Facebook to pay record $5 billion U.S. fine over privacy violations; critics call it a bargain

Federal Trade Commission (FTC) Chairman Joe Simons announces that Facebook Inc has agreed to a settlement of allegations it mishandled user privacy during a news conference at FTC Headquarters in Washington, U.S., July 24, 2019. REUTERS/Yuri Gripas

By David Shepardson

WASHINGTON (Reuters) – Facebook Inc will pay a record-breaking $5 billion fine to resolve a government probe into its privacy practices and the social media giant will restructure its approach to privacy, the U.S. Federal Trade Commission said on Wednesday.

The probe uncovered a wide range of privacy issues. It was triggered last year by allegations that Facebook violated a 2012 consent decree by inappropriately sharing information belonging to 87 million users with the now-defunct British political consulting firm Cambridge Analytica. The consultancy’s clients included President Donald Trump’s 2016 election campaign.

The FTC voted 3-2 along party lines to adopt the settlement, which requires court approval. The Republican commissioners called the settlement “a complete home run” that exceeded any award the commission could have gotten in court. Democratic commissioners said it did not go far enough or require a large enough fine.

Republican FTC Chairman Joe Simons stressed the FTC’s limited authority and desire to avoid a long uncertain court fight.

“Would it have been nice to get more, to get $10 billion, instead of $5 billion for example, to get greater restrictions on how Facebook collects uses and shares data?” he asked at a press conference. “We did not have those options. We cannot impose such things by our own fiat.”

Facebook confirmed it would pay the $5 billion fine and said the FTC deal would provide “a comprehensive new framework for protecting people’s privacy.” Its share price fell about 1% on Wednesday morning to trade at $200.39.

Democratic FTC Commissioner Rohit Chopra complained that the penalty provided “blanket immunity” for Facebook executives “and no real restraints on Facebook’s business model” and does “not fix the core problems that led to these violations.”

Facebook agreed to pay an additional $100 million to settle allegations that it misled investors about the seriousness of its misuse of users’ data, the Securities and Exchange Commission said.

Under the FTC settlement, Facebook’s board will create an independent privacy committee that removes “unfettered control by Facebook CEO Mark Zuckerberg over decisions affecting user privacy.”

Facebook also agreed to exercise greater oversight over third-party apps, and said it was ending access to friend data for Microsoft Corp and Sony Corp.

The Republican majority on the FTC said the settlement “significantly diminishes Mr. Zuckerberg’s power — something no government agency, anywhere in the world, has thus far accomplished.”

Under the deal, Zuckerberg and other Facebook executives must sign quarterly certifications attesting to privacy practices. The FTC said Zuckerberg or others filing a false certification could face civil and criminal penalties.

Facebook also is barred from asking for email passwords to other services when consumers sign up. It is barred from using telephone numbers for advertising if they are obtained in a security feature like two-factor authentication. The company must also get user consent to use facial recognition data.

Facebook said it may find additional problems as it initiates a review of its systems and warned it will take longer to roll out updates as it plans to use “hundreds of engineers and more than a thousand people across our company to do this important work.”

“As part of this settlement, we’re bringing our privacy controls more in line with our financial controls,” Zuckerberg said in a Facebook post. “Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we’ll have to document any risks and the steps we’re taking to mitigate them.”

The FTC also said that Cambridge Analytica’s former CEO Alexander Nix and former app developer Aleksandr Kogan had agreed to a settlement restricting how they conduct business.

Senator Richard Blumenthal of Connecticut was one of several Democratic lawmakers who criticized the settlement, calling it “a fig leaf” that offers “no accountability for top executives.”

“By relying on a monetary fine to deter Facebook, the FTC has failed to heed history’s lessons. Facebook has already written this penalty down as a one-time-cost in return for the extraordinary profits reaped from a decade of data misuse,” said Blumenthal.

