February 10, 2006 12:00 PM PST
This week in privacy
Gonzales told a Senate subcommittee that agents operating a controversial National Security Agency surveillance program may have inadvertently spied on the e-mails and phone calls of Americans with no ties to terrorists. Gonzales stressed that the program is "narrowly focused" and that adequate steps are taken to protect privacy, though he said he was unable to describe such procedures because of the program's classified nature.
Gonzales shunned all questions that he deemed were about "operational" matters, such as how many people have been subject to the tapping, how the government goes about cooperating with telecommunications companies and Internet service providers from a legal perspective, and whether additional secret surveillance programs have been authorized by the same logic.
But in a sign that political pressure from other Republicans was having an effect, the White House later disclosed details about the program in a secret meeting with members of a House of Representatives intelligence panel. The move comes after a recent spate of criticism from fellow Republicans, including a call this week for a full congressional inquiry from Rep. Heather Wilson, a Republican who heads the subcommittee overseeing the NSA.
In addition, Sen. Arlen Specter, a Pennsylvania Republican, warned on Wednesday that the controversy "is not going to go away" and said he is drafting legislation to bring the NSA's spying under the umbrella of a court created by the Foreign Intelligence Surveillance Act.
Some reports have identified executives at "major telecommunications companies" who chose to open their networks to the NSA. Because it may be illegal to divulge customer communications, though, not one company has chosen to make its cooperation public. Under federal law, any person or company that helps someone "intercept any wire, oral or electronic communication"--unless specifically authorized by law--could face criminal charges. Even if cooperation is found to be legal, it could be embarrassing to acknowledge opening up customers' communications to a spy agency.
A series of interviews with technical experts by CNET News.com during the last few weeks shed some light on how the program may work in practice.
CNET News.com readers were sharply divided on the subject, with discussions and debates running the gamut of topics.
"Every American citizen has the right to know what the people that we pay to look after our interests are doing," wrote Andrew Bright in CNET News.com's TalkBack forum. "We certainly didn't authorize them to spend our money on various data mining and other spying programs that invade our privacy."
A little privacy
A bill announced in Congress would require every Web site operator to delete information about visitors, including e-mail addresses, if the data is no longer required for a "legitimate" business purpose. The proposal, introduced by Rep. Ed Markey, seeks to import European-style privacy regulations by imposing a broad data-deletion requirement. It would apply to every U.S. Web site, even ones run by individuals, bloggers or nonprofit groups and charities.
Markey said the measure would help stop identity theft. "This warehoused personal information about consumers' Internet use should not be needlessly stored to await compromise by data thieves or fraudsters, or disclosure through judicial fishing expeditions," the Massachusetts Democrat said in a statement. Also, Markey said, the bill would help address the issue of search engines storing data about their customers' search terms, a subject that received attention when the Department of Justice subpoenaed Google, Yahoo and other sites for such information.
Another bill in Congress proposes fines of up to $500,000 and prison sentences of up to 20 years for anyone who "fraudulently" acquires and resells records of calls made by a telephone subscriber. But it's not entirely clear that the measure is necessary. The Federal Trade Commission has for decades enjoyed the power to stop "deceptive" business practices, a term that also encompasses fraudulent behavior. In addition, state attorneys general have the ability to file civil and criminal suits to halt illicit business practices.
Congress took particular interest in the topic of phone record privacy after reports that online brokers may be "pretexting"--that is, posing as legitimate customers--to obtain such records and then sell them cheaply on the Web.
Meanwhile, a new law targeting "annoying" e-mail messages and Web posts is being challenged in federal court. The plaintiff, a Web site that lets people send anonymous e-mail for a fee, said the suit was necessary because the law is so broad it makes providing the service a crime.
As reported earlier by CNET News.com, President Bush last month signed into law a massive bill for the Justice Department that includes the new criminal sanctions aimed at Internet communications that "annoy." The law prohibits anyone from posting annoying Web messages or sending annoying e-mail messages without disclosing his or her true identity.