It was not that long ago that U.S. congressman Spencer Bachus, a conservative Republican from Alabama, was defending Americans' right to privacy against overreaching government surveillance.
"Technology has outrun the law," Bachus said during a July 2000 hearing. He wondered: "What level of monitoring do we, as a country, want to have on private conversations?"
Soon afterward, that House of Representatives committee took the unprecedented step of voting, by a 20-1 margin, to require police to obtain a warrant from a judge before e-mail could be read or mobile phones could be tracked. The legislation even specified that police couldn't use illegally obtained electronic communications as evidence in court.
"This was the first Congress that took privacy seriously," I wrote at the end of 2000, noting that a privacy caucus had formed that year. A consensus seemed to be coalescing around protecting Americans' electronic privacy, coupled with sharp criticism of the FBI's Carnivore wiretapping tool, Byzantine U.S. encryption regulations, and the shadowy surveillance system that became known as Echelon.
After the attacks on the Pentagon and World Trade Center, however, the sentiment in political circles quickly shifted from protecting electronic privacy to facilitating government surveillance. The privacy bill approved by the committee by such a lopsided margin disappeared. Bachus not only voted for the Patriot Act, but he ended up writing part of it.
Can we count on cell networks in disasters?
A decade later, public safety still lacks national network
TechRepublic: IT and life lessons from the South Tower
CBSNews.com: Ten years after 9/11
Other politicians shared his sentiments. The Justice Department "really does want to use cell phones as a tracking device, and that worries a lot of people," said then-Rep. Bob Barr, a Georgia Republican, in September 2000. A year later, Barr voted for the Patriot Act (though later said he regretted it and seems to have experienced a complete change of heart).
The high, or low, points of the next decade are well known: The enactment of the Patriot Act. The creation of the Department of Homeland Security. The National Security Agency's warrantless surveillance, followed by retroactive immunity for communications companies that illegally opened their networks and a whistle-blower who offered disturbing details about the depth of AT&T's involvement.
"Perhaps the biggest systemic change in the way the government conducts investigations since 9/11 is the transition from targeted surveillance--where the government picks a target and spies on that person--to untargeted wholesale surveillance, where masses of people are surveilled," says Kevin Bankston, a senior staff attorney at the Electronic Frontier Foundation. "And then the government decides who it wants to focus on."
In the decades prior to the 9/11 attacks, the FBI generally specialized in targeted surveillance, while the NSA tended to conduct wholesale surveillance of non-Americans.
After September 2001, however, the NSA's electronic ear turned inward. In his book titled "State of War," New York Times reporter James Risen says the NSA has "extremely close relationships with both the telecommunications and computer industries." The Los Angeles Times reported that AT&T has opened its customer information database to the NSA. And USA Today reported that the NSA "has been secretly collecting the phone call records of tens of millions of Americans" from AT&T, Verizon, and BellSouth.
What's not as well known is how much of the preparatory work for that shift toward greater surveillance had begun long before September 2011.
Attorneys at the Department of Justice had spent years drafting the so-called Enhancement of Privacy and Public Safety in Cyberspace Act (PDF), which goes by the awkward and not very memorable acronym of EPPSCA. The Clinton administration forwarded EPPSCA to Congress in July 2000, where it was introduced by Sen. Patrick Leahy (D-Vt.) and met with a generally chilly response.
Leahy himself said, referring to his own bill, that while portions seemed reasonable, "the merits of other provisions in this legislation would benefit from additional scrutiny and debate."
EPPSCA was designed to give police more authority to conduct Internet surveillance, not thwart terrorists armed with box cutters. In a July 2000 speech at the National Press Club on the day the administration sent EPPSCA to Capitol Hill, White House Chief of Staff John Podesta included only a single reference to "cyber-terrorism," and nothing about the non-cyber sort.
But within hours of the 9/11 attacks, the Justice Department had dusted off EPPSCA as a way to respond to bin Laden. On September 13, 2001, two days after the worst terrorist attack in U.S. history, the U.S. Senate approved the "Combating Terrorism Act of 2001," which includes portions copied word-for-word directly from EPPSCA.
Over the next 45 days, the Combating Terrorism Act of 2001 morphed into the Patriot Act, which was broadened to address unrelated topics such as immigration and financial institutions. Portions of EPPSCA survived verbatim.
When the final vote on the Patriot Act was held the following month, members of Congress were required to vote on the bill without time to read it. The measure "has been debated in the most undemocratic way possible, and it is not worthy of this institution," Rep. Barney Frank, D-Mass., said at the time. Rep. Ron Paul, R-Texas, added later: "Almost all significant legislation since 9/11 has been rushed through in a tone of urgency with reference to the tragedy."
Only now, nearly a decade later, does the political pendulum appear to be swinging back to favor privacy. It's being driven by concerns over mobile device tracking, government access to data, airport body scanners--and the Patriot Act itself. Concerns about Facebook privacy and Web security have probably helped. (The ACLU has documented what it calls "widespread abuses" of the 2001 law.)
Accelerating this process are warnings from U.S. senators that the Justice Department has twisted the Patriot Act into a "secret" surveillance mechanism far broader than Americans realize. "I believe that when more of my colleagues and the American public come to understand how the Patriot Act has actually been interpreted in secret, they will insist on significant reforms too," Sen. Ron Wyden, an Oregon Democrat who tried to block the law's renewal, said in May. Sen. Mark Udall, a Colorado Democrat, offered a similar warning.
Industry and civil liberties groups are better organized than they were a decade or so ago. Last year, Apple, Amazon.com, Google, Facebook, IBM, Americans for Tax Reform, the Electronic Frontier Foundation, and others created a coalition to lobby Congress into enacting some of the same privacy protections that almost became law in 2000, including requiring a warrant to read e-mail or tracking someone's location. (CNET disclosed that police were engaging in warrantless tracking of cell phones.)
On the other hand, the FBI and other police agencies aren't exactly eager to relinquish their expanded authority. In April, the Justice Department outlined what amounts to a frontal attack on the coalition, saying its proposals would have an "adverse impact" on criminal investigations. Making location information only available with a search warrant, James Baker, an associate deputy attorney general, told Congress, would hinder "the government's ability to obtain important information in investigations of serious crimes." A DOJ-backed data retention bill was approved by a House committee.
Handicapping where this process will lead is difficult, but it's fair to say that privacy interest is growing, and fears about terrorism are being evaluated in a broader perspective (you're four times more likely to be killed by lightning than by a terrorist, for instance).
Says Bankston, the EFF attorney, on increased surveillance: "It isn't making us safer. Instead, it's adding more hay to the haystack and making it harder for us to find the needle."