Facebook’s legal issues may not be over. On Tuesday, the U.S. Justice Department said it was opening a broad investigation of major digital technology firms into whether they engage in anti-competitive practices.

The department did not identify specific companies but said the review would consider concerns raised about “search, social media, and some retail services online.” Leaders in those areas include Google parent Alphabet Inc, Amazon.com Inc, Facebook and possibly Apple Inc.

FTC DECIDED TO SETTLE PROBE

The Republican commissioners led by Simons said if the FTC had gone to court “it is highly unlikely that any judge would have imposed a civil penalty even remotely close to this one.”

The Democrats on the FTC complained that the $5 billion penalty may be less than Facebook’s gains from violating users’ privacy. “Until we address Facebook’s core financial incentives for risking our personal privacy and national security, we will not be able to prevent these problems from happening again,” Chopra said.

His fellow Democratic commissioner, Rebecca Slaughter, said the FTC should have taken Facebook and Zuckerberg to court. She also criticized the FTC’s decision to grant Facebook and its executives a release from liability for any claims that prior to June 12, 2019 it violated the earlier FTC settlement.

Slaughter said the FTC failed “to impose any substantive restrictions on Facebook’s collection and use of data from or about users.”

Chopra said the settlement means “the commission — and the public — may never find out what Facebook knows… It is difficult to conclude that the commission got the better end of the bargain.”

(Reporting by David Shepardson; additional reporting by Diane Bartz; Editing by Lisa Shumaker and David Gregorio)

When a text can trigger a lynching: WhatsApp struggles with incendiary messages in India

Satish Bhaykre, 21, who was beaten by a mob due to a fake WhatsApp text, poses inside his house on the outskirts of Nagpur, India, June 23, 2018. Picture taken June 23, 2018. REUTERS/Stringer

By Sankalp Phartiyal, Subrat Patnaik and David Ingram

MUMBAI (Reuters) – A WhatsApp text circulating in some districts of India’s central Madhya Pradesh state helped to inflame a mob of 50-60 villagers into savagely beating up two innocent men last week on suspicion that they were going to murder people and sell their body parts.

The essence of the message, written in Hindi, was that 500 people disguised as beggars were roaming the area so that they could kill people to harvest their organs. The message also urged recipients to forward it to friends and family. Police say the message was fake.

Police officers who joined several local WhatsApp groups, found three men circulating the message and they were arrested, said Jayadevan A, the police chief for Balaghat district, where the incident occurred.

This happened just weeks after a WhatsApp text warning of 400 child traffickers arriving in the southern Indian technology hub of Bengaluru led a frenzied mob to lynch a 26-year-old man, a migrant construction worker from another Indian state, on suspicions that he was a kidnapper. He was attacked while he was just walking on the road.

So far this year, false messages about child abductors on Facebook Inc <FB.O>-owned WhatsApp have helped to trigger mass beatings of more than a dozen people in India – at least three of whom have died. In addition, fake messages about child snatchers on Facebook, as well as some texts on WhatsApp, also led to the lynching of two men in eastern India earlier this month.

WHATSAPP’S BIGGEST MARKET

With more than 200 million users in India, WhatsApp’s biggest market in the world, false news and videos circulating on the messaging app have become a new headache for social media giant Facebook, already grappling with a privacy scandal.

In India, a country with over a billion phone subscribers with access to cheap mobile data, false news messages and videos can instantly go viral, creating mass hysteria and stirring up communal tensions.

Those tensions can be high between the Majority Hindu community and the minority Muslim population but also within the rigid Hindu caste hierarchy where the so-called Dalits at the bottom of the pyramid have faced attacks for trying to improve their position in society.

In 2017, at least 111 people were killed and 2,384 injured in 822 communal incidents in the country, according to the federal home affairs ministry. It is unclear whether any of these incidents were triggered by fake news messages.

WhatsApp said it is aware of the incidents in India through media coverage.

