Much of the security-vs-privacy debate has centred on legislation enacted quickly after the September attacks, the turgidly named "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act." The American Civil Liberties Union called it a far-reaching law that badly undermined privacy and judicial oversight. Many of the nation's largest newspapers editorialised against the measure as reactionary. Nine months later, however, many judicial experts are playing down initial fears over the legislation's severity. A law review article scheduled for publication early next year by former Justice Department attorney Orrin Kerr provides one of the first detailed analyses of the so-called Patriot Act that compares it to previous investigative practices. "The law is a lot more balanced than people thought," Kerr said, adding that it does little to change the way authorities do their jobs. "The government ended up introducing a law that didn't really take any major steps." At its core, the Patriot Act explicitly spells out new rules under which authorities can monitor online communications such as email or Web surfing. As was the case with wiretapping or other surveillance, agents must get judicial permission to obtain more information. Under the law, authorities can obtain information such as where email was sent or originated, and at what time. Roughly analogous to reading an envelope but not the letter inside, this means no court order is needed. If agents want to monitor an Internet service account to determine when messages are sent, they need a judge's permission but with relatively little justification. If agents seek the contents of a missive, which would include such elements as the body and subject line of an email, they would need a court order requiring a much higher level of justification, legal experts say. Although new, these laws mirror previously secret court decisions on FBI attempts to install high-tech spying equipment, according to Kerr and lawyers representing ISPs. ISPs are reluctant to discuss surveillance details, citing national security concerns. But they do say that surveillance requests have increased since last September, though their extent is difficult to gauge. "There has been some upswing, but it's not very significant," said Mike Harrad, a spokesman for Road Runner, Time Warner's cable Net service. "The view here is that the increase in requests has probably more to do with the more vigilant approach taken by enforcement agencies in the post-9/11 world than it has to do with the Patriot Act per se." Others are more concerned. "In some instances, law enforcement is being aggressive in interpreting USA Patriot to go beyond what was intended," says Stewart Baker, a Washington attorney who represents ISPs. Baker and other ISP sources say some law enforcement agents make requests for records of subscribers' past communications -- for which no court order is needed -- so frequently that it has nearly amounted to real-time information. For instance, agencies might request information about a subscriber several times a day or more, instead of seeking a week's worth of log files. Authorities hitting the books
Libraries also have concerns about the Patriot Act, particularly provisions that lower the standards for obtaining patron records. Under one portion of the law, federal agents need only a search warrant -- which requires immediate release of the records -- and no longer have to show that they might find evidence of a crime. What's more, the process is now secret. The court that approves these searches holds closed sessions, and librarians face prosecution if they disclose information about the inquiry to anyone, including the subject of the investigation. For years, many libraries have had electronic systems that delete checkout records after a few weeks. But information about people who have books checked out and those who owe fines are kept in the database until they return the books or pay the fees. Of 1,026 libraries surveyed by the American Library Association earlier this year, 85 -- or 8.3 percent -- had received 11 September-related requests for records from government agents. "If you use libraries, whatever you take out is information that could be demanded by the FBI," ALA President Mitch Freedman said. "The library user is just one small person who's been impacted by this dramatic expansion of investigative powers." The FBI and other law enforcement organisations declined to comment on any details regarding terrorism-related investigations. But comments made by officials in public have heightened concerns among civil liberties groups. On a recent trip to San Francisco, John Frazzini, a special agent with the Electronic Crimes Branch of the Secret Service, pleaded with companies to cooperate more fully in online investigations and report break-ins. He also warned of new crackdowns on hackers. "If you're a U.S. citizen and you're breaking into computer networks, not only are you criminal but I think you're unpatriotic," he said. Although they do not know of any prosecutions based on post-11 September changes, defense attorneys say they are already seeing their effects in other ways. Jennifer Granick, a defence attorney and director for Stanford University's Center for Internet and Society, said she and her colleagues have noticed that judges and juries are far more wary of hackers than they have been in years and are enforcing existing laws more actively. "They hear you're a hacker, and in this post-9/11 climate, they just get scared," Granick said, adding that technologists and hackers who point out legitimate security concerns risk getting caught in law enforcement's new web. She points to a case in Los Angeles, in which a man faced criminal charges after posting information on a Web site that pointed out insecurities in some email software and offered a repair. The man was convicted under a federal computer break-in law and is awaiting sentencing. "We are dismantling the checks and balances and basically letting government have a free-for-all," Granick said. "It may get uglier before it gets better." Click here to see part one of this report, "Cyberterrorism: The real risks".
Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
