Homeland Insecurity
Is your privacy in danger?
By Joyce Slaton
SF Gate
Thursday, December 12, 2002
SLIS Summary
Feedback was fairly positive when President Bush signed the Homeland Security bill into law on Nov. 25. The new legislation attempts to streamline how intelligence information is collected and disseminated. Its main purpose is the creation of a new Department of Homeland Security to take charge of 22 government agencies, including the Coast Guard and the Secret Service, with the goal of more smoothly sharing information.
This legislation also has a potential dark side. A little-known bit of legislation known as the Cyber-Security Enhancement Act (CSEA) of 2002 managed to make its way into the Homeland Security bill, after having earlier stalled in the Senate Judiciary Committee. This act makes it easier than ever for government to access private electronic information--e-mail, voice mail, phone records, Web transactions, and chat-room transcripts.
"Privacy is being slowly and gradually eroded by technology, and here's one more brick in the wall, one more way the government can get information on private citizens without judicial oversight," says Lee Tien, senior staff attorney at the Electronic Frontier Foundation. "In the U.S., we have a long history of the NSA, the FBI and the CIA spying on private citizens. This is the kind of thing that makes me wonder what J. Edgar Hoover would do with this kind of power."
Older legislation put firm restrictions on what the government could see and what it had to do to see it. A government or law-enforcement agent at the very least had to get a subpoena to take a peek at stored electronic communication. The most sensitive types of information required a warrant, ensuring that a representative of that agency had appeared before a judge and explained why the intrusion was needed. The burden was on the agency to show "probable cause."
Post-9/11 however, government entities and private citizens alike are increasingly frightened of the kinds of communication passing unnoticed through networks. The 2001 USA Patriot Act created an "emergency exception" to previous privacy legislation. Internet Service Providers (ISPs) and other communication providers can now to share the contents of e-mail or other electronic communications with law-enforcement agencies if there is a reasonable belief that an emergency involving immediate danger of death or serious physical injury required disclosure.
CSEA goes even farther in allowing disclosure. Some worry too far. The act removes the requirement that ISP disclosure be connected with immediate danger of death or physical injury. Disclosure can now be connected to an undefined "immediate threat to a national-security interest." CSEA also replaces the USA Patriot Act's "reasonable belief" requirement "good faith" requirement.
"Are there objective factors that would lead a reasonable person to believe there is a problem?" asks Anita Ramasastry, associate director of the Shidler Center for Law, Commerce & Technology at the University of Washington School of Law in Seattle. "Or is the owner of the ISP overreacting? Under the CSEA, it doesn't matter anymore--as long as the ISPs believe there's a danger, they're provided with immunity for disclosing information, whether that belief is reasonable or not."
CSEA also makes changes as to whom the ISPs can disclose information. CSEA basically allows disclosure of private information to any federal, state or local government entity. The bill gives the same power to the San Francisco Board of Supervisors, the Employment Development Department and even high school principals, which dramatically lowers the standards for where information can be shared. "Academics like me have to ask: Does that include the dogcatcher?" says Ramasastry. "There's a vagueness there, and that leaves room for error."
Some say people don't much to worry about. ISPs don't really have the time or the inclination to go sorting through all the information streaming through their network daily. "Nobody who runs an ISP has the time to monitor people's e-mail," says Mike Jackman, executive director of the California ISP Association. "They're busy trying to get customers and running a business.
"ISPs, of course, always respond to law-enforcement requests for information, but those are very few and far between," Jackman continues. "Realistically, if law enforcement is working on a case, they're much more likely to get a search warrant and look at what's on someone's computer hard drive rather than monitoring their e-mail or Web activity. Generally, all the damaging information they'd need is right there on the hard drive, which is a lot easier to access."
Michael Scardaville, homeland-security policy analyst for the Heritage Foundation, says privacy experts are overreacting. "They're trying to make sure we're protecting civil liberties, and that's great, but the CSEA basically allows Net service providers more freedom in reporting things they think might endanger someone," says Scardaville. "It doesn't require them to act like police and monitor their customers. So how is this any different than someone seeing a guy walking down the street with a machine gun and calling 911?"
"When people have the ability to do covert surveillance, the tendency is very strong for them to use it and, even when their motives are good, to abuse it," warns Tien. "The reason why we have a Fourth Amendment in the first place is that the framers experienced arbitrary and uncontrolled searches by the British. We've now let fear of terrorism make us forget our history, and we've surrendered accountability and privacy."
Read the full article:
www.sfgate.com/cgi-bin/article.cgi?file=/gate/archive/2002/12/12/csea.DTL
Posted December 13, 2002