Corporate Counsel The Metropolitan ® www.metrocorpcounsel.com Volume 13, No. 7 © 2005 The Metropolitan Corporate Counsel, Inc. July 2005 Project: Homeland Security – Law Firms Renewing The USA Patriot Act – What Every Business Should Know Michael D. Ricciuti KIRKPATRICK & LOCKHART NICHOLSON GRAHAM LLP In the wake of September 11, Congress passed the USA PATRIOT Act (described in this article as “the Act”). Among other things, the Act changed how the government investigates two types of cases – intelligence cases involving terrorism or espionage, and traditional criminal cases involving all manner of alleged violations of federal criminal law. In critical part, the Act provided new tools for investigators in both types of investigations and established a new information-sharing approach in terrorism matters, a fundamental change in practice. Since the Act was passed, it has generated intense controversy. That conflict has reignited, as several of the Act’s sections, scheduled to expire (or “sunset”) on December 31, 2005, are under review in Congress. Business should keep an eye on the debate over three of these Sections of the Act, which changed the government’s investigative scheme in ways that may affect almost any company. Two of these provisions concern the manner by which the government can demand information from business – Section 209, authorizing criminal courts to issue search warrants for voice mail messages, and Section 215, expanding the power of the Foreign Intelligence Surveillance Act Court (“the FISA Court”) to order business to produce documents and tangible things. One other section provided new rights to business – Section 217, which allows a business which is victimized by a computer hacker Michael Ricciuti is a Partner in the Boston office of Kirkpatrick & Lockhart Nicholson Graham LLP, and is a former federal prosecutor and Chief of the Anti-Terrorism and National Security Section in the U.S. Attorney’s office in Boston. Michael D. Ricciuti to request law enforcement help to monitor the hacker’s communications over the compromised computer. This article discusses all three of these provisions and reviews their place in the federal investigatory system. 1. Section 209: Voice Mail Messages Prior to the Act, it was difficult for law enforcement officers to seize voice mail messages left on cellular telephones or landlines. This was because voice mail were treated like live telephone calls. Monitoring of live telephone calls is recognized under federal law as a very serious intrusion into privacy – and is thus subject to very stringent procedures. Including voice mail messages in this category made discovery of them extraordinarily difficult. Some brief background may be helpful. Criminal investigators have several investigative tools at their disposal. One way of categorizing them is in terms of the level of privacy intrusion they entail. Records of historical activity which do not reveal the substance of communications – for example, telephone toll records – receive a low level of protection from seizure. Agents typically obtain this information with Grand Jury subpoenas, which are easily obtained from federal prosecutors without judicial approval. Governmental intrusion into locations where there is an expectation of privacy – a residence or post office box, for instance – represents a far more significant privacy intrusion. Investigators typically must obtain a warrant to search these locations. Search warrant applications are relatively short, can be obtained quickly if necessary, and are usually submitted to federal magistrate judges. Government wiretapping – monitoring private “wire communications” (telephone calls, Internet chats) in real time – is a special case. Because this surveillance is extremely invasive, the law places more significant demands on investigators to justify wiretaps than apply in the case of a search warrant. To obtain a wiretap order – known as a “Title III” order, named for the section of the Omnibus Crime Control and Safe Streets Act of 1968 which created these procedures – investigators must, among other things, make a more detailed showing of probable cause than is required for a search warrant and must also show that normal investigative techniques (e.g., subpoenas and search warrants) have failed in achieving the goals of the investigation, appear unlikely to succeed, or would be too dangerous to even try. Criminal agents and federal prosecutors must also obtain approval to seek a wiretap from the local agency supervisors and U.S. Attorney supervisors, as well as to supervisors at agency headquarters and the Justice Department in Washington. Ultimately, a wiretap application and supporting documentation – often comprising a hundred pages or more – is presented to a federal district court judge for approval. As this description suggests, the process for obtaining a wiretap is demanding and slow. Prior to the Act, voice mail messages were treated like live telephone calls, and could only be accessed under the cumbersome Title III procedures. In contrast, law enforcement offi- Please email the author at mricciuti@klng.com with questions about this article. Volume 13, No. 7 © 2005 The Metropolitan Corporate Counsel, Inc. cers could seize tapes found in answering machines with search warrants, and could seize email messages with search warrants or, in some cases, court orders, all without highlevel approval. The Act treats voice mail messages like answering machine tapes, and allows investigators to obtain voice mails with search warrants. Not surprisingly, the Justice Department is seeking to extend this ability, emphasizing the speed of the search warrant procedure, a particularly important attribute in seizing easily-deleted voice mails. Critics of this section contend that Section 209 improperly reduces the privacy of voice mail messages. If they prevail, the cumbersome Title III procedure will again govern the seizure of voice mails. 