Summary and Analysis of Key Sections of USA PATRIOT ACT of 2001
To: Interested Persons
From: E-Commerce & Privacy Group
Ron Plesser (202) 861-3969
Jim Halpert (202) 861-3938
Milo Cividanes (202) 861-3911
Date: October 31, 2001
We have tried in as compact a manner as possible to summarize those portions of
the "USA Patriot Act of 2001" (hereafter "the Act" or "the Patriot Act") of
interest to Internet companies, Internet service providers, and
telecommunications carriers. Therefore, we are primarily interested in the
responsibilities and immunities that the Patriot Act provides for various
providers. There are important sections of the Act that we do not
discuss because they are related to internal governmental issues, immigration
law issues, or other issues beyond the scope of this memo. Nor do we evaluate
here the constitutionality or wisdom of policy choices reflected in any part of
this bill.
Our hope is that this will be helpful to better understand and prepare for the
changes brought about by the Patriot Act.
SUMMARY
Service providers have expanded obligations under this Act. For example, the
definitions
of trap and trace device have been significantly expanded to allow for access to
certain information (excluding content) concerning Internet activity. Another
example is the obligation to respond to a nationwide service of process that in
some instances may not identify your company on the face of the service
document. The Act does permit you to seek clarifications.
The Patriot Act contains three favorable features for communications companies.
First, it provides specifically that nothing in the Act creates any new
requirements for technical assistance, such as design mandates. Therefore, the
right, if any, of the government to require use of design mandates such as
"Carnivore" technology or other technical assistance by service providers is not
affected or augmented by the Patriot Act.
Second, in several important areas, the Act expands service provider protections
(including immunities and good faith defenses) for complying with new or
existing surveillance authority, as is the case in FISA wiretaps and disclosures
of records. The Act also creates expanded ability for the government to conduct
wiretaps, at the request of service providers, of hackers and other
"trespassers" on service provider networks.
Third, the Patriot Act amends and limits the Cable Act to make it clear that
companies offering cable-based Internet or telephone service will be subject to
the requirements of the Cable Act to notify subscribers of government
surveillance requests only where detailed cable viewing information is being
sought. In all other instances, cable operators offering these services can
respond to a government surveillance request under ECPA, which does not require
service providers to notify subscribers of requests.
Section 103: Increased funding for the FBI's technical support center.
Bottom Line: Significantly more money will be spent on electronic surveillance
by the government.
This section authorizes $200 million each year for the next three fiscal years
(FY 2002, 2003, and 2004) for the FBI's technical support center. The center is
a principal source of government technical surveillance initiatives, and this
funding could accelerate more such proposals.
Section 202: Authority to intercept wire, oral or electronic communications
relating to computer fraud and abuse offenses.
Bottom Line: Expands ability for service providers to get government help with
hacking, denial of service attacks, and related Computer Fraud and Abuse Act
violations.
Section 202 amends 18 U.S.C. § 2516(1)(c) to add the Computer Fraud and Abuse
Act offenses (18 U.S.C. § 1030) to the list of predicates for obtaining Title
III wiretaps, thereby facilitating government investigation of hacking offenses.
Section 203: Authority to share criminal investigative information.
Bottom Line: Information obtained from grand juries and wiretaps will be
accessible to a wider range of government offices and officials.
This section amends the Federal Rules of Criminal Procedure and 18 U.S.C. § 2517
to allow intelligence information obtained in grand jury proceedings and from
wiretaps to be shared with any federal law enforcement, protective,
intelligence, immigration, and national defense or security personnel, provided
that recipients of information could only use such information in connection
with their official duties and subject to the disclosure limitations in existing
law. In the case of grand jury information, it would require notification to the
court after disclosure.
Although this section broadens the categories of individuals with whom criminal
investigative information can be shared, it was narrowed in the legislative
process to require these individuals to use this information only in connection
with their official duties.
Section 204: Clarification of intelligence exceptions from limitations on
interception and disclosure of wire, oral, and electronic communications.
Bottom Line: No change. Clarifies existing law.
Explicitly carves out foreign intelligence surveillance operations from the
criminal procedure protections of ECPA, thereby further clarifying that these
types of operations are governed exclusively by FISA.
Section 206: Roving surveillance authority under the Foreign Intelligence
Surveillance Act of 1978.
Bottom Line: Will result in increased roving tap activity.
Expands FISA court orders to allow "roving" surveillance in a manner similar to
ECPA wiretaps. (The federal wiretap statute, but not FISA, was amended 15 years
ago to allow "roving taps.") A roving wiretap enables government investigators
to intercept all of a suspect's wire or electronic communications relating to
the conduct under investigation, regardless of the suspect's location when
communicating. The quintessential situation requiring a roving wiretap in the
past has been when a suspect goes from phone booth to phone booth numerous times
in an effort to prevent his calls from being wiretapped.
Since September 11, 2001, the Administration has cited surveillance challenges
posed by "disposable" cell phone situations‹where a suspect buys a cell phone on
day one and a week later buys another cell phone with another number and moves
from cell phone to cell phone seeking to avoid interception. But "roving tap"
authority is not limited to voice communications; it could equally be used to
intercept the e-mail communications of a suspect who changes Internet accounts
every day, or several times a day.
Section 209: Seizure of voice mail messages pursuant to warrants.
Bottom Line: Stored voice mail will be treated as stored data under § 2703 and
not as an intercept governed by wiretap procedures.
This section enables law enforcement to seize voice mail messages via a search
warrant, instead of a Title III wiretap order, which harmonizes the manner in
which both voice mail and e-mail messages can be accessed. It thereby overturns
case law that requires the government to apply for a Title III warrant before it
can obtain unopened voice mail messages (but not e-mail messages) held by a
service provider. See U.S. v. Smith, 155 F.3d 1051 (9th Cir. 1998), cert.
denied, 119 S. Ct. 804 (1999).
Section 210: Scope of subpoenas for records of electronic communications.
Bottom Line: May produce a major increase in subpoenas regarding subscribers.
Broadens the types of subscriber records that law enforcement can obtain via
subpoena from service providers, including ISPs, to include "the means or
sources of payment for such services," "records of session times and durations,"
and "any temporarily assigned network address." The means-of-payment category
was broader earlier in the legislative process, but was subsequently narrowed to
clarify that it encompasses credit card or bank account number used as a means
of payment for the communication service.
Therefore, this provision does not apply to payment information that is stored
briefly on a service provider's system or information contained in a "digital
wallet."
Section 211: Clarification of scope.
Bottom Line: Changes procedures that apply to cable operators responding to a
subpoena and in most instances will eliminate any obligations to notify
customers of cable-based Internet service.
Clarifies that ECPA governs the release of most subscriber records of cable
television companies that provide Internet service. It will provide certainty to
cable-based ISPs when served with lawful surveillance requests. Fixing a
drafting flaw in the Administration's original proposal, Section 211 will result
in cable operators responding to law enforcement requests by producing customer
data about Internet service subscribers without first having to notify the
subscribers. This is consistent with recent court decisions ruling that ECPA
must have implicitly repealed a conflicting Cable Act requirement that
subscribers receive advance notice of the government's request. One category of
Internet subscriber information that still remains subject to the advance
notice provisions of the Cable Act is "records revealing cable subscriber
selection of video programming from a cable operator."
Section 212: Emergency disclosure of electronic communications to protect life
and limb.
Bottom Line: Expanded flexibility to disclose in emergencies.
Permits service providers to disclose the content of stored e-mail messages and
other customer information whenever the provider "reasonably believes" that an
emergency involving immediate danger of "death or serious physical injury to any
person" requires such disclosure. There was no provision in existing law
expressly permitting service providers to make such emergency disclosures. This
section should help resolve an ambiguity in current law that inhibits service
providers from disclosing customer information in emergency situations involving
death or serious physical injury.
Section 214: Pen register and trap and trace authority under FISA.
Bottom Line: Expansion of FISA pen register/trap and trace authority in FISA
that should lead to a significant increase in such requests.
Makes it easier for the government to obtain a court order under FISA for pen
register or trap and trace surveillance. Eliminates the requirement in 50 U.S.C.
