The document discusses how the USA PATRIOT Act and international laws affect law enforcement access to data stored in the United States. It notes that the PATRIOT Act amended existing laws to make law enforcement tasks easier and allow more readily accessible to communications data. However, it also aims to enhance public safety, and privacy protections still apply. Additionally, most developed countries have similar investigative powers that can access data within their borders, just as U.S. laws can access any data stored within the U.S., regardless of the data's origin.
Website and Social Media Archiving: A Growing Necessity for Government AgenciesPageFreezer
Government agencies are publishing more information online, communicating through social media, and opening data using web tools. But they are responsible for preserving their online activities in order to comply with records retention laws and be prepared for FOIA requests. This paper examines the necessity and benefits of web archiving for agencies, and presents effective solutions.
Our yearly INFOMAGAZINE features technical articles and covers the latest technology advancements, innovative projects, new products, service capabilities, business news and market developments covering all aspects of the IT protection, optimization and control.
In this issue we are FOCUSING ON GDPR COMPLIANCE, new technologies such us protection against cryptolocker, advanced threats, monitoring and optimization tools, cryptography trends and many more… all missing pieces of puzzle in user’s IT and idea to offer partners and costumers new technologies for successful planning.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
Website and Social Media Archiving: A Growing Necessity for Government AgenciesPageFreezer
Government agencies are publishing more information online, communicating through social media, and opening data using web tools. But they are responsible for preserving their online activities in order to comply with records retention laws and be prepared for FOIA requests. This paper examines the necessity and benefits of web archiving for agencies, and presents effective solutions.
Our yearly INFOMAGAZINE features technical articles and covers the latest technology advancements, innovative projects, new products, service capabilities, business news and market developments covering all aspects of the IT protection, optimization and control.
In this issue we are FOCUSING ON GDPR COMPLIANCE, new technologies such us protection against cryptolocker, advanced threats, monitoring and optimization tools, cryptography trends and many more… all missing pieces of puzzle in user’s IT and idea to offer partners and costumers new technologies for successful planning.
6 Lesson GDPR Booklet from Varonis to help stay get compliant and stay compliant.
-Locate your sensitive data
-Prevent data breaches
-Rapidly alert to suspicious behavior
-Build long-term data Security
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
Several companies may be well on the way to define how to handle GDPR compliance for structured data. But many companies still haven't come up with a good way to handle GDPR compliance for unstructured data..
This whitepaper provides the main information about unstructured data and the Xenit solution to manage documents under the regulation.
The FTC’s Revised COPPA Rules (Stanford Presentation)WilmerHale
This panel discussion explored topics including:
- Expanded definition of “personal information”
- Application of expanded definition of “personal information”
- Strict liability for child-directed websites and services
- Third-party liability and the “actual knowledge” standard
- Third-party social media plug-ins, ad networks, and analytics
- Age screening
- Mechanisms for obtaining parental consent
- Practical impacts of the COPPA rules (e.g., on content, parents, states)
- Privacy policy and parental notice requirements
- Security and retention of children’s personal information
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryPageFreezer
Financial firms, investment advisors, and others in the financial industry must employ good retention practices to remain compliant with rules from FINRA, SEC, and other regulators. The emerging solution to retaining perfect copies of online activity is web archiving. Social media should be archived too! This paper examines the necessity and benefits of archiving, and presents effective solutions.
USA and Europe (EU) do have a different way of looking into privacy. This PPT is about who is responsible and what kind of rules are in place. This is a A Medved Consultants LLC Presentation. This may not be considered as a legal advice.
A general talk on privacy in early 2009, with quite a few slides summarizing the US National Research Council\'s report "Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment" that was issued in late 2008
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
Reports of data security breaches conjure up images of anonymous computer hackers sitting in a darkened room,
fingers flying over a key board in an effort to hack into a computer system to find valuable information to exploit.
Not long ago, most of us considered these breaches to be infrequent and likely targeted at information much more
commercially unique than the average consumer data stored by most businesses.
Legal & General Surveying Services have published an article in their magazine Perspective on The General Data Protection Regulation (GDPR), due April of next year, which will govern how businesses process individuals’ data across all EU member countries, eventually replacing the UK’s Data Protection Act.
Several companies may be well on the way to define how to handle GDPR compliance for structured data. But many companies still haven't come up with a good way to handle GDPR compliance for unstructured data..
This whitepaper provides the main information about unstructured data and the Xenit solution to manage documents under the regulation.
The FTC’s Revised COPPA Rules (Stanford Presentation)WilmerHale
This panel discussion explored topics including:
- Expanded definition of “personal information”
- Application of expanded definition of “personal information”
- Strict liability for child-directed websites and services
- Third-party liability and the “actual knowledge” standard
- Third-party social media plug-ins, ad networks, and analytics
- Age screening
- Mechanisms for obtaining parental consent
- Practical impacts of the COPPA rules (e.g., on content, parents, states)
- Privacy policy and parental notice requirements
- Security and retention of children’s personal information
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryPageFreezer
Financial firms, investment advisors, and others in the financial industry must employ good retention practices to remain compliant with rules from FINRA, SEC, and other regulators. The emerging solution to retaining perfect copies of online activity is web archiving. Social media should be archived too! This paper examines the necessity and benefits of archiving, and presents effective solutions.
USA and Europe (EU) do have a different way of looking into privacy. This PPT is about who is responsible and what kind of rules are in place. This is a A Medved Consultants LLC Presentation. This may not be considered as a legal advice.
A general talk on privacy in early 2009, with quite a few slides summarizing the US National Research Council\'s report "Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment" that was issued in late 2008
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
Reports of data security breaches conjure up images of anonymous computer hackers sitting in a darkened room,
fingers flying over a key board in an effort to hack into a computer system to find valuable information to exploit.
Not long ago, most of us considered these breaches to be infrequent and likely targeted at information much more
commercially unique than the average consumer data stored by most businesses.
https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
Statement of Michelle Richardson, Director, Privacy & Data
Center for Democracy & Technology
before the
United States Senate Committee on the Judiciary
GDPR & CCPA: Opt-ins, Consumer Control, and the Impact on Competition and Innovation
March 12, 2019
On behalf of the Center for Democracy & Technology (CDT), thank you for the
opportunity to testify about the importance of crafting a federal consumer privacy law that
provides meaningful protections for Americans and clarity for entities of all sizes and sectors.
CDT is a nonpartisan, nonprofit 501(c)(3) charitable organization dedicated to advancing the
rights of the individual in the digital world. CDT is committed to protecting privacy as a
fundamental human and civil right and as a necessity for securing other rights such as access to
justice, equal protection, and freedom of expression. CDT has offices in Washington, D.C., and
Brussels, and has a diverse funding portfolio from foundation grants, corporate donations, and
individual donations.1
The United States should be leading the way in protecting digital civil rights. This hearing
is an opportunity to learn how Congress can improve upon the privacy frameworks offered in
the European Union via the General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA) to craft a comprehensive privacy law that works for the U.S. Our
digital future should be one in which technology supports human rights and human dignity. This
future cannot be realized if people are forced to choose between protecting their personal
information and using the technologies and services that enhance our lives. This future depends
on clear and meaningful rules governing data processing; rules that do not simply provide
1 All donations over $1,000 are disclosed in our annual report and are available online at:
https://cdt.org/financials/.
2
people with notices and check boxes but actually protect them from privacy and security
abuses and data-driven discrimination; protections that cannot be signed away.
Congress should resist the narratives that innovative technologies and strong privacy
protections are fundamentally at odds, and that a privacy law would necessarily cement the
market dominance of a few large companies. Clear and focused privacy rules can help
companies of all sizes gain certainty with respect to appropriate and inappropriate uses of data.
Clear rules will also empower engineers and product managers to design for privacy on the
front end, rather than having to wait for a public privacy scandal to force the rollback of a
product or data practice.
We understand that drafting comprehensive privacy legislation is a complex endeavor.
Over the past year we have worked with partners in civil societ.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Legal Issues in Mobile Security Researchmarciahofmann
I gave this talk at CanSecWest in 2012. Abstract:
This presentation will identify and discuss sticky legal problems raised by researching the security of mobile devices. Using American law as a jumping-off point, I'll discuss common legal issues that arise in mobile security research such as jailbreaking, reverse engineering, and interception of communications. We'll also talk about practical ways to reduce the risks of your research so that you can go about your work with less potential for legal trouble.
Understanding Internet of Things - White Paper on Device ChoicesDavid J Rosenthal
As stated in the press, at conferences, and in publications , the Internet of Things (IoT) represents a huge opportunity across industries and customer segments. The paper “Building the Internet of Things”, which is available at http://aka.ms/iotwhitepaper discussed a broad set of topics associated with building IoT solutions. This paper is a follow on to that earlier paper and focuses on the "things" within IoT solutions.
