U.S. lawmakers want to restrict internet surveillance on Americans

U.S. lawmakers want to restrict internet surveillance on Americans

By Dustin Volz

(Reuters) – A bipartisan group of U.S. lawmakers unveiled legislation on Wednesday that would overhaul aspects of the National Security Agency’s warrantless internet surveillance program in an effort to install additional privacy protections.

The bill, which will be formally introduced as soon as Thursday, is likely to revive debate in Washington over the balance between security and privacy, amid concerns among some lawmakers in both parties that the U.S. government may be too eager to spy on its own citizens.

The legislation, written by the House of Representatives Judiciary Committee, is seen by civil liberties groups as the best chance in Congress to reform the law, known as Section 702 of the Foreign Intelligence Surveillance Act, before its expiration on Dec. 31.

Senior U.S. intelligence officials consider Section 702 to be among the most vital tools they have to thwart threats to national security and American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

But the program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant by the Federal Bureau of Investigation.

A discussion draft of the legislation, a copy of which was seen by Reuters, partially restricts the FBI’s ability to access American data collected under Section 702 by requiring the agency to obtain a warrant when seeking evidence of a crime.

That limit would not apply, however, to requests of data that involve counterterrorism or counter-espionage.

The narrower restriction on what some have called a “backdoor search loophole” has disappointed some civil liberties groups. Several organizations sent a letter this week saying they would not support legislation that did not require a warrant for all queries of American data collected under Section 702.

The legislation would also renew the program for six years and codify the National Security Agency’s decision earlier this year to halt the collection of communications that merely mentioned a foreign intelligence target. But that codification would end in six years as well, meaning NSA could potentially resume the activity in 2023.

The spy agency has said it lost some operational capability by ending so-called “about” collection due to privacy compliance issues and has lobbied against a law that would make its termination permanent.

Republican senators introduced a bill earlier this year to renew Section 702 without changes and make it permanent, a position backed by the White House and intelligence agencies.

But that effort is expected to face major resistance in the House, where an influential conservative bloc of Republicans earlier this year said it opposed renewal unless major changes were made, reflecting disagreement within the majority party.

Separately, Senators John Cornyn, the No. 2 Republican in the chamber, and Democratic Senator Dianne Feinstein are working on Section 702 legislation that may also be introduced this week and include fewer reforms.

Democratic Senator Ron Wyden and Republican Senator Rand Paul are also planning to introduce a bill that would require a warrant for any query of Section 702 involving data belonging to an American.

(Reporting by Dustin Volz; Editing by Peter Cooney and Lisa Shumaker)

Tech companies urge U.S. Supreme Court to boost cellphone privacy

FILE PHOTO: A fan uses a cell phone to record a performance during the 2014 CMT Music Awards in Nashville, Tennessee June 4, 2014. REUTERS/Harrison McClary

By Andrew Chung

WASHINGTON (Reuters) – More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon Communications Inc <VZ.N>, have called on the U.S. Supreme Court to make it harder for government officials to access individuals’ sensitive cellphone data.

The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user’s whereabouts.

Signed by some of Silicon Valley’s biggest names, including Apple <AAPL.O>, Facebook <FB.O>, Twitter <TWTR.N>, Snap <SNAP.N> and Alphabet’s <GOOGL.O> Google, the brief said that as individuals’ data is increasingly collected through digital devices, greater privacy protections are needed under the law.

“That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant,” the brief said.

The justices agreed last June to hear the appeal by Timothy Carpenter, who was convicted in 2013 in a series of armed robberies of Radio Shack and T-Mobile stores in Ohio and Michigan.

Federal prosecutors helped place him near several of the robberies using “cell site location information” obtained from his wireless carrier.

Carpenter claims that without a warrant from a court, such data amounts to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment. But last year a federal appeals court upheld his convictions, finding that no warrant was required.

Carpenter’s case will be argued before the court some time after its new term begins in October.

The case comes amid growing scrutiny of the surveillance practices of U.S. law enforcement and intelligence agencies and concern among lawmakers across the political spectrum about civil liberties and police evading warrant requirements.

Nathan Freed Wessler, an attorney with the American Civil Liberties Union who is representing Carpenter, said the companies’ brief represented a “robust defense of their customers’ privacy rights in the digital age.”

