THE TERRORISM
BILL DOES TOO MUCH AND NOT ENOUGH.
Tapped Out
by Jeffrey Rosen
Post
date 10.04.01 | Issue date 10.15.01 |
|
|
Imagine this: FBI agents get an anonymous
tip that a red van with biological weapons has
just dumped anthrax in the Central Park reservoir.
They'd like to search all the red vans in the
area, but by law they can't. Once a crime has
occurred, an anonymous tip can't create reasonable
suspicion for an investigative search, according
to the Supreme Court.
Now imagine this: You illegally download a
copyrighted MP3 file, violating your terms of
service contract with America Online. Without
your knowledge, AOL proceeds to authorize the
federal government to monitor every e-mail you
send and every website you visit in order to
collect evidence to prosecute you as a "computer
trespasser."
Welcome to the unintended consequences of
the Anti-Terrorism Act of 2001, which is being
debated in Congress this week. The central insight
of the bill is sound: that law enforcement officials
should have greater powers to investigate potential
acts of terrorism than when they investigate
less serious crimes. But in some respects, the
bill doesn't empower the federal government
to investigate genuine emergencies nearly enough.
And in others it carelessly expands the definition
of terrorism to cover low-level computer crimes.
In other words, it threatens privacy without
increasing security.
The Fourth Amendment says, "The right of the
people to be secure in their persons, houses,
papers, and effects, against unreasonable searches
and seizures, shall not be violated." The more
secure a search or seizure makes us in our persons,
houses, papers, and effects, therefore, the
more reasonable it should be considered. Our
existing wiretap laws recognize this; and in
some areas, the proposed Anti-Terrorism Act
does too. For example, the act sensibly amends
electronic privacy laws to make clear that an
Internet service provider, or ISP, such as AOL
may not disclose the communications of its customers
unless the "provider reasonably believes
that an emergency involving immediate danger
of death or serious physical injury to any person
requires disclosure of the information without
delay." Provisions like this strike a sensible
balance: Of course traditional privacy protections
should yield in the face of immediate threats.
But in other areas, the bill would dramatically
expand surveillance authority--for the investigation
of all crimes, not just those involving
terrorism--even where there is no immediate
threat of harm. For example, one provision of
the Anti-Terrorism Act would give the government
essentially unlimited authority to install recording
devices to monitor the "dialing, routing, addressing,
or signaling information" of any citizen's electronic
communications, including e-mail or Web browsing.
In the past the Supreme Court has allowed law
enforcement this kind of unregulated access
to relatively public information, such as the
local telephone numbers that we dial from home,
on the theory that the phone company knows the
local numbers anyway so no one expects them
to remain private in the first place. But the
e-mail and Web browsing information that will
now be available to the government is far more
revealing than a local phone number: It includes
the subject lines on our e-mail and the URLs
on which we click--which may contain, for example,
the search terms we plug into Amazon or Google.
This expanded monitoring authority might be
defensible if it were limited to cases of potential
terrorism. But it isn't. To begin monitoring,
a federal agent need merely insist that the
monitoring is relevant to the investigation
of a crime, even a minor one. The Washington
Post calls provisions like this "hitchhikers"--items
that have long been on law enforcement wish
lists but have nothing to do with terrorism.
Another troubling provision of the Anti-Terrorism
Act allows the government to intercept the communications
of computer "trespassers"--even those who can't
remotely be considered terrorists. The act defines
a computer trespasser very broadly as "a person
who accesses a protected computer without authorization."
Once someone is defined this way, an ISP like
AOL or Microsoft can give unilateral consent
to the government to monitor all of his or her
communications as long as the monitoring is
relevant to the investigation of some crime,
no matter how minor. "If you were technically
in violation of your ISP's terms of service--and
given how broad they are that can happen quite
easily--you suddenly forfeit privacy rights
and the ISP can consent to surveillance of your
activities," says Alan Davidson of the Center
for Democracy and Technology.
Peter Swire, privacy czar under President Clinton,
notes other examples of unauthorized computer
access that the current legislation would define
as federal terrorism offenses, punishable by
up to life in prison: employees of a credit
agency tampering with their customer's credit
history; a store manager fraudulently using
the store's computers to pay off gambling debts;
and the unauthorized use of an ATM. These are
certainly crimes, but they're not terrorism.
