Idaho Librarian

Top

Top of Page

IDAHO LIBRARIES AND THE PATRIOT ACT

Leonard Hitchcock
Idaho State University Library 

The archly-named USA Patriot Act (1) was flushed through the federal legislative pipeline in a record 72 hours and signed into law by President Bush on October 26^th of last year.  It represented the Congress’s rather hastily assembled thoughts on how to combat terrorism in the wake of the September Eleventh attack.  In its ten Titles, the Act ranges over extensive legal territory, modifying no less than fifteen existing statutes.  It concerns itself with matters as disparate as money laundering, immigration, crime victims’ compensation, discrimination against Sikhs, and, not unexpectedly, the myriad ways in which the FBI and CIA can be strengthened in their ability to detect and thwart terrorist activities

Impact of the Act upon Libraries

The ALA’s Office of Intellectual Freedom is alarmed about Patriot Act threats to the privacy of library users.  Admittedly, the OIF is usually (if not perpetually), alarmed about something, but its current state of apprehension seems warranted.  The Patriot Act does, indeed, provide powerful new weapons to those who wish to spy on the activities of library patrons.   And, however quickly and clumsily the Act was cobbled together; however flawed it may be, and however unlikely to withstand future legal scrutiny, it is supported by an administration that has declared a state of war and clearly intends to fight that war on the home front with all the usual weapons, including increased surveillance of the citizenry.

Needless to say, it is not the intention of the ALA to impede legitimate efforts to prevent terrorist activities.  It is its intention, however, to continue to protect the First and Fourth Amendment rights of library users and to seek to insure that those users are not intimidated or constrained in their pursuit of information. The ALA recognizes that, in periods of national crisis, power flows to those who promise protection, and often the price of that protection is the sacrifice of freedom. (2)

Library patrons have, of course, always been subject to surveillance to some degree.  Grand juries and law enforcement authorities have always had the ability to obtain court orders that permitted them to look at library records.  What the Patriot Act does is punch a new, and larger, hole in the wall separating library patrons’ activities from the scrutiny of courts and federal agencies.

The Patriot Act (USAPA) is a large and complex piece of legislation.  Of relevance to libraries are 1) those sections which pave new avenues of legal access to libraries’ traditional patron records, and 2) those which expand the ability of authorities to gain access to patrons’ electronic transactions. 

Library Patron Records

Section 215 of USAPA (H.R. 3162 or P.L. 107-56) is a particularly noteworthy weapon in the hands of the government.  This section modifies Title 50, Chapter 36, Subchapter IV, of the U.S. Code, a section devoted to “Foreign Intelligence Surveillance.”  The full text of this section is available in a red-line version that reveals what the previous text was and what the Patriot Act added to it.

What the modifications mean, roughly, is this: the FBI is now able, with greater ease than ever before, to obtain a court order that empowers it to obtain any and all kinds of business records, including those of bookstores, and, presumably, libraries.  Libraries are not specifically mentioned in the text added to Title 50, but during the formulation of the legislation Sen. Feingold of Wisconsin sought to amend it by specifying that the law would not preempt existing federal and state privacy laws concerning library records, and his amendment failed. (3)  (Sen. Feingold was the only member of the Senate who voted against the bill). 

“So what?” you may ask.  Why should we be concerned simply because the feds have a new way to snoop in our records; after all, isn’t one subpoena pretty much like another?  In response, consider the following facts:

First, the court to which the FBI may apply for an order to examine records is not an ordinary court; it is a FISA (Foreign Intelligence Surveillance Act) court, that meets secretly and, over the past twenty years, has denied only one request for a warrant to conduct surveillance. (4) 

Second, whereas a regular criminal court must be presented with evidence that there is “probable cause” of wrongdoing that justifies the search, and there are clear limitations on the scope of the search in accordance with the need to prevent “fishing expeditions" on the part of law enforcement, with FISA the rules are substantially less stringent.  “Relevance” to an investigation of terrorist threat is all that is required to substantiate the FBI’ s request for permission to snoop and the person whose records are subpoenaed need not even be the party accused of wrongdoing. 

