The Fourth Amendment's protection against unreasonable searches and seizures is under extraordinary strain, with profound implications for privacy, innovation and the open Internet. Congressional measures and Executive Branch actions have weakened or discarded important checks and balances. Meanwhile, technological advancements have made it easier than ever for the government to collect, share and analyze personal information, eroding privacy protections we once took for granted.
Privacy and national security are not mutually exclusive. CDT believes that the vital needs of the government can be satisfied while still protecting the constitutional rights of innocent Americans. Indeed, reestablishing that balance will better serve both privacy and security. Toward that end, CDT has taken the lead in developing an agenda to strengthen privacy protections that have failed to keep pace with the march of technology.
CDT has long had an interest in the creation, management and authentication of identity. The federal government is pursuing a raft of ID programs: REAL ID, the biometric passport, the federal employee ID card, the RFID-based PASS Card for Western Hemisphere travel, and others. Many of these involve networked electronic databases and could have implications for privacy in a range of situations online and off.
Congress Should Take Steps to Revitalize the Fourth Amendment: As detailed last year in the CDT Report "Digital Search and Seizure: Updating Privacy Protections to Keep Pace with Technology," the privacy protections afforded by the courts under the Fourth Amendment and in relevant statutes such as the Electronic Communications Privacy Act (ECPA) have grown weaker with the advance of technology. Congress should hold hearings to begin the process of strengthening ECPA, examining the implications of networked storage of email and other fundamental changes.
"Digital Search and Seizure: Updating Privacy Protections to Keep Pace with Technology," (February 2006)
Congress Should Reestablish Effective Checks and Balances on Surveillance Activities: The Administration's recent announcement that it will seek court orders for national security wiretaps is heartening, but serious questions remain about the government's interpretation of the Foreign Intelligence Surveillance Act (FISA). Moreover, a number of other authorities, including National Security Letters, still give the government the power to compel disclosure of sensitive data without meaningful judicial approval. Congress must reassert its oversight role on issues arising at the intersection of national security, privacy and technology -- starting with the government's new interpretation of FISA. CDT supports the newly reintroduced Schiff bill, H.R. 11, which reaffirms the exclusivity of FISA. Until there is a full understanding of how the FISA is being currently interpreted, any other legislation to amend the Act is premature. CDT opposes legislation that would terminate existing lawsuits challenging the Administration's recent and current electronic surveillance activity. CDT will support legislation to strengthen the standards for "Section 215" orders and to impose meaningful checks and balances on the issuance of National Security Letters.
Congress Should Establish Strong Privacy Protections for Information Sharing for Counter-terrorism Purposes: Agencies need to make more efficient use of the information that they already collect, while at the same time providing stronger oversight and accountability. So far, the Executive Branch has failed to issue the strong privacy guidelines called for in the 2004 intelligence reform act. Congress should oversee information sharing and data mining, starting with enactment of the Feingold -Sununu bill, S. 236.
CDT Testimony, "Balancing Privacy and Security: The Privacy Implications of Government Data Mining Programs" (January 2007).
Congress Should Not Enact New Technology Mandates: The Executive Branch is expected to continue to push for design features that will make tracking, surveillance and data collection even easier. The Administration may resume its push for legislation extending the design mandates of CALEA to a broad range of Internet services. At a time of growing concern over identity theft, designing systems to collect and store even more information poses severe risks to online security. CDT believes Congress should reject new technology mandates particularly in instances where the government has not adequately demonstrated the need for such burdensome requirements.
Congress Should Not Impose Burdensome Data Retention Requirements: Even though communications service providers and online companies already cooperate extensively with law enforcement investigations, including by preserving user data when requested, there is likely to be a push to require companies to retain even more information on their subscribers for longer periods of time. Last year, Rep DeGette offered such a proposal and the Justice Department called for legislation. Congress should resist such efforts, which threaten to place unnecessary burdens on service providers or jeopardize the privacy of innocent users.
CDT Analysis of Data Retention Proposals (November 2006).
Congress Should Repeal REAL ID: Congress should repeal the REAL ID Act, using the bill introduced late last year by Senators Akaka and Sununu ("Identification Security Enhancement Act of 2006" [S. 4117]) as the starting point for a more considered approach to identity issues. Through hearings and debates on state driver's licenses and ID cards, Congress should examine ways to improve security and prevent identity theft without creating centralized systems of ID information that are vulnerable to attack and also threaten civil liberties.
CDT Comments on PASS Card (January 2007).