Where We Stand One Year LaterBy Julia Scheeres
Story location: http://www.wired.com/news/privacy/0,1848,55056,00.html
02:00 AM Sep. 11, 2002 PT
Eleven months ago, as part of the government's war on terrorism, Congress gave the Department of Justice sweeping powers to peer into Americans' everyday activities.
The hastily passed USA Patriot Act swept aside the checks and balances that had traditionally prevented the FBI from spying on Americans. It allowed federal investigators attempting to prevent future attacks to seize data such as phone company records and observe private activity such as a person's book-borrowing habits.
Critics say the act is a reactive, ineffective measure to quell fears of further attacks, especially since the government already had obtained enough information before Sept. 11 -- without a law that could potentially trample American citizens' constitutionally protected rights -- to prevent the attacks.
Before Sept. 11, government investigators learned about al-Qaida operatives enrolled in U.S. flight schools, which they failed to investigate, and seized a computer belonging to the alleged 20th hijacker, Zacarias Moussaoui, which they
"The problem the government faces is largely a targeting problem," said Jim Dempsey, deputy director of the Center for Democracy and Technology. "They don't know who to tap, so they engage in widespread monitoring and collect far more information than they can begin to digest."
How has the Patriot Act been applied in the year following the Sept. 11 attacks?
The complete answer to that question is difficult to ascertain. The law includes a gag order that bars individuals who receive subpoenas or search warrants from making that information public. And the Justice Department has rebuffed attempts by several entities, including the American Civil Liberties Union and the House Judiciary Committee -- which has oversight over the department -- to obtain details about how the legislation has been applied.
For ordinary Americans, perhaps the most troubling provisions of the act deal with the government's expanded power to monitor their communications as well as their leisure-time activities, such as what they read or what they view on the Internet.
And while the government has been tight-lipped about these surveillance activities, anecdotal data shows that investigators have been busy using their new powers to peer into private data, and that, in some cases, organizations have volunteered customer records without being asked.
"The sheer volume of subpoenas for information from telecommunication companies has tripled in the last year, starting the day after the Patriot Act was passed," said Seattle telecommunications attorney Al Gidari, whose clients include AOL and AT&T Wireless.
Gidari claims that FBI agents have attached the agency's secretive data-mining tool Carnivore to ISP systems to check for website visits, terms entered into search engines and e-mail headers.
Likewise, he added, phone companies have been besieged with FBI requests for data ranging from all records pertaining to a particular customer -- such as numbers dialed, length of conversations and the geographical location of the customer when the call was placed -- to details about every call placed to a particular country.
Gidari worries about a tendency of investigators to categorize information requests as "emergencies" in order to get customer data without a formal subpoena. The Patriot Act allows businesses to volunteer customer records in emergency situations, and agents have not hesitated to jump on the clause to pressure companies into immediate cooperation.
"We're starting to see tension over what is and isn't an emergency, and a lot of carriers and providers are insisting that agents get a subpoena. Otherwise, there is no oversight, no legal process," Gidari said.
Another trend that has raised the eyebrows of privacy advocates is a surge in the number of ISPs inviting the government to install Carnivore –- the use of which was essentially ratified by the Patriot Act -– on their systems to thwart DOS attacks or credit card fraud. But in doing so, ISPs are trusting the government to filter sensitive data that is unrelated to the investigation, such as e-mail data of any customer.
Libraries have also had their share of visits from badge-flashers. The Sept. 11 hijackers used computer terminals at public libraries to communicate with each other, and now the Patriot Act allows agents to examine library users' Internet surfing and book-borrowing habits.
According to an anonymous, nationwide survey (PDF) of 1,503 public libraries last December, 220 libraries had received information requests from the FBI after Sept. 11.
"I think librarians are really caught in a quandary and feel that as a loyal, patriotic citizen they should do this," said Leigh Estabrook, a library and information sciences professor from the University of Illinois who conducted the research.
"The library community went through the same debate back in the '60s and '70s when people came looking for The Anarchist's Cookbook."
Indeed, some library patrons have tapped into their inner John Ashcroft themselves. In a recent Florida case, the police evacuated Punta Gorda's public library and arrested a British man when a paranoid patron reported the chap was surfing bomb-making sites. But when the smoke cleared, it turned out the Briton was merely looking for health information; the patron mistook diagrams on the sites for drawings of explosives.
The American Library Association, which represents the nation's librarians, argues that the Patriot Act violates patrons' privacy and free-speech rights.
"There's a dangerous presumption that there is a connection between what someone reads and what they do afterward," said association president Maurice J. Freedman. "Just because someone reads Mein Kampf doesn't mean they're going to become a Nazi."
Estabrook agreed. "There's a lot of little old ladies reading potboiler romances at libraries who probably aren't having their bodices ripped off," Estabrook said.
But ultimately, privacy safeguards established at libraries long before Sept. 11 will protect patrons' activities by limiting the amount of data investigators can seize, Freedman said.
Most library card catalogs use software such as Epixtech that only tracks library property while it is checked out; as soon as the patron returns the material, the record linking a borrower to a certain book, video or audiotape is eliminated. Additionally, library staff routinely destroy Internet sign-up sheets at the end of each business day.
"We take our users' privacy very seriously," he said.