Congress is in the process of tweaking sixteen separate sections of the USA Patriot Act that were scheduled to sunset at the end of this year.
There is a House bill and the Senate bill, and the two versions are being reconciled in conference committee. The USA Patriot Act was a wide-ranging expansion of state power—and in the information age, that means wide-ranging effects on the technology and telecommunications industries and their customers. Four years later, regulatory agencies have issued the rules to flesh out the provisions of the law.
Here’s a roundup of how different set-to-expire parts of the Patriot Act affect the technology industry:
Roving wiretaps: Section 206 expands the 1978 Foreign Intelligence Surveillance Act to allow federal agents to wiretap several phone lines based on a single wiretap order, issued by the secret FISA court. The target of the roving wiretaps under 206 can be a “John Doe,” in contravention of previous court rulings that either the person or the place to be wiretapped must be “particularly described.” These wiretaps don’t require after-the-fact justification to the court, though pending reauthorization would change that.
Pre-PATRIOT wiretap law required that common carrier telecommunication firms that must provide wiretapping assistance be named in the warrant. But PATRIOT vitiates that requirement, allowing the issuance of generic orders by the court and leaving the wiretapping agents to direct telecommunications providers to provide access to their systems.
The “library records provision”: Section 215 deals with businesses’ records and “tangible things” of all kinds, including those of Internet service and telecommunications providers. Under this provision, the FBI can demand vaguely “relevant” customer records from a business without probable cause. A business is forbidden from even disclosing it has had its records searched. DOJ said on March 30 it had used this power 35 times.
After stonewalling requests for information for a few years, the Department of Justice in March, with the sunset coming up, said this provision had been used 49 times. Competing PATRIOT reauthorization acts in the House and Senate would renew the provision for 10 and four years respectively. The Senate bill would require more information about the target beforehand and add extensive public reporting on the use of roving wiretaps.
Again the House and Senate would renew this expiring provision for 10 and four years respectively. Both reauthorization bills contain limited rights to counsel, and the Senate’s version would require the orders be accompanied by a description of the records to be searched and the facts justifying the request, as well as additional public reporting requirements.
National Security Letters: Section 505 allows the FBI to obtain from businesses the details of telecommunications and financial records without judicial oversight. As in Section 215, customers need not be a target of an investigation, but only “relevant” to it. NSL’s don’t need specific facts to back their issuance, and it is against the law for a business to disclose that it has received one. Nor is there a right for the business to challenge an NSL. A federal court decision has already declared this NSL power unconstitutional and is pending appeal. Both pending versions of the PATRIOT reauthorization would make Section 505 permanent and provide limited rights to counsel and challenge.
Pen registers: Section 214 lowered the relevance standard for the FBI to place “pen register” devices on telecom lines to collect “non-content” information such as numbers dialed. It was set to sunset, but both reauthorization bills would make them permanent.
Section 216 expanded this authority to Internet communications, but it is still not clear after four years which parts of Internet communications are “non-content.” Does it include the “Subject” lines of emails? URLs of websites visited? The Electronic Frontier Foundation has filed a Freedom of Information request to find out.
Computer crimes: Section 202 made it easier for the FBI to wiretap in computer crime cases. 217 allows the FBI to monitor one’s communications based on only an Internet service provider’s claim that a user engaged in “computer trespassing.” Both are set to be renewed indefinitely.
VoIP and Voicemail: Section 209 makes it easier for the FBI to search “stored communications” without a wiretap order or in some cases without a search warrant. Thought purportedly targeted at voicemail, this will apparently apply to VoIP (voice-over-Internet) calls that are cached in the process of travelling over networks. Section 209 is set to be made permanent as well.