2. Section 215 – FISA Orders For Records And Tangible Things Plainly the most controversial of the Act’s provisions, Section 215 expanded the FISA court’s authority to issue orders to business for records and tangible things in certain international terrorism or spying cases. To understand how these orders are used, and the nature of the debate regarding them, the federal intelligence gathering system must be explored briefly. Both before and after the Act, the government pursued two types of investigations in international terrorism or espionage cases – criminal investigations and intelligence investigations. With some exceptions, criminal terrorism and spying investigations are conducted just like other criminal investigations, with the ultimate goal being the indictment and prosecution of defendants. Intelligence investigations have different goals and use a different set of tools. These cases often rely on classified information, and seek to protect national security by gathering foreign intelligence information about foreign powers (like foreign countries or international terrorist groups) or agents of foreign powers (spies or terrorists). Criminal prosecution is not necessarily a goal of these investigations. Indeed, because of the sensitivity of these cases, public prosecutions and trials of spies or terrorists pose significant obstacles. Although intelligence investigators use some of the same investigative techniques as criminal investigators, the process by which these tools are brought to bear is quite different. Take, for instance, a wiretap. Like a criminal investigator, an intelligence investigator can obtain a wiretap for intelligence purposes, but only from the FISA Court in Washington. Created pursuant to the Foreign Intelligence Surveillance Act of 1978, the FISA court is staffed by seven regular federal district court judges appointed to serve part-time by the Chief Justice of the Supreme Court. It reviews FISA wiretap applications. These applications are classified and must be approved at the highest levels of the FBI and Department of Justice before submission to the FISA court. Applications for a FISA wiretap are extraordinarily detailed, like a Title III application. They must show, among other things, that the requested wiretap is targeted at a foreign power or an agent of a foreign power; that a significant purpose of the wiretap is to obtain foreign intelligence; and the information cannot reasonably be obtained by normal investigative techniques. The FISA court can also authorize the seizure of certain business records for foreign intelligence purposes. Such orders are classified, and recipients of them cannot disclose “to any ....person...that the [FBI] has sought or obtained” materials using them. Prior to the Act, these orders were limited in scope. Only records, and not tangible items, could be the subject of an order; only common carriers (car and truck rental companies), public accommodation facilities (hotels or motels), and physical storage facilities could be served with such orders; and the FISA court had to find “specific and articulable facts” that the person to whom the records pertained was a foreign power or agent of a foreign power. Section 215 changed each of these three limitations. Section 215 brought tangible items within the scope of a FISA order; expanded the universe of recipients of such orders to include all manner of businesses; and eliminated the specific and articulable facts requirement. Under the Act and a subsequent further amendment, FISA orders are currently available if they are “sought for an authorized investigation ... to obtain foreign intelligence information not concerning a United States person [essentially a citizen, lawful permanent resident, or American corporation] or to protect against international terrorism” or spying, so long as any investigation of a United States person is not based solely on protected First Amendment activity. Section 215 has been the subject of intense dispute. One of the frequently-made arguments against this Section is the fear that it could be used to obtain user records from public libraries reflecting patrons’ reading habits. Although Section 215 makes no mention of libraries, there is little dispute that a FISA order under Section 215 could be directed to a public library under appropriate facts. Even though the Department of Justice has not requested an order directed at a library, this debate goes on. One important issue is not disputed, however. Both sides agree that the recipient of a FISA order can disclose it to his or her attorney and challenge the order in court. Attorney General Alberto Gonzales has indicated that the law on this point is not as clear as it could be, and that the Justice Department would support technical amendments to eliminate this ambiguity. Were this provision to sunset, the Department would revert to using FISA orders as previously limited, and would rely more heavily on “national security letters” (NSLs). NSLs July 2005 are written requests for information in intelligence cases. Previously, they could be used to obtain business records from banks, credit reporting agencies and communications carriers. Recent laws permit NSLs to be served on credit card companies, car dealers, real estate agencies, stock brokers, jewelers and other businesses which often deal in significant amounts of cash. Whether these will be adequate for the Justice Department promises to be a matter of strong dispute in Congress. 3. Section 217: Computer Trespassers Section 217 allows the government to monitor and intercept the communications of a computer trespasser over a protected computer. The Section defines a computer trespasser as someone who has unauthorized access to the computer and excludes someone with a contractual relationship with the service provider. A protected computer is, in essence, a government computer or one used in or affecting interstate or foreign commerce. With the advent of the Internet, this Section casts a broad net. Under the Act, the government is authorized to monitor the communications of a computer hacker if four requirements are met: (1) the operator of the protected computer authorizes it; (2) the investigator (a person acting under color of law) is lawfully engaged in an investigation; (3) the investigator has reasonable grounds to believe the contents of the hacker’s communications will be relevant to the investigation; and (4) only the communications to and from the hacker are intercepted. A computer trespasser has no reasonable expectation of privacy in his communications over the hacked system, so that monitoring of the hacker’s communications does not violate the Fourth Amendment. Nevertheless, critics of the Section claim that it allows the government and computer operator to determine whom to surveil, perhaps without any notice to the alleged trespasser. The Department responds by noting that Section 217 gives computer operators the same rights as a landowner when confronting a trespasser – the right to call in the government and help identify and expel the trespasser – and only permits, and does not require, a computer operator to ask for governmental help. Prior to the Act, it was unclear they could do so. If this provision sunsets, that lack of clarity will return. 4. Conclusion Whether these provisions are renewed makes a difference to business. With the focus on terrorism and national security, business increasingly should expect to receive search warrants or FISA orders in these cases. And with the explosion in computer hacking crime, business also should increasingly expect to respond to these crimes. Business thus should be aware of its rights and obligations in these cases, and how Congress changes them – or doesn’t – in the coming months.