B  U  L  L  E  T  I  N


    of the American Society for Information Science and Technology         Vol. 31, No. 5        June/July 2005

Go to
Bulletin Index

bookstore2Go to the ASIST Bookstore

Copies

Opinion

The USA Patriot Act Redux: Should We Reauthorize or Repudiate the Post-9/11 Authorities?

by Lee S. Strickland

Lee S. Strickland, is currently a professor at the College of Information Studies (CLIS) and director of the Center for Information Policy that is co-sponsored by the School of Public Policy . Formerly, he served a 30-year career with the United States government as a member of the Senior Intelligence Service, including positions such a chief privacy officer for the CIA.

April 2005 has seen the beginning of a national discussion on the 16 provisions of the USA Patriot Act that will "sunset" or automatically terminate on December 31, 2005, unless re-authorized by Congress. Perhaps no other legislation in recent times has so widely polarized the American people – from those who would change not a word to those who believe it is an unwarranted assault on American constitutional values. However, beyond the merits of the individual sections to be re-authorized (discussed below), there is the issue of scope. These few provisions that are under consideration constitute a very small and somewhat arbitrary choice of sections from this expansive Act, which extends to 1016 sections over a total of 131 pages. In point of fact, many of the government activities of civil liberties concern are simply not part of the pending debate. This omission is because they are predicated on other sections of the Act that will continue in full force (such as the effectively unlimited detention of aliens by the Attorney General pursuant to §412) or because they have been pursued by the Administration independent of the Act (for example, the imprisonment of both citizens and non-citizens as enemy combatants outside of the criminal justice system or the various initiatives for data mining of commercial data repositories).

Although the debate is limited in law, one fact is clear: the issue of civil liberties is of concern to average Americans, especially when their attention is focused on the issue, as well as to a substantial number of members of Congress on both sides of the aisle. Hundreds of local jurisdictions have voted to oppose the Act (politically symbolic acts largely without legal effect), bills in Congress to restrict specific Patriot Act provisions in the past have failed just by a tie vote, and the public, according to opinion polls, believes the FBI is intruding on their privacy.

There is one additional fact of interest and that is the change in tenor of the debate. Where previously Attorney General Ashcroft equated discussion of the issue with disloyalty, stating that those who raise the specter of lost liberties only aid terrorists, there is now a degree of balance. For example, our new Attorney General Gonzalez has stated that the goal of re-authorization is not only “to give law enforcement the tools they need to keep America safe” but also to honor “our values and our Constitution.” And in so stating, the Department of Justice on April 5, 2005, released the first detailed use of their powers under the USA Patriot Act (see www.usdoj.gov/opa/pr2005/April/05_opa_163.htm). Among other facts: the infamous §215 powers – that authorize the secret Foreign Intelligence Surveillance Court (FISC) to issue orders to any entity for the production of any information that is required for a foreign intelligence investigation – have been used 35 times but not yet against a library or bookstore.

As a professor at the University of Maryland, who comes from a career in the intelligence community largely with CIA but maintains a strong belief in the importance of individual rights, I believe that I bring a unique perspective and opinion to the issue at hand: the government is still failing to deliver on their new promise to honor our Constitutional values in this re-authorization effort. I submit that we need to pay real attention to civil liberties because of the new powers, including the broader authority to operate domestically as well as the developing technical ability of the government to "connect the dots." Together, these developments present a quintessential question: How does the United States avoid the intelligence abuses of the past yet acquire the needed information to protect citizens' lives and property?

The wrong answer is to balance civil liberties and government power – an approach that suggests we will have a little of both. The right answer is to engineer civil liberties with the same enthusiasm and attention that we are engineering additional powers for the government, and if we fail to do so we risk not only our liberties but the powers that we need to keep America safe. As evidence of this proposition, we need to look no further than the story behind CAPPS II – the Computer Assisted Passenger Pre-Screening System II that would evaluate passenger risk by data mining commercial and government data repositories. Here, the failure to address civil liberties concerns resulted in a failure of support across a broad spectrum of the political landscape and finally caused Department of Homeland Security (DHS) Secretary Ridge to terminate the program, replacing it with Secure Flight, which is raising many of the same concerns currently.

Today, because of this policy failure, we are left with an ad hoc, arbitrary, inefficient and data-poor system to ensure airline safety. It is no exaggeration to suggest that today’s Transportation Security Administration (TSA) is a model authoritarian police agency, albeit with polite agents, where individuals are singled out for intrusive inquiries and even denied transportation for reasons that will never be disclosed to them. And to compound this situation, the decision-making in this system is highly suspect in terms of efficacy. For example, the system will identify a given individual as a security risk but cannot identify a co-traveler whose ticket was purchased by the so-called “security risk” – even a high-value last minute ticket that should be suspect in general. Clearly, the current system does not have even a rudimentary intelligence analysis capability that might work to make America safer.