“Sadly some people also use WhatsApp to spread harmful misinformation,” WhatsApp said in a statement. “We’re stepping up our education efforts so that people know about our safety features and how to spot fake news and hoaxes.”

Group texts, where fake news spreads most easily, are still a minority: 90 percent of messages are between two people, and the average group size is six people, according to the messaging platform.

WhatsApp also said it is considering changes to the service. For example, there is now a public beta test that is labeling any forwarded message.

The company is not planning any changes to its encryption, which ensures messages are not read by anyone except the sender and the recipient.

Facebook did not respond to a request for comment.

Two senior Indian government officials told Reuters that New Delhi had engaged with WhatsApp on the issue but they are not allowed to discuss the matter publicly. WhatsApp declined to comment on possible contact with Indian government officials.

Indian ministries of IT, home affairs and information and broadcasting did not respond to requests for comment.

PRIVACY CONCERNS

A deluge of hoax news incidents, several with fatal consequences, may bolster the Indian government’s attempts to get social networks to share more user data so that police can track down those spreading rumors. That concerns privacy advocates who fear the authorities will use such access against activists and political opponents, and not just against those spreading malicious information.

“Government restrictions on dissemination of false news are too often an attempt to shroud government intentions of restricting freedom of expression and criticism,” according to David Kaye, United Nations Special Rapporteur on the Right to Freedom of Opinion and Expression.

India’s Ministry of Information and Broadcasting has also recently floated a tender for a firm to scrutinize social media posts of Indian users and identify fake news.

The Indian authorities have been signaling they will take an increasingly harsh line with foreign companies who are providing Internet services in India.

India’s central bank in April issued a directive compelling all payments firms operating in the country to store payments data locally within six months for “unfettered supervisory access”. Separately, Prime Minister Narendra Modi’s government is working on a data protection law that could force all foreign tech firms to store key Indian user data locally.

“There is a distinct link between fake news and laws being proposed undermining privacy,” said Apar Gupta, a co-founder of advocacy Internet Freedom Foundation.

Meanwhile, the inflammatory hoax news messages keep coming.

One floating in Bengaluru last month warned parents to take “extra measures towards the safety” of children during the Muslim holy month of Ramadan as they remain busy with prayers and shopping.

More than 500 kidnappers have entered the southern state of Karnataka from western Rajasthan state and the cities of Chennai and Hyderabad, the message said.

WhatsApp messages on organ thieves or child abductions are just the tip of the iceberg though – fake reports can range from incorrect medical advice to news about top jobs.

A recent message circulating in India’s northeast starts by saying the deadly brain-damaging Nipah virus has arrived in Shillong city and advises parents to keep children away from lychees, a popular summer fruit. No confirmed cases of Nipah have been found yet outside of southern Kerala state.

(Reporting by Sankalp Phartiyal, Subrat Patnaik and David Ingram; additional reporting by Nidhi Verma in New Delhi, Derek Francis and Sangameswaran S in Bengaluru; Edited by Martin Howell)

Supreme Court rules warrants required for cellphone location data

FILE PHOTO: The U.S. Supreme Court is seen in Washington, U.S., June 11, 2018. REUTERS/Erin Schaff/File Photo

By Lawrence Hurley

WASHINGTON (Reuters) – The U.S. Supreme Court on Friday imposed limits on the ability of police to obtain cellphone data pinpointing the past location of criminal suspects in a major victory for digital privacy advocates and a setback for law enforcement authorities.

In the 5-4 ruling, the court said police generally need a court-approved warrant to get access to the data, setting a higher legal hurdle than previously existed under federal law. The court said obtaining such data without a warrant from wireless carriers, as police routinely do, amounted to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment.

In the ruling written by conservative Chief Justice John Roberts, the court decided in favor of Timothy Carpenter, who was convicted in several armed robberies at Radio Shack and T-Mobile stores in Ohio and Michigan with the help of past cellphone location data that linked him to the crime scenes.

