Mr. Leahy. Mr. President, concern over privacy is reaching an all time high. In 1978, 64 percent of Americans reported that they were 'very concerned' or 'somewhat concerned' about threats to their personal privacy. By 1998, this number had skyrocketed. According to the Center for Social and Legal Research, 88 percent of Americans reported being 'very' or 'somewhat concerned' about threats to their personal privacy. We in Congress must take this concern seriously, and in this regard I look forward to examining the privacy issues confronting us in hearings before the Senate Judiciary Committee.

Good privacy policies make good business policies. New technologies bring with them new opportunities, both for the businesses that develop and market them, and for consumers. It does not do anyone any good for consumers to hesitate to use any particular technology because they have concerns over privacy. That is why I believe that good privacy policies make good business policies.

Protecting privacy plays an important role in the exercise of First Amendment rights. Ensuring that we have adequate privacy laws has a more significant and important role in our democracy than just fostering hi-tech businesses, however. We also must defend our on-line free speech rights from heavy-handed content regulation. That was my purpose in voting against the unconstitutional Communications Decency Act that became law in 1996.

Stopping efforts to create government censors is critical to allow our First Amendment rights to flourish, but it is not enough. For people to feel comfortable in exercising their First Amendment rights -- by speaking, traveling and associating freely online or in physical space -- they must be able to keep their activities confidential and private. When Big Brother is watching, the exercise of First Amendment rights is chilled no less than the threat of a government censor.

It is therefore not surprising that our country has a long and honorable tradition of keeping our identities private when we exercise our First Amendment rights. The Federalist Papers, which is probably the most important political document ever written about our Constitution, was authored anonymously by James Madison, John Jay and Alexander Hamilton and published under a pseudonym.

Healthy advocacy and debate often rests on the ability of participants to keep their identities private and to act anonymously. Indeed, the Supreme Court has said, îAnonymity is a shield from the tyranny of the majority.'

Healthy commerce also depends on satisfying consumers' desire to keep their business affairs private and secure. A report I released last month on Vermont Internet commerce is very telling on this point. The strongest obstacle among consumers from shopping and doing business online was their fear of the online security risks. This is why promoting the use of encryption is so important, so that businesses and consumers can use this technology to provide the privacy and security they want and best suits their needs.

The legislation I introduce today would help ensure that Americans' Fourth Amendment rights to be secure in their persons, houses, papers and effects against unreasonable government searches and seizures are given ample protection in a networked computer environment. In addition, several provisions address the concern Americans have about the use and handling of their personally identifiable records and information by businesses, satellite carriers, libraries and book sellers.

Industry self-regulation efforts should be encouraged. In contrast to a citizen' s relationship with his or her government, consumers have a choice of whether they want to deal or interact with those in the private sector. In my view, this choice should be generally recognized in the law by allowing consumers and businesses in the marketplace to set the terms of their interaction. This is an area where the Congress should tread cautiously before regulating. Online businesses are engaging in serious efforts to make available to consumers information on privacy policies so that consumers are able to make more educated choices on whether they want to deal. I commend and applaud those efforts.

That being said, however, current laws do not apply privacy principles in an even-handed manner. Video rental stores and cable operators are subject to privacy laws to protect our right to keep our viewing habits private, but no protections exist for the books we borrow from the library or buy from a bookstore, or the shows we watch via satellite. This bill would provide more uniform privacy protection for both books and videos, no matter the medium of delivery.

Similarly, telephone companies and cable operators are subject to legal restrictions on how they may use personally identifiable information about their Internet subscribers, while other Internet and online service providers are not. The E-RIGHTS bill promotes a more level playing field in terms of the privacy protections available to Internet users, no matter whether they obtain their Internet access from AOL, their cable company or their local phone company.

This legislation addresses a broad range of emerging hi-tech privacy issues. For example:

These are all important issues, and I have worked to propose solutions to each of these and to other questions, as well, in the E-RIGHTS bill. This bill has the following four titles:

TITLE I: Privacy Protection for Communications and Electronic Information. This title has ten sections that propose certain Fourth Amendment protections to guide the government' s access to, or exercise of, law enforcement' s enhanced surveillance capabilities due to new technologies. In addition, this title also contains sections that limit how domain name registrars and Internet/Online service providers may use information collected on Internet users.

Network Stored Information.- The bill would require that law enforcement give a subscriber notice of a subpoena or warrant before seizing electronic information stored on a network service. This is the same notice that the subscriber would get if the information were stored on his or her own computer.

Cell Phone Location Information.- Before law enforcement may use a person' s cell phone as a tracking device, the bill would require a court order based on probable cause that the person is committing a crime.

A related provision that has already passed the House in February as part of the ''Wireless Communications and Public Safety Act of 1999,' H.R. 438, would require wireless phone providers to inform a cell phone user's family and emergency services of their location in emergency situations, while requiring the prior customer consent before that location information may be used for any other purpose.

Pen Registers.- The bill would authorize a judge to review information presented by a federal prosecutor to determine whether the pen register is likely to produce information relevant to an ongoing criminal investigation, since under current law the judge plays only a ministerial role and must approve any order upon presentation by a prosecutor. Current law compels judges to be only a rubber stamp.

Conference Calls.- The FBI has claimed that the Communications Assistance for Law Enforcement Act (CALEA) requires that they be given the capability to monitor conference calls which continue even after the target of a wiretap order has dropped out of the call. This provision would require that a court authorize such continued monitoring of conference calls in the absence of the target.

