Ain't Seen Nothin' Yet: Patriot II on the Way
by Miriam Drake Professor Emerita Library,
Georgia Institute of Technology
This is the second of two articles dealing with the
information policies of the Bush administration. The first article, "Government
Doublethink: Protection or Suppression in Information" [Searcher, May
2003, pp. 26-32], discussed
the government's activities in withdrawing information from Web sites, restricting
publication of sensitive scientific information for national security reasons,
and removing health information from Web sites for political reasons. This article
focuses on the government's data mining, information gathering, database building
programs, and Radio Frequency Identification Chips.
Key pieces of legislation have emerged recently: the
USA Patriot Act, the Homeland Security Act, the Privacy
Act of 2003, and the yet to be introduced Patriot II.
These laws are dramatically changing the way the government
gathers and uses information and some view them as representing
threats to the privacy and freedom of individuals. These
laws authorize viewing library records, bookstore transactions,
computer logs, and other records and transactions. The
laws also authorize the Defense Advanced Research Projects
Agency (DARPA) and the Transportation Security Agency
(TSA) to gather personal information about U.S. citizens.
The purpose of these data-mining and information-gathering
activities is to identify potential terrorists and track
their movements, bank accounts, credit card purchases,
medical records, travel purchases, and other items. However,
the privacy of many innocent people and the freedom to
live their lives may be at stake. The potential for abuse
of these systems is enormous. In some instances, the
temptation to misuse information easily could create
an environment of threats and intimidation.
USA Patriot Act
Passed 6 weeks after September 11, 2001, the first
major legislation was entitled the Uniting and Strengthening
America by Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism Act (Patriot Act). The Act had
1 day of hearings in the Congress. Most members of Congress
and their staff people had little or no time to read
and review the Act before passage, much less to offer
extensive public comment. Members of Congress, in their
desire to control terrorism, passed the Act with little
consideration of possible consequences.
The Act grants broader authority to the FBI and other
law enforcement agencies to conduct searches of business
records and premises, library records, and computer usage
logs. The authority to wiretap was expanded to permit "roving" wiretaps
that include wired telephones, cell phones, and computers.
The Patriot Act does not require evidence or suspicion
of terrorism or connections to foreign powers for initiation
of surveillance or data gathering. The FBI can go on "fishing" expeditions
with no specific reason or suspect in mind. Under the
Foreign Intelligence Surveillance Act (FISA), the FBI
or other law enforcement agencies can request search
warrants from a secret court authorized by revisions
All business records are subject to search under the
Patriot Act. These records include but are not limited
to computer usage, book purchases, library loans, banking
and brokerage transactions, credit card transactions,
and travel. The Act imposes a "gag" order on persons
who have been asked to make records available. Under
the law, people who supply records may tell no one.
The ethics of library and information professions require
treating customer transactions of all types as confidential
and privileged information. Most states have laws that
require protecting the privacy of library users. The
federal law overrides state laws, resulting in potential
loss of privacy for millions of library and computer
users. Some librarians are facing a difficulty question should
they inform their users that their records may be subject
to search? The provisions of the Patriot Act have not
been tested in the courts.
At a conference held in December 2002 [http://www.arl.org.patriot],
Gary Strong, director of the Queen's Borough Public Library,
emphasized the importance of having policies and procedures
in place that deal with user records. Librarians need
to put these policies in place before law enforcement
officials ask to see records of loans, computer use,
or other transactions. Strong also emphasized the need
to train staff to contact upper management and/or get
in touch with legal counsel if asked for records.
Mary Minow, librarian and legal consultant, suggested
that librarians audit records policies to ensure the
protection of customer privacy. Records to be audited
include but are not limited to circulation, billing,
document delivery, computer usage, profiles, cookies,
and system logs1. The library
and information technology staffs need to collaborate
to ensure that tapes, disks, and other storage media
are scrubbed on schedule, so that any information connecting
loans or computer use is separated from the identity
The infringement of individual rights and the mandate
to make records of people's reading available to the
FBI and other authorities is receiving some congressional
attention. Representative Bernard Sanders and 23 other
members of the House introduced HR 1157 on March 6, 2003.
