Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Facebook Google Privacy Security Politics Your Rights Online

Tech Firms Say FBI Wants Browsing History Without Warrant (engadget.com) 145

Aaron Souppouris, reporting for Engadget: Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a "national security letter" (NSL) that doesn't require a judge's approval. It's worth noting that ECTRs don't amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links. Additionally, the ECTRs won't include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.
This discussion has been archived. No new comments can be posted.

Tech Firms Say FBI Wants Browsing History Without Warrant

Comments Filter:
  • Thanks to everyone who submitted similar stories.
  • by Anonymous Coward

    Tech firms say FBI always wants EVERYTHING THEY CAN GET without warrent.

  • by Anonymous Coward on Tuesday June 07, 2016 @11:29AM (#52267543)

    If they walk up to my house and look in a window from the street and see something fine. If the blinds are drawn and they want to see what is behind that window, they need to convince a judge (either before the fact via a warrant, or after the fact with probably cause). Why is it that so many people, especially in government, lose their minds when computers are involved? If I can visit engadget.com and see who is on the site and from where, then fine. If I want them to open up their access logs, I ought to need a judge's approval. Seriously, in this day and age a Judge's approval is never more than 15 or 20 minutes away. It's not like two centuries ago where judges rode circuit and you might have to wait a month until the next time you saw one. Aside from that, if the matters are sensitive, there is an entire court of judges (FISA) with top secret clearances and plenty of federal and even state court judges who have litigated or presided over sensitive cases and also have security clearances. If law enforcement complains that "it's hard" then that is how it should be. Infringing on someone's rights (and that's exactly what a search by the government is) shouldn't be easy.

    • by Anonymous Coward on Tuesday June 07, 2016 @11:44AM (#52267657)

      This is based on a ridiculous ruling that phone numbers dialed are not private information because they're voluntarily shared with a third party (the phone company) and therefore don't have am expectation of privacy. The case is Smith v. Maryland (1979). Basically they ruled that because phone companies keep records of the numbers dialed that users shouldn't expect any privacy and therefore no warrant is required. This ruling could easily be extended to content with that same logic. For example, Facebook has to keep a record of the messages you send in Messenger because they show your conversation history. You've voluntarily shared that content with them. Phone companies now back up SMS messages in the cloud that can be restored to a new phone or after a factory data reset. In either case, you've voluntarily shared the content with a third party and therefore the same logic could be used to argue no expectation of privacy exists there, either. It is, of course, an awful ruling with ludicrous logic applied. It is one of the most shameful rulings ever issued by SCOTUS.

      • by johannesg ( 664142 ) on Tuesday June 07, 2016 @11:56AM (#52267743)

        So sharing with one particular third party for a technical purpose also implies consent for sharing with every other third party in the known universe, in particular law enforcement agencies? Does the simple fact that more than two parties are involved complete erase the right to privacy?

        Gee, you can take this pretty far, can't you? "No, we were perfectly in our rights to spy on them, because there were three of them"...

        • Exactly. The asinine thing about Smith v. Maryland is that even if the call records are shared with the phone company, the phone company is private too! AT&T has the same right to not be searched without a warrant as its customers do.

          Now, if AT&T voluntarily decided to hand over records based on a non-warrant request from the FBI, that's allowed (albeit idiotic from a don't-piss-off-your-customers perspective). But it should not be possible to compel them to do so without a warrant.

        • by Kjella ( 173770 )

          So sharing with one particular third party for a technical purpose also implies consent for sharing with every other third party in the known universe, in particular law enforcement agencies? Does the simple fact that more than two parties are involved complete erase the right to privacy?

          Well they've drawn an imaginary line in the sand and said content is protected, metadata is not. For example with phone numbers they can get the number you dialed without a warrant, but if you dial a menu after connecting they do. So for IP traffic that means to and from address, email it's from and to address and so on. The reason I said imaginary line is that the full URL string is considered specific content, but the site is just metadata on who you connected to. So if you visit "news.bbc.co.uk" that's u

      • This is based on a ridiculous ruling that phone numbers dialed are not private information because they're voluntarily shared with a third party (the phone company) and therefore don't have am expectation of privacy. The case is Smith v. Maryland (1979). Basically they ruled that because phone companies keep records of the numbers dialed that users shouldn't expect any privacy and therefore no warrant is required. This ruling could easily be extended to content with that same logic. For example, Facebook has to keep a record of the messages you send in Messenger because they show your conversation history. You've voluntarily shared that content with them. Phone companies now back up SMS messages in the cloud that can be restored to a new phone or after a factory data reset. In either case, you've voluntarily shared the content with a third party and therefore the same logic could be used to argue no expectation of privacy exists there, either. It is, of course, an awful ruling with ludicrous logic applied. It is one of the most shameful rulings ever issued by SCOTUS.

