Congress and the Bush administration have been wrangling since 9/11 about expanding the executive branch's wiretapping powers, including the search and seizure of data traffic. The fights aren't over whether to give the government more power, but rather how much.
Can the FBI, for example, compel private parties to disclose a user's Internet activities on the basis of a letter that also gags the recipient from mentioning the letter? Can the National Security Agency search through phone and data traffic on the basis of so-called "basket warrants" that don't specify who is being targeted or what information is being sought?
To understand all the electronic surveillance laws that may apply to them, IT executives would need to plow through a large and growing body of highly technical material, including the Patriot Act, the Foreign Intelligence Surveillance Act (FISA) and the Electronic Communications Privacy Act. Just this year, the Protect America Act immunized companies complying with FISA orders from private lawsuits but only going forward and only until February. Now, Congress is debating the Restore Act, which would give the courts more oversight when it comes to the expanded FISA powers.
Let's simplify the mess. The Supreme Court ruled in 1968 that intercepting a phone call (and, later, data traffic over public or private networks) was a "search and seizure" within the meaning of the Fourth Amendment and therefore required a warrant.
A specific warrant, one that identifies who is being searched and what is being seized, issued and overseen by a neutral judge on the basis of probable cause, is a bedrock principle of American law. Indeed, the Boston Tea Party was a protest against unchecked enforcement powers given to British colonial agents to enforce taxes on documents.
But the Fourth Amendment only applies within the U.S. If the communications involve only non-Americans and take place outside the U.S., FISA permits broad searches with minimal supervision. The problem is that bits don't understand borders. Lots of communications and data traffic passes through computers in the U.S. even when the parties are elsewhere. And identifying who is planning a terror attack, let alone where that person or group is located, is understandably a challenge for intelligence agents in the digital age.
On the other hand, the colonists were right to revolt over the unchecked power of an executive to do what it wants, whether in the name of orderly government, tax collection or anti-terrorism. Even with the best intentions, governments that operate in secrecy and without judicial oversight quickly descend into totalitarianism.
Telecommunications providers, ISPs and others in the communications industry are already caught in the middle, and it isn't clear how they should respond to government requests for customer records and other access. One airline fired its CIO for turning over customer information to the feds, and a pending lawsuit by the ACLU puts many more companies at risk.
Bottom line: CIOs should support efforts to restore judicial oversight to the search and seizure of information. It's not only in the best interest of your job, but of your company and the nation.
Larry Downes is a Fellow with the Stanford Law School Center for Internet and Society.