The USA Patriot Act and Individual Liberties: High-Level Summary

 

In the autumn of 2001, after the 9/11/2001 attacks, Congress passed the USA Patriot Act in order to, in the government’s view, improve the chances that any future terrorist acts could be prevented. The formal name is “UNITING AND STRNGTHENING AMERICA BY PROVIDING APPROPRIATE THE TOOLS TO INTERCEPT AND OBSTRUCT TERRORIS (U.S.A. PATRIOT ACT) ACT OF 2001”, and it may be found online at this location.[1] The ACLU also provides a summary discussion at this location.[2]

 

The act reduces the level of judicial supervision required for the government to investigate activities putatively related to terrorism. This includes wiretaps, access to financial records, and pen register surveillance (sender, receiver, subject without text) of some electronic communications. Apparently in some cases this has led to the use of “secret intelligence courts” to issue warrants, and at other times there have been no courts.  The law also allows criminal investigations without judicial supervision for “intelligence purposes.” Non-citizens may be jailed on very low levels of suspicion without charge. Former President Al Gore writes that Attorney General Ashcroft has authorized clandestine monitorings of attorney-client communications without prior judicial review, the secret inspection of financial and even medical (in spite of HIPAA) records, as well as running secret background checks of any person of interest,[3]  and undercover surveillance of public protests and demonstrations or even public meetings.[4]  ACLU spokesman Matt Howes reported on Dec 2, 2003 that the FBI had circulated a memo that “advocates spying on peaceful protesters and indicates that protesters who engage in civil disobedience or other disruptive acts should be treated like potential terrorists.” But the Ninth Circuit overturned a provision in a 1996 terrorism law that might punish unwitting contributors to fronts to terrorist groups, because it might ensnare someone like “a woman who buys cookies from a bake sale outside of her grocery store to support Kurdish refugees to find new homes.” Already, there have been cases of Americans with Muslim spouses having their bank accounts frozen by the FBI without their knowledge.[5]

 

In some cases, immigrants who have contributed to what they honestly or in good faith believed to be beneficial organizations promoting democracy have been deported. For example, Kurdish immigrant Ibrahim Parlak was deported in 2004, with the blessing of federal judge Elizabeth Hacker, for having once supported PKK, the Kurdistan Workers’ Party, KPNGRA-GEL. He had sought political asylum in the United States in 1992.

 

An enhancement called “Patriot Act II” was proposed in early 2003.[6] The government would no longer be required to disclose the identity of anyone held in a terror investigation. The government would be able to obtain library reading records and ISP records and could forbid the entity giving the information from disclosing the request. Americans could be extradited to foreign nations more easily. Terrorism’s definition would be expanded to go beyond large scale attacks like 9-11 to include smaller attempts to intimidate a civilian population, such as with the Muhammad-Malvo sniper slayings in 2002. In extreme cases, American citizens (even native born) could lose citizenship if they supported terrorist groups. Uncontrolled and unsupervised wiretap authority is extended for fifteen days after any major terrorist attack.[7] There are also controversies about “intelligence courts” and secrecy of some judicial proceedings, even for civilian suspects.

 

There is also a provision in a new intelligence bill expanding what kinds of businesses can be served “national security letters” to obtain financial records, to include brokers, insurance companies, and various dealers of valuables.

 

In fact, Mother Jones  [8]has provided some more details as to the exact provisions:

 

· Section 206 allows roving wiretaps of any phone or computer that a suspect might use, ensnaring “innocent bystanders.”

· Section 213 allows a “sneak and peek” search, where the person of interest is not notified until after the search.[9]

· Section 214 allows government secret surveillance of phone calls without warrant or probable cause, by claiming relevance to terrorism investigation

· Section 215 allows secret (and classified) subpoenas for searches of library records, video stores, and similar facilities for suspect’s purchases or use. It is not clear that this has actually been used.

· Section 216 allows Internet wiretaps (pen registers based on email addresses but not content) at a judge’s approval

· Section 218 allows secret courts to authorize secret searches

· Section 505 allows the Justice Department (or an FBI field office) to issue a “national security letter” for subpoenas similar to section 215

· Section 802 defines domestic terrorism as illegal acts “dangerous to human life” that seem to be intended to influence government policy by “intimidation or coercion” or gaining publicity for causes.

· Section 805 forbids giving assistance to government designated “foreign terrorist organizations.” This was declared overbroad and unconstitutional by a federal judge.

· Section 806 allows civil asset forfeiture without a hearing by the Justice Department from an alleged domestic terrorist.

 

The article in Mother Jones also discusses the “Catch 22” involved in declaring suspected terrorists (who can be American citizens) as unlawful combatants and holding them in military prisons without formal charge or access to attorneys,  

 

The government has proposed a “Red, Yellow, Green” (like the childhood playground game like “Mother May I”) profiling of airline passengers with data mining (a system to be called CAPPS II, “Computer-Assisted Passenger Prescreening System”) looking at credit reports, financial history, criminal convictions, and presence on terrorist watchlists. Delta Airlines will start this in April at a few unannounced airports. The risk is that citizens could be wrongly blacklisted (and lose jobs that require travel) without resource, because of errors on credit reports or even identity theft. But the new system is supposed to reduce the “yellows” to 5% from 15% of passengers.

 

A couple of scuffles over campus protests against military recruiters (who flout a university's non-discrimination rules over sexual orientation because of the "don't ask don't tell" policy and the Solomon Amendment), raise the issue of terror watchlists again. These incidents occurred at the University of California at Santa Cruz in April 2005 (a group Members of Students Against War) and at the New York University Law School (the group called OutLaw). Other anti-war protests include a Quaker meeting house at Lake Worth, FL, and the Broward Anti-War Coalition gathering at a recruiting station in Fort Lauderhill, FL, and a gathering outside a Halliburton office (Dick Cheney, remember) in Houston.. The Pentagon has been reported as accumulating lists of protestors (how they are identified by name, absent actual police arrests, is not totally clear) with operation code name TALON ("Threat and Observation Notice"). Sometimes contents of these lists may be available for security clearances, and sometimes they are even available to perspective landlords (that is not necessarily clear about this list, but it does apply to SDN and Blocked Persons lists), and a person denied employment or housing could not be told he or she is on the list. These government lists are getting dangerous. [9.5]

 

Associated with the Patriot Act in effect if not in the technicality of the law has been the detention of non-citizens of Muslim origin, practically all of him who have been found to have no connection to terrorist activities. Likewise, foreign nationals and at least two American citizens (for the first time in American history) have been held in military prisons as “unlawful combatants” without access to attorneys or formal charges.[10]  Most have had no conceivable connection to radical Islam or other terrorist incentives and in some cases have been somewhat physically abused even in this country (as at the Brooklyn detention center). The government has also proposed and then backed away from the idea of civilian domestic “snitch” programs.

 

Some authorities maintain that businesses and even individuals may be exposed to downstream liabilities from the Act. Besides “know thy customer” rules related to money laundering, owners of web servers and domains might be liable (with civil fines, shutdown injunctions and maybe even criminal prosecutions) if they allow their facilities to be used by hackers to augment a terrorist incident.[11] This would certainly be true if a business owner knew or reasonably believed that his facility was being compromised for such a purpose, but what if it happened without the business owner’s knowledge? The law could set up situations where controversial businesses or websites were heckled or harassed and threatened with litigation. If we have another major domestic attack, and particularly if we have an attack involving compromise of our electronic infrastructure or power grid,[12] we could then see increased political pressure to require owners of small businesses running their own servers (including ISP’s) to be licensed, in order to demonstrate they do not have criminal backgrounds and that they know how to protect the public from downstream effects by compromise of their computers by hackers.[13] We could even see this required some day of home computer users, just as is the case with driver’s licenses. (Libertarians, remember, do not approve of licensing, and see it as counter to economic opportunity for the disadvantaged.)  Another threat, not often discussed publicly, is the idea that terrorists could plant steganography hidden on a website after hacking into it, and a small business or individually owned domain (especially if the web server is run at home rather than on commercial shared hosting) that is always up could make an attractive target (again, a high-speed home computer not running a web site or major file sharing would not necessarily be always on).[14]

 

On May 9, 2004 CNN’s technical reporter Daniel Sieberg presented a story about the dangers of “wireless access point” devices. When home users set them up without proper security, these devices may become identified (from nearby computers or even computers on private airplanes flying in the area) as the source of illegal computer activity (posting child pornography, stealing classified documents, money laundering, passing information to terrorists or drug dealers, sending spam or propagating viruses or worms). It is not clear yet what the legal downstream liability (civil or even criminal) for the naïve user could be.

 

The Fox show Boston Public presented (on Dec. 5, 2003) presented an episode where an Arabic teenager is called in by the FBI after he looks at an Arabic language website supporting terrorism at a public school library computer.

