Net Results: A small but key element of the US Patriot Act involving the secretive gathering of information on internet users was overturned last week, setting a foundation for other elements to be similarly challenged on US constitutional grounds.
The Patriot Act is the 350-page document that was rushed through Congress following the September 11th, 2001, terrorist attacks on the US. It was barely discussed or debated - indeed the political climate was such that one's patriotism and, by extension, one's (political) sanity, would have been seen to be at stake if one were critical of any element of this long-standing FBI and CIA wish list for investigative powers.
Since its passage, the Act has been under attack by human rights and civil rights groups who have accused the US government of pushing through legislation that neatly strips out many of the key rights granted to all American citizens in their constitution.
And this was the ruling of a federal court judge in Manhattan, who said that the use of what are termed "national security letters" broadly violated the constitutional rights of individuals, in particular the right to freedom of speech and to protection against unreasonable searches.
National security letters are a kind of subpoena that already existed prior to the Patriot Act, to allow certain kinds of federal-level surveillance.
The Act that created them in 1986 had already been amended several times, and was amended again as part of the Patriot Act.
In this case, the "letters" allowed the FBI to demand information on individuals from internet service providers (ISPs), who were then barred from revealing to the individual that this had happened, or even that they had received this type of subpoena at all - including to a lawyer.
Under the terms of the Patriot Act, ISPs could be forced to hand over customers' names, credit card information and addresses and details of their use of the internet. According to the New York Times, it is uncertain how many times the letters were used for this purpose since the Patriot Act came into being, but the ACLU obtained a list of companies that had been subpoenaed in the 14 months after the Act first came into effect - with the company names blacked out - and the list extended to six pages.
The judge - who threw out the use of the letters entirely, not just under the terms of the Patriot Act, after the American Civil Liberties Union brought a federal case - was particularly concerned that there was no court oversight for such subpoenas, and because the information was handed over without the customer's knowledge, no recourse for individuals whose private information was obtained with no reasons given.
The judge has allowed 90 days for the Bush administration to respond. Campaigners for civil rights see the decision as a basis for pursuing other parts of the Act in court. One such challenge is already under way in Michigan.
Why should we care over here, some might say. Well, to begin with many non-US citizens are customers of US-based ISPs, for design, hosting, bulletin board, webmail and other services. And they are often customers of the ISP's customers whose net data are being demanded.
But shouldn't details on non-US citizens be protected under EU data protection law? Don't count on it. How would a situation in which details were demanded for an EU citizen ever come to light, when the subpoenas are entirely secretive and the individual never knows such details have been requested, and the ISP cannot disclose it has received a subpoena.
Also, negotiations are under way for similar powers to be made available to surveillance and law enforcement agencies on this side of the water. For a start, consider our own proposed data retention act, which would put Irish people's call, internet, email and mobile data - which can contain highly revealing personal details - into cold storage access for law enforcement agencies for up to four years, way beyond the six months of current data protection legislation.
While that legislation is in limbo here, it is only because our government is leading a bid to introduce such an odious, open- to-abuse system on an EU-wide level, a proposal launched during the Irish EU presidency.
And there's far more on the table, designed to ease the passing of personal data back and forth between the EU and the US, much intended to be away from the kind of scrutiny the Manhattan judge felt was necessary to an open and free society - taking into account the need to balance openness against security demands.
There's a cliché that says to allow such methods to be used is "letting the terrorists win". I've used it myself. But I no longer feel that is true. It is not the terrorists who "win" - but the surveillance agencies and darker sides of national governments who espouse democracy and freedom, but really only when those words fit their narrow vision of society: freedom for approved forms of polite dissent, which these days, within Irish society too, grow ever more narrowly defined and anaemic.
klillington@irish-times.ie weblog: http://weblog.techno- culture.com
