American flag near building showing the proposed amendment to PATRIOT Act to limit FBI's access to search and web browsing history

Failure to Limit Scope of PATRIOT Act Leaves Browsing History, Search Queries of American Citizens up for Grabs

Hastily passed in the wake of the September 11 attacks of 2001, the PATRIOT Act has long been a very controversial piece of legislation. However, many of its provisions continue to be renewed in spite of sharply divided public opinion. Section 215, which grants the FBI the ability to access browsing history without a warrant as part of a foreign intelligence investigation, appears to be on track for renewal after an attempt to amend it in the Senate failed by one vote.

The bill now returns to the House for another vote, and would remain in place for at least three years if it passes.

Continued access to citizen browsing history without warrants

The USA FREEDOM Reauthorization Act of 2020 seemed primed to pass, but a bilateral coalition of senators had wanted to amend Section 215 to limit the FBI’s access to search and web browsing history. The amendment actually enjoyed the support of most of the Senate, but a 60-vote majority was needed to end debate and make it a part of the final reauthorization vote.

The fact that the amendment fell short by a single vote was particularly galling to privacy advocates, given that several senators who have publicly supported PATRIOT Act limitations failed to show up. Most notable on the list was Bernie Sanders, who has consistently voted against the PATRIOT Act and its renewal efforts since it was first introduced in 2001. Sanders is not under quarantine or subject to travel restrictions, and did not reply to media inquiries as to why he missed the vote.

What exactly can the intelligence agencies access under the PATRIOT Act?

The original PATRIOT Act amended the existing Foreign Intelligence Surveillance Act (FISA), a 1978 bill that gave government agencies the right to conduct domestic surveillance on individuals believed to be agents of a foreign power. Such a warrant has to be issued by a FISA court, a secretive body that does not make its deliberations available to the public.

Section 215 has been controversial from the beginning due to the dramatic expansion of the FISA court’s power. It enabled various federal law enforcement and intelligence agencies to seize any type of record from a private business — physical or digital — if done in the course of investigation of a matter that impacts national security without requiring even the FISA court warrant. And since there is no search warrant, the subject does not have to be notified of the surveillance once the investigation ends.

Given the lack of public oversight of what constitutes a “national security” investigation, Section 215 was quickly abused. The National Security Agency (NSA) used Section 215 as the justification for its controversial bulk collection of national telephone records, something that was outlawed with an addition to the bill in 2015 after public outrage in the wake of the Edward Snowden leaks (though it is still legal to collect certain call details).

Senator Ron Wyden, one of the leading opponents of the PATRIOT Act, argues that these warrantless surveillance powers are particularly worrisome during a pandemic that has increased the average American’s internet use, and under an administration that has shown a willingness to direct political retribution against perceived enemies and opponents. This same access to web browsing and search histories would also remain available to future administrations.

At the moment, an investigative agency must simply have probable cause to believe an individual is relevant to an investigation involving national security to immediately be allowed access to their browsing history and search queries. However, since the FISA court is so secretive and there is no warrant process, it is impossible to know exactly what the standards for “probable cause” are in this case. Prior abuses of the PATRIOT Act appear to indicate that these standards are not particularly high.

The collection of browsing history data becomes a particular problem when the FBI does it. That’s because the FBI is allowed to store this information in such a way that local law enforcement agencies throughout the country can then gain access to it, should it choose to do so.

What can people do to protect themselves?

If the federal agencies have had this ability to arbitrarily collect browsing history for some time now, why is it only just now becoming a controversial news item? That’s likely due in part to HTTPS encryption inherently limiting the amount of data that agencies can casually scoop up. In most cases, HTTPS connections will show a snooping agent only the top-level domains that the subject is connecting to. They can obtain more granular and private information, of course, but that would involve committing more assets to the surveillance.

Individuals can make it tougher for this personal information to be scooped up by not allowing companies to log it; for example, disabling the recording of browsing history and search queries when logged into a Google account.

One might also use a VPN service located outside of the country, though it’s important to find one with a trustworthy reputation and proper security measures in place.

Though it appears that the warrantless collection of browsing history is cleared to continue for at least several years, there was at least one piece of good news for privacy advocates. A different amendment to the PATRIOT Act was approved that will require a Congressional appointee to be placed with the FISA court, with the duty of ensuring pro-privacy arguments are heard and attempting to declassify significant court rulings when possible.