First, it explains the concept of smart objects that contain devices, sensors and actuators, the combination of which will gather, process, send and receive data. Smart objects may or may not interact with a local gateway, which is sometimes used to provide external communication capabilities or provide local processing.
This paper also explains the set of considerations for device capabilities, and how they affect an overall solution. These considerations include cost, communications requirements, power availability, security requirements, and compute capacity. Next, it explains the options for device connectivity and the implications of choosing between common options.
Security in the IoT is critical, and a failure to consider security early in IoT design can lead to unfortunate and even catastrophic hacks that often end up in the news, potentially impacting human lives. Because overall system security starts at the device itself, the paper offers a set of device security principles and provides guidance on how to address those principles.
Interoperability in the IoT is also important today, and will continue to grow in mindshare and be seen as a critical requirement for emerging devices. This paper discusses standardization efforts, including the AllSeen Alliance, Open Interconnect Consortium, and several others. All of these efforts have strong industry supporters, but with the exception of AllSeen they are in their early stages. Although AllSeen and OIC are currently dominant, it’s too soon to call out a clear leader.
The final section of the paper discusses some example prototyping devices, their capabilities and some of the considerations when going from prototype to production.
This paper will give the reader a broad understanding of many of the aspects of device design for IoT solutions. For decision makers planning projects, this paper helps with scoping and knowing where more research is required to lay the groundwork for a successful IoT project.
The future of the world is dependent on the advancement of the agriculture industry. Advancements in technology involve data; this presentation will overview the legal aspects of Agriculture Technology Provider Contract terms and compliance regulations.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
An Indian Outline on Database ProtectionSinghania2015
One Business Processing Outsourcing company of India was in the eye of storm when one of its employees sold confidential financial information relating to customers of few British banks to an undercover reporter from the British tabloid ‘The Sun’. The incident sparked off a debate among the offshore industry circles, media and the legal world for the need of specific legislation for the protection for personal data in India which is absent currently.
Internet Privacy Essay
Internet Privacy Essays
Internet Privacy
Essay On Internet Privacy
Internet and Personal Privacy Essay
Essay on Internet Privacy
Internet Privacy Essay
Internet Privacy.
Internet Privacy Essay
Internet Privacy Analysis
Desktop Enterprise Agreement Business Value for the BDM
Perkins Analysis on US Patriot
1. E-Mail Privacy
How the USA PATRIOT Act and International Laws Affect Law Enforcement
Access to Data Stored in the United States
Microsoft Corporation and Michael Sussmann, Perkins Coie LLP
Published: September 9, 2009
Abstract
The USA PATRIOT Act is neither the savior nor demon it has been portrayed to be. Rather, it is
a collection of amendments to existing laws that seek to enhance public safety. In certain
instances, law enforcement's tasks are made easier and communications data is more readily
accessible. Like all U.S. laws, the Patriot Act applies equally to every company doing business in
the United States – whether U.S.-based or not – and most developed countries have similar
investigative powers that also reach every company that conducts business within their borders.
3. Contents
Contents.....................................................................................................................................................3
The USA Patriot Act and Access to Data.................................................................................................4
Applicability of U.S. Laws to Things Within U.S. Borders......................................................................5
U.S. Laws Amended by the Patriot Act....................................................................................................5
Privacy Protection for Any Disclosure of Data ......................................................................................6
International Laws Similar to the U.S. PATRIOT Act..............................................................................7
U.S. Privacy Protections Meet or Exceed Those of Other Countries....................................................7
Summary....................................................................................................................................................9
3
4. The USA Patriot Act and Access to Data
The USA PATRIOT Act ("Patriot Act") has been in the headlines, on and off, since the September 11,
2001 attacks. It has been championed and vilified, alternatively, as either enhancing the government's
abilities to protect public safety or as unnecessarily eroding civil liberties and basic privacy rights. For
many, the Patriot Act has become a rallying point and catchall phrase for government overreaching.
What is most controversial about the Patriot Act is that it makes lawful government surveillance and
access to stored data easier in certain instances. Indeed, the law was created to enhance the abilities of
the U.S. government to prevent, detect, and investigate terrorist acts. However, from the time the
legislation was signed into law through the time of its reauthorization, people have debated the
reasonableness of many of these changes.
