A coalition of 20 civil liberties organizations, including the Center for Democracy & Technology, released a letter today endorsing H.R. 3845, the USA Patriot Amendments Act. The bill was introduced by the Chairman of the House Judiciary Committee, Rep. John Conyers (D-MI) and Subcommittee Chairs Rep. Jerrold Nadler (D-NY) and Rep. Bobby Scott (D-VA). The Senate version of the legislation, the PATRIOT Act Sunset Extension Act, S. 1692, has not drawn a similar level of support in the civil liberties community, largely because of the different ways the bills deal with National Security Letters. CDT has prepared a chart that compares the two bills.

An NSL is a simple form document issued by the FBI and other intelligence agencies that requires Internet Service Providers, banks and other financial institutions, and credit agencies to turn over records about their customers. There is no judicial authorization; the letters are issued when the agency seeking the records decides that they are relevant to its own investigation. The letters are usually accompanied by a “gag� order that, with limited exceptions, bars anyone from disclosing that information was sought or obtained with an NSL. Two Inspector General reports have found widespread abuse and misuse of NSLs.

The bill the groups endorsed would require that NSLs issue only when a government official has prepared a statement of specific and articulable facts showing reasonable grounds to believe that records sought with an NSL pertain to a spy, terrorist or other agent of a foreign power. It also retains the requirement in current law that information sought with an NSL also be relevant to an investigation. The Senate version, in contrast, retains the relevance standard, which permits the government to issue the letters to get records about everyone, including those who have no relationship whatsoever to a terrorist or a spy. Under the Senate bill, the issuing agency merely has to satisfy itself that specific facts indicate that the records sought are relevant to an investigation. The requirement in both bills of specific facts showing relevance is new, and marks a slight improvement in the NSL standard. But the real reform is in the House bill, because it requires that the records pertain to a terrorist or spy.
(more…)

It seems like the debate over health care reform has sucked all the oxygen out of the public dialog, as if nothing else were happening here in Washington. Think again. Perhaps one of the most significant “behind the scenes” actions happened late last week when the Obama Administration failed to support significant changes to the Patriot Act that would have given Americans stronger civil liberties protections.

More disturbing, it appears that the Administration took an active part in opposing changes supported by civil liberties groups, such as CDT, that would have gone a long way toward correcting several flaws in the Patriot Act.

CDT President Leslie Harris outlines the Obama Administration’s missteps in her latest Huffington Post piece titled: Obama vs. Obama on the Patriot Act. Harris notes that the moves by the Administration to maintain the Patriot Act status quo directly contradicted positions Obama himself took as a freshman Senator.

Harris writes:

“With Democrats in charge of Congress and strong civil libertarians at the helm of the House and Senate Judiciary Committees, the time for PATRIOT Act reform is now. But with the Administration pushing in the wrong direction, the chances for reform have been diminished. Now it’s up to the House Judiciary Committee to stand its ground. The opportunity for real reform will not come again anytime soon. Congress needs to do the right thing, even if Obama will not.”

Recently Syracuse University, my alma mater, took steps to increase campus security by installing a video-surveillance system in all entrances and exits of residence halls and one academic building. This took two years of planning for the 168 new cameras being installed on campus, but it is unclear how the University is ensuring the privacy of students as they begin to monitor the campus over video.

When implementing a video surveillance system of this scale, people often forget that it’s not just the “bad guys” and criminals that end up on the tape, it’s every person walking through the building. Every day, these tapes will archive the movements of thousands of students, faculty and staff members at the university, most of which will never be involved in a crime.

Students may worry that “big brother” is watching them even as they go about the mundane details of their day, moving in and out of their buildings, but they should also be aware of data retention issues associated with this system and demand answers and that appropriate privacy policies be put in place. Before they are surveilled, students need to know how long the tapes are kept if no crime is involved, what steps are taken to prevent theft of the footage, and who has access to the footage for what purposes. Will the footage be used only for criminal investigations, or will the scope of the project creep as new groups want to use it?

The issues surrounding the surveillance project become less about whether or not students are safer on campus and more about students taking back the right to their privacy by being able to protect themselves and their identities from unwarranted third party involvement. The more hands a student’s information or image passes through, the more this project grows in scope.

With the allure of all of this information, suddenly it’s not just public safety viewing the images, it’s also the health office or the student judiciary office or the scholarship office. Without clear guidelines noting who can or cannot access these videos, students have essentially given the school a blank check on their privacy rights – with no limit on who can access their information.
(more…)

CDT’s Gregory Nojeim has a guest blog post today on the American Constitution Society’s blog. Nojeim discusses the PATRIOT Act markup from yesterday’s Senate Judiciary Committee hearing and voices his disappointment with the committee’s failure to take action on the issues surrounding National Security Letters (NSL). CDT has been an active voice in calling for the administration to take steps to protect civil liberties that may be threatened under certain PATRIOT Act provisions. Let us know what you think of the ACS post as we continue to work on ensuring that civil liberties are being protected while national security policy is being crafted.

Recently, CDT’s Gregory Nojeim provided wrote a guest blog post on the American Constitution Society’s blog. Greg discussed the expiring provisions of the PATRIOT Act and examined current legislation in the Senate. Check out the post here at ACS’s blog. Thanks again to ACS for the opportunity.

In two letters sent to Congress today, the Obama Department of Justice announced its support for reauthorization of three expiring provisions of the 2001 Patriot Act and its willingness to consider civil liberties amendments that do not diminish the effectiveness of the expiring provisions. Its openness to amendments is a good sign, and we look forward to working with Congress and the Administration on inserting checks and balances on surveillance authority.

Unless Congress acts by December 31, the Patriot Act “library records provision” (Section 215), its provision authorizing roving intelligence wiretaps (Section 206), and a provision of a related intelligence law that permits intelligence surveillance of “lone wolves” who have no ties to foreign terrorist organizations, will all expire. The December 31 deadline will likely prompt Congressional action this fall. Both the Senate and House Judiciary Committees have announced Patriot Act hearings this week, and Senators Feingold and Durbin are seeking support for Patriot Act reform legislation they intend to introduce soon.
(more…)

Check out CDT’s Gregory Nojeim on ABC News’ “Ahead of the Curve” discussing cybersecurity legislation in Congress. The YouTube clip of this is available here.

Last Wednesday, the Senate Homeland Security and Governmental Affairs Committee agreed on several amendments to the PASS ID bill [S. 1261] and sent the legislation on to the Senate.

Let’s take a look at some of the changes:

• Exceptions to the anti-skimming provision:

A key privacy protection we support in PASS ID restricts the collection and use of information scanned from the machine-readable zone on your driver’s license or ID card. However, in response to the concerns of retailers and other third party users of driver’s license information, the committee introduced an amendment that directs the Federal Trade Commission (FTC) to issue regulations establishing exceptions to this anti-skimming provision.
(more…)

Last week, the Senate Intelligence Committee reported a bill that would require the government to disclose information about the intrusion detection system for government computers that has been dubbed, “Einstein.�? Section 340 of the Intelligence Committee’s Intelligence Authorization Act for FY 2010 (S. 1494) would require the government to report to Congress about privacy impact of Einstein, the legal authority supporting it, and about any audits that have been conducted on its operations. The bill, and recent press accounts, prompt CDT to ask the Administration to reveal more about Einstein.

There’s no doubt that the government needs better cybersecurity immediately. Malicious code has been found in the computers that run the electric power grid, and terabytes of data about the Pentagon’s $300 billion F-35 Joint Strike Fighter jet were recently stolen by computer spies.

Einstein is designed to partially meet this need for civilian government computer networks. It operates to detect malicious code in communications with the government. The latest iteration – Einstein 3 – reportedly can scan the content of such communications and, using technology based on a National Security Agency system called “Tutelage,�? can intercept the malicious computer code before it even reaches the government system.

But the Einstein intrusion detection system raises a whole host of questions: what is the scope of the NSA’s role? What is done with the intrusion reports Einstein generates and shares with law enforcement and intelligence agencies? How are people notified that their communications with government officials, and their surfing of government websites, are being monitored for threatening code? CDT poses these and other questions about Einstein in a new report released today.

The Department of Homeland Security did a Privacy Impact Assessment on the first two versions of the Einstein intrusion detection systems, and they reveal a lot of information. But, critical pieces to the puzzle are still missing, and a new version of the system that ups the privacy stakes is being developed.

Secrecy can undermine the effectiveness of a cybersecurity program, particularly one that relies, as Einstein 3 does, on the cooperation of private sector communications service providers. It’s time for the Obama Administration to chart a new course by being more open about Einstein.

A report released today by the Inspectors General of key intelligence agencies shows that the warrantless surveillance program authorized by President Bush was overly secret, its importance overstated, and its product underutilized. While the report reveals new tidbits about the President’s personal involvement in the surveillance activities, it leaves unanswered many questions about the scope of the program, its lawfulness, and whether the surveillance could have been conducted under the Foreign Intelligence Surveillance Act from the outset.

Background for the IGs’ Report
In October 2001, President Bush authorized warrantless surveillance of the communications people in the United States were having with people abroad. Under the program, later dubbed the “Terrorist Surveillance Program,� at least one party to the intercepted communication had to be in the United States and at least one other party had to be abroad, and one of the communicants had to be a member of al-Qaeda or an affiliated terrorist organization. Ever since the program was revealed in December 2005, CDT and others roundly criticized the TSP as unlawful under the Foreign Intelligence Surveillance Act, which requires a court order based on probable cause for surveillance of any person in the U.S. Also in late 2001, the President authorized “Other Intelligence Activities� that even to this day have not been publicly acknowledged. The report released today by the Inspectors General of the Department of Defense, CIA, Department of Justice, National Security Agency and the Office of the Director of National Intelligence covers, and critiques, both surveillance programs, collectively referred to as the “President’s Surveillance Program� or PSP. The report was required by the July 2008 FISA Amendments Act.
(more…)