One of the nation's top advocates for civil liberties in cyberspace has one message for the U.S. Justice Department: Show Americans whether and just how far the government has been using the so-called Patriot Act to spy on your Internet reading habits without their knowing about it.
"It's been over three years since the USA Patriot Act was passed, and (Justice) still hasn't answered the public's simple question: 'Can you see what we're reading on the Web without probable cause?'" said EFF staff attorney Kevin Bankston and Equal Justice Works fellow Bruce J. Ennis, after the group filed a Freedom of Information Act request for Justice documents that might provide the answers January 14.
"Much of Patriot is coming up for review this year," Bankston and Ennis continued, "but we can never have a full and informed debate of the issues when the DOJ won't explain how it has been using these new surveillance powers."
The EFF is challenging Section 216 of the Patriot Act, which broadened the federal government's authority to perform surveillance in criminal investigations through pen registers or trap-and-trace devices, known together as pen-traps.
Pen-traps collect information about numbers dialed on telephones without recording actual phone conversations, which makes pen-trap authorization easy to get in court. But Section 216 expanded that to include devices monitoring Internet communications, where the line between content and non-content is "a lot blurrier," the EFF said, than on telephone calls.
And while Justice has said Section 216 allows pen-traps to gather e-mail and Internet protocol addresses, the department hasn't exactly been so open about saying whether they've been performing that or more detailed Web surveillance on ordinary Netizens, the EFF said.
"(Justice) won't reveal whether it believes URLs can be collected using pen-traps, despite the fact that URLs clearly reveal content by identifying the web pages being read," the group said.
Chicago-based attorney J.D. Obenberger said Justice's "party line," regarding Section 216, is that pen-trap authority even expands to the "to," the "from," and the subject line of an e-mail message, and that even an Internet service provider routing e-mail originating through one server to another such server can be subject to pen-trap surveillance.
"If the government thinks that the header information on an e-mail or the subject line on an e-mail isn't the subject of a reasonable expectation of privacy, they're nuts," he said.
The Justice Department has insisted that Section 216 preserves all pre-existing surveillance standards, including and especially court approval before installing a pen-trap register and showing that the information being requested is in fact relevant to an ongoing investigation.
"In fact," the DOJ's Web page on "dispelling the myths" about the Patriot Act says, "Section 216 enhanced the privacy protections in the pen-register statute. It made explicit that anyone using a pen register has an affirmative obligation to avoid the collection of content."
