back to article Now there's nothing stopping the PATRIOT Act allowing the FBI to slurp web-browsing histories without a warrant

An amendment that would require the FBI get a warrant before they access Americans’ web-browsing history failed to pass by a single vote in the US Senate on Wednesday. The bi-partisan push to install the privacy protection mechanism was led by Senators Ron Wyden (D-OR) and Steve Daines (R-MT), and came following the news a …

  1. Maelstorm Bronze badge
    Flame

    This just goes to show...

    This just goes to show that our government (U.S.A.) is more dysfunctional that that of the U.K. This is a toe know to the FBI, and with the NSA's help, to expand warrantless surveillance of the American people. These people should be ashamed of themselves for violating our civil rights. It's bad enough that the corporations do it.

    1. IGotOut Silver badge

      Re: This just goes to show...

      Don't worry, I'm sure we'll catch up. At the moment though, we're still catching up with the Chinese on facial recognition monitoring, so give us some time.

  2. Anonymous Coward
    Anonymous Coward

    Everyone should be using a VPN.

    1. Anonymous Coward
      Anonymous Coward

      Doesn't do much good with the mandatory ME and PSP snooping in on you on nearly all PCs and laptops (save a few exotic ones like RISC-V or Power), and the cell modem for every mobile. A false sense of security is worse than no security, at least the feeling of (digital) nakedness with no security tends to invoke a second thought before criticizing the government etc. (chilling effects).

      ...and if you're dumb enough to think a VPN does anything useful when using Windows 10, you should just accept your new overlords and not even try!

      1. Maelstorm Bronze badge

        At least the machine that I have doesn't have a back door in the CPU. Still though, nobody really knows what is really in the CPUs of these newer machines except the CPU manufacturers themselves. Even then, the different groups of computer engineers don't really talk to each other. These capabilities have been marketed as a system management ability. So the intent is that if you have commodity hardware in a data center, you can remote manage the machine even if it's powered off. I have a Sun Server here which has that capability. I can turn the machine on and off by connecting to the ALOM and giving it commands.

    2. IGotOut Silver badge

      And your VPN logs?

      Ah you presume the VPN company is who they say they are?

      "We don't keep logs". No but maybe they are siphoned off to another place first

      See plenty of ways around that.

      1. Doctor Syntax Silver badge

        If the VPN is run by a 3rd party company what does the P stand for?

    3. Cynic_999

      VPNs keep logs. Rather use TOR. Except then you will be automatically suspected of being a pedoterrorist.

    4. Mike 16

      VPN?

      I am usually dubious about anything on Medium, but you might want to do a web search for

      NordVPN Disney

      Among the folks singing the praises of being able to avoid the geoblocks is a disturbing Medium article about how they might be able to do this by using your computer as an exit node (if you live in a non-blocked area), without your consent or knowledge.

      Again, I do _NOT_ endorse this position. I have no idea of its veracity. It does raise some questions. And it just might be more serious to have someone browsing kiddie porn or Jihadist beheading videos than Little Mermaid.

      1. ThinkingMonkey

        Re: VPN?

        You lump together child porn and beheading videos? Though I'm nobody's judge, you seem to really hate videos of beheadings. They're horrific, yes, but child porn level horrific?

        1. Mike 16

          Re: VPN?

          It doesn't matter what _I_ find horrific. In the U.S. today, if some plod thinks you _might_ have viewed either (based on "your" VPN provider using your computer as an exit node for someone else), you are in for a world of hurt. I chose those examples because they frequently come up in court cases.

          In some cases, viewing Disney I.P. is sufficient to at least make your life suck for a while, and that is the purported _point_ (per the article, I have no direct knowledge) of this process.

          Again:

          1) I have no idea if the accusations in the article are true, although in this day and age they are plausible.

          2) The offensiveness of any content is determined by the legal system, as the owner of the computer involved almost certainly was unaware it was ever viewed, let alone view it themselves.

    5. DerekCurrie
      Facepalm

      VPNs can be rock solid useful, but...

      But there are fake VPNs, government corrupted VPNs, and liar VPNs amidst the crowd.

      PureVPN is an example of a liar VPN. They said thet didn't keep logs of user data. Except they do and they turned that data over to the FBI upon request.

      Any VPN within the Five Eyes nations is obliged to turn over user data, if they keep any, upon request. Five Eyes consists of the USA, UK, Australia, Canada and New Zealand. Recently Five Eyes has been expanding. The last I heard, there are 14 Eyes nations. Be wary.

