SUBSCRIBE NOW!

Vol. 11 No. 6 — June 2003

Key pieces of legislation have emerged recently: the USA Patriot Act, the Homeland Security Act, the Privacy Act of 2003, and the yet to be introduced Patriot II. These laws are dramatically changing the way the government gathers and uses information and some view them as representing threats to the privacy and freedom of individuals. These laws authorize viewing library records, bookstore transactions, computer logs, and other records and transactions. The laws also authorize the Defense Advanced Research Projects Agency (DARPA) and the Transportation Security Agency (TSA) to gather personal information about U.S. citizens. The purpose of these data-mining and information-gathering activities is to identify potential terrorists and track their movements, bank accounts, credit card purchases, medical records, travel purchases, and other items. However, the privacy of many innocent people and the freedom to live their lives may be at stake. The potential for abuse of these systems is enormous. In some instances, the temptation to misuse information easily could create an environment of threats and intimidation.

USA Patriot Act

Passed 6 weeks after September 11, 2001, the first major legislation was entitled the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Patriot Act). The Act had 1 day of hearings in the Congress. Most members of Congress and their staff people had little or no time to read and review the Act before passage, much less to offer extensive public comment. Members of Congress, in their desire to control terrorism, passed the Act with little consideration of possible consequences.

The Act grants broader authority to the FBI and other law enforcement agencies to conduct searches of business records and premises, library records, and computer usage logs. The authority to wiretap was expanded to permit "roving" wiretaps that include wired telephones, cell phones, and computers. The Patriot Act does not require evidence or suspicion of terrorism or connections to foreign powers for initiation of surveillance or data gathering. The FBI can go on "fishing" expeditions with no specific reason or suspect in mind. Under the Foreign Intelligence Surveillance Act (FISA), the FBI or other law enforcement agencies can request search warrants from a secret court authorized by revisions to FISA.

All business records are subject to search under the Patriot Act. These records include but are not limited to computer usage, book purchases, library loans, banking and brokerage transactions, credit card transactions, and travel. The Act imposes a "gag" order on persons who have been asked to make records available. Under the law, people who supply records may tell no one.

The ethics of library and information professions require treating customer transactions of all types as confidential and privileged information. Most states have laws that require protecting the privacy of library users. The federal law overrides state laws, resulting in potential loss of privacy for millions of library and computer users. Some librarians are facing a difficulty question — should they inform their users that their records may be subject to search? The provisions of the Patriot Act have not been tested in the courts.

At a conference held in December 2002 [http://www.arl.org.patriot], Gary Strong, director of the Queen's Borough Public Library, emphasized the importance of having policies and procedures in place that deal with user records. Librarians need to put these policies in place before law enforcement officials ask to see records of loans, computer use, or other transactions. Strong also emphasized the need to train staff to contact upper management and/or get in touch with legal counsel if asked for records.

Mary Minow, librarian and legal consultant, suggested that librarians audit records policies to ensure the protection of customer privacy. Records to be audited include but are not limited to circulation, billing, document delivery, computer usage, profiles, cookies, and system logs¹. The library and information technology staffs need to collaborate to ensure that tapes, disks, and other storage media are scrubbed on schedule, so that any information connecting loans or computer use is separated from the identity of individuals.

The infringement of individual rights and the mandate to make records of people's reading available to the FBI and other authorities is receiving some congressional attention. Representative Bernard Sanders and 23 other members of the House introduced HR 1157 on March 6, 2003. This Act, The Freedom to Read Protection Act of 2003, would exempt libraries and bookstores from the provisions of section 215 of the Patriot Act. Section 215 requires libraries and booksellers to make customer records available to law enforcement authorities for foreign intelligence investigation. The Sanders Act creates exemptions for records related to borrowing, purchase, and rental of printed and digital materials as well as computer and Internet usage. Congressman Sanders said, "The right to read without fear of government surveillance is a cornerstone of our democracy. Freedom of the press means nothing without a correlative freedom to read." ²

Patriot II

Some sections of the Patriot Act will expire in 2005. It is likely that the sections dealing with broad search and seizure will become permanent. The Domestic Security Enhancement Act (DSEA), leaked in February 2003, contains provisions to make permanent extended searches and information gathering about individuals [http://www.dailyrotten.com.source-docs/patriot2draft.html]. The DSEA, also known as Patriot II, has not been introduced as of this writing. Former Congressman Dick Armey observed, "There's nothing more creative than a government person wanting more power." He added, "Too many people in America are buying into it."³

A draft copy of the DSEA was obtained by the Center for Public Integrity and is available through the Electronic Privacy Information Center [http://www.epic.org/privacy/terrorism/patriot2.htm]. The American Civil Liberties Union (ACLU) summarized the key provisions [http://www.arl.org/info/frn/other ATL.htm]. These provisions include the "dismantling of court review of surveillance" by removing limits on spying and allowing the government to secretly obtain a variety of records and data about individuals. The DSEA would allow wiretaps for up to 15 days without a court order. In short, the Act permits a variety of spying activities on individuals without permission or oversight by the courts.

The ACLU continues, "While granting new powers to federal agents, the draft bill systematically attacks precisely these basic checks and balances on government power, thus making it harder for professional law enforcement agents to resist pressure by political leaders to implement highly visible policies that violate civil liberties." The secrecy, coupled with lack of court review over surveillance activities, creates an environment for abuse and intimidation of citizens.

The proposed new powers are aimed at innocent citizens as well as criminals and foreign terrorists. Protestors, library users, book buyers, members of religious communities, and people whose views differ from those of the administration in power may come under surveillance. It is not clear how effective the proposed secrecy and new measures will be in finding and apprehending terrorists.

Barbara Comstock, director of public affairs at the Department of Justice, issued a press release
[http://www.usdoj.gov] stating that cabinet departments involved in homeland security continue to consider anti-terrorism measures. She said, "Department staff have not presented any final proposals to either the Attorney General or the White House."

Patriot II would allow secret arrest and detention of anyone suspected of terrorist activity. Federal agents would be protected from prosecution for illegal surveillance activities. It would permit the government to strip U.S. citizens of their citizenship if they support a group that the government labels as terrorist.

Many people remember the frightening events of the McCarthy era in the 1950s. Innocent people were accused of belonging to or supporting organizations believed to have Communist connections. Citizens were forced to sign loyalty oaths in order to be employed. They were forced to swear that they did not belong to any organization listed by the government as dangerous. Senator McCarthy and his followers did not have the electronic tools that enable spying and violating privacy, but they still managed to ruin many lives and reputations.

Section 202 would restrict access to information collected by the Environmental Protection Agency (EPA) in the "worst cases" involving hazardous or flammable chemicals. Communities in danger from these facilities would not be able to access information to save themselves [http://www.ombwatch.org/article/articlepr...
HPESSID=f6a452dd6c645edsed1310e24da7eb48544].

Anita Ramasastry, associate director of the Center for Law, Commerce, & Technology, and an assistant professor of law at the University of Washington School of Law in Seattle, said of the ACT, "It is a wholesale assault on privacy, free speech, and freedom of information." She concluded, "In sum, Patriot II puts in jeopardy the First Amendment right to speak freely, statutory and common law rights to privacy, the right to go to court to challenge government illegality, and the Fourth Amendment right again unreasonable searches and seizures" [http://www.findlaw.com/ramasastry/20030217.html].

On March 3, 2002, the major library associations joined more than 60 other associations in a letter to the members of Congress urging them to oppose the DSEA [http://www.arl.org/info/frn/other/atl.html]. The associations pointed out that many of the provisions of the proposed legislation are not directly related to foreign terrorism. These provisions "would severely dilute, if not undermine, many basic constitutional rights, as well as disturb our unique system of checks and balances."