Roberts stressed that the ruling did not resolve other hot-button digital privacy fights, including whether police need warrants to access real-time cellphone location information to track criminal suspects. The ruling has no bearing on “traditional surveillance techniques” such as security cameras or on data collection for national security purposes, he added.

Roberts was joined by the court’s four liberal justices in the majority. The court’s other four conservatives dissented.

Although the ruling explicitly concerned only historical cellphone data, digital privacy advocates are hopeful it will set the tone for future cases on other emerging legal issues prompted by new technology.

“Today’s decision rightly recognizes the need to protect the highly sensitive location data from our cellphones, but it also provides a path forward for safeguarding other sensitive digital information in future cases – from our emails, smart home appliances and technology that is yet to be invented,” said Nate Wessler, a lawyer at the American Civil Liberties Union who represents Carpenter.

“We decline to grant the state unrestricted access to a wireless carrier’s database of physical location information,” Roberts said.

Roberts said the ruling still allows police to avoid obtaining warrants for other types of business records. Police could also avoid obtaining warrants in emergency situations, Roberts added.

The high court endorsed the arguments made by Carpenter’s lawyers, who said that police needed “probable cause,” and therefore a warrant, to avoid a Fourth Amendment violation.

Conservative Justice Anthony Kennedy wrote in a dissenting opinion that the ruling could put “criminal investigations at serious risk in serious cases, often when law enforcement seeks to prevent the threat of violent crimes.”

Major Supreme Court rulings: https://tmsnrt.rs/2Mjahov

‘BIG BROTHER’

The case underscored the rising concerns among privacy advocates about the government’s ability to obtain an ever-growing amount of personal data. During arguments in the case in December, liberal Justice Sonia Sotomayor, who joined Roberts in the ruling, alluded to fears of “Big Brother,” the all-seeing leader in George Orwell’s dystopian novel “1984.”

Friday’s ruling was the third in recent years in which the court has resolved major cases on how criminal law applies to new technology, on each occasion ruling against law enforcement. In 2014, it required police in most instances to obtain a warrant to search a cellphone’s contents when its user is arrested. In 2012, it decided that a warrant is needed to place a GPS tracking device on a vehicle.

Police helped establish that Carpenter was near the scene of the robberies by securing from his cellphone carrier his past “cell site location information” that tracks which cellphone towers relay calls. His bid to suppress the evidence failed and he was convicted of six robbery counts.

Carpenter’s case will now return to lower courts. His conviction may not be overturned because of the other evidence linking him to the crimes.

The U.S. Justice Department had argued that probable cause should not be required to obtain customer records under a 1986 federal law called the Stored Communications Act. Instead, it argued for a lower standard – that prosecutors show only that there are “reasonable grounds” for the records and that they are “relevant and material” to an investigation.

Roberts wrote that the government’s argument “fails to contend with the seismic shifts in digital technology that made possible the tracking of not only Carpenter’s location but also everyone else’s.”

A Justice Department spokeswoman declined to comment after the ruling.

The decision was issued during a time of rising concern over surveillance practices of law enforcement and intelligence agencies and whether companies like wireless carriers care about customer privacy rights. The big four wireless carriers – Verizon Communications Inc, AT&T Inc, T-Mobile US Inc and Sprint Corp – receive tens of thousands of these requests yearly from law enforcement.

(Reporting by Lawrence Hurley; Editing by Will Dunham)

U.S. investigating Cambridge Analytica: New York Times

FILE PHOTO: Window cleaners work outside the offices of Cambridge Analytica in central London, Britain, March 24, 2018. REUTERS/Peter Nicholls/File Pho

WASHINGTON (Reuters) – The U.S. Justice Department and the FBI are investigating Cambridge Analytica, a now-defunct political data firm embroiled in a scandal over its handling of Facebook Inc user information, the New York Times reported on Tuesday.

