In one of its final acts of 2005, Congress was expected to renewthe Patriot Act, the law passed after 9/11 that gave the governmentmore leeway to investigate terrorism-related cases. Key provisionsof the law allowing the government to seize electronic recordsexpired Dec. 31.
The renewal without significant changes has come amid controversytriggered by the revelation last fall that the FBI may haveillegally obtained customer data from businesses.
Between 2002 and 2004, FBI agents took procedural shortcuts atleast a dozen times when they used provisions of the Patriot Act,according to the Electronic Privacy Information Center (EPIC), anonprofit research organization. EPIC obtained the U.S. FederalBureau of Investigation documents through a Freedom of InformationAct lawsuit.
The documents detail 13 FBI internal investigations into agentmisconduct. According to the documents, in one terrorism-relatedinvestigation, an agent obtained financial information from acompany without legally obtaining a National Security Letter, amechanism by which investigators demand data from companies orindividuals. (Recipients of National Security Letters are forbiddenby law to tell anyone that they have received one.)
The Washington Post reported last year that the FBI issues morethan 30,000 National Security Letters a year.
The FBI called the violations administrative errors. Regardless ofthe reason, the bureau’s shortcuts highlight the need for companiesthat share customer information with investigators to do socautiously, says Marcia Hofmann, EPIC staff counsel. (For more onhow to manage FBI requests, read “What to Do When Uncle Sam WantsYour Data.” Find the link to this story at www.cio.com/010106.)
The violations indicate that legislative oversight is necessary tominimize abuse, Hofmann says.”When a law isn’t functioning,Congress needs to amend it, ” she says. The Patriot Act most likelywill continue to be controversial, with proponents arguing that itis needed to fight terrorism, while critics contend that the lossof civil liberties is too high a price. At press time, Congress wastrying to reach a compromise on restricting the use of NationalSecurity Letters and trying to agree on appropriate levels ofoversight for the practice.