§ 1842(c)(3) that the government certify that it has reason to believe that the
surveillance is being conducted on a line or device that is or was used in
"communications with" someone involved in international terrorism or
intelligence activities that may violate U.S. criminal law, or a foreign power
or its agent whose communication is believed to concern terrorism or
intelligence activities that violate U.S. law. Instead, Section 214 makes the
FISA pen register/trap & trace requirements more closely track ECPA's
requirements for such surveillance (i.e., providing a certification that the
information obtained would be relevant to an ongoing investigation).
However, Section 214 clarifies that a FISA court order should not authorize the
gathering of foreign intelligence information for an investigation concerning a
U.S. person or surveillance where the person has been singled out for
investigation "solely upon the basis of" First Amendment activities.
Section 215. Access to records and other items under the Foreign Intelligence
Surveillance Act.
Bottom Line: Potentially a broad expansion of the types of items which may be
subject to FISA subpoena; may include servers, but provides for immunity for
good faith disclosures.
This provision substantially revises the FISA provisions governing access to
business records for foreign intelligence and international terrorism
investigations. Most significantly, the provision no longer limits the FBI's
ability to obtain business records pursuant to an ex parte court order to
specific categories of businesses. Previously, section 501 of FISA (50 U.S.C. §
1862) had subjected only common carriers, public accommodation facilities,
physical storage facilities, or car rental facilities to FISA business record
authority. By eliminating these categories and allowing these subpoenas to be
issued to any person, Congress has, for example, included Internet service
providers, banks, and any other business within the reach of business record
authority.
Second, Section 215(e) creates immunity for good faith disclosures of business
records under this provision, and provides that disclosure of records does not
waive any privilege in any other proceeding or context. Third, Section 215
eliminates a previous limitation of FISA business record authority to "a foreign
power or an agent of foreign power," 18 U.S.C. § 1862(b)(2)(B), and expands the
scope of items that may be obtained through this authority from "records" to
"any tangible things," which might include, for example, a computer server on
which information is stored. Fourth, the provision specifically prohibits
investigations under this authority of U.S. persons that are conducted solely
based on First Amendment activities.
Finally, this section amends 50 U.S.C. § 1863 to require the Attorney General to
fully inform and provide reports to select congressional committees, on a
semiannual basis, of all requests for production of "tangible things," and to
indicate in his report the total number of applications made, in the preceding
six-month period, for court orders and, of those, the number of applications
that were granted, modified, or denied.
Section 216: Modification of authorities relating to use of pen registers and
trap and trace devices.
Bottom Line: Probably the most significant surveillance expansion in the Act.
Clarifies that pen register/trap and trace authority applies to Internet
traffic, permits nationwide service of process, and requires reports on use of
"Carnivore"-type technology. Does not sunset.
This provision makes three changes to existing law. First, by adding the terms
"routing" and "addressing" to the phrase "dialing and signaling information,"
this amendment is intended to clarify that the pen register and trap and trace
authority under ECPA applies to Internet traffic, provided that the information
retrieved by these devices "shall not include the contents of any
communication." Although the term "content" has a statutory definition, see 18
U.S.C. § 2510(8) (the term content "includes any information concerning the
substance, purport, or meaning of [the] communication"), it is vague and
has not been tested in the context of Internet communications. It will be
important to monitor law enforcement requests to determine what Internet-related
information law enforcement seeks to obtain under the new law beyond the "to"
and "from" header information in e-mail communications that it already receives
under existing pen register and trap trace law.
Second, this provision also grants federal courts the authority to issue pen
register and trap and trace orders that are valid anywhere in the United States,
not just within their own jurisdiction. The advent of nationwide service will
likely result in providers being asked with some frequency to render assistance
even though they are not specifically named in the order and the assistance
being requested is not specifically defined in the order.
We worked on two modifications to this provision that permit service providers
to demonstrate that in they are in fact complying with this new authority, and
are eligible for a statutory good-faith defense or immunity from suit. First,
Section 216 provides that a service provider has the right to receive a written
certification from law enforcement confirming that the order applies to the
provider being served with it. Moreover, Section 216 amends 18 U.S.C. § 3124(d)
to clarify that compliance with a pen register/trap and trace "order," rather
than the express "terms of such order" makes a service provider eligible for
statutory immunity. Nevertheless, nationwide service could make it very
difficult for local or regional service providers to oppose, modify, or contest
court orders because it will require service providers to travel to numerous
courts, in multiple jurisdictions, to address concerns over the breadth of court
orders.