 

The government maintains that individual American citizens (other than, perhaps, persons with close ties to overseas interests) have not been affected by the Patriot Act. It maintains that it already has heightened surveillance powers in conjunction with racketeering and drug trafficking, and that these activities have historically been connected to terrorists. It is true that very few non-Muslims seem to have been affected; the GLBT community seems almost protected in this climate because of its publicly non-violent reputation. The government probably would claim that there would not be time for normal judicial procedures if there were solid intelligence suggesting an imminent WMD attack, and that smaller asymmetric attacks (especially those aimed more at economic damage with readily available toxic substances or with computer hacking) require unusual surveillance procedures for interception due to their technically insidious nature. The catastrophic economic effects or casualties from some kinds of asymmetric attacks (life would not go on as normal after some of them) provides some justification for the government’s position. But impending hardship has always been a harbinger of more authoritative government.  The government also maintains that pen register traces off the Internet do not need search warrants because similar searches of phone numbers contacted in the past did not and were considered part of normal police work.

 

However, the new surveillance and detention powers do skirt several fundamental rights and explicit provisions in the Constitution, especially the Bill of Rights. Among these are, besides free speech and free expression of religious belief and of expressive or religious association in the First Amendment, many of the other provisions, such as the Fourth Amendment (freedom from unreasonable searches and seizures), the Fifth and Fourteenth Amendments (due process), the Sixth Amendment (right to a speedy trial), and Eight Amendment (freedom from excessive bail). I have already seen similar arguments discussed with respect to the rights of military servicemembers, now with the military gay ban and “don’t ask don’t tell” policy but in earlier times with respect to the draft. Democratic presidential candidates for 2004 like John Edwards are right in questioning why better judicial supervision cannot be sustained, or in asking if there are technological solutions that would enable judges to become involved efficiently during real emergencies. The Patriot Act, misapplied, has the capability of undermining the whole idea of separation of powers.

 

On January 23, 2004 a federal judge in Los Angeles (Audrey Collins) declared part of the Patriot Act unconstitutional. It was impermissible to bar giving expert advice to a designated terrorist organization if the advice consisted of non-violent means; the First Amendment only allows the government to intervene with consultation or speech threatens imminent lawless action. The case involved a group helping Kurds with self-determination within Turkey.[15]

 

The ACLU was forced to keep secret a lawsuit that it had filed 4/6/2004 contesting FBI methods of obtaining business records. The ACLU said, “It is remarkable that a gag provision in the Patriot Act kept the public in the dark about the mere fact that a constitutional challenge had been filed in court.”[16] This was a challenge to the FBI’s “National Security Letter” authority. The ACLU later reported that it had to trim its release of the suit. Finally, it was allowed to release the court schedule and judge (Victor Marrero) and a short paragraph concerning the disclosure requirements for national security letters.[17]

 

Richard Willing has a lengthy discussion in the July 6, 2006 USA Today, "With only a letter, FBI can gather private data: National security letters' reach expanded after 9/11."  The article outlines the information that is normally obtained with a national security letter, and the additional more detailed information available without warrant under the Patriot Act. Typically a consumer will not ever know about the request. Despite HIPAA, even some health care information can sometimes be obtained. It is logical that the Patriot Act could cause relatives or business associates of a controversial person fear that they would be secretly investigated. The URL for the story is http://www.usatoday.com/news/washington/2006-07-05-fbi-letters_x.htm  ; the visitor may need an online subscription to view the content. 

 

 Web publishers must also be careful about a provision of the Patriot Act that criminalizes providing “expert advice” to terrorists. A jury in Idaho acquitted a Saudi national graduate student for auditing terrorists by running a website that would raise funds for terrorist organizations. The First Amendment will protect the expression of even radical religious ideology as long as it does not create the imminent threat of lawless action.[18]

 

Although journalists’ shield laws and confidentiality privileges given to reporters (“the Fourth Estate”) are technically not issue with the Patriot Act, the forthcoming jailing of New York Times reporter Judith Miller for refusing to reveal sources on information on a CIA leak (related to Saddam Hussein and WMD purchases that he may have attempted) on material she did not publish, readers should visit the New York Times op-ed on this subject, calling for federal shield laws.[19]

 

At the end of 2005, Congress (especially the Senate) was balking at extending much of the Patriot Act. At particular issue are provisions that allow wiretaps without a warrant, the sharing of information among agencies, and particularly the release of information about domain owners by ISPs, which could be liable if they gave out information without one after the Act expires. In some cases, government can begin an investigation about a domain without notifying the owner if the danger of major crimes (or acts of terror or sabotage on the Internet) is great enough.

 

The New York Times ran an editorial on Feb. 11, 2006, “Another Cave-In on the Patriot Act,” in which it notes that Congress allowed Section 215, the gag order rule on disclosure to a person that she is a subject of a search of financial, medical (even given HIPAA) or other records, and the vagueness of wording on national security letters, whether they could be used to obtain Internet search records without judicial supervision—checks and balances. Hoever, the Washington Post reports that the final revisions, likely to pass in March 2006, allow recipients to challenge FISA Section 215 nondisclosure requirements, and relieve public libraries of the requirement to respond to national security letters in most circumstances. [20]

 

See the review of Robert Greenwald’s ACLU film “Unconstitutional” The War on our Civil Liberties.”

