Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and National Security After September 11 Professor Peter P. Swire Ohio State University FLICC 2002 Forum Library of Congress March 19, 2002.

Similar presentations

Presentation on theme: "Privacy and National Security After September 11 Professor Peter P. Swire Ohio State University FLICC 2002 Forum Library of Congress March 19, 2002."— Presentation transcript:

1 Privacy and National Security After September 11 Professor Peter P. Swire Ohio State University FLICC 2002 Forum Library of Congress March 19, 2002

2 Overview of the Talk n My background and Clinton Administration on privacy and security n Wiretaps and surveillance, before and after September 11 n Lessons going forward for privacy and security

3 I. My Background n Law professor since 1990 -- law of cyberspace, etc. n 1999 & 2000 -- Clinton Administration – Chief Counselor for Privacy n This year, visit at GW n The future -- OSU and summer DC program

4 Why the interest in privacy? n First wave of privacy activity – 1970, Fair Credit Reporting Act – 1974, Privacy Act (federal agencies) – Rise of the mainframes – Possibility of giant databases – Develop fair information practices of notice, choice, access, security, and accountability

5 Second wave of privacy activity n Modern laptop or desktop -- everyone can have a mainframe n Rise of the Internet n Transfers are free, instant, and global n How do we respond to more databases and more transfers?

6 Clinton Administration -- Privacy n Legal protections for sensitive data – Medical privacy proposed and final rule – Financial privacy law and rules – Childrens Online Privacy Protection Act n Self-regulation as path to progress – Internet privacy policies, rise from 14% to 88% n Government as a model – Website privacy policies – Cookies on website policy

7 II. Wiretaps and Surveillance n History of wiretaps n 2000 Administration proposal n 2001 Bush/Ashcroft proposal and the USA Patriot Act

8 Wiretap History n 1920s Olmstead – Wiretaps permitted by police without warrant where tap applied outside your home n 1960s Katz – Reasonable expectation of privacy, even in a phone booth n 1968 Title III – Strict rules for content, more than probable cause, as a last resort, reporting requirements

9 History (cont.) n 1970s Church Committee and FISA – Keep CIA out of domestic spying – Secret wiretaps in U.S., but only where primarily for foreign intelligence n 1984 ECPA – Some protections for e-mail – Some protections for to/from information; pen registers (who you call); trap and trace (who calls you)

10 2000 Administration Proposal n How to update wiretap and surveillance for the Internet age n Headed 15-agency White House working group n Legislation proposed June, 2000

11 2000 Administration Proposal n Update telephone era language n Upgrade email and web protections to same as telephone calls n Identify new obstacles to law enforcement from the new technology n Sense of responsibility -- assure privacy, give law enforcement tools it needs

12 2001 USA Patriot Act n Uniting and Strengthening America Act by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism n USA PATRIOT Act n Introduced less than a week after September 11

13 Nationwide trap and trace – Old days, serve order on ATT and it was effective nationwide – Today, e-mail may travel through a half-dozen providers, have needed that many court orders – New law -- one order effective nationwide – Query -- order from a judge in Idaho, served late at night, how do you challenge that?

14 Roving taps – Old days, order for each phone – What if suspect buys a dozen disposable cell phones? – But, how far can the order rove? Anyone in the public library? – Problem -- less of a suppression remedy for email and web use

15 Updating scope of data n Previously, pen/trap orders (to/from information) authorized to get telephone numbers n New law, any dialing, routing, addressing, or signaling information n Amendment -- not including content, but that was left undefined n Legally allows urls? Technically, can content be excluded?

16 Computer trespasser exception n Previous law: – ISP can monitor its own system – ISP can give evidence of yesterdays attack – ISP cannot invite law enforcement in to catch the burglars n Problem for: – DOD, other agencies, and many hack attacks – Small system owners who need help

17 Computer trespasser exception n Law enforcement can surf behind if: – Targets person who accesses a computer without authorization – System owner consents – Lawful investigation – Law enforcement reasonably believes that the information will be relevant – Interception does not acquire communications other than those transmitted to or from the trespasser

18 Computer trespasser n Issues of concern: – Never a hearing in Congress on it – No time limit – No reporting requirement – FBI can ask the ISP to invite it in, and then camp at ISP permanently – Limited suppression remedy if go outside permitted scope

19 Law Enforcement vs. Foreign Intelligence n From the 1970s -- separate law enforcement (domestic, rule of law) from foreign intelligence (foreign, laws of war) n Lawyers in DOJ policed transfers, pretty strict n FBI official this fall: all the walls are down now

20 Supporting this change n Terrorism is both domestic and foreign – World Trade Center shows a risk from keeping investigatory databases separate – As a legislator, would you want to insist on the separation and risk another catastrophe? n The Internet – E-mail and other communications are routinely across borders – Intelligence gathering should be shared

21 All the walls are down now n To law enforcement, get information from secret FISA wiretaps: – Rule was if purpose was foreign intelligence – Rule now if a significant purpose n To foreign intelligence, secret grand jury testimony can now go to CIA, etc., with no re-use limits in the law

22 Concerns with FBI/CIA changes n History from 1960s and 1970s of abuses n Risks insertion of foreign intelligence in domestic political groups n Already new proposals to have FBI surveil domestic groups n Possibility of large increase in secret wiretaps n Possibility of prosecutors using broad grand jury powers for non-criminal matters

23 Security and Privacy n After 9/11, greater focus on (cyber) security n Security vs. privacy n Security and privacy n Our homework

24 Greater Focus on Security n Less tolerance for hackers and other unauthorized use n Cyber-security and the need to protect critical infrastructures such as payments system, electricity grid, & telephone system n Greater tolerance for surveillance, which many people believe is justified by greater risks

25 Security vs. Privacy n Security sometimes means greater surveillance, information gathering, & information sharing n USA Patriot increases in surveillance powers n Computer trespasser exception

26 Security and Privacy n Good data handling practices become more important -- good security protects information against unauthorized use n Audit trails, accounting become more obviously desirable n Part of system upgrade for security will be system upgrade for other requirements, such as privacy (medical privacy)

27 Our Homework n USA Patriot has 4 year sunset on many of the surveillance provisions n An invitation to get engaged, to study the pros and cons of the new provisions n Hearings are needed on computer trespasser, foreign/domestic, etc. n What can be the new forms of accountability? How stop potential abuses?

28 In Conclusion n USA Patriot Act is a work in progress n Imagine an architecture that meets legitimate security needs and also respects privacy n Better data handling often results in both n But need accountability to ensure that the new powers are used wisely n Lets get to work on that.

29 Contact Information n Professor Peter P. Swire n phone: (301) 213-9587 n email: n web:

Download ppt "Privacy and National Security After September 11 Professor Peter P. Swire Ohio State University FLICC 2002 Forum Library of Congress March 19, 2002."

Similar presentations

Ads by Google