Third, Section 216 directs law enforcement to file an ex parte and in camera
report with the court whenever it uses a "Carnivore" device (defined as
"installing and using its own pen register or trap and trace device on a packet-
switched network" of a provider). The report would identify, inter alia, "the
configuration of the device at the time of its installation" and "any
information which has been collected by the device." The existence of these
reports may help in future public policy debates on the propriety of the
government compelling ISPs to install "Carnivore" devices and the extent of the
use of such devices. The provision is a permanent change to federal law and is
exempted from the sunset provision of Section 224.
Section 217: Interception of computer trespasser communications.
Bottom Line: Protects the government from liability for warrantless
interceptions of hackers and similar "trespassers" at the request of a service
provider; service providers' protection is less clear.
This section provides new protection from liability for government officials if
they conduct warrantless wiretaps of computer "trespassers" (persons who are not
known to owner or operator of the computer to have a contractual relationship
with that owner or operator and who gain unauthorized access to the system). The
drafters presume that, under the "switchboard" provision of existing law (18
U.S.C. § 2511(2)(a)(i)), owners or operators of computers have the authority to
intercept the communications of trespassers. Section 217 is designed to protect
law enforcement officials when the owner or operator delegates that authority to
law enforcement. (Under the "switchboard" exception, a service provider can
intercept or disclose a user's communications when "necessary . . . to the
protection of the right or property of the provider.")
Although the House Judiciary Committee bill contained language that would have
explicitly protected the service provider from liability for authorizing or
providing facilities or technical assistance for this surveillance, the final
legislation does not contain this language. To the extent that a court
determines that the "switchboard" exception does not authorize owners or
operators of computers to intercept the communications of trespassers, this
omission could present a problem because there is case law indicating that
ECPA's good faith defenses are not a basis for avoiding liability where actions
are taken on the basis of an erroneous belief that a statutory provision
authorizes the action.
Nevertheless, Section 217 does not compel service providers to permit law
enforcement to engage in the warrantless surveillance of trespassers, but rather
leaves that decision entirely to the discretion of the service provider.
Section 218: Foreign intelligence information requirement for FISA authority.
Bottom Line: Relaxed standard for FISA surveillance.
This provision amends FISA to require a certification that "a significant
purpose," rather than "the purpose," of surveillance or search under FISA is to
obtain foreign intelligence information. This reflects a compromise between
existing law and a lower standard requested by the Administration.
Section 219: Single-jurisdiction search warrants for terrorism.
Bottom Line: Greatly facilitates nationwide warrants for terrorism
investigations.
This provision amends the Federal Rules of Criminal Procedure to allow federal
judges to issue nationwide search warrants for investigations involving domestic
or international terrorism (i.e., federal magistrate judges may issue search
warrants in any jurisdiction where activities related to the terrorism may have
occurred for a search of property or for a person within or outside the
district). It will be much more difficult to seek review of orders that are
issued remotely.
To the extent that this modification makes government investigations easier,
providers can expect to see an increased volume of requests. Also, the
government in some instances will be able to choose a forum that is more likely
to approve its requests.
Section 220: Nationwide service of search warrants for electronic evidence.
Bottom Line: Provides for expanded nationwide search warrants.
This provision amends ECPA to allow a single court having jurisdiction over the
offense to issue a search warrant for stored data such as e-mail that would be
valid anywhere in the U.S. In its final form, this provision seeks to address
forum-shopping concerns raised in response to the Administration's initial
proposal by requiring that the court issuing the warrant have jurisdiction over
the offense under investigation.
To the extent that this modification makes government investigations easier,
providers can expect to see an increase in volume of requests for assistance.
Section 222. Assistance to law enforcement agencies.
Bottom Line: Critical provision that makes it clear that the Act does not
affect, either way, the ability of the government to require technical mandates.
Makes clear that the legislation preserves the status quo with regard to
technical mandates and other obligations on service providers to provide
technical assistance to law enforcement. The language recognizes that there are
technical mandates in other areas (namely CALEA, which applies to
telecommunications services, but generally does not apply to the Internet),
while at the same time making clear that the Act does not require ISPs to
reconfigure their systems in any way to allow interception of, or to store,
Internet Protocol traffic.
Section 223. Civil liability for certain unauthorized disclosures.
Bottom Line: Somewhat greater accountability of government agents for willful
unauthorized disclosures of fruits of wiretaps and production of stored data.
This provision makes a number of changes to prohibitions against unauthorized
disclosure of by the government of information obtained through the surveillance
authority provided by ECPA. The most significant of these changes is an explicit
clarification that civil lawsuits are not available against the federal
government under 18 U.S.C. §§ 2520 or 2707 for unauthorized interceptions or
disclosures. However, it does not preclude actions against government agents,
specifically prohibits willful unauthorized disclosure or use of information
that the government obtains through surveillance, and increases the
accountability of the government to discipline employees who willfully violate
these sections. The end result is nonetheless more favorable to the
government than the initial version of this provision, an amendment by Rep.
Barney Frank (D-MA) approved in the House Judiciary Committee mark-up of the
bill, which would have allowed lawsuits against the federal government for
certain ECPA violations.
Section 224: Sunset.
Bottom Line: Four-year sunset for many relevant portions of this Act.
This section, subject to a laundry list of exceptions, sunsets in four years the
surveillance and intelligence gathering provisions (all of Title I and Title II)
of the bill. The list of exceptions not covered by the sunset is as follows:
Section 203(a)‹broadening the authority to share grand jury information.
Section 203(c)‹establishment of procedures regarding the sharing of criminal
investigative information.
Section 205‹expedition of employment of translators to support counterterrorism.
Section 208‹designation of FISA judges.
Section 210‹broadening the scope of subpoenas for electronic communications
service providers by requiring disclosure of the means and source of payment,
including bank account or credit card numbers.
Section 211‹treating cable companies that provide Internet services the same as
other
ISPs and telcos for such services.
Section 213‹broadening the authority to delay notification of search warrants in
criminal investigations if prior notice would have an adverse effect.
Section 216‹extending trap and trace to Internet traffic so long as excludes
"content."
Section 219‹single-jurisdiction search warrants for terrorism.
Section 221‹trade sanction amendments.
Section 222‹no imposition of technical obligations on provider of a wire or
electronic communication service, landlord, custodian, or other person who
furnishes facilities or technical assistance.
Section 225: Immunity for compliance with FISA wiretap.
Bottom Line: Very important expansion of service provider immunity for
compliance with FISA.
This section provides immunity for civil liability from subscribers, tenants,
etc. for entities that comply with FISA wiretap orders. This is language that we
worked on creating complete immunity for providing "any information, facilities,
or technical assistance in accordance with a court order or request for
emergency assistance under [FISA]." Previously, FISA had failed to include
protection for complying with FISA wiretaps.
Section 225's liability protection is important because FISA wiretaps are likely
to increase in the current climate.
Section 351 et. seq. Bank Secrecy Act amendments and related improvements.
Bottom Line: Expansion of Bank Secrecy Act in connection with bank records.
These sections generally amend the law in ways that will permit increased
government access to information from banks that relates to terrorism. At the
same time, institutions and their directors, officers, employees, and agents are
protected from liability for such reporting of suspicious banking activities.
Similar provisions also apply to securities brokers and dealers regulated by the
Securities and Exchange Act of 1934. Likewise, the Fair Credit Reporting Act is
amended to allow consumer reporting agencies to provide consumer reports to
government agencies for counterterrorism purposes.
The provisions also require financial institutions to develop anti-money
laundering programs. The banking provisions allow the Secretary of the Treasury
to impose sanctions, including cutting off all dealings with United States
financial institutions, on banks in a nation whose bank secrecy laws deny
information to the Federal Bureau of Investigation or other agencies. Foreign
banks maintaining correspondent accounts in United States banks must designate
someone in the United States to receive subpoenas related to those accounts and
their depositors. If those subpoenas are not answered, the accounts could be
ordered closed.
These amendments also bar United States banks from doing business with "shell
banks" overseas that have no physical facilities and are not part of a regulated
banking system.
In addition, they empower the Treasury Secretary to require United States banks
to exercise enhanced "due diligence" to find out who their private banking
depositors are if they come from nations that will not assist United States
officials.
