Summary:
Legislative proposals in response to the terrorist attacks of September 11, 2001 were introduced less than a week after the attacks. President Bush signed the final bill, the USA-PATRIOT Act, into law on October 26th. Though the Act makes significant amendments to over 15 important statutes, it was introduced with great haste and passed with little debate, and without a House, Senate, or conference report [the Senate vote was 98-1]. As a result, it lacks background legislative history that often retrospectively provides necessary statutory interpretation. The act introduced a plethora of legislative changes which significantly increased the surveillance and investigative powers of law enforcement agencies in the United States. It did not, however, provide for the system of checks and balances that traditionally safeguards civil liberties in the face of such legislation.

A note of explanation before proceeding: FISA stands for Foreign Intelligence Security Act, which allows lower standards for intelligence gathering when the purpose is counterintelligence instead of criminal prosecution. FISA established a secret court to review the Attorney General's authorization of electronic surveillance aimed at obtaining foreign intelligence information. The proceedings of the court are non-adversarial and based solely on the Department of Justice's presentations. Records from the proceedings are sealed and not available even to person's prosecuted on information obtained via FISA warrants. Warrants do not require probable cause; FISA operates outside the Fourth Amendment protections. Warrants can be issued even if no crime has been committed (based on suspicions of being "a foreign power" or the agent of one). As will be seen below, the USA-Patriot Act significantly expanded and blurred the powers of the FISA. [Source for this information]

Details Part I: The Bill

Section 206 allows roving surveillance which could allow the government to tap all the computers in a library or all the payphones in a neighborhood, indefinitely, if a suspect is using one of them. [CDT CLC]

Section 209 enables law enforcement to seize voice mail messages via a search warrant, instead of a Title III wiretap order, thereby overturning case law that requires the government to apply for a Title III warrant before it can obtain unopened voice mail messages held by a service provider. [CDT]

Section 210 expanded the scope of subpoenas to cover electronic communications. Law enforcement officials can now obtain from ISPs information such as means and sources of payment (including credit card numbers), telephone records of sessions and their duration, and temporarily assigned network addresses. This amends the Electronic Communications Privacy Act which previously prohibited owners and operators of Internet services from revealing information gathered in the course of business to third parties, and making it illegal under most circumstances for law enforcement agencies to intercept transmissions or access stored data. [UT]

Section 211 provides that cable operators responding to law enforcement requests by producing customer data about Internet service subscribers will not have to notify the subscribers first. [CDT]

Section 213 allows law enforcement agencies to enter and search homes and offices while people are away, without notifying the owner until later. This is not limited to terrorism cases, applies to citizens, and allows seizure of things and of wire and electronic communications (thereby avoiding Title III limitations). [CDT CLC]

Section 214 allows the government to use pen registers or trap and trace devices without the previous requirement that the government certify that "it has reason to believe that the surveillance is being conducted on a line or device that is or was used in 'communications with' someone involved in international terrorism or intelligence activities that may violate U.S. criminal law, or a foreign power or its agent whose communication is believed to concern terrorism or intelligence activities that violate U.S. law." Now, all that is required is an assertion that the information obtained would be relevant to any ongoing investigation (not necessarily terrorist investigations), leaving essentially no standard for use of these devices [see Section 216, below, on wider uses of these devices as well]. [CDT CLC]

Section 215 eliminates an important previous limitation of FISA business record authority (which used to require the target to be "a foreign power or an agent of foreign power") and expands the scope of items that may be obtained through this authority from "records" to "any tangible things," which might include, for example, a computer server on which information is stored. Court orders also used to be limited to certain business (common carriers, public accommodation facilities, physical storage facilities, or car rental facilities), but now are not limited at all (thus bringing ISPs, libraries, and medical and educations institutions within reach). [CDT]

Section 215 also makes it illegal for librarians to disclose the existence of a warrant or the fact that records were produced as a result of the warrant. A patron cannot be told that his or her records (of books checked out, internet use or registration information) were given to the FBI or that he or she is the subject of an FBI investigation. This also overrides state confidentially laws protecting library records. [ALA]

Section 216 allows pen trap/registers and trace authority to apply to the Internet, allowing the government to collect unspecified, undefined information about Web browsing and email without meaningful judicial review. A pen trap/register is a device attached to a telephone line that acquires telephone numbers transmitted from or into that telephone line. Now they can trace Web browsing and email. The information obtained by these devices is not allowed to include content of any communication (according to previous legislation), but the addition of the internet leaves the content question vague and untested [i.e. it could now allow them to trace what web sites a person visits - rather different from the original use of pen registers to only know what numbers a phone dials]. [CDT CLC]

