Politics: Weighing security against liberties
SAN FRANCISCO--Earlier this year, a few California scuba divers found out just how far the long arm of the law can reach since Sept. 11.
Federal agents concerned about scuba-related terrorist plans requested the entire database of the Professional Association of Diving Instructors. Unbeknownst to most of its members, the organization voluntarily handed over a list of more than 100,000 certified divers worldwide, explaining later that it wanted to avoid an FBI subpoena that would have required far more information to be disclosed.
Cindy Cohn, an attorney with the Electronic Frontier Foundation and a diver listed in the database, was livid after learning of the incident. Such concerns resonate with particular volume in this liberal city where the EFF is based, which has a long history of protesting government intrusion.
"You participated in creating an FBI file on me and all the rest of your customers, loyal Americans who have done nothing wrong and who now face the process of increased surveillance by virtue of the fact that we did business with you," Cohn wrote in a letter to the Southern California-based divers association.
Since Sept. 11,containing information on tens of thousands of ordinary people have found their way into the hands of federal investigators hungry for any scraps of data that might serve as leads in . Grocery shopping lists, travel records and information from other, more public databases have all been caught in the government's antiterrorism net.
In this security-conscious climate, it seems that no activity is off limits to--and with good cause, many would say. After all, no one predicted that flight school students would bring down the World Trade Center towers, and few would advocate withholding information that could prevent another terrorist attack. that many people are willing to tolerate increased surveillance, higher encryption standards and other measures for the sake of security.
But civil libertarians worry that the increased investigative powers granted since the attacks, and people's eagerness to comply with them, have needlessly entangled innocent citizens and threaten to undermine constitutional rights toand . Even without explicit limitations, some say that fear of reprisal may have a on public behavior.
Either way, those on all sides of the issue agree that the country has undergoneboth psychological and practical, perhaps as subtle as a reluctance to visit an Islamic Web site or as obvious as federal legislation seeking broader online surveillance by law enforcement authorities. While civil libertarians decry the changes, however, their warnings aren't being widely embraced.
"People pretty readily let go of privacy concerns as soon as security is involved," said Jonathan Zittrain, co-director of Harvard University Law School's Berkman Center for Internet and Society. "To the extent that the concern about privacy is a concern about abuse of information by the government...what is the greater threat, terrorism or a government run amok? People are generally going to say terrorism."
Ironically, despite its libertarian roots, the Internet has arguably hastened that shift. Given the proliferation of log files and massive customer databases, combined with easy access to controversial sites and other information, the Net has accelerated the debate over electronic information and terrorism.
Perhaps most worrisome to Arab Americans and privacy advocates, the FBI has proposed easing 1970s-era restrictions that prevent them from spying on people based solely on political activities. Under the, agents would be able to mine publicly available databases even if they aren't conducting a specific investigation, carrying out what civil liberties activists worry would be a digital fishing expedition producing nothing but massive amounts of irrelevant data.
Information on exactly what databases have been tapped is scarce, but some instances have come to light:
An informal poll conducted by the Boston Globe and the Privacy Council consultancy found that 64 percent of travel-related and transportation companies had given federal investigators access to customer or employee data after Sept. 11. Only 14 percent of those companies informed customers of their actions.
Privacy Council CEO Larry Poneman said in a recent interview that an unnamed supermarket chain had given shopping club card records to federal investigators.
Lexis/Nexis, the massive database containing news articles, legal filings and public records of all kinds, says it is working more closely with law enforcement on several fronts since last September, including "authentication" of individuals' identity.
Civil libertarians complain that federal authorities are giving little to no indication of how this information is being used. A recent attempt by several congressmen to obtain a report on how the new legal tools were being used in investigations was rebuffed by the Justice Department, which asked for more time to answer their detailed questions.
"It's very important that that information be disclosed," said David Sobel, general counsel of the Electronic Privacy Information Center, a group that helped bring the FBI's use of Net monitoring tools to light for the first time with its Freedom of Information Act requests.
EPIC, along with the American Civil Liberties Union and the American Booksellers Foundation for Free Expression, filed on Aug. 21 its own Freedom of Information Act request for details on how Patriot Act powers are being used.
"There aren't yet any answers," Sobel said.
Nor is it clear what online behavior might be considered suspicious--and some believe that, and organizations may take unduly severe actions in erring on the side of caution. network managers, for example, could arbitrarily restrict certain communication or access to some Web sites, just as they often block pornography or filter e-mail that contains obscenities.