Section 814: Deterrence and prevention of cyber-terrorism. (Computer Fraud and
Abuse Act Amendments: Narrowing Civil Liability)
Bottom Line: Expands government's authority to prosecute hacking and denial of
service attacks, codifies In re DoubleClick decision for private litigation
under the Computer Fraud and Abuse Act, clarifies the meaning of damage/loss
under the CFAA, and precludes private lawsuits for negligent design or
manufacture of hardware or software.
At the Administration's request, Section 814 increases criminal penalties for
Computer Fraud and Abuse Act (CFAA) violations, adds computers located outside
the U.S. to the definition of "protected computers" covered by the statute, adds
a definition for the important, but previously undefined, statutory term "loss,"
and clarifies that criminal prosecutions for hacking or unauthorized
transmissions may be brought under 18 U.S.C.
§ 1030(a)(5) if a "related course of conduct" causes $5,000 in loss. At the same
time, Section 814 contains several improvements upon current law for civil
defendants, who have increasingly become a target of plaintiff class actions
brought using the private right of action contained in the CFAA.
First, § 814(a) provides that the CFAA $5,000 damage threshold is satisfied
through loss caused by a related course of conduct "for purposes of an
investigation, prosecution, or other proceeding brought by the United States
only." The negative implication of this language appears to be that a single
act, not a related course of conduct, producing $5,000 in harm is necessary for
anyone other than the government to bring a private lawsuit under the CFAA. If
this interpretation prevails in the courts, then this provision will codify a
recent decision in In re DoubleClick Privacy Litigation, 154 F. Supp.2d 497
(S.D.N.Y. 2001), that a civil action under § 1030(g) generally may be brought
only if a "single act" produces $5,000 of loss within the meaning of the
statute.
Second, § 814(d) generally preserves the current $5,000 threshold for private
lawsuits under § 1030(g) of the CFAA for "loss" to a computer system, except for
cases involving damage to a system used by the government for the administration
of justice, national defense, or national security. It also clarifies that the
$5,000 threshold required for a private lawsuit under § 1030(g) applies both to
actions for "damage" and "loss," thereby eliminating a statutory ambiguity that
plaintiffs' class action lawyers had attempted to use to avoid the $5,000
threshold.
Third, § 814(d) contains a provision from the original Senate bill stating that
"[n]o action may be brought under this subsection for the negligent design or
manufacture of computer hardware, computer software, or firmware." Although this
language could be somewhat clearer, this provision likely will be very helpful
in obtaining dismissal of CFAA claims such as the ones challenging alleged
defects in software or hardware that have been brought by several large class
actions.
Section 815: Additional defense to civil actions relating to preserving records
in response to government requests.
Bottom Line: Expands service provider defense in civil actions alleging
disclosure to governments.
Section 815 adds a new defense to civil or criminal liability under ECPA for
service providers who preserve stored data at the request of a law enforcement
official under 18 U.S.C. § 2703(f). The defense, which is added to 18 U.S.C. §
2707(e) (a provision providing defenses to private lawsuits for unauthorized
access to or disclosure of stored data), provides additional protection for
service providers against civil liability under ECPA.
More complete information is at the website:
http://www.epic.org/privacy/terrorism/usapatriot/
--------------------------------------------------------------------
PATRIOT II
--------------------------------------------------------------------
Justice Dept. Drafts Sweeping Expansion of Anti-Terrorism Act
By Charles Lewis and Adam Mayle
(WASHINGTON, Feb. 7, 2003) -- The Bush Administration is preparing a bold,
comprehensive sequel to the USA Patriot Act passed in the wake of
September 11, 2001, which will give the government broad, sweeping new powers to
increase domestic intelligence-gathering, surveillance and law enforcement
prerogatives, and simultaneously decrease judicial review and public access to
information.
The Center for Public Integrity has obtained a draft, dated January 9, 2003, of
this previously undisclosed legislation and is making it available in full text.
The bill, drafted by the staff of Attorney General John Ashcroft and entitled
the Domestic Security Enhancement Act of 2003, has not been officially released
by the Department of Justice, although rumors of its development have circulated
around the Capitol for the last few months under the name of the 'Patriot Act
II' in legislative parlance.
'We haven't heard anything from the Justice Department on updating the Patriot
Act,' House Judiciary Committee spokesman Jeff Lungren told the Center. 'They
haven't shared their thoughts on that. Obviously, we'd be interested, but we
haven't heard anything at this point.'
Senior members of the Senate Judiciary Committee minority staff have
inquired about Patriot II for months and have been told as recently as
this week that there is no such legislation being planned.
RELATED DOCUMENTS
The draft of the Domestic Security Enhancement Act of 2003 at
. Read the transcript of Moyers' interview with Charles
Lewis .
Comstock later told the Center that the draft "is an early discussion draft and
it has not been sent to either the Vice President or the Speaker of the House."
Dr. David Cole, Georgetown University Law professor and author of Terrorism and
the Constitution, reviewed the draft legislation at the request of the Center,
and said that the legislation 'raises a lot of serious concerns. It's troubling
that they have gotten this far along and they've been telling people there is
nothing in the works.' This proposed law, he added, 'would radically expand law
enforcement and intelligence gathering authorities, reduce or eliminate judicial
oversight over surveillance, authorize secret arrests, create a DNA database
based on unchecked executive 'suspicion,' create new death penalties, and even
seek to take American citizenship away from persons who belong to or support
disfavored political groups.'
Some of the key provision of the Domestic Security Enhancement Act of 2003
include:
Section 201, 'Prohibition of Disclosure of Terrorism Investigation Detainee
Information':
Safeguarding the dissemination of information related to national security has
been a hallmark of Ashcroft's first two years in office, and the Domestic
Security Enhancement Act of 2003 follows in the footsteps of his October 2001
directive to carefully consider such interest when granting Freedom of
Information Act requests. While the October memo simply encouraged FOIA officers
to take national security, 'protecting sensitive business information and, not
least, preserving personal privacy' into account while deciding on requests, the
proposed legislation would enhance the department's ability to deny releasing
material on suspected terrorists in government custody through FOIA.
Section 202, 'Distribution of 'Worst Case Scenario' Information': This would
introduce new FOIA restrictions with regard to the Environmental Protection
Agency. As provided for in the Clean Air Act, the EPA requires private companies
that use potentially dangerous chemicals must produce a 'worst case scenario'
report detailing the effect that the release of these controlled substances
would have on the surrounding community. Section 202 of this Act would, however,
restrict FOIA requests to these reports, which the bill's drafters refer to as
'a roadmap for terrorists.' By reducing public access to 'read-only' methods for
only those persons 'who live and work in the geographical area likely to be
affected by a worst-case scenario,' this subtitle would obfuscate an established
level of transparency between private industry and the public.
Section 301-306, 'Terrorist Identification Database': These sections would
authorize creation of a DNA database on 'suspected terrorists,' expansively
defined to include association with suspected terrorist groups, and noncitizens
suspected of certain crimes or of having supported any group designated as
terrorist.
Section 312, 'Appropriate Remedies with Respect to Law Enforcement Surveillance
Activities': This section would terminate all state law enforcement consent
decrees before Sept. 11, 2001, not related to racial profiling or other civil
rights violations, that limit such agencies from gathering information about
individuals and organizations. The authors of this statute claim that these
consent orders, which were passed as a result of police spying abuses, could
impede current terrorism investigations. It would also place substantial
restrictions on future court injunctions.
Section 405, 'Presumption for Pretrial Detention in Cases Involving Terrorism':
While many people charged with drug offenses punishable by prison terms of 10
years or more are held before their trial without bail, this provision would
create a comparable statute for those suspected of terrorist activity. The
reasons for presumptively holding suspected terrorists before trial, the Justice
Department summary memo states, are clear. 'This presumption is warranted
because of the unparalleled magnitude of the danger to the United States and its
people posed by acts of terrorism, and because terrorism is typically engaged in
by groups ' many with international connections ' that are often in a position
to help their members flee or go into hiding.'
