http://arstechnica.com/tech-policy/news/2011/06/its-hard-to-imagine-a.ars?ut m_source=rss <http://arstechnica.com/tech-policy/news/2011/06/its-hard-to-imagine-a.ars?u tm_source=rss&utm_medium=rss&utm_campaign=rss> &utm_medium=rss&utm_campaign=rss
Are the feds torturing the Patriot Act for location data? By <http://arstechnica.com/author/timothy-b-lee/> Timothy B. Lee | Published about 4 hours ago <http://static.arstechnica.net/assets/2009/01/cell-phone-tracking-thumb-640x auto-235.jpg> It's hard to imagine a Senator making a blunter statement than Sen. Ron Wyden (D-OR) made in the heat of the Patriot Act reauthorization fight last month: "When the American people find out how their government has secretly interpreted the Patriot Act," he said, "they will be stunned and they will be angry." Wyden is in a position to know. As a member of the Senate Intelligence Committee, he receives classified briefings from the executive branch. And in recent years, three other current and former members of the Senate-Mark Udall (D-CO), Dick Durbin (D-IL), and Russ Feingold (D-WI)-have made similar comments. These statements are puzzling because the explicit powers Congress has given to the government are already quite broad. For example, we've extensively covered the <http://arstechnica.com/tech-policy/news/2008/07/fisa-compromise.ars> FISA Amendments Act of 2008 and the <http://arstechnica.com/security/news/2008/03/progress-on-national-security- letters-has-been-slow.ars> rapid increase in the use of National Security Letters since the enactment of the Patriot Act. Apparently, the government has such an appetite for information about Americans that it has felt the need to push even these quite generous boundaries. The government's activities are shrouded in secrecy, so we can't be sure what the senators are referring to. But the evidence suggests that the Obama administration is using Section 215 of the Patriot Act-a provision that gives the government access to "business records"-as the legal basis for the large-scale collection of cell phone location records. What we know It seems clear that the senators' concerns relate to Section 215 of the Patriot Act. As Ars alumnus Julian Sanchez ably explains in a <http://www.cato.org/pubs/pas/PA675.pdf> recent paper for the Cato Institute, Section 215 gives the government the power to obtain "business records" without a showing of probable cause. The debate over section 215 has largely focused on <http://lawprofessors.typepad.com/law_librarian_blog/2010/03/section-215-one -more-time.html> library records, but the Patriot Act's definition of a "business record" extends to any "tangible thing." When Congress considered limiting the use of Section 215 orders to terrorism investigations in 2009, it ran into stiff opposition from the Obama administration. Sen. Durbin wasn't happy about this. "The real reason for resisting this obvious, common-sense modification of Section 215 is unfortunately cloaked in secrecy," he said. He suggested that this secrecy was inconsistent with "transparency, accountability, and fidelity to the rule of law and our Constitution" An even more direct statement came from Sen Feingold. He noted that Patriot Act supporters had claimed in 2005 that Section 215 had never been misused. "They cannot make that statement now," he said. "They have been misused." Unfortunately, he said, the details were classified. So in 2009, at least two Senators believed that Section 215 of the Patriot Act was being abused. Two years later, in the midst of a debate about again extending Section 215 authority, two other Senators complained about classified Patriot Act abuses. It's not a big leap to suppose these comments all refer to the same government activity. Every step you take So what's the government doing? A growing body of evidence suggests the controversy is related to cell phone location data. Law enforcement officials have become increasingly reliant on this kind of information. In a <http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1845644> recent paper on the subject, Stephanie K. Pell and Christopher Soghoian tell the story of the <http://www.dallasnews.com/news/community-news/dallas/headlines/20100204-Sca recrow-Bandits-bank-robber-8361.ece> Scarecrow Bandits, a gang that committed a string of bank robberies in the Dallas area. FBI agents captured the gang by examining cell phone location records and identifying phones that had made calls near several of the banks that were robbed. In a <http://www.cato-at-liberty.org/atlas-bugged-why-the-secret-law-of-the-patri ot-act-is-probably-about-location-tracking/> lengthy blog post, Julian Sanchez recently laid out the evidence tying the Section 215 controversy to the government's appetite for location data. First, Wyden <http://www.wired.com/dangerroom/2011/05/bill-would-keep-big-brothers-mitts- off-your-gps-data/> recently unveiled legislation that would require a warrant for the feds to acquire geolocation data. The bill would establish the "exclusive means" for obtaining cell phone location information; it nevertheless goes out of its way to specify that location data may not be obtained using Section 215. This is puzzling since there's no particular reason to think Section 215 would be used in this way. But maybe Sen. Wyden knows something we don't. Second, Sanchez notes that Sen. Udall has repeatedly warned about Section 215 giving the government "unfettered" access to "a cell phone company's phone records." Two things are notable about this phrasing: first, it specifically mentions cell phone, not wireline, records. And second, it refers to a company's records, rather than records related to some individual. The obvious conclusion is that the government has been claiming that geolocation information-most likely, data about which cell phone tower users are near at any given time-is a "business record" that can be obtained under section 215. By treating this information as the records of the cell phone company rather than the personal information of subscribers, the government sidesteps the need to show that any particular customer is suspected of a crime. More transparency needed Clearly, law enforcement officials need a process for obtaining location data. Reasonable people can disagree about the proper standard of review. And obviously, for surveillance to be effective, some operational details need to be kept secret. But without knowledge of the basic facts-what kind of information is being collected, how much, and with what procedural safeguards-it's impossible to have an informed public debate. Sen. Patrick Leahy (D-VT) recently <http://arstechnica.com/tech-policy/news/2011/05/senate-bill-would-require-w arrant-for-e-mail-cloud-searches.ars> unveiled privacy legislation that would raise the standard for government access to location data. The Pell and Soghoian paper suggests a different framework for regulating government access. It's impossible to have an intelligent debate about these or other options if we don't know what the government is already doing. Fortunately, the ACLU is on the case. Last week, it <http://www.aclu.org/blog/national-security/unmasking-secret-law-new-demand- answers-about-governments-hidden-take-patriot> filed a Freedom of Information Act request seeking documents related to the Bush and Obama administration's legal interpretations of Section 215 of the Patriot Act. FOIA is a slow and cumbersome process, and the Obama administration will undoubtedly fight the ACLU's efforts. But if the request succeeds, it will give the American public some of the information it needs to have a well-informed debate. Update: To be clear, Section 215 of the Patriot Act allows information to be collected in an intelligence context. In contrast, the Leahy bill and the Pell/Soghoian proposal both reform law enforcement access to location data. So neither proposal would directly affect the use of Section 215. [Non-text portions of this message have been removed] ------------------------------------ -------------------------- Want to discuss this topic? Head on over to our discussion list, discuss-os...@yahoogroups.com. -------------------------- Brooks Isoldi, editor biso...@intellnet.org http://www.intellnet.org Post message: osint@yahoogroups.com Subscribe: osint-subscr...@yahoogroups.com Unsubscribe: osint-unsubscr...@yahoogroups.com *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtmlYahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: osint-dig...@yahoogroups.com osint-fullfeatu...@yahoogroups.com <*> To unsubscribe from this group, send an email to: osint-unsubscr...@yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
