DOJ's "Community of Interest" Letters are Illegal
The Electronic Communications Privacy Act puts strict limits on when a telecommunications provider can hand over customer data to the government. Section 2702(A)(1) prohibits disclosure of the contents of a communication, and (A)(3) forbids the release of a "record or other information pertaining to a subscriber to or customer" other than the content covered by (A)(1). Thus, sections 2702(A)(1) and (A)(3) compliment one another, and together protect all records about a communication. Absent a specific statutory exception, it is flatly illegal for the telecoms to provide customer information to the government.
So the "community of interest" requests made as part of the "exigent letters" were doubly illegal. We need a new word for this -- what do you call an illegality piled on top of another illegality? Illegal squared?
And it doesn't stop there. Even if those "community of interest" requests had been part of a regular National Security Letter (NSL), they still would have been illegal. ECPA's NSL provision only authorizes the FBI to request "the name, address, length of service, and local and long distance toll billing records of a person" (emphasis added) under specific circumstances. To ask for information about a subject's community of interest, the FBI would have to issue a properly certified NSL for each person in the community. The NSL provision of ECPA (Section 2709) was just declared unconstitutional by a federal judge in a terrific case brought by the ACLU (with EFF amicus support), but even if the statute was still valid, it wouldn't have allowed this.
Most of the "community of interest" letters also formalistically recited that the requests would be followed by formal legal process, envisioning an after-the-fact papering over of the illegality. However, the IG report noted that this follow-up often never happened, and the "FBI was unable to determine whether [National Security Letters] or grand jury subpoenas were issued to cover the exigent letters."
For those keeping score, a grand jury subpoena would not validate the government's request for a "community of interest" either. Section 2703(c)(2) sets forth a detailed list of information the government can obtain from telecoms with a grand jury subpoena, such as the customer's name, address, and means of payment. This list does not include the customer's community of interest.
In short, there is no legal basis for these "community of interest" demands, whether issued as exigent letters, or through an NSL or grand jury subpoena.
This is a sensible rule. Anyone who's played "Six Degrees of Kevin Bacon" or looked over their relationships on a social networking service knows what a wide variety of people can be just a few degrees of separation away. For example, I know people who know Attorney General Gonzales -- but I'd hate to be caught up in an investigation of the soon to be former AG just because I'm two degrees away.
These revelations also underscore the need for substantive oversight that will prevent requests for information that go beyond that allowed by law. After detailing years of abuse in his March report, the Inspector General is continuing to investigate the misuse of exigent letters and National Security Letters. These revelations about the FBI echo those we've all heard about the NSA conducting warrantless wiretaps and dragnet records and content surveillance that went undiscovered for over five years.
The Administration still thinks it can convince the American public to let the FBI and NSA police themselves. In the wake of the Inspector General's report, the FBI has insisted that it can be trusted to fix its own habitual NSL misuse. Asked about "community of interest" letters yesterday, Fran Townsend, the President's homeland security advisor, pointed only to the bare existence of a "privacy and civil liberties officer" and a newly created "compliance unit" at the FBI -- conspicuously avoiding discussion of any outside oversight. The new Protect America Act similarly grants the Attorney General and Director of National Intelligence the right to "certify" broad surveillance techniques with no serious judicial oversight. While the Administration pushes "internal agency audits by the agencies using this authority," the American people can accept no substitutes for independent judgment when freedom is on the line.
External oversight by Congress and the courts is vital to protecting the privacy and security of Americans. The courts have recently started indicating that they are up to the task. The NSL provision was found unconstitutional in the ACLU case was in part because of the extraordinarily deferential review process that would require the Judicial Branch to treat certain Executive certifications "as conclusive unless the court finds that the certification was made in bad faith."
Now that the Executive's abuses of its surveillance and spying powers have come clearly to light, it is unconscionable to allow the watchmen to keep watching themselves. A "privacy and civil liberties officer" in the FBI was not enough to stop the illegal use of exigent circumstance letters to spy on a target's friends of friends, and the deferential review proposed by the Protect America Act will not be enough to prevent the abuse of the law's extraordinary powers.
It's time to Stop the Spying. Please join us.
Recent DeepLinks Posts
Nov 24, 2015
Nov 23, 2015
Nov 23, 2015
Nov 20, 2015
Nov 20, 2015
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2015 Copyright Review Process
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games