NEW YORK (IPS/GIN) – Is the U.S. government spying on its citizens’ email and Web surfing habits?

The Electronic Frontier Foundation (EFF), a group that defends civil liberties on the Internet, believes the answer is probably “yes.” Earlier in January, the San Francisco-based watchdog filed a Freedom of Information Act request with the FBI and other U.S. Department of Justice offices.

It is seeking documents that would shed light on whether the government has been using the USA Patriot Act, which curtails some civil liberties as part of the “war on terror,” to spy on Internet users and collect secret information about their online activity without a search warrant.


“Although Internet users reasonably expect that their online reading habits are private, the (Justice Department) will not confirm whether it collects or believes itself authorized to collect URLs using pen-trap devices,” said Kevin Bankston, an EFF attorney.

Pen-traps collect information about the numbers dialed on a telephone, but do not record the actual content of phone conversations. Because of this limitation, court orders authorizing pen-trap surveillance are easy to get; instead of having to show probable cause, the government need only show relevance to its investigation. The government is not required to inform people that they are, or were, the subjects of pen-trap surveillance.

The USA Patriot Act was hastily passed by Congress shortly after the attacks of Sept. 11, 2001. Parts of it are due to expire this year and require re-authorization by Congress.

Under the act, the government can monitor an individual’s Web surfing records, use roving wiretaps to monitor phone calls made by individuals “proximate” to the primary person being tapped, access Internet Service Provider (ISP) records, and monitor the private records of people involved in legitimate protests.

Section 216 of the act gives the government permission to conduct surveillances in criminal investigations using pen registers or trap and trace devices (“pen-traps”).

The Justice Department says the new definitions allow pen-traps to collect email and Internet Protocol (IP) addresses. However, the agency has been less forthcoming about Web surveillance. It will not reveal whether it believes URLs (Uniform Resource Locator, the global address of documents and other resources on the Web) can be collected using pen-traps, despite the fact that URLs clearly reveal content by identifying the web pages being read.

“Much of the (Patriot) Act is coming up for review this year, but we can never have a full and informed debate of the issues when the DOJ (Justice Department) won’t explain how it has been using these new surveillance powers,” Mr. Bankston told IPS.

The Justice Department’s implementation of the Patriot Act has been widely criticized, and the American Civil Liberties Union (ACLU) has launched a $3.5-million campaign to “promote a public debate about proposals and measures that violate civil liberties without increasing our security.”

The group filed the first lawsuit against the Patriot Act and has since filed other challenges. In September 2004, it received the first-ever ruling in its challenge to National Security Letters, which were expanded under the Patriot Act.

While the law was passed as an anti-terrorism measure, it is not limited to terrorism. For example, government spying on suspected computer trespassers–not just terrorist suspects–requires no court order. Wiretaps are now allowed for any suspected violation of the Computer Fraud and Abuse Act, potentially opening the way to government spying on any computer user.

The Patriot Act also gave Internet Service Providers (ISPs) authority to release certain private data if a person’s life is in danger. The Justice Department does not have statistics on the number of times it has accessed such information, according to its report to the congressional committee.

However, it does describe how this tool enabled investigators to track down a student who posted threats to bomb his high school on an electronic bulletin board.

Last April, the ACLU challenged this section of the law on behalf of an unnamed Internet company as an “undue restriction on free speech and privacy rights.” A federal judge ruled the section unconstitutional and barred the FBI from invoking that part of the law in the future.

The Patriot Act requires ISPs and any other type of communications provider–including telephone companies–to comply with secret “national security letters” (NSLs) from the FBI.

Those letters can ask for information about subscribers, including home addresses, what telephone calls were made, email subject lines and logs of what websites were visited.

In the ACLU case, U.S. District Court Judge Victor Marrero ruled that “the recipient of an (NSL) is forever gagged against disclosing its existence to any person,” and that this gag order amounts to an “unconstitutional prior restraint of speech in violation of the First Amendment.”

The U.S.’ “big three” ISPs–Microsoft Network (MSN), America Online (AOL), and Earthlink–all provide their customers with privacy agreements. But the MSN and Earthlink agreements give these IPSs authority to intercept their customers’ emails; the AOL agreement limits its monitoring to AOL content, not web-browsing.