Restoring the Balance between Security and Liberty
In order to restore the balance between security and freedom, President Obama and Congress should take specific steps, including the following:
The President and Congress should work together to enact legislation to update communications privacy laws to account for dramatic advances in technology.
The Electronic Communications Privacy Act (ECPA) sets the standards for government surveillance of email and other communications in criminal cases. Adopted in 1986, ECPA has been outpaced by technology developments. For example, though cell phones can be used to track a person?s location, ECPA does not specify a standard for law enforcement access to location information. E-mail, personal calendars, photos, and address books, which used to reside on personal computers under strong legal protections, now are stored on communications networks where privacy rules are weak or unclear.
President Obama and Congress should work together to enact legislation updating ECPA to strengthen protections against unwarranted government access to personal information.
The President and Congress should ensure that foreign intelligence surveillance is conducted only in full compliance with the Foreign Intelligence Surveillance Act and with appropriate checks and balances to prevent abuse.
While ECPA governs surveillance for criminal purposes, surveillance to gather sound and timely intelligence is also needed to head off terrorist attacks and otherwise to protect the national security. Recent history shows that intelligence gathering powers can be abused. Strong statutory standards, judicial checks and balances, and congressional oversight are critical to protect the rights of Americans and ensure that the intelligence agencies are acting effectively and within the law.
The President should refrain from claiming inherent authority to conduct warrantless surveillance in the U.S. and should affirm that all electronic surveillance conducted in the U.S. for intelligence purposes will conform to the Foreign Intelligence Surveillance Act, which requires a court order when a person in the U.S. is a target of surveillance.
Legislation to relating to the provisions of the PATRIOT Act that expire in 2009 should include measures to restore checks and balances on government surveillance.
President Obama should cooperate with congressional and Inspectors General oversight of intelligence surveillance, starting with a promise to enable and support oversight investigations of warrantless surveillance conducted after 9/11, and Congress should conduct vigorous, non-partisan oversight of the full range of intelligence surveillance programs affecting the rights of Americans.
President Obama should curtail the use of National Security Letters, and Congress should adopt legislation to ensure that NSLs are limited in scope and, in cases seeking sensitive records, issued with judicial approval.
A National Security Letter is a demand by the FBI, issued without prior judicial approval, for sensitive bank, credit and communications records from financial institutions, credit reporting agencies, telephone companies, Internet Service Providers, and others. These records are important to national security investigations, but the PATRIOT Act dramatically expanded the scope of these demands while reducing the standards for their issuance. The Inspector General of the Department of Justice has found widespread errors and violations in the FBI's use of NSLs.
To protect Americans' privacy and focus investigative resources more effectively, the next President should propose, and the next Congress should enact, legislation that would require a court order for access to sensitive personal records.
The President and Congress should adopt a balanced framework for information sharing and analysis for counterterrorism purposes.
Government watch lists, fusion centers, databases, and data mining programs are growing at an alarming pace without adequate safeguards.
Connecting the dots is crucial to preventing the next attack, but inaccurate information and flawed analytic techniques can result in a person being wrongfully treated as a terrorist, with devastating consequences such as arrest, deportation, job loss, discrimination, damage to reputation, and more intrusive investigation.
President Obama should review all information sharing and analysis programs for effectiveness. The President and Congress should bring all information sharing and analysis programs under a framework of privacy protection, due process and accountability.
President Obama and Congress should revisit the REAL ID Act and ensure that all governmental identification programs are necessary and effective and subject to adequate privacy and security protections.
In recent years, the federal government has launched a variety of ID card programs, including most notably the REAL ID. Some of these programs would incorporate biometric and Radio Frequency Identification (RFID) technology without safeguarding the privacy and security of information on the cards or limiting how they can be used by government or commercial entities to track the movements of ordinary Americans. Poorly designed programs could actually contribute to ID theft. The REAL ID program is already showing signs of "mission creep."
The President and Congress should revisit the REAL ID program. If such review justifies continuation of the program, President Obama should amend the REAL ID regulations to adequately protect privacy. If necessary, Congress should amend the REAL ID Act. Congress should amend the Driver's Privacy Protection Act to further protect privacy against both governmental and commercial abuse.
President Obama and Congress should work together to update the Privacy Act; the President should assiduously enforce the Act's protections and those afforded by the E-Government Act of 2002..
The Privacy Act of 1974 -- the main federal law that protects the privacy of personally identifiable information in records maintained by the federal government -- is seriously out of date.
Designed for the mainframe world of 1974, the Privacy Act needs to be updated to reflect the distributed nature of government information systems and the ease with which data maintained by the government or obtained from the commercial sector can be shared and mined.
Congress should adopt legislation to update and strengthen the Privacy Act, including by adopting standards for government use of commercial data. The next President should use Privacy Act exceptions sparingly.
The President should appoint a senior White House official as Chief Privacy Officer, to be an advocate for privacy within the Executive Branch. The Chief Privacy Officer should have a Chief Privacy Officer Council that would consist of the Chief Privacy Officers of each agency united in a structure similar to that of the Chief Information Officer Council.
The Administration should consistently use Privacy Impact Assessments to evaluate and address privacy risks before launching any new systems or programs collecting or processing personal data, and should issue best practices for use of Privacy Impact Assessments.
President Obama should require federal agencies to increase the quality of their PIAs, require regular audits of the largest and most sensitive databasaes with large amounts of sensitive personal information and establish best practices and standards.
