Sunday, March 25, 2007

Checks and Balances on the web

Senators won't take away FBI surveillance power

Top Democrats and Republicans say they prefer oversight, rather than repealing part of Patriot Act used by FBI for illegal monitoring.
By Declan McCullagh
Staff Writer, CNET News.com
Published: March 21, 2007, 3:47 PM PDT

The FBI's illegal use of secret methods to obtain confidential information, including telephone and e-mail records, on American citizens, drew criticism from a U.S. Senate panel on Wednesday.

But the committee's senior members stopped short of calling for a repeal of the portion of the Patriot Act, which Congress hastily approved after September 11, 2001, that awarded the FBI broad and nearly unchecked powers to use the so-called national security letters, which are written requests for confidential information that do not require a judge's signature and cannot legally be disclosed by the recipient.

"I have long been troubled by the scope of national security letters and the lack of accountability for their use," said Sen. Patrick Leahy, a Vermont Democrat and the chairman of the Judiciary committee. Leahy's hearing follows a similar one a day earlier in the House of Representatives.

While Leahy called the FBI's missteps "egregious errors and violations," and noted that FBI Director Robert Mueller and Attorney General Alberto Gonzales are expected to testify in the next few weeks, he did not propose any mandatory judicial oversight.

National security letters came under Washington's klieg lights earlier this month after the Justice Department's inspector general reported "serious misuse" of the investigatory tool. The 2001 Patriot Act expanded the FBI's ability to use those letters to obtain confidential records from banks, credit card companies, credit bureaus, telephone companies and Internet service providers.

In the current political climate, with a constitutional showdown possible over federal prosecutors being fired in what some say was an attempt to thwart prosecutions, revisiting the Patriot Act is conceivable. The U.S. Senate voted 94-2 on Tuesday to rewrite the section of the law dealing with prosecutors' tenure, amended during negotiations over renewing the Patriot Act.

During Wednesday's hearing, Senate Republicans chided the Bush administration too, though much less harshly. "It is a little hard to understand why the FBI is only now moving for internal audits on these national security letters," said Sen. Arlen Specter of Pennsylvania.

Sen. Orrin Hatch, a Utah Republican, was less willing to offer even mild admonishments. He asked Justice Department Inspector General Glenn Fine, who was testifying: "Do you expect them to be perfect, the FBI agents?"

Fine's report found a pattern of misconduct throughout the FBI, including agents concealing their use of national security letters from Congress, a dramatic increase in U.S. citizens and residents being targeted, and misuse of the letters to obtain information that only a judge may approve for release.

The report did say, however, that there was no evidence that the FBI agents' unlawful activities "constituted criminal misconduct." Unlike conducting an unlawful wiretap, which is a federal felony, unlawful use of national security letters carries no criminal penalties.

The closest any senator came to calling for rewriting the Patriot Act was a remark by Russ Feingold, a Wisconsin Democrat. He said it was a "grave mistake" to give such powers to the FBI and said it was not surprising they had been misused.

Feingold was the only senator to vote against the Patriot Act in October 2001.

"Congress needs to exercise extensive and searching oversight of those powers, and it must take corrective action," Feingold said. "The government cannot be trusted to exercise those powers lawfully. Congress must address these problems and fix the mistakes it made in passing and reauthorizing the flawed Patriot Act."

Also on Wednesday, the Electronic Privacy Information Center sent a letter (click for PDF of the EPIC letter) to the Senate asking that the section of the 2001 Patriot Act that expanded use of national security letters be repealed.

The FBI has been caught conducting illegal wiretaps as well. CNET News.com reported earlier this month that the FBI submitted false documents to a court when seeking authorization to perform wiretaps.

This article is a good example of how the internet is used to expand and widen the scope of the Patriot Act in unforeseeable and detrimental ways. The Patriot Act, grossly misused as is, can be extended to many different niches of the internet in which American civilians, unknowingly, are being surveilled. No one was willing to come right out and say that the Patriot Act itself should be reconsidered, but rather the FBI need be more conscientious. I think that it is more important that the Act itself be renegotiated with these considerations in mind.

Sunday, March 11, 2007

Security Fumble

Census Bureau Admits Privacy Breach

Wednesday March 7, 2007 10:31 PM

By STEPHEN OHLEMACHER

Associated Press Writer

WASHINGTON (AP) - The Census Bureau inadvertently posted personal information from 302 households on a public Internet site multiple times over a five-month period, the bureau said Wednesday.

The information included names, addresses, phone numbers, birth dates and family income ranges, said Ruth Cymber, the agency's director of communications. No Social Security numbers were posted, and there is no evidence that the data was misused, Cymber said.

But, she added, posting the information violated bureau policies and federal law.

The bureau is in the process of contacting the households, located in nine states and the District of Columbia, to offer free credit-monitoring services.

``A breach of this kind is unacceptable,'' Census Director Charles Louis Kincannon said in a statement. ``We are strengthening our internal procedures to further safeguard our data to prevent a recurrence.''

The information was on and off the public Web site from October to Feb. 15 as Census employees working from home tested new software, Cymber said. The workers were supposed to use fictitious information to test the site, but they inadvertently mingled data from the bureau's Current Population Survey, a monthly survey best known for generating the nation's employment statistics.

Cymber said the real and fictitious data were indistinguishable. The information could have been accessed through a search engine on the Census Bureau's Web site used to disseminate large data files. She said she didn't know whether the data actually was accessed by anyone.

Cymber declined to say how many employees were involved, though a release from the bureau said ``appropriate administrative action'' has been taken, pending the outcome of an ongoing investigation.

The bureau also referred the matter to the Commerce Department's inspector general. The Census Bureau is part of the Commerce Department.

The affected households were located in Alabama, Alaska, Arkansas, Arizona, California, Colorado, Delaware, Florida, Connecticut and Washington, D.C.

The incident comes six months after the Census Bureau acknowledged losing 672 laptop computers since 2001, including 246 that contained personal data. Most of the computers were used by workers gathering survey information in communities.

It's a little unnerving that a government bureau allowed this type of information on the web for over 5 months without noticing. The web allows for quick and easily accessible to information which is one of its best qualities. But situations like this expose how dangerous that accessibility can become. Although there have been no known repercussions, it may take awhile to sort through the mess and see if any harm was actually done.