating back to 2017 and none more recent than April 2021 – that the three agencies rate as the most frequently exploited.

    Continue reading

Biting the hand that feeds IT © 1998–2022