Privacy Invasion

Spies Like US: Spies, Lies, Echelon, Economics, & People - S.L.E.E.P.

Privacy Page 2    Privacy Page 3    Privacy Page 4    Related Links

HR Bill 5018    Barr pleads the 4th    Reading Your Email    Carnivore "Eats" Everything

Patient Files Opened to Marketers, Fundraisers

New federal medical privacy regulations, touted by the Clinton administration as a landmark of patient protection, will for the first time explicitly permit doctors, hospitals, other health services and some of their business associates to use personal health records for marketing and fundraising.

The rules were included in the federal regulations after a months-long public relations effort by the industry. Under the exemptions, doctors, clinics, hospitals and others that normally have access to medical records -- along with business associates working under contract with them -- will be allowed to send out individualized health information and product promotions. A pregnant woman, for instance, could receive pitches about vitamins or infant health-care products. A patient who has been treated for sexually transmitted diseases could receive telemarketing calls offering condoms or new medicines.

The exemptions also give foundations affiliated with hospitals continued access to patient names, ages, addresses and telephone numbers for fundraising initiatives. Such foundations raise billions of dollars annually by soliciting patients and their families at medical facilities and at their homes.

Officials of the Department of Health and Human Services, the White House and some patient advocates said the new privacy regulations announced Dec. 20 stand as an important new bulwark against the misuse of patient information, notwithstanding the exemptions. When the rules fully take effect in two years, proponents said, patients will have a new right to access their own records; employers will be prohibited from receiving personal health data, except for the administration of health plans; and people who misuse private medical records, such as selling them, could face fines or prison.

In addition, any health-care provider or service that uses medical records will have to notify patients how they're doing so. Patients also will have the option of saying no to marketing or fundraising -- but only after they have been contacted at least once by a given entity. Gary Claxton, deputy assistant secretary for health policy at HHS, said the department deftly handled the complex task of protecting medical records while encouraging the flow of information to improve patient care.

"It's the best we could do and we think we did a good job," he said. "There's going to be a lot of discussion as this is implemented. If changes need to be made, they should be made." But consumer advocates and privacy specialists worry the exemptions will undermine the spirit of the rules and spur the use of confidential records for marketing by specifically allowing activity that in the past was often constrained by ethical or business concerns. Among other things, the regulations will permit pharmacies to share patients' prescription records with business associates to target patients with letters reminding them to take medicine, or to send them "educational materials" sponsored by drugmakers.

That sort of arrangement created a storm of controversy three years ago when it became public that CVS Corp., Giant Food Inc. and other pharmacies shared prescription information with a data-management company called Elensys for targeted mailings. CVS and Giant canceled the programs after customers complained. The new marketing and fundraising rules have "exploded the old notions of medical confidentiality and privacy," said Thomas Murray, a medical ethicist. "Your medical record was meant for your medical care," said Murray, president of the Hastings Center, a medical ethics research center in New York. "Now your medical record becomes a marketing tool."

Supporters of the new rules note that health-care providers now will have to determine that products provide a health benefit before making a contact with a patient. When contacting a patient, marketers and fundraisers will have to disclose the source of personal information, describe their financial benefit and explain why the individual was targeted for a promotion, officials said. Critics say that while patients will be allowed to say no to promotions after being contacted, they will have to reach out to each entity that has contacted them to exercise that right. "The rules are filled with virtual rights: You reach for them and they're often not there," said Robert Gellman, a lawyer and privacy consultant in the District, who has studied the regulations. "This authorizes a kind of behavior that was once viewed as unethical or improper."

Claxton, the HHS official, said officials faced the challenge of distinguishing between educational material about products and services that improve health, and marketing promotions sponsored by drug companies and others. Because the department concluded that getting health information to patients was so important, officials decided to be more flexible on the issue of marketing than the draft released in 1999, as long as health-care providers meet guidelines for disclosure and give patients the ability to opt out, among other things.

"What is communication for health care, and what is marketing? Sometimes they're the same thing," Claxton said, adding that department officials believe that doctors, hospitals and others still will be constrained from doing anything that might offend patients. Claxton said industry pressure played no role in the decision to include exemptions for marketing and fundraising. He said he maintained contact with some key groups that supported the changes as part of the normal regulatory process. Those groups included the American Hospital Association, the Association for Healthcare Philanthropy, pharmacy benefit managers, insurers and consumers.

The company that worked with CVS and Giant, now known as Adheris, urged regulators in comments on the draft proposal not to require pharmacies to get "prior authorization" from patients to use prescription information for targeted mailings. Industry leaders acknowledged pressing for changes to the draft regulation, which would have proscribed many fundraising and marketing initiatives allowed under the final rules. Among the most aggressive groups was the Association for Healthcare Philanthropy. Its members raised nearly $6 billion in fiscal 1998 for construction projects, to buy equipment, run programs and so on.

The group wrote letters to HHS, met several times with regulators and as recently as December participated in conference calls with them to clarify issues. They turned to Rep. Ellen Tauscher (D-Calif.), among others on Capitol Hill, saying a staffer called HHS officials on their behalf. The association became so aggressive about the issue that department officials told it to tone things down, according to officials in the department and the group. "We stopped doing that because HHS said, 'Hey, we got it. We got your message,' " said William C. McGinly, the association's president and chief executive.

In the end, they got what they wanted -- access to patient information without having to get permission from patients first. "AHP Announces VICTORY! Patient Privacy Regs Favorable to Health Care Philanthropy," said the group's press release. "By pulling together a public relations specialist, a lobbying expert, writers and others to analyze the draft regs, comment, communicate to the press, meet and educate the staff and members of key Congressional committees and others, we were able to see that AHP was heard on this issue," the press release said.

The provisions don't sit well with critics, who contend that patients ought to have a right to say no upfront to uses of their medical records that do not have a direct bearing on health care. Some critics also may be urging states to write tougher rules of their own. "Once they have open access, where else does it go? It is too big a loophole," said Sen. Patrick J. Leahy (D-Vt.), who may pursue legislation on the matter. "In the digital age, any loophole is bigger than it looks."


FBI Documents Show Carnivore Can 'Eat' Everything

The FBI's controversial e-mail surveillance tool, known as Carnivore, can retrieve all communications that go through an Internet service far more than FBI officials have said it does a recent test of its potential sweep found, according to bureau documents.

An FBI official involved with the test stressed Friday that although Carnivore has the ability to grab a large quantity of e-mails and Web communications, current law and specific court orders restrict its use. Nevertheless, privacy experts said they are worried about the breadth of Carnivore's capability and questioned why the FBI even conducted such a test in June if it intends to use the tool only for narrow purposes.

"That really contradicts the explanation that the FBI has provided as to the purpose of the system and how it works," said David Sobel, general counsel for the Washington-based Electronic Privacy Information Center. "We've been led to believe that the purpose of Carnivore is to filter and pinpoint the particular communications that the FBI is authorized to obtain. If that's true, then why are they testing the system's ability to store and archive everything?" Sobel's group recently obtained the FBI documents providing the test results as part of litigation it brought under the Freedom of Information Act.

In the lab report, FBI officials said Carnivore "could reliably capture and archive all unfiltered traffic to the internal hard drive" and could save the information on removable high-capacity disks as well. Marcus Thomas, head of the FBI's cybertechnology section, said in an interview with The Associated Press that the test was only done to check Carnivore's "breaking point." He said the tool wouldn't be used to capture broad swaths of Internet communications in a real-world situation.

Thomas was one of the FBI agents who approved the lab report. "Certainly, in operation, you could set the filters up to do nothing," Thomas said. "But our procedures are very detailed, we'll only do what we're allowed to in a court order."

The difference of opinion is the latest in what has become a debate between Carnivore's capabilities and its actual use. While law enforcement officials have admitted that Carnivore can capture much more than e-mail, including Internet chats and Web browsing, FBI officials insist it is only used to copy e-mail to or from a criminal suspect in accordance with a court order.

Opponents say the "black box" nature of the system keeps the public from knowing what it can really do, and its installation at an Internet provider may cause network problems. The Electronic Privacy Information Center started receiving batches of Carnivore-related material in October, after a court ordered the FBI to release the information.

EPIC representatives said they have received about 550 pages so far, and expect to get only about 30 percent of the 3,000 documents related to Carnivore. Most of the release documents have large portions blacked out. FBI officials say Carnivore has been used in about 25 cases, most involving national security.

Congress considered several measures this year to rein in Carnivore, but none survived. Lawmakers have said that they may consider measures again next year. An independent review of Carnivore was ordered by Attorney General Janet Reno, and that report was due to be received by the Justice Department on Friday, Justice spokeswoman Chris Watney said.

