In a single action last week, Congress made Americas electronic communications a lot less private and likely more expensive. Lawmakers enacted a host of new wiretapping provisions requested by the Department of Justice as part of broader legislation to combat terrorism in the wake of the Sept. 11 attacks. Despite efforts by the U.S. House earlier this month to craft a more restrained law to protect civil liberties, congressional leadership brought the Bush administrations requests largely unchanged to a vote.
The one key safeguard sought by the House that remained in the final measure was a four-year expiration date for many of the electronic surveillance provisions.
Civil rights advocates are alarmed about the potential for privacy violations because the legislation lowers the standard of judicial review required in many cases of surveillance. The law allows the collection of any communications other than real-time content (for example, stored records, transactional data and dialing data) as long as the government claims that the information is sought in connection with an investigation into international terrorism.
While service providers in the past have been concerned about liability for customer privacy, the new law is likely to reduce their concerns. If a lower judicial standard applies to a broader array of searches, it is less likely that an ISP (Internet service provider) will receive a surveillance request without sufficient legal authority.
Most agree, however, that the new legislation makes network operators susceptible to a higher volume of surveillance requests, and that alone creates a new kind of liability concern for ISPs, according to industry sources.
“As [surveillance] becomes more prevalent, were going to have to raise the security level of our employees,” said Mark Bayliss, president and CEO of Visual Links Internet LLC, in Winchester, Va. “Were having meetings with the Department of Defense and the FBI. The things that theyre telling us, were not allowed to tell anybody. Id be more worried about that liability.”
A higher volume of surveillance requests also creates more administrative and financial burdens. Provisions in the law that make business records more accessible to law enforcement and authorize surveillance of computer trespassers likely will require more extensive record keeping and more meticulous attention to terms of service. Depending on how law enforcement implements new surveillance powers, the legislation could bring other financial burdens as well. If extremely large volumes of traffic are routinely monitored, it could slow network traffic, for example.
“The concern is that if, in the implementation, ISPs have to invest in equipment or store large amounts of communications, that would raise a red flag,” said Mark Uncapher, vice president and counsel at the Information Technology Association of America, in Washington. “This is going to be something thats debated, and potentially litigated, for some time.”