by CIO Staff

Data Privacy Arouses Debate

Nov 15, 20034 mins

Patriot Act

Debate Heats Up Over Data Privacy, Terror Fight

The USA Patriot Act is becoming one of the most polarizing pieces of legislation ever. Passed in the aftermath of Sept. 11, 2001, with little debate, the law and its provisions aimed at fighting terrorism greatly expand the power of law enforcement to search homes or offices and demand that businesses and libraries hand over their patrons’ records. Today, the law is viewed as either an important tool in the war on terrorism or a pernicious threat to civil liberties?depending on whom you ask. With key portions of the law scheduled to expire at the end of 2005, the fate of the feds’ new powers is emerging as an issue in the 2004 presidential campaign as well as on Capitol Hill.

Of the five Democratic presidential candidates who are in Congress, only Rep. Dennis Kucinich (D-Ohio) voted against the Patriot Act two years ago. Now all of them?spurred by angry would-be voters?have made bashing the law a regular campaign event. Meanwhile, three proposed bills would amend or repeal sections of the law. One, an amendment to a spending bill that would withhold funding for search warrants that are kept secret from the people they are targeting, easily passed the House (at press time, the measure was stalled in the Senate). And bipartisan legislation called the Benjamin Franklin True Patriot Act, sponsored by Kucinich and Rep. Ron Paul (R-Texas), would rescind several provisions of the original Patriot Act. In early October, a bipartisan group of senators led by Larry Craig (R-Idaho) introduced the Security and Freedom Ensured Act (Safe Act), which would limit the Patriot Act’s use of warrants, wiretaps and surveillance.

Much of the backlash is directed at Section 215, which allows the Department of Justice to obtain without a warrant personal and business information about such things as library books borrowed, purchases made with credit cards, medical records and school grades, and makes it illegal for anyone to disclose that they have been asked for information. During the summer, an internal Justice Department investigation concluded that DoJ employees had committed multiple civil rights violations while applying the Patriot Act.

CIOs Face Disclosure Pressures

In response to growing criticism, Attorney General John Ashcroft in September released a statement saying that Section 215 has never been invoked. But interviews with three corporate executives by CIO, none of whom would agree to be named, indicate that the law has created a climate for business in which protecting the privacy of customers who are not terrorist suspects is threatened. The executives say that in most cases investigators get what they want just by asking. And that’s bad for business. JetBlue customers filed two lawsuits over the airline’s decision to share 5 million passenger records with a government contractor for a research project, which is in violation of JetBlue’s privacy policy.

Despite the outcry, the Bush administration advocates for strengthening the Patriot Act. The Domestic Security Enhancement Act, also known as Patriot II, would eliminate the 2005 expiration date and broaden the definition of terrorism. This proposal was leaked early this year and touched off a storm of controversy, all but killing its chances. Ashcroft maintains, however, that the Patriot Act has prevented other terrorist attacks, and that the same investigative techniques included in the Patriot Act have been used for decades to combat illegal drug activity and other criminal behavior.

But Jonathan Zittrain, codirector of the Berkman Center, a technology policy think tank at Harvard Law School, says using the same techniques to investigate both terror and nonterror crimes would put even more pressure on companies to balance the privacy rights of their customers with their desire to cooperate with law enforcement. At minimum, CIOs would spend a lot more time meeting with their lawyers.

-Ben Worthen