Verizon’s participation in the brief was important, he added, given that it receives, like other wireless carriers, thousands of requests for cellphone location records every year from law enforcement. The requests are routinely granted.

Civil liberties lawyers have said police need “probable cause,” and therefore a warrant, to avoid constitutionally unreasonable searches.

The companies said in their brief the Supreme Court should clarify that when it comes to digital data that can reveal personal information, people should not lose protections against government intrusion “simply by choosing to use those technologies.”

(Reporting by Andrew Chung; Editing by Chizu Nomiyama)

Three more states refuse Trump commission’s voter data request

FILE PHOTO: A ballot is placed into a locked ballot box by a poll worker as people line-up to vote early at the San Diego County Elections Office in San Diego, California, U.S., November 7, 2016. REUTERS/Mike Blake/File Photo

By Ian Simpson

WASHINGTON (Reuters) – Maryland, Delaware and Louisiana on Monday joined a growing number of U.S. states that have refused to hand over voter data to a commission established by President Donald Trump to investigate possible voting fraud.

More than 20 states, including Virginia, Kentucky, California, New York and Massachusetts, have declined to provide some or all of the information that the panel requested, saying it was unnecessary and violated privacy.

Republican Trump created the Presidential Advisory Commission on Election Integrity in May after making unsubstantiated claims that millions of people voted illegally for his Democratic rival, Hillary Clinton, in last November’s election.

Calling the request “repugnant,” Maryland Attorney General Brian Frosh said in a statement that his office had advised the State Board of Elections that the commission’s request was illegal.

The request “appears designed only to intimidate voters and to indulge President Trump’s fantasy that he won the popular vote,” Frosh said.

The commission sent a letter to the 50 states asking them to turn over voter information including names, the last four digits of Social Security numbers, addresses, birth dates, political affiliations, felony convictions and voting histories.

Louisiana Secretary of State Tom Schedler said the presidential commission could purchase the limited information legally available to candidates running for office.

“You’re not going to play politics with Louisiana’s voter data,” he said in a statement.

Delaware Elections Commissioner Elaine Manlove said in an interview with Milford’s WXDE-FM radio that her office would not comply since some of the information was confidential. Manlove said she was working with the attorney general’s office to see if the request could be denied completely.

Trump has blasted the states who have refused to turn over the data. He said in a tweet on Saturday, “What are they trying to hide?”

Trump won the White House through victory in the Electoral College, which tallies wins in states, but he lost the popular vote to Clinton by some 3 million votes. He has claimed he would have won the popular vote had it not been for voter fraud.

Civil rights activists say the commission will encourage voter suppression by justifying new barriers to voting, such as requiring identity cards to vote.

(Reporting by Ian Simpson in Washington; Editing by Frank McGurty and Grant McCool)

Facebook beats privacy lawsuit in U.S. over user tracking

The Facebook logo is displayed on their website

By Jonathan Stempel

(Reuters) – A U.S. judge has dismissed nationwide litigation accusing Facebook Inc of tracking users’ internet activity even after they logged out of the social media website.

In a decision late on Friday, U.S. District Judge Edward Davila in San Jose, California said the plaintiffs failed to show they had a reasonable expectation of privacy, or that they suffered any “realistic” economic harm or loss.

The plaintiffs claimed that Facebook violated federal and California privacy and wiretapping laws by storing cookies on their browsers that tracked when they visited outside websites containing Facebook “like” buttons.

But the judge said the plaintiffs could have taken steps to keep their browsing histories private, and failed to show that Menlo Park, California-based Facebook illegally “intercepted” or eavesdropped on their communications.

“The fact that a user’s web browser automatically sends the same information to both parties,” meaning Facebook and an outside website, “does not establish that one party intercepted the user’s communication with the other,” Davila wrote.

Lawyers for the plaintiffs did not immediately respond on Monday to requests for comment. Facebook did not immediately respond to a similar request.

Davila said the plaintiffs cannot bring their privacy and wiretapping claims again, but can try to pursue a breach of contract claim again. He had dismissed an earlier version of the 5-1/2-year-old case in October 2015.

The case is In re: Facebook Internet Tracking Litigation, U.S. District Court, Northern District of California, No. 12-md-02314.

