FC: ACLU blasts White House report on unlawful conduct online

[Declan McCullagh <declan () well com>]

[This is a press release from this afternoon]



***NEWS ALERT***

In a letter sent today to Attorney General Janet Reno, the ACLU sharply
criticized a draft White House report on "Unlawful Conduct Involving the Use
of the Internet."

A draft version of the report, now online at
http://www.politechbot.com/docs/unlawfulconduct.html
is expected to be made public tomorrow at Reno's weekly 9:30 a.m. briefing.
The final version is not expected to differ appreciably from the current
draft.

The ACLU letter follows.  To speak with any of the signatories, contact:

In New York:
Emily Whitfield, Media Relations Director, ACLU National
(212) 549-2566 or 2666/cell phone (917) 686-4542/ewhitfield () aclu org

In Washington:
Jennifer Helburn, ACLU Communications Unit
(202) 675-2312

March 8, 2000

Janet Reno, Attorney General
U.S. Department of Justice
950 Pennsylvania Avenue, NW
Washington DC 20530-0001

Dear Attorney General Reno:

The report entitled "The Electronic Frontier: the Challenge of Unlawful
Conduct Involving the Use of the Internet" (by the President's Working Group
on Unlawful Conduct On the Internet) raises a number of civil liberties
concerns. We urge you to reject a number of the report's recommendations and
to clarify others.

* Anonymity on the Internet is not a thorny issue; it is a Constitutional
right. The United States Supreme Court held that the Constitution grants
citizens the right to speak anonymously. (See McIntyre v. Ohio Elections
Commission, 514 U.S. 334 (1995).) However, the report treats the anonymity of
Internet users as a "thorny issue," rather than a constitutional right.
Indeed, the report suggests that the identity of individuals along the
"Information Superhighway" should be stripped away to deal with purported
problems with the Cable Communications Policy Act of 1984 and various
telephone harassment statutes. An end to Internet anonymity would chill free
expression in cyberspace and strip away one of the key structural privacy
protections enjoyed by Internet users.

* The distinctions between the protections afforded electronic communications
as opposed to voice communications should be resolved in favor of privacy.
The report raises concerns about the Electronic Communications Privacy Act
(ECPA) because it treats "wire and electronic communications inconsistently."
The report advocates a "least common denominator" approach to these
inconsistencies. Whatever protects privacy least would become the rule for
both types of communications. Specifically, the report suggests that phone
calls and Internet communications, as well as "[e]-mail, voice mail, user
access logs, and remotely stored files" should be treated with an equally low
level of privacy protection to resolve "deficiencies in the rules for
government access to customer records, especially with respect to access by
civil and regulatory agencies."

When ECPA was enacted, it was well known that the statute treated wire and
electronic communications differently. Furthermore, we should note that
ECPA's standards for voice communications do a number of things: (I)
incorporate a Constitutionally mandated standard that the government show
probable cause before it can conduct a search, (II) allow for wiretapping
only for more serious crimes; (III) apply a statutory exclusionary rule for
illegally intercepted conversations and (IV) require approval by high-ranking
Justice Department officials. With the exception of probable cause, these
privacy protections do not cover interception of the content of electronic
communications; the report seems to suggest that they be done away with for
voice communications as well. Furthermore, the report seems to ignore
real-life differences between wire and electronic communications, as well as
voice and non-voice data. It is important that any proposed standard should
continue to take these distinctions into consideration, while continuing to
follow Constitutional probable cause requirements.

* The standards for issuing pen register orders, as well as for issuing trap
and trace device orders, should be raised. Currently, law enforcement agents
need only overcome minimal obstacles to obtain pen register orders, as well
as authorization to use trap and trace devices. However, the report
criticizes these standards, claiming that "advances in telecommunications
technology have made the language of the statute obsolete." We are troubled
by the possibility that attempts to "update" current statutes will, in fact,
expand the government's power to surreptitiously intercept even more personal
electronic communications under the minimal standards for pen registers and
trap and trace devices. Currently, all law enforcement must do to secure a
trap and trace or pen register order from a federal judge is assert in
writing that information relevant to an ongoing investigation is likely to be
obtained. The judge to whom the application is made must approve the
application, even if he disagrees with the assertions of law enforcement.

* Similarly, we are concerned by the report's suggestions that the government
should have greater powers in using trap and trace devices. In making this
recommendation, the report provides few specifics as to what sort of
information the government would then be able to collect. An expansion of
these powers might allow law enforcement agents to access a variety of data,
including dialup numbers, Internet Protocol (IP) addresses, electronic mail
logs, uploaded files, and so on. Indeed, the vagaries of this plan might
allow the identification and tracking of virtually anyone who uses the World
Wide Web, without a court order. Proper measures must be taken to avoid
opening this digital Pandora's Box.

* The report finds fault with current laws that protect
First-Amendment-protected activities. The document raises particular concerns
about statutes such as the Privacy Protection Act of 1980, which safeguards
information that has been gathered and produced by reporters (including their
work-product materials). This was enacted in recognition of the fact that
"the free flow of information to the public protected by the free-press
guarantee would be severely curtailed if no protection whatever were afforded
to the process by which news is assembled and disseminated."  In particular,
the report seems to suggest that the Act's protections should be retained for
innocent third parties, but should be withdrawn for people who create
"drafts" of what they will ultimately use to commit a crime. In addition, the
report seems to suggest that these laws should be altered, perhaps allowing
government access to virtually all computers, because "almost any computer
can be used to 'publish' material." This might violate numerous legal
precedents, including several Supreme Court decisions which, among other
things, (I) recognize the power of Congress to enact laws to prevent the
unnecessary disclosure of such information and (II) protect reporters in a
variety of special circumstances, such as when subpoena powers have been
abused. (See Branzburg v. Hayes, 408 U.S. 665, 706 (1972); University of
Pennsylvania v. Equal Employment Opportunity Commission, 493 U.S. 182, 201 &
n.8 (1990)). Indeed, the High Court has stated that when "the materials
sought to be seized may be protected by the First Amendment, the requirements
of the Fourth Amendment must be applied with 'scrupulous exactitude'",
meaning the government must show probable cause and get a warrant. (See
Zurcher v. The Stanford Daily, 436 U.S. 547, 564 (1978), citing Stanford v.
Texas, 379 U.S. 476, 485 (1965).) Congress went a step further toward
protecting this aspect of free speech when it enacted the Privacy Protection
Act.  To diminish these protections would be a terrible blow to the First
Amendment.

* The report contains virtually no statistics on the extent of
computer-related crime, or whether such activity poses a truly significant
threat to our nation. Instead, the report merely mentions several anecdotes
on how a few individuals have used the computers to commit crimes. Such
statistics should be disclosed before any statutory changes are even
considered.

* The report provides few specifics as to how current systems could be better
protected through the use of various promising technologies (including
encryption). This comes despite the fact that the report contains a myriad of
finely-detailed suggestions about current privacy-protection laws, and how
they should be changed to satisfy the asserted needs of law enforcement. The
government should give proper regard to these new privacy-enhancing
technologies to protect everyone from possible cybercrimes.

We would appreciate a response to this letter as soon as possible. Thank you
very much.

Sincerely,

Barry Steinhardt
Associate Director

Laura W. Murphy
Director, Washington National Office

Gregory T. Nojeim
Legislative Counsel


--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
--------------------------------------------------------------------------