Section 217 allows ISPs, universities and network administrators to authorize surveillance on others without a judicial order. Anyone accessing a computer "without authorization" [undefined] has no privacy rights and can be tapped by the government without court order. Relatively minor violations - like downloading a copyrighted mp3 - would allow an ISP to authorize the government to tap all of that person's communications for as long as they want. Section 217 also provides protection from liability for government officials who conduct warrantless wiretaps of computer "trespassers". Service providers that make good faith disclosures are also given immunity from prosecution. [CDT]

Section 218 states that gathering of foreign intelligence information need only be "a significant purpose" of FISA surveillance, not "the purpose", as previously required. Criminal wiretaps could be conducted without showing probable cause of a crime, avoiding the more stringent requirements of Title III wiretaps. In essence, it destroys the distinction between intelligence and law enforcement agencies (which made the low standards of FISA constitutional in the first place). [CDT CLC]

Section 223 states that civil lawsuits are not available against the federal government for unauthorized interceptions or disclosures of information gathered. [CDT]

Section 412 permits indefinite detention of immigrants and other non-citizens. Immigrants who are found not to be deportable for terrorism, but have an immigration status violation, such as overstaying a visa, could face indefinite detention if their country refuses to accept them. Detention would be allowed on the Attorney General's finding of "reasonable grounds to believe" involvement in terrorism or activity that poses a danger to national security. Detention could be made indefinite upon determination that such an individual threatens national security, or the safety of the community or any person (to be reviewed every six months by the Attorney General). There is no requirement that indefinite detainees ever be given a trial or a hearing in which the government would have to prove that they are, in fact, terrorists. Nor would other important procedural protections apply, such as the requirement of proof beyond a reasonable doubt (in criminal proceedings) or proof by "clear, convincing and unequivocal evidence" (in deportation proceedings). [ACLU]

Section 503 allows for the collection of DNA of anyone convicted of a crime of violence for a database. [EFF]

Section 506 allows the FBI to obtain consumer credit/banking information and other sensitive records simply by certifying that it is needed for any intelligence investigation, whereas it used to require specific and articulable facts showing that the target comsumer is "a foreign power or the agent of a foreign power." [CDT CLC]

Section 507 allows educational institutions to disclose educational records without court order or student consent when relevant to a terrorism investigation. The institution is not liable for disclosures made in good faith and need not retain a record of the transaction. [UT]

Details Part II: Further Information and Updates

A May, 2003 Justice Department report to Congress gave a limited outline of the use of some of its provisions. They admitted surveillance had been conducted (without a wiretap order or search warrant, simply by certifying that the information would be useful to an ongoing investigation, even if the person being spied on isn't a suspect) not just in terrorism cases, but also in cases involving a drug distributor, identity theives, a "four-time murderer," and a unnamed fugitive who "fled on the eve of trial using a fake passport." As of April 1st, 2003, the Department had applied for 47 sneak-and-peek warrants, and the courts had granted every request. The Department didn't report how often the act had been used to issue search warrants for electronic records outside of the issuers jurisdiction. They did admit to tracking down hackers with a provision that allows seizure of customer credit card numbers from ISPs and phone companies. The Justice Department refused to answer Congressional questions about how many people have been imprisoned as "material witnesses" in terrorism investigations without being charged with a crime. [REG]

The Justice Department also said it has used the new authority crack down on currency smugglers and seize money hidden overseas by alleged bookies, con artists and drug dealers. Federal prosecutors used the act in June, 2003 to file a charge of "terrorism using a weapon of mass destruction" against a California man after a pipe bomb exploded in his lap, wounding him as he sat in his car. In another case prosecuted in 2003, investigators used a provision of the Patriot Act to recover $4.5 million from a group of telemarketers accused of tricking elderly U.S. citizens into thinking they had won the Canadian lottery. [YAHOO] The act has also been employed in a public corruption probe involving a strip club owner and bribery of Nevada politicians, a case with absolutely no connection to terrorism. [RJ]

Since September, 2001, Attorney General John Ashcroft has approved more than 170 emergency domestic spying warrants (for avoiding court authorization unless the spying last longer than three days), triple the number used in the previous 23 years combined. [SF]

The FBI has issued scores of national security letters that require businesses to turn over electronic records about finances, telephone calls, e-mail and other personal information. The Patriot Act loosened the standard for targeting individuals by national security letters and allowed FBI field offices, rather than a senior official at headquarters, to issue them. The letters can be used on American citizens not suspected of a crime, and they are not subject to judicial review unless a case comes to court. [WP]

