Attorney speculates data could include Facebook friend requests

The White House has asked Congress to make it possible for the FBI to demand that Internet service providers turn over customers' records in cases involving terrorism or other intelligence issues without first obtaining a court order.

The Electronic Communications Privacy Act currently states that companies are required to provide basic subscriber data to the FBI, but lists only the four kinds of information that might be found on phone bills -- customer's name, address, length of service, and toll billing records.

In 2008, the Justice Department ruled that those four categories were "exhaustive," making some companies reluctant to provide any additional information. The proposed amendment would add the phrase "electronic communication transactional records" to the list in order to include the recipients of emails and when they were sent and received -- though not their content. It might also cover web browsing history.

The administration is describing the proposal as intended to prevent "confusion" on the part of service providers, but the Washington Post notes that "what officials portray as a technical clarification designed to remedy a legal ambiguity strikes industry lawyers and privacy advocates as an expansion of the power the government wields through so-called national security letters."

According to the Post, critics of the change say it would "greatly expand the amount and type of personal data the government can obtain without a court order" and represents "another example of an administration retreating from campaign pledges to enhance civil liberties in relation to national security."

"You're bringing a big category of data -- records reflecting who someone is communicating with in the digital world, Web browsing history and potentially location information -- outside of judicial review," former Clinton administration Justice Department lawyer Michael Sussman told the Post.

The administration proposal also appears to fly in the face of recent attempts by tech companies like Microsoft to obtain changes to the Electronic Communications Privacy Act that would provide greater security and privacy for so-called "cloud computing," in which data is stored online.

A Google lobbyist told Congress last week, "ECPA is difficult to explain to our users, and it's difficult for us to apply. The confusion and the costs associated with it really for us is undermining the growth of our services and the growth of the cloud."

An expert with the Brookings Institution has suggested that "Congress should update the Electronic Communications Privacy Act to change the process by which law enforcement agents obtain electronic information. Instead of using a prosecutor’s subpoena, legislation should require a 'probable cause' search warrant that is approved by a judge. This would provide greater safeguards in terms of online content, pictures, geolocation data, and e-mails."

Making FBI requests for such data easier rather than more difficult would weaken those safeguards -- and the Post notes that national security letters have been abused in the past. There are also questions as to how broadly the new language might be applied.

Kevin Bankston of the Electronic Frontier Foundation, for example, told the Post that because the phrase "electronic communication transactional records" is not defined in the statute, "an expanded NSL power might be used to obtain Internet search queries and Web histories detailing every Web site visited and every file downloaded."

Internet attorney Marc Zwillinger even speculated that it might give the government access to social networking activity. "A Facebook friend request -- is that like a phone call or an e-mail?" he asked. "Is that something they would sweep in under an NSL? They certainly aren't getting that now."

And Greg Nojeim of the Center for Democracy and Technology,emphasized that the email information is "much more sensitive than the other information, like name, address and telephone number, that the FBI gets with national security letters. It shows associational information protected by the First Amendment and is much less public than things like where you live."