More spying or same as it ever was?
The American Civil Liberties Union called it a far-reaching law thatprivacy and judicial oversight. Many of the nation's largest newspapers editorialized against the measure as reactionary.
Nine months later, however, many judicial experts are playing down initial fears over the legislation's severity. A law review article scheduled for publication early next year by former Justice Department attorney Orrin Kerr provides one of the first detailed analyses of the so-called Patriot Act that compares it to previous investigative practices.
"The law is a lot more balanced than people thought," Kerr said, adding that it does little to change the way authorities do their jobs. "The government ended up introducing a law that didn't really take any major steps."
At its core, the Patriot Act explicitly spells out new rules under which authorities can monitor online communications such as e-mail or Web surfing. As was the case with wiretapping or other surveillance, agents must get judicial permission to obtain more information.
Under the law, authorities can obtain information such as where e-mail was sent or originated, and at what time. Roughly analogous to reading an envelope but not the letter inside, this means no court order is needed. If agents want to monitor an Internet service account to determine when messages are sent, they need a judge's permission but with relatively little justification.
If agents seek the contents of a missive, which would include such elements as the body and subject line of an e-mail, they would need a court order requiring a much higher level of justification, legal experts say. Although new, these laws mirror previously secret court decisions on FBI attempts to install high-tech spying equipment, according to Kerr and lawyers representing ISPs.
are reluctant to discuss surveillance details, citing national security concerns. But they do say that surveillance requests have increased since last September, though their extent is difficult to gauge.
"There has been some upswing, but it's not very significant," said Mike Harrad, a spokesman for Road Runner, Time Warner's cable Net service. "The view here is that the increase in requests has probably more to do with the more vigilant approach taken by enforcement agencies in the post-9/11 world than it has to do with the Patriot Act per se."
Others are more concerned. "In some instances, law enforcement is being aggressive in interpreting USA Patriot to go beyond what was intended," says Stewart Baker, a Washington attorney who represents ISPs.
Baker and other ISP sources say some law enforcement agents make requests for records of subscribers' past communications--for which no court order is needed--so frequently that it has nearly amounted to real-time information. For instance, agencies might request information about a subscriber several times a day or more, instead of seeking a week's worth of log files.
Authorities hitting the books
What's more, the process is now secret. The court that approves these searches holds closed sessions, and librarians face prosecution if they disclose information about the inquiry to anyone, including the subject of the investigation.
For years, many libraries have had electronic systems that delete checkout records after a few weeks. But information about people who have books checked out and those who owe fines are kept in the database until they return the books or pay the fees.
Of 1,026 libraries surveyed by the American Library Association earlier this year, 85--or 8.3 percent--had received Sept. 11-related requests for records from government agents.
"If you use libraries, whatever you take out is information that could be demanded by the FBI," ALA President Mitch Freedman said. "The library user is just one small person who's been impacted by this dramatic expansion of investigative powers."
The FBI and other law enforcement organizations declined to comment on any details regarding terrorism-related investigations. But comments made by officials in public have heightened concerns among civil liberties groups.
On a recent trip to San Francisco, John Frazzini, a special agent with the Electronic Crimes Branch of the Secret Service, pleaded with companies to cooperate more fully in online investigations and report break-ins. He also warned of new crackdowns on hackers.
"If you're a U.S. citizen and you're breaking into computer networks, not only are you criminal but I think you're unpatriotic," he said.
Although they do not know of any prosecutions based on post-Sept. 11 changes, defense attorneys say they are already seeing their effects in other ways. Jennifer Granick, a defense attorney and director for Stanford University's Center for Internet and Society, said she and her colleagues have noticed that judges and juries are far more wary of hackers than they have been in years and are enforcing existing laws more actively.
"They hear you're a hacker, and in this post-9/11 climate, they just get," Granick said, adding that technologists and hackers who point out legitimate security concerns risk getting caught in law enforcement's new web.
She points to a case in Los Angeles, in which a man faced criminal charges after posting information on a Web site that pointed out insecurities in some e-mail software and offered a repair. The man was convicted under a federal computer break-in law and is awaiting sentencing.
"We are dismantling the checks and balances and basically letting government have a free-for-all," Granick said. "It may get uglier before it gets better."