The PATRIOT Act, Technology and Records Privacy David L. Sobel General Counsel Electronic Privacy Information Center [email protected] ECURE 2004 Arizona State University Tempe, AZ March 1, 2004
Download
Report
Transcript The PATRIOT Act, Technology and Records Privacy David L. Sobel General Counsel Electronic Privacy Information Center [email protected] ECURE 2004 Arizona State University Tempe, AZ March 1, 2004
The PATRIOT Act, Technology
and Records Privacy
David L. Sobel
General Counsel
Electronic Privacy Information Center
[email protected]
ECURE 2004
Arizona State University
Tempe, AZ
March 1, 2004
The Fourth Amendment
The right of the people to be secure in
their persons, houses, papers, and
effects, against unreasonable searches
and seizures, shall not be violated, and
no Warrants shall issue, but upon
probable cause, supported by Oath or
affirmation, and particularly describing
the place to be searched, and the persons
or things to be seized.
But the Supreme Court Says . . .
There is “no legitimate ‘expectation of privacy’”
in bank records.
“The depositor takes the risk, in revealing his
affairs to another, that the information will be
conveyed by that person to the Government. . . .
[T]he Fourth Amendment does not prohibit the
obtaining of information revealed to a third party
and conveyed by him to Government authorities,
even if the information is revealed on the
assumption that it will be used only for a limited
purpose . . .”
United States v. Miller, 425 U.S. 435 (1976)
So Privacy Protection is Left to
Congress
In response to the Miller decision,
Congress passed the Right to Financial
Privacy Act of 1978 (Public Law 95-630)
providing bank customers with some
privacy regarding records held by banks
and other financial institutions and
providing procedures whereby Federal
agencies can gain access to such
records.
Post-9/11: USA PATRIOT Act
- Expands government authority to
obtain personal information
- Limits judicial review, most of which
resides in the secret FISA Court
- Secrecy limits public oversight or
ability to challenge data collection
Broad New Subpoena Power
FBI may obtain an order requiring production of
“any tangible things (including books, records,
papers, documents, and other items) for an
investigation to protect against international
terrorism or clandestine intelligence activities.”
Gag Order -- “No person shall disclose to any
other
person
(other
than those persons
necessary to produce the tangible things under
this section) that the Federal Bureau of
Investigation has sought or obtained tangible
things under this section.”
USA PATRIOT Act, Sec. 215
Broad New Subpoena Power
Sec. 215 can be used to access:
- purchase records
- computer files
- educational records
- library records
- genetic information
Hearing of the House Judiciary Committee, June 5,
2003 (testimony of Attorney General John Ashcroft)
Access to Student Records -- FERPA
Amendment to FERPA permits schools to disclose –
without the consent or knowledge of the student or
parent – personally identifiable information from the
student’s education records to the Attorney General
in response to an ex parte order in connection with
the investigation of terrorism.
Also amends FERPA’s record keeping requirements-does not require a school official to record a
disclosure of information from a student’s record
when the school makes that disclosure pursuant to
an ex parte order.
- USA PATRIOT Act, Sec. 507
National Security Letters (NSLs)
- a form of administrative subpoena that permits
the FBI to request from businesses records of,
among other things, telephone and Internet
activity or financial data from banks and other
financial institutions bearing on counterintelligence
or terrorism cases.
- subpoenas are secret; the
disclose having received one.
recipient
cannot
- NSLs can be issued by relatively low-level FBI
officials without going to any court.
National Security Letters (NSLs)
PATRIOT Act:
Removed the requirement that the FBI have
specific facts linking the subject to a foreign
power to justify each letter. To issue as NSL, the
FBI merely has to certify that the information is
“relevant” to a national security investigation.
2004 Intelligence Authorization Act:
Expanded the definition of “financial institution”
to include insurance companies, pawnbrokers,
dealers in precious metals, the Postal Service,
casinos, travel agencies and more.
How Are the New Authorities
Being Used?
Government claimed that disclosing the number of
FISA
applications
could
enable
adversaries
to discern whether and to what extent business
records and other items in the possession of third
parties offered a safe harbor from the FBI.
“. . . the Court is obliged to uphold DOJ's
withholding, notwithstanding plaintiffs’ compelling
argument that the disclosure of this information
will
help
promote
democratic
values
and
government accountability.”
ACLU & EPIC v. DOJ, 265 F. Supp. 2d 20 (D.D.C. 2003)
A Secret is Revealed
So What Happened in Las Vegas?
Las Vegas hotel operators and airlines serving McCarran
International Airport are being required by the FBI to
turn over all guest and passenger names and personal
information, at least during the holiday period, several
sources said Tuesday.
FBI spokesman Todd Palmer confirmed the federal
action and said the requirement that the companies
surrender
customer
information
is
a
“normal
investigative procedure.” . . .
The information is being transmitted electronically to the
FBI on what could amount to 300,000 visitors to Las
Vegas daily.
Las Vegas Review-Journal (December 31, 2003)
“Homeland Security” and
Academic Freedom
Drake University President David Maxwell said Tuesday
that a federal grand jury’s demand for information about
a student group involved in an anti-war conference
violated students' rights and the university’s purpose.
“Of all places, we are a safe haven for ideas, and
particularly for unpopular ideas,” he said.
After the university raised questions about student
privacy laws, the subpoena was withdrawn Friday and
replaced by an order asking for records of the meeting,
including documents identifying people attending the
meeting and security records describing what was
discussed at the meeting.
Des Moines Register (February 11, 2004)
“Homeland Security” and
Research Data
NASA Ames requested passenger data from Northwest
Airlines “to be used in our research and development
work.” More than 10 million Passenger Names Records
(PNR) were provided to the agency.
Aviation Security -- CAPPS II
- Will conduct background checks on all passengers
- Classified system; sources of data will not be
published
- Accuracy and due process issues; passenger rights?
- GAO: TSA has failed to address privacy and
“redress” issues
- Will this approach expand to other environments?
(and where will the data come from?)
The PATRIOT Act, Technology
and Records Privacy
David L. Sobel
General Counsel
Electronic Privacy Information Center
[email protected]
ECURE 2004
Arizona State University
Tempe, AZ
March 1, 2004