Michael Arruda, chair of the Privacy and Security Practice Group of McCutchen, Doyle, Brown & Enersen in San Francisco, says many privacy policies promise customers that the company won’t share their data without their permission. Under the new law, however, the feds can actually prohibit companies from telling people when they share data with law enforcement.
In the past, companies didn’t have to worry about compromising privacy when they cooperated with investigators because the feds could get court orders to seize only specific data they could prove would implicate a suspect. Now investigators can go fishing and subpoena data they merely think might help their case. For instance, if they believe a suspected terrorist is using his employer’s e-mail system to plot attacks, they can get his entire address book, not just the addresses of suspected coconspirators. From there, it’s easy for them to get a warrant to read any of the suspect’s e-mail.
The public wants law enforcement to have information valuable to a terrorism investigation, Cohn says, but people “aren’t ready to embrace a world where the government can look at everything they do.” With consumer confidence falling and dotcoms failing, Cohn thinks making a statement saying the company can no longer protect a customer’s data will create a backlash against doing business online.
According to Cohn, any executive presented with a subpoena should think carefully about what information he hands over. Most court orders are negotiable, she says, and company lawyers can ask investigators to scale back their requests if certain corporate information doesn’t seem relevant to the investigation. Arruda agrees that’s an option, but he says executives still risk being sued by a disgruntled customer or partner if they give up too much.
Privacy concerns are taking a backseat to national security in Congress these days, so it’s less likely now than before Sept. 11 that lawmakers are going to take any steps toward defining privacy protections for individuals. Civil libertarians such as Sen. Patrick Leahy (D-Vt.) see the antiterrorism bill?which also gives law enforcement officials expanded powers to monitor suspects’ e-mail and share the information they gather with intelligence agencies?as good fodder for creating privacy protections through court cases. Meanwhile, Leahy, who is chairman of the Senate Judiciary Committee, says he wants the panel to monitor the extent to which the privacy of innocent people is compromised by the law.