Tag: patrick leahy

A No-Brainer: Bad for Privacy and Liberty

CNET journalist Declan McCullagh has lit up the Internets today with his reporting on a revamped Senate online privacy bill that would give an alphabet soup of federal agencies unprecedented access to email and other online communications.

Leahy’s rewritten bill would allow more than 22 agencies – including the Securities and Exchange Commission and the Federal Communications Commission – to access Americans’ e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge.

This would be an astounding expansion of government authority to snoop. And it comes at a time when the public is getting wind through the Petraeus scandal of just how easy it already is to access our private communications.

Assuming McCullagh’s reading of the draft he obtained is remotely plausible, Senate Judiciary Committee Chairman Patrick Leahy (D-VT) should reconsider his current course–if he wants to maintain the mantle of a privacy leader, at least.

The Washington, D.C., meta-story is almost as interesting. Who is where on the bill? And when? The ACLU’s Christopher Calabrese told McCullagh last night, “We believe a warrant is the appropriate standard for any contents.” Freedom Works came out of the gate this morning with a petition asking for oppositions to Senator Leahy’s revised bill.

The Center for Democracy did not have a comment when McCullagh asked, though spokesman Brock Meeks suggests via Twitter today that McCullagh didn’t try hard enough to reach him. The reason that’s important? CDT has a history of equivocation and compromise in the face of privacy-invasive legislation and policies. At this point, the group has said via Twitter that they “wouldn’t support the rewrite described in CNET.” That’s good news, and it’s consistent with people’s expectations for CDT both on the outside and within.

There will undoubtedly be more to this story. Emails should not only be statutorily protected, but Fourth Amendment protected, based on the framework for communications privacy I laid out for the Supreme Court in Cato’s Florida v. Jardines brief.

Sorrell vs. IMS Health: Not a Privacy Case

The Supreme Court’s decision in Sorrell vs. IMS Health is being touted in many quarters as a privacy case, and a concerning one at that. Example: Senator Patrick Leahy (D-VT) released a statement saying “the Supreme Court has overturned a sensible Vermont law that sought to protect the privacy of the doctor-patient relationship.” That’s a stretch.

The Vermont law at issue restricted the sale, disclosure, and use of pharmacy records that revealed the prescribing practices of doctors if that information was to be used in marketing by pharmaceutical manufacturers. Under the law, prescription drug salespeople—“detailers” in industry parlance—could not access information about doctors’ prescribing to use in focusing their efforts. As the Court noted, the statute barred few other uses of this information.

It is a stretch to suggest that this is a privacy law, given the sharply limited scope of its “protections.” Rather, the law was intended to advance the state’s preferences in the area of drug prescribing, which skew toward generic drugs rather than name brands. The Court quoted the Vermont legislature itself, finding that the purpose of the law was to thwart “detailers, in particular those who promote brand-name drugs, convey[ing] messages that ‘are often in conflict with the goals of the state.’” Accordingly, the Court addressed the law as a content- and viewpoint-oriented regulation of speech which could not survive First Amendment scrutiny (something Cato and the Pacific Legal Foundation argued for in their joint brief.)

What about patients’ sensitive records? Again, the case was about data reflecting doctors’ prescribing practices, which could include as little as how many times per year they prescribe given drugs. (They probably include more detail than that.) The risk to patients is based on the idea that patients’ prescriptions might be gleaned through sufficient data-mining of doctors prescribing records (no doubt with other records appended). That’s a genuine problem, if largely theoretical given the availability and use of data today. Vermont is certainly free to address that problem head on in a law meant to actually protect patients’ privacy—against the state itself, for example. Better still, Vermonters and people across the country could rely on the better sources of rules in this new and challenging area: market pressure (to the extent possible in the health care area) and the (non-prescriptive, more adaptive) common law.

Whatever the way forward, Sorrell vs. IMS Health is not the privacy case some are making it out to be, it’s not the outrage some are making it out to be, and it’s not the last word on data use in our society.

Good News and Bad on PATRIOT Reform

Late last week, Attorney General Eric Holder sent a letter to Senate Judiciary Committee Chair Patrick Leahy (D-VT) in which he agreed to implement an array of policies designed to check abuse of USA PATRIOT Act powers. These include more thorough record keeping and more disclosures to Congress, prompt notification of telecommunications companies when gag orders have expired, and updated retention and dissemination procedures to govern the vast quantities of information obtained using National Security Letters.

In itself, this is all to the good. But civil libertarians should pause before popping the champagne corks. Last year, the fight over the reauthorization of several expiring PATRIOT provisions opened the door to the comprehensive reform that sweeping legislation sorely needs to better balance the legitimate needs of intelligence and law enforcement against the privacy and freedom of Americans. Despite serious abuses of PATRIOT powers uncovered by the Justice Department’s Office of the Inspector General, no such major changes were made. Instead, Congress opted for a shorter-term renewal that will require another reauthorization this February—in theory allowing for the question of broader reform to be revisited in the coming months.

Many of the milder reforms proposed during the last reauthorization debate now appear to have been voluntarily adopted by Holder. Unfortunately, this may make it politically easier for legislators to push ahead with a straight reauthorization that avoids locking in those reforms via binding statutory language—and entirely bypasses the vital discussion we should be having about a more comprehensive overhaul. If that happens, it will serve to confirm the thesis of Chris Mooney’s 2004 piece in Legal Affairs, which persuasively argued that “sunset” provisions, far from serving as an effective check on expansion of government power, often make radical “temporary” measures more politically palatable, only to create a kind of policy inertia that makes it highly unlikely those measures will ever be allowed to expire.

With the loss of Sen. Russ Feingold (D-WI), who whatever his other faults has been the Senate’s most vocal opponent of our metastasizing surveillance state, the prospects for placing more than cosmetic limits on the sweeping powers granted since 2001 appear to have dimmed. If there’s any cause for optimism, it’s that the recent fuss over intrusive TSA screening procedures appear to have reminded some conservatives that they used to believe in limits on government power even when that power was deployed in the name of fighting terrorism.

A Response to Intel Abuses at Last?

As I explain in yesterday’s BloggingHeads dialogue with Eli Lake, I’m chary of relying too much on legislative “sunset” provisions to check abuse of power, especially in the shadowy world of intelligence. (For the fleshed-out version of the argument, see Chris Mooney’s 2004 piece in Legal Affairs.) After all, in January, the Office of the Inspector General had released an absolutely damning report showing that for years, FBI agents systematically manipulated their incredibly broad National Security Letter authorities to get information about Americans telephone usage without following any legitimate legal process at all. To cover those abuses, officials compounded their crimes by lying to federal courts and refusing to use an auditable computer system for their information requests.  The report was released amid debate over what reforms should be included in the reauthorization of several controversial Patriot Act provisions, with proposed changes to the NSL statutes front and center—not least because several courts had found constitutional problems with the gag orders accompanying NSLs. Yet just a month later, Congress consented to an extension of those Patriot provisions without implementing any of the various rather mild changes that had won approval in the House or Senate Judiciary Committees. If a sunset-inspired review didn’t yield any real consequences then, I thought, what would it take?

Today, however, I see a there are glimmers of interest in something more closely resembling serious oversight. In a letter to Attorney General Eric Holder, sent last month but released yesterday, Senate Judiciary Committee Chair Patrick Leahy (D-VT) urges DOJ to implement many of the reforms in the SJC’s bill voluntarily—above all procedures to guarantee a detailed record of the grounds on which various types of information sought, and to govern the retention, use, and distribution of information obtained. Leahy also signals his intent to ask department watchdogs to conduct audits of the use of Patriot authorities, as the Senate’s bill had stipulated. These are all, needless to say, good ideas—provided we don’t accept voluntary and mutable internal guidelines as a substitute for statutory limits with teeth.

Meanwhile, Rep. Jerry Nadler (D-NY) is holding Wednesday morning hearings on the abuses detailed in the Inspector General’s report. FBI General Counsel Valerie Caproni and IG Glenn Fine are slated to testify. (There are links to their prepared testimony already, though the documents themselves aren’t there yet as I write.) Extrapolating from past performances, I predict Caproni will allow that the abuses described were Very Serious Indeed (though, really, perhaps not quite as serious as all that…) but all cleaned up now. Nobody should be satisfied with this, and if Fine doesn’t broach the subject himself, somebody really ought to ask Caproni about some minimization procedures for the 25,000–50,000 National Security Letters the department issues annually. As Fine noted in recent testimony, the Bureau has been promising this for years now:

In August 2007, the NSL Working Group sent the Attorney General its report and proposed minimization procedures. However, we had several concerns with the findings and recommendations of the Working Group’s report, which we discussed in our March 2008 NSL report. In particular, we disagreed with the Working Group about the sufficiency of existing privacy safeguards and measures for minimizing the retention of NSL-derived information. We disagreed because the controls the Working Group cited as providing safeguards predated our NSL reviews, yet we found serious abuses of the NSL authorities.

As a result, the Acting Privacy Officer decided to reconsider the recommendations and withdrew them. The Working Group has subsequently developed new recommendations for NSL minimization procedures, which are still being considered within the Department and have not yet been issued. We believe that the Department should promptly consider the Working Group’s proposal and issue final minimization procedures for NSLs that address the collection of information through NSLs, how the FBI can upload NSL information in FBI databases, the dissemination of NSL information, the appropriate tagging and tracking of NSL derived information in FBI databases and files, and the time period for retention of NSL obtained information. At this point, more than 2 years have elapsed since after our first report was issued, and final guidance is needed and overdue.

Way, way overdue—much like some kind of serious congressional response to the Bureau’s NSL Calvinball.

The Least Obama Could Do for Civil Liberties

Sen. Patrick Leahy (D-VT) has just fired off a letter to Barack Obama urging him to finally appoint some members to the long-vacant Privacy and Civil Liberties Oversight Board, echoing a similar recent request from a coalition of civil liberties groups.

I don’t think anyone should make excuses for Obama’s appalling about-face on Patriot Act reform, but at least in that case there’s a real, difficult, and complex policy debate that needs to play out in a preoccupied Congress for anything to happen. But there is no reason whatever that seats on this board should sit vacant a year into this presidency. Congress agreed to create the independent board—after a predecessor within the White House was deemed to lack sufficient independence—back in 2007. There’s agreement that the board is needed; the president just needs to pick people to sit on it. Yet there are precious few signs he’s even conducting a serious search. After a long series of decisions that have appalled civil libertarians, staffing the watchdog group Congress created three years ago is, quite literally, the absolute least Obama could do to begin living up to his campaign rhetoric.