Behind the USA Patriot Act
Stay up to date with the latest headlines via email.
Editor's note: This is the first in a series of two articles on the USA Patriot Act by Ann Harrison. The second will explore what is known about the identity and conditions of the 1,147 people detained in the anti-terrorism investigation.
Since launching their no-holds-barred investigation into the Sept. 11 attacks, the FBI has released an astonishing amount of information about the men who they have identified as the hijackers. There are photographs of them passing through airport security and peering into ATM machines. The FBI has records of their cell phone calls, their cash transfers, air travel, credit card purchases, car rentals, email messages and hotel bills.
Now that the hunt is on for accomplices who could be planning more attacks, law enforcement officials have sought the legal authority to collect even more information about the minutiae of daily life. The new anti-terrorism law signed into law on Oct. 26 grants law enforcement authorities sweeping new surveillance powers that are not limited to terrorism investigations but also apply to criminal and intelligence investigations.
The new law, known as the USA Patriot Act, reaches into every space that Americans once imagined was private. For instance, police can now obtain court orders to conduct so called "sneak and peak" searches of homes and offices. This allows them to break in, examine and remove or alter items without immediately, if ever, presenting owners with a warrant detailing what they were entitled to do and where.
This seismic shift in the government's power of search and seizure also extends to the examination of records. Authorities can browse medical, financial, educational or even library records without showing evidence of a crime. The law overrides existing state and federal privacy laws if the FBI claims that the information is connected to an intelligence investigation.
In addition, credit reporting firms like Equifax must disclose to the FBI any information that agents request in connection with a terrorist investigation, without the need for a court order. In the past, this was only permitted in espionage cases.
Biometric technology, such as fingerprint readers or iris scanners, will become part of an "integrated entry and exit data system" to identify visa holders entering the United States. Face recognition technology is now being installed in several U.S. airports.
The legislators who rushed these provisions through the House and Senate say that law enforcement authorities need this data to help track down terrorists and prevent future attacks. "We were able to find what I think is the appropriate balance between protecting civil liberties, privacy and ensuring that law enforcement has the tools to do what it must," said Senate Majority Leader Thomas Daschle (D-S.D.) in a statement following the passage off the bill.
But civil liberty groups have been alarmed by this legislation since it started whisking its way through Congress. Jim Dempsey, deputy director of the Washington D.C.-based Center for Democracy and Technology (CDT), says he is particularly concerned about the provision in the law that allows the FBI to share with the CIA information collected in grand jury investigations. The 1947 National Security Act states that the CIA should have no domestic police or subpoena powers. But Dempsey says CIA agents could now use their close relationship with the FBI to essentially fill in subpoenas provided by prosecutors. "To do this with no prior judicial approval is a fundamental change in the way we have set up our police agencies and set them apart from our foreign intelligence agencies," said Dempsey. "And it was done with very little debate."
Legislators who voted for the USA Patriot Act pointed out that the most controversial surveillance sections will would expire in 2005. Senate Judiciary Committee chairman Sen. Patrick Leahy (D-Vt.) announced that a four-year expiration date "will be crucial in making sure that these new law enforcement powers are not abused."
Dempsey says the CDT is hoping there will be a Congressional review prior to any extension of the provisions. But he, and many others, have pointed out that these so-called "sunset provisions" do not apply to the sharing of grand jury information, giving the CIA the permanent benefits of grand jury powers.
The so-called "sneak and peak searches" are permanent as well. And further, the sunset provisions do not apply to ongoing cases. This means that intelligence investigations, which often run for years, would continue to operate under the law even if provisions are not extended past 2005. Also exempted are any future investigations of crimes that took place before this date.
Internet surveillance via "pen register" devices, which capture phone numbers dialed on outgoing telephone calls, and "trap and trace" devices, which capture the numbers of incoming calls, are also exempt from the sunset provisions. These orders were originally used to provide investigators with telephone numbers dialed by suspects. They can now be used to monitor email addressing information and Web pages visited, in some circumstances without judicial oversight. Investigations approved by the secretive FISA intelligence court would also not require notification.
