I love reading Shel Silverstein’s The Giving Tree, but it always makes me a little bit sad. Commenting on need, devotion, and mortality, the story revolves around a tree that gives up everything to please a boy. I’ve always kept my eye out for a similar book. So imagine my delight when I discovered that the administration wanted to write the sequel: The Giving ISP.  It goes a little something like this:

"Once there was an ISP. . ."

The FBI wants access to the Internet records of various individuals. And for this purpose, the government uses National Security Letters (NSL).  NSLs allow the FBI to demand user information from ISP’s AND to insist that the ISP keep this demand secret. All this is done without the pesky need for a warrant, provided that the FBI decides the information might be relevant to preventing or investigating terrorism.

ISP’s rarely raise a fuss, especially because spying pays well (see Yahoo!). Even if they wanted to, ISP's have only a limited ability to prevent disclosure. In Doe v. Mukasey, the Court of Appeals for the Second Circuit ruled that an ISP which did not wish to turn over the requested information would need to “give the government prompt notice, perhaps within 10 days” after which time, the government’s needs would have to be met. In the event that an ISP does give such notice (which seems to have only ever happened three times), a judge would rule on the propriety of the request. And this ruling could be based on in camera meetings with FBI officials. How comforting.

But a slight problem arose when the government demanded information that some ISPs believed they could not legally turn over without a court order. The Electronic Communications Privacy Act of 1986 (ECPA Pub. L. 99-508, Oct. 21, 1986, 100 Stat. 1848, 18 U.S.C. § 2510 et seq.) restricts the types of information that can be gathered without a court order. Currently, the FBI may only (legally) seek: name, address, length of service, and toll billing records.

Of course, the administration wants more. It wants the addresses of the user’s email recipients, the time stamps for any email transmissions, and (possibly) the user's browser history. It is open for debate if ISPs have already been offering up this information, in violation of the ECPA. Now, the administration wants to make sure there is no confusion by amending the ECPA: the ISPs are to surrender “electronic communication transactional records.”  

The administration has offered no definitions for this novel phrase. Which is a bit odd, considering the whole claimed purpose of this amendment is to clarify just how much the ISPs must fork over without seeing a judge’s signature. Could it be that maybe, just maybe, the added language is intended to ensure that all providers remain the Giving ISP.

After all, we already know that telecoms have received immunity for facilitating illegal wiretapping. Could it be that this nebulous “transactional record” language is meant to grow in scope to match the digital appetite of the FBI?

This request is all the more terrifying when you recall that just a few months ago, the FBI wanted ISPs to keep a log of all the URLs a user visits. Under that proposal, an ISP would retain this information for two years. I could see the administration framing the connection of a user to a website as a “electronic communication transactional record.” The FBI could even argue that it was not requesting the content of the communication, just the record of the communication – something more akin to looking at a phone bill than engaging in wiretapping. The problem is that if the FBI has the URL and the timestamp of the “electronic communication” it can easily find out the content of the website – the agency need only look to an Internet archive or even the current URL.  The ISP gets to claim it is still respecting privacy by not turning over content, the FBI still gets to look over your shoulder, and everyone walks away happy.

Surely the FBI will never abuse this awesome power, especially when confronted with absolutely no judicial oversight. Surely, a “transactional record” wouldn’t include potentially embarrassing information related to sexual preference, drug use, political affiliation, or religious beliefs. I feel safer already. (Note: So do all the wikileakers out there.).

So to sum up: The FBI is likely gathering more information than allowed using secret National Security Letters. The administration wants to make sure companies understand that they do not need to see judicial approval before handing over “electronic communication transactional records.” The government merely wants to ensure that providers remain generous in sharing your personal data.

". . . and the ISP was happy."

(Andrew Moshirnia is a rising third year student at Harvard Law School and a CMLP blogger. His teeth are too weak for apples.)

Photo "why is the city chopping down the trees i love? i take it very personally" courtesy of Flickr user emdot, licensed under a CC Attribution-NonCommercial-NoDerivs2.0 Generic.