-------- Original Message -------- Subject: Swire comments on Hastert bill on intelligence reform Date: Mon, 27 Sep 2004 09:43:59 -0400 From: Peter Swire <peter@private> To: Declan McCullagh <declan@private> Declan: Some congressional staffers asked me to analyze the bill that Speaker Hastert introduced on Friday on how to do intelligence reform. The bill is scheduled for markup this Wednesday in the House Judiciary Committee. Perhaps the following comments can highlight some particular problems with the current bill. (There are undoubtedly more problems with the bill, but this is a start.) Overall, the most glaring privacy problem with the bill is that it does not create any mechanism government-wide to serve as a watchdog on privacy and civil liberties. A huge theme of the bill is "information sharing." But its approach is silo-by-silo, with a separate privacy officer in various agencies and a "civil liberties protection officer" for the National Intelligence Director. There is little reason to think that this bill will allow any inter-agency, coordinated control on privacy or civil liberties. By contrast, the current Senate bill understands that there needs to be a function within the Executive Office of the President that coordinates privacy and information sharing across agencies. It creates a Civil Liberties Board as specifically called for by the 9/11 Commission. Offering that provision as a substitute for Section 1022 would be a big improvement. Perhaps the majority is trying to have the inter-agency management of these issues be done through the civil liberties board created recently by Executive Order by President Bush. My editorial at http://www.americanprogress.org/site/pp.asp?c=biJRJ8OVF&b=180251 <http://www.americanprogress.org/site/pp.asp?c=biJRJ8OVF&b=180251> explains why the Executive Order is so badly flawed. Here are some more specific comments: Sec. 1022 on Civil Liberties Protection Officer. What is missing here is what is included in the Collins-Lieberman draft, such as: an annual report; stronger subpoena powers; power to get advisory committees of experts on information privacy and civil liberties, and so on. Include the Senate bill provision as a substitute, or add the powers piece-by-piece. Section 2001. Strike the "lone wolf" provision. FISA orders outnumbered all law enforcement wiretap orders in 2003, for the first time. A long-term wiretap is now allowed under FISA for any "agent of a foreign power", which includes international terrorist groups. Without the requirement of a link to a foreign power, there are grave constitutional questions about whether this secret wiretap is allowed under the Fourth Amendment. Furthermore, the "lone wolf" provision opens the door wide to surveillance of citizens for domestic surveillance and law enforcement purposes. Searches within the U.S. should still presumptively be done in compliance with the Fourth Amendment. My article on "The System of Foreign Intelligence Law", with a detailed history of FISA and many reform proposals, is at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=586616 . (That article is too detailed for use at markup this week, but addresses many issues relevant to updating of the Patriot Act.) Section 2023. False Statements in Terrorism Cases. This provision increases penalties for false statements in "terrorism" cases. The problem here is that an ordinary identity theft case can become a "terrorism" or "material assistance to terrorism" case if someone gets false immigration papers and then there is a small link to alleged terrorist funding sources such as a charity. There is no evidence that the problem has been the lack of penalties for people properly convicted of being involved in terrorism. The problem is that the Justice Department has essentially found no cases that are really terrorist cases. Strike the provision. Section 2142. Criminal History Information Checks. This provision lacks all of the checks and balances one would expect to see: (1) There are no re-disclosure limits. That means the employer can place the criminal history information up on the Internet after receiving the record from the government. (2) There are no requirements that the employer be in good faith when seeking the information from the government. False requests for records would be ridiculously easy to do. Fraudulent requests for records would also be easy. (3) There is no required notice to or consent by the employee who applies that the background check will be run, with notice of where to get access and correction if there are mistakes about the employee's records. In general, the Fair Credit Reporting Act has the provisions in place to prevent abuse. The criminal history provision has not begun to grapple with the basic due process for criminal records and fingerprints that we of course require when people (including employers) seek a credit history. Section 2183. Registered Traveler Program. Prominent security experts have made compelling arguments about how the registered traveler program would actually decrease security. In short, enrolling a member in the program would become the logical target for every terrorist group. Once the group had a member in the group, there would be a guaranteed easy route to getting on a plane with less scrutiny. Instead of "expediting" the program, the program should receive much more careful scrutiny. Section 5091. Rulemakings require privacy impact assessments. This is a promising provision. The scope of the PIAs should include: "(v) an explanation of what legal and other mechanisms will assure compliance with the privacy protections described in the assesment." The current draft requires the PIA to set forth the protections for notice, consent, access, etc., but does not contemplate any discussion about how the supposed protections will actually be implemented over time. Section 5091. Disclosure of PIAs to the public. Currently the bill allows a national security determination when a PIA cannot be made public. That approach basically follows the E-Government Act of 2002 for not having some PIAs be made public for national security purposes. The bill should also have the provisions of the E-Gov Act, though, that requires the agency to send such PIAs in full to the Office of Management and Budget. That way the agency still has some accountability to persons outside of the agency, and Congressional oversight is possible by asking OMB for information (available to Congress in closed session) about the PIAs that are kept secret. Section 5092. Chief Privacy Officers for Agencies with Law Enforcement or Anti-Terrorism Functions. I support this provision -- having specific persons with responsibility to watch for information privacy problems is essential to helping each agency think through the issues before they implement systems. Once again, however, there is NO inter-agency coordination or White House leadership. It is crazy in an "information sharing" environment to have no policy process to handle privacy issues that cross agency lines. There needs to be a position in the Executive Office of the President (or at a minimum an inter-agency council with some specified and competent leadership) to handle the inter-agency issues. Peter Prof. Peter P. Swire Moritz College of Law of the Ohio State University John Glenn Scholar in Public Policy Research (240) 994-4142; www.peterswire.net _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Mon Sep 27 2004 - 08:52:46 PDT