Online civil liberties groups were thrilled in May when Sen. Patrick Leahy (D-Vermont), the head of the powerful Judiciary Committee, announced legislation requiring the government, for the first time, to get a probable-cause warrant to obtain Americans’ e-mail and other content stored in the cloud.
But, despite the backing of a coalition of powerful tech companies, the bill to amend the Electronic Communications Privacy Act was dead on arrival, never even getting a hearing before the committee Leahy heads.
In contrast, another proposal sailed through Leahy’s committee, less than two weeks after Leahy and others floated it at about the same time as his ECPA reform measure. That bill, known as the Protect IP Act, was anti-piracy legislation long sought by Hollywood that dramatically increased the government’s legal power to disrupt and shutter websites “dedicated to infringing activities.”
This dichotomy played itself out over and again in 2011, as lawmakers — Democrats and Republicans alike — turned a blind eye to important civil liberties issues, including Patriot Act reform, and instead paid heed to the content industry’s desires to stop piracy.
“Any civil liberties agenda was a complete non-starter with Congress and the Obama administration,” said Cindy Cohn, the Electronic Frontier Foundation’s legal director. “They had no interest in finding any balance in civil liberties.”
It wasn’t just on the federal level, either.
In California, for example, Gov. Jerry Brown vetoed legislation that would have demanded the police obtain a court warrant before searching the mobile phone of anybody arrested. But Brown, a Democrat, signed legislation authorizing the authorities to search, without a warrant, CD-stamping plants that dot Southern California’s landscape.
Underscoring that civil liberties would take a back seat in 2011 was the debate, or lack thereof, concerning the Patriot Act. The House and Senate punted in May on revising the controversial spy act adopted in the wake of 9/11. Congress extended three expiring Patriot Act spy provisions for four years, without any debate.
The three provisions extended included:
• The “roving wiretap” provision allows the FBI to obtain wiretaps from a secret intelligence court, known as the FISA court (under the Foreign Intelligence Surveillance Act), without identifying the target or what method of communication is to be tapped.
• The “lone wolf” measure allows FISA court warrants for the electronic monitoring of a person for any reason — even without showing that the suspect is an agent of a foreign power or a terrorist. The government has said it has never invoked that provision, but the Obama administration said it wanted to retain the authority to do so.
• The “business records” provision allows FISA court warrants for any type of record, from banking to library to medical, without the government having to declare that the information sought is connected to a terrorism or espionage investigation.
While the Obama administration was lobbying against tinkering with the Patriot Act, and telling the courts that Americans have no privacy in their public movements, the White House was quietly working with the recording and motion picture industries to help broker a deal by which internet companies would block internet access to repeat online infringers.
E-mails obtained via the Freedom of Information Act showed just how cozy the administration was with the content industry: The nation’s copyright czar, Victoria Espinel, used her personal e-mail account with industry officials to help mediate the plan.
The administration said in a statement to Wired that Espinel was undertaking “precisely the work outlined in the administration’s 2010 Joint Strategic Plan on Intellectual Property Enforcement.”
By the same token, the Privacy and Civil Liberties Oversight Board remained dormant again for another year. It was chartered by statute in 2004 and given more power in 2007 to “analyze and review actions the executive branch takes to protect the nation from terrorism, ensuring that the need for such actions is balanced with the need to protect privacy and civil liberties” and to “ensure that liberty concerns are appropriately considered in the development and implementation of laws, regulations, and policies related to efforts to protect the nation against terrorism.”
The board has remained without members since January 2008, a year before Obama’s inauguration. Its website at privacyboard.gov doesn’t resolve.
Two weeks ago, President Barack Obama finally filled out the five-member board, but his nominees still have to be confirmed by the Senate.
Had the board been active, it would have had plenty to say on the “development and implementation of laws.”
“Had the board been functional, it might have been a valuable participant in current deliberations over military detention authority, for example,” said Steven Aftergood, who directs the Federation of American Scientists Project on Government Secrecy. “It might also have conducted investigative oversight into any number of other counterterrorism policies, as mandated by law.”
All the while, Espinel and the Immigration and Customs Enforcement office spent the year seizing online domains of websites allegedly hawking counterfeit and copyright goods. All told, the government has seized more than 350 domains taken as part of a forfeiture program known as “Operation in Our Sites” that began a little more than a year ago. The authorities were using the same asset-forfeiture laws used to seize cars and houses belonging to suspected drug dealers.
A hip-hop music site’s domain name was seized for a year and given back three weeks ago, without ever affording the site’s New York owner a chance to challenge the taking. The legal case surrounding the takedown, which centered on MP3s posted by the site, is sealed from public view at the request of ICE. The site’s lawyer says the MP3s listed in the seizure order had been sent to the site by the labels themselves, seeking publicity.
That prompted Sen. Ron Wyden (D-Oregon) to demand that the Justice Department divulge how many other domains are caught in a legal black hole.
Lawmakers’ drive to bolster intellectual property rights of some of the country’s biggest political donors began in earnest in May when Leahy introduced the Protect IP Act, and two weeks later it sailed through his Judiciary Committee.
The Stop Online Piracy Act, or SOPA, is nearly an exact copy and is now being debated in the House Judiciary Committee.
Both are offshoots of the Combating Online Infringement and Counterfeits Act introduced last year.
Under the old COICA draft, the government was authorized to obtain court orders to seize so-called generic top-level domains ending in .com, .org and .net. The new legislation, with the same sponsors, narrows that somewhat.
Instead of allowing for the seizure of domain names, it allows the Justice Department to obtain court orders demanding American ISPs block citizens from reaching a site by modifying the net’s Domain Name System. DNS works as the net’s phone book, turning domain names like Wired.com into IP addresses such as 18.104.22.168, which browsers use to actually get to the site.
On May 26, the day the Protect IP Act passed the Senate Judiciary Committee, Wyden exercised a rarely used Senate procedure and held the measure from going to the Senate floor for a vote, where it would likely pass. The measure is expected to come back in the new year, and it’s likely Wyden’s hold can be overridden by a vote of 60 senators.
Wyden has promised to wage a one-man filibuster if necessary.
“By ceding control of the internet to corporations through a private right of action, and to government agencies that do not sufficiently understand and value the internet, PIPA represents a threat to our economic future and to our international objectives,” Wyden said.
DNS experts Steve Crocker, David Dagon, Dan Kaminsky, Danny McPherson and Paul Vixie wrote in a white paper that the Protect IP Act “would promote the development of techniques and software that circumvent use of the DNS.”
“These actions,” they wrote, “would threaten the DNS’s ability to provide universal naming, a primary source of the internet’s value as a single, unified, global communications network.”
They also argue that the proposal undermines a government-approved new DNS security measure known as DNSSEC that aims to prevent criminals from poisoning the domain-name lookup system with false information in order to “hijack” people trying to visit their bank online.
Regardless, the SOPA measure in the House, which is virtually identical to PIPA in the Senate, looked like it would sail out of the House Judiciary Committee two weeks ago.
But Rep. Lamar Smith (R-Texas), who heads the House Judiciary Committee, abruptly continued the hearing so lawmakers could hear from internet architecture experts before taking a vote. A Motion Picture Association vice president had testified before the committee that concerns over DNS redirecting were “overstated.”
Rep. Zoe Lofgren (D-California) said the measure went too far.
“We never tried to filter the telephone networks to block illegal content on the telephone network,” she said, “yet that is precisely what this legislation would do relative to the internet.”
The hearing will resume in the new year.
But it’s unlikely that lawmakers will return to the now-forgotten bill that would prevent law enforcement from sifting through your online e-mail account without first proving probable cause to a judge.
Consider that October marked the 25th anniversary of the Electronic Communications Privacy Act, the law that allows the authorities to access your e-mail without a court warrant.
The law, known as ECPA and signed by President Ronald Reagan, came at a time when e-mail was used mostly by nerdy scientists, when phones without wires hardly worked and when the World Wide Web didn’t exist. Four presidencies and hundreds of millions of personal computers later, the Electronic Communications Privacy Act has aged dramatically, providing little protection for citizens from the government’s prying eyes — despite the law’s language remaining much the same.
The silver anniversary of ECPA had prompted the nation’s biggest tech companies and prominent civil liberties groups to again lobby for an update to what was once the nation’s leading privacy legislation protecting Americans’ electronic communications from warrantless searches and seizures.
In the 1980s, ECPA protected Americans’ e-mail from warrantless surveillance — despite ECPA allowing the government to access e-mail without a court warrant if it was six months or older and stored on a third-party’s server. The tech world now refers to these servers as “the cloud,” and others just think of Hotmail, Yahoo Mail, Facebook and Gmail.
ECPA was adopted at a time when e-mail wasn’t stored on servers for a long time. It just sat there briefly before recipients downloaded it to their inbox on software running on their own computer. E-mail more than six months old was assumed abandoned, and that’s why the law allowed the government to get it without a warrant.
On Oct. 20, Leahy said “this law is significantly outdated and outpaced by rapid changes in technology.” He promised hearings “before the end of the calendar year” in the Judiciary Committee he heads, despite the Obama’s Justice Department opposition to the change.
But there was no hearing.
Presumably, it was just forgotten amid the rush to alter the internet at the behest of the same industry that tried to ban the VCR and MP3 players.