4/26. The House Judiciary Committee's (HJC) Subcommittee on Crime Terrorism, and Homeland Security held oversight hearings on Thursday, April 21, Tuesday, April 26, and twice on Thursday, April 28. It will hold more hearings on Tuesday, May 3, and Thursday, May 5.

This article, and related articles in this issue, cover those portions of these hearings that pertained to electronic surveillance and new technologies. The HJC is taking a methodical section by section approach, seeking government public input, and government explanations of how it is implementing each section. The Department of Justice (DOJ) is cooperating to the extent that it is sending witnesses. However, government witnesses have been evasive or non-responsive on many issues raised by members of the Subcommittee.

Government witnesses are using the hearing to advocate permanent extension of the sunsetting provisions of the PATRIOT Act. They are also highlighting the threats of terrorism, and the dedication of government personnel fighting terrorism.

To bolster their case for extension of § 215 (which may it easier for the FBI to acquire business records, including library records) and of all sunsetting sections of the PATRIOT Act, the government disclosed for the first time at a hearing on April 28 that 9/11 hijackers had used library computers in the U.S.

Rep. Howard Coble (R-NC) (at right), the Chairman of the Crime Subcommittee, wrote in his opening statement on April 21 that "Our Nation has a dependency problem -- one that we need to nurture and protect. That dependency is on technology. Computers and related technology have improved every aspect of our lives -- our health care, our education, and our security, just to name a few. This same technology also aids those who threaten our Nation, as it facilitates terrorists and criminals alike. At the stroke of a key, someone can cause millions of dollars of damage to our economy or shut down the 9-1-1 systems of our emergency responders. The threat has grown with the benefits of and dependency on technology."

Several Republican members of the Subcommittee, especially Rep. Dan Lungren (R-CA), are defending the DOJ and the PATRIOT Act. Several Democrats are criticizing the PATRIOT Act.

Rep. William Delahunt (D-MA) stated on April 21 that the two issues are "privacy" and "transparency". "People like myself really don't know what is happening", said the former state prosecutor. But, there is a "profound unease that something is happening". He added that "if you don't have the right to privacy that is the beginning of totalitarianism".

On April 28 he stated that these hearings would not be taking place if there were no sunset clause. Hence, he argued that when the Congress passes legislation to address the present sunset clause, it should enact a further sunset provision. He argued that this sunsetting gives the Congress "leverage" to conduct oversight of how the DOJ is implementing the PATRIOT Act.

The government surveillance system, said Rep. Delahunt, "needs more than just checks and balances with the executive branch". It needs effective Congressional oversight. Hence, he suggested sunsetting the entire PATRIOT Act.

Rep. Jeff Flake (R-AZ), who is turning out to be the Republican member of the Subcommittee who is the most skeptical of the PATRIOT Act, and the DOJ's implementation of it, stated at a news conference on April 28 that the Congress should have sunsetted the entire PATRIOT Act in 2001.

History of the USA PATRIOT Act. The USA PATRIOT Act is an acronym for "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001". The 107th Congress enacted this bill quickly after the terrorist attacks of September 11, 2001. It was HR 3162. It became Public Law 107-56 on October 26, 2001.

The bill was approved by the House on October 24, 2001 by a vote of 357-66. See, Roll Call No. 398. Three Republicans and sixty-two Democrats voted against the bill.

Much of Title II of the PATRIOT Act pertains to electronic surveillance affecting new technologies. § 224 of the PATRIOT Act provides that many of the provisions of Title II sunset at the end of 2005, unless extended. These hearings address the sunsetting provisions. However, there are also many proposals to modify or repeal other sections of the PATRIOT Act that are not scheduled to sunset.

See, table in this issue titled "Summary of Title II of the PATRIOT Act".

The HJC committee is proceeding methodically, taking a few provisions at a time. Government witnesses are testifying at each hearing, along with a smaller number of critical witnesses.

Schedule of Hearings. The full Committee held a hearing on April 6, 2005. See, story titled "House Judiciary Committee Holds Hearing on PATRIOT Act" in TLJ Daily E-Mail Alert No. 1,112, April 11, 2005.

The Crime Subcommittee held its first hearing on April 21. That hearing addressed three sections of the PATRIOT Act that are scheduled to sunset:

• § 209, titled "Seizure of voice-mail messages pursuant to warrants".
• § 217, titled "Interception of computer trespasser communications".
• § 220, titled "Nationwide service of search warrants for electronic evidence".

The Subcommittee heard testimony from, and questioned, four witnesses on April 21.

• Laura Parsky, one of five Deputy Assistant Attorneys General in the DOJ's Criminal Division. See, prepared testimony [20 pages in PDF].
• Steven Martinez, Deputy Assistant Director of the FBI's Cyber Division. See, prepared testimony.
• Jim Dempsey, Executive Director of the Center for Democracy and Technology. See, prepared testimony [PDF].
• Peter Swire, Professor of Law at Ohio State University. See, prepared testimony [12 pages in PDF].

The April 26 hearing addressed five sections that are scheduled to sunset:

• § 204, titled "Clarification of Intelligence Exceptions from Limitations on Interception & Disclosure of Wire, Oral & Electronic Communications".
• § 207, titled "Duration of FISA Surveillance of Non-United States persons who are Agents of a Foreign Power".
• § 214, titled "Pen Register and Trap and Trace Authority Under FISA".
• § 225, titled "Immunity for Compliance with FISA Wiretap".
• § 6001 and 6002 of the Intelligence Reform and Terrorism Prevention Act regarding lone wolf terrorists.
• The agenda did not include § 216, titled "Modification of authorities relating to use of pen register and trap and trace devices". However, it was discussed also. It is not scheduled to sunset.

The Subcommittee heard testimony from, and questioned, three witnesses on April 26:

• Mary Beth Buchanan, U.S. Attorney for the Western District of Pennsylvania. See, prepared testimony [PDF].
• James Baker, Counsel for Intelligence Policy at the DOJ. See, prepared testimony [PDF].
• Suzanne Spaulding, Managing Director of the Harbour Group

The Thursday, April 28, 9:30 AM hearing addressed two sections:

• § 206, titled "Roving Surveillance Authority Under the Foreign Intelligence Surveillance Act of 1978".
• § 215, titled "Access to Records and Other Items Under the Foreign Intelligence Surveillance Act".
• The agenda did not include the use of national security letters or § 505. However, these were discussed.