Swire also points to another new federal terrorist
offense created by the bill: "intentionally
causing damage without authorization to a protected
computer" by transmitting a "program, information,
code, or command." This language, intended primarily
to prohibit hacking and the intentional spread
of viruses, has been applied in the past to
former employees who inadvertently delete files
after accessing an old account. By defining
these computer abuses as terrorism, the versions
of the bill currently being debated would subject
a great deal of low-level crimes to federal
scrutiny.
|
n addition to eroding electronic privacy, the
terrorism bill contains a series of important
amendments to the Foreign Intelligence Surveillance
Act, or FISA. By certifying
to a secret court that a particular individual
is an agent of a foreign power, including a
terrorist organization, FISA
allows the government to wiretap and otherwise
surveil someone without reasonable suspicion
that he or she is about to commit a particular
crime. This would normally violate the Fourth
Amendment, but because FISA
governs agents of foreign powers, traditional
constitutional protections don't apply. Until
now FISA has required
that foreign intelligence-gathering be the primary
purpose of an investigation. But the Anti-Terrorism
Act changes this, allowing sweeping surveillance
of a suspect even if foreign intelligence is
only one of several purposes of the investigation.
The current bill also authorizes roving wiretaps,
permitting the government to monitor any communications
device that a particular suspect used, including
cell phones, work phones, computers--even search
engines in public libraries. Roving wiretaps
might make sense if there's evidence a suspect
is trying to evade surveillance; but by allowing
them to be placed on any suspect in any investigation
that has some foreign intelligence component,
Congress could expose a lot of innocent communications
to government scrutiny. If, for example, your
colleague is a target of a FISA
investigation, the government could tap all
your communications on a shared phone, work
computer, or public library terminal.
The Anti-Terrorism Act also gives the government
broad access to financial records, business
records, and credit reports that are relevant
to an investigation involving foreign intelligence--even
when the people whose records are being examined
are not themselves agents of a foreign power.
And it allows domestic law enforcement authorities
and foreign intelligence investigators to share
secret grand jury information collected as part
of a domestic criminal investigation. The logic
for the constitutionality of FISA
was always that the extraordinary powers it
gave law enforcement were limited to foreign
intelligence-gathering, not domestic law enforcement.
By changing that balance, the new bill could
make fisa vulnerable to constitutional challenge.
|
ut at the same time that it unnecessarily expands
law enforcement's power to investigate low-level
crimes, the Anti-Terrorism Act does little to
address immediate terrorist threats. Imagine
the scenario I described earlier, in which the
FBI receive an anonymous tip that a red van
has just dumped biological weapons in the Central
Park reservoir. Surely law enforcement officials
should have the right to search red vans in
the area, even if the tip turns out to be false.
But the Supreme Court held last year that random
searches designed to investigate crime were
unconstitutional. Cars couldn't be stopped and
briefly surrounded by drug-sniffing dogs, the
Court held, because random car searches could
only be justified for reasons that had nothing
to do with the investigation of crime, such
as promoting highway safety by checking cars
for drunk drivers. One solution, suggested by
Stephen Saltzburg of the George Washington University
Law School, would be to empower the attorney
general personally to authorize searches in
emergency situations that don't meet ordinary
constitutional standards. (When an immediate
decision has to be made, this authority might
be delegated to an officer on the scene.) "Rather
than rely on judges, whom I think are in no
position to respond to a requirement for immediate
action," says Saltzburg, "the attorney general
could be required to report within a short period
of time to a select committee of Congress, which
would have the authority to expand or restrict
the scope of the searches." But the Anti-Terrorism
Act doesn't do anything of the kind.
Throughout the twentieth century, law enforcement
overreacted to the concerns of the moment in
ways that had sweeping, unintended consequences.
In the 1970s the Supreme Court and Congress
unnecessarily restricted domestic intelligence-gathering
because of fears about the Nixon administration's
abuses. In the '80s and '90s, the Court and
Congress expanded the government's power to
investigate low-level drug crimes, which led
some minority citizens to feel like they were
living in a police state. Unfortunately, the
Court and Congress have gotten out of the habit
of balancing the invasiveness of the search
against the seriousness of the crime. If, in
the wake of last month's attacks, Congress increases
surveillance powers for the most serious crimes,
it may increase our security from terrorism.
But if it thoughtlessly expands surveillance
authority across the board, it will threaten
individual privacy without giving government
the tools it needs to respond to genuine emergencies.
And so we will be less free, but no more safe,
than we were before September 11.
JEFFREY ROSEN is a senior
editor at TNR.
|