The Internet Ahead

As a candidate, Present-elect Obama made little mention of privacy laws and the abuses committed by the Bush administration (for example, through the PATRIOT Act).  However, in his technology position paper, “Connecting and Empowering All Americans Through Technology and Innovation“, Obama promises to “safeguard our right to privacy” by:

1. Ensuring that terrorism-fighting mechanisms and information are not abused.
2. Updating surveillance laws and ensuring that other methods of law enforcement are carried out appropriately.
3. Protecting “particularly sensitive kinds of data”:  for example, online health records.
4. Tracking down cyber-criminals to crack down on spam, spyware, phishing, etc.

In this post, we will discuss the first two of these issues, the issues most closely related to the post-September 11th developments in privacy as the Bush administration began to exercise more control over the counterterrorism intelligence gathering process.  

Privacy Issues:  NSA Wiretapping and the ECPA

In particular, there has been controversy over the warrantless data mining and wiretapping done by the National Security Agency (NSA) as part of a program approved by President Bush to search for terrorists.  The secretive surveillance program, revealed by this article in the New York Times, allowed the NSA to search through large amounts of telephone and Internet communications both inside and outside of the United States.  

The revelation sparked a large outcry from privacy advocates, one that intensified when the Bush administration proposed legislation that would both expand the government’s domestic surveillance power and retroactively protect the telecommunications companies that assisted the NSA wiretapping process.  The bill would be used to update the Foreign Intelligence Surveillance Act (FISA), a 1978 bill used to allow “electronic surveillance in the context of foreign intelligence gathering” while “strik[ing] a delicate balance between national security interests and personal privacy rights”.

Originally, Obama opposed this invasion of privacy—this is made obvious by his policy paper on technology.  However, in a July 2008 note that he wrote to the public, Obama changed his position on the FISA matter, claiming that the bill was the best solution possible.  To further defend his new position, Obama’s campaign staff claimed that the “fact that there [was] an open forum on BarackObama.com where supporters [could] say whether they agree or disagree [spoke] to the strength of [their] campaign”.  Nevertheless, the candidate’s supporters were extremely angered by the decision, and groups like the EFF continue to fight for the repeal or reform of the new FISA bill.  It will be interesting to see how the new Obama administration will address these issues in the upcoming four years.

Another online privacy issue that has been addressed by the EFF and other privacy groups is the Electronic Communications Privacy Act (ECPA). This act—passed in 1986 to reform the Wiretap Act of 1968—extended restrictions on wiretaps to include online communications.  Specifically, the ECPA requires a court order for the government surveillance of “wire, oral, or electronic communications.”, and Title II of the act (the Stored Communications Act) regulates the circumstances under which a provider of electronic communication services (ECS) or of remote computing services (RCS) can provide information about emails or other forms of online communications.  According to the Stored Communications Act, a “governmental entity” may demand the disclosure of the contents of an opened e-mail or any e-mail that has been in storage for more than 180 days.  This can be done, according to Section 2703(b), without required notice to the customer provided that the government obtains a warrant, court order, or administrative subpoena.  According to the EFF, this act needs to be reformed in order to be more in line with “recent technological developments and Americans’ expectation of online privacy”, specifically so that privacy of online data doesn’t depend on how long it has been stored.  

Recommendations

President Obama will have the difficult job of maintaining the appropriate balance between national security and the privacy rights of U.S. citizens.  While the Bush administration has gone too far in the direction of government control and invasions of privacy, there is still some merit in insisting on surveillance measures in the name of protecting the nation.

For this reason, we recommend that Obama evaluates the programs he has in place and then reform them to be more in line with today’s standards of technology and privacy needs.  First, the FISA Amendments Act needs to be reformed.  The protection of illegal, warrantless wiretapping is and never should be justified.  The NSA wiretapping program was a blatant violation of the Fourth Amendment guarantee against “unreasonable searches and seizures”, particularly those done without probable cause.  Although the NSA should undoubtedly have more powers to conduct surveillance in the name of counterterrorism, these powers should never involve violations of the fundamental rights of the Constitution.  For this reason, telecommunications companies should not have been protected for assisting the government’s illegal wiretapping.

Secondly, the ECPA should also be reformed and clarified.  The government must develop standards beyond those of opened/unopened and the 180 days rule.  These categories are not only arbitrary, but are also unnecessary.  Moreover, the PATRIOT Act has amended the ECPA to relax the standards for Internet surveillance to be in line with the standards of telephone dialing.  The standards for phone usage are already too weak, and both measures should be reformed.  Governmental entities should be required to prove the relevance of their surveillance beyond telling a judge that information is necessary to their investigation.  There should be standards for how and why they conduct Internet and telephone surveillance; specifically, a probable cause standard should be used.  Applying this Fourth Amendment standard to all e-mail communications—regardless of how old they are—and other private online content (no matter where it is stored) is important to protect Americans in this increasingly digital age.  We believe that this will not hinder any counterterrorism investigations; if it does, then national security experts should have to explain the potential harms of using probable cause.

In these ways, the Obama administration will hopefully be able to strike the proper balance between security and privacy over the next few years.  President Obama should maintain his promises to the nation outlined in his policy paper by ensuring that the proper reforms are made before irreparable damage is done to the values of the U.S. Constitution.