Lawyer Article

Published in the September 28, 2004 issue of Southeast Tech Wire.

For the past two years, the United States government has been able to grab secret information any time from your internet service provider and there was nothing anyone could do about it – until now.

On September 28, 2004, a Manhattan federal district court struck down an important provision of the USA PATRIOT Act which allowed the U.S. government to obtain confidential records from internet service providers without any judicial intervention. In a case called John Doe v. Ashcroft, the court ruled that the owner of an internet service provider did not have to comply with the FBI’s request for confidential customer records. The Bush Administration has 90 days to challenge the federal decision.

Under the PATRIOT Act and the Electronic Communications Privacy Act (the ECPA), the FBI could obtain the name, address, credit card information and the stored electronic communications of ISP customers by sending a “national security letter” to the ISP. The FBI does not have to obtain a warrant. It only has to certify that the information will be used as evidence in a national security investigation.

After receiving the national security letter, the ISP may not reveal the information contained in the letter to any person, not even the individual or any company employee, and must submit the requested information in secret. At no time may the recipient admit that it has received a letter. With the national security letter, the FBI may have access to stored email messages, opened email messages still on the ISP server and other information about the customer. The Patriot Act provided no recourse for companies receiving a national security letter. They were not entitled to judicial or administrative review of the letter or the extent of its secrecy. They were forced to comply with the request.

Because FBI records are sealed, it is unclear how many ISPs and communications providers receive national security letters each year. Still, there are some indications that a significant number of companies have received these requests and have been forced to divulge confidential customer information to federal agents.

The American Civil Liberties Union filed the Manhattan case on behalf of an unnamed plaintiff John Doe. Doe received a mysterious phone call from the FBI requesting the stored electronic communications of his customer. The national security letter soon followed. The FBI request stated that Doe was not allowed to reveal the existence of the national security letter or its contents to any other person. Doe was told to meet the FBI agent in a secret location. At the meeting, the FBI agent told Doe that he was prohibited from speaking with his attorney. Still, Doe consulted with an attorney and filed suit in federal court with the help of the ACLU.

Doe argued that the national security letter infringed on rights guaranteed by the U.S. Constitution, including the right to free speech and the right against unreasonable search and seizure. Judge Marrero agreed, saying, “This dispute is about two fundamental principles, values and limits. It centers on the interplay of these concepts, testing the limits of values and the values of limits where their ends collide.” Marrero wrote that even when the political climate inspires the government to place national security above personal liberties, there must be some judicial check on the powers of law enforcement. He said, that these measures exert “an undue coercive effect on [national security letter] recipients.” Consequently, this portion of the USA PATRIOT Act stands challenged.

Marrero’s opinion relied on the history of federal privacy laws. Even before the PATRIOT Act, federal law protected the rights of individuals from similar intrusions. For example, since 1978, the federal government has had to comply with the Right to Financial Privacy Act when seeking the bank records of individuals. Likewise, the ECPA, a product of the 1980s, protected individuals from wiretapping of electronic communications. But with the advent of September 11th and the war in Iraq, the political climate was ripe for legislation that put state interests above civil liberties. Federal investigations were taking too long, and, the government began to fear that terrorist would evade prosecution. National security was paramount. Hence, the national security letter and other USA PATRIOT Act measures were born. If the FBI could certify that the records were necessary for a national security investigation, it could obtain records about any individual from internet companies, telephone companies, and other providers of electronic communication. Only in recent months have federal courts begun to analyze the long-term effects of this 2001 legislation.

The reality is that, in the coming months, communications companies and ISPs may file similar lawsuits, abrading the USA PATRIOT Act and the efficiency of national security investigations. With the federal court decision taking effect in 90 days, ISPs will have the option of challenging a national security letter and contacting the individual who is the target of the FBI investigation. The Bush Administration will fight these efforts.

Still, even if the Bush Administration triumphs in the Doe case, the USA PATRIOT Act faces other legal challenges. The USA PATRIOT Act is at issue in a pending lawsuit in Michigan, and, in a recent federal court decision in Los Angeles, a provision of the USA PATRIOT Act prohibiting individuals from funding terrorist groups was also invalidated. For this reason, the U.S. House of Representatives is considering several bills that will clarify the rights of the parties in a national security investigation under the USA PATRIOT Act.