Section 501, 'Expatriation of Terrorists': This provision, the drafters say,
would establish that an American citizen could be expatriated 'if, with the
intent to relinquish his nationality, he becomes a member of, or provides
material support to, a group that the United Stated has designated as a
'terrorist organization'.' But whereas a citizen formerly had to state his
intent to relinquish his citizenship, the new law affirms that his intent can
be 'inferred from conduct.' Thus, engaging in the lawful activities of a group
designated as a 'terrorist organization' by the Attorney General could be
presumptive grounds for expatriation.
The Domestic Security Enhancement Act is the latest development in an 18-month
trend in which the Bush Administration has sought expanded powers and
responsibilities for law enforcement bodies to help counter the threat of
terrorism.
The USA Patriot Act, signed into law by President Bush on Oct. 26, 2001, gave
law enforcement officials broader authority to conduct electronic surveillance
and wiretaps, and gives the president the authority, when the nation is under
attack, to confiscate any property within U.S. jurisdiction of anyone believed
to be engaging in such attacks. The measure also tightened oversight of
financial activities to prevent money laundering and diminish bank secrecy in an
effort to disrupt terrorist finances.
It also changed provisions of Foreign Intelligence Surveillance Act, which was
passed in 1978 during the Cold War. FISA established a different standard of
government oversight and judicial review for 'foreign intelligence' surveillance
than that applied to traditional domestic law enforcement surveillance.
The USA Patriot Act allowed the Federal Bureau of Investigation to share
information gathered in terrorism investigations under the 'foreign
intelligence' standard with local law enforcement agencies, in essence
nullifying the higher standard of oversight that applied to domestic
investigations. The USA Patriot Act also amended FISA to permit surveillance
under the less rigorous standard whenever 'foreign intelligence' was a
'significant purpose' rather than the 'primary purpose' of an investigation.
The draft legislation goes further in that direction. 'In the [USA Patriot Act]
we have to break down the wall of foreign intelligence and law enforcement,'
Cole said. 'Now they want to break down the wall between international terrorism
and domestic terrorism.'
In an Oct. 9, 2002, hearing of the Senate Judiciary Subcommittee on Technology,
Terrorism, and Government Information, Deputy Assistant Attorney General Alice
Fisher testified that Justice had been, 'looking at potential proposals on
following up on the PATRIOT Act for new tools and we have also been working with
different agencies within the government and they are still studying that and
hopefully we will continue to work with this committee in the future on new
tools that we believe are necessary in the war on terrorism.'
Asked by Sen. Russ Feingold (D-Wis.) whether she could inform the committee of
what specific areas Justice was looking at, Fisher replied, 'At this point I
can't, I'm sorry. They're studying a lot of different ideas and a lot of
different tools that follow up on information sharing and other aspects.'
Assistant Attorney General for Legal Policy Viet Dinh, who was the principal
author of the first Patriot Act, told Legal Times last October that there was
'an ongoing process to continue evaluating and re-evaluating authorities we have
with respect to counterterrorism,' but declined to say whether a new bill was
forthcoming.
Former FBI Director William Sessions, who urged caution while Congress
considered the USA Patriot Act, did not want to enter the fray concerning a
possible successor bill.
"I hate to jump into it, because it's a very delicate thing," Sessions told the
Center, without acknowledging whether he knew of any proposed additions or
revisions to the additional Patriot bill.
When the first bill was nearing passage in the Congress in late 2001, however,
Sessions told Internet site NewsMax.Com that the balance between civil liberties
and sufficient intelligence gathering was a difficult one. 'First of all, the
Attorney General has to justify fully what he's asking for,' Sessions, who
served presidents Reagan and George H.W. Bush as FBI Director from 1987 until
1993, said at the time. 'We need to be sure that we provide an effective means
to deal with criminality.' At the same time, he said, 'we need to be sure that
we are mindful of the Constitution, mindful of privacy considerations, but
also meet the technological needs we have' to gather intelligence.
Cole found it disturbing that there have been no consultations with Congress on
the draft legislation. 'It raises a lot of serious concerns and is troubling as
a generic matter that they have gotten this far along and tell people that there
is nothing in the works. What that suggests is that they're waiting for a
propitious time to introduce it, which might well be when a war is begun. At
that time there would be less opportunity for discussion and they'll have a much
stronger hand in saying that they need these right away.'
Copyright 2002, The Center for Public Integrity. All rights reserved
10