This Act, The Freedom to Read Protection Act of 2003,
would exempt libraries and bookstores from the provisions
of section 215 of the Patriot Act. Section 215 requires
libraries and booksellers to make customer records available
to law enforcement authorities for foreign intelligence
investigation. The Sanders Act creates exemptions for
records related to borrowing, purchase, and rental of
printed and digital materials as well as computer and
Internet usage. Congressman Sanders said, "The right
to read without fear of government surveillance is a
cornerstone of our democracy. Freedom of the press means
nothing without a correlative freedom to read." 2
Some sections of the Patriot Act will expire in 2005.
It is likely that the sections dealing with broad search
and seizure will become permanent. The Domestic Security
Enhancement Act (DSEA), leaked in February 2003, contains
provisions to make permanent extended searches and information
gathering about individuals [http://www.dailyrotten.com.source-docs/patriot2draft.html].
The DSEA, also known as Patriot II, has not been introduced
as of this writing. Former Congressman Dick Armey observed, "There's
nothing more creative than a government person wanting
more power." He added, "Too many people in America are
buying into it."3
A draft copy of the DSEA was obtained by the Center
for Public Integrity and is available through the Electronic
Privacy Information Center [http://www.epic.org/privacy/terrorism/patriot2.htm].
The American Civil Liberties Union (ACLU) summarized
the key provisions [http://www.arl.org/info/frn/other
ATL.htm]. These provisions include the "dismantling
of court review of surveillance" by removing limits on
spying and allowing the government to secretly obtain
a variety of records and data about individuals. The
DSEA would allow wiretaps for up to 15 days without a
court order. In short, the Act permits a variety of spying
activities on individuals without permission or oversight
by the courts.
The ACLU continues, "While granting new powers to federal
agents, the draft bill systematically attacks precisely
these basic checks and balances on government power,
thus making it harder for professional law enforcement
agents to resist pressure by political leaders to implement
highly visible policies that violate civil liberties." The
secrecy, coupled with lack of court review over surveillance
activities, creates an environment for abuse and intimidation
The proposed new powers are aimed at innocent citizens
as well as criminals and foreign terrorists. Protestors,
library users, book buyers, members of religious communities,
and people whose views differ from those of the administration
in power may come under surveillance. It is not clear
how effective the proposed secrecy and new measures will
be in finding and apprehending terrorists.
Barbara Comstock, director of public affairs at the
Department of Justice, issued a press release
that cabinet departments involved in homeland security
continue to consider anti-terrorism measures. She said, "Department
staff have not presented any final proposals to either
the Attorney General or the White House."
Patriot II would allow secret arrest and detention
of anyone suspected of terrorist activity. Federal agents
would be protected from prosecution for illegal surveillance
activities. It would permit the government to strip U.S.
citizens of their citizenship if they support a group
that the government labels as terrorist.
Many people remember the frightening events of the
McCarthy era in the 1950s. Innocent people were accused
of belonging to or supporting organizations believed
to have Communist connections. Citizens were forced to
sign loyalty oaths in order to be employed. They were
forced to swear that they did not belong to any organization
listed by the government as dangerous. Senator McCarthy
and his followers did not have the electronic tools that
enable spying and violating privacy, but they still managed
to ruin many lives and reputations.
Section 202 would restrict access to information collected
by the Environmental Protection Agency (EPA) in the "worst
cases" involving hazardous or flammable chemicals. Communities
in danger from these facilities would not be able to
access information to save themselves [http://www.ombwatch.org/article/articlepr...
Anita Ramasastry, associate director of the Center
for Law, Commerce, & Technology, and an assistant
professor of law at the University of Washington School
of Law in Seattle, said of the ACT, "It is a wholesale
assault on privacy, free speech, and freedom of information." She
concluded, "In sum, Patriot II puts in jeopardy the First
Amendment right to speak freely, statutory and common
law rights to privacy, the right to go to court to challenge
government illegality, and the Fourth Amendment right
again unreasonable searches and seizures" [http://www.findlaw.com/ramasastry/20030217.html].
On March 3, 2002, the major library associations joined
more than 60 other associations in a letter to the members
of Congress urging them to oppose the DSEA [http://www.arl.org/info/frn/other/atl.html].
The associations pointed out that many of the provisions
of the proposed legislation are not directly related
to foreign terrorism. These provisions "would severely
dilute, if not undermine, many basic constitutional rights,
as well as disturb our unique system of checks and balances."