 

Note: In May 2006 the major media reported that the National Security Agency had been building a database on about 10 million personal telephone and cell conversations, supposedly only the numbers and not contents, based on certain unknown parameters. Could this extend to emails and web search requests?

 

On March 25, 2007, Karen De Young of The Washington Post wrote a story "Terror Database Has Quadrupled in Four Years: U.S. Watch Lists Are Drawn From Massive Clearinghouse" with a storehouse called TIDE, or Terrorist Identities Datamart Environment. Story at this link.

 

Blog entry on abuse of national security letters as reported by media on March 9, 2007, here.

 

Blog entry on PBS film "America at a Crossroads" with a segment discussing the gag order associated with National Security Letters, here, as well as major discussions of wiretapping, and of a "to catch a money launderer" sting in Albany, NY. 

 

Blog entry regarding sharing of airline passenger psychological profile information (which could include religious and philosophical beliefs, and sexual orientation) between US and Europe. July 27, 2007.

 

Blog entry on New York federal court opinion to strike down portions of Patriot Act allowing certain NSL's to ISP's and telecommunications carriers with gag orders preventing disclosure to consumers, decision Sept. 6, 2007 by Victor Marrero.

 

Blog entry on a story about the Treasury Department's Office of Foreign Assets Control (OFAC), here.

 

Blog entry on Congressional agreement on FISA harbors for telecommunications liability, HR 6304.

 

ãCopyright 2003, 2006 by Bill Boushka. All rights reserved, subject to fair use.

 

Return to home page

 

See results of a University of Connecticut study on public opinions about the First Amendment

 


 

[1] This is a 400 KB PDF file requiring Adobe Acrobat Reader, the direct link from AXLU is at

http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12251&c=207

 

[2] The summary is at

http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12126&c=207

 

[3] Al Gore, “The Administration is Using Fear as a Political Tool,” paid ad, The New York Times, p A11, Nov. 25, 2003, sponsored by  http://www.moveon.org/, from speech at Washington Hilton Nov 9, 2003.

 

[4] PBS aired a special by Bill Moyers on this problem in early 2004 (March 5, 2004 in Baltimore) on this problem. Sometimes undercover officers allow themselves to be “arrested” at demonstrations. This program was presented with a PBS donor appeal that address the need for more subtle programming and news coverage or journalism than major commercial networks can provide.

[5] Rep. James Moran, Town Hall, Alexandria, Dec. 2003

[6] Here are some of the ACLU references on “Patriot II”:

http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12234&c=206

 

[7] Judy Bachrach, “John Ashcroft’s Patriot Games,” Vanity Fair, Feb. 2004

 

[8] Anthony Lewis, “One Liberty at a Time: From the cages at Guantanamo to a jail cell in Brooklyn, the administration isn’t just threatening the rights of a few detainees—it’s undermining the very foundation of democracy.”  Mother Jones, June 2004, p. 73. The discussion of the specific enumerated provisions of the Patriot Act appear on p. 75 in a sidebar, “The Patriot Act and You.”

[9] On September 29, 2004 federal Judge Victor Marrero ruled that the provision in the Patriot Act allowing the FBI to demand information from Internet Service Providers without judicial oversight or notification is unconstitutional. He wrote that the provision “effectively bars or substantially deters any judicial challenge and imposes silence on targeted companies, in violation of the First Amendment.

 

[9.5]  "Big Brother may be spying on you; History should remind gays about the dangers of allowing the government to secretly spy on American citizens." Editorial by Mubarak Dahir, The Washington Blade, Feb. 24, 2006    http://washblade.com/2006/2-24/view/editorial/

[10] However on Dec 18 2003 the 2nd Circuit ordered the administration to release Joseph Padilla from military custody within 30 days. “The President’s inherent constitutional powers do not extend to the detention as an enemy combatant without express congressional authorization.”  Padilla had been held by the military largely because witnesses needed for normal civilian prosecution were themselves Al Qaeda or foreign terrorists held offshore. (See Ruth Wedgwood, “The Rule of Law and the War on Terror”, The New York Times, p. A27, Dec. 23, 2003.) Furthermore the 9th Circuit ruled that a detainee at Guantanamo Bay, Cuba should be granted a court hearing, and that this logic might apply to all 660 detainees. 

