On May 14, the Senate reauthorized the USA Freedom Act(ventana nueva), which extends the expansive domestic surveillance powers contained in the Patriot Act.
The original Freedom Act had expired in March. Now that it has been reauthorized, it grants the FBI (and other law enforcement agencies) broad warrantless access to sensitive personal information, including Internet browsing and search history, for national security investigations.
This law restarts a massive domestic surveillance program that the US government can use to spy on its citizens with little oversight. This is a clear violation of the right to privacy.
Many articles have been written recently about this news, but few have analyzed the actual powers the legislation grants to surveillance agencies and what regular citizens can do to prevent their activities from being monitored. Here we break down what is happening, what you can do to protect your privacy, and how Proton products are designed to resist this type of intrusion.
What the Patriot Act means?
The reauthorized version of the Freedom Act is a continuation of the vast surveillance program that began under the Patriot Act. The original Patriot Act permitted the untargeted, bulk collection of a wide range of documents, records, and other kinds of personal data. The Patriot Act (specifically Section 215(ventana nueva)) allowed the collection of “…tangible things (including books, records, papers, documents, and other items) for an investigation to obtain foreign intelligence information.” This was the section that permitted the untargeted bulk data collection of phone call metadata that Snowden revealed(ventana nueva) in his 2013 whistleblower leaks.
The Freedom Act, which was signed in 2015 in response to the Snowden revelations, was designed to curtail some of the most flagrant abuses of the Patriot Act. It prohibits dragnet bulk data collection and introduces public advocates to FISA court(ventana nueva) proceedings who can argue against the proposed surveillance of individuals. (The FISA court, or Foreign Intelligence Service courts, oversees surveillance requests. Its proceedings are usually confidential.) However, Section 215 is still in force, which means that if the investigation pertains to national security, authorities can access vast amounts of your personal data, including your Internet browsing and search history.
The only check on the government’s surveillance powers is the supervision of the FISA court. This is a significantly lower threshold than a warrant. On May 13, the Senate rejected an amendment introduced by Senators Ron Wyden and Steve Daines that would have required authorities to get a warrant(ventana nueva) before they access your Internet browsing and search history. The final bill the Senate passed does contain an amendment(ventana nueva) (proposed by Senators Patrick Leahy and Mike Lee) that expands the role that outside legal experts can play in offering advice to the FISA court.
Still, Section 215 and the FISA courts represent grave threats to citizens’ privacy. They are also ineffective. One of the government’s own oversight boards found that information gathered under Section 215 has only led to one actionable lead(ventana nueva) in four years, and another study found that FISA courts have “widespread problems(ventana nueva).”
The system is clearly broken.
How does this affect Proton?
As a Swiss company, we are not subject to US law. Any requests from US law enforcement must be reviewed and approved by the proper Swiss authorities before we can comply.
If the Swiss authorities do approve such a request, we must share the data they have requested. Because Proton Mail uses end-to-end encryption(ventana nueva) and zero-access encryption(ventana nueva), we cannot access your messages, and because Proton VPN has a strict no-logs policy(ventana nueva), we have very little information to share. Proton also minimizes the amount of data we require to set up an account, and we allow users to make privacy-friendly payments via Bitcoin(ventana nueva) or cash.
Detailed information is available in our privacy policy for Proton Mail(ventana nueva) and Proton VPN(ventana nueva).
US authorities could try to coerce the data centers that run our US VPN servers to give them access. However, because we do not keep logs of user activity, there is virtually no information on these servers that authorities could use. Still, we have implemented full-disk encryption(ventana nueva) on all our VPN servers, which secures all the software and configurations on them. This prevents the authorities from being able to steal servers’ certificates and redirect user traffic to servers they control.
Those that have additional privacy concerns can also connect to servers in the US via Secure Core(ventana nueva), which routes your Internet traffic through a hardened server before sending it on to one of our VPN servers in the US. By routing your traffic through two VPN servers, you make it harder for authorities to match your online activity to your IP address.
How you can protect your privacy
There are practical steps you can take to prevent your data from being swept up in the US (or any other) government’s unwarranted surveillance, but first, you must understand who the government can collect what data from. Under Section 215, law enforcement authorities can go to your Internet service provider (ISP) and compel them to share your browsing history.
