CABLE SEEKS CHANGES BEFORE HOUSE PANEL MOVES WIRETAP BILL

Sensenbrenner-Conyers proposal attempts to create parity in subscriber information disclosure requirements of cable, phone and ISPs under certain circumstances. Phone companies and ISPs currently are required to comply with court orders to disclose subscriber information to law enforcement, while cable providers are not. According to summary of bill, measure would extend this requirement to cable companies that are also providers of phone or Internet access services, thereby eliminating disclosure requirement disparities between the Cable Act and the Electronic Communications Privacy Act. However, bill would preserve existing prohibition against releasing records pertaining to subscriber viewing habits.

Despite clarifying measure, source said industry remains concerned that bill lacks language to specifically limit company liability. NCTA recently said cable companies are willing to cooperate with law enforcement requests for customer information that may assist criminal investigations. Since companies are subject to punitive and other damages for Cable Act violations, NCTA said liability protection was warranted. Source said industry wants to be good corporate citizen, but doesn’t want to leave itself open to lawsuits. He said he hopes negotiations with Judiciary Committee lead to insertion of such limited-liability language in bill.

Liability issues aside, industry is intentionally taking low profile on various counterterrorism proposals that the DoJ as well as Judiciary and Intelligence Committee members in both houses have floated in recent weeks. One industry source said that there’s nothing in these measures that service providers can’t carry out. In addition, battle over civil liberties issues isn’t industry’s fight, he said.

Sensenbrenner-Conyers includes some, but not all, of electronic surveillance provisions that Attorney Gen. John Ashcroft has been pushing for since Sept. 11 terrorist attacks. For example, it would enable federal courts to grant nationwide pen register and “trap & trace” wiretap orders, measure that supporters say is necessary to contend with borderless nature of Internet. Wiretap orders currently can be granted by judges only within their respective jurisdictions. Critics of this restriction have argued that this impedes ability of law enforcement agencies to swiftly investigate cybercrime, particularly when suspects simultaneously use computers in several states to commit Internet fraud or carry out cyberattacks. Bill also includes language clarifying that such wiretap orders can be applied to new modes of communications including Internet.

Bill partially reflects DoJ’s request to amend Foreign Intelligence Surveillance Act (FISA), which governs wiretaps and investigations of foreign agents. Multipoint, or “roving,” wiretaps, which are allowed under Title III for criminal investigations, would be extended to FISA surveillance orders. Sensenbrenner-Conyers also would extend to criminal investigations the lower standard of proof needed for FISA wiretaps, a measure that has drawn particular scrutiny from privacy and civil liberties groups.

FISA wiretaps, which aren’t subject to same judicial oversight as Title III wiretaps, can be carried out if foreign intelligence gathering is the “sole or primary purpose.” Bill would allow for use of FISA surveillance authority if intelligence surveillance remained a “significant” purpose. ACLU said that this provision would enable govt. “to circumvent the standard that must be met for criminal wiretaps.”

What continues to be absent from congressional debate over FISA (CD Sept 24 p1) is that law already allows attorney general to “authorize electronic surveillance without a court order… to acquire foreign intelligence information for periods up to one year.” Although attorney general can authorize such wiretaps only when there’s “no substantial likelihood that the surveillance will acquire the contents of any communications” of U.S. citizen or resident alien,” exceptions can be made under the law. Authorities may “use or disclose” such communications if they indicate “the threat of death or serious bodily harm to any person.” This information can’t be “disclosed, disseminated, or used for any purpose for longer than 24 hours” unless a court order is obtained or “unless the Attorney Gen. determines” existence of above mentioned threats.

Despite its inclusion of many of DoJ’s recommendations, Sensenbrenner-Conyers doesn’t propose that intelligence and law enforcement agencies be allowed to share wiretap and other information to extent proposed by DoJ. Bill also “sunsets” all of its provisions on Dec. 31, 2003, measure to which Ashcroft has vigorously opposed during recent hearings.

