http://arstechnica.com/tech-policy/news/2011/06/its-hard-to-imagine-a.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss


 Are the feds torturing the Patriot Act for location data?

*By Timothy B. Lee <http://arstechnica.com/author/timothy-b-lee/> **| **
Published **about 4 hours ago***

 It's hard to imagine a Senator making a blunter statement than Sen. Ron
Wyden (D-OR) made in the heat of the Patriot Act reauthorization fight last
month: "When the American people find out how their government has secretly
interpreted the Patriot Act," he said, "they will be stunned and they will
be angry." Wyden is in a position to know. As a member of the Senate
Intelligence Committee, he receives classified briefings from the executive
branch. And in recent years, three other current and former members of the
Senate—Mark Udall (D-CO), Dick Durbin (D-IL), and Russ Feingold (D-WI)—have
made similar comments.

These statements are puzzling because the explicit powers Congress has given
to the government are already quite broad. For example, we've extensively
covered the FISA Amendments Act of
2008<http://arstechnica.com/tech-policy/news/2008/07/fisa-compromise.ars>
and
the rapid 
increase<http://arstechnica.com/security/news/2008/03/progress-on-national-security-letters-has-been-slow.ars>
in
the use of National Security Letters since the enactment of the Patriot Act.
Apparently, the government has such an appetite for information about
Americans that it has felt the need to push even these quite generous
boundaries.

The government's activities are shrouded in secrecy, so we can't be sure
what the senators are referring to. But the evidence suggests that the Obama
administration is using Section 215 of the Patriot Act—a provision that
gives the government access to "business records"—as the legal basis for the
large-scale collection of cell phone location records.
What we know

It seems clear that the senators' concerns relate to Section 215 of the
Patriot Act. As Ars alumnus Julian Sanchez ably explains in a recent
paper<http://www.cato.org/pubs/pas/PA675.pdf> for
the Cato Institute, Section 215 gives the government the power to obtain
"business records" without a showing of probable cause. The debate over
section 215 has largely focused on library
records<http://lawprofessors.typepad.com/law_librarian_blog/2010/03/section-215-one-more-time.html>,
but the Patriot Act's definition of a "business record" extends to any
“tangible thing.”

When Congress considered limiting the use of Section 215 orders to terrorism
investigations in 2009, it ran into stiff opposition from the Obama
administration. Sen. Durbin wasn't happy about this. "The real reason for
resisting this obvious, common-sense modification of Section 215 is
unfortunately cloaked in secrecy," he said. He suggested that this secrecy
was inconsistent with "transparency, accountability, and fidelity to the
rule of law and our Constitution"

An even more direct statement came from Sen Feingold. He noted that Patriot
Act supporters had claimed in 2005 that Section 215 had never been misused.
"They cannot make that statement now," he said. "They have been misused."
Unfortunately, he said, the details were classified.

So in 2009, at least two Senators believed that Section 215 of the Patriot
Act was being abused. Two years later, in the midst of a debate about again
extending Section 215 authority, two *other* Senators complained about
classified Patriot Act abuses. It's not a big leap to suppose these comments
all refer to the same government activity.
Every step you take

So what's the government doing? A growing body of evidence suggests the
controversy is related to cell phone location data. Law enforcement
officials have become increasingly reliant on this kind of information. In
a recent paper <http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1845644> on
the subject, Stephanie K. Pell and Christopher Soghoian tell the story of
the Scarecrow 
Bandits<http://www.dallasnews.com/news/community-news/dallas/headlines/20100204-Scarecrow-Bandits-bank-robber-8361.ece>,
a gang that committed a string of bank robberies in the Dallas area. FBI
agents captured the gang by examining cell phone location records and
identifying phones that had made calls near several of the banks that were
robbed.

In a lengthy blog
post<http://www.cato-at-liberty.org/atlas-bugged-why-the-secret-law-of-the-patriot-act-is-probably-about-location-tracking/>,
Julian Sanchez recently laid out the evidence tying the Section 215
controversy to the government's appetite for location data.

First, Wyden recently
unveiled<http://www.wired.com/dangerroom/2011/05/bill-would-keep-big-brothers-mitts-off-your-gps-data/>
legislation
that would require a warrant for the feds to acquire geolocation data. The
bill would establish the "exclusive means" for obtaining cell phone location
information; it nevertheless goes out of its way to specify that location
data may *not* be obtained using Section 215. This is puzzling since there's
no particular reason to think Section 215 would be used in this way. But
maybe Sen. Wyden knows something we don't.

Second, Sanchez notes that Sen. Udall has repeatedly warned about Section
215 giving the government "unfettered" access to "a cell phone company’s
phone records." Two things are notable about this phrasing: first, it
specifically mentions *cell phone*, not wireline, records. And second, it
refers to a *company's* records, rather than records related to some
individual.

The obvious conclusion is that the government has been claiming that
geolocation information—most likely, data about which cell phone tower users
are near at any given time—is a "business record" that can be obtained under
section 215. By treating this information as the records of the cell phone
company rather than the personal information of subscribers, the government
sidesteps the need to show that any particular customer is suspected of a
crime.
More transparency needed

Clearly, law enforcement officials need a process for obtaining location
data. Reasonable people can disagree about the proper standard of review.
And obviously, for surveillance to be effective, some operational details
need to be kept secret.

But without knowledge of the basic facts—what kind of information is being
collected, how much, and with what procedural safeguards—it's impossible to
have an informed public debate. Sen. Patrick Leahy (D-VT) recently unveiled
privacy 
legislation<http://arstechnica.com/tech-policy/news/2011/05/senate-bill-would-require-warrant-for-e-mail-cloud-searches.ars>
that
would raise the standard for government access to location data. The Pell
and Soghoian paper suggests a different framework for regulating government
access. It's impossible to have an intelligent debate about these or other
options if we don't know what the government is already doing.

Fortunately, the ACLU is on the case. Last week, it filed a Freedom of
Information Act
request<http://www.aclu.org/blog/national-security/unmasking-secret-law-new-demand-answers-about-governments-hidden-take-patriot>
seeking
documents related to the Bush and Obama administration's legal
interpretations of Section 215 of the Patriot Act. FOIA is a slow and
cumbersome process, and the Obama administration will undoubtedly fight the
ACLU's efforts. But if the request succeeds, it will give the American
public some of the information it needs to have a well-informed debate.

*Update:* To be clear, Section 215 of the Patriot Act allows information to
be collected in an intelligence context. In contrast, the Leahy bill and the
Pell/Soghoian proposal both reform law enforcement access to location data.
So neither proposal would directly affect the use of Section 215.

-- 
Thanks for being part of "PoliticalForum" at Google Groups.
For options & help see http://groups.google.com/group/PoliticalForum

* Visit our other community at http://www.PoliticalForum.com/  
* It's active and moderated. Register and vote in our polls. 
* Read the latest breaking news, and more.

Reply via email to