If the nation were actually to reach red alert status, odds are the “Privacy Threat Index” color chart at epic.org would be wiped from the virtual world. Red means the government controls everything, the lives of Americans online and off. And the Washington, D.C.-based Electronic Privacy Information Center (EPIC), a watchdog group focusing on privacy and technology, is a frequent critic and courtroom challenger of the surveillance-minded Bush administration.
“Red is somewhere between Gattaca“—the science fiction movie in which the state uses genetics to dictate people’s lives—”and George Orwell’s 1984,” said EPIC executive director Marc Rotenberg. “Red means Big Brother’s in charge.”
But EPIC’s color-coded alert, like the federal “Homeland Security Advisory System” on which it is modeled, is meant to keep the public vigilant and prevent the worst from ever occurring. “There are a lot of things happening at once, and privacy issues tend to be diffuse,” said Rotenberg. “The threat index helps to focus the public.”
The privacy alert debuted last Tuesday, one day before the Department of Homeland Security lowered the nation’s terrorism threat level from a “high” orange to an “elevated” yellow, citing the waning of hostilities in Iraq. The EPIC alert remained at an elevated yellow throughout, because, Rotenberg noted, the government did not scale back its overall monitoring operations even as it announced the decrease in danger.
“The critical point has to be the re-establishment of political freedoms as crisis subsides,” he said. Yet the administration has indicated that “the war on terror is a war without end,” he said, which threatens an equally ominous endlessness to government practices that impinge on people’s privacy. Beneath the gimmick of colors, those practices raise serious questions about when government intrusiveness begins to exceed justifiable national security purposes and inappropriately invade private lives.
The boom in covert surveillance that intelligence officials have reported since 2001 has especially alarmed rights watchers. Since many of the Bush administration’s security initiatives are still nascent, observers like EPIC have looked to the government’s aggressive use of the 1978 Foreign Intelligence Surveillance Act (FISA)—further strengthened by the Patriot Act—for insight into future intentions.
FISA, which applies to foreign spies and suspected terrorists, allows the most powerful government surveillance there is. Agents can examine people’s most intimate communications and actions, while those individuals are powerless to challenge the legitimacy of surveillance even if they are innocent. FISA warrants theoretically contain sensitive national security information, so they cannot be reviewed in legal proceedings, although such reviews are generally a basic due-process right of the accused.
In a March 4 Senate hearing, Federal Bureau of Investigation director Robert Mueller announced that “in the one-year period from September 11  to September 19, 2002, we have obtained more than double the number of emergency FISAs [warrants] as compared to the total number of emergency FISAs we obtained in the prior 23-year history of the FISA statute.” Attorney General John Ashcroft announced at the same hearing that the FBI had sought “over 1,000” FISA warrants in 2002.
The FBI is developing an automated system to rush FISA warrants from issuing judge to agent to Internet provider, telephone company, or other gatekeeper, Mueller said. Even now, once the warrant process is underway, “we can often establish electronic surveillance within hours,” he said.
The FBI has been seeking to expand its Internet monitoring ability under a federal law that requires the development of wiretap-conducive communications. And while Congress has been increasingly critical of the Justice Department’s secretive use of surveillance powers under the Patriot Act, the agency continues to formulate new legislative demands that would increase its capabilities still more.
EPIC cited, among various factors adding up to the “elevated” privacy threat rating, the Justice Department’s continued efforts to use “biometric identifiers”—DNA, fingerprints, facial recognition—to catalog and track noncriminal Americans. Indeed, in an announcement last week that received nearly no press coverage, Ashcroft’s Justice Department said it would push for law enforcement DNA collection to include youth offenders and adult arrestees. Currently DNA, a person’s most vital and private physical information, is required from convicted adults only. Rotenberg said that if Ashcroft succeeds, people arrested for disorderly conduct during a political protest can expect to give up their DNA. So can arrestees who are ultimately deemed innocent.
To the concern of EPIC and other watchdogs, the government’s quest to expand the DNA database coincides with the lowering of accuracy standards for federal crime data. The Justice Department in late March lifted a 30-year requirement that information contained in the FBI’s National Crime Information Center system be correct and up to date. The rule, part of the Privacy Act of 1974, was created to prevent misuse of the system and protect people from law enforcement mistakes. The NCIC database contains over 39 million criminal records—including fingerprints and mug shots, information on stolen property and victims, outstanding warrants, arrest records, and names of suspected terrorists—accessible by over 80,000 law enforcement agencies across the country.
The Justice Department complained that, because of the scope of the database, maintaining accuracy standards had become “administratively impossible.” It claimed that information might not meet established requirements but still be useful to law enforcement and announced that individual investigators would now be freer to “exercise their judgment” in reporting data.
Civil liberties advocates warn of the serious consequences inaccurate crime information can have—and in actual cases has had—for innocent people, jeopardizing jobs, finances, and constitutional rights. EPIC’s online petition to restore data standards cites one instance in which “a Los Angeles man was arrested five times, three at gun point, due to an error in the NCIC.” An average of 2.8 million NCIC transactions are processed each day, according to EPIC.
Despite its laundry list of privacy concerns, EPIC restrained itself in rating the government last week. Said Rotenberg, “The reasons we didn’t want to set the level higher than yellow is, things could get a lot worse.”
Below yellow is blue, or “guarded,” or, said Rotenberg, “the pre-Patriot Act level.” Mildest on the threat index is green for “low,” which EPIC envisions not just as the absence of government intrusion but the presence of affirmative individual protections, such as technology that ensures online privacy and legislation that guarantees the confidentiality of personal information.
Above yellow is a “high” threat orange. Presumably, yellow would get redder if some of the Bush administration’s current efforts bore fruit, such as expanding the DNA database and creating the so-called Patriot Act II to expand surveillance powers.
EPIC hopes other online watchdogs will feature its privacy alert chart, downloadable from its Web site. Individual civil liberties enthusiasts can place the chart on their desktops and regularly reload it to track changes over time, Rotenberg said, although some basic HTML knowledge is required.
But the goal is not to promote individual paranoias. Said Rotenberg, concerned citizens ought to “organize and act politically.” There is nothing high-tech about his prescription for protecting the right to privacy: “Contact your Congress member and express your opinion.”