        The first question when analyzing a search issue is whether a person has an expectation of privacy in the information. When Smith v. Maryland was decided, the judges on SCOTUS had grown up in an era when "party line" telephone lines were used. On a "party line," you share the telephone line with your neighbor or neighbors and your neighbor can listen to your call by picking up their phone. While you are right that they used the sharing-numbers-dialed-with-the-phone-company as the formal reason for a lack

      • by Munchr ( 786041 )
        What we really need are for the tech companies to band together like the libraries did, and protect the confidentiality of their clients. Demand warrants, and stop allowing easy access to our records. If the books I borrow are privileged information that requires a lawful warrant or subpoena (by law in most states), then so are the websites I visit, and the email I send and receive.
        • by rtb61 ( 674572 )

          All to hard trying to get tech companies to agree to anything. What we need are meta data 'BOMB' add ons, that run in the background creating false data and basically blow up their data bases. It won't generate too much traffic because you do not need to conclude the full data transmission, just create false meta data. All just quietly ticking away in the background, accessing random locations for random amounts of time, with out any action by the end user.

        • The librarians decided to keep absolute minimum records so the FBI couldn't harvest them. The FBI can learn that I've got a biography of Garibaldi checked out, but they won't be able to find information on the audiobook I returned last week.

          This isn't really applicable to ISPs, since they keep information on me for my own convenience. My email provider stores my email so I can easily access it from multiple machines, for example. I'd like to see this legally kept private, but very few of the Founding

      • by whoever57 ( 658626 ) on Tuesday June 07, 2016 @02:39PM (#52269141) Journal

        This is based on a ridiculous ruling that phone numbers dialed are not private information because they're voluntarily shared with a third party (the phone company) and therefore don't have am expectation of privacy. The case is Smith v. Maryland (1979). Basically they ruled that because phone companies keep records of the numbers dialed that users shouldn't expect any privacy and therefore no warrant is required. This ruling could easily be extended to content with that same logic

        Even if you accept that ruling, the data that is collected and handed over should be limited to IP addresses that I connect to. DNS names should not be included, since they are content, not metadata. If I am using Google nameservers, all the ISP should hand over was that I connected to 8.8.8.8 on port 53, then I connected to an IP address on port 80.

      • by mccrew ( 62494 )
        Why doesn't law enforcement get it? I think the question assumes that a tiger wants to change his stripes. Law enforcement, like all organizations, always wants to expand its power and reach, especially if it's free for the asking. It is up to you and me to hold our elected leaders to task. Law enforcement has always been happy to use extra-constitutional methods to these ends until they get called to the carpet for it, and you can't expect that they will ever stop trying.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      If they walk up to my house and look in a window from the street and see something fine.

      No, not fine. Not always anyway. IANAL, so I am overly simplifying here, but cops need a reason to be in the area. Which could be as simple as "I just so happened to be in the area, and just so happened to glance in the direction of the open window". If a cop is routinely going up and down a street, looking in every open window, and the best excuse they can come up with is "well, I might see something", that is illegal.

    • by Holi ( 250190 )
      If they walk on to my property with the intent to look in my window, they better already have that warrant in hand otherwise none of what they see will be admissible in court.
    • by Phusion ( 58405 )
      Yeah, you're talking about logic and making sense and all that. That stuff doesn't fly with the Govt. There are too many of us, they are doing too many things in the shadows, presumably because they are scared of the populace? Maybe they are just power hungry, megalomaniacs? I'm not sure why the US's three letter agencies have decided they need to collect all the electronic data possible, but it can't be just from the terror attacks on 9/11. Could it? In their minds, do they justify all of this so we never
    • by Anonymous Coward

      Simple: they're not paid to "get it."

