EFF Analysis Of The Provisions Of The USA PATRIOT Act
That Relate To Online Activities (Oct 31, 2001)
The following is an excerpt from the EFF Analysis - Mephisto
See: eff.org
Introduction
On October 26, 2001, President Bush signed the USA Patriot Act (USAPA) into law. With this law we have given sweeping new
powers to both domestic law enforcement and international intelligence agencies and have eliminated the checks and balances that
previously gave courts the opportunity to ensure that these powers were not abused. Most of these checks and balances were put
into place after previous misuse of surveillance powers by these agencies, including the revelation in 1974 that the FBI and foreign
intelligence agencies had spied on over 10,000 U.S. citizens, including Martin Luther King.
A Rush Job
The bill is 342 pages long and makes changes, some large and some small, to over 15 different statutes. This document provides
explanation and some analysis to the sections of the bill relating to online activities and surveillance. Other sections, including those
devoted to money laundering, immigration and providing for the victims of terrorism, are not discussed here.
Yet even just considering the surveillance and online provisions of the USAPA, it is a large and complex law that had over four
different names and several versions in the five weeks between the introduction of its first predecessor and its final passage into law.
While containing some sections that seem appropriate -- providing for victims of the September 11 attacks, increasing translation
facilities and increasing forensic cybercrime capabilities -- it seems clear that the vast majority of the sections included have not been
carefully studied by Congress, nor was sufficient time taken to debate it or to hear testimony from experts outside of law enforcement
in the fields where it makes major changes. This concern is amplified because several of the key procedural processes applicable to
any other proposed laws, including inter-agency review, the normal committee and hearing processes and thorough voting, were
suspended for this bill.
Were our Freedoms the Problem?
The civil liberties of ordinary Americans have taken a tremendous blow with this law, especially the right to privacy in our online
communications and activities. Yet there is no evidence that our previous civil liberties posed a barrier to the effective tracking or
prosecution of terrorists. In fact, in asking for these broad new powers, the government made no showing that the previous powers
of law enforcement and intelligence agencies to spy on US citizens were insufficient to allow them to investigate and prosecute acts of
terrorism. The process leading to the passage of the bill did little to ease these concerns. To the contrary, they are amplified by the
inclusion of so many provisions that, instead of aimed at terrorism, are aimed at nonviolent, domestic computer crime. In addition,
although many of the provisions facially appear aimed at terrorism, the Government made no showing that the reasons they failed to
detect the planning of the recent attacks or any other terrorist attacks were the civil liberties compromised with the passage of
USAPA.
Executive Summary
Chief Concerns
The EFF's chief concerns with the USAPA include:
1.Expanded Surveillance With Reduced Checks and Balances. USAPA expands all four traditional tools of surveillance --
wiretaps, search warrants, pen/trap orders and subpoenas. Their counterparts under the Foreign Intelligence Surveillance Act
(FISA) that allow spying in the U.S. by foreign intelligence agencies have similarly been expanded. This means:
a.Be careful what you put in that Google search. The government may now spy on web surfing of innocent
Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying
could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be
the target of the investigation. This application must be granted and the government is not obligated to report to the
court or tell the person spied up what it has done.
b.Nationwide roving wiretaps. FBI and CIA can now go from phone to phone, computer to computer without
demonstrating that each is even being used by a suspect or target of an order. The government may now serve a single
wiretap, FISA wiretap or pen/trap order on any person or entity nationwide, regardless of whether that person or entity
is named in the order. The government need not make any showing to a court that the particular information or
communication to be acquired is relevant to a criminal investigation. In the pen/trap or FISA situations, they do not even
have to report where they served the order or what information they received. The EFF believes that the opportunities
for abuse of these broad new powers are immense. For pen/trap orders, ISPs or others who are not named in the do
have authority under the law to request certification from the Attorney General's office that the order applies to them,
but they do not have the authority to request such confirmation from a court.