 

(Reporting by Jonathan Stempel in New York; Editing by Bill Rigby)

 

U.S. Supreme Court to settle major cellphone privacy case

People speak on their cell phones near a blocked off area after a speeding vehicle struck pedestrians in Times Square in New York City, May 18, 2017. REUTERS/Brendan Mcdermid

By Lawrence Hurley

WASHINGTON (Reuters) – Police officers for the first time could be required to obtain warrants to get data on the past locations of criminal suspects based on cellphone use under a major case on privacy rights in the digital age taken up by the U.S. Supreme Court on Monday.

The justices agreed to hear an appeal by a man convicted in a series of armed robberies in Ohio and Michigan with the help of past cellphone location data who contends that without a warrant from a court such data amounts to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment.

Cellphone location records are becoming increasingly important to police in criminal investigations, with authorities routinely requesting and receiving this information from wireless providers.

Police helped establish that the man at the center of the case, Timothy Carpenter, was near the scene of the robberies at Radio Shack and T-Mobile stores by securing past “cell site location information” from his cellphone carrier that tracked which local cellphone towers relayed his calls.

The case reaches the high court amid growing scrutiny of the surveillance practices of U.S. law enforcement and intelligence agencies amid concern among lawmakers across the political spectrum about civil liberties and police evading warrant requirements.

The legal fight has raised questions about how much companies protect the privacy rights of their customers. The big four wireless carriers, Verizon Communications Inc<VZ.N>, AT&T Inc<T.N>, T-Mobile US Inc<TMUS.O> and Sprint Corp<S.N>, receive tens of thousands of requests a year from law enforcement for what is known as “cell site location information,” or CSLI. The requests are routinely granted.

The Supreme Court has twice in recent years ruled on major cases concerning how criminal law applies to new technology, on each occasion ruling against law enforcement. In 2012, the court held that a warrant is required to place a GPS tracking device on a vehicle. Two years later, the court said police need a warrant to search a cellphone that is seized during an arrest.

The information that law enforcement agencies can obtain from wireless carriers shows which local cellphone towers users connect to at the time they make calls. Police can use historical data to determine if a suspect was in the vicinity of a crime scene or real-time data to track a suspect.

Carpenter’s bid to suppress the evidence failed and he was convicted of six robbery counts. On appeal, the Cincinnati, Ohio-based 6th U.S. Circuit Court of Appeals upheld his convictions, finding that no warrant was required for the cellphone information.

Civil liberties lawyers have said that police need “probable cause,” and therefore a warrant, in order to avoid constitutionally unreasonable searches.

‘LONGSTANDING PROTECTIONS’

“Because cellphone location records can reveal countless private details of our lives, police should only be able to access them by getting a warrant based on probable cause,” said Nathan Freed Wessler, a staff attorney with the American Civil Liberty Union’s Speech, Privacy and Technology Project who represents Carpenter.

“The time has come for the Supreme Court to make clear that the longstanding protections of the Fourth Amendment apply with undiminished force to these kinds of sensitive digital records,” Wessler added.

But, based on a provision of a 1986 federal law called the Stored Communications Act, the government said it does not need probable cause to obtain customer records. Instead, the government said, prosecutors must show only that there are “reasonable grounds” for the records and that they are “relevant and material” to an investigation.

The case will be heard and decided in the court’s next term, which starts in October and ends in June 2018.

The Trump administration said in court papers the government has a “compelling interest” for acquiring the records without a warrant because the information is particularly useful at the early stage of a criminal investigation.

“Society has a strong interest in both promptly apprehending criminals and exonerating innocent suspects as early as possible during an investigation,” the administration said in a brief.

David LaBahn, president of the Association of Prosecuting Attorneys, said warrants can be obtained quickly from judges but police may have problems getting the evidence needed to show probable cause.

“They may not be able to get over that legal hurdle, so the court couldn’t issue the warrant,” LaBahn said.

Civil liberties groups assert that the 1986 law did not anticipate the way mobile devices now contain a wealth of data on each user.

Steve Vladeck, a national security and constitutional law professor at the University of Texas, said the case will have “enormous implications” over how much data the government can obtain from phone companies and other technology firms about their customers without a warrant.

“Courts and commentators have tried to figure out exactly when individuals will have a continuing expectation of privacy even in data they’ve voluntarily shared with a third party,” Vladeck said. “This case squarely raises that question.”

