hen Congress passed the USA Patriot Act in those first panicky weeks after 9/11, giving law enforcement more power to track down terrorists, much of the response was either bewilderment or alarm. Many lawmakers who voted for it admitted that they hadn't even had a chance to read the bill. Civil libertarians, newspaper editorial boards and others warned that the new legislation gave government worrisome new powers to pry into peoples' private lives.
While the legislation touched on everything from secret courts to immigration, some Internet provisions created particular anxiety. Right after the act was passed, the Electronic Privacy Information Center, a Washington-based research organization, printed the Fourth Amendment on its Web Site with an epitaph: 1789-2001.
But now a George Washington University Law School professor is arguing that the conventional wisdom — at least as far as the Internet is concerned — is wrong. "Ironically, several of the most controversial amendments may have actually increased privacy protections, rather than decreased them," Orin S. Kerr writes in an article in the Northwestern University Law Review that is due out in February.
Mr. Kerr, whose contrarian position has already drawn fire, states up front that he isn't a neutral observer. He was a trial attorney at the Justice Department's computer crime and intellectual property division from October 1998 through July 2001, during the Clinton and Bush administrations, and had supported an earlier version of some of the surveillance provisions that made their way into the Patriot Act.
Mr. Kerr could be called a loyal ex-insider, a former government official who has come out to defend the Patriot Act. He is a member of what Stewart Baker, another loyal ex who was general counsel of the National Security Agency from 1992 to 1994, describes as the "oh-give-me-a-break-it's-no-big-deal school." The Patriot Act is "not the big change that everybody makes it out to be," Mr. Baker said, but rather like waving "the centerfielder over to the right a couple of yards."
No-big-dealers like Mr. Kerr and Mr. Baker insist that many of the objections are based on a misunderstanding of today's technology and the surveillance laws before the Patriot Act passed.
Since most of those laws were written with the telephone or postal mail in mind, just how they should apply to the Internet has been a murky area, he explains, and both civil libertarians and law enforcement officials have long agreed the law needed updating.
What they can't agree on is precisely what type of information the government should have access to and how hard it should be to get it.
When it comes to the telephone or mail, what is considered off limits under ordinary circumstances — like the contents of one's private communications — has already been pretty well established by the courts. A detective can examine to his heart's content the address on a sealed envelope sent through the mail, but he can't read the letter inside without a search warrant. He can easily get court approval to track telephone numbers called from someone's phone — (known as a pen register) — but much more evidence is needed if he wants a wiretap to listen in on the phone conversation itself.
In the absence of more specific rules, the common practice had been simply to apply the existing laws to comparable information on the Internet. What the Patriot Act did, Mr. Kerr explains, was essentially to turn into law what had already been standard operating procedure.
Such a change deserves more than a "so what?," civil libertarians say. Turning disputed practices into law is an expansion of power, explains Barry Steinhardt, the director of technology and liberty program at the American Civil Liberties Union. And since the courts tend to hand out pen registers like fliers at a subway stop, privacy advocates have long argued that the Internet needed more protection.
Mr. Kerr doesn't disagree that standards for getting a pen register should be tougher. "However, the fact that this section of the Patriot Act could have offered stronger protection shouldn't obscure the fact that as a whole the amendment helped add privacy protections, not reduce them," he writes.
Without the new rules, he said, e-mail and Internet surveillance would theoretically be totally unregulated by federal privacy laws, allowing anyone to stick his nose into many kinds of private Internet communications without any court oversight.
He notes that, at the urging of privacy advocates, the act specifically forbids peeking into "the contents of any communication." What's more, Mr. Kerr argues, the act prohibits people from publishing or leaking the contents of private communications.
Mr. Kerr also takes on critics of what is known as Carnivore, the technology developed by the F.B.I. to monitor Internet communications. Carnivore has been attacked by civil libertarians ever since it was first introduced in July 2000 as a frighteningly powerful eavesdropping tool.
Mr. Kerr insists that surveillance would be much more intrusive without Carnivore than with it. Think about how you would go about identifying the e-mail messages sent by a particular suspect, he says: one way would be to go through every single e-mail message streaming through the network — a gross invasion of everyone's privacy. Carnivore, on the other hand, was designed to pick up only the digitally coded symbols that correspond to a specific e-mail address; everyone else's communications are ignored.
How well Carnivore accomplishes that task — not to mention how easiiy the technology could be abused — is intensely debated. In December 2000, for example, a panel of the country's top computer security experts praised the system but also concluded that "serious technical questions remain about the ability of Carnivore to satisfy its requirements for security, safety and soundness." And Carnivore certainly has the capability of capturing all the Internet traffic that's speeding through a service provider.
Yet aside from debates about the technology, Mr. Kerr writes, "The only provisions of the Patriot Act that directly address Carnivore are pro-privacy provisions that actually restrict the use of Carnivore" — requiring that its use be reported.
Henry H. Perritt Jr., the security panel's leader and a law professor who is now running for Congress as a Democrat in Illinois, agrees that the Patriot Act isn't the problem on this score: "The real bulwark against abuses of eavesdropping technology is an elaborate set of procedures for approving Carnivore and other eavesdropping techniques." Of greatest concern, Mr. Perritt said, is that the White House, by adminstrative fiat, has shifted approval for Carnivore from the assistant attorney general to the field offices, meaning less oversight. Nor has there been any attempt to create an auditing trail that could be checked to make sure that Carnivore isn't abused.
"I would agree that the Patriot Act didn't make things a whole lot worse," he said, "but it was a missed opportunity to make systems like Carnivore a whole lot safer."
Mr. Kerr doesn't deny that the Patriot Act is flawed: some of the language is vague; some critical questions are ignored altogether. Should the government, for example, be able to find out what Web sites you're surfing or what kinds of topics you're plugging into using a search engine like Google?
But then, Mr. Kerr says, "the problem with the Patriot Act is not that it changed too much, but that it answered too little."
To some privacy advocates, though, Mr. Kerr is nitpicking. A provision here or there does not outweigh the Patriot Act's power grab, Mr. Steinhardt said, adding that by making it easier for prosecutors to use information gathered from intelligence wiretaps, for example, the act has the potential "to eviscerate the domestic wiretapping laws." Abuse is already a problem, Mr. Steinhardt said, pointing to a recent opinion by the nation's secret intelligence court that the F.B.I. has misled it 75 times in order to justify wiretap and electronic surveillance.
David Sobel, the general counsel for the Electronic Privacy Information Center, explained that when the constitution was written "a search was a knock on the door, and the presentation of a piece of paper. A person could know exactly what the government agent was authorized to seize, could observe the search and could seek recourse if the search went beyond the court order."
"Once you move into the realm of intercept communication," he explained, the searches are by their nature surreptitious and can't be monitored. That's why "new privacy protections were put in place." he added.
As for the Patriot Act, "Until you really see how government is implementing the law," he said, "it's very much an academic argument."
That is not so easy, however, since the Justice Department has so far refused to hand over information about how it is using the Patriot Act to the House Judiciary Committee, which oversees the department. "It's difficult in an information vacuum to conclusively answer many of these questions," Mr. Sobel added.
Given the resistance to releasing information about the Patriot Act's actual impact, at the moment, it would seem that the privacy the administration is most concerned with is its own.