Sensenbrenner-Conyers preserves core of DoJ’s intentions, said Viet Dinh, Asst. Attorney Gen. (AG) for Legal Policy, at Congressional Internet Caucus forum on electronic surveillance and anti-terrorism. But DoJ does have some concerns with compromised legislation, he said. DoJ doesn’t like 2-year sunset clause, he said, and has some problems with definition of terrorist used in the legislation.

Lack of specifics in legislation caused concerns for some panelists. Several questions about what information Internet pen register and trap-and-trace warrants would capture. Rep. Boucher (D-Va.) said that more stringent Title III warrant should be required to obtain subject lines and URLs. But Bruce Heiman, acting exec. dir.-Americans for Computer Privacy, questioned why legislation doesn’t specifically exclude those terms and instead opts for general language that says pen register and trap-and- trace warrant can’t capture content. “If you're not as specific as possible, it sets you up for a future lawsuit,” Heiman said. Chris Painer, of DoJ’s Computer Crime & Intellectual Property Section, said Justice didn’t want specifically defined terms to cause problems as technology changes. He said DoJ and FBI investigators don’t capture that content information, but added that some investigations could warrant capture of URLs and the Title III standards are “incredibly high.” Also, Dinh said there is no case law on which to base interpretation of URLs as content.

James Dempsey of Center for Democracy & Technology (CDT) also raised concerns about provisions against computer trespass. He said privacy and civil liberty advocates initially glossed over the provisions, but closer examinations have raised some questions, specifically around the term “authorized access.” Dempsey said, as an example, the legislation could allow for prosecution of people who illegally download copyrighted songs. However, Painer said legislation targets “unauthorized intruders” not uses that go “beyond authorized access,” which he said would include downloading copyrighted material and other like provisions. Painer said computer intruder law was needed so federal investigators could be invited in by ISPs while they were undergoing a hacking attack. He said that during investigation of previous denial-of-service attacks, federal investigators couldn’t fully help ISPs because they weren’t allowed to monitor network, despite invitations of ISPs. Such monitoring of ISPs’ networks is cause for concern, said Dempsey, who added that weak definitions in bill could allow investigators many avenues under which they could generally monitor ISP communications.

Three provisions of various antiterrorism proposals circulating in Congress are of “serious and substantial concern” to anyone worried about civil liberties online, CDT Exec. Dir. Jerry Berman said at Tues. press telebriefing. Berman, who is scheduled to testify today (Wed.) before House Judiciary Committee’s Constitution Subcommittee, said his group is particularly wary of proposed changes to FISA standards. Those and other modifications may blur line between criminal and intelligence investigations, Berman said, causing “slide in secret” to fewer privacy rights for Americans.

First, Berman said, changes proposed by DoJ to FISA’s “primary purpose” standard could lead to lowering of probable cause test in criminal investigations. Moreover, he said, while law enforcement agencies should be allowed to update trap and trace and other surveillance technologies to Internet Age, language in draft bill would allow them to pick up URLs and e-mail subject lines: “We are anxious to see that carved back.”

Second concern involves proposal to extend roving wiretap authority to FISA, he said. Although CDT isn’t opposed to this capability, antiterrorism measure in its current version separates wiretap from device it’s covering, allowing law enforcement to tap not only particular computer but any other computers tapped one contacts.

Third troublesome provision is one that would allow ISPs to waive their customers’s privacy rights and permit govt. monitoring when customer violates terms of service, Berman said. In its current form, he said, legislation would allow law enforcement agencies -- with ISP consent and merely reasonable cause to believe a customer is involved in illegal activities -- to access all communications by, through and from someone’s computer without court order.

Berman voiced frustration with fast-tracked legislative process. After meeting with Justice Tues., he said it was hard to figure out what proposal was being discussed. It’s such short- circuited process that usual discussions among stakeholders aren’t happening, he said: “The dangers of getting it wrong are significantly high” when no one knows what bill they're commenting on.

House Judiciary Committee has scheduled mark-up of HR-2975 on Wed. at 2 p.m., Rayburn Bldg., Rm. 2141.