Prosecutors have sought to question former Cambridge Analytica employees and banks that handled its business, the newspaper said, citing an American official and others familiar with the inquiry,

Cambridge Analytica said earlier this month it was shutting down after losing clients and facing mounting legal fees resulting from reports the company harvested personal data about millions of Facebook users beginning in 2014.

Allegations of the improper use of data for 87 million Facebook users by Cambridge Analytica, which was hired by President Donald Trump’s 2016 U.S. election campaign, have prompted multiple investigations in the United States and Europe.

The investigation by the Justice Department and FBI appears to focus on the company’s financial dealings and how it acquired and used personal data pulled from Facebook and other sources, the Times said.

Investigators have contacted Facebook, according to the newspaper.

The FBI, the Justice Department and Facebook declined to comment to Reuters. Former officials with Cambridge Analytica was not immediately available to comment.

Cambridge Analytica was created around 2013, initially with a focus on U.S. elections, with $15 million in backing from billionaire Republican donor Robert Mercer and a name chosen by future Trump White House adviser Steve Bannon, the New York Times has reported. Bannon left the White House on August 2017.

(Reporting by Eric Beech; Editing by Peter Cooney)

Facebook suspends 200 apps over data misuse investigation

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Facebook logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration/File Photo

(Reuters) – Facebook Inc has so far suspended around 200 apps in the first stage of its review into apps that had access to large quantities of user data, in a response to a scandal around political consultancy Cambridge Analytica.

The apps were suspended pending a thorough investigation into whether they misused any data, said Ime Archibong, Facebook’s vice president of product partnerships.

Facebook said it has looked into thousands of apps till date as part of an investigation that Chief Executive Officer Mark Zuckerberg announced on March 21.

Zuckerberg had said the social network will investigate all apps that had access to large amounts of information before the company curtailed data access in 2014.

“There is a lot more work to be done to find all the apps that may have misused people’s Facebook data – and it will take time,” Archibong said.

“We have large teams of internal and external experts working hard to investigate these apps as quickly as possible.”

Facebook was hit by the privacy scandal in mid-March after media reports that Cambridge Analytica improperly accessed data to build profiles on American voters and influence the 2016 presidential election.

The incident led to backlash from celebrities and resulted in the company losing billions in market value. Zuckerberg apologized for the mistakes his company made and testified before the U.S. lawmakers.

The company, however, regained much of its lost market value after it reported a surprisingly strong 63 percent rise in profit and an increase in users when it announced quarterly results on April 25.

Shares of the company were up 0.4 percent at $187.65 in premarket trading on Monday.

(This version of the story corrects share price in last paragraph.)

(Reporting by Supantha Mukherjee in Bengaluru; Editing by Saumyadeb Chakrabarty and Arun Koyyur)

Facebook to change privacy controls in wake of data scandal

Figurines are seen in front of the Facebook logo in this illustration taken March 20, 2018. REUTERS/Dado Ruvic

By Julia Fioretti

BRUSSELS (Reuters) – Facebook announced a series of changes on Wednesday to give users more control over their data, after a huge data scandal which has wiped more than $100 billion from its stock market value.

The company has faced a global outcry after a whistleblower revealed, on March 17, that data from 50 million users was improperly harvested to target U.S. and British voters in close-run elections.

“The last week showed how much more work we need to do to enforce our policies, and to help people understand how Facebook works and the choices they have over their data,” Erin Egan, Vice President and Chief Privacy Officer, and Ashlie Beringer, Vice President and Deputy General Counsel at Facebook, wrote in a blog post.

“So in addition to Mark’s announcements last week – cracking down on abuse of the Facebook platform, strengthening our policies, and making it easier for people to revoke apps’ ability to use your data – we’re taking additional steps in the coming weeks to put people in more control over their privacy.”

The measures come ahead of a landmark European Union data protection law in May. The social network will add a new “Privacy Shortcuts” menu which will let users worldwide review what they’ve shared and delete it, as well as features enabling them to download their data and move it to another service.

Facebook shares have fallen almost 18 percent since March 17. Users’ data was improperly accessed by British political consultancy Cambridge Analytica, which was hired by Donald Trump’s 2016 presidential campaign.

The company’s CEO, Mark Zuckerberg, has repeatedly apologized and bought full-page advertisements in U.S. and British newspapers promising to do more to restrict access to users’ information.

While Facebook said on Wednesday the changes it was announcing had been in the works for some time, it said the events of the “past several days underscore their importance.”

The Privacy Shortcuts menu will allow users to control their data in a few taps, including by letting them add more protection to their account, like two-factor authentication.

“You can review what you’ve shared and delete it if you want to. This includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook,” Egan and Beringer wrote.

Users will also be able to manage the information Facebook utilizes to serve them ads and download the data they have shared with Facebook – including photos, contacts and posts – and move it to another service.

The EU General Data Protection Regulation enters into force on May 25 and requires companies to give people a “right to portability”, namely to take their data with them.

It also introduces hefty fines for companies breaking the law, running up to 4 percent of global revenues.

Lawmakers in the United States and Europe are demanding to know more about Facebook’s privacy practices and Zuckerberg is due to testify before the U.S. Congress.

(Reporting by Julia Fioretti; Editing by Elaine Hardcastle)

U.S. Supreme Court weighs major digital privacy case

U.S. Supreme Court weighs major digital privacy case

By Lawrence Hurley

WASHINGTON (Reuters) – The U.S. Supreme Court on Wednesday takes up a major test of privacy rights in the digital age as it weighs whether police must obtain warrants to get data on the past locations of criminal suspects using cellphone data from wireless providers.

The justices at 10 a.m. (1500 GMT) are due to hear an appeal by a man named Timothy Carpenter convicted in a series of armed robberies in Ohio and Michigan with the help of past cellphone location data that linked him to the crime locations. His American Civil Liberties Union lawyers argue that without a court-issued warrant such data amounts to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment.

Law enforcement authorities routinely request and receive this information from wireless providers during criminal investigations as they try to link a suspect to a crime.

Police helped establish that Carpenter was near the scene of the robberies of Radio Shack and T-Mobile stores by securing from his cellphone carrier his past “cell site location information” tracking which cellphone towers had relayed his calls.

The legal fight has raised questions about the degree to which companies protect their customers’ privacy rights. The big four wireless carriers, Verizon Communications Inc, AT&T Inc, T-Mobile US Inc and Sprint Corp, receive tens of thousands of these requests annually from law enforcement.

Verizon was the only one of those four companies to tell the Supreme Court that it favors strong privacy protections for its customers, with the other three sitting on the sidelines.

There is growing scrutiny of the surveillance practices of U.S. law enforcement and intelligence agencies amid concern among lawmakers across the political spectrum about civil liberties and authorities evading warrant requirements.

The Supreme Court twice in recent years has ruled on major cases concerning how criminal law applies to new technology, both times ruling against law enforcement. In 2012, the court held that a warrant is required to place a GPS tracking device on a vehicle. Two years later, the court said police need a warrant to search a cellphone seized during an arrest.

Carpenter’s bid to suppress the evidence failed and he was convicted of six robbery counts. On appeal, the Cincinnati-based 6th U.S. Circuit Court of Appeals upheld his convictions, finding that no warrant was required for the cellphone data.

The ACLU said in court papers that police need “probable cause,” and therefore a warrant, in order to meet Fourth Amendment requirements.

Based on a provision of a 1986 federal law called the Stored Communications Act, the Justice Department said probable cause is not needed to obtain customer records. Instead, it argues, prosecutors must show only that there are “reasonable grounds” for the records to be provided and that they are “relevant and material” to an investigation.