Total Information Awareness

The provisions of the Patriot Act, the proposed DSEA, and Homeland Security Act (HR 5710) create a threatening environment for citizens and preservation of rights contained in our constitution. One of the most chilling activities enabled by these acts is the Total Information Awareness System (TIA). DARPA has responsibility for the implementation of TIA. John Poindexter, formerly convicted of lying to Congress, destroying documents, and other crimes associated with the Iran-Contra scandal, heads the project. Mr. Poindexter's conviction was overturned as violating an immunity connected with his testifying before Congress.

The TIA uses data mining and other techniques to search all types of databases to determine an individual's financial transactions, telephone calls, credit and debit card purchases, travel, TV viewing, health history, driving record, etc. The data may constitute a virtual central file that can be used to delve into the life of anyone. These data can be combined with biometric information, video surveillance data, and Radio Frequency Identification Chips to compile a history of a person's life and movements.

Individuals, in exchange for a credit card, bank loan, medical treatment, travel, and other transactions, voluntarily supply much of the information in these databases. Corporations collect huge amounts of information on their customers and sell it to other companies and organizations. The databases are readily available to the government. While "opt out" procedures may stop the sale of some information, they may not suffice to protect people from government spying. The TIA program would become permanent under Patriot II.

Fourth Amendment

These activities and others associated with recent legislation appear to violate the Fourth amendment to the U.S. Constitution:

The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation and particularly describing the place to be searched and the persons or things to be seized.

In 1791, our founders could not have anticipated powerful technologies that facilitate data gathering about individuals. Personal information was recorded on paper. How many of our constitutional rights will we be asked to sacrifice for the cause of national security? When do the government's interests outweigh the interests and rights of individuals? What circumstances need to exist for the government to be able to search and spy with no probable cause? Are digital records covered by "papers and effects" in the Fourth Amendment? These questions will continue to vex and churn.

In defending the TIA project, Poindexter stated that the most serious threat facing the nation is terrorism and that terrorists are difficult to identify⁴. "I think the solution is largely associated with information technology. We must become much more efficient and more clever in the ways we find new sources of data, mine information from the new and old, generate information, make it available for analysis, convert it to knowledge and create actionable objects." He added, " The Information Awareness Office is about creating technologies that would permit us to have both security and privacy."

Mr. Poindexter did not explain how we can have both security and privacy protection. His remarks raise many questions. Who will have access to the data collected by the Office? How will the data be used? To whom will the data be communicated? How can abuse be prevented? How will the Supreme Court rule on the constitutionality of this program?

Radio Frequency Identification Chip

The Radio Frequency Identification Chip (RFID) is one of the new technologies. Chips can be imbedded in a variety of products to identify and track physical objects, such as currency, bearer bonds, appliances, food cans, automobiles, etc. RFIDs also can be imbedded in drivers' licenses and medical information smart cards and bracelets. RFID chips are smaller than a hair and a grain of sand. These chips listen for a query and respond by transmitting a unique code [http://zdnet.com.com2102-1107-980345.html]. Once imbedded, these chips can track any movement of an object.

RFID chips help track shipments, identify shipping containers, and track items through a supply chain, facilitating more efficient inventory control for manufacturers, retailers, and others. The chips function as an electronic product code used in a variety of ways by business. At the same time, their tracking abilities can be used to violate the privacy and freedom of individuals.

Biometrics

Biometrics, the measurement and analysis of distinctive features that identify an individual, is another tool being developed and used to identify and track people's movements and transactions. These metrics include fingerprints, palm prints, iris and retina scans, and facial geometry. Palm prints were used during the 1996 Olympics to control entry into secure areas. Airports are talking about using facial geometry to identify potential terrorists. As people pass through security checkpoints, their iris or retinal scans or face prints are compared with items in a terrorist database.

Biometrics is not new. Attempts to use human physical characteristics for identification have been around for centuries. Fingerprints have been used since the 1850s for identification [http://onin.com/fp/fphistory.html]. Technology and the ability to process large amounts of information quickly have facilitated the use of biometrics to identify individuals to control access to buildings and airports.