[11] In Twin Cities Computer User, July 2002, Roger Hughes (from the St. Paul Companies’s Data Security Advisors) writes that McCafee and Norton cannot detect all hacking tools or “zombie” programs even if properly used, and that most businesses should hire security professionals for routine audits as a due diligence protection. He writes, “Under the new Patriot Act, if your company is hijacked by a terrorist—your network, your Web site, whatever—and that terrorist uses it somehow to attack a government agency or critical infrastructure” (ed- maybe in the spirit of the 1983 film War Games)  “you personally can be charged with a crime of aiding and abetting a terrorist act. You can go to jail and get up to a $100000 fine, or you can just get nailed with an injunction that shuts down your company for 90 days….If somebody’s credit information get hacked because you didn’t do your due diligence for data security, you personally can be sued for that.” (I’m not sure here if “personally” refers to a non-officer employee of a company.) This quote should be studied in conjunction with a Washington Post article by Barton Gellman, June 27, 2002, “Cyber-Attacks by Al Qaeda Feared.” Of course, one wonders why critical infrastructure components (DCS or SCADA controls on dams or nuclear power plant cores) would even have IP addresses even accessible through the Internet. The web reference is http://www.computeruser.com/articles/2107,10,66,1,0701,02.html

On March 11, 2005 Justin Blum provided The Washington Post with a new story, “Hackers Target U.S. Power Grid: Government Quietly Warns Utilities to Beef Up Their Computer Security.” Hackers could mount a staged attack, first into a business management system from the Internet, and from there to the system utility operations. Again, from the latter, we are surprised that they are accessible from the public Internet at all, but apparently electric utilities have staged systems that allow some access to their machine controls from their own Intranets. Again, theoretically, a small business or home user whose computer was hijacked to launch such an attack could be held liable under the Patriot Act, even though no one has yet been pursued (criminal or civil) for this.

[12] Michael Shnayerson, “The Code Warrior,” Vanity Fair, Jan. 2004, details the efforts of Finnish virus hunter Mikko Hypponen to track down some of the worst Internet worms of 2003 (Blaster, Sobig, Swen), one of which (Blaster) may have contributed to the August 2003 power blackout that started in Ohio and which certainly used hijacked home machines. But then why are major infrastructures attached to the public Internet?

[13] A potential statute like this could restrict the domain names that a self-publishing individual could use, and/or require certain bonds or financial resources or reportability. There are other reasons such a law could be tempting to conservative politicians, such as the fact that with current technology such domains could be targets for spammers (spoofing or hacking), or be perceived as deceptive. Probably the use of subdomains (as AOL’s personal publisher) would not be affected, since these are normally non-commercial. Another variation of legislation like this could target individuals who run their own servers instead of using shared hosting. This is distantly related to the problems surrounding COPA.

[14] The new Service Pack 2 from Microsoft may reduce the risk of this problem, also there are also vulnerabilities in various Microsoft applications. From an email from CNET, “Look! A Patch for Pickled Pixesls” on 9/15/2004: “Microsoft said an attacker could use the flaw to install viruses on or take complete control over XP machines whose users visit a Web site that has been seeded with a specially crafted image. The software hole also could allow hackers to embed infected images in e-mail which could drop their viral payload on vulnerable machines after the recipient merely opens the infected message.

 

[15] The link on CNN is http://www.cnn.com/2004/LAW/01/26/patriot.act.ap/index.html

 

[16] Dan Eggen, “Patriot Act Suppresses New of Challenge under Patriot Act,” The Washington Post, April 29, 2004. http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=15543&c=262

 

[17] Dan Eggen, “ACLU Was Forced to Revise Release of Patriot Act Suit: Justice Dept. Cited Secrecy Rules” and the second paragraph read “The provision under challenge allows an FBI agent to write a letter demanding the disclosure of the name, screen names, addresses, email header information, and other sensitive information held by ‘electronic communication service providers.’” The Washington Post, May 13, 2004m p. A27. But domain name owners must disclose their accurate contact information to WHOIS under ICANN rules anyway.

[18] Susan Schmidt, “Saudi Acquitted of Internet Terror: Defense Hails Verdict on Islamic Sites as Victory for Free Speech,” The Washington Post, June 11, 2004.

[19] Arthur Ochs Sulzberger, Jr. “The Promise of the First Amendment,” The New York Times, Oct. 10, 2004, p. 4-11.  Since I am not part of the formal press, I would not be covered by state or federal shield laws, and in a few occasions I have shared tips and leads sent to me with law enforcement.

 

[20] Jonathan Weisman and Jeffrey H. Birnbaum, "In Session: A Tame End to Patriot Act Debate," The Washington Post, March 7, 2006.