President Donald Trump’s administration said in court papers the government has a “compelling interest” in acquiring the data without a warrant because the information is particularly useful at the early stages of a criminal investigation.

Civil liberties groups said the 1986 law did not anticipate the way mobile devices now contain a wealth of data on each user.

A ruling is due by the end of June.

(Reporting by Lawrence Hurley; Editing by Will Dunham)

U.S. House panel advances bill aimed at limiting NSA spying program

U.S. House panel advances bill aimed at limiting NSA spying program

By Dustin Volz

WASHINGTON (Reuters) – A U.S. House panel on Wednesday passed legislation seeking to overhaul some aspects of the National Security Agency’s warrantless internet surveillance program, overcoming criticism from civil liberties advocates that it did not include enough safeguards to protect Americans’ privacy.

The House Judiciary Committee voted 27-8 to approve the bill, which would partially restrict the U.S. government’s ability to review American data collected under the foreign intelligence program by requiring a warrant in some cases.

Lawmakers in both parties were sharply divided over whether the compromise proposal to amend what is known as Section 702 of the Foreign Intelligence Surveillance Act would enshrine sufficient privacy protections or possibly grant broader legal protections for the NSA’s surveillance regime.

“The ultimate goal here is to reauthorize a very important program with meaningful and responsible reforms,” Republican Bob Goodlatte, who chairs the committee, said. “If we do not protect this careful compromise, all sides of this debate risk losing.”

Passage of the House bill sets up a potential collision with two separate pieces of legislation advancing in the U.S. Senate, one favored by privacy advocates and one considered more acceptable to U.S. intelligence agencies.

Congress must renew Section 702 in some form before Dec. 31 or the program will expire.

U.S. intelligence officials consider Section 702 among the most vital of tools at their disposal to thwart threats to national security and American allies.

It allows the NSA to collect vast amounts of digital communications from foreign suspects living outside the United States.

But the program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, incidentally gathers communications of Americans for a variety of technical reasons, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant, including by the Federal Bureau of Investigation.

The House bill, known as the USA Liberty Act, partially restricts the FBI’s ability to review American data collected under Section 702 by requiring the agency to obtain a warrant when seeking evidence of crime.

It does not mandate a warrant in other cases, such as requests for data related to counterterrorism or counter-espionage.

The committee rejected an amendment offered by Republican Representative Ted Poe and Democratic Representative Zoe Lofgren that would have generally required all searches of U.S. data collected through Section 702 to require a warrant. In 2014 and 2015 the full House of Representatives voted with strong bipartisan support to adopt such a measure, though it never became law.

“We have created a measure that has actually taken us backwards in terms of constitutional rights,” Lofgren said.

(Reporting by Dustin Volz; editing by James Dalgleish)

U.S. lawmakers want to restrict internet surveillance on Americans

U.S. lawmakers want to restrict internet surveillance on Americans

By Dustin Volz

(Reuters) – A bipartisan group of U.S. lawmakers unveiled legislation on Wednesday that would overhaul aspects of the National Security Agency’s warrantless internet surveillance program in an effort to install additional privacy protections.

The bill, which will be formally introduced as soon as Thursday, is likely to revive debate in Washington over the balance between security and privacy, amid concerns among some lawmakers in both parties that the U.S. government may be too eager to spy on its own citizens.

The legislation, written by the House of Representatives Judiciary Committee, is seen by civil liberties groups as the best chance in Congress to reform the law, known as Section 702 of the Foreign Intelligence Surveillance Act, before its expiration on Dec. 31.

Senior U.S. intelligence officials consider Section 702 to be among the most vital tools they have to thwart threats to national security and American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

But the program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant by the Federal Bureau of Investigation.

A discussion draft of the legislation, a copy of which was seen by Reuters, partially restricts the FBI’s ability to access American data collected under Section 702 by requiring the agency to obtain a warrant when seeking evidence of a crime.

That limit would not apply, however, to requests of data that involve counterterrorism or counter-espionage.

