The Patriot Act, Cyber-Edition
Lockheed Martin employees at work in the company’s NexGen Cyber Innovation and Technology Center, which monitors internet threats, in Gaithersburg, Maryland. (photo: Eric Schulzinger/Lockheed Martin Corp.)
Written by Zachary Katznelson, American Civil Liberties Union
Cybersecurity is the new buzzword in Washington, capturing a wide range of potential responses to internet-related threats both real and imagined. Congress is starting to play a role, considering legislation that purports to make cyberspace more secure. But many of the solutions being offered echo those of the deeply flawed Patriot Act, enacted ten years ago this month.
Just as the Patriot Act swept aside long-standing constitutional protections against government prying into private lives, current cybersecurity proposals threaten to expand the government’s ability to collect personal information – even when there is no indication that the people targeted have been involved in any wrongdoing.
Over the past decade, we have learned that such policies fail on two fronts: they are largely ineffective and they violate civil liberties.
The Patriot Act presumes that if the government could know more of what we do with our daily lives by monitoring our e-mails and phone calls, downloading our financial transactions, and tracking our locations, it could spot patterns and find terrorists. The Fourth Amendment’s prohibition against unreasonable searches have mattered little as claims of national security swept such concerns aside.
That thinking has led even further, to warrantless wiretapping and government databases so massive that numbers most of us have never heard of (like yottabytes) have to be used to quantify the data taken in. But counter-terrorism officials consistently lament being swamped with reports and analyses while trying to come to grips with the astronomical amount of data our powerful computers struggle to collate and interpret. In seeking the needle of terrorism, we have built the biggest haystack in history.
As we turn to the challenge of cybersecurity, we should be careful not to repeat past mistakes.
The Obama administration’s plan again seeks to gather more and more private information about regular citizens in the hope of spotting patterns. Under this proposal, private companies would be asked to hand over increasing amounts of our personal information. Once more, information gathering would be incredibly broad, sweeping in law-abiding Americans against whom there is not even a hint of alleged wrongdoing. In the name of making us safe, we once again face the prospect of flooding our systems with excessive information, and hamstringing the officials trying to protect us.
There cannot be a meaningful debate about these policies until the public knows what the government is already doing with our private information. The government currently collects reams of data from private companies, some demanded, some handed over voluntarily. But we have no idea how much or how often, or maybe even more importantly, what is done with all these private details once they are in government hands. That is all kept secret.
As citizens, we deserve to know what the companies holding our financial details, communications records, and other personal information are doing with it – and what the government is requiring of them. For that reason, the ACLU has filed a Freedom of Information Act request to learn more about how corporations and the government already pass our private information back and forth.
To date, no government agency has revealed anything in response. Before Washington asks for even more power to sweep in data, surely it should disclose how much it takes in now. We must avoid the Patriot Act’s pitfalls: a civil-liberties-defying policy that might actually make things worse.
Zachary Katznelson is a senior staff attorney with the ACLU National Security Project. He can be reached by email at email@example.com .