Tech Firms Say FBI Wants Browsing History Without Warrant

Aaron Souppouris, reporting for Engadget: Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a "national security letter" (NSL) that doesn't require a judge's approval. It's worth noting that ECTRs don't amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links. Additionally, the ECTRs won't include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.

Get a f*&^ing warrant!

[Bugler412]

It's apparently not difficult to get an essentially rubber stamp warrant from a judge. At least that has a modicum of accountability in the process. Why the hell don't they simply get a warrant?!?!

Re: Why doesn't law enforcement get it?

[johannesg]

So sharing with one particular third party for a technical purpose also implies consent for sharing with every other third party in the known universe, in particular law enforcement agencies? Does the simple fact that more than two parties are involved complete erase the right to privacy?

Gee, you can take this pretty far, can't you? "No, we were perfectly in our rights to spy on them, because there were three of them"...

Re:What I don't understand is...

[jafiwam]

Why the fuck does the FBI have a problem with getting a warrant? This isn't Apple's ridiculous refusal to decrypt data when the owner of the phone had consented. This is actually private data and should be protected accordingly. If there's a legitimate reason to access the data, then there shouldn't be any difficulty in obtaining a warrant to obtain access.

They don't have a problem getting warrants.

They want to not be observed to, or have any trace of, who and what they watch.

The goal is "Watching with NO RECORDS OF IT."

Why do you HAVE that data?

You should not be recording the browsing history of your users. Don't log the shit out of everything. Carry the data, don't keep it. WHY IS THAT SO HARD TO UNDERSTAND?

Re:Because society tacitly asks for it

[Bugler412]

RE: What would upset you more Arresting someone using evidence obtained illegally is definitely more heinous. Any system that encourages or allows law enforcers to break or bypass the law inherently reduces respect for and compliance with that institution and ultimately leads to more and greater crime, from both enforcers and criminals.

Re: Why doesn't law enforcement get it?

[whoever57]

This is based on a ridiculous ruling that phone numbers dialed are not private information because they're voluntarily shared with a third party (the phone company) and therefore don't have am expectation of privacy. The case is Smith v. Maryland (1979). Basically they ruled that because phone companies keep records of the numbers dialed that users shouldn't expect any privacy and therefore no warrant is required. This ruling could easily be extended to content with that same logic

Even if you accept that ruling, the data that is collected and handed over should be limited to IP addresses that I connect to. DNS names should not be included, since they are content, not metadata. If I am using Google nameservers, all the ISP should hand over was that I connected to 8.8.8.8 on port 53, then I connected to an IP address on port 80.