Lee Tien, senior staff attorney for the San Francisco-based Electronic Frontier Foundation, notes that this type of surveillance requires mere certification with no evidence that the person being monitored is involved in criminal conduct or is a suspected member of a terrorist organization. While this online surveillance requires a judge's approval, the law mandates that the judge must approve every request and is not required to evaluate how the order was carried out.
Tien said he will be working with other online civil liberties groups to get the government to notify targets of pen/trap surveillances and increase judicial oversight. "The potential for pen/trap surveillance on the Internet is enormous," says Tien.
The new law also permits any U.S. attorney or state attorney general to order the installation of the FBI's Carnivore Internet surveillance system, which also has the capacity to capture the contents of email messages. The agency says the public must trust that investigators will not review this information.
Unlike trap and trace orders, Carnivore requires that investigators set up an audit trail which includes what information was gathered, by whom and when. But Tien notes the court is not required to review the information and make sure that it complies with the terms of the certification. "No one has that oversight role," says Tien.
While the government has the power to snoop, citizens who engage in similar activities now fall under the government's new definition of terrorists. The current definition of terrorism has been expanded to include hacking into a U.S. government computer system or breaking into and damaging any Internet-connected computer. Prison terms of between five to 20 years can now be used to prosecute the new crime of "cyberterrorism," which covers hacking attempts causing $5,000 in aggregate value in one year, damage to medical equipment or injury to any person.
Even Internet Service Providers, universities and network administrators are authorized under the new law to conduct surveillance of "computer trespassers" without a court order. The new law compels any Internet provider or telephone company to turn over customer information, including phone numbers called, without a court order, if the FBI claims that the records are relevant to a terrorism investigation. The company is forbidden to disclose that the FBI is conducting an investigation, has immunity to provide any sensitive data and is not bound by statutory rights to suppress the information. "There is no incentive for anyone to know about it, or challenge it or rein it in," says Dempsey.
Prior to the passage of the USA Patriot Act, Laura Murphy, Director of the ACLU Washington National Office, wrote letters to the House and Senate warning that the bill would give enormous power to the executive branch unchecked by meaningful judicial review. "Included in the bill are provisions that would allow for the mistreatment of immigrants, the suppression of dissent and the investigation and surveillance of wholly innocent Americans," said Murphy.
Civil liberties groups point out that the government has a history of launching investigations against political dissidents. These include the FBI investigations of Martin Luther King and other civil rights leaders in the 1960s, illegal spying on anti-war protesters in the 1960s and 1970s and surveillance on the sanctuary movement that provided asylum for those fleeing Central American death squads during the 1980s.
Attorney General John Ashcroft has brushed off these concerns and issued a directive to law enforcement investigators, urging them to aggressively use the new powers, which he says will be used to launch a "law enforcement campaign."
Steve Shapiro, national legal director for the ACLU, says Congress should use its unique subpeona power to get information about investigations and exercise its oversight authority on investigators. "Congress has given them these powers," said Shapiro. "And it has a big responsibility to make sure these powers are not abused."
Tien said the EFF would also be actively opposing calls for national ID cards, for biometric systems and for mandatory record keeping by ISPs, which has already been discussed seriously in Europe.
Dempsey says the CDT is concerned about the possibility that because the FBI has not been able to get to the core of the suspected terrorist cells, they will cast an even wider net. Cut loose from past standards and judicial controls, investigators, he fears, will collect more information on innocent people and be distracted from the task of actually identifying those who may be planning future attacks.
"That is where the law allows them to take it," says Dempsey. "And that is bad for civil liberties and bad for anti-terrorism investigations."
Ann Harrison is a San Francisco journalist who writes regularly for SecurityFocus.com and BusinessWeek.com.