Total Information Awareness
The provisions of the Patriot Act, the proposed DSEA,
and Homeland Security Act (HR 5710) create a threatening
environment for citizens and preservation of rights contained
in our constitution. One of the most chilling activities
enabled by these acts is the Total Information Awareness
System (TIA). DARPA has responsibility for the implementation
of TIA. John Poindexter, formerly convicted of lying
to Congress, destroying documents, and other crimes associated
with the Iran-Contra scandal, heads the project. Mr.
Poindexter's conviction was overturned as violating an
immunity connected with his testifying before Congress.
The TIA uses data mining and other techniques to search
all types of databases to determine an individual's financial
transactions, telephone calls, credit and debit card
purchases, travel, TV viewing, health history, driving
record, etc. The data may constitute a virtual central
file that can be used to delve into the life of anyone.
These data can be combined with biometric information,
video surveillance data, and Radio Frequency Identification
Chips to compile a history of a person's life and movements.
Individuals, in exchange for a credit card, bank loan,
medical treatment, travel, and other transactions, voluntarily
supply much of the information in these databases. Corporations
collect huge amounts of information on their customers
and sell it to other companies and organizations. The
databases are readily available to the government. While "opt
out" procedures may stop the sale of some information,
they may not suffice to protect people from government
spying. The TIA program would become permanent under
These activities and others associated with recent
legislation appear to violate the Fourth amendment to
the U.S. Constitution:
The right of the people to be secure in their persons,
houses, papers, and effects against unreasonable searches
and seizures, shall not be violated, and no warrants
shall issue, but upon probable cause, supported by oath
or affirmation and particularly describing the place
to be searched and the persons or things to be seized.
In 1791, our founders could not have anticipated powerful
technologies that facilitate data gathering about individuals.
Personal information was recorded on paper. How many
of our constitutional rights will we be asked to sacrifice
for the cause of national security? When do the government's
interests outweigh the interests and rights of individuals?
What circumstances need to exist for the government to
be able to search and spy with no probable cause? Are
digital records covered by "papers and effects" in the
Fourth Amendment? These questions will continue to vex
In defending the TIA project, Poindexter stated that
the most serious threat facing the nation is terrorism
and that terrorists are difficult to identify4. "I
think the solution is largely associated with information
technology. We must become much more efficient and more
clever in the ways we find new sources of data, mine
information from the new and old, generate information,
make it available for analysis, convert it to knowledge
and create actionable objects." He added, " The Information
Awareness Office is about creating technologies that
would permit us to have both security and privacy."
Mr. Poindexter did not explain how we can have both
security and privacy protection. His remarks raise many
questions. Who will have access to the data collected
by the Office? How will the data be used? To whom will
the data be communicated? How can abuse be prevented?
How will the Supreme Court rule on the constitutionality
of this program?
Radio Frequency Identification Chip
The Radio Frequency Identification Chip (RFID) is one
of the new technologies. Chips can be imbedded in a variety
of products to identify and track physical objects, such
as currency, bearer bonds, appliances, food cans, automobiles,
etc. RFIDs also can be imbedded in drivers' licenses
and medical information smart cards and bracelets. RFID
chips are smaller than a hair and a grain of sand. These
chips listen for a query and respond by transmitting
a unique code [http://zdnet.com.com2102-1107-980345.html].
Once imbedded, these chips can track any movement of
RFID chips help track shipments, identify shipping
containers, and track items through a supply chain, facilitating
more efficient inventory control for manufacturers, retailers,
and others. The chips function as an electronic product
code used in a variety of ways by business. At the same
time, their tracking abilities can be used to violate
the privacy and freedom of individuals.
Biometrics, the measurement and analysis of distinctive
features that identify an individual, is another tool
being developed and used to identify and track people's
movements and transactions. These metrics include fingerprints,
palm prints, iris and retina scans, and facial geometry.
Palm prints were used during the 1996 Olympics to control
entry into secure areas. Airports are talking about using
facial geometry to identify potential terrorists. As
people pass through security checkpoints, their iris
or retinal scans or face prints are compared with items
in a terrorist database.
Biometrics is not new. Attempts to use human physical
characteristics for identification have been around for
centuries. Fingerprints have been used since the 1850s
for identification [http://onin.com/fp/fphistory.html].
