Government used Patriot Act to gather website visitor logs in 2019

The federal government used the Patriot Act to collect website visit logs in 2019, the Office of the Director of National Intelligence revealed in letters made public Thursday, putting a renewed focus on surveillance authorities that lapsed earlier this year.

Director of National Intelligence (DNI) John Ratcliffe, in a Nov. 6 letter in response to Sen. Ron Wyden (D-Ore.), wrote that Section 215 of the Patriot Act, which allows the FBI to covertly obtain court orders to collect any business records relevant to a national security, was not used to get internet search terms.

He later clarified that position in a Nov. 25 follow-up letter after being contacted by the Justice Department to note that the authority had been used once to collect logs showing which computers “in a specified foreign country” had visited “a single, identified U.S. web page” during 2019.

“The DNI’s amended letter raises all kinds of new questions, including whether, in this particular case, the government has taken steps to avoid collecting Americans’ web browsing information,” Wyden said in a statement to The Hill on Thursday. 

“More generally, the DNI has provided no guarantee that the government wouldn’t use the Patriot Act to intentionally collect Americans’ web browsing information in the future, which is why Congress must pass the warrant requirement that has already received support from a bipartisan majority in the Senate.”

A spokesperson for the FBI declined to comment on whether the authority had been used to gather similar information before 2019, but did suggest that collecting web browsing data was consistent with the agency’s interpretation of the law.

“Section 215 has been an important tool used by the government to obtain this type of non-content information to combat cyber and other national security threats,” they said, referring to data about communications excluding the communications themselves.

“This type of non-content information can be obtained in a criminal investigation through the use of a grand jury subpoena and we see no reason to prohibit the acquisition of the same type of information under Section 215 when investigating a threat to national security.”

While Ratcliffe noted that the government did not collect keywords for searches, the data collected is considered sensitive by many civil rights groups.

“Our web-browsing records are windows into some of the most sensitive information about our lives — revealing everything from our political views to potential medical conditions,” Patrick Toomey, senior staff attorney with the ACLU’s National Security Project, said in a statement. “The FBI should not be collecting this information without a warrant.”

Sean Vitka, senior policy counsel at the progressive group Demand Progress, said that the same logic could be used to justify mass surveillance.

“If this is legal in their mind then a dragnet on a website is legal,” he told The Hill.

The New York Times first reported on the Ratcliffe letters.

The revelation that Section 215 was used to collect online visitor logs comes as Congress struggles over how to reauthorize the provision and two other surveillance-related investigative tools whose legal authority lapsed earlier this year.

Section 215 has been a particular sticking point in negotiations.

Wyden and Sen. Steve Daines (R-Mont.), who offered an amendment that would bar law enforcement from accessing Americans’ web browsing history using Section 215, fell one vote short of adoption in the Senate earlier this year.

In the House, a narrower version of the amendment was pulled by Democratic leadership before they ultimately kicked the surveillance reauthorization debate to a conference committee.

Senate Majority Leader Mitch McConnell (R-Ky.) did not appoint any members to the conference panel, meaning the Section 215 authority has since lapsed.

While the three authorities remain inactive, lawmakers and privacy groups have raised concerns that the Trump administration may be using an earlier executive order to illegally surveil Americans.

Executive Order 12333, issued in 1981, has been used before to conduct operations without statutory authorization or congressional oversight.

Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah) and Reps. Pramila Jayapal (D-Wash.) and Warren Davidson (R-Ohio) sent letters to Attorney General William Barr and Ratcliffe earlier this year over potential misuse of 12333 authority. The lawmakers said they never received a response.