Librarians have complained about the possibility of book checkout and internet surfing records being seized under the act, which forbids them from informing patrons of such a seizure. Almost two years after passage of the Patriot Act, Ashcroft stated that the Justice Department had not yet used the act to monitor the records of bookstores and libraries. However, his assistant Attorney General, Daniel Bryant, said in December 2002 that federal agents had in fact sought information from libraries as part of terrorism investigations. Also, Justice Department spokesman Mark Corallo said in March of 2003 that libraries had indeed become targets of federal surveillance. Another assistant Attorney General, Viet Dinh, declared in May of 2003 that government agents had visited at least 50 libraries as part of terrorism investigations. [As a side note, Ashcroft didn't say whether he had used a national security letter to look at Americans' library records]. [MF]

Journalists have complained because the Patriot Act allows their notes, documents and tapes with confidential sources to be seized, in contravention of the Privacy Protection Act of 1980 (that act required a demonstration of probable cause to seize records for national security purposes; the Patriot Act has no such requirement). [MBO]

FBI agents used a Patriot Act modification to the Electronic Communications Transactional Records Act in order to subpoena the notes and communications of reporters, which are traditionally protected by the First Amendment freedom of the press. The ECTRA allows the government to require the disclosure of wire or electronic communications from any "provider of electronic communication service" (typically an IPS like Verizon or AOL). It is unclear why the FBI has chosen to include reporters or their employers in the category of "providers of electronic communication". The reporters' notes in question relate to a case against an ethical homeless hacker named Adrian Lamo who exposed security holes in corporate America's cyber networks, and then offered to help companies fix the problems free of charge. Lamo turned himself in to federal authorities on September of 2003 and was charged with computer fraud and unlawful access. His case is in no way related to terrorism. [RCFP]

On May 17, 2002, the Foreign Intelligence Surveillance Court ruled that the USA Patriot Act did not justify the use of certain investigative techniques sought by Attorney General Ashcroft. The court found that Ashcroft's rules could allow misuse of information in criminal cases (it admitted that intelligence gathered about terror suspects had been improperly shared with prosecutors and FBI agents handling criminal investigations). The court said that it had been misled dozens of times by the FBI and Justice Department officials, and documents showed that the FBI and Justice Department had supplied erroneous information to the court on 75 occasions. The Bush administration later appealed the court's restrictions and a subsequent appeal overturned the ruling, granting Ashcroft the broad discretion that he sought, despite the reservations of the secretive FIS Court (which has not publicly disclosed any of its rulings in nearly two decades). [CBS]

The FBI has a history of misusing FISA authority. According to internal memos, they have illegally videotaped suspects, intercepted e-mails without court permission, recorded the wrong phone conversations, and allowed electronic surveillance operations to run beyond their legal deadline. [FBI]

In January of 2004, a federal judge declared unconstitutional the part of the act which bars giving expert advice or assistance to groups designated foreign terrorist organizations. The ban against advice and assistance was impermissibly vague, said the ruling, in violation of the First and Fifth Amendments. The law as it was written failed to distinguish between those offering advice on violence and those encouraging lawful, nonviolent means to achieve goals. [WIRED]

Sources:
Center For Democracy and Technology - Summary and analysis of key portions [CDT]
Center For Democracy and Technology - Civil Liberties Concerns [CDT CLC]
University of Texas - Information technology analysis [UT]
ACLU - Analysis regarding detection of immigrants [ACLU]
American Library Association - The Patriot Act in the library [ALA]
Electronic Frontier Foundation - Analysis [EFF]
Myrtle Beach Online - Journalists Right To Reject Restrictions [MBO]
Memphis Flyer - The Patriot Act, Round Ten [MF]
Security Focus - Ashcroft Accelerates Use of Emergency Spy Warrants [SF]
Yahoo News - New Terror Laws Used Vs. Common Criminals [YAHOO]
CBS News - Feds Get Wide Wiretap Authority [CBS]
The Register - U.S. Anti-Terror Law Used Against Hackers, Thieves [REG]
Washington Post - U.S. Steps Up Secret Surveillance [WP]
FBI - Caution On FISA Issues (PDF file) [FBI]
Wired News - Court Rules Against Patriot Act [WIRED]
Las Vegas Review Journal - Law's Use Causing Concerns [RJ]
Reporters Committee for Freedom of the Press - Reporters Ordered to Retain Notes of Conversations [RCFP]

Further Info:
Electronic Privacy Information Center - Overview and analysis
Electronic Privacy Information Center - Copy of the Patriot Act
Senatory Patrick Leahy - Section by section summary