      There are nations that have no data sharing treaties with other nations. Research the current situation and use VPNs from nations not cooperating with world surveillance of the Internet.

      Then there's China. Any and every VPN in China must legally fork over all user data, which by law must be kept, upon government request. As such, don't use Chinese VPNs, including those in Hong Kong and Taiwan, sad to say.

  3. LeoP

    Land of the free

    For which definition of free?

    Please Mr. Trump: Build a wall. A big wall. Not only to the south, but all around. Keep that lunacy in.

    1. veti Silver badge

      Re: Land of the free

      Could happen. I can foresee a world, pretty soon now, where countries are divided in two groups: those that try to control and contain Covid-19, and those that rely on "herd immunity" and don't even try to trace cases. There will need to be very tight controls on traffic between the two groups.

      I think most of Europe will eventually scrape into group 1, and the US will clearly dominate group 2.

      That would actually fulfil Trump's dream of "a wall" with the foreigners paying for it. #MAGA!

      1. Doctor Syntax Silver badge

        Re: Land of the free

        With who paying for it?

        1. Claverhouse Silver badge

          Re: Land of the free

          Mexicans.

      2. Lars Silver badge
        Coat

        Re: Land of the free

        Everything will depend on the vaccine(s), on when and how effective it is or they are.

        1. teknopaul

          Re: Land of the free

          Thats coming. Right after the cure for the common cold.

  4. man_iii

    Illegal.is relative.

    When a Senator abstains to vote, I think it may have to do with his/her stand on the issue. By supporting or opposing a law that is essentially illegal but modified with conditions won't stop the making of everything wrong into a legal justification.

    So something like disaster relief or emergency funding with tacked on riders siphoning funds means you may not get the ability to fight this kind of corruption. Better not to participate and get your own type of bill pushed into place rather than get dragged into the mud.

    Tulsi gabbard failed her duty and job as a Senator when she voted 'present' because the job is to vote up or down and not "I don't know" while Bernie or anyone abstaining to vote an essentially unconstitutional law do not fail to do their job by not supporting 'conditions' for it.

    Impeachment Yes/No was a job requirement and in the constitution. Passing surveillance laws is not.

    1. Uncle Slacky Silver badge
      Big Brother

      Re: Illegal.is relative.

      It's also worth noting that Joe Biden was the author of what eventually became the PATRIOT Act:

      https://en.wikipedia.org/wiki/Omnibus_Counterterrorism_Act_of_1995

      https://newspunch.com/joe-biden-admits-he-wrote-the-patriot-act-in-1995/

    2. jelabarre59

      Re: Illegal.is relative.

      Well, maybe the congresscritters voted against the amendment because they just wanted to repeal the "PATRIOT" Act altogether? Right folks? Please?

      Don't you just love how our Federal and State governments like to use their "NewSpeak" names for laws that do the complete opposite of what the name says? You know, "PATRIOT Act", "SAFE Act", etc.

      1. Ken Hagan Gold badge

        Re: Illegal.is relative.

        They copied that off the German Democratic Republic, or the People's Republic of China, or ... well, you get the idea. US politicians are all bloody commies at heart when you get down to it, especially the red ones.

    3. JK63

      Re: Illegal.is relative.

      Tulsi Gabbard is a member of the House of Representatives, how did she even manage to vote in the Senate? See, election fraud is rampant!

  5. Khaptain Silver badge

    1st Amendement

    "The First Amendment guarantees freedoms concerning religion, expression, assembly, and the right to petition. It forbids Congress from both promoting one religion over others and also restricting an individual’s religious practices. It guarantees freedom of expression by prohibiting Congress from restricting the press or the rights of individuals to speak freely. It also guarantees the right of citizens to assemble peaceably and to petition their government. "

    It is unfortunate that those who wrote these laws had no idea that they would last for such a short time...

    You can obviously speak freely, you just can't do it on your own terms.

    1. Uncle Slacky Silver badge
      Headmaster

      Re: 1st Amendement

      The 1st amendment didn't last long at all - in fact, only until 1798. From:

      https://en.wikipedia.org/wiki/Alien_and_Sedition_Acts

      "...criminalized making false statements that were critical of the federal government (Sedition Act of 1798)"

      1. Anonymous Coward
        Anonymous Coward

        Re: 1st Amendement

        The First Amendment never protected anyone about false and misleading statement aimed at causing damage to someone.