c.ISPs hand over more user information. The law makes two changes to increase how much information the
government may obtain about users from their ISPs or others who handle or store their online communications. First it
allows ISPs to voluntarily hand over all "non-content" information to law enforcement with no need for any court order
or subpoena. sec. 212. Second, it expands the records that the government may seek with a simple subpoena (no court
review required) to include records of session times and durations, temporarily assigned network (I.P.) addresses;
means and source of payments, including credit card or bank account numbers. secs. 210, 211.
d.New definitions of terrorism expand scope of surveillance. One new definition of terrorism and three expansions
of previous terms also expand the scope of surveillance. They are 1) § 802 definition of "domestic terrorism" (amending
18 USC §2331), which raises concerns about legitimate protest activity resulting in conviction on terrorism charges,
especially if violence erupts; adds to 3 existing definition of terrorism (int'l terrorism per 18 USC §2331, terrorism
transcending national borders per 18 USC §2332b, and federal terrorism per amended 18 USC §2332b(g)(5)(B)).
These new definitions also expose more people to surveillance (and potential "harboring" and "material support" liability,
§§ 803, 805).
2.Overbreadth with a lock of focus on terrorism. Several provisions of the USAPA have no apparent connection to
preventing terrorism. These include:
a.Government spying on suspected computer trespassers with no need for court order. Sec. 217.
b.Adding samples to DNA database for those convicted of "any crime of violence." Sec. 503. The provision
adds collection of DNA for terrorists, but then inexplicably also adds collection for the broad, non-terrorist category of
"any crime of violence."
c.Wiretaps now allowed for suspected violations of the Computer Fraud and Abuse Act. This includes anyone
suspected of "exceeding the authority" of a computer used in interstate commerce, causing over $5000 worth of
combined damage.
d.Dramatic increases to the scope and penalties of the Computer Fraud and Abuse Act. This includes: 1) raising
the maximum penalty for violations to 10 years (from 5) for a first offense and 20 years (from 10) for a second offense;
2) ensuring that violators only need to intend to cause damage generally, not intend to cause damage or other specified
harm over the $5,000 statutory damage threshold; 3) allows aggregation of damages to different computers over a year
to reach the $5,000 threshold; 4) enhance punishment for violations involving any (not just $5,000) damage to a
government computer involved in criminal justice or the military; 5) include damage to foreign computers involved in US
interstate commerce; 6) include state law offenses as priors for sentencing; 7) expand definition of loss to expressly
include time spent investigating, responding, for damage assessment and for restoration.
3.Allows Americans to be More Easily Spied Upon by US Foreign Intelligence Agencies. Just as the domestic law
enforcement surveillance powers have expanded, the corollary powers under the Foreign Intelligence Surveillance Act have
also been greatly expanded, including:
a.General Expansion of FISA Authority. FISA authority to spy on Americans or foreign persons in the US (and those
who communicate with them) increased from situations where the suspicion that the person is the agent of a foreign
government is "the" purpose of the surveillance to anytime that this is "a significant purpose" of the surveillance.
b.Increased information sharing between domestic law enforcement and intelligence. This is a partial repeal of
the wall put up in the 1970s after the discovery that the FBI and CIA had been conducting investigations on over half a
million Americans during the McCarthy era and afterwards, including the pervasive surveillance of Martin Luther King
in the 1960s. It allows wiretap results and grand jury information and other information collected in a criminal case to be
disclosed to the intelligence agencies when the information constitutes foreign intelligence or foreign intelligence
information, the latter being a broad new category created by this law.
c.FISA detour around federal domestic surveillance limitations; domestic detour around FISA limitations.
Domestic surveillance limits can be skirted by the Attorney General, for instance, by obtaining a FISA wiretap against a
US person where "probable cause" does not exist, but when the person is suspected to be an agent of a foreign
government. The information can then be shared with the FBI. The reverse is also true.
eff.org |
