The Privacy Lawyer: Privacy Policies And The Patriot Act
A provision relating to customer records may be struck down soon, but don't take any chances.
Just two months from now, the government has the opportunity to appeal a ruling by a N.Y. Federal District Court judge that strikes down an important provision of the controversial U.S. Patriot Act. The ruling, which came Sept. 29, was set to go into effect 90 days from that date unless the government solves the constitutional flaws the judge identified.
Few laws have elicited as much emotional and legal reaction as the Patriot Act. Adopted in the early days after the Sept. 11, 2001, attacks, the law includes many provisions sought by law enforcement over the years and gives the government many new rights to scrutinize public behavior. It also overrides many earlier privacy laws, such as allowing the government to collect information about an individual's videotape rentals, financial information, and even his or her Web searches and online practices. While many trust law-enforcement officials not to abuse the law, others believe that it's capable of abuse.
As Americans, the one safeguard that we've always had is to challenge governmental action through the courts. But certain provisions of the Patriot Act preclude judicial scrutiny. U.S.C. 18 β2709 is a section of the Patriot Act that permits the FBI to demand certain customer records from an Internet service provider or a telecommunications company that are "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." These demands are made in a special form of administrative subpoena called a national security letter, or NSL. Once it's formally issued, NSL recipients may not disclose anything about the NSL, including that it was ever even issued.
The American Civil Liberties Union, acting in an advocacy role and as counsel to an ISP plaintiff, brought an action to declare U.S.C. 18 β2709 unconstitutional under several grounds. These include challenges to the broad subpoena powers under the First, Fourth, and Fifth Amendments to the U.S. Constitution without judicial oversight, as well as challenges of the nondisclosure provision as a prior restraint of speech under the First Amendment.
The decision holds that (1) the restriction on any disclosure about the NSL or its issuance, to anyone, in perpetuity is overbroad and open ended and, as such, violates the First Amendment of the U.S. Constitution, and (2) the NSL recipient's inability to have the NSL reviewed by a court violates the Fourth Amendment to the U.S. Constitution. Because the court held that the restraint subsection under the statute could not be severed from the remainder of the statutory provisions, the entire β2709 would have to be struck down.
Without this special provision, the FBI would have to obtain a search warrant or court order to access customer records. That in turn requires that the request be presented to a magistrate or judge before being issued. Unique to the NSL is that no prior review is made by any member of the judiciary and that its recipient cannot seek judicial review of the propriety of the NSL, or its scope before complying (or even after compliance, under the gag provision). NSLs are not unique to the U.S. Patriot Act. They are used in several other national security regulatory schemes.
The judge spent several pages discussing the importance of the environment under which the law was first enacted, in response to the terrorist attacks of Sept. 11. The decision discusses the need to constantly balance governmental efficiencies against fundamental liberties. While recognizing that the balance is rarely easy, the court held that the balance always is stacked in favor of fundamental liberties at the cost of efficiencies. Mindful of the crisis atmosphere and the real risks of terrorism post-Sept. 11, the decision quotes from previous decisions noting that the greatest risk to fundamental liberties comes during times of great crisis. Courts during these times must use enhanced vigilance not to compromise these liberties in the name of expediency.
Solutions could be proposed allowing for a sealed and private judicial proceeding, perhaps, should the NSL recipient seek judicial review. There may be other ways to save the intent of the provision and address the needs of our law-enforcement agencies in the fight against terrorism. But all would require legislative action.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.