Watney said the report is expected to be released to the public early next week, after it is edited to eliminate references to Carnivore's internal blueprints and other sensitive material.


Strong Privacy Bill Approved by House Judiciary Committee 

The House Judiciary Committee on September 26 approved legislation to strengthen privacy protections governing law enforcement surveillance. The bill, H.R. 5018, sponsored by Rep. Charles Canady, was approved on a strong 20-1 vote. It would increase to probable cause the standard for government access to location information on wireless phone users, increase the standard for use of pen registers that collect transactional information, extend the statutory exclusion rule to electronic communications, and require a warrant for government seizure of read or unread email stored with a service provider for up to one year.

Go here for the rest of the story: CDT


Big Brother Is Reading Your E-Mail

You're not paranoid. Big Brother really can read your e-mail.

For a little more than a year, the Federal Bureau of Investigation has been using a computer system code-named Carnivore to read the e-mails of suspected criminals, the FBI said Tuesday.

Carnivore can scan millions of e-mails a second, and FBI agents have praised its crime-fighting power, but privacy advocates say the machine scares them because it could let the government spy on all online activities, from e-mail to banking and shopping.

The FBI revealed the system two weeks ago to "a roomful of astonished industry specialists," the Wall Street Journal reported Tuesday. The FBI says it has used the new snooping device in less than 100 criminal cases, mostly to track hackers, but also in counter-terrorism and drug-trafficking cases.

Carnivore, an off-the-shelf PC, is so named because it is designed to get at "the meat" of sought-after information. Agents take the machine directly to the offices of an Internet service provider (ISP). There they leave it in a locked cage, typically for about 45 days, making daily visits to retrieve captured data e-mail sent to or from a suspect.

Like the more common phone tap, Internet taps must be authorized by court order.

Is Carnivore Too Hungry?

Critics say Carnivore gives the Feds too much access to private information.

"This is more of a vacuum-cleaner type approach it apparently rifles through everything," David Sobel, general counsel for the Electronic Privacy Information Center, told "It's potentially much more invasive than telephone surveillance."

Carnivore in theory could process all the e-mail that passes through the ISP not just messages sent to or from the suspect. Critics say that's like snooping on all the phones in a neighborhood to zero in on one phone.

One unidentified ISP put up a legal fight against Carnivore early this year but lost, according to the Journal.

The FBI says Carnivore is used much more surgically than that and only reads the e-mail of the target and that messages belonging to those not being probed, even if criminal, would not be admissible in court.

"The volume of e-mail in a location is generally fairly small, and being managed by a small number of e-mail servers on a fairly low-speed network," said Marcus Thomas, chief of the FBI's cyber technology section. "The system is not unlike "sniffers" used within the networks every day."

But Sobel likened Carnivore to Russia's surveillance system, called "SORM," which all Russian ISPs are required to install in order to facilitate government snooping.

He also compared it to Echelon, the U.S. National Security Administration's system, which intercepts telecommunications transmissions from around the world and sifts through them for keywords that could describe illegal activity.

The American Civil Liberties Union was drafting a letter to Congress Tuesday demanding an investigation, an ACLU spokeswoman said. Sobel agreed that Congress should hold hearings on Carnivore to "ask some questions and get some answers," he said.

"Carnivore is really the latest indication of a very aggressive stance that the Bureau is taking in collecting as much information as technically possible," he said.

FBI spokesman Paul Bresson said law-abiding citizens would be protected, not violated by Carnivore. "Anytime we develop a system, we're basically balancing the interests of national security against that of the privacy of the public," he said. "This issue's always gonna come up, we're always gonna get questions, we understand that."


Barr pleads the Fourth Representative fights proposed search-and-seizure provisions

Members of Congress are expressing outrage after Department of Justice and FBI lobbyists tucked an unseen provision into an anti-drug bill that expands their power to conduct "black bag" jobs, allowing them to enter homes, conduct searches and seize certain items without telling anyone.

Congressional critics and civil liberty advocates are charging that the measure, part of the Methamphetamine Anti-Proliferation Act ( HR 2987, S. 486), would be in direct violation of the Fourth Amendment.

The bill, which was approved by the Senate on Nov. 19 by unanimous consent, is scheduled to be considered by the full House Judiciary Committee this morning. One committee member, Rep. Bob Barr, R-Ga., told WorldNetDaily that he intends to offer an amendment to remove the offending sections of the bill.