    • by sjames ( 1099 )

      They do get it. It's just that they care a lot more about their job being easy than they do about the U.S.A. or anything it stands for. If American flag toilet paper was $0.0001 cheaper per roll, they'd use it.

  • Seeing the article with a facebook logo, I wonder if FBI stands for "FaceBook International".
    • by Anonymous Coward

      Seeing the article with a facebook logo, I wonder if FBI stands for "FaceBook International".

      Everyone knows it stands for Female Body Inspector!

  • in every household. Put one in every store and put one in every corporate office. Put one in every school and every city bus. In fact just make every US citizen an FBI agent then you can keep tabs on EVERYTHING.
  • May be because they think that this is gonna help to fight crime. But also this will let them see the personal life of common people.
  • Incorrect assumption (Score:5, Interesting)

    by JustNiz ( 692889 ) on Tuesday June 07, 2016 @11:36AM (#52267597)

    I can see where this is going.
    You might hate terrorism and be looking at isis.com or whataver for legitmate academinc or other reasons, yet the FBI will now just put you on the no fly list anyway.

  • by Bugler412 ( 2610815 ) on Tuesday June 07, 2016 @11:41AM (#52267633)
    It's apparently not difficult to get an essentially rubber stamp warrant from a judge. At least that has a modicum of accountability in the process. Why the hell don't they simply get a warrant?!?!
    • We as a society want crime off our streets. So, we want officers to do their job as effectively and efficiently as possible. If someone's in the process of committing a crime, we want it stopped. Waiting for a warrant to get processed is time the perps have to get away and for the crime to go unpunished, and nobody wants that except the criminal.

      As I've said repeatedly before, Law Comic [lawcomic.net] is your friend. Borrowing from this page [slashdot.org]: "Rules are respectable. They're how things are supposed to work. But poli

      • by Anonymous Coward

        What would upset you more, allowing a criminal to go free because evidence cannot be obtained legally, or arresting a criminal using evidence that was obtained illegally? (For the purpose of the question, assume the person has indeed committed a crime.)

        Once you have illegal evidence, what proof do you have it wasnt planted?

        I would rather watch ten guilty men go free then watch one innocent man go to jail.

      • by Bugler412 ( 2610815 ) on Tuesday June 07, 2016 @02:09PM (#52268877)
        RE: What would upset you more Arresting someone using evidence obtained illegally is definitely more heinous. Any system that encourages or allows law enforcers to break or bypass the law inherently reduces respect for and compliance with that institution and ultimately leads to more and greater crime, from both enforcers and criminals.
        • For a textbook world. But in the world we live in, things are never so clear cut. Ask a small business owner whose store was broken into whether they received justice when the perpetrator was allowed to walk after the evidence used to convict him was illegally obtained (pg. 3) [theatlantic.com]. Ask a woman if she receives justice when the man who rapes her is allowed to walk because illegally obtained evidence is suppressed from trial [state.md.us]. As the previously quoted article from "The Atlantic" says, "It is highly important th

          • the opinion of the victim has no bearing on the law as written, there's a reason we don't allow crime victims to try and punish criminals. The 4th amendment says "get a warrant from a judge" and that exact thing is done thousands of times a day in the US. Why don't you justify why the FBI shouldn't play in this routine and expedient process? Judges are on call 24x7 for exactly that sort of activity. They are asking for an explicit bypass on a clear constitutional protection.
      • To put it another way, ask yourself this question: What would upset you more, allowing a criminal to go free because evidence cannot be obtained legally, or arresting a criminal using evidence that was obtained illegally? (For the purpose of the question, assume the person has indeed committed a crime.)

        What would upset me more? Arresting a criminal using evidence that was obtained illegally. Because if they'll bend the rules that way, the next step is manufacturing evidence out of whole cloth. And when t

  • And I want a solid rhodium toilet. In a sane world I would be more likely to get that toilet than the FBI would bet to get warrantless searches but alas we seem to have gone insane.
  • for the tech user (Score:5, Informative)

    by nimbius ( 983462 ) on Tuesday June 07, 2016 @11:49AM (#52267683) Homepage
    ECTR's arent a formal technical definition, its a smoke-and-mirrors piece of jargon invented by the FBI to conceal the meaning and definition of what it really wants and to prevent overstepping the "metadata" line.