(Reporting by Lawrence Hurley; Additional reporting by Dustin Volz; Editing by Will Dunham)

U.S. says Trump order will not undermine data transfer deals with EU

U.S. President Donald Trump walks after speaking during the Governor's Dinner in the State Dining Room at the White House in Washington, U.S., February 26, 2017.

By Julia Fioretti

BRUSSELS (Reuters) – An executive order signed by U.S. President Donald Trump to crack down on illegal immigration will not undermine two data transfer agreements between the United States and the EU, Washington wrote in a letter to allay European concerns.

An executive order signed by Trump on Jan. 25 aiming to toughen enforcement of U.S. immigration law rattled the European Union as it appeared to suggest Europeans would not be given the same privacy protections as U.S. citizens.

The order directs U.S. agencies to “exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

Securing equal treatment of EU citizens was key to agreeing the Umbrella Agreement which protects law enforcement data shared between the United States and the EU.

And the EU-U.S. Privacy Shield – which makes possible about $260 billion of trade in digital services – was only clinched after Washington agreed to protect the data from excessive surveillance and misuse by companies.

In the first written confirmation since the executive order stoked uncertainty over transatlantic data flows, the U.S. Department of Justice said the executive order did not affect either the Umbrella Agreement or the Privacy Shield.

“Section 14 of the Executive Order does not affect the privacy rights extended by the Judicial Redress Act to Europeans. Nor does Section 14 affect the commitments the United States has made under the DPPA (Umbrella Agreement) or the Privacy Shield,” Bruce Swartz, Deputy Assistant Attorney General, wrote to the European Commission in a letter seen by Reuters.

EU Justice Commissioner Vera Jourova, who will travel to the United States at the end of March, said she was “not worried” but remained vigilant.

The EU-U.S. Privacy Shield is used by almost 2,000 companies including Google, Facebook and Microsoft  to store data about EU citizens on U.S. servers.

Its predecessor was struck down in 2015 by the EU’s top court for allowing U.S. agents unfettered access to Europeans’ data, forcing an acceleration of difficult talks to find a replacement.

(Reporting by Julia Fioretti; Editing by Mark Potter)

FCC chair to block stricter broadband data privacy rules

File Photo: Ajit Pai speaks at a FCC Net Neutrality hearing in Washington February 26, 2015. REUTERS/Yuri Gripas

By David Shepardson

WASHINGTON (Reuters) – The U.S. Federal Communications Commission will block some Obama administration rules that subject broadband providers to stricter scrutiny than websites, a spokesman said on Friday, in a victory for internet providers such as AT&T Inc <T.N>, Comcast Corp <CMCSA.O> and Verizon Communications Inc <VZ.N>.

The rules approved by the FCC in October in a 3-2 vote were aimed at protecting sensitive personal consumer data, but the spokesman said Ajit Pai, the FCC chairman appointed by President Donald Trump, believes all companies in the “online space should be subject to the same rules, and the federal government should not favor one set of companies over another.”

FCC spokesman Mark Wigfield said in a statement that the suspension affects only the data security rules, which are set to take effect on March 2. Some other aspects of the rules are under review by the White House Office of Management and Budget.

Pai plans by March 2 to delay the implementation of some rules, which subject companies to stricter oversight than websites under Federal Trade Commission rules, the spokesman said. Such a temporary stay is a first step toward permanently preventing the rules from taking effect.

The rules would subject broadband internet service providers to more stringent requirements than websites like Facebook Inc <FB.O>, Twitter Inc <TWTR.N> or Alphabet Inc’s <GOOGL.O> Google.

Providers would need to obtain consumer consent before using certain user data for advertising and internal marketing. They would be required to get consent for details like precise geo-location, financial information, health information, children’s information, Web browsing history, app usage history and communication content.

For less sensitive information such as email addresses or service tiers, consumers would be able to opt out.

Republican commissioners including Pai, said in October the rules unfairly give websites the ability to harvest more data than service providers and dominate digital advertising.

Pai said in October the FCC “adopted one-sided rules that will cement edge providers’ dominance in the online advertising market.” Google and Facebook dominate that market and account for about two-thirds of all revenue.