According to Barr, even though the changes would come from an anti-drug bill, the provisions in question would apply to virtually any search conducted by the federal government.

"This isn't dealing with just drug investigations; it changes the section in the U.S. Code that deals with federal warrant notice and inventory requirements," he said. "That's the primary reason I object to it, because it affects all criminal law."

Current law requires federal agents to announce their presence before entering a premise and to provide an inventory of confiscated items at the time that they are seized. But buried at the end of the "Defeat Meth Act" lies Section 6, entitled "Notice Clarification," which would allow searches of homes, vehicles and workplaces without any notice. The provision would also allow federal law enforcement officials to make copies of "intangible" items, such as computer drives and financial documents, for future examination without ever informing the person subject to the search that the items had been seized.

Another section of the bill would relieve agents from giving property owners subject to the secret searches an inventory of seized items -- leaving citizens completely blind to the government's actions.

"This bill would gut the Fourth Amendment, because how can a person challenge a warrant if they never find out about it until after the harm has been done?" questioned David Kopel, research director for the Independence Institute and a leading constitutional scholar.

Barr said he became aware of the bill's provisions late last week and began to contact other congressional members to organize an effort to strip out the offending portions when the bill comes before the Judiciary Committee for mark-up today. His efforts face an uphill battle because Rep. Chris Cannon, R-Utah, the bill's House sponsor, and Sen. Orrin Hatch, R-Utah, the chairman of the powerful Senate Judiciary Committee, are defending the provisions as necessary for law enforcement officials to conduct their duties.

He also said that he was surprised to learn that the exact same provisions were included in a bankruptcy reform bill, HR 833, that passed both houses earlier this year and is currently being considered by a conference committee.

"We're talking with the conference committee members to get it removed from the bankruptcy bill. They met on Thursday evening and discussed it," he said. "We're remaining hopeful, but nothing has been finalized yet."

Barr, a former federal prosecutor, also sharply criticized the Justice Department and FBI for burying the far-reaching measures in an unrelated bill.

"This is typical behavior from the DOJ and the FBI on these types of issues. Rather than having a fair and open hearing where members can weigh the proposal on its merits, they go to one of their allies in either house and have it slipped in a bill," he said. "That's certainly not the way to conduct business when you're dealing with people's civil liberties."

Kopel echoed those sentiments, saying that the FBI has difficulty trying to pass liberty-eroding legislation.

"They're sneaking it into a bill because they know it can't stand the scrutiny of public inquiry," said Kopel. "They understand the American public would not be happy if they found out that their civil liberties are under assault from the very people charged with defending the Constitution."

This is not the first time that the Justice Department has resorted to covert tactics to implement unpopular measures. In the last few hours of the 1994 session, for instance, Congress enacted the Communications Assistance for Law Enforcement Act, which required telephone firms to configure their equipment to make it easier to wiretap the nation's communication systems. The law passed over strong opposition from civil liberties organizations after the FBI promised telephone companies $500 million to help pay for the equipment upgrades.

The FBI used a similar tactic in the last days of the 1998 session, when it was able to drop roving wiretap language into the Intelligence Authorization Act of 1999, authorizing law enforcement agencies to tap telephones used by or near targeted individuals rather than requiring authorization to tap specific phones. The insertion, made by Rep. Bill McCollum, R-Fla., happened during a conference committee after both houses had already voted on the bill, despite the fact that the very same measure had been rejected by both houses when it was offered as an amendment to the 1996 Anti-Terrorism bill.

Despite these setbacks, Kopel remains hopeful, yet cautious, as he sees an increasing awareness by citizens of the attacks on their constitutional rights.

"The defenders of civil liberties are more numerous and energetic than ever before, with the ability to reach out in broad coalitions across the conservative-liberal spectrum," he said, noting that the ACLU had joined in the fight against the "Defeat Met Act" provisions.

"If a man's home is his castle, this secret search provision is a tunnel under the moat," said Marv Johnson, legislative counsel for the ACLU's Washington, D.C., office.

Last week the ACLU and the National Association of Criminal Defense Attorneys sent a joint letter to members of the House Judiciary Committee requesting that the secret search provision be removed from the bill.

"It's a good thing that we're starting to see this groundswell," said Kopel, "because no president since Woodrow Wilson has been so hostile to civil liberties and the Constitution as Bill Clinton."


Want more information:


Last update: March 22, 2005