My Thoughts on the USA PATRIOT Act

I recently went to the latest meeting of San Diego Regional Info Watch at UCSD. My old boss is the one that got me interested in it (he's been going for years). It's a bunch of local computer guys (university, government and private companies) that get together once a month and talk about security-related issues. It's good to hear from other IT folks, and it's good to network and meet new people that are in my field. It's a couple hours in a room full of geeks, bascially. (I can guarantee that every attendee saw Lord of the Rings, for example.)

The meeting was very informative. They occasionally (~10/year?) have speakers, and the reason I went Monday was because their speaker was Special Agent Bruce Barron of the FBI. SA Barron gave us an overview of the USA PATRIOT Act. (The reason that both "USA" and "PATRIOT" are capitalized is because both are acronyms. I didn't know this, but USA stands for "Uniting and Strengthening America" and PATRIOT is "Providing Appropriate Tools Required to Intercept and Obstruct Terrorism". One was from the House the other from the Senate, and they combine into a nationalist whole quite nicely. Maybe someone thought a jingoistic name might help them ram its Big Brother-esque notions past the civil libertarians. After all, how can anyone not be a patriot in these times of heightened security?) SA Barron approached the Act from a purely law-enforcement point of view. He was essentially trying to let us know how the Act helps them deter "cyber-crime". If I was an admin for a large company or government agency, I would have found it particulary interesting. I've known more than a couple people who've helped the FBI prosecute online ne'er do-wells, and I've even participated in one such investigation (albeit peripherally). So he explained how the Act gives law enforcement better tools to prosecute online crime, because the USAPA really does make easy to nab the bad guys and any sysadmin ought to welcome it. The Act removes jurisdictional barriers, lumps some crimes into one federal bin from which to prosecute, allows for more consistent sentencing, broadens the scope of wiretaps to include online surveilance, etc. Which is all fine, except that it also does little to actually combat terrorism while doing a lot to reduce the online freedoms of Americans.

I went to the meeting as a Libertarian. I read through quite a bit of the USAPA (it's looooooooong and there's lots that didn't pique my interest), and I read through the EFF's analysis of the Act. I was prepared to ask pointed questions, from a personal point of view. I figured it was a good time to ask The Man what he thinks of liberty and freedom and how many terrorists he thinks would have caught (or "lives they would have saved" if you're feeling particularly uhmurcan) had the USAPA been enacted last year. But I couldn't bring myself to be poop in the punchbowl. Why? Well, the forum wasn't approriate. It would be like a PETA member sneaking into the American Butchers Association's annual meeting and then trying to make a statement. Convince a roomfull of butchers that meat is murder and see how far you get. There's no choir to preach to there. You'd only end up pissing people off and you'd make no headway whatsoever. They'd only hate PETA more than they already do. I've never been big on protest for protest's sake. The guys there at the meeting Monday were anxious to hear how they can now call the FBI to get that Canadian script kiddie extradited, not why it's sad that an innocent Altavista search can be monitored by the government just by convincing one person that it might be relevant to any sort of investigation, terrorist or not. SA Barron was there to help those guys, not enter into social debate. I felt that it would be detrimental to everyone else if I derailed the meeting (even inadvertantly). And besides, these are guys I want to get to know better. Maybe a few of them had similar concerns (I did hear some grumbling afterwards that I agreed with), but they weren't willing to get in the way of everyone's education either.

I did ask a few questions, though nothing particulary inciteful (as opposed to "insightful"... get it?). The USAPA allows the FBI to prosecute attackers/misusers of computer systems at the request of, say, an ISP if the malicious user doesn't have a contractual obligation with that ISP. Meaning if someone you don't know or isn't your customer breaks into a server or DoS's other customers you can call the FBI and have them pinched lickety-split. Which sounds nice. But what if I attack another customer of my cable modem provider? If I cause them to have to call tech support and rack up enough "damages" (USAPA says $5000 is enough to bring down the heat) can I be prosecuted? After all, it's my cable company losing money, and I do have a contract with them, right? Another thing along those lines that alarmed me was the immediacy of the USAPA. SA Barron can call a judge and get a newfangled wiretap on my ISP in a New York minute. Like fast. And before you can can say Electronic Privacy Information Center the g-men have a box installed at my cable company which saves and analyzes everything I do online. So what if someone claims that I'm attacking them and I'm not? What if the claimant in the previous question says I'm harming them? Do I get sniffed? What happens to the information that gets saved through the course of a spurious investigation? I didn't see a lot of oversight. The USAPA basically says that if you're doing something online, someone can find out what that is without any real reason. Which, again, sounds nice. But how does it stop or combat terrorism?

Well, I could drone on and on about this forever and it still wouldn't change anything. I mostly wanted to write down my thoughts and impressions before I forgot them. Speaking which, I almost forgot the funniest thing that came out of the talk: it turns out that your TV viewing habits are not subject to the same rules as your online habits. I guess a while back someone Congressional types had their cable and movie rental records subpoenaed as part of an investigation. Apparently, that didn't sit very well since those viewing habits were fairly embarrasing. So it was decided -- in a very real and legally binding sense -- that TV viewing and movie renting are private, and therefore protected, behaviors. So the FBI can, with very little probably cause, at the slightest whim and on after asking only one judge, collect everything you do and say online. But to get your pay-per-view records, they have to do a full-on Title III search which involves multiple panels judges, paperwork, accountability, etc. Terrorists must not rent movies or watch cable TV. Well, I thought it was funny that viewing was specifically excluded from the USAPA. Maybe a Senator will go surf a porn site or something we'll get our privacy and liberties back. Could happen.

Comments for: My Thoughts on the USA PATRIOT Act

Back to entry My Thoughts on the USA PATRIOT Act | Back to Front Page

Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?