    ECTRs are apache, postfix, nginx, and php logs from transactions. they are asking for your system logs.
  • NO NO NO

    The FBI, CIA, NSA, etc should get NOTHING, not even their paychecks, without a warrant.

    Enough already, this is way out of hand.

  • Any suspected terrorist stupid enough to be caught browsing HTTP (or even HTTPS) sites to co-ordinate their activities really ARE NOT the people we need to worry about.

    And any "activity report" that just looks at DNS lookups for websites is really useless against the rest.

    Honestly, even an SSH to a foreign remote server that does the actual lookup stuff for you would make it much harder to detect what you were looking up, and that's not even counting looking for it on a proper "darkweb" rather than just any

  • by schwit1 ( 797399 ) on Tuesday June 07, 2016 @11:55AM (#52267727)
    http://www.zerohedge.com/news/... [zerohedge.com]

    "I just came from a meeting, today, in the situation room, in which I’ve got people who we know have been on ISIL websites living here in the United States — US citizens. And we’re allowed to put them on the no fly list when it comes to airlines, ..."

    Based on browser history - pardon? What the president just confirmed is that someone from the government is noting everyone's browsing history, determining which websites are not to be visited, and furthermore, if someone does visit the website for whatever reason they get put on a no fly list.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      This will be a great troll tactic. Way better than rick rolling.
      Trick people into visiting terrorist websites and they'll be on the no fly list forever.
      trolololo

    • If they're routing any of the traffic, they can see US-based IP addresses going to those sites.

      Anyone routing any of your traffic can see that, actually, and IP has never been an anonymizing technology by itself.

      If the US government isn't routing anything itself, it can easily traceroute to ISIL servers and ask the last-hop provider(s) on US soil to log the source of all connections to those servers.

      This simple and legal method might not be how they're doing it---but the fact is that a simple and legal meth

    • by Tran ( 721196 )

      I do not see in Obama's words where it says the information based on browser history.

      I am sure there are other ways to monitor who is visiting a site besides browser history.

    • by Anonymous Coward

      You can't enforce a law that no-one is allowed to know about - that's batshit bonkers.

      If there's a secret list somewhere noting all the things I'm not allowed to know "but I can't know about it" then how can I be expected to follow the law? How can I know I'm following the law? The no-fly list is punitive in different ways to a prison cell, you're telling me I'm too dangerous to fly because I might know something they don't like. In the modern business world that's basically a death sentence.

      On the other ha

      • You can't enforce a law that no-one is allowed to know about - that's batshit bonkers.

        If there's a secret list somewhere noting all the things I'm not allowed to know "but I can't know about it" then how can I be expected to follow the law?

        "Did you really think we want those laws observed?" said Dr. Ferris. "We want them to be broken. You'd better get it straight that it's not a bunch of boy scouts you're up against... We're after power and we mean it... There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nat

  • Why do they think that they can tell the time I spent on a site from those logs? They only have the times that I requested the pages. There's no mechanism to say when you are finished reading a page. I can get distracted by a phone call, mail, or someone else. Or maybe I open a link from one article in another tab to read later.

    • Well, if you have JS allowed for the site, and they do AJAXy things and log the times for that you could profile someone's time spent relatively easily, even if all you get is the heartbeats of the requests
  • Tech Firms Say FBI Wants Browsing History Without Warrant

    Just how is this different — in principle — from the normal and old-fashioned investigation, where the investigator would talk to the suspect's friends, business-partners, grocery-suppliers, neighbors, and landlords? And, if the folks had any relevant records, ask to see them?

    Sherlock Holmes would do that, Perry Mason would do that, Hercule Poirot would do that, Miss Marple would do that. Why can't the FBI — which law are they viol

    • by Anonymous Coward

      The characters you highlight were investigating a crime.
      The characters in the FBI are trying to find a crime to investigate.

      Dragnets aren't allowed Sherlock.

    • Tech Firms Say FBI Wants Browsing History Without Warrant

      Just how is this different — in principle — from the normal and old-fashioned investigation, where the investigator would talk to the suspect's friends, business-partners, grocery-suppliers, neighbors, and landlords? And, if the folks had any relevant records, ask to see them?