Roving Wiretaps.- A substantial change that provides easier access to roving wiretaps was inserted without debate or hearings into last year' s Intelligence Authorization Act. With this change, the FBI is able to get a roving wiretap whenever a person' s action could have the effect of thwarting interception. The bill would rectify this change to permit roving wiretaps only when the person actually changes phones in a way which has the effect of thwarting surveillance.

Domain Name Registrars.- Internet users or businesses who get an Internet address with a second level domain name must also provide information about contact names, physical and E-mail addresses, network location, and other information that is posted in a publicly available database called WHOIS. The bill would give users registering for a domain name/Internet address authority to prohibit disclosure of the information, and keep the information confidential. Of course, the registrar would be able to override the user' s choice of confidentiality and to disclose the information as necessary to provide service or in response to a subpoena or court order.

Internet users who want an 'unlisted' Internet address just as they have the choice of getting an 'unlisted' telephone number will be able to do so.

Internet and Online Service Providers.- The 1986 Electronic Communications Privacy Act (ECPA) set up procedures for law enforcement to obtain records about subscribers from 'electronic communication service providersî, but contained a blanket exemption allowing such providers to disclose a record or other information pertaining to a subscriber or customer to any non-governmental entity. Due to this exemption, ISPs and OSPs may sell their subscriber lists or track the online movements of their subscribers and sell that information -- all without the subscribers' knowledge or consent.

The bill would cut back on this blanket exemption. The bill would require electronic communication service providers to give their subscribers an opportunity to prohibit disclosure of their personal information, and enumerates the situations in which the information may be used or disclosed without the subscriber' s approval. These proposed rules are generally analogous to restrictions already in place for other providers of Internet services, including cable operators and phone companies, which are restricted in how they may use personally identifiable information about customers without the customers' approval.

No criminal penalties attach for violation. ECPA currently authorizes an aggrieved person to bring a civil action.

Title II: Promoting the Use of Encryption. This title contains three sections: (1) prohibiting domestic controls on encryption and government-compelled key escrow encryption; (2) requiring encryption products used by federal agencies to interoperate with commercial encryption products; and (3) adding a chapter to the federal criminal code detailing procedures to law enforcement and foreign government access to decryption assistance.

Specifically, the bill would require the release of decryption keys or assistance to law enforcement in response to a court order based upon a finding that the key or assistance is necessary to decrypt lawfully intercepted encrypted messages or data.

Title III: Privacy Protection for Library Loan and Book Sales Records. This title would extend the privacy protection in current law for video rental and sale records to library loan and book sale records.

Library.- The library provisions are a reprise of sections that were dropped from the Video Privacy Protection Act enacted in 1988. This provision would prohibit libraries from disclosing personally identifiable information about patrons without the written consent of the patron or in response to a court order to release the information to a law enforcement agency, with prior notice to the patron, if there is probable cause to believe a crime is being committed and the information sought is material to the investigation.

Booksellers.- The public outcry over Independent Counsel Kenneth Starr' s subpoena in March 1988 to Kramerbooks & Afterwords for any books purchased by Monica Lewinsky, and the potential threat such government fishing expeditions pose to First Amendment rights, prompted examination of the privacy rules protecting the records maintained by bookstores. There are no rules barring book sellers from disclosing records about their customers.

This section would impose the same nondisclosure rules on booksellers -- whether online or in physical spaces -- that apply to video rental stores. Generally, book sellers would be barred from disclosing personally identifiable information concerning a book purchaser without that purchasers' written consent given at the time the disclosure is sought.

In the 1984 Cable Act, Congress established a nationwide standard for the privacy protection of cable subscribers. Since the Cable Act was adopted, an entirely new form of access to television has emerged -- home satellite viewing -- which is especially popular in rural areas not served by cable. Yet there is no statutory privacy protection for information collected by home satellite viewing services about their customers or subscribers This title fills this gap by amending the privacy provisions of the Cable Act to cover home satellite viewing.

The amendments do not change the rules governing access to cable subscriber information. Instead, they merely add the words "satellite home viewing service" and "satellite carrier or distributor" where appropriate.

The amendment does not address another inconsistency in the law, which bears mentioning: should a cable company that provides Internet services to its customers be subject to the privacy safeguards in the Cable Act or in the Electronic Communications Privacy (ECPA), which normally applies to Internet service providers and contains obligations regarding the disclosure of personally identifiable information to both governmental and nongovernmental entities different from those in the Cable Act? One court has described this as a "statutory riddle raised by the entrance of cable operators into the Internet services market."

New technologies and new uses for old technologies pose challenging 'riddles' for privacy, but they are solvable in ways that balance competing commerce, civil rights, and law enforcement interests. The E-RIGHTS bill proposes balanced solutions that protect our privacy rights. I invite others to share their ideas on these matters. There are few matters more important than privacy in maintaining our core democratic values, so I look forward to hearing their comments on ways to improve this legislation.

I ask unanimous consent that my full statement, the E-RIGHTS bill and the sectional analysis be printed in the RECORD.

Free Speech | Data Privacy | Government Surveillance | Cryptography | Domain Names | International | Bandwidth | Security | Internet Standards, Technology and Policy Project | Terrorism | Authentication | Right to Know | Spam

Our Mission / Get Involved / Staff / Publications / Links / Search CDT / Jobs / Action! Previous Headlines | Legislative Tracking | CDT's Privacy Policy