        1. JCitizen
          FAIL

          Re: 1st Amendement

          Pretty much like yelling fire in a crowded theater - the 1st Amendment does have its limits.

          1. Graham Cobb Silver badge

            Re: 1st Amendement

            yelling fire in a crowded theater

            You are mistaken. Not only have you omitted the word "falsely" from the test, it was later overturned. See https://en.wikipedia.org/wiki/Shouting_fire_in_a_crowded_theater

            In particular:

            ...partially overturned by Brandenburg v. Ohio in 1969, which limited the scope of banned speech to that which would be directed to and likely to incite imminent lawless action (e.g. a riot). [my emphasis]

  6. Anonymous Coward
    Anonymous Coward

    One Nation

    Under Surveillance.

    1. seven of five

      Re: One Nation

      Well, they do say god sees all...

  7. Anonymous Coward
    Anonymous Coward

    Please... can some TLA

    use this to get the Tax Records of Donald 'I know everything that there is to know about COVID-19' Trump and accidentally (on purpose) make them public?

    Apparently no search warrant is needed now...

    Do that and I'm sure the law will be changed.

    1. ThinkingMonkey

      Re: Please... can some TLA

      Will someone PLEASE dox Trump's tax records before these people's heads literally explode? You know how he gets the opposition to want something they never even realized they wanted? By saying he's not going to reveal it.

  8. Anonymous Coward
    Anonymous Coward

    DNS-over-HTTPS will take care of that

    No, it won't. FBI & C. will simply ask the DoH provider to deliver the data. Nor VPNs will help when the browser or OS itself slurp the data and send them to Microsoft, Google & C.

    Encryption is useless when you can't trust the other endpoint.

    Also, interesting to see a Democratic senator from Washington State NOT voting against that.

    1. teknopaul

      Re: DNS-over-HTTPS will take care of that

      DoH centralises the data, and removes caching, so every lookup is tied to an ip address.

      It is the most crazy privacy fail.

    2. diodesign (Written by Reg staff) Silver badge

      "No it won't"

      Sigh. I knew if we didn't mention HTTPS and DNS-over-HTTPS, we'll get moaned at, and if we do include HTTPS and DoH, we'll get moaned at.

      Sure, if you use Cloudflare or Google for DoH, the Feds can request it. That's obvious. But then someone will say they're using DoH through their custom VPS in Laos over Tor, so nerr-nerr. That's why the article said tunneling and DoH would work "to some degree."

      There was a whole part at the end discussing the situation but it started to feel like an article within an article so I cut it. I've added a summary for those who need to know what "to some degree" means.

      C.

      1. Anonymous Coward
        Anonymous Coward

        Re: "No it won't"

        The problem is the defense can't be technical, can be only legal. There's no way to protect your privacy and freedom as long as the law itself does not protect it. Maybe a wholly decentralized system would make much harder to gather those data when heavily encrypted, but the direction instead is towards a heavy centralization - few services handling most of the user data, most systems in a (relatively) few datacenters controlled by a few companies, most US based - so CLOUD Act subjects - and the competitors being Chinese.

      2. mmccul

        Re: "No it won't"

        HTTPS does not encrypt the SNI at this time, so a network snoop will still know where you are going.

        Stop pushing DNS over HTTPS (a privacy nightmare as others have pointed out) and realize it is actually the worst designed of the options. Literally, DoH results in lower privacy than no encryption at all, because a third party that would never have seen who you are visiting now gets that information in a nice pat log. As I keep reminding people, your ISP knows where you go just from the network traffic -- if they care so much. With that and SNI, they don't need your DNS except for pushing ads.

  9. Anonymous Coward
    Anonymous Coward

    Really?

    @LDS

    Quote: "Encryption is useless when you can't trust the other endpoint."

    *

    Really? Then why are two (of three) Beale papers still secret after more than a hundred years?

    *

    And then there's private ciphers....I know, I know....weak, not to be trusted. So...publish the plain text of the attached, if it's all that easy (and "useless" too)!

