Ashcroft proposes vast new surveillance powers

Sweeping new US anti-terrorism bill


A sweeping new anti-terrorism bill drafted by the Justice Department would dramatically increase government electronic surveillance and data collection abilities, and impose the first-ever federal criminal penalties for using encryption in the U.S.

A draft of the Domestic Security Enhancement Act of 2003 dated January 9th was obtained by the non-partisan Center for Public Integrity and released Friday. The 120-page proposal would further expand many of the surveillance powers Congress granted federal law enforcement in the USA-PATRIOT Act in 2001, while increasing the secrecy surrounding some government functions.

The Justice Department hasn't released the proposal publicly, nor has it been formally submitted to lawmakers, but a legislative "control sheet" attached to the bill [pdf] indicates that review copies were sent to Speaker of the House Dennis Hastert, and Vice President Richard Cheney last month. In a written statement Friday, a Justice Department spokesperson said it would be "premature to speculate on any future decisions, particularly ideas or proposals that are still being discussed at staff levels."

Civil liberties groups are already calling the bill "Patriot II".

"I just don't know where to start, it's just expanding everything," says Lee Tien, staff attorney at the Electronic Frontier Foundation. "When this hits the Hill there's going to be a lot more talk about what's going on, as opposed to the Patriot Act, where Congress just went on the government's say-so."

One provision in the bill would represent America's first domestic regulation of encryption, though it would apply only to those already attempting to commit a federal crime.

The new law against "Unlawful use of encryption" would establish prison terms for anyone who "knowingly and willfully uses encryption technology to conceal any incriminating communication" relating to a federal crime that they're committing, or attempting to commit. Offenders would face up to ten years in prison, in addition to the jail time the underlying crime carries, if any. A Justice Department analysis included with the proposal suggests that the illegal encrypting carry a mandatory minimum term of five years in prison.

Similar language has appeared in other government proposals dating back to the mid-1990's. But as encryption becomes more integrated into everyday Internet use, the idea of establishing a special punishment for using crypto borders on the ludicrous, says Tien. "As more and more Internet communications use encryption, it's going to be the default... It's like saying if you use a payphone you should go to jail."

Other provisions in the bill would:

Allow a federal judge in one part of the country to issue a search warrant for a location in another part of the country in cases involving the suspected financing of terrorist organizations, attacks on critical infrastructure, or computer crime. The USA-PATRIOT Act allowed such inter-jurisdictional searches only in terrorism cases.

Eliminate the requirement that federal agents issue a subpoena or obtain a court order to access someone's credit report. Under the bill, agents would only need to certify that they will use the information "in connection with their duties to enforce federal law" to secretly gain access to a consumer's credit profile.

Expand grand jury secrecy rules to apply to witnesses, allowing prosecutors to order ordinary citizens not to divulge the existence of a grand jury investigation, or their own testimony, to anyone except an attorney. Current grand jury secrecy rules apply only to jurors, prosecutors and courtroom staff.

Permit federal agents to monitor both voice and Internet communications from a target's Web-enabled cell phone, and to access the contents of the device's memory, with a single court order

Expand the Foreign Intelligence Surveillance Act that governs U.S. spying on foreign nationals, and make it easy for agents to share foreign intelligence information with criminal investigators.

Many of the over 100 changes to federal law proposed in the bill don't involve the Internet. Among other things, the Domestic Security Enhancement Act would codify the Justice Department's position that the government doesn't have to identify detainees held in terrorism investigations unless they're charged with a crime. Another provision would expand a federal DNA databases of suspected terrorists. The bill would also strip some suspected American terrorists of their citizenship.

© SecurityFocus Online


Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022