What your ISP can see depends on what precautions you take. If you visit an HTTP website (one that does not use transport layer security(ventana nueva)), your ISP will be able to see pretty much everything you do on that site. However, now that most Internet traffic is HTTPS-encrypted, your ISP’s view of your browsing is limited. If you visit a site that uses HTTPS, your ISP will only be able to see the DNS name and the IP address of the site you are on.
Example: You are reading this blog post at https://vpn.protonblog.tech/blog/patriot-act-surveillance. Because our website is HTTPS-encrypted, your ISP only sees that you are visiting https://protonvpn.com.
However, if you do not protect your DNS requests (e.g., by using DNS over HTTPS), your ISP will be able to figure out which pages you visited.
The easiest way to prevent Freedom Act surveillance is with a VPN
To protect your browsing history, use a trustworthy VPN(ventana nueva) service like Proton VPN. When you connect to Proton VPN, the only thing your ISP sees is that you are connected to one of our VPN servers. They cannot see what websites you visit while you are connected. We also encrypt your DNS requests(ventana nueva) so that no one can use them to figure out which sites you visited.
Authorities can also try to access personal data from services that track your online activity. These companies closely follow your browsing history by adding various trackers and beacons to the websites you visit. They use this information to show you targeted ads. While Google is the most prominent actor, it is not the only one. There are also many shady marketing companies that maintain massive databases and sell your data to third parties. Two good defenses against advertising cookies and trackers are the Privacy Badger(ventana nueva) (developed by the Electronic Frontier Foundation) and uBlock Origin(ventana nueva) tracker-blocking browser extensions. Together, these will block the majority of advertisers trying to track your browsing. (You can also turn on your browser’s Do Not Track option(ventana nueva).) You should also use your browser’s Incognito Mode/Private Window(ventana nueva) feature. Your browser will forget the websites you visited and delete the cookies you accumulated once you close it if you use one of these private sessions.
To prevent authorities from accessing your search history, you should use a search engine that does not collect personal information, like duckduckgo.com(ventana nueva).
Another way you can protect your privacy online is to connect to the Tor network(ventana nueva) using the Tor browser.
To recap, if you want to protect your data, you should:
- Use a trustworthy VPN, like ProtonVPN(ventana nueva).
- Download Privacy Badger and uBlock Origin.
- Use the Incognito Mode/Private Window setting in your web browser.
- Use a privacy-focused search engine like DuckDuckGo.
- Or connect to the Tor network.
Privacy is a fundamental right
Renewing the Freedom Act without putting in place due process protections is a violation of the fundamental right to privacy. It enables the US government to spy on its citizens with little due process or oversight.
We understand the need for and support responsible law enforcement(ventana nueva). Citizens everywhere deserve to live in safety and security on and offline, which requires diligent law enforcement. But writing laws that violate basic human rights is not a solution. On the contrary, such laws tend to erode the rule of law and typically foster bad practices, such as corruption.
This continues a troubling trend of Western democratic countries passing laws that flagrantly violate their citizens’ privacy. The UK’s Investigatory Powers Act(ventana nueva), Australia’s Assistance and Access Bill(ventana nueva), and the EU’s proposal for gathering electronic evidence(ventana nueva) are all backward steps that undermine the right to privacy, which is fundamental to maintaining any democracy.
Because the Senate added an amendment to the law, it must go back to the House of Representatives for approval. If you are a US citizen, you should call or write to your state representative to tell them that you support both the Wyden-Daines(ventana nueva) and Leahy-Lee amendment(ventana nueva)s(ventana nueva) to H.R. 6172 – The USA FREEDOM Reauthorization Act of 2020.
While it is too late to prevent the reauthorization of the Freedom Act, if the House of Representatives adds the Wyden-Daines amendment to their version of the bill, it would force a second vote in the Senate. This means there is still a chance we can make authorities get a warrant before they access Internet browsing and search history. And the House needs to confirm the Leahy-Lee amendment to shed light into the FISA court process and let outside legal experts offer their assessments and advice.
In a way, the Patriot Act is responsible for the creation of Proton. After hearing the Snowden revelations, our founders were inspired to create a private email service(ventana nueva) that protects everyone’s communications. Now that the Patriot Act is being renewed, we are here to help our users protect their freedom and privacy.
Follow us on social media to stay up to date on the latest Proton VPN releases:
Twitter(ventana nueva) | Facebook(ventana nueva) | Reddit(ventana nueva) | Instagram(ventana nueva)
To get a free Proton Mail encrypted email account, visit: proton.me/mail(ventana nueva)