Unfortunately, most commentators have not read the Patriot Act and many cannot accurately describe
more than a few of its provisions. And that is no wonder: the Patriot Act and its reauthorizing legislation1
make up 217 pages of text. So, what exactly is the Patriot Act and is there a basis for all the controversy?
The USA PATRIOT Act was signed into law by President Bush on October 26, 2001. Its title stands for
“Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct
Terrorism.” Most of the Patriot Act is a compilation of amendments to other existing laws.
One of the main sections of the Patriot Act deals with government access to electronic data. These
provisions do such things as require cable providers who offer communications services to comply with
the same investigative procedures that apply to telephone companies and Internet service providers;
make the standard for government access to stored voice-mail messages the same as for access to
stored e-mail messages; expand the list of basic subscriber information that can be obtained with a
subpoena to include payment information for the account; allow for voluntary disclosure of data (without
legal process) in emergencies “involving immediate danger of death or serious physical injury”; and allow
nationwide applicability for court orders and search warrants that are issued from a particular jurisdiction.
It is true that, under some circumstances, the Patriot Act makes it easier for the U.S. government to gain
access to a customer’s data. For example, the Patriot Act streamlined certain legal requirements and
procedures. The government can now use a single search warrant, obtained from a federal judge, to
order disclosure of data held by communications providers in multiple states, instead of having to seek
separate search warrants (from separate judges) for providers that are located in different states. The
Patriot Act also lowered certain legal requirements to make them more uniform. By the same token, the
Patriot Act also made certain things "easier" for ISPs and other communications providers, in that it made
certain ambiguous or disputed requirements uniform and clear. One example is the uniformity regarding
stored voice mail. Another example is the clear authority in the new computer trespass provision for a
provider, if it chooses, to invite law enforcement onto its premises to assist with the investigation of an
ongoing computer intrusion or attack.
1
With a number of the most controversial parts of the Patriot Act set to expire after five years, in March
2006 President Bush signed legislation to reauthorize it, making permanent several “sun-setting
provisions,” extending two provisions until 2009, and incorporating a number of new rights protections.
4
5. Applicability of U.S. Laws to Things Within U.S. Borders
Many people ask whether data stored in the United States by Microsoft or one of its competitors would be
subject to the Patriot Act. While the short answer is “yes,” the longer and more relevant answer is that
any data stored in the United States is subject to all of the laws of the United States. Likewise, goods or
tangible objects that are located in the United States and persons residing in the United States are all
subject to all of the laws of the United States – not just the Patriot Act. By virtue of physically being in the
United States, these things and people are subject to the jurisdiction of U.S. law enforcement and the
U.S. courts, as well as third-party legal process in any civil matter. It is that simple. If you or your things
are here, you can be investigated by the government or sued, and your property can be examined and/or
seized through lawful means.
As you might imagine, the same situation exists for data stored in another country. Data stored in the
United Kingdom, for example, would be subject to all of the laws of the United Kingdom. By virtue of
being located there, the data would be subject to the jurisdiction of British law enforcement and British
courts. The data could be examined and/or seized through any means available under British law. The
point is, data stored in any particular country will be susceptible to access by that country’s government.
If you store data in Country X, the government of Country X will have greater access to that data than
would any other country.
U.S. Laws Amended by the Patriot Act
Since the Patriot Act largely is just a large collection of amendments to other laws, in the context of
government investigations involving electronic data, it is helpful to explain briefly what those other laws
are.
The three main laws concerning government access to electronic data are:
• the Electronic Communications Privacy Act (“ECPA”) (18 U.S.C. § 2701);
• the Pen Register and Trap-and-Trace Statute (“Pen/Trap”) (18 U.S.C. § 3121); and
• the Wiretap Act – commonly referred to as “Title III” (18 U.S.C. § 2510).
The ECPA defines the circumstances under which the government can demand disclosure of stored
communications and other stored data, and it sets increasingly difficult legal standards for the government
to gain access to each of three successive categories of stored data: subscriber information; information
about the source and destination of communications (e.g., who is e-mailing whom); and the content of
communications. The Pen Register and Trap-and-Trace statute concerns real-time access to non-
content information regarding the source and destination of communications (e.g., who is e-mailing
whom). And Title III concerns real-time government interceptions of the content of communications, and
it has the most stringent legal standard and procedures to meet.