    *

    1K6S0JAr16fV0AcM0zg50xx71fXW1MYO0s6g0VlK

    1OMP1BrH0BF21QrJ1RBh0KEl0bdk0cgn0ckj0c=e

    1Mtx0F4F1e5U076W0Lkq0dXj1Hgs00zp0Ccx0URz

    1DdU0lRh103Q1Xgp03LB0EZC1kdu0Yzh1XgQ1bhB

    0MFw1Mr01A0207Si0zKX1QXc1Zdd0X5X0xRZ015X

    0QD50fFC1hak0C6G1kkx0b0P02Dh0hER1lNT0H0K

    1GSE0kK=0GEv0BTk1XoZ1GhI1Hwv1mNw1bqt0ZF7

    0VDX0JHL1QOz1Ab816Ba

    *

    1. Steve Todd

      Re: Really?

      I don’t think you’ve understood what is meant by “trusting the other endpoint”. Yes, it is hard to impossible to decrypt the message without knowing the cypher key. Once it is decrypted however it becomes vulnerable to theft, and if the recipient has a leaky system then you’ve lost all protection.

      1. Anonymous Coward
        Anonymous Coward

        Re: Really?

        @Steve_Todd

        1. Problem with "endpoint". Do the spooks know who is reading the cipher text in El Reg? Do the spooks know who sent the cipher message? So....about those "endpoints"?

        2. Given item #1, perhaps "useless" needs a bit more explanation for someone who hasn't "understood".

        *

        Or perhaps you are trying (elliptically) to imply that the spooks have access to every "endpoint" in the universe. I think we should be told!

        1. Anonymous Coward
          Anonymous Coward

          Re: Really?

          For tracking web histories, end points are known. It's the DNS queries, HTTP traffic, web browsers and the OS themselves. Encryption means Eve can't know the message as long as Alice and Bob themselves don't tell her, and Eve has no way to force them. It's clear that if Eve can seduce, bribe, jail or torture Bob, the best encryption and strongest key is useless.

          If Cloudflare has your DoH queries - it needs the plaintext to resolve the address - and the the FBI has the power to ask those data, DoH is useless to protect you from this specific threat.

          Your provider will still see what IP you access even if the traffic payload is protected by HTTPS and the DNS query by DoH (it can't tamper with the DNS query, though).

          A VPN would solve it (as long as the FBI can't ask them too), but if your Chrome browser sends your whole browsing history to Google for profiling, any VPN encryption is useless. When Windows 10 does the same, any VPN is again useless. What about Android? What about all the beacons in a web page, i.e. from Facebook? Can you trust your endpoint, and the remote one?

          Maybe the spooks don't have access to any endpoint, but Google & C. often does. The spook just need to ask them. You need to be really paranoid and competent to browse without being tracked.

          1. Palpy

            Re: Paranoid and competent

            Paranoid? It's not paranoia if they really are out to get you, as the saying goes. Competent, well, as I mention way down the thread, anonymous Linux tools -- TAILS, TENS, Kodachi, a host of "pentest" systems like Kali and Parrot -- have become much easier to use than they were even five years ago. TOR seems faster now, and the privacy-oriented VPNs seem more reliable too.

            But you're right, IMHO, in that Windows 10 is insecure by design. Stock Android too, though I haven't explored the successor to ParanoidAndroid (I am doubtful).

            Of course, if a nation-state really, really wants to own you, it will. Full stop. If the nation-state lusting after your a** is the one you live in, you're sunk. If it is a foreign power, they may find it harder to use physical means -- breaking and entering to install discreet hardware, for example.

            And yes, Intel and AMD chipsets have intrinsic vulnerabilities which potentially defeat any OS-based security. Probably ARM chipsets too, though I haven't researched that.

            So for me, the thing is: If you want to minimize surveillance, you do the best you can. Run an amnesiac OS from a thumb drive, use TOR Dns or DNSCrypt, use TOR itself, use a security-oriented VPN, use browser privacy tools (Privacy Badger, Ghostery, CanvasBlocker, and so forth -- too many to list). As it turns out, it doesn't take as much competence as it would seem, because the tools have gotten so much easier to use. Of course, the opposition -- the A-hole Team -- have upped their game as well, I'm sure.

            Your mileage will vary.

  10. Mike 137 Silver badge

    So much for Privacy Shield

    Bad for Europe, but of course once the UK becomes a third country there's be nothing to lose anyway (except your browsing history). We may have the "UK GDPR", but Privacy Shield is external to the Regulation and is negotiated between Europe and the USA, so unless some very creative machinations are negotiated the UK will not be party to it.