The narrower restriction on what some have called a “backdoor search loophole” has disappointed some civil liberties groups. Several organizations sent a letter this week saying they would not support legislation that did not require a warrant for all queries of American data collected under Section 702.

The legislation would also renew the program for six years and codify the National Security Agency’s decision earlier this year to halt the collection of communications that merely mentioned a foreign intelligence target. But that codification would end in six years as well, meaning NSA could potentially resume the activity in 2023.

The spy agency has said it lost some operational capability by ending so-called “about” collection due to privacy compliance issues and has lobbied against a law that would make its termination permanent.

Republican senators introduced a bill earlier this year to renew Section 702 without changes and make it permanent, a position backed by the White House and intelligence agencies.

But that effort is expected to face major resistance in the House, where an influential conservative bloc of Republicans earlier this year said it opposed renewal unless major changes were made, reflecting disagreement within the majority party.

Separately, Senators John Cornyn, the No. 2 Republican in the chamber, and Democratic Senator Dianne Feinstein are working on Section 702 legislation that may also be introduced this week and include fewer reforms.

Democratic Senator Ron Wyden and Republican Senator Rand Paul are also planning to introduce a bill that would require a warrant for any query of Section 702 involving data belonging to an American.

(Reporting by Dustin Volz; Editing by Peter Cooney and Lisa Shumaker)

Tech companies urge U.S. Supreme Court to boost cellphone privacy

FILE PHOTO: A fan uses a cell phone to record a performance during the 2014 CMT Music Awards in Nashville, Tennessee June 4, 2014. REUTERS/Harrison McClary

By Andrew Chung

WASHINGTON (Reuters) – More than a dozen high technology companies and the biggest wireless operator in the United States, Verizon Communications Inc <VZ.N>, have called on the U.S. Supreme Court to make it harder for government officials to access individuals’ sensitive cellphone data.

The companies filed a 44-page brief with the court on Monday night in a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cellphone user’s whereabouts.

Signed by some of Silicon Valley’s biggest names, including Apple <AAPL.O>, Facebook <FB.O>, Twitter <TWTR.N>, Snap <SNAP.N> and Alphabet’s <GOOGL.O> Google, the brief said that as individuals’ data is increasingly collected through digital devices, greater privacy protections are needed under the law.

“That users rely on technology companies to process their data for limited purposes does not mean that they expect their intimate data to be monitored by the government without a warrant,” the brief said.

The justices agreed last June to hear the appeal by Timothy Carpenter, who was convicted in 2013 in a series of armed robberies of Radio Shack and T-Mobile stores in Ohio and Michigan.

Federal prosecutors helped place him near several of the robberies using “cell site location information” obtained from his wireless carrier.

Carpenter claims that without a warrant from a court, such data amounts to an unreasonable search and seizure under the U.S. Constitution’s Fourth Amendment. But last year a federal appeals court upheld his convictions, finding that no warrant was required.

Carpenter’s case will be argued before the court some time after its new term begins in October.

The case comes amid growing scrutiny of the surveillance practices of U.S. law enforcement and intelligence agencies and concern among lawmakers across the political spectrum about civil liberties and police evading warrant requirements.

Nathan Freed Wessler, an attorney with the American Civil Liberties Union who is representing Carpenter, said the companies’ brief represented a “robust defense of their customers’ privacy rights in the digital age.”

Verizon’s participation in the brief was important, he added, given that it receives, like other wireless carriers, thousands of requests for cellphone location records every year from law enforcement. The requests are routinely granted.

Civil liberties lawyers have said police need “probable cause,” and therefore a warrant, to avoid constitutionally unreasonable searches.

The companies said in their brief the Supreme Court should clarify that when it comes to digital data that can reveal personal information, people should not lose protections against government intrusion “simply by choosing to use those technologies.”

(Reporting by Andrew Chung; Editing by Chizu Nomiyama)