Internet Group Demands Surveillance Data from DOJ

A group that defends civil liberties on the Internet has filed a Freedom of Information Act (FOIA) request with the U.S. Department of Justice (DOJ) to determine if the government is secretly gathering information on the surfing habits of citizens.

In a copy of the FOIA obtained by TechNewsWorld, the San Francisco-based Electronic Frontier Foundation (EFF) said, "Although Internet users reasonably expect that their online reading habits are private, the DOJ will not confirm whether it collects or believes itself authorized to collect URLs using pen-trap devices."

"Pen registers" or "trap and trace devices" are technologies used by law enforcement agents to collect numbers dialed on a telephone or e-mail and IP addresses.

Individual Rights

"The DOJ has refused to answer the public's very simple question: 'Can the government see what I'm reading on the Web without having to show probable cause?' Yet the public's interest in an answer to that question, which implicates the most profound constitutional rights, is inestimable," the EFF FOIA asserted.

The Justice department is using pen-traps to garner information about what people are doing online, declared Alan Davidson, associate director for the Center For Democracy & Technology in Washington, D.C.

"The question is how much information are they getting when they use this tool," he told TechNewsWorld. "The reason that's important is that these pen-trap tools are used without the same judicial oversight you get with a wire tap."

With a wire tap, he explained, a judge is overseeing the whole process. "With a pen-trap, there's a much lower standard, and you can use it even when there's no probable cause to believe that a crime has been committed."

Limp Oversight

To obtain authorization for a pen register or trap and trace device, the government needs to obtain a "certification of relevance" from a court, noted EFF attorney and Bruce J. Ennis Fellow Kevin Bankston. "Rather than go to a judge and give facts leading to a finding of probable cause, which is required by the Constitution to get a search warrant, all the government has to do is certify -- sort of promise to the court without showing any fact -- that it believes the information it is going to collect is relevant to the investigation."

Web addresses like URLs can contain much more information that a typical phone number, explained Jonathan Zittrain, director of the Harvard Law School's Berkman Center for Internet and Society in Cambridge, Massachusetts. "The idea behind a lower standard for phone number information is that it's merely 'envelope without contents,' showing the fact of the call -- something revealed already to the phone company -- rather than its contents," he told TechNewsWorld via e-mail .

"But URLs often contain contents rather than envelope," he continued. "For example, 'http://www.google.com/search?q=fbi>' is a visit to Google (Nasdaq: GOOG) -- but it's also the very act of searching for 'FBI' there. Too often the URL is the data, and the easy separation made for phone -- if ever it worked there -- doesn't cut it so well here."

How Far Can DOJ Go?

"If there's thought to be good reason not to allow warrantless searches of actual packet contents, then URLs too should be treated sensitively," he added.

Bankston explained that pen traps have been used legally in the analog world for some 30 years. When the Internet came along, courts began to expand the practice to e-mail addresses. That expansion was codified in the Patriot Act.

The problem, as the EFF sees it, is that the government refuses to reveal how far it thinks it can go under the Patriot Act in gathering information on the Internet.

"In a free society, the police should at least be able to tell the people what their interpretation of their powers is," Bankston argued. "Yet, the Justice department has refused in the year since the Patriot Act's passage how they read this new statute and whether they think it allows them to get URLs or not."

20 Days To Act

"If there is an FOIA request, we will review it and respond to it with any records or documents that will be appropriate under the law," FBI spokesman William Carter told TechNewsWorld.

Bankston said that the DOJ has 20 business days to address the FOIA. "That doesn't mean that they have to generate the documents by then, but they at least have to get back to us and start negotiating the release of documents," he explained.