Feeds

Senator calls for Patriot Act scale-back

Terms of surveillance

  • alert
  • submit to reddit

Protecting against web application threats using SSL

A proposal in the US Senate would scale back a federal surveillance law that permits law enforcement agencies to electronically monitor a computer trespasser without a warrant with the consent of the victim.

Under a provision of the 2001 USA Patriot Act intended to give system owners the ability to work with officials to combat intruders, the FBI and other agencies can surveil the communications of an electronic trespasser to, from or through a computer, provided the "owner or operator of the protected computer authorizes the interception."

But in addition to intruders, the provision - called Section 217 - leaves legitimate users of public computers at libraries, Internet cafes, business lounges and hotels vulnerable to warrantless surveillance, based only on a suspicion that the user is engaged in some kind of unauthorized activity, argues senator Russ Feingold (D-Wisconsin), who introduced the Computer Trespass Clarification Act earlier this month.

"The computer owner authorizes the surveillance, and the FBI carries it out," said Feingold, in introducing the bill. "There is no warrant, no court proceeding, no opportunity even for the subject of the surveillance to challenge the assertion of the computer owner that some unauthorized use of the computer has occurred."

Section 217 protects users who have a contract with the computer's owner granting them access; Feingold's bill would expand that protection to users who have any authorized access to the computer, even without a contract.

The proposal would also narrow the range of cases qualifying for warrantless law enforcement surveillance to those in which the computer's owner or operator "is attempting to respond to communications activity that threatens the integrity or operation of such computer and requests assistance to protect rights and property of the owner or operator."

Additionally, it would permit officials to conduct the surveillance for only 96 hours before they'd have to go to court and get a warrant, and it would require the Justice Department to report annually to Congress on its use of the provision.

"I strongly supported the goal of giving computer system owners the ability to call in law enforcement to help defend themselves against hacking," said Feingold. "Unfortunately, the drafters of the provision made it much broader than necessary."

Enacted in response to the September 11, 2001 terrorist attacks, the 132-page USA Patriot Act passed in the Senate 98 to 1, with Feingold casting the only dissenting vote. It passed in the House 356 to 66.

Section 217 is among the provisions set to expire, or "sunset," in December, 2005, unless it's renewed by Congress.

In a July report arguing the importance of USA Patriot, attorney general John Ashcroft wrote that Section 217 merely "places cyber-intruders on the same footing as physical intruders."

"Hacking victims can seek law-enforcement assistance to combat hackers just as burglary victims can invite police officers into their homes to catch burglars," wrote Ashcroft.

Copyright © 2004, SecurityFocus logo

Related stories

Footing the Big Brother webtap bill
Senators propose Patriot Act limitations
FBI bypasses First Amendment to nail a hacker

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.