Peter Swire on new intelligence reform bill in Congress [priv]

[Declan McCullagh <declan () well com>]

-------- Original Message --------
Subject:        Swire comments on Hastert bill on intelligence reform
Date:   Mon, 27 Sep 2004 09:43:59 -0400
From:   Peter Swire <peter () peterswire net>
To:     Declan McCullagh <declan () well com>



Declan:
 
    Some congressional staffers asked me to analyze the bill that 
Speaker Hastert introduced on Friday on how to do intelligence reform.  
The bill is scheduled for markup this Wednesday in the House Judiciary 
Committee.  Perhaps the following comments can highlight some particular 
problems with the current bill. (There are undoubtedly more problems 
with the bill, but this is a start.)
 
    Overall, the most glaring privacy problem with the bill is that it 
does not create any mechanism government-wide to serve as a watchdog on 
privacy and civil liberties.  A huge theme of the bill is "information 
sharing."  But its approach is silo-by-silo, with a separate privacy 
officer in various agencies and a "civil liberties protection officer" 
for the National Intelligence Director.  There is little reason to think 
that this bill will allow any inter-agency, coordinated control on 
privacy or civil liberties.
 
    By contrast, the current Senate bill understands that there needs to 
be a function within the Executive Office of the President that 
coordinates privacy and information sharing across agencies.  It creates 
a Civil Liberties Board as specifically called for by the 9/11 
Commission.  Offering that provision as a substitute for Section 1022 
would be a big improvement.
 
    Perhaps the majority is trying to have the inter-agency management 
of these issues be done through the civil liberties board created 
recently by Executive Order by President Bush.  My editorial at 
http://www.americanprogress.org/site/pp.asp?c=biJRJ8OVF&b=180251 
<http://www.americanprogress.org/site/pp.asp?c=biJRJ8OVF&b=180251> explains 
why the Executive Order is so badly flawed.
 
    Here are some more specific comments:
 
    Sec. 1022 on Civil Liberties Protection Officer. What is missing 
here is what is included in the Collins-Lieberman draft, such as: an 
annual report; stronger subpoena powers; power to get advisory 
committees of experts on information privacy and civil liberties, and so 
on.  Include the Senate bill provision as a substitute, or add the 
powers piece-by-piece.
 
    Section 2001.  Strike the "lone wolf" provision.  FISA orders 
outnumbered all law enforcement wiretap orders in 2003, for the first 
time.  A long-term wiretap is now allowed under FISA for any "agent of a 
foreign power", which includes international terrorist groups.  Without 
the requirement of a link to a foreign power, there are grave 
constitutional questions about whether this secret wiretap is allowed 
under the Fourth Amendment.  Furthermore, the "lone wolf" provision 
opens the door wide to surveillance of citizens for 
domestic surveillance and law enforcement purposes.  Searches within the 
U.S. should still presumptively be done in compliance with the Fourth 
Amendment.  My article on "The System of Foreign Intelligence Law", with 
a detailed history of FISA and many reform proposals, is at 
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=586616 .  (That 
article is too detailed for use at markup this week, but addresses many 
issues relevant to updating of the Patriot Act.)
 
    Section 2023.  False Statements in Terrorism Cases.  This provision 
increases penalties for false statements in "terrorism" cases.  The 
problem here is that an ordinary identity theft case can become a 
"terrorism" or "material assistance to terrorism" case if someone gets 
false immigration papers and then there is a small link to alleged 
terrorist funding sources such as a charity.  There is no evidence that 
the problem has been the lack of penalties for people properly convicted 
of being involved in terrorism.  The problem is that the Justice 
Department has essentially found no cases that are really terrorist 
cases.  Strike the provision.
 
    Section 2142.  Criminal History Information Checks.  This provision 
lacks all of the checks and balances one would expect to see: (1) There 
are no re-disclosure limits.  That means the employer can place the 
criminal history information up on the Internet after receiving the 
record from the government. (2) There are no requirements that the 
employer be in good faith when seeking the information from the 
government.  False requests for records would be ridiculously easy to 
do. Fraudulent requests for records would also be easy.  (3) There is no 
required notice to or consent by the employee who applies that the 
background check will be run, with notice of where to get access and 
correction if there are mistakes about the employee's records.
    In general, the Fair Credit Reporting Act has the provisions in 
place to prevent abuse.  The criminal history provision has not begun to 
grapple with the basic due process for criminal records and fingerprints 
that we of course require when people (including employers) seek a 
credit history.
 
    Section 2183.  Registered Traveler Program.  Prominent security 
experts have made compelling arguments about how the registered traveler 
program would actually decrease security.  In short, enrolling a member 
in the program would become the logical target for every terrorist 
group.  Once the group had a member in the group, there would be a 
guaranteed easy route to getting on a plane with less scrutiny.  Instead 
of "expediting" the program, the program should receive much more 
careful scrutiny.
 
    Section 5091.  Rulemakings require privacy impact assessments.  This 
is a promising provision.  The scope of the PIAs should include: "(v) an 
explanation of what legal and other mechanisms will assure compliance 
with the privacy protections described in the assesment."  The current 
draft requires the PIA to set forth the protections for notice, consent, 
access, etc., but does not contemplate any discussion about how the 
supposed protections will actually be implemented over time.
 
    Section 5091.  Disclosure of PIAs to the public.  Currently the bill 
allows a national security determination when a PIA cannot be made 
public.  That approach basically follows the E-Government Act of 2002 
for not having some PIAs be made public for national security purposes.  
The bill should also have the provisions of the E-Gov Act, though, that 
requires the agency to send such PIAs in full to the Office of 
Management and Budget.  That way the agency still has some 
accountability to persons outside of the agency, and Congressional 
oversight is possible by asking OMB for information (available to 
Congress in closed session) about the PIAs that are kept secret.
 
    Section 5092. Chief Privacy Officers for Agencies with Law 
Enforcement or Anti-Terrorism Functions.  I support this provision -- 
having specific persons with responsibility to watch for information 
privacy problems is essential to helping each agency think through the 
issues before they implement systems.  Once again, however, there is NO 
inter-agency coordination or White House leadership.  It is crazy in an 
"information sharing" environment to have no policy process to handle 
privacy issues that cross agency lines.  There needs to be a position in 
the Executive Office of the President (or at a minimum an inter-agency 
council with some specified and competent leadership) to handle the 
inter-agency issues.
 
    Peter
 
   
 
 

Prof. Peter P. Swire
Moritz College of Law of the
   Ohio State University
John Glenn Scholar in Public Policy Research
(240) 994-4142; www.peterswire.net

     
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)