Former FCC Chairman Tom Wheeler, who authored the privacy rules, told Reuters on Friday that they are necessary because consumers have few options when it comes to broadband providers. “The fact of the matter is it’s the consumer’s information,” he said. “It’s not the network’s information.”

Berin Szóka, president of TechFreedom, said Pai’s decision was a good move because “because the real question isn’t a policy question but a legal one: does the FCC even have authority to regulate broadband privacy?”

(Reporting by David Shepardson in Washington; Additional reporting by Anjali Athavaley in New York; Editing by Richard Chang and Grant McCool)

FBI to gain expanded hacking powers as Senate effort to block fails

Password on Computer Screen

By Dustin Volz

WASHINGTON (Reuters) – A last-ditch effort in the Senate to block or delay rule changes that would expand the U.S. government’s hacking powers failed Wednesday, despite concerns the changes would jeopardize the privacy rights of innocent Americans and risk possible abuse by the incoming administration of President-elect Donald Trump.

Democratic Senator Ron Wyden attempted three times to delay the changes, which will take effect on Thursday and allow U.S. judges will be able to issue search warrants that give the FBI the authority to remotely access computers in any jurisdiction, potentially even overseas. His efforts were blocked by Senator John Cornyn of Texas, the Senate’s second-ranking Republican.

The changes will allow judges to issue warrants in cases when a suspect uses anonymizing technology to conceal the location of his or her computer or for an investigation into a network of hacked or infected computers, such as a botnet.

Magistrate judges can currently only order searches within the jurisdiction of their court, which is typically limited to a few counties.

In a speech from the Senate floor, Wyden said that the changes to Rule 41 of the federal rules of criminal procedure amounted to “one of the biggest mistakes in surveillance policy in years.”

The government will have “unprecedented authority to hack into Americans’ personal phones, computers and other devices,” Wyden said.

He added that such authority, which was approved by the Supreme Court in a private vote earlier this year, but was not subject to congressional approval, was especially troubling in the hands of an administration of President-elect Trump, a Republican who has “openly said he wants the power to hack his political opponents the same way Russia does.”

Democratic Senator Chris Coons of Delaware and Republican Senator Steve Daines of Montana also delivered speeches voicing opposition to the rule changes.

The U.S. Justice Department has pushed for the changes to the federal rules of criminal procedure for years, arguing they are procedural in nature and the criminal code needed to be modernized for the digital age.

In an effort to address concerns, U.S. Assistant Attorney General Leslie Caldwell wrote a blog post this week arguing that the benefits given to authorities from the rule changes outweighed any potential for “unintended harm.”

“The possibility of such harm must be balanced against the very real and ongoing harms perpetrated by criminals – such as hackers, who continue to harm the security and invade the privacy of Americans through an ongoing botnet, or pedophiles who openly and brazenly discuss their plans to sexually assault children,” Caldwell wrote.

A handful of judges in recent months had dismissed evidence brought as part of a sweeping FBI child pornography sting, saying the search warrants used to hack suspects’ computers exceeded their jurisdiction.

The new rules are expected to make such searches generally valid.

Blocking the changes would have required legislation to pass both houses of Congress, then be signed into law by the president.

(Reporting by Dustin Volz, editing by G Crosse)

Document spells out FBI rules to get journalists’ phone records: article

FBI headquarters

By Dustin Volz

WASHINGTON (Reuters) – The Federal Bureau of Investigation is allowed to seek journalists’ phone records with the approval of two government officials through a secretive surveillance process that does not require a warrant, The Intercept website reported on Thursday, citing a classified document.

The document, which The Intercept published without citing sources, was described as a classified appendix of the FBI’s Domestic Investigations and Operations Guide (DIOG) and was dated Oct. 16, 2013. The related document is at http://bit.ly/295HIpY.

Reuters could not verify the authenticity of the document.

FBI spokesman Christopher Allen said in an emailed reply to a Reuters request for comment, “We post a redacted version of the DIOG on our website. I am not in a position to comment or authenticate any other version.” Allen referred to an FBI website regarding the agency’s Domestic Investigations and Operations Guide. http://1.usa.gov/1QleO9n

“Because the DIOG governs sensitive operations and investigations, not all of its contents can be released,” Allen wrote.