      Sherlock Holmes would do that, Perry Mason would do that, Hercule Poirot would do that, Miss Marple would do that. Why can't the FBI — which law are they violating by the mere asking? There is no allegation in TFA of any illegal threats the agents have made against the companies for non-compliance or for demanding a warrant or some other approval from the Judiciary... What is the there there?

      I'll bite - because this is compelled, not asked. An NSL *compels* information, and it also comes with a gag order. Neither of that is true of a cop asking. Now, in the case of a standard investigation, if they wanted to compel testimony or info they could get a warrant or a subpoena, as they can now for these records, but that requires a judge, not just a senior FBI agent, and typically never came with gag orders.

      • by mi ( 197448 )

        I'll bite - because this is compelled, not asked.

        Is it? How are they different? In both cases the policeman/detective can make threats — explicit or veiled — which their target may choose to ignore if he believes, the demand is not legal.

        An NSL *compels* information, and it also comes with a gag order.

        Not any more than a cop saying: "If you don't help, I may suspect you of being in cahoots with him", and adding: "Oh, and please, do not tell him about this conversation, alright?"

        Now, this all as

    • Sherlock Holmes would reason backwards, eliminate the impossible, and find the truth in what's left. The Baker Street Irregulars would do some canvassing for him, which is the closest you're going to find here. Perry Mason was an attorney, and did not do his own investigations. Hercule Poirot would use his little gray cells. Miss Marple would use her insight into people's personalities developed in St. Mary's Mead. You're not only idiotically trying to make a real point using highly fictionalized char

      • by mi ( 197448 )

        idiotically trying

        Please, don't hate, asshole.

        • Perhaps I should have made it more clear that the argument was idiotic, not necessarily you personally. I wasn't trying to insult you, and apologize if I was sufficiently unclear on that.

  • by Anonymous Coward

    You should not be recording the browsing history of your users. Don't log the shit out of everything. Carry the data, don't keep it. WHY IS THAT SO HARD TO UNDERSTAND?

  • Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases.

    For the article to have been accurate I'm pretty sure the words "in spy and terrorism cases" should have been omitted. Who added those words? Is it an un-attributed quote, or was it put there by some overly zealous and/or boot-licking reporter or editor? Does anybody really believe that the scope of such investigations will be limited to those that can legitimately be called "spy and terrorism cases"?

  • If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links.

    Does anyone even believe that after all the times they have lied?

  • by Anonymous Coward

    Current text of 18 U.S. Code 2709 - Counterintelligence access to telephone toll and transactional records https://www.law.cornell.edu/uscode/text/18/2709?qt-us_code_temp_noupdates=0#qt-us_code_temp_noupdates

    Cornwyn amended text [pdf]

    https://www.judiciary.senate.gov/download/s356-cornyn1_-oll16601

    Purpose: To amend section 2709 of title 18, United States
    Code, to clarify that the Government may obtain a speci-
    fied set of electronic communication transactional
    records under that section.

    pertinent section:

    (b)
    (2) OBTAINABLE TYPES OF INFORMATION AND RECORDS.—The information and records described
    in this paragraph are the following:

    (A) Name, physical address, e-mail address, telephone number, instrument number,
    and other similar account identifying information.

    (B) Account number, login history, length of service (including start date), types of service, and means and sources of payment for service (including any card or bank account information).

    (C) Local and long distance toll billing records.

    (D) Internet Protocol (commonly known as ‘IP’) address or other network address, including any temporarily assigned IP or network address, communication addressing, routing, or
    transmission information, including any network address translation information (but excluding cell tower information), and session times and durations for an electronic communication.’’.

    Um, not seeing anything about browsing history. Frankly, it seems a reasonable update to that section which had changed very little since 2001. Before 2001, subsection (A) read, "the information sought is releva

  • about terrorism?
    Really?
    Wasn't it ALWAYS about keeping tabs on dissenters who might have actual plans to win elections and coordinate?
    Go ahead, let yourself dream of the ultimate 1984 scenario, then tell me what is missing
    Dicknose would have LOVED Gitmo

God help those who do not help themselves. -- Wilson Mizner

Working...