The Subcommittee heard testimony from, and questioned, three witnesses at the 9:30 AM hearing on April 26.

• Kenneth Wainstain, interim U.S. Attorney for the District of Columbia.
• James Baker, Counsel for Intelligence Policy at the DOJ.
• Robert Khuzami, former Assistant U.S. Attorney for the Southern District of New York.
• Gregory Nojeim (ACLU).

The Thursday, April 28, 2:30 PM hearing addressed one section:

• § 218, titled "Foreign Intelligence Information".

The Subcommittee heard testimony from, and questioned, four witnesses at the 9:30 AM hearing on April 26.

• Patrick Fitzgerald, U.S. Attorney for the Northern District of Illinois.
• David Kris, Time Warner (and former DOJ attorney).
• Kate Martin, Center for National Security Studies.
• Peter Swire, Professor of Law at Ohio State University.

The Subcommittee will hold a hearing on Tuesday, May 3. This hearing will address:

• § 201, titled "Authority to intercept wire, oral, and electronic communications relating to terrorism".
• § 202, titled "Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses".
• § 223, titled "Civil liability for certain unauthorized disclosures".
• § 213, titled "Authority for delaying notice of the execution of a warrant" (which is also known as sneak and peak).

The Subcommittee will hold a hearing on Thursday, May 5. This hearing will address:

• § 212, titled "Emergency disclosure of electronic communications to protect life and limb".

Members of the Crime Subcommittee. The Crime Subcommittee has 16 members, 10 Republicans and 6 Democrats.

Rep. Dan Lungren (R-CA) has taken on the roll of actively defending the DOJ and PATRIOT Act. To a certain degree, Rep. Steve Chabot (R-OH), Rep. Mike Pence (R-IN), and Rep. Louie Gohmert (R-TX) have done the same.

Rep. Howard Coble (R-NC) and Rep. Jeff Flake (R-AZ) are engaging in diligent oversight, asking detailed questions that seek information relevant to concerns that have been raised by Members of Congress, legal scholars, interest groups, reporters and constituents. In addition, Rep. Coble, the Chairman of the Subcommittee, is allowing both critics and defenders of the PATRIOT Act latitude to pursue their lines of questioning, by allowing extensions of time, and second rounds of questioning.

Outside of the hearing room, Rep. Flake (at right) is also expressing criticism of the PATRIOT Act. For example, on April 28 a new caucus named the "Patriot Act Reform Caucus" held a news conference to announce its formation. Rep. Flake is one of the chairs of the caucus. The other participants in the news conference were Rep. Butch Otter (R-ID), Rep. Ron Paul (R-TX), Rep. Bernie Sanders (I-VT), and Rep. Jerrold Nadler (D-NY). Only Rep. Flake is a member of the Crime Subcommittee. Although, Rep. Nadler is a member of the full Committee.

Rep. Bobby Scott (D-VA), the ranking Democrat on the Subcommittee, Rep. John Conyers (D-MI), the ranking Democrat on the full Committee, and Rep. William Delahunt (D-MA) are asking tough questions, and expressing criticisms of parts of the PATRIOT Act. Rep. Scott has been constantly present throughout the hearings. Rep. Delahunt has been present throughout most of the hearings.

Rep. Maxine Waters (D-CA) and Rep. Sheila Lee (D-TX) have been making brief appearances at the hearings to offer pointed criticisms of the PATRIOT Act and the DOJ.

Rep. Mark Green (R-WI), Rep. Ric Keller (R-FL), Rep. Randy Forbes (R-VA), and Rep. Tom Feeney (R-FL) have each played little or no role in the Subcommittee hearings so far.

Rep. Anthony Weiner (D-NY) is not participating. He voted for the PATRIOT Act in 2001. Although, he offered harsh words about the DOJ when Attorney General Alberto Gonzales testified on April 6, 2005. Rep. Marty Meehan (D-MA) is not participating either. He voted for the PA in 2001.

The full Committee membership has 23 Republicans and 17 Democrats. Of the current members, only six voted against the PATRIOT Act in 2001: Rep. Rick Boucher (D-VA), Rep. Conyers, Rep. Lee, Rep. Nadler, Rep. Scott, Rep. Waters, and Rep. Mel Watt (D-NC). All are Democrats.

The House vote on October 24, 2001 was 357-66. See, Roll Call No. 398. Only three of the 66 no votes were cast by Republicans: Rep. Bob Ney (R-OH), Rep. Otter, and Rep. Paul. None are on the HJC.

Related stories published this month:

• "House Judiciary Committee Holds Hearing on PATRIOT Act" in TLJ Daily E-Mail Alert No. 1,112, April 11, 2005.
• "Senate Judiciary Committee Holds Hearing on PATRIOT Act" in TLJ Daily E-Mail Alert No. 1,110, April 6, 2005.
• "Senate Judiciary Committee Hearing Touches on Pen Register and Trap and Trace Device Authority" in TLJ Daily E-Mail Alert No. 1,110, April 6, 2005.

Related Stories in This Issue.

• "House Crime Subcommittee Holds Hearing on Pen Register and Trap and Trace Device Authority"
• "House Crime Subcommittee Holds Hearing on § 209 of PATRIOT Act, Stored Communications and VOIP"
• "House Crime Subcommittee Holds Hearing on § 217 of PATRIOT Act"
• "House Crime Subcommittee Holds Hearing on Library and ISP Records and § 215 of the Patriot Act and National Security Letters"

4/26. The House Judiciary Committee's Subcommittee on Crime Terrorism, and Homeland Security held oversight hearings on Thursday, April 26. It addressed among other topics, §§ 214 and 216 of the PATRIOT Act, which pertain to internet surveillance.

The agenda for the hearing included oversight of the Department of Justice's (DOJ) implementation of § 214, titled "Pen Register and Trap and Trace Authority Under FISA". This section is scheduled to sunset on December 31, 2005.