“As a result I am not able to comment on how, or whether, the DIOG is updated as laws, Guidelines, or technology change. However, the FBI periodically reviews and updates the DIOG as needed,” he said.

Allen said the FBI’s DIOG remained consistent with guidelines from the U.S. attorney general.

The Intercept is an online publication launched in 2014 by First Look Media, which was created and funded by eBay founder Pierre Omidyar. The editors are Glenn Greenwald, Laura Poitras and Jeremy Scahill, who were all involved in breaking the Edward Snowden story.

The Intercept reported that, according to the document, pursuing a journalist’s call data with a national security letter requires the consent of the FBI’s general counsel and the executive assistant director of its national security branch, in addition to normal chain-of-command approval.

A national security letter is a type of government order for communications data sent to service providers. It is usually issued with a gag order, meaning the target is often unaware that records are being accessed.

There are several proposals in Congress to broaden the scope of national security letters, or NSLs. Privacy advocates, however, have said the authority is used too often, circumvents judicial oversight and lacks adequate transparency safeguards.

The Intercept reported that an added layer of review by the U.S. Justice Department’s assistant attorney general for national security is necessary to use an NSL to seek a journalist’s records if they are being sought “to identify confidential news media sources.”

National security letters have been available as a law enforcement tool since the 1970s. But their frequency and breadth expanded under the USA Patriot Act enacted shortly after the Sept. 11, 2001, attacks on the United States.

The FBI made 48,642 requests for data via NSLs in 2015, according to a Justice Department memo seen by Reuters in May.

Currently, national security letters can only compel sharing of phone billing records, according to a 2008 legal memo written by the U.S. Justice Department. Still, the FBI has used the letters since then to request internet records during national security investigations.

The U.S. Senate last week fell two votes short of advancing legislation that would broaden the type of records the FBI can compel a company to hand over under an NSL to include email metadata and some browsing history.

(Reporting by Dustin Volz; Editing by Dan Grebler, Toni Reinhold)

Push to expand FBI surveillance authority threatens email privacy bill

A lock icon, signifying an encrypted Internet

By Dustin Volz

WASHINGTON (Reuters) – An effort in the U.S. Senate to expand the Federal Bureau of Investigation’s authority to use a secretive surveillance order has delayed a vote on a popular email privacy bill, casting further doubt on whether the legislation will become law this year.

The Senate Judiciary Committee on Thursday postponed consideration of a measure that would require government authorities to obtain a search warrant before asking technology companies, such as Microsoft and Alphabet Inc’s Google , to hand over old emails. A version of the Senate bill unanimously passed the House last month.

Currently, federal agencies do not need a warrant to access emails or other digital communications more than 180 days old due to a provision in a 1986 law that considers them abandoned by the owner.

But Republican party senators offered amendments Thursday that privacy advocates argued contravened the purpose of the underlying bill and would likely sink its chances of becoming law.

Those amendments include one by Senator John Cornyn, the second ranking Republican in the Senate, that would broaden the FBI’s authority to deploy an administrative subpoena known as a National Security Letter to include electronic communications transaction records such as the times tamps of emails and their senders and recipients.

Senators Patrick Leahy and Mike Lee, the Democratic and Republican authors of the email privacy bill, agreed to postpone the vote to give time to lawmakers to review the amendments and other provisions of the bill that have prompted disagreement.

NSLs do not require a warrant and are almost always accompanied by a gag order preventing the service provider from sharing the request with a targeted user.

The letters have existed since the 1970s, though the scope and frequency of their use expanded greatly after the Sept. 11, 2001 attacks on the United States.

In 2015 requests for customer records via NSLs increased nearly 50 percent to 48,642 requests, up from 33,024 in 2014, according to a U.S. government transparency report.

The Obama administration has for years lobbied for a change to how NSLs can be used, after a 2008 legal memo from the Justice Department said the law limits them largely to phone billing records. FBI Director James Comey has said the change needed essentially corrects a typo.

The Senate Intelligence Committee this week passed a bill to fund the U.S. intelligence community that contains a similar provision that would allow NSLs to be used to gather email records.

Senator Ron Wyden, an Oregon Democrat, voted against the proposal and said it “takes a hatchet to important protections for Americans’ liberty.”

(Reporting by Dustin Volz; Editing by Alan Crosby)