Those are the main laws that the U.S. government would use to access data in the United States. But
there are also legal processes available to the U.S. government if, for example, it wants access to data
stored by a Microsoft competitor in Canada. Suppose "CanadianStorage" were a competitor of Microsoft
based in Canada, with data storage in Canada, but with a sales office, servers, or personnel physically
located in the United States. Under those circumstances, U.S. law enforcement could serve a subpoena,
court order, or search warrant on CanadianStorage's U.S. office and demand that it retrieve the data from
its servers in Canada and provide that data to U.S. law enforcement. (This is sometimes referred to as a
“Bank of Nova Scotia subpoena” because of a case by that name that ruled (favorably) on the
5
6. government’s powers in this regard.)2
If, on the other hand, CanadianStorage was located in Canada, stored its data in Canada, and had no
presence (e.g., sales office or employees) outside of Canada, then the United States would have to seek
the assistance of Canadian law enforcement to gain access to CanadianStorage data. In that case, U.S.
law enforcement would make a request to Canadian authorities for mutual legal assistance. The
Canadians would get a court order, serve it on CanadianStorage, and then send that data back to U.S.
authorities.3
Of course, law enforcement can also simply demand that the customer/user produce the stored records –
even if such records are stored in another country. If someone living in the United States was storing his
or her data with CanadianStorage – with the data on servers in Montreal – U.S. law enforcement could
serve a grand jury subpoena on the person in the United States for production of the records stored in
Canada. Such subpoena would seek all records in the person's "possession, custody, or control." If the
person refused, a judge would issue an order to compel production and, if the person still refused, he or
she could be found in contempt of court and jailed.4
Privacy Protection for Any Disclosure of Data
Many people wonder what the U.S. government can do with data it receives through these laws and legal
procedures. U.S. privacy protections ensure that evidence obtained through investigative means can only
be used for official purposes and generally cannot be used for purposes beyond the scope of the
investigation. While investigative information is usually kept from public view, information that is needed
for trial or for public filings, such as indictments, will thereby enter the public domain.
It is worth noting that the United States does not share with U.S. businesses any data it collects through
investigations. In fact, there are criminal and civil penalties for such unlawful disclosures. For example,
the Electronic Communications Privacy Act provides that "[a]ny willful disclosure of a 'record' . . . obtained
by an investigative or law enforcement officer, or a governmental entity, pursuant to [this statute or the
Pen-Trap statute] that is not a disclosure made in the proper performance of the official functions of the
officer or governmental entity making the disclosure is a violation of this chapter."
One thing that is hard to predict or guarantee is whether a Microsoft customer would know if he or she is
the subject of an investigation and if the U.S. government has sought his or her customer records from
Microsoft. Such notice would depend on the specific investigation. Some investigative processes require
notice to a customer. For example, under certain circumstances, if the government uses a subpoena or
court order to obtain communications stored by Microsoft, the government must give prior notice to the
customer. (See 18 U.S.C. § 2703(b)(1)(B).) Other investigative processes, such as those filed under
seal with the court, forbid notice to the customer. Still others are silent on notice and the provider may
notify the customer on its own.
2
Likewise, if Microsoft stored its data in the United States but maintained a sales office in Toronto,
Canadian law enforcement could serve a court order on the Toronto office, demanding that records stored
in the United States be produced.
3
And the same is true, in the reverse, about Canadian law enforcement seeking data stored in the
United States: they could make a mutual legal assistance request asking the United States to obtain and
turn over to them data that is stored in the United States.
4
The reverse also would be true for a person in Canada, with data stored in the United States, who was
served legal process by the RCMP.
6
7. International Laws Similar to the U.S. PATRIOT Act
While the Patriot Act has received a lot of national and international media attention, the United States is
far from the only country to seek such laws. For example, in 2000, the United Kingdom enacted the
Regulation of Investigatory Powers Act of 2000 ("RIPA"), which updated processes for the interception of
communications and other related investigative powers. While quite cumbersome, the long title for RIPA
provides a view into the scope of changes to the law: "An Act to make provision for and about the
interception of, communications, the acquisition and disclosure of data relating to communications, the
carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the
means by which electronic data protected by encryption or passwords may be decrypted or accessed; to
provide for the establishment of a tribunal with jurisdiction in relation to those matters, to entries on and
interferences with property or with wireless telegraphy and to the carrying out of their functions by the
Security Service, the Secret Intelligence Service and the Government Communications Headquarters;
and for connected purposes."