Third, subpoenas issued by grand juries or in connection with criminal investigations can be challenged by the party served.  A court hearing may be requested and the subpoena resisted by calling into question its scope or justification and either moving to quash it, or attempting to obtain a protective order against it.  This process is not available to those served by a FISA order. 

Fourth, while occasionally a subpoena from other courts may require that the person whose records are subpoenaed not be informed of that fact, in the case of FISA subpoenas, a gag order on those served with the subpoena is automatic.  Not only is it illegal to inform the subject of the investigation of the investigation’s existence, it is also illegal to inform anyone else.

Nat Hentoff, in a column in the Village Voice, reports a conversation he had with a lawyer who said, “’What makes this so chilling is that there is no input into the process’.”  Hentoff continues, “First there is the secrecy in which the subpoenas are obtained, with only the FBI present in court.  Then there is the gag order commanding the persons receiving the subpoenas to remain silent….how does one track what’s going on?  How many bookstores and libraries will have their records seized?”(5). The public will probably never know.

It is not only Section 215 of the USAPA that threatens the privacy of library records.  Academic libraries must also reckon with Section 507, amending a different part of the U.S. Code, that authorizes the government, after application to a court, to “collect education records in the possession of the educational agency or institution that are relevant to an authorized investigation…”  The full text of this modification to Title 20 (Education), Chapter 31, Subchapter III, part 4 (Records; Privacy…) is available in a redline version.   This provision of the USAPA constitutes a substantial revision of the privacy provision of FERPA, the Family Educational Rights and Privacy Act, insofar as it suspends the requirement that students must consent to the release of their educational records.  On the assumption that library records fall into the category of “education records”, this section of the USAPA provides authorities with another crowbar to pry loose patron’s private, personal information from the libraries they use.

Electronic Surveillance

Many library records are associated with traditional functions, such as circulation and interlibrary loan, and have a business-like character since they result from an overt transaction between the patron and the library.  Librarians (at least we older ones) immediately think of these kinds of records when we are told that an FBI agent may show up at our circulation counter some day and show us a badge and a search warrant.  We should, of course, also think of the hundreds of transactions taking place every day that are largely hidden from us, viz. those resulting from the use of our libraries’ computers.  You will not be surprised to learn that the Patriot Act pays a good deal of attention to those transactions as well.

The USAPA contains a great many modifications to the Electronic Communications Privacy Act (Title 18, Part I, Chaps. 119, 121; Part II, Chap. 206), the Communications Act (Title 47, Chap. 5), and the Foreign Intelligence Surveillance Act (Title 50, Chap. 36) that have to do with electronic surveillance.  Taken together, these alterations have the effect of broadening and deepening the power of the federal government to intercept, monitor and subpoena electronic communications, including those which utilize the Internet. 

Among the surveillance mechanisms expanded by various sections of USAPA are “roving wiretaps”, which now may be placed not only on telephones but computer communications systems.  According to provisions of USAPA,  “a wiretap order targeted to a person is no longer confined to a particular computer or telephone.  Instead, it may ‘rove’ wherever the target goes, which may include library computers.” (6). 

Additionally,  “pen/trap” orders, which formerly permitted the use of a device that records telephone numbers transmitted from, or into, a particular line, are now, by virtue of USAPA, applicable to Internet traffic.  Though the law continues to stipulate that “content” is not to be intercepted, many believe that “content” is not well defined and that email headers, url’s visited, and key words used in searches, may well be legally open to inspection by authorities.

It is important for libraries to be aware that electronic surveillance of a patron’s computer activities may take place without the libraries’ knowledge.  The authorities are empowered to go directly to Internet Service Providers to install surveillance technology (remember the infamous “Carnivore” software the FBI developed?(7)).  If your library is not the ISP for your users, such surveillance may take place without your awareness.

And we mustn’t forget that, as a consequence of the USAPA, government agents can simply seize library computers and examine their contents.  Now that FBI operatives are now being encouraged by Attorney General Ashcroft’s revision of the bureau’s guidelines to extend their surveillance activities to public places, including churches and libraries (8), we can  imagine a scenario in which an agent tracks a “suspect” to the library, observes that individual engaged in email or web-surfing, and proceeds to confiscate the computer being used in order to mine its records.