The agenda did not include § 216, titled "Modification of authorities relating to use of pen register and trap and trace devices". This section is not scheduled to sunset. However, Subcommittee members' questions addressed pen register and trap and trace device (PRTTD) authority generally, and not just § 214.

Rep. Bobby Scott (D-VA), the ranking Democrat on the Subcommittee, questioned the witnesses about what information could be collected with a PRTTD order in the context of e-mail and use of the web. The government witnesses, Mary Beth Buchanan and James Baker, were evasive and non-responsive.

Buchanan is the U.S. Attorney for the Western District of Pennsylvania. See, prepared testimony [PDF]. Baker is Counsel for Intelligence Policy at the DOJ. He is a member of the Senior Executive Service. See, prepared testimony [PDF].

Background on PRTTDs. The government obtains different types of orders for different types of surveillance. There are widely different standards for obtaining different types of orders. For example, there are wiretap orders, PRTTD orders, and Foreign Intelligence Surveillance Act (FISA) orders. A wiretap order, which enables law enforcement agencies to obtain the content of a phone call or e-mail, is issued by a judge upon a showing of probable cause. There are also other requirements. This is often referred to as a Title III order. This is a very high standard.

There is a much lower standard for law enforcement agencies to obtain a PRTTD order. Before passage of the PATRIOT Act, the sections of the criminal code pertaining to PRTTD orders merely authorized the government to obtain outgoing and incoming phone numbers. § 216 of the PATRIOT Act added the words "routing, addressing", thereby enabling PRTTD orders to include e-mail and web addressing and routing information. However, the PATRIOT did not elaborate on the distinction between routing and addressing information and the content of e-mail and web communications.

Under § 216, the court must issue a PRTTD order if the government certifies mere relevance to a criminal investigation. The judge has no discretion. The Supreme Court has upheld this procedure on the basis that only phone numbers are obtained.

Finally, there is a separate, and low, standard for FISA orders. Under the PATRIOT Act, a significant purpose of the surveillance must be foreign intelligence gathering.

The statutes for wiretaps and PRTTD orders were drafted with analog Public Switched Telephone Network (PSTN) voice service in mind. Originally, 18 U.S.C. § 3127 provided that a pen register records the numbers that are dialed or punched into a telephone, while a trap and trace device captures the incoming electronic or other impulses which identify the originating number of an instrument or device from which a wire or electronic communication was transmitted. The PATRIOT Act expanded the scope of surveillance under pen register and trap and trace authority to include internet routing and addressing information. That is, an e-mail address in the "To:" line of an e-mail message is somewhat analogous to the number dialed in a PSTN voice call.

Witness Testimony. Buchanan (at right) wrote in her prepared testimony [6 pages in PDF] that that the PATRIOT Act made the requirements for obtaining a PRTTD order in intelligence investigations similar to the requirements in criminal investigations. "Section 214 of the USA PATRIOT Act allows the government to obtain a pen register order in national security investigations where the information likely is relevant to an international terrorism or espionage investigation. This provision is similar to the 1986 criminal pen register statute (18 U.S.C. § 3121) that has been frequently used by criminal prosecutors to obtain pen registers and trap and trace devices in a variety of criminal investigations." She added that "Pen registers are not used to collect the content of communications." She did not specifically address § 216.

She continued that "Currently under FISA, government officials similarly may seek a court order for a pen register or trap-and-trace device to gather foreign intelligence information or information about international terrorism or espionage. Prior to enactment of the USA PATRIOT Act, however, FISA required government personnel to certify not just that the information they sought was relevant to an intelligence investigation, but also that the facilities to be monitored had been used or were about to be used to contact a foreign agent or an agent of a foreign power, such as a terrorist or spy. Thus, it was much more difficult to obtain an effective pen register or trap-and-trace order in an international terrorism investigation than in a criminal investigation."

She added that "Section 214 of the USA PATRIOT Act brought authorities for terrorism and other foreign intelligence investigations more into line with similar criminal authorities by permitting court approval of FISA pen registers and trap-and-trace orders even though an applicant might be unable to certify at that stage of an investigation that the facilities themselves, such as phones, are used by foreign agents or those engaged in international terrorist or clandestine intelligence activities."

Rep. Scott (at right) pursued a line of questions regarding the distinction between content and addressing and routing information. This was a question that was asked during consideration of the PATRIOT Act in 2001, but never fully answered. Rep. Scott did not receive responsive answers at this hearing.

Buchanan said that the information available is the numbers "being dialed from the telephone". She added that "this is not content information", and that its purpose is "to show connections between individuals".

In response to further questions from Rep. Scott regarding the internet, she asserted that "it is really no different" on the internet. She asserted that "content information is not collected".

Scott persisted by asking several times what information does the government get. Buchanan said "just routing information", but, "there could be inadvertent collection".

In response to a specific question about e-mail subject lines, she said, "No subject line."

Rep. Scott then asked "do you get to know what web site was looked at?" Buchanan then deferred to James Baker. Baker did not provide a responsive answer. He discussed technology, and evaded the inquiry.

Rep. Scott stated that "what web sites you look at has content implications", citing health and book sale web sites. Baker neither confirmed nor disputed this statement.

Rep. Scott asked if the government could use a PRTTD order to obtain "what books I bought off of Amazon.com". Baker did not provide an answer. He did, however, state that business records are not protected under the 4th Amendment, and that business records in the nature of book purchase records are not protected under the 4th Amendment.

TLJ asked Baker after the hearing whether the government has authority under a PRTTD order to obtain the URL of an Amazon.com book order page. He stated again that the 4th Amendment does not apply to business records, including book sales records. He also stated that he will not disclose whether or not the government has used a PRTTD order to obtain the URLs of Amazon.com book order pages. He also stated that he will not disclose whether or not it is the opinion of the DOJ that it has the authority to obtain the URL of an Amazon.com book order page with a PRTTD order.

Neither Baker nor Buchanan stated why they will not answer such basic questions.