Likewise, in Canada, on June 18, 2009, the Technical Assistance for Law Enforcement in the 21st
Century Act was introduced and is currently pending in the House of Commons.5 If enacted, the Act will
require service providers to include interception capability in their networks and to supply basic subscriber
information (e.g., name, address, telephone number, IP address, e-mail address, service provider
identification and certain cell phone identifiers) to law enforcement agencies and the Canadian Security
Intelligence Service (CSIS) on request. According to the Canadian Public Safety Ministry, there currently
is no legislation specifically designed to require the provision of this information to police forces and CSIS
in a timely fashion.6 As a result, the practices of releasing this information to police forces and CSIS vary
across the country: some service providers release this information to law enforcement immediately upon
request; others provide it at their convenience, often following considerable delays; while others insist on
law enforcement obtaining search warrants before the information is disclosed.
U.S. Privacy Protections Meet or Exceed Those of Other
Countries
What may be the biggest surprise to those who are concerned about their privacy and the security of their
data is that the privacy protections in the United States – as they relate to government access – far
exceed those in Europe and they are quite comparable to the protections in Canada. The general
perception is that there are greater protections in the United States than in Europe regarding government
access to data; conversely, there are far better protections in Europe with regard to how corporate
businesses are allowed to handle their user data and a user’s personal information. For example, data
collected in the EU by businesses can only be used for the limited purpose for which it was collected and
cannot be transferred outside the EU, to the United States, unless the data's "owner" has given express
consent to do so – and only then under strict security rules – or for law enforcement purposes. (Many
believe this privacy regime hinders global business operations.)
In truth, the United States has a very mature and detailed legal regime for restricting government access
to data. Privacy protections begin with the U.S. Constitution and extend to federal and state laws
protecting health care and financial records, electronic communications, and other kinds of information.
Unfortunately, such things as the debate over the Patriot Act renewal have had a negative effect on
perceptions of data privacy and data security in the United States.
5
See Bill C-47, “An Act regulating telecommunications facilities to support investigations,” available at
http://www2.parl.gc.ca/HousePublications/Publication.aspx?Docid=4007628&file=4
6
Summary of Technical Assistance for Law Enforcement in the 21st Century Act, Canadian Public Safety
Ministry, June 18, 2009, available at http://www.publicsafety.gc.ca/media/nr/2009/nr20090618-1-eng.aspx
7
8. Another way to analyze the effectiveness of privacy protections is to compare the extent to which
individual countries access customer data. In this regard, the United States and Canada share a
comparable level of privacy protections and use of investigative powers to access data. European
countries are far more liberal with regard to investigators' access to data, and their procedures are far
less rigorous. This conclusion is based on independent reporting and analysis (see below).
One of the best barometers for judging respect for civil liberties and use of investigative powers to access
data is analysis of the use of lawful interception of communications by individual countries. Maintenance
of national statistics concerning interceptions is often mandated by national laws. (In the United States,
reports are not prepared by law enforcement; instead, the Administrative Office of the U.S. Courts
prepares them, as it gets its data from the individual courts that approve interception requests from law
enforcement.) In addition, the interception of the content of a communication is considered by many to be
the most egregious invasion of privacy and therefore countries' restraint (or lack thereof) in using this
technique is a powerful indicator for other, less monitored, investigative techniques. Through country
reporting, the following data is available for total number of annual interceptions:
Total Number of Interceptions
2001 2002 2003 2004 2005 2006 2007
Italy7 32,000 45,000 77,000 100,000 n/a n/a n/a
(est.)
Germany8 21,874 n/a n/a >30,000 42,508 35,329 n/a
U.S.9 1,405 1,273 1,367 1,633 1,694 1,714 2,119
Canada10 1,203 2,131 1,498 1,292 839 855 726
France11 n/a 4,654 n/a n/a n/a 5,985 n/a
U.K.12 1,445 1,605 1,983 1,973 2,407 1,435 2,026
7
Italian GSM provider warns: too many wiretaps, European Digital Rights, Feb. 24, 2005, available at
http://www.edri.org/edrigram/number3.4/wiretap
8
German court outlaws wiretapping without court order, European Digital Rights, Aug. 10, 2005, available
at http://www.edri.org/edrigram/number3.16/wiretapping; Paul M. Schwartz, Evaluating
Telecommunications Surveillance in Germany: The Lessons of the Max Planck Institute’s Study, 72 Geo.
