[IP] Privacy-related comments on Hastert bill on intelligence reform
Begin forwarded message:
From: Peter Swire <peter@xxxxxxxxxxxxxx>
Date: September 27, 2004 9:42:19 AM EDT
To: "Dave@Farber. Net" <dave@xxxxxxxxxx>
Subject: Privacy-related comments on Hastert bill on intelligence reform
Dave:
Some congressional staffers asked me to analyze the bill that
Speaker Hastert introduced on Friday on how to do intelligence reform.
The bill is scheduled for markup this Wednesday in the House Judiciary
Committee. Perhaps the following comments can highlight some
particular problems with the current bill. (There are undoubtedly more
problems with the bill, but this is a start.)
Overall, the most glaring privacy problem with the bill is that it
does not create any mechanism government-wide to serve as a watchdog on
privacy and civil liberties. A huge theme of the bill is "information
sharing." But its approach is silo-by-silo, with a separate privacy
officer in various agencies and a "civil liberties protection officer"
for the National Intelligence Director. There is little reason to
think that this bill will allow any inter-agency, coordinated control
on privacy or civil liberties.
By contrast, the current Senate bill understands that there needs
to be a function within the Executive Office of the President that
coordinates privacy and information sharing across agencies. It
creates a Civil Liberties Board as specifically called for by the 9/11
Commission. Offering that provision as a substitute for Section 1022
would be a big improvement.
Perhaps the majority is trying to have the inter-agency management
of these issues be done through the civil liberties board created
recently by Executive Order by President Bush. My editorial at
http://www.americanprogress.org/site/pp.asp?
c=biJRJ8OVF&b=180251 explains why the Executive Order is so badly
flawed.
Here are some more specific comments:
Sec. 1022 on Civil Liberties Protection Officer. What is missing
here is what is included in the Collins-Lieberman draft, such as: an
annual report; stronger subpoena powers; power to get advisory
committees of experts on information privacy and civil liberties, and
so on. Include the Senate bill provision as a substitute, or add the
powers piece-by-piece.
Section 2001. Strike the "lone wolf" provision. FISA orders
outnumbered all law enforcement wiretap orders in 2003, for the first
time. A long-term wiretap is now allowed under FISA for any "agent of
a foreign power", which includes international terrorist groups.
Without the requirement of a link to a foreign power, there are grave
constitutional questions about whether this secret wiretap is allowed
under the Fourth Amendment. Furthermore, the "lone wolf" provision
opens the door wide to surveillance of citizens for
domestic surveillance and law enforcement purposes. Searches within
the U.S. should still presumptively be done in compliance with the
Fourth Amendment. My article on "The System of Foreign Intelligence
Law", with a detailed history of FISA and many reform proposals, is at
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=586616 . ; (That
article is too detailed for use at markup this week, but addresses many
issues relevant to updating of the Patriot Act.)
Section 2023. False Statements in Terrorism Cases. This provision
increases penalties for false statements in "terrorism" cases. The
problem here is that an ordinary identity theft case can become a
"terrorism" or "material assistance to terrorism" case if someone gets
false immigration papers and then there is a small link to alleged
terrorist funding sources such as a charity. There is no evidence that
the problem has been the lack of penalties for people properly
convicted of being involved in terrorism. The problem is that the
Justice Department has essentially found no cases that are really
terrorist cases. Strike the provision.
Section 2142. Criminal History Information Checks. This provision
lacks all of the checks and balances one would expect to see: (1) There
are no re-disclosure limits. That means the employer can place the
criminal history information up on the Internet after receiving the
record from the government. (2) There are no requirements that the
employer be in good faith when seeking the information from the
government. False requests for records would be ridiculously easy to
do. Fraudulent requests for records would also be easy. (3) There is
no required notice to or consent by the employee who applies that the
background check will be run, with notice of where to get access and
correction if there are mistakes about the employee's records.
In general, the Fair Credit Reporting Act has the provisions in
place to prevent abuse. The criminal history provision has not begun
to grapple with the basic due process for criminal records and
fingerprints that we of course require when people (including
employers) seek a credit history.
Section 2183. Registered Traveler Program. Prominent security
experts have made compelling arguments about how the registered
traveler program would actually decrease security. In short,
enrolling a member in the program would become the logical target for
every terrorist group. Once the group had a member in the group, there
would be a guaranteed easy route to getting on a plane with less
scrutiny. Instead of "expediting" the program, the program should
receive much more careful scrutiny.
Section 5091. Rulemakings require privacy impact assessments.
This is a promising provision. The scope of the PIAs should include:
"(v) an explanation of what legal and other mechanisms will assure
compliance with the privacy protections described in the assesment."
The current draft requires the PIA to set forth the protections for
notice, consent, access, etc., but does not contemplate any discussion
about how the supposed protections will actually be implemented over
time.
Section 5091. Disclosure of PIAs to the public. Currently the
bill allows a national security determination when a PIA cannot be made
public. That approach basically follows the E-Government Act of 2002
for not having some PIAs be made public for national security
purposes. The bill should also have the provisions of the E-Gov Act,
though, that requires the agency to send such PIAs in full to the
Office of Management and Budget. That way the agency still has some
accountability to persons outside of the agency, and Congressional
oversight is possible by asking OMB for information (available to
Congress in closed session) about the PIAs that are kept secret.
Section 5092. Chief Privacy Officers for Agencies with Law
Enforcement or Anti-Terrorism Functions. I support this provision --
having specific persons with responsibility to watch for information
privacy problems is essential to helping each agency think through the
issues before they implement systems. Once again, however, there is NO
inter-agency coordination or White House leadership. It is crazy in an
"information sharing" environment to have no policy process to handle
privacy issues that cross agency lines. There needs to be a position
in the Executive Office of the President (or at a minimum an
inter-agency council with some specified and competent leadership) to
handle the inter-agency issues.
Peter
Prof. Peter P. Swire
Moritz College of Law of the
Ohio State University
John Glenn Scholar in Public Policy Research
(240) 994-4142; www.peterswire.net
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/