Thanks to a remarkably close vote in the Senate, it is now legal for the US government to look through any US citizen's browsing history.
A few days ago, the Senate was given the opportunity to vote for the reauthorization of the Patriot Act. The Act, which was passed in the wake of the 9/11 attacks, represented a huge expansion of the US surveillance state but passed without much hassle due to heightened fears around international and domestic terrorism. This new reauthorization, however, featured an amendment which would allow for the mass collection of internet browsing history, which goes beyond the remit of the original act.
Why did this happen? What does it mean for you? And is there anything that we can do about it now?
The Reauthorization of the Patriot Act: What Happened?
The Patriot Act – or, to give its full title, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 – has a provision whereby the powers of the act are supposed to “sunset” every four or five years. This means that the original act needs to be reauthorized every so often.
Normally, this passes without much fanfare. Sure, the Act has its critics, but as the powers have already been enacted, it's hard for legislators to scale them back.
However, this time, the Senate's Majority Leader Mitch McConnell (pictured here) led the charge to add a new provision to the bill which would allow the FBI to take internet browsing history from anyone – without prior evidence of any wrongdoing. There were attempts to stop the passage of the new provision, with Senators Ron Wyden (D-OR) and Steve Daines (R-MT) proposing an amendment to the bill which would require the FBI to raise a warrant before any information could be taken.
However, due to some notable absences from the Senate, the reauthorization with the new amendment was passed – by a single vote.
“We are deeply disappointed with the Senate vote on the amendment,” said Ferras Vinh, Mozilla's policy manager. “Americans deserve the strong protections for their online activities provided by the proposed amendment. It would have made clear that the government needs a warrant for browsing and search history, which may provide an intimate portrait of our health, our finances, and our daily lives.”
What Happens Now?
From now, it's safe to assume that the FBI might be trying to collect the internet browsing history of US citizens in bulk.
“Such power given to law enforcement and intelligence agencies has a chilling effect on freedom of information and ideas,” said Paul Bischoff, a privacy advocate at Comparitech.com. “If police and spooks can freely spy on what we search for and what websites we visit, then we'll abstain from looking up things that we think has even the slightest chance of getting us in trouble.”
However, while the image of FBI staffers poring over your Amazon shopping history and Netflix binge-watching might seem scary, it is perhaps slightly melodramatic.
According to the Center for Strategic and International Studies, the FBI hasn't used its existing bulk collection powers too aggressively:
“Despite the breadth of data collected, it has rarely been accessed. In 2012, the NSA queried 288 primary phone numbers, and through contact chain analysis touched 6,000 numbers. Overall, Section 215 data has contributed intelligence to 12 counterterrorism cases with a potential homeland nexus.”
Admittedly, internet browsing history is more intimate and potentially more revealing that phone call records – but again, there might be some issues with the FBI's data collection.
According to specialist IT publication The Register:
“Using HTTPS connections will, we imagine, somewhat thwart the FBI's harvesting of web histories: details such as the exact URL visited will be shielded within encryption that the ISP and Feds can't peer into without some shenanigans, though domain-name look-ups can be observed… though if the FBI really wants your information, it has technical and legal avenues to get it. It depends on how difficult you want to make an agent's life.”
As ever with matters of public policy and legislation, there is often a lot more nuance to issues than is presented.
Is There Anything We Can Do About It?
It might seem like the average person is fairly powerless to stop the FBI snooping on our browsing history. However, there are some ways of fighting back.
“The failure to prohibit the warrantless collection of search and browser histories is another indicator of the continuing deterioration of internet users' online privacy,” said Chris Hauk, consumer privacy champion at Pixel Privacy. “This is why I strongly recommend that internet users only use security and privacy-focused browsers, such as Brave or the Tor Browser. Also, users should only perform searches on privacy-respecting search engines, such as DuckDuckGo.”
The Tor Browser, for example, works by encrypting your connection to the internet and then passing your traffic through voluntarily run servers to help mask your IP address.
However, the Tor Browser isn't the easiest to use, and your upload and download speeds will suffer with all that encryption and server-hopping.
VPNs are a slightly easier way to ensure incognito browsing. The basic idea behind a VPN is to create a private, encrypted ‘tunnel’ that connects your computer, smartphone, or tablet directly to a secure VPN proxy server. This, in turn, connects you to the rest of the internet.
The VPN server hides your true IP address, making it impossible to trace the connection directly to you. With all traffic to and from your device secured, no one can snoop on your activity or hijack your connection.
The methods will keep you more secure online than doing nothing. But, of course, you could always trying petitioning your senator or representative when the reauthorization returns to try and get the amendment removed.
See Tech.co's guide to the most secure VPNs you can use today to browse safely — from less than $3/mo