Transportation Security Agency

On March 1, 2003, the Transportation Security Agency (TSA) awarded a contract to Lockheed Martin to find out information about the credit card transactions, travel history, and other data of airline passengers and link this information with a terrorist watch list⁵. The program, Computer Assisted Passenger Prescreening System (CAPPS II), would require prescreening of all passengers when they make reservations. Delta Airlines will test the system at three locations. It will assign a risk rating before passengers arrive at the airport. Green level passengers would be cleared and may travel. Red level people would be stopped and possibly prohibited from travel. The status of yellow level passengers is not clear.

Undersecretary of Transportation James M. Loy stated that CAPPS II would protect privacy [http://www.wired.com/news/print/0,1294,57909,00.html]. "CAPPS II is being designed to serve our national security without sacrificing individual privacy. Concerns about privacy are understandable. As we address such concerns, we believe that the public will come to have a higher comfort level in air travel." While Loy believes that privacy can be protected, others are calling for a boycott of Delta Airlines. Loy did not reveal how privacy would be protected when data about airline passengers would become available to Lockheed Martin, Delta Airlines, and others.

Airlines now sell information about their frequent flyers and earn substantial revenue from these sales. What safeguards are in place to protect Delta passengers? With the airline industry billions of dollars in the red, the temptation to sell personal information to increase revenue is significant. Queries to credit records lower credit scores. For leisure travelers who take one or two trips per year, the effect may be insignificant. For frequent flyers who make 30-50 trips per year, results could be very damaging.

Privacy Act of 2003

On March 21, 2003, Senator Dianne Feinstein introduced the Privacy Act of 2003 (S745) to establish standards on the use of Social Security numbers, driver's license records, and other personal information to prevent identity theft. The bill directs the Attorney General to prepare a report on all authorized uses of Social Security numbers under federal law and to formulate regulations on the legitimate uses of Social Security numbers. The bill requires individual consent prior to the sale or marketing of personally identifiable information; however, there are many exceptions in the bill. In some cases, an individual must "opt-out" while other situations require "opt-in." The opt-out" provisions now apply to banks and financial institutions (15 U.S. C. 6801 et. seq.). The exceptions include national security, public safety, public health, credit checks, and other commercial activities.

The bill states, "A commercial entity may not require an individual to provide the individual's Social Security number when purchasing a commercial good or service or deny an individual the good or service for refusing to provide that number except . . . [for] a background check of the individual conducted by a landlord, lessor, employers, voluntary service agency, or other entity as determined by the attorney general." While employers, landlords, and others may not sell the information, there is great opportunity for abuse. While the intent of the bill is worthy, its implementation is not likely to achieve the objective of privacy protection.

Conclusion

Building dossiers and spying on individuals is not consistent with the freedom to work, learn, worship, travel, read, and think guaranteed by the Constitution. Existing and proposed legislation threaten people, their civil rights, and the freedoms that strengthen our nation. Information professionals whose mission is to provide information when needed are in a particularly difficult position. They now cannot always obtain information from the government. They may be forced to open customer/client transaction records to law enforcement authorities. The trust that exists between librarians, users, and others involved in the information chain may be shattered.

Librarians are fiercely loyal to clients and users and protection of their privacy. Many librarians are shredding paper records and scrubbing electronic records. Professional associations are continuing to monitor legislation and protest restrictions on citizen freedom.

There's an old legal adage, "Hard cases make bad law." Apparently, hard times do, too.

 

Footnotes 1 Minow, Mary, "The USA Patriot Act," Library Journal, vol. 33, October 1, 2002. 2 Sanders, Bernie, "On My Mind: The Patriot Act's Threat to Libraries," Library Journal, vol. 34, February 2003. 3 Armey, Dick, IDG News Service, March 14, 2003. 4 Poindexter. John, "Information: A Tool to Combat Terrorism," Atlanta Journal and Constitution. November 19, 2002. 5 Pickel, Mary Lou, "Airport Background Checks Get Flight Tested," Atlanta Journal and Constitution, March 1, 2003.