It follows that we need to approach re-authorization as an engineering task with dual objectives. We must be able to show that the powers are necessary (that other existing or less intrusive means are unavailing), that they are productive (they are producing convictions or otherwise combating terrorism) and, most important, that there are effective methods for oversight and redress. Let me offer three examples.

First, the §215 powers changed the requirement that there be probable cause that the target was an agent of a foreign power to a simple requirement that the government assert the information is required for an investigation. Is that change, essentially changing the role of the courts to a rubber stamp, necessary? It may be more convenient for the government, but that does not mean the prior process hindered, much less hampered, government investigations.

Second, are there truly notable results? To date, we have seen some 400 prosecutions in the war on terrorism, but convictions in less than half and a significant number of those for relatively minor offenses such as credit card fraud and immigration violations. Certainly there have been some successes, but many more failures (for example, the Brandon Mayfield fingerprint debacle) and no clear evidence that all of the USA Patriot Act powers are demonstrably and uniquely productive.

Lastly, and most important, there is the lack of oversight and redress. Individual rights can be protected only by independent guardians operating in the public light. With the greatly reduced role of the FISC and the essentially powerless Civil Liberties Oversight Board that was established by the December passage of the Intelligence Reform Act, there are no meaningful oversight mechanisms. However, there is also no reason why one could not be established. For example, Britain's Regulation of Investigatory Powers Act (roughly equivalent to our USA Patriot Act) established a comprehensive independent authority in 2000 – the Investigatory Powers Tribunal – to oversee intelligence activities with the authority to interview any member of and have access to any records of the intelligence services and to issue any orders to remedy violations of rights under national or European Community law. This logical scheme has not endangered Britain's security, and similar oversight in the United States is fully appropriate.

To date, we have had only limited progress in this regard. For example, 24 representatives, including Christopher Van Hollen and Elijah Cummings, recently introduced H.R. 1310 to enhance the powers of the Civil Liberties Oversight Board – to grant it subpoena authority, make it independent with fixed terms of office and require that the membership be qualified and bipartisan. All are common-sense requirements for effectiveness, and without these steps the board effectively would be powerless. For example, it could not gain access to information held by private companies that perform many intelligence and homeland security functions, the members could be dismissed at any time if their actions displeased the president and Congress largely would not know their activities and findings. As mentioned previously, only independent guardians operating in the public light can protect individual rights.

So let’s consider several of the re-authorization provisions from this perspective of necessity, productivity and oversight – keeping in mind that these provisions were selected rather arbitrarily from the many hundreds of provisions in the USA Patriot Act and generally concern or focus on electronic surveillance. We must also realize that the Patriot Act addressed provisions both in our criminal law system, with its foundation in the 4th Amendment and probable cause of criminal activity as a standard, and our intelligence system, with its foundation in the Foreign Intelligence Surveillance Act (FISA), utilizing standards of probable cause that the subject under investigation is an agent of a foreign power or less stringent grounds and utilizing the secret Foreign Intelligence Surveillance Court (FISC).

The following are the least and most controversial sections:

·        §202 – Enhanced penalties to the federal Computer Fraud and Abuse Act: Used twice in drug trafficking investigations; not yet critical to the war on terrorism but an extremely logical change given the pervasive and growing risk of computer crime.

·        §215 – Broadened authority to seek intelligence court orders for information: As discussed previously, it is one of the most controversial of the USA Patriot Act authorities. The primary concern is the elimination of standards for the issuance of such orders (any material can be demanded from any entity based only on an assertion by the government that it is “required”) and the lack of evidence that such change was necessary. Is there any cogent reason why providing a more substantive role to federal judges is not appropriate given the very broad scope of this authority?

These provisions better mesh law enforcement and intelligence activities:

·        §203 – Sharing of law enforcement information with intelligence officials: Used many times and highly logical considering that law enforcement information is collected under the stricter “probable cause of criminal action” standard and passed to the intelligence environment with a standard of “agent of a foreign power” or simply that information is “required.”

·        §218 – Allowing dual intelligence and law enforcement investigation: Perhaps the most complicated provision, its effect was to eliminate the so-called “wall” between law enforcement and intelligence investigations and allow the use of the lower standard intelligence warrants when intelligence and law enforcement purposes are present in a given case and thus criminal prosecutions will likely ensue. The concern is that this dual focus will subtly erode the 4th Amendment criminal standard of probable cause of criminal conduct with the intelligence standard of “agent of a foreign power” or simply the “required” requirement for certain intelligence orders. The Department of Justice cites usage in the “Portland Seven” case but media reports suggest many other issues in situations that would appear to be routinely criminal. Much more information is required to make a judgment on the continuation of this inherently logical but potentially corrosive provision.

A number of technical provisions relate to electronic communications:

·        §206 – Roving wiretap provisions added to the Foreign Intelligence Surveillance Act: Similar to the authority in the criminal arena, it has been used 49 times. Perhaps the greatest criticism is the lack of understanding as to whether roving wiretaps in general – that follow persons and not specific communications devices – are effectively being exercised in an overly broad manner that extends beyond the authorizing basis.

·        §207 – Extension of duration of FISA electronic surveillance and physical search orders: Used many times and only with the specific approval of a federal judge; logical with significant saving of time by FBI and Department of Justice lawyers, which improves the efficiency of the war on terrorism efforts without any appreciable impact on individual rights.

·        §209 – Harmonizes rules for access to stored voice-mail with rules for e-mail: Used many times, albeit exclusively in major criminal investigations including drug smuggling; logical but with no impact on war on terrorism.

·        §214 – Harmonizes rules for pen registers (record numbers dialed) and trap-and-trace (record incoming numbers) in intelligence and law enforcement cases: Previously, intelligence cases to identify numbers dialed required a showing of probable cause that the target was an agent of a foreign power, whereas in criminal cases there was only a necessity showing. Logical and proven necessary in a number of terrorism cases.

·        §220 – Nationwide reach of search warrants for electronic evidence in criminal cases: Logical provision that demonstrably increases efficiency and productivity with notable results.

And three provisions are of specific interest to schools, libraries and service providers (in addition to §215 discussed previously):

·        §212 – Allows electronic communications service providers broader authority to share content with government authorities in an emergency: Minimal usage. Initially there were concerns that the provision would be used by the government to “encourage” providers to disclose content on a wholesale basis.

·        §223 – Jurisdiction to sue federal officials: An obscure and largely meaningless section that allows lawsuits for inappropriate release of information by a federal official. Never used and unlikely to be used.

·        §225 – Immunity for compliance with FISC orders: Fair and logical provision since recipients such as a library or school would have little reason or knowledge to comply or not with a court order that appears valid in all respects.

As may be evident, there is considerable complexity in the re-authorization debate as well as limitations in the larger civil liberties debate in the post-9/11 world because so many issues are not part of the reauthorization. But in this debate and in my judgment the powers authorized by sections §215 and §218 require the closest consideration.

Finally, there are also a range of questions about the general scope of the USA Patriot Act that continue to cause confusion and uncertainty among members of the academic and library community. In brief, here are a few of those questions and answers:

·        Could the pen/trap provision collect header information in e-mail transactions and Web surfing that implicitly reveals content? Generally, no. The Department of Justice has confirmed that this is avoided but various technology issues still present questions.

·        Is a service provider such as a library or university required to take any specific actions under the Patriot Act? No. The Act neither requires a provider to change current data retention practices nor reconfigure their systems to facilitate compliance with a court order. There is, however, a provision that requires preservation of existing information upon written demand, if it exists, pending receipt of an appropriate judicial order.

·        Could the provision that allows ISPs to request law enforcement assistance serve as a general path of unrestricted entrée for law enforcement? No. The authority under this provision can only be invoked by the provider.

·        Does the general secrecy provision of all FISA (i.e., intelligence) orders limit contact with counsel or senior management? No; while the individual and the institution receiving a FISA order may not disclose the fact of or details concerning the order, counsel and senior management may be informed and there is a little recognized fact: counsel may file any legal challenges, albeit under seal, that appear appropriate.

·        Are there other issues for libraries, universities and even individual professors beyond the specifics of the USA Patriot Act? Yes; according to a post-9/11 survey by the University of Illinois, there is a 4-1 ratio between voluntary requests for information requests by law enforcement and judicial demands for information. This means that any protocol for receipt and response to search warrants and other forms of judicial process must address the much greater likelihood that law enforcement will simply request information. And the surprising fact is that the Illinois study revealed that there is a stunning 50% compliance rate for such voluntary requests – actions that might well violate state student or library patron confidentiality laws.

The bottom line on the USA Patriot Act re-authorization is that while tools are required by the government, especially given the evolution in technology and the change in operational characteristics of the threat (from a monolithic symmetric threat to one that is highly diverse, networked and asymmetric), direct judicial involvement as well as effective oversight is even more required. We can engineer both objectives if we, as a nation, continue to engage in a meaningful discussion.


How to Order

American Society for Information Science and Technology
8555 16th Street, Suite 850, Silver Spring, Maryland 20910, USA
Tel. 301-495-0900, Fax: 301-495-0810 | E-mail:
asis@asis.org

Copyright © 2005, American Society for Information Science and Technology