News
Digital technology makes gov't surveillance easier
Posted on February 22, 2006

As U.S. government agencies conduct domestic surveillance and attempt to gain access to Internet search records, privacy laws do not adequately deal with technologies that allow the government access to all kinds of digital records, said CDT, a privacy and civil liberties advocacy group based in Washington, D.C.

The National Security Agency's domestic spying program, the Justice Department's efforts to obtain millions of Internet search records, the government's use of cell phones to track suspects, and other developments highlight the law's failure to keep pace with technological advances, according to "Digital Search & Seizure: Updating Privacy Protections to Keep Pace with Technology," a report released today by the Center for Democracy & Technology (CDT). The report suggests that technology is making government surveillance easier, not harder, and that stronger protections are needed if innocent Americans are to retain their privacy rights.

Every day, Americans use the Internet and wireless services to create, access, transfer and store vast amounts of private data. More and more personal information is transmitted and stored electronically. Services like online storage of email and location capabilities built into cell phones offer tremendous convenience but also generate large amounts of data revealing thoughts, associations and whereabouts.

The report argues that, under current privacy rules, this personal information receives inadequate protection against government intrusion. Personal information held by service providers is accessible to the government under weak standards based on outdated Supreme Court decisions and statutes written before the World Wide Web even existed.

"The government complains that new technology makes its job more difficult, but the fact is that digital technology has vastly augmented the government's powers, even without legal changes like those in the PATRIOT Act. The capacity of Internet technology to collect and store data increases every day, as does the volume of personal information we willingly surrender as we take advantage of new services. Meanwhile, the laws that are supposed to prevent the government from unfairly accessing personal information haven't changed in two decades," said CDT Policy Director Jim Dempsey, the principal author of the report.

A gap between surveillance technologies and privacy laws to protect U.S. residents is "growing every day," Dempsey said. Most Internet-based companies do a good job of living up to their privacy policies, except when government investigators ask for records. "The strongest privacy policy in the world disappears in the face of a government subpoena," Dempsey said.

The report focuses on three technologies:

-- Online massive digital storage services: Personal information that people used to keep in paper files or on computer hard-drives is increasingly stored online, beyond the physical confines of the home or office.

-- Location technologies as GPS (global positioning systems): Cell phones, car navigation services and other communications devices can provide increasingly precise location information.

-- Keystroke logging software: Programs known as "keystroke loggers" record all information typed into a computer and can be installed surreptitiously, even remotely.

The report details how two popular and increasingly ubiquitous technologies -- Web-based email and location awareness -- inadvertently give the government unprecedented access to Americans' personal data.

Web-based email is a convenient, inexpensive way to stay in touch with friends and colleagues and to access one's mail, photos and documents from anywhere in the world. Several webmail services now offer their users gigabytes of storage, touting the fact that users never need delete anything.

As "Digital Search and Seizure" illustrates, all of this information sits on the computers of service providers. The legal distinction between Web-based and traditional email accounts is essentially meaningless for most Internet users, but under the Electronic Communications Privacy Act (ECPA) -- drafted in 1986, before webmail existed -- messages and documents stored with webmail providers are entitled to weaker protections than those stored on users' computers. While the government needs a judicial warrant to search a person's computer, it may be able to access that person's webmail account with only a subpoena, issued without judicial review; without any specific suspicion of wrongdoing on the part of the user; and often without notice to the person whose data is being disclosed.

"Digital Search and Seizure" also outlines how mobile phones serve as tracking beacons. "While a cell phone is turned on, whether or not it is making a call, it is regularly seeking out the nearest antenna and sending to it its identification numbers," the report points out. Unfortunately the legal standards regulating the government's ability to use that constant stream of new data haven't kept pace with the technological reality. Since no existing law lays out explicit standards for government location tracking, the government's use of location technology is governed by a patchwork of laws and court precedents, the report finds.

Finally, the report discusses the emergence of "government spyware" -- keystroke-logging technology that can record everything a subject does on his or her computer. Here too the technology has far out paced the legal protections, giving the government a uniquely intrusive surveillance tool, with inadequate legal controls.

Full text of the report is available on the CDT Web site at www.cdt.org
SOURCE: Center For Democracy and Technology (CDT)