Wash. L. Rev. 1244, 1255 (2004), available at http://www.paulschwartz.net/pdf/SchwartzGeoFinal.pdf;
Privacy International’s Privacy Profile for the Federal Republic of Germany, Dec. 18, 2007, available at
http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-559535
9
Annual Wiretap Reports of the Administrative Office of the United States Courts, available at
http://www.uscourts.gov/library/wiretap.html
10
Annual Report of the Canadian Minister of Public Safety and Emergency Preparedness on the Use of
Electronic Surveillance, 2007, available at http://www.publicsafety.gc.ca/abt/dpr/le/elecsur-07-
eng.aspx#s3; Annual Report of the Canadian Minister of Public Safety and Emergency Preparedness on
the Use of Electronic Surveillance, 2005, available at http://www.publicsafety.gc.ca/abt/dpr/le/elecsur_05-
eng.aspx
11
KEVIN M. KEENAN, INVASION OF PRIVACY 46 (ABC-CLIO 2005); Privacy International’s Privacy Profile for the
French Republic, Dec. 18, 2007, available at http://www.privacyinternational.org/article.shtml?
cmd[347]=x-347-559537
8
9. Because reporting of interceptions is not entirely uniform among countries, a 2003 study on
telecommunications surveillance by the Max Planck Institute in Germany created a common denominator
for comparison; it took the available statistics from 14 countries and calculated the number of surveillance
orders per 100,000 inhabitants13:
Surveillance Orders Per 100,000 Inhabitants, 1998-2000
(Max Planck Institute 2003 study)
Italy 76.0 surveillance orders per 100,000 inhabitants
Germany 15.0 surveillance orders per 100,000 inhabitants
UK 6.0 surveillance orders per 100,000 inhabitants
US 0.5 surveillance orders per 100,000 inhabitants
Canada 0.4 surveillance orders per 100,000 inhabitants
***
Summary
The USA PATRIOT Act is neither the savior nor demon it has been portrayed to be. Rather, it is a
collection of amendments to existing laws that seek to enhance public safety. In certain instances, law
enforcement's tasks are made easier and communications data is more readily accessible. Like all U.S.
laws, the Patriot Act applies equally to every company doing business in the United States – whether
12
Report of the Interception of Communications Commissioner for 2007, at 6, July 22, 2008, available at
http://www.official-documents.gov.uk/document/hc0708/hc09/0947/0947.pdf; Report of the Interception of
Communications Commissioner for 2006, at 13, Jan. 28, 2008, available at http://www.official-
documents.gov.uk/document/hc0708/hc02/0252/0252.pdf (the 2006 numbers above are from April 1,
2006 through December 31, 2006); Report of the Interception of Communications Commissioner for
2005-2006, at 19, Feb. 19, 2007, available at http://www.official-
documents.gov.uk/document/hc0607/hc03/0315/0315.pdf (the 2005 numbers above are from January 1,
2005 through March 31, 2006); Report of the Interception of Communications Commissioner for 2004, at
13, Nov. 3, 2005, available at http://www.statewatch.org/news/2005/nov/teltap-2004.pdf; Report of the
Interception of Communications Commissioner for 2003, at 11, July 22, 2004, available at
http://www.privacyinternational.org/countries/uk/surveillancecomm/ukinterceptrel2004.pdf; Report of the
Interception of Communications Commissioner for 2002, at 12, Sept. 9, 2003, available at
http://www.libertysecurity.org/IMG/pdf/2002report-of-uk-interception-comm.pdf; Report of the Interception
of Communications Commissioner for 2001, at 18, Oct. 31, 2002, available at http://www.archive2.official-
documents.co.uk/document/deps/hc/hc1243/1243.pdf
13
Source: Max Planck Institute 2003 study on telecommunications surveillance,
http://www.iuscrim.mpg.de/verlag/online/Band_115.pdf (in German); see also Paul M. Schwartz,
Evaluating Telecommunications Surveillance in Germany: The Lessons of the Max Planck Institute’s
Study, 72 Geo. Wash. L. Rev. 1244, 1255 (2004), available at
http://www.paulschwartz.net/pdf/SchwartzGeoFinal.pdf.
9
10. U.S.-based or not – and most developed countries have similar investigative powers that also reach every
company that conducts business within their borders.
10