Technology

Lawyer: Business As Usual Under Surveillance Law


MOUNTAIN VIEW, Calif.--While privacy advocates grimace over the recent

passage of the USA Patriot Act, the controversial new surveillance law

changes little for Internet service providers and telecommunications

companies, an attorney and former NSA official said Tuesday.

"It seems to me that despite a remarkable amount of discussion about how

important this bill is, it's been over-hyped in people's minds as to what

it actually does," said Stewart Baker, a partner at the D.C.-based law

firm Steptoe and Johnson, speaking on a panel at Microsoft's Trusted

Computing Forum.

One of the new law's most controversial provisions allows law enforcement

agents to secretly monitor Internet user's email 'From' and 'To' lines

without a wiretap warrant, simply by certifying that the information would

be useful to a criminal investigation.

But don't look for a dramatic increase in deployment of the FBI's

"Carnivore" Internet surveillance tool, Baker said, because the Bureau was

performing such surveillance years before the bill passed, without

Congress' explicit approval.

"For the most part, law enforcement was already doing that, and businesses

weren't challenging it, or had lost those challenges," said Baker.

Other provisions in USA Patriot, which passed late last month over

objections from privacy and civil liberties groups, might help businesses

combat computer crime, by clarifying what they're able to share with law

enforcement, said Baker.

"If you have a computer hacker in your system, it used to be problematic

as to whether you could bring in the government to watch over your

shoulder while they hack your system," said Baker. USA Patriot explicitly

allows ISPs, universities and network administrators to consent to

government monitoring of computer trespassers.

But that silver lining for business was little consolation to the privacy

advocates on the panel.

Alan Davidson from the Center for Democracy and Technology accused

Congress of "gutting privacy protections" for Internet users, and tearing

down the wall between law enforcement investigations and intelligence

gathering. "Taken together, they are going to provide for far more

surveillance on many more Americans than we've seen in the past," said

Davidson.

LIABILITY RISK. Baker said one provision of the new law may open up Internet service providers and telecommunications companies to lawsuits, if they provide information to law enforcement too freely.

At issue is the "roving wiretap" provision of USA Patriot, which lets the

FBI obtain court orders that apply to any telephone or Internet connection

used by a suspect, regardless of who owns it.

The risk to a telecommunications provider, says Baker, is that law

enforcement agents could show up with a warrant that names one person,

while seeking surveillance assistance against another. Law enforcement

could claim that they're entitled to monitor the innocent customer's

account because the suspect named in the warrant is borrowing it. But if

the provider doesn't document that assertion, the customer might sue them

later.

"From a business point of view it's going to be essential that businesses

insist on a paper trail from government," said Baker.

No stranger to electronic surveillance issues, Baker served as general

counsel of the super-secret National Security Agency (NSA) in the early

nineties, acting as the agency's public face in its efforts to block

widespread adoption of unbreakable cryptography.

Today, Baker represents phone companies working to comply with a federal

law that mandates their networks be wiretap friendly. Sounding much like a

privacy advocate himself, Baker complained about the legal structure

surrounding law enforcement surveillance in the U.S., which includes no

requirement that innocent targets of government surveillance be notified

that they were ever watched.

"The only people who find out they've been a victim of questionable search

are people we indict, and that's nutty," said Baker. With the war on

terrorism underway, "there are a lot of innocent people who are going to

have their information gathered. They should be given notice," Baker said.

Microsoft's Trusted Computing Forum 2001 gathered 150 representatives from

government, business, academic and advocacy groups to discuss security and

privacy matters. The forum continues through Thursday. By Kevin Poulsen


China's Killer Profits
LIMITED-TIME OFFER SUBSCRIBE NOW

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus