10 Years of the Patriot Act & Internet Privacy: A Retrospective

10 Years of the Patriot Act & Internet Privacy: A Retrospective
Page content

What is the Patriot Act?

H.R. 3162 is probably one of the most despised pieces of legislation passed in the House of Representatives. This 342 page bill has impacted the privacy of American citizens. The bill’s official title is: “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism,” but we’ve come to know it as the Patriot Act. The purpose, as one can read from the title, is to help protect American citizens from the threat of terrorism. However, this bill has received much criticism - from many sides of the political spectrum. This is because the bill allows for less privacy for individual citizens. For instance, the bill contains wording allowing the government to perform enhanced surveillance procedures including the authority to “intercept wire, oral, and electronic communications relating to terrorism.“1

What’s interesting about the Patriot Act is that it doesn’t only justify surveillance in cases of terrorism. It also made talking about hacking into systems or committing fraud using a computer something government authorities have the right to intercept. Consider this scenario: Say you’ve become enraged about something your employer has done. You send an email threatening action - involving a computer - against that employer to a friend. It is VERY possible that this email may be intercepted - or is it?

Privacy and the Internet Prior to the Patriot Act

The usual story about privacy is that we have to balance the right to privacy against the right to protect individuals. With the Internet, there’s always been a concern about the safety of children that has created some controversy. The question of whether emails are truly private is another controversy that has been around before Patriot Act. The Internet has walked a fine tightrope between individual privacy and anonymity and the need to ensure the safety of those using the Internet. Advertisers, cookies and website registrations have often been a concern for Internet users wishing to remain anonymous.

Internet privacy prior to Patriot Act was covered by the Electronic Communications Privacy Act (ECPA, 1986). This was an amendment of a 1968 bill that covered wiretapping when it came to telephone usage. ECPA covered any communications across wire, occurring orally, or electronically - “while those communications are being made, are in transit, and when they are stored on computers.“2 This means that another individual cannot legally read your email, your Facebook messages or your instant messages. Naturally, there are exceptions to this rule in order to ensure the safety of users. Those exempted from the law are:

  • Federal, state and other governmental officials who are authorized to intercept such things
  • Operators and providers of Internet services - only for the purpose of maintaining and providing services

For the governmental officials to intercept emails during the time of ECPA, a certain procedure needed to be followed where evidence was presented to a judge showing probable cause and the need to follow and check up on that particular user. The judge would issue a warrant, if it was deemed necessary, and then interception could only occur for thirty days. Should any information be gathered about an individual through his or her communications without this procedure, it was illegal to admit it as evidence in a court case. ECPA also protected the privacy of subscribers to such services, and users were also protected against officials following the “tracks” of an individual online (where he or she would dial in, etc.) without the use of a warrant.

CALEA - The Intermediate Step Between ECPA and Patriot Act

Before the Patriot Act was signed into law, the Communications Assistance to Law Enforcement Act (CALEA, January 2001) was signed into effect. This law modified ECPA to make it easier for law enforcement agencies and government agencies to complete surveillance (authorized) when necessary. This meant that any provider of Internet services and equipment needed to ensure that their programs, applications and equipment would allow such agencies to carry out surveillance procedures on any individual if it was deemed necessary. This means that all of the providers of services must comply with the regulation to create a system whereby any individual on the Internet may be monitored. It also means that any new telecommunications provider would need to provide such a system.

For the individual, awareness of this hole in privacy may not have even been achieved at this point. After all, who would pay attention to regulations that were created for providers? This law paved the way for Patriot Act though. Had telecommunications providers and service providers not been required to comply with this law, the losses of privacy brought about by the introduction of Patriot Act - and the type of monitoring and interceptions allowed by Patriot Act - would not have been possible. CALEA paved the way for a radical loss of privacy on the Internet.

What Changed After the Patriot Act

Once CALEA was in place, requiring systems and equipment that allowed for easy surveillance and interception, the set up was ready for the Patriot Act. On September 11, 2001, tragedy struck in the United States. Two commercial airplanes crashed into the World Trade Center towers. Another was partially retaken by the passengers and crashed in a field, and a fourth crashed into the Pentagon. What unfolded afterwards changed our privacy rights forever. Regardless of how one feels about 9/11, it’s important to understand how privacy rights changed - especially how our Internet privacy changed.

Prior to the Patriot Act, one could reasonably assume that email was private. While this too was a largely unfounded notion (forwarding being one reason we cannot consider email to be private), this assumption changed. The federal government made the case that greater protections were necessary to ensure the safety of all citizens. This created quite a stir.

Now, in order to perform surveillance operations on a citizen traversing the World Wide Web, all the government needed to do to start monitoring and intercepting an individual’s email was show reason to believe that the person might be a suspected terrorist. In addition to watching U.S. Citizens, the government now had the right to monitor such communications by international citizens. This means that at any point in time, anyone residing in the world who the U.S. government has deemed to be a potential threat may have his or her email being monitored.

Also prior to the Patriot Act, there were some methods for protecting computers so that information could not be accessed. The act gives government officials the right to bypass any firewalls or passwords in order to obtain, monitor and intercept information. Subpoenas can be granted asking for such information and warrants can be granted from any judge - not just those who previously had the authority to grant such surveillance rights.

What Does the Future of Internet Privacy Look Like?

Ten years after the Patriot Act was passed, President Obama extended it for another four years. Various agencies continue to call for better methods of monitoring and intercepting information. One of the reasons for this does involve a legitimate concern for individual safety. Like it or not, some forfeiture of privacy and freedom is necessary to be kept safe from the vast array of Internet predators out there. That being said, monitoring the activities of individuals only because those individuals are suspected of crimes is highly questionable in terms of human rights.

Unfortunately, with the plethora of social networking websites, the ability for companies to “Google” their potential hires and current employees and base employment decisions on what they find, privacy is largely becoming an illusion. While in the early days of the Internet, one could choose any “handle” he or she liked for using the internet, now more personal identifying information is required. For example, Facebook requires everyone using the service use his or her own real name. Those who do not comply with this requirement are in violation with the TOS contract they sign upon registering for the service. That doesn’t mean people don’t work around it - but it does mean that those individuals are at risk for having accounts suspended.

It’s unlikely that privacy concerns are going to go away. In fact, the Internet is increasingly becoming less private. You may have noticed the disclaimers at the bottom of emails reminding you that your emails are not private and advising you not to share any personal information. If privacy is a concern for you, or if you’re worried about being monitored, perhaps the best course of action is to shy away from saying anything that could potentially be deemed incriminating. While Patriot Act is supposed to take the First Amendment into consideration, civil rights activists are concerned that this is not the case in practice.