EFF, EPIC, CDT, ACLU and Free Congress have drafted a bill that's been introduced by Senator Wyden today, for a new law called "The Citizens' Protection in Federal Databases Act." This is a hell of a law. It finds that various species of spooks are making avid use of commercial and governmental databases, merging them and aggregating them, without transparency, accountability, or any real understanding of the danger to civil liberties involved in this practice. Accordingly, it requires any Fed agency using non-Fed databases to cut it out and make a full report to Congress on who they're buying database and database-services from, what they're doing to preserve privacy, why they're doing what they're doing, and whether they actually have a realistic chance of catching any bad guys. And it calls into account Feds who abuse their authority and limits the kind of doomsday hypotheticals that can be used to justify such abuse.
We've spent the two years since September 11th writing blank checks to anyone who's got a good story about preventing terrorism through the wholesale abridgement of civil liberties, trading off freedom for the perception of safety. It's time that we called our civil servants to account on these scores — they've spent our money and our freedom, what did we get in return?
Each report shall include –
(A) a list of all contracts, memoranda of understanding, or other agreements entered into by the
department or agency, or any other national security, intelligence, or law enforcement element under
the jurisdiction of the department or agency for the
use of, access to, or analysis of databases that were
obtained from or remain under the control of a non-Federal entity, or that contain information that was
acquired initially by another department or agency
of the Federal Government for purposes other than
national security, intelligence, or law enforcement;(B) the duration and dollar amount of such
contracts;(C) the types of data contained in the databases
referred to in subparagraph (A);(D) the purposes for which such databases are
used, analyzed, or accessed;(E) the extent to which such databases are
used, analyzed, or accessed;(F) the extent to which information from such
databases is retained by the department or agency,
or any national security, intelligence, or law enforcement element under the jurisdiction of the department or agency, including how long the information
is retained and for what purpose;(G) a thorough description, in unclassified
form, of any methodologies being used or developed
by the department or agency, or any intelligence or
law enforcement element under the jurisdiction of
the department or agency, to search, access, or analyze such databases;(H) an assessment of the likely efficacy of such
methodologies in identifying or locating criminals,
terrorists, or terrorist groups, and in providing practically valuable predictive assessments of the plans,
intentions, or capabilities of criminals, terrorists, or
terrorist groups;