  11. Anonymous Coward
    Anonymous Coward

    Welcome to the world

    The protections they are removing are ones only granted to US citizens, there is no limit outside the USA either. It's all backdoored kit and none of it can be trusted outside the US, you have zero protections offered by the Patriot act. The ones they're stripping are not really there either, they can always get a FISA warrant.

    Your best bet is to pick the least dangerous surveillance tech and go with that. So I'm very very happy to have a Huawei device without the US spyware on it, and only the Chinese spyware on it. To me that is one less set of spyware.

    Betcha the people who Barr watches are mainly FBI staff themselves. He fears the people under him. Too many of them want to follow the law, and he doesn't follow the law, and it leads to a paranoid suspicion of the people under him.

    1. genghis_uk

      Re: Welcome to the world

      Except the FBI have been audited and have never once actually asked for a FISA warrant. They have just been snooping the NSA database for data on US citizens, whenever they want, without one.

      Someone really needs to bring the FBI under some sort of control but good luck getting anyone to do it

      1. DerekCurrie
        Angel

        Re: Welcome to the world

        The FBI have been known to have their own man-in-the-middle surveillance hubs on the Internet within the USA for at least a decade. They don't have to rely on the NSA's data, seeing as they are known to have their own.

        And yes, collection of such data without a warrant is unconstitutional.

        Another source of data is every ISP (Internet Service Provider) in the USA. The Congress Republicans shoved through what is called S.J.R. 34 in 2017 that allows all ISPs to collect customer Internet use data to be saved and even SOLD by the ISP. Of course the anti-constitutional surveillance skunks love it.

        S.J.Res. 34 – Disapproving the Federal Communications Commission’s Rule on Privacy of Customers of Broadband Services

        Surveil me. I'm an actual patriot.

      2. genghis_uk

        Re: Welcome to the world

        Probably a bit late to address the thumb down but don't trust me...

        FBI violating US citizens rights by using the NSA's section 702 collection without a warrant:

        https://www.justsecurity.org/69972/odnis-2019-statistical-transparency-report-the-fbi-violates-fisaagain/

        https://www.techdirt.com/articles/20200510/20112544471/national-intelligence-report-shows-fbi-never-gets-warrants-backdoor-searches-nsa-collections.shtml

        These both link to the original report by the Office of the Director of National Intelligence

  12. This post has been deleted by its author

  13. herman
    Devil

    Underground Railroad

    Fortunately the underground railroad to Canada still runs - Oh, they closed the border - Sorry.

  14. Grinning Bandicoot

    Taking names down and checking twice

    Let us rouse some suspicion as a test. We'll sent portions of the Voynich Codex amongst us while covertly having an eye out for stranger than normal governmental activities and if these activities start concentrating on long rumored places, we should have a reasonable expectation that we are the usual suspects. Now for us in the USA will get millions by sending portions of the Beale Code and have FBI decode it while we file a Freedom of Information request for our records.

    Now for reality: the found information after a period of time seeps into public records and therefore becomes open under Freedom of Information. And to answer another question that which is redacted and the context tells you where to look; think of Philip Nolan and how he filled his map. We must never forget Juvenal either

    Qui Custodiet Ipsos Custodos

  15. DerekCurrie
    FAIL

    The Fourth and Fifth Amendments makes such data illegal in court

    I'm sick of posting the Fourth and Fifth Amendments. So please look them up yourselves. What they provide is PRIVACY that cannot be taken away from any citizen without a legal court order, and if that doesn't provide the data, then any citizen can refuse to offer up any further data on the grounds that it may incriminate them.

    What's going on is the generation of piles of lawsuits over the constitutionality of this infernal nonsense.

    "...the more controversial aspects of spying laws introduced after the September 11, 2001 attacks..." <-- And we now clearly know that 9/11 was a federally enabled event on many levels. That the PATRIOT act was created in response to that act of treason is sick and demented.

    Known facts of 9/11 so far: Architects and Engineers for 9/11 Truth

    Surveil me. I'm an actual patriot.

  16. Palpy

    Sooner or later,

    configs like VPN+TOR+DNSCrypt run from a thumb drive without persistent memory will be made illegal in the USA, I suppose. Though that may be hard to enforce. Meanwhile, in the years I've been fiddling with them, distros like TAILS and Kodachi have gotten much, much easier to set up and use. I'm posting this from Kodachi Linux, which IMHO comes with more preconfigured options than others.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon