The PATRIOT Act, Technology and Records Privacy David L. Sobel General Counsel Electronic Privacy Information Center [email protected] ECURE 2004 Arizona State University Tempe, AZ March 1, 2004
Download ReportTranscript The PATRIOT Act, Technology and Records Privacy David L. Sobel General Counsel Electronic Privacy Information Center [email protected] ECURE 2004 Arizona State University Tempe, AZ March 1, 2004
The PATRIOT Act, Technology and Records Privacy David L. Sobel General Counsel Electronic Privacy Information Center [email protected] ECURE 2004 Arizona State University Tempe, AZ March 1, 2004 The Fourth Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. But the Supreme Court Says . . . There is “no legitimate ‘expectation of privacy’” in bank records. “The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government. . . . [T]he Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose . . .” United States v. Miller, 425 U.S. 435 (1976) So Privacy Protection is Left to Congress In response to the Miller decision, Congress passed the Right to Financial Privacy Act of 1978 (Public Law 95-630) providing bank customers with some privacy regarding records held by banks and other financial institutions and providing procedures whereby Federal agencies can gain access to such records. Post-9/11: USA PATRIOT Act - Expands government authority to obtain personal information - Limits judicial review, most of which resides in the secret FISA Court - Secrecy limits public oversight or ability to challenge data collection Broad New Subpoena Power FBI may obtain an order requiring production of “any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities.” Gag Order -- “No person shall disclose to any other person (other than those persons necessary to produce the tangible things under this section) that the Federal Bureau of Investigation has sought or obtained tangible things under this section.” USA PATRIOT Act, Sec. 215 Broad New Subpoena Power Sec. 215 can be used to access: - purchase records - computer files - educational records - library records - genetic information Hearing of the House Judiciary Committee, June 5, 2003 (testimony of Attorney General John Ashcroft) Access to Student Records -- FERPA Amendment to FERPA permits schools to disclose – without the consent or knowledge of the student or parent – personally identifiable information from the student’s education records to the Attorney General in response to an ex parte order in connection with the investigation of terrorism. Also amends FERPA’s record keeping requirements-does not require a school official to record a disclosure of information from a student’s record when the school makes that disclosure pursuant to an ex parte order. - USA PATRIOT Act, Sec. 507 National Security Letters (NSLs) - a form of administrative subpoena that permits the FBI to request from businesses records of, among other things, telephone and Internet activity or financial data from banks and other financial institutions bearing on counterintelligence or terrorism cases. - subpoenas are secret; the disclose having received one. recipient cannot - NSLs can be issued by relatively low-level FBI officials without going to any court. National Security Letters (NSLs) PATRIOT Act: Removed the requirement that the FBI have specific facts linking the subject to a foreign power to justify each letter. To issue as NSL, the FBI merely has to certify that the information is “relevant” to a national security investigation. 2004 Intelligence Authorization Act: Expanded the definition of “financial institution” to include insurance companies, pawnbrokers, dealers in precious metals, the Postal Service, casinos, travel agencies and more. How Are the New Authorities Being Used? Government claimed that disclosing the number of FISA applications could enable adversaries to discern whether and to what extent business records and other items in the possession of third parties offered a safe harbor from the FBI. “. . . the Court is obliged to uphold DOJ's withholding, notwithstanding plaintiffs’ compelling argument that the disclosure of this information will help promote democratic values and government accountability.” ACLU & EPIC v. DOJ, 265 F. Supp. 2d 20 (D.D.C. 2003) A Secret is Revealed So What Happened in Las Vegas? Las Vegas hotel operators and airlines serving McCarran International Airport are being required by the FBI to turn over all guest and passenger names and personal information, at least during the holiday period, several sources said Tuesday. FBI spokesman Todd Palmer confirmed the federal action and said the requirement that the companies surrender customer information is a “normal investigative procedure.” . . . The information is being transmitted electronically to the FBI on what could amount to 300,000 visitors to Las Vegas daily. Las Vegas Review-Journal (December 31, 2003) “Homeland Security” and Academic Freedom Drake University President David Maxwell said Tuesday that a federal grand jury’s demand for information about a student group involved in an anti-war conference violated students' rights and the university’s purpose. “Of all places, we are a safe haven for ideas, and particularly for unpopular ideas,” he said. After the university raised questions about student privacy laws, the subpoena was withdrawn Friday and replaced by an order asking for records of the meeting, including documents identifying people attending the meeting and security records describing what was discussed at the meeting. Des Moines Register (February 11, 2004) “Homeland Security” and Research Data NASA Ames requested passenger data from Northwest Airlines “to be used in our research and development work.” More than 10 million Passenger Names Records (PNR) were provided to the agency. Aviation Security -- CAPPS II - Will conduct background checks on all passengers - Classified system; sources of data will not be published - Accuracy and due process issues; passenger rights? - GAO: TSA has failed to address privacy and “redress” issues - Will this approach expand to other environments? (and where will the data come from?) The PATRIOT Act, Technology and Records Privacy David L. Sobel General Counsel Electronic Privacy Information Center [email protected] ECURE 2004 Arizona State University Tempe, AZ March 1, 2004