Letters produced by the Office of the Director of National Intelligence and obtained by the New York Times show that the U.S. government has interpreted Section 215 of the Patriot Act as giving it the power to monitor who visits certain websites and when, with minimal oversight.
Section 215 is currently dead in the water. It needs to be periodically renewed by Congress to hold legal force—and legislative gridlock killed a renewal bill in March 2020. But when it was in effect, Section 215 allowed the FBI to request business records via secret court orders simply by declaring them relevant to national security, as well as authorized “roving” wiretaps and surveillance of individuals suspected to be planning solo terror attacks.
Section 215 was the same authority cited by the National Security Agency when it collected metadata on billions of U.S. phone calls, resulting in mass public outrage when intelligence contractor Edward Snowden leaked details of the program in 2013. While Congress explicitly modified Section 215 in 2015 to prevent collection of bulk calling data, according to the Times, the FBI continued to assert the power to use the section to collect evidence on web browsing activities without ever obtaining a warrant. The GOP-controlled Senate passed a renewal bill earlier this year that imposed some minor speed bumps on warrantless collection of web browsing history, and while the Democratic-controlled House separately toyed with an amendment that would ban it, House leadership ultimately sabotaged any chances of it passing. Donald Trump subsequently scuttled chances of any Section 215 renewal with threats of a veto, meaning it’s stayed dead.
According to the Times, during those congressional negotiations, Senator Ron Wyden contacted the Director of National Intelligence John Ratcliffe seeking clarity on how Section 215 was being used. Ratcliffe replied in early November, the Times wrote, with a redirect: Intelligence agencies weren’t using it to collect search terms, nor did any of the 61 orders issued by the Foreign Intelligence Surveillance Court in 2019 involve “web browsing” data.
The Times reported it subsequently found Ratcliffe’s convenient definition of “web browsing” in his reply to Wyden did not apply to the collection of visitors to a web page, as one of the orders was to monitor foreigners visiting a specific site:
But The Times pressed Mr. Ratcliffe’s office and the F.B.I. to clarify whether it was defining “web browsing” activity to encompass logging all visitors to a particular website, in addition to a particular person’s browsing among different sites. The next day, the Justice Department sent a clarification to Mr. Ratcliffe’s office, according to a follow-up letter he sent to Mr. Wyden on Nov. 25.
In fact, “one of those 61 orders resulted in the production of information that could be characterized as information regarding browsing,” Mr. Ratcliffe wrote in the second letter. Specifically, one order had approved collection of logs revealing which computers “in a specified foreign country” had visited “a single, identified U.S. web page.”
Note that while Ratcliffe said the order was only to track visitors to the site from a “specified foreign country,” it’s not possible to carry out such surveillance without possibly sweeping up traffic from U.S. web users. While Section 215 is on hiatus, the feds can still cite its powers in any investigation started before March 2020.
Ratcliffe’s office and the FBI didn’t respond to the Times’ request for comment on whether it had used Section 215 powers in a similar manner before or after 2019.
Wyden told the Times, “... The D.N.I. has provided no guarantee that the government wouldn’t use the Patriot Act to intentionally collect Americans’ web browsing information in the future, which is why Congress must pass the warrant requirement that has already received support from a bipartisan majority in the Senate.”
While Section 215 remains lapsed, some members of Congress suspect that U.S. intelligence agencies might have simply come up with other justifications to conduct similar types of surveillance. Per the Hill, Reps. Pramila Jayapal and Warren Davidson sent a letter to Attorney General Bill Barr and Ratcliffe in September asking whether the executive branch was conducting most of the same activities under Executive Order 12333, a 1981 order that allows for the “incidental” interception of metadata and content of communications by U.S. citizens without a court order, so long as the information was collected overseas.