CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Tech Industry

Is privacy making a comeback?

As the two-year anniversary of the Sept. 11 terror attacks approach, CNET News.com's Declan McCullagh finds signs that Congress thinks it went too far in favor of surveillance.

In the immediate aftermath of Sept. 11, 2001, the worry in Washington, D.C., was more about national security than about individual privacy.

A couple days after the terror attacks, the U.S. Senate voted to grant the Federal Bureau of Investigation sweeping Internet surveillance powers that in some cases would not require a judge's approval. Huge portions of that bill, self-importantly titled the Combating Terrorism Act, eventually became part of the even more grandly named law called the USA Patriot Act.

Soon after the law's enactment, Attorney General John Ashcroft began likening criticism of such dubious legislation to the treasonous offense of "aiding terrorists." Noted civil libertarians such as Alan Dershowitz began to suggest that entrepreneurial judges could issue "torture warrants" against suspected terrorists, while automated face-recognition cameras began popping up in airports, and politicians began scheming about how to ban encryption products without backdoors for government snoops.

Suffice to say that privacy was not exactly paramount in everyone's mind. But as the two-year anniversary of Sept. 11 approaches, there are signs that Congress realizes it went too far in allowing electronic surveillance and other invasions of personal privacy.

Consider some recent evidence:

• By a 309 to 118 vote last Tuesday, the U.S. House of Representatives approved legislation that would essentially block part of the USA Patriot Act that permitted police to seek a court order that let them surreptitiously enter a home or business. The amendment to the Commerce, Justice and State spending bill would not repeal the "secret search" law but instead would deny federal agencies any funds that could be used in order to take advantage of it.

• During the floor debate, Rep. C.L. "Butch" Otter, R-Idaho, the amendment's sponsor, offered this impassioned defense of liberty: "Sneak-and-peek searches give the government the power to repeatedly search a private residence without informing the residents that he or she is the target of an investigation. Not only does this provision allow the seizure of personal property and business records without notification, but it also opens the door to nationwide search warrants and allows the CIA and the NSA to operate domestically."

• Also last week, some House members tried to nix the part of the USA Patriot Act that handed the FBI broad powers to search library or bookstore records without the usual need for search warrants or judicial oversight. Offered by Rep. Bernard Sanders, I-Vt., the amendment was ruled to be out of order--but it enjoys the support of 129 members of Congress and advocacy groups like the American Booksellers Foundation for Free Expression.

Ashcroft and his aides at the U.S. Department of Justice are hardly delighted by this privacy backlash-backlash.
• On July 17, the U.S. Senate yanked funding for the Pentagon's creepy (TIA), which aims to weave together strands of data from various sources--such as travel, credit card, bank, electronic toll and driver's license databases--with the stated purpose of identifying terrorists before they strike. (Earlier, the Pentagon had responded to public outcry by changing the project's name to Terrorist Information Awareness.)

• Last Tuesday, at a meeting of a U.S. Department of Defense advisory committee, top intelligence officers said TIA wasn't really all that spectacular an idea, anyway. "They need to work on the underlying business model before it is implemented," said Maureen Baginski, the FBI's executive assistant director for intelligence, according to Federal Computer Week. Alan Wade, chief information officer at the CIA, warned that "the scope may be too big."

Ouch. And this is from the cadre of spooks who supposedly wanted TIA in the first place?

Ashcroft and his aides at the U.S. Department of Justice are hardly delighted by this privacy backlash-backlash. Not only are they intent on keeping the USA Patriot Act intact, but they're not happy at finding themselves suddenly on the defensive.

Secret searches
Last week, while touring Alaska, Ashcroft employed a venerable Washingtonian tactic: Blame the press. It was understandable that Americans are worried about privacy invasions, Ashcroft informed reporters, "but when the so-called invasion is one that's falsely reported and nonexistent, and they don't hear about the fact that it's falsely reported and nonexistent, it's not helpful."

On Friday, Ashcroft's deputy, Assistant Attorney General William Moschella, went even further. Moschella sent a letter to the speaker of the House warning that the "secret search" amendment would have a "devastating effect on the United States' ongoing efforts to detect and prevent terrorism, as well as to combat other serious crimes...The terrorist would likely destroy computer equipment containing information about which targets he plans to strike."

The letter, which urged the House to reconsider its decision, cited procedural irregularities, complaining that the House's vote was a "hasty" one.

The Justice Department didn't mention last week that it had been lobbying for the power to conduct "secret searches" for at least four years, long before the Sept. 11 attacks took place.
But you never saw the Justice Department demanding a careful, reasoned process when the USA Patriot Act was being rushed into law in October 2001. Rep. Barney Frank, D-Mass., said after that memorable vote: "What we have today is an outrageous procedure. A bill, drafted by a handful of people in secret, comes to us without a committee review and immune to amendment."

What the Justice Department also didn't mention last week is that it had been lobbying for the power to conduct "secret searches" for at least four years, long before the Sept. 11 attacks took place and terrorism became a convenient justification for it. As far back as 1999, the FBI had used a secret search warrant when installing a keystroke logger in the office computer of alleged mobster Nicodemo Scarfo. He had used Pretty Good Privacy (PGP) encryption software to encode confidential business data--but with the keystroke logger, the FBI was able to glean his pass phrase.

Because the legal status of such searches was in doubt, in mid-1999 the Justice Department proposed legislation that would let police obtain surreptitious warrants and "postpone" notifying the person whose property they entered for 30 days. After vocal objections from civil liberties groups, the administration backed away from the controversial bill. In the final draft of the Cyberspace Electronic Security Act submitted to Congress, the secret search portions had disappeared.

Then, in a January 2001 report on cybercrime, the Justice Department again stressed how useful such searches could be. "Sneak-and-peek searches may prove useful in searches for intangible computer data," the report said. "For example, agents executing a sneak-and-peek warrant to search a computer may be able to enter a business after hours, search the computer, and then exit the business without leaving any sign that the search occurred."

Next steps
It's unclear what will happen next. One possibility is that Americans honestly may be so fed up with privacy invasions that they demand that their elected representatives do something. The tremendous interest in the national do-not-call list supports that idea, as does the conspicuous lack of congressional support for the Justice Department's proposed sequel to the USA Patriot Act.

Another possibility is that the report on Sept. 11--prepared by the two most clandestine committees in Congress and released last week--may lead to more efficient surveillance techniques. Two key findings say the National Security Agency did not want others to think it was conducting surveillance domestically, so it limited its eavesdropping, even against spooks or terrorists inside the United States. The report concludes that the NSA's policy "impeded domestic counter-terrorist efforts."

What the report doesn't say is what should be done about terrorism--and whether that would swing the privacy pendulum in the other direction.