Technology and the ability to process large amounts of
information quickly have facilitated the use of biometrics
to identify individuals to control access to buildings
Transportation Security Agency
On March 1, 2003, the Transportation Security Agency
(TSA) awarded a contract to Lockheed Martin to find out
information about the credit card transactions, travel
history, and other data of airline passengers and link
this information with a terrorist watch list5.
The program, Computer Assisted Passenger Prescreening
System (CAPPS II), would require prescreening of all
passengers when they make reservations. Delta Airlines
will test the system at three locations. It will assign
a risk rating before passengers arrive at the airport.
Green level passengers would be cleared and may travel.
Red level people would be stopped and possibly prohibited
from travel. The status of yellow level passengers is
Undersecretary of Transportation James M. Loy stated
that CAPPS II would protect privacy [http://www.wired.com/news/print/0,1294,57909,00.html]. "CAPPS
II is being designed to serve our national security without
sacrificing individual privacy. Concerns about privacy
are understandable. As we address such concerns, we believe
that the public will come to have a higher comfort level
in air travel." While Loy believes that privacy can be
protected, others are calling for a boycott of Delta
Airlines. Loy did not reveal how privacy would be protected
when data about airline passengers would become available
to Lockheed Martin, Delta Airlines, and others.
Airlines now sell information about their frequent
flyers and earn substantial revenue from these sales.
What safeguards are in place to protect Delta passengers?
With the airline industry billions of dollars in the
red, the temptation to sell personal information to increase
revenue is significant. Queries to credit records lower
credit scores. For leisure travelers who take one or
two trips per year, the effect may be insignificant.
For frequent flyers who make 30-50 trips per year, results
could be very damaging.
Privacy Act of 2003
On March 21, 2003, Senator Dianne Feinstein introduced
the Privacy Act of 2003 (S745) to establish standards
on the use of Social Security numbers, driver's license
records, and other personal information to prevent identity
theft. The bill directs the Attorney General to prepare
a report on all authorized uses of Social Security numbers
under federal law and to formulate regulations on the
legitimate uses of Social Security numbers. The bill
requires individual consent prior to the sale or marketing
of personally identifiable information; however, there
are many exceptions in the bill. In some cases, an individual
must "opt-out" while other situations require "opt-in." The
opt-out" provisions now apply to banks and financial
institutions (15 U.S. C. 6801 et. seq.). The exceptions
include national security, public safety, public health,
credit checks, and other commercial activities.
The bill states, "A commercial entity may not require
an individual to provide the individual's Social Security
number when purchasing a commercial good or service or
deny an individual the good or service for refusing to
provide that number except . . . [for] a background check
of the individual conducted by a landlord, lessor, employers,
voluntary service agency, or other entity as determined
by the attorney general." While employers, landlords,
and others may not sell the information, there is great
opportunity for abuse. While the intent of the bill is
worthy, its implementation is not likely to achieve the
objective of privacy protection.
Building dossiers and spying on individuals is not
consistent with the freedom to work, learn, worship,
travel, read, and think guaranteed by the Constitution.
Existing and proposed legislation threaten people, their
civil rights, and the freedoms that strengthen our nation.
Information professionals whose mission is to provide
information when needed are in a particularly difficult
position. They now cannot always obtain information from
the government. They may be forced to open customer/client
transaction records to law enforcement authorities. The
trust that exists between librarians, users, and others
involved in the information chain may be shattered.
Librarians are fiercely loyal to clients and users
and protection of their privacy. Many librarians are
shredding paper records and scrubbing electronic records.
Professional associations are continuing to monitor legislation
and protest restrictions on citizen freedom.
There's an old legal adage, "Hard cases make bad law." Apparently,
hard times do, too.
1 Minow, Mary, "The
USA Patriot Act," Library Journal, vol.
33, October 1, 2002.
Bernie, "On My Mind: The Patriot Act's Threat
to Libraries," Library Journal, vol. 34,
3 Armey, Dick,
IDG News Service, March 14, 2003.
John, "Information: A Tool to Combat Terrorism," Atlanta
Journal and Constitution. November 19, 2002.
Mary Lou, "Airport Background Checks Get Flight
Tested," Atlanta Journal and Constitution,
March 1, 2003.