What Should Libraries Do?

In the face of this legislation, libraries might benefit from the following advice:

First, it is true that, in many respects, the USAPA does little more than strengthen the existing powers of government to access patrons’ private library records.  Therefore, if libraries have policies in place which guide staff in responding to subpoenas from grand juries and criminal courts, those policies will serve fairly well in dealing with court orders that stem from provisions of the Patriot Act.  However, the gag order that inevitably accompanies Patriot Act court orders must be addressed in those policies.  In other words, it should be made clear to staff that 1) no matter what may be the nature of the court order that they’re confronted with, it is both legal and essential that they immediately contact the library administrator designated to respond to such orders; 2) they should not, when initially served with an order, supply any information to the agent serving it; 3) it may be illegal for them to inform anyone other than the designated librarian of the fact that an order has been served.  It is also vital that legal counsel be brought into the process quickly to review the order and determine if it is what it claims to be, and to witness the process by which the library abides by the order’s requirements.

Second, libraries should review their record-keeping policies and practices.  To maximize protection of patron privacy, a library should minimize records that connect individually identifiable patrons with specific library activities.  Electronic record keeping must be taken into account; a library must know what sort of records its public-use computers are keeping and for how long they are retained.  Academic libraries that are tied into campus networks must investigate the record-keeping practices of their computer centers.

Third, libraries owe it to their patrons to inform them of the extent to which their activities are subject to surveillance.  It should be made clear what records are kept by the library and are thus available, under court order, for inspection by authorities.  The conditions under which this might occur should be explained, especially so that patrons will understand that it may well be impossible for the library to reveal to the patron who has aroused the curiosity of the authorities that he or she has been investigated.  Also, users of library computers should be told that surveillance of their activities may take place with, and without, the library’s knowledge, if the library is not the internet service provider for its own computers.  

For more detailed, if somewhat overly-elaborate, advice on how libraries should prepare for visits by federal agents, you should visit the Office of Intellectual Freedom’s web page on the subject. (9)

What Have Idaho Libraries Done?

I have talked to the directors and/or staff of five Idaho public libraries and three Idaho academic libraries (10), and to Ann Joslin of the Idaho State Library, regarding the reactions of their libraries to the Patriot Act. 

As most readers will be aware because of her recent posting to LIBIDAHO, Ms Joslin has initiated consultations between her library and a state deputy attorney general in an effort to clarify the legal issues for libraries that arise from the USAPA.  She will shortly issue a revision of the Trustee Handbook that reflects those consultations and designate a State Library staff member as a contact person on this issue.

Among the other libraries I contacted, all were aware of the Patriot Act and its general implications for libraries, and all reported that discussions of the Act had taken place, both among staff and, in several cases, in meetings of trustees.  Only one library had made any special effort to create or modify policies or practices in response to the USAPA.  On the whole, librarians seem to feel concerned about the increased threat to patrons’ privacy, but see little more that they can do to combat it.  Most libraries already have limited record keeping, especially with respect to circulation, though there are varying practices with regard to computer sign-up sheets, ILL request records, and the erasure of computer logs.  Most libraries also have written or unwritten policies which provide instructions to staff on how to respond to court orders demanding access to library records.  Hence, for most libraries, existing policies and practices are felt to be adequate to deal with any court orders generated by the USAPA. 

If your library has responded to the Patriot Act, and you would like to share your thoughts, advice or experiences with readers of the Idaho Librarian, send your comments to the Editor at On My Mind.  (Editor's Note: Comments received within the next two weeks will appear in a revised version of this edition.  Those received after that will appear in the next issue of the Idaho Librarian.

Upcoming Discussion of this topic at ILA Conference

For those interested in a more detailed discussion of the Patriot Act, there will be a program at the upcoming ILA conference, on October 3^rd, that will address not only that legislation, but also the continuing saga of the Children’s Internet Protection Act.  The program will be conducted by Kay Flowers, University Librarian at ISU, and myself.