A related topic that the witnesses did not address in their prepared testimony or opening statements, and that the members of the Subcommittee did not raise, is the appending of search terms to URLs. For example, if a person were to telephone TLJ and ask if TLJ has published any articles regarding pen registers, then the government would need a Title III order to obtain that conversation. If, however, that person went to Google's web site and conducted a search restricted to the TLJ web site for the words pen and register, then the URL sent to Google would not only include the Google URL, but also the URL of the TLJ web site, and the search terms pen and register. The government witnesses did not address whether this information could be obtained with a PRTTD order.

On April 6, 2005, when Attorney General Gonzales testified before the Senate Judiciary Committee, Sen. Russ Feingold (D-WI) asked about the distinction between content and addressing and routing information. AG Gonzales did not answer the question.

4/21. The House Judiciary Committee's Subcommittee on Crime Terrorism, and Homeland Security held oversight hearings on Thursday, April 21. It addressed among other topics, § 209 of the PATRIOT Act.

§ 209 is titled "Seizure of voice-mail messages pursuant to warrants". This was not a controversial provision during the public debates leading up to enactment of the PATRIOT Act in 2001. It was understood by most people as applying to voice mail messages. However, since 2001, some have argued that the actual language of this section is far broader in scope, and could affect voice over internet protocol (VOIP) services.

The explanation of this interpretation is somewhat intricate. Moreover, the government witness on this subject, Laura Parsky, added no clarity at the hearing. In response to questions on this subject, she evaded, dissembled, and ran out the time clock.

§ 209 provides, in full, as follows:

"Title 18, United States Code, is amended--
  (1) in section 2510--
    (A) in paragraph (1), by striking beginning with `and such' and all that follows through `communication'; and
    (B) in paragraph (14), by inserting `wire or' after `transmission of'; and
  (2) in subsections (a) and (b) of section 2703--
    (A) by striking `CONTENTS OF ELECTRONIC' and inserting `CONTENTS OF WIRE OR ELECTRONIC' each place it appears;
    (B) by striking `contents of an electronic' and inserting `contents of a wire or electronic' each place it appears; and
    (C) by striking `any electronic' and inserting `any wire or electronic' each place it appears."

The first thing that § 209 of the PATRIOT Act did was amend 18 U.S.C. § 2510, which is the definitional section of Chapter 119. That is, Title 18 is the Criminal Code; Chapter 119 of Title 18 is titled "Wire and Electronic Communications Interception and Interception of Oral Communications"; and, §§ 2510-2522 comprise Chapter 119. Chapter 119 pertains to wiretaps.

The second thing that § 209 of the PATRIOT Act did was amend 18 U.S.C. § 2703, which is now titled "Required disclosure of customer communications or records". That is, Chapter 121 of Title 18 is now titled "Stored Wire and Electronic Communications and Transactional Records Access". §§ 2701-2712 comprise Chapter 121. It pertains to stored communications.

Notably, the words "voice mail" do not appear in § 209 of the PATRIOT Act. Most importantly, what § 209 primarily did was replace the word "electronic" with the words "wire or electronic" in § 2703, which enables the government to acquired stored communications.

§ 2703 now provides, in part, that "A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant ..." (Emphasis added.)

In 2001 the DOJ represented that this meant that the government could obtain voice mail under the Stored Communications Act (SCA). That is, the SCA applied to electronic communications. However, voice mail was a wire communications that was stored. Wire communications can be obtained with a wiretap order, but that entails more requirements than a warrant obtained under the SCA.

One witness, Peter Swire, a law professor at Ohio State University, argued that the § 2703 is now quite broad. He wrote in his prepared testimony [12 pages in PDF] that "Section 209 sweeps far more broadly than has been publicly discussed. What if the contents of ordinary telephone calls become stored as a matter of routine? This storage is likely to become far more common with the imminent growth of Voice over Internet Protocol ("VoIP") telephone calls. VoIP uses the packet-switching network of the Internet to connect telephone calls rather than the traditional circuit-switching used by established phone systems."

Swire wrote that "Use of VoIP is likely to result in a drastic increase in storage of the content of telephone calls for at least two reasons. First, the use of computers for making telephone calls makes it trivially easy for one party to store the contents of the conversation. This ease of storage comes at a time of plummeting cost of computer storage, as shown in the enormously greater size of today’s typical hard drives. Ordinary users may store phone calls in the future the way they store e-mails and photos today or log their instant message sessions."

Swire also wrote that "A second technological change with VoIP is the likelihood that there will be systematic ``caching,´´ or storage, of telephone communications at the network level. One existing product, for instance, is called ``CacheEnforcer.´´ CacheEnforcer stores communications for a group of users, such as for a company or a network operated by a university."

He concluded that "If Section 209 is retained in its current form, then the stored phone calls of our near future will be available to law enforcement with less than a probable cause warrant. Now we see how misleading it is to describe Section 209 as ``seizure of voice mail messages pursuant to warrants.´´ Section 209 applies to all stored ``wire´´ communications (that is, to all stored telephone communications), and not just to voice mail. In addition, Section 209 would often allow law enforcement access to these conversations with less than a warrant, such as through a 2703(d) order." (Parentheses in original.)

He repeated these same arguments in his oral testimony, and in response to questions.

Swire was able to testify at the hearing about his analysis of the statute. He was also able to relate discussions during the Clinton administration, for which he worked. But this was long before passage of the PATRIOT Act. He could not testify as to how the DOJ interprets this section, how the DOJ is using this section, or how the DOJ might use this section in the future.

Laura Parsky, a Deputy Assistant Attorney General in the DOJ's Criminal Division, is the DOJ's lead person on this topic. She was present at the hearing. She could have addressed the issues raise by Swire. But she did not, either in her prepared testimony, or in response to questions from the Subcommittee.

Rep. Howard Coble (R-NC) and Rep. Bill Delahunt (D-MA) questioned her about the issues raise by Swire. However, she provided evasive non-responsive answers.

Hence, at the conclusion of the hearing, it remained unclear, from the public record, how the DOJ interprets and uses § 209, and how this might be affecting privacy and liberty interests of individuals.

Another issue, that was addressed by witnesses, is what difference does it make if Swire's analsysis is correct, and/or if the DOJ does actually use § 209 rather than a Title III order, for example, to obtain cached files associated with VOIP communications.

Both a stored communications order and a wiretap order require a judge to issue an order upon a finding of probable cause. Hence, there is a significant safeguards with both.

However, there are additional things that are required for a Title III order that are not required for a stored communications order. A wiretap order can only be issued if the investigation involves one of the enumerated crimes that can serve as a predicate for the issuance of a wiretap order. Also, a wiretap order also requires the involvement of a high ranking official of the DOJ.

There is also the matter of suppression of evidence illegally obtained. That is, 18 U.S.C. § 2515, titled "Prohibition of use as evidence of intercepted wire or oral communications", applies to Title III wiretaps, but not to the accessing of stored communications.

§ 2515 provides that "Whenever any wire or oral communication has been intercepted, no part of the contents of such communication and no evidence derived therefrom may be received in evidence in any trial, hearing, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the United States, a State, or a political subdivision thereof if the disclosure of that information would be in violation of this chapter."

Finally, it should be noted that the statutory provisions regarding stored communications also draw distinctions between read and unread e-mail and between newer and older e-mail, and provide that some is available with a mere subpoena.

TLJ attempted to speak with Laura Parsky about this issue. An assistant told TLJ that she would not speak with TLJ. TLJ also attempted to speak with someone in the DOJ's Office of Public Affairs (OPA). No one from the OPA has returned a phone call from TLJ since Gonzales became Attorney General.

Another witness at the hearing took a broader view of government access to individual's stored communications. James Dempsey, Executive Director of the Center for Democracy and Technology (CDT), wrote in his prepared testimony [PDF] that "A storage revolution is sweeping the field of information and communications technology. Service providers are offering very large quantities of online storage, for email and potentially for voicemail. Increasingly, technology users are storing information not in their homes or even on portable devices but on networks, under the control of service providers who can be served with compulsory process and never have to tell the subscribers that their privacy has been invaded. New Voice over Internet Protocol (VoIP) services may include the capability to store past voice conversations in a way never available before, further obliterating the distinction between real-time interception and access to stored communications."

He continued that "Section 209 takes a seemingly small category of information out of the full protection of the Fourth Amendment and moves it under the lowered protections accorded to remotely stored communications and data. But stored voicemail is the tip of an iceberg. Increasingly, individuals are using stored email to store documents, including draft documents on computers operated by service providers and accessed through a Web interface."

He recommended to the Subcommittee that "Rather than allowing growing amounts of personal information to fall outside the traditional protections of the Fourth Amendment, it is time to revisit the rules for networked storage (whether of voice or data) and bring them more in line with traditional Fourth Amendment principles, by requiring contemporaneous notice as the norm and covering both newer records and older records (again, whether voice or data) under the same probable cause standard. That would be truly technology neutral and would have the advantage of not allowing technology advances to erode privacy protections."

Laura Parsky's prepared testimony [20 pages in PDF] addressed § 209 solely in the context of voice-mail and e-mail. She wrote that "Section 209 rendered the rules for stored voicemail messages more consistent with those for other types of stored messages such as electronic mail (e-mail) and answering machine messages. Prior to the Act, access to stored voicemails was unnecessarily encumbered by rules designed to apply to on-going access to live communications rather than the rules for a single access to stored communications." She did not address VOIP communications.

Nor did Steven Martinez, Deputy Assistant Director of the FBI's Cyber Division. He wrote in his prepared testimony § 209 "permits law enforcement officers to seize voice mail with a search warrant rather than a surveillance, or Title III, order." He added that "The importance of this provision is best understood in the context of how often terrorists and other criminals rely on technology to relay their plans to each other instead of risking face-to-face in-person meetings."

§ 209 is not limited to seizures in terrorism related investigations.

The story titled "Supreme Court Rules in Hoffer v. Microsoft" in TLJ Daily E-Mail Alert No. 1124, April 27, 2004, contained an error in the title. It should have been titled "Appeals Court Rules in Hoffer v. Microsoft".

The House will not meet. It will next meet on May 2.

The Senate will not meet. It will next meet on May 9.

RESCHEDULED FROM APRIL 28. 9:30 AM. The Federal Communications Commission (FCC) will hold an event titled "Open Meeting". See, agenda [PDF]. The event will be webcast by the FCC. Location: FCC, 445 12th Street, SW, Room TW-C05 (Commission Meeting Room).

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its notice of proposed rulemaking (NPRM) [460 pages in PDF] in its proceeding titled "In the Matter of: Implementation of the Satellite Home Viewer Extension and Reauthorization Act of 2004 Implementation of Section 340 of the Communications Act". See also, FCC release [PDF]. This NPRM is FCC 05-24 in MB Docket No. 05-49. The FCC adopted this NPRM on February 4, 2005, and released it on February 7, 2005. See, story titled "FCC Releases SHVERA NPRM Regarding Significantly Viewed Signals" in TLJ Daily E-Mail Alert No. 1,073, February 9, 2005.

Deadline to submit nomination to the Internal Revenue Service (IRS) for membership on its Electronic Tax Administration Advisory Committee (ETAAC). See, IRS release and notice in the Federal Register, February 28, 2005, Vol. 70, No. 38, at Page 9701-9702.

The House will meet at 2:00 PM.

The Senate will not meet on Monday, May 2 through Friday, May 6. See, Senate calendar.

Day one of a three day event hosted by Internet2 and titled "Spring 2005 Internet2 Member Meeting". See, notice. Location: Crystal Gateway Marriott, 1700 Jefferson Davis Highway, Arlington, VA.

10:00 AM. The House Judiciary Committee's (HJC) Subcommittee on Crime, Terrorism, and Homeland Security will hold the fifth of its oversight hearing on the implementation of the USA PATRIOT Act. This hearing will address §§ 201, 202, and 223 (regarding wiretaps), and § 213 (regarding delayed notice of search warrants). The hearing will be webcast by the HJC. Press contact: Jeff Lungren or Terry Shawn at 202 225-2492. Location: Room 2141, Rayburn Building

12:00 NOON - 2:00 PM. The DC Bar Association will host a panel discussion titled "KP Permanent Make-Up v. Lasting Impression, Inc.: Fair Use and Likelihood of Confusion". The scheduled speakers are Beth Brinkmann (Morrison & Foerster, counsel for Lasting Impression), Patricia Millett (Assistant to the Solicitor General), Christine Farley (American University Washington law school). See, notice. Prices vary from $10 to $30. For more information, call 202-626-3463. Location: D.C. Bar Conference Center, B-1 Level, 1250 H St., NW.

2:00 PM. The U.S. Court of Appeals (FedCir) will hear oral argument in Aptix v. Quickturn Design. This is an appeal from the U.S. District Court (NDCal) in a patent case. This case is D.C. No. C 98-00762 WHA (EDL) and App. Ct. No. 04-1368. Location: Courtroom 402, 717 Madison Place, NW.

Day two of a three day event hosted by Internet2 and titled "Spring 2005 Internet2 Member Meeting". See, notice. Location: Crystal Gateway Marriott, 1700 Jefferson Davis Highway, Arlington, VA.

10:00 AM. The House Financial Services Committee will hold a hearing titled "Assessing Data Security: Preventing Breaches and Protecting Sensitive Information". Location: Room 2128, Rayburn Building.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Ericsson v. Harris. This is an appeal from the U.S. District Court (NDTex) in a patent infringement case involving cellular telephony. This case is D.C. No. 3-98 CV 2903-M and App. Ct. No. 04-1444. Location: Courtroom 203, 717 Madison Place, NW.

1:00 - 5:00 PM. The U.S. Patent and Trademark Office's (USPTO) Nanotechnology Customer Partnership will hold a meeting. RSVP to Jill Warden at jill dot warden at uspto dot gov or 571 272-1267. See, notice. Location: USPTO, Madison Auditorium, South Side, 600 Dulany Street, Alexandria, Virginia.

2:00 - 4:00 PM. The Federal Communications Commission's (FCC) World RadioCommunication 2007 (WRC-07) Advisory Committee's Informal Working Group 3: IMT-2000 and 2.5 GHz Sharing Issues will meet. Location: FCC.

9:00 AM - 6:00 PM. Pulver.com will host a one day conference titled "IP-Based Communications Policy Summit". See, conference web site. Location: Plaza Hotel.

Day three of a three day event hosted by Internet2 and titled "Spring 2005 Internet2 Member Meeting". See, notice. Location: Crystal Gateway Marriott, 1700 Jefferson Davis Highway, Arlington, VA.

9:15 AM - 12:15 PM. The American Enterprise Institute (AEI) will host an event titled "The Effect of Wireless Telecommunications on Economic Development in Africa". The speakers will be Gregory Sidak (AEI), Leonard Waverman (London Business School), Edward Graham (Institute for International Economics), Scott Wallsten (AEI), Diane Coyle (Enlightenment Economics), Neil Gough (Vodafone Group), and Claude Barfield (AEI). See, notice and registration page. Location: 12th floor, 1150 17th St., NW.

10:00 AM. The House Judiciary Committee's (HJC) Subcommittee on Crime, Terrorism, and Homeland Security will hold the sixth of its oversight hearing on the implementation of the USA PATRIOT Act. This hearing will address § 212, titled "Emergency disclosure of electronic communications to protect life and limb". The hearing will be webcast by the HJC. Press contact: Jeff Lungren or Terry Shawn at 202 225-2492. Location: Room 2141, Rayburn Building.

9:30 AM. The U.S. Court of Appeals (DCCir) will hear oral argument in Preston Small v. FCC, No. 04-1056. Judges Edwards, Henderson and Tatel will preside. Location: Prettyman Courthouse, 333 Constitution Ave., NW.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Datamize v. Plumtree Software, No. 04-1564. This is patent case involving internet portal technology. Location: Courtroom 203, 717 Madison Place, NW.

12:15 - 1:45 PM. The New America Foundation (NAF) will host a brown bag lunch titled "Hot Property: The Threat of Intellectual Property Theft to our Economy and Safety". The speakers will be Pat Choate, author of Hot Property: The Stealing of Ideas in an Age of Globalization [Amazon], and Barry Lynn (NAF). RSVP to Jennifer Buntman at 202 986-4901 or buntman at newamerica dot net. See, notice. Location: NAF, 1630 Connecticut Ave, 7th Floor.

Day two of a two day conference hosted by the Computer Law Association (CLA) titled "CLA World Computer and Internet Law Conference". See, conference brochure [PDF]. Location: Park Hyatt Hotel, 24th at M St. NW.

4/21. The House Judiciary Committee's Subcommittee on Crime Terrorism, and Homeland Security held an oversight hearing on Thursday, April 21. It addressed among other topics, § 217 of the PATRIOT Act, titled "Interception of Computer Trespasser Information".

Government witnesses argued that this section is necessary to enable e-commerce businesses and ISPs to work with law enforcement agencies to catch computer hackers. Other witnesses argued that there are no protections against misuse and abuse. The risk, they argued, is that the government, with no court approval, could monitor the communications of all of the users and customers of an ISP indefinitely.

§ 217 of the PATRIOT Act added a new subsection (i) to 18 U.S.C. § 2511, which contains the basic prohibition against interception of communications. § 2511(a) provides that any person who "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication" shall be punished.

§ 217 adds a new exception for government interception of computer trespassers, where the owner of the trespassed computer consents. It provides as follows:

"It shall not be unlawful under this chapter for a person acting under color of law to intercept the wire or electronic communications of a computer trespasser transmitted to, through, or from the protected computer, if--
  (I) the owner or operator of the protected computer authorizes the interception of the computer trespasser's communications on the protected computer;
  (II) the person acting under color of law is lawfully engaged in an investigation;
  (III) the person acting under color of law has reasonable grounds to believe that the contents of the computer trespasser's communications will be relevant to the investigation; and
  (IV) such interception does not acquire communications other than those transmitted to or from the computer trespasser."

§ 217 also amends 18 U.S.C. § 2510, which is the definitional section of Chapter 119. Title 18 is the Criminal Code; Chapter 119 of Title 18 is titled "Wire and Electronic Communications Interception and Interception of Oral Communications"; and, §§ 2510-2522 comprise Chapter 119. Chapter 119 pertains to wiretaps. § 217 provides definitions for the terms "protected computer" and "computer trespasser".

Steven Martinez, Deputy Assistant Director of the FBI's Cyber Division, wrote in his prepared testimony, that § 217 "makes the law technology-neutral. Section 217 places cyber-trespassers -- those who are breaking into computers -- on the same footing as physical intruders. Section 217 allows the victims of computer-hacking crimes voluntarily to request law enforcement assistance in monitoring trespassers on their computers. Just as burglary victims have long been able to invite officers into their homes to catch the thieves, hacking victims can now allow law enforcement officers into their computers to catch cyber-intruders."

He also argued that § 217 "enhances privacy. First, it is carefully crafted to ensure that law enforcement conducts monitoring against trespassers in a manner entirely consistent with protecting the privacy rights of law abiding citizens. Second, the essence of the section -- to help catch hackers -- serves a vital function in the FBI's ability to enforce data privacy laws."

Martinez concluded that § 217 "has played a key role in a variety of hacking cases, including investigations into hackers’ attempts to compromise military computer systems. Allowing section 217 to expire at the end of this year would help computer hackers avoid justice and prevent law enforcement from responding quickly to victims who are themselves asking for help."

Laura Parsky, a Deputy Assistant Attorneys General in the DOJ's Criminal Division, wrote in her prepared testimony [20 pages in PDF] that this section "brought criminal procedures up to date with modern technology", and that it "did not adversely affect any legitimate privacy rights".

She also argued that "Because computer owners often lack the expertise, equipment, or financial resources required to monitor their systems themselves, they commonly have no effective way to exercise their rights to protect themselves from unauthorized attackers."

Both Parsky and Martinez used the analogy of home owners. They said that owners can invite the police into their homes to arrest a buglar. They argued that operators of computer systems should be able to do the same to enable police to catch computer hackers.

The analogy has limitations. In the case of homeowners and burglars, there are no third parties. In contrast, when police, or the FBI's cyber division, monitor a computer system, they may access the communications, not only of the computer trespassers, but also the legitimate users of that computer system.

Rep. Howard Coble (R-NC) asked the government witnesses who it is under § 217 that has an expectation of privacy.

Parsky responded by discussing the threats posed by computer hackers, including identity theft. Martinez discussed how the government works cooperatively with e-commerce businesses.

Peter Swire, a law professor at Ohio State University, said that it is the e-commerce customers and e-mail users who have an expectation of privacy.

Parsky said that this is a consent situation. Swire shook his head in disbelief.

Swire provided prepared testimony [12 pages in PDF]. He wrote that § 217 "lacks logical safeguards against abuse."

He argued that § 217 should, and as drafted, does, "enable system owners and law enforcement to coordinate effectively in facing hacker attacks". He also argued that § 217 "should not become a license for widespread wiretapping by law enforcement." He argued that as drafted, it fails on this second criteria.

The first problem, according to Swire, is there is no requirement that the authorization from the owner of the computer system be in writing.

"It will provide the name of the person inside the organization who takes responsibility for inviting law enforcement to review the e-mails and other computer traffic at the organization. If there is any dispute after the fact about what happened, law enforcement will have the benefit of being able to show the authorization. The system owner or operator will have the benefit of knowing that an employee has taken a proven, written step to authorize law enforcement to enter. That will reduce the risk that any law enforcement officers will talk their way into a computer system without true consent by the system owner. In addition, customers and users of the system will have the benefit of knowing that the system owner actually did consent to having communications monitored", wrote Swire.

Swire also argued that there should be a reporting requirement, to disclose "how often and in what contexts Section 217 has been used".

Finally, Swire argued that "there should be a statutory suppression remedy for exceeding the scope of permitted wiretapping".

Swire offered one possible scenario: "suppose that law enforcement arm-twists a major ISP to let law enforcement camp at the ISP and look at all the e-mails. Under current Section 217, all of the e-mails of all of the users could become grist for future investigations. All of them could be used in subsequent trials, against ordinary e-mail users who had no connection at all to computer hacking."

He concluded that "The lack of a suppression remedy means that law enforcement can violate the wiretap laws with respect to e-mail and web surfing with essentially no legal repercussion."

Jim Dempsey, Executive Director of the Center for Democracy and Technology, was similarly critical of § 217. He wrote in his prepared testimony [8 pages in PDF] that it allows "off the books surveillance". There is no judicial order, no report to a court, no time limits on intercepts,  no notice to the people whose communications have been intercepted, and no reporting of data to the Congress.

Dempsey argued that except in the case of emergency intercepts, there should be a requirement that the government obtain a Title III wiretap order, and the statutory suppression rule should apply.

At the conclusion of the hearing, Rep. Bobby Scott (D-VA), the ranking Democrat on the Subcommittee, asked about the consequences, "if AOL doesn't care about our privacy".

4/28. The House Judiciary Committee's Subcommittee on Crime Terrorism, and Homeland Security held oversight hearings on Thursday morning, April 28. It addressed among other topics, § 215 of the PATRIOT Act.

§ 215 of the PATRIOT Act is perhaps the most controversial of the provisions set to sunset at the end of this year. It pertains to access to business records under the Foreign Intelligence Surveillance Act (FISA). However, library records are a form of business records, and interest groups such as the American Library Association (ALA) oppose the provision. In contrast, the Department of Justice (DOJ) remains adamant about the importance of extending this provision.

§ 215 of the PATRIOT Act is titled "Access to records and other items under the Foreign Intelligence Surveillance Act". The Foreign Intelligence Surveillance Act (FISA) only applies to foreign powers, and agents of foreign powers, including international terrorists. § 501 of the FISA enables the FBI to obtain from a judge or magistrate an order requiring the production business records. While the statute does not expressly include library records, it is not disputed that library records could be obtained.

§ 215 rewrote § 501 of the Foreign Intelligence Surveillance Act (FISA), which is codified in Title 50 as § 1861. It pertains to "Access to Certain Business Records for Foreign Intelligence and International Terrorism Investigations". § 215 (of the PATRIOT Act) replaced §§ 501-503 (of the FISA) with new language designated as §§ 501 and 502.

Currently, § 501 (as amended by § 215) requires that an application to a judge or magistrate "shall specify that the records concerned are sought for an authorized investigation conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities." Allowing § 215 to sunset  would raise the standards for obtaining a FISA order for business records.

The Subcommittee heard from three current or former DOJ employees. James Baker, Counsel for Intelligence Policy at the DOJ, wrote in his prepared testimony that § 215 "allows the FBI to obtain business records or other tangible things under FISA pursuant to a FISA Court order if the items relate to an ongoing authorized national security investigation ..."

Baker also addressed libraries. He wrote that "Prosecutors have always been able to obtain records from libraries and bookstores through grand jury subpoenas. Libraries and booksellers should not become safe havens for terrorists and spies. While section 215 has never been used to obtain such records, last year, a member of a terrorist group closely affiliated with al Queda used Internet service provided by a public library to communicate with his confederates. Furthermore, we know that spies have used public library computers to do research to further their espionage and to communicate with their co-conspirators."

Kenneth Wainstain, interim U.S. Attorney for the District of Columbia, wrote in his prepared testimony that "Asking law enforcement to effectively investigate and prosecute crime without using grand-jury subpoenas to obtain records would be like asking Tiger Woods to win the Masters without using a putter."

Rep. Howard Coble (R-NC) asked the government witnesses if the 9/11 terrorists used libraries. Wainstain responded that several had. A member of the Committee staff told TLJ that this was the first time that the DOJ publicly disclosed this.

The Committee promptly transcribed the relevant portion of Wainstain's response.

He stated that "Investigators received information that individuals believed to be Wail Al Shehri, Waleed Al Shehri, and Marwan Al Shehhi visited the Delray Beach Public Library, in Delray Beach, Florida. Wail Al Shehri and Waleed Al Shehri entered the library one afternoon in July of 2001 and asked to use the library’s computers to access the Internet. After about an hour, a third man, Marwan Al Shehhi, joined the two. Waleed and Wail Al Shehri were hijackers aboard American Airlines Flight 11, while Al Shehhi was the pilot who took control of United Airlines Flight 175. Both of those flights crashed into the World Trade Center on September 11th." See, HJC release [2 pages in PDF]

"A witness, who recognized photos of the three individuals that ran in newspaper articles after September 11, provided the information about the Delray Beach library visit. While no records exist to confirm the hijackers’ visit to the Delray Beach library, the timing, location, and behavior described by the witness are consistent with other information gathered in the course of the investigation", said Wainstain.

"In addition, investigators tracing the activities of the hijackers determined that, on four occasions in August of 2001, individuals using Internet accounts registered to Nawaf Al Hazmi and Khalid Al Mihdar -- 9/11 hijackers -- used public access computers in the library of a state college in New Jersey. The computers in the library were used to review and order airline tickets on an Internet travel reservations site. Al Hazmi and Al Mihdar were hijackers aboard American Airlines Flight 77, which took off from Dulles Airport and crashed into the Pentagon. The last documented visit to the library occurred on August 30, 2001. On that occasion, records indicate that a person using Al Hazmi’s account used the library’s computer to review September 11 reservations that had been previously booked", said Wainstain.

In addition, Rep. James Sensenbrenner (R-WI), the Chairman of the full Committee, who was not present for this exchange, commented on it in the HJC release.

He stated that "Today we learned the 9/11 murderers used our public libraries to access the Internet and help plan their travel prior to 9/11. This newly released information demonstrates the critical importance of the PATRIOT Act’s Section 215, which allows for the production of business records with a FISA court order. Section 215 provides -- with appropriate safeguards -- the tools necessary to help disrupt and prevent future terrorist attacks. We put Americans' lives at risk if we foolishly provide sanctuaries -- even in our public libraries -- for terrorists to operate."

Rep. Dan Lungren (R-CA) and Rep. Louie Gohmert (R-TX), who are defending the DOJ and the PATRIOT Act at these hearings, emphasized this revelation.

In contrast, Rep. John Conyers (D-MI), the ranking Democrat on the Committee, stated that the Committee only gets information when the DOJ's surveillance powers are about to expire. And, "other than that, we get stiffed".

Gregory Nojeim, of the ACLU, offered an opposing viewpoint. First, while the agenda for this hearing specified § 215 and § 206 (regarding roving wiretaps in FISA investigations), Nojeim said that the Committee should consider § 215 and § 505(a) (which pertains to national security letters) in conjunction.

The gist of his argument was that even if the Congress amended § 215 to exempt library records, the FBI could still obtain a library's internet use records from its ISP with a national security letter under the new powers provided by § 505(a) of the PATRIOT Act. Nojeim noted that this would only provide the FBI with internet use records, and not with the library's book checkout records.

He elaborated in his written testimony that "For both section 215 records searches and national security letters, the Patriot Act removed from the law the requirement that the records being produced pertain to an ``agent of a foreign power,´´ -- that is, foreign countries, businesses, and terrorist organizations. This significantly expanded law enforcement access to records pertaining to Americans. In these days of data mining, one cannot ignore this stark fact: under these provisions, the government can easily obtain records pertaining to thousands of Americans who have nothing to do with terrorism, so long as the records are sought for, or are allegedly relevant to, one of these investigations."

He also stated that the PATRIOT Act "expanded national security letter authority to allow the FBI to issue a letter compelling Internet Service Providers ... to produce records about people who use or benefit from their services."

Nojeim also contradicted the government witnesses' claims that § 215 makes the FISA process more like a criminal grand jury subpoena. He argued that in contrast, § 215 and § 505(a) "indicate that the recipient can tell no one that the recipient has received the order or letter, including any attorney with whom they may like to consult." That is, a recipient can challenge a subpoena, but not a § 215 or national security letter. Nojeim called this a "gag".

Earlier this month Attorney General Alberto Gonzales stated that the DOJ now interprets the national security letter statute to allow a recipient to consult an attorney. James Baker repeated this at the April 28 hearing.

Nojeim countered that "they took this position after we sued them".

Tech Law Journal publishes a free access web site and subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year. However, there are discounts for subscribers with multiple recipients. Free one month trial subscriptions are available. Also, free subscriptions are available for journalists, federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until one month after writing. See, subscription information page.

Contact: 202-364-8882.
P.O. Box 4851, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998 - 2005 David Carney, dba Tech Law Journal. All rights reserved.