On September 11th, 2001, the 9/11 hijackers orchestrated the deadliest terror attack to take place on American soil.
45 days later, President George Bush signed the USA Patriot Act into law, which expanded law enforcement's power to both surveil and investigate persons suspected of terrorism.
The Act has been considered a huge threat to privacy and individual liberties by digital rights groups ever since.
What is the Patriot Act?
The Patriot Act is a 300+ page document that passed through the US Congress with bipartisan support in 2001. Only one lawmaker voted against it in the Senate – Sen. Russ Feingold of Wisconsin – who feared the Act would encroach on civil liberties.
Not all of the stipulations in the Act relate to surveillance, nor is the US government and law enforcement's surveillance powers drawn solely from the Patriot Act.
*Corresponding sections of Patriot Act in brackets
Many aspects of the original Patriot Act were considered 'sunset provisions'. This means they had a set expiry date, and in the first case, it was 2005.
However, after much congressional debate, US lawmakers passed the USA Patriot and Terrorism Reauthorization Act in March in 2006. It included new provisions relating to the death penalty for terrorists and new powers to combat those who finance terrorism.
It also made 14 of the original sunset provisions permanent and extended the expiration date of section 202 and section 215 until 2009, the latter of which gave the government the power to demand public libraries turn over an individual's borrowing records. The 2006 reauthorization also extended the 'lone wolf' provision, which permitted law enforcement to investigate anyone they think might be a terrorist even if they have no known connection to a terrorist group (it is claimed this provision has never been used).
After a one-year extension ensured the Patriot Act was still legally binding in 2010, Barack Obama then signed the Patriot Sunsets Extension Act of 2011 in early 2012, elongating the expiry period for Section 215, the 'lone wolf' provision and laws surrounding roving wiretaps.
It was around this time Senator Ron Wyden first used the term "secret Patriots Act" on the floor of the Senate. This was his way of saying that he thought the federal government perceived the legislation to grant them more powers than it actually did, and American citizens were none the wiser.
Although the remaining sunset provisions were extended again until 2015, in 2013 the misuse of one of them, section 215, was exposed by a whistleblower in one of the biggest leaks in US law enforcement history.
National Security Letters
Despite being littered with sunset provisions, it's important to remember that much of the Act's provisions are permanent — the existence of some sunset provisions seems to have led some to conclude that all the powers in the Act expire and then have to be reauthorized over and over again.
In terms of permanent provisions, the 'National Security Letters' (NSLs) program legalized a search procedure that grants the FBI the authority to force banks, telephone companies, internet service providers, and others to hand over customer data and call logs without going through a surveillance court first. Although section 215 eventually came under heavier scrutiny, it was initially the NSLs that helped US law enforcement agencies obtain information.
The FBI didn't even bother using 215 for more than a year after the passage of the Patriot Act ... in at least one case, when the secret court refused an application for journalists' records on First Amendment grounds, the Bureau turned around and obtained the same data using National Security Letters
But by 2009, NSLs were being met with opposition from companies they were being used to subpoena.
The 2009-era resistance to National Security Letters spurred the bureau to rely on Section 215 and the Foreign Intelligence Surveillance Court for email and other records acquisition
Since then, law enforcement agencies have relied on a range of legislation to obtain personal information from citizens.
Section 215 and Edward Snowden
Ever since it was signed into law, the Patriot Act has been a major concern for US residents who want to preserve their online privacy. One initial gripe with the Act was that it deconstructs the system of checks and balances and the power the courts have to curtail abuses of power.
But by far the most controversial section of the Patriot Act has been section 215, also known as the 'business records provision'. The section granted the government expansive power to access public libraries and demand they turn over an individual's borrowing records. It also afforded the government the freedom to demand businesses hand over information on an individual who might be involved in terrorism-related activities.
Most famously, Section 215 was used by the NSA was to justify the collection of citizens' phone records, a practice famously exposed by Edward Snowden in 2013. The leaks showed companies such as Verizon were being forced to hand over telephone records on a daily basis without customers' consent.
Snowden was then forced to flee to Russia immediately after the Guardian published this information or he would have been arrested and imprisoned. He has recently been granted permanent asylum in the country.
Other Privacy Concerns
The bill also made amendments to the Electronic Communications Privacy Act 1968 (amended 1986 and 1994), which prohibited the wiretapping of phones without a court order and did away with the narrow criteria for such action.
Sections 201 and 202 added computer and terrorist crimes to the list of serious offenses that law enforcement could seek a court order to spy on.
Section 209 established that voice mail was not protected by the same few remaining safeguards governing telephone conversations. Instead, they were considered equivalent to email and telephone records, which have weaker protection status in relation to surveillance.
Section 210 added individual account numbers to records that could be obtained from a telecommunication or Internet service provider through a subpoena.
The USA Freedom Act of 2015
The USA Freedom Act of 2015 restored some and modified parts of the Patriot Act and barred the government from justifying the bulk collection of telecommunication records with section 215.
It did the same for collections under the National Security Letters provision, as well as forcing the government to request permission from the Foreign Intelligence Surveillance Court. The court was also instructed to make its major decisions public.
The Act was due to expire in 2019, but Donald Trump asked Congress to make three provisions of the Act permanent. Congress instead reauthorized the Act for three months. The legislature then agreed on reauthorization in March 2020, however, Trump threatened to veto it, which led to the indefinite postponement of the Senate's version of the bill.
Did the Patriot Act prevent terrorism?
In 2005, four years after the first Act was signed into law, the American Civil Liberties Union sent a 10-page letter to bill co-author Sen. Dianne Feinstein, detailing the abuses taking place under the law. One part of that letter read:
The Patriot Act 'updated' surveillance powers - but failed to 'update' the checks and balances needed to ensure those surveillance powers include proper judicial oversight
President Barack Obama has maintained that Section 215 was useful in conducting terrorist investigations, as do others:
We've stopped 28 terrorist attacks since 9/11 ... the Patriot Act has been a big part of that
But that sentiment doesn't completely square with the conclusions drawn by the Privacy and Civil Liberties Oversight Board when they reviewed the program the year after Edward Snowden's revelations:
We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.
They also said there was only a single case where the program contributed to the identity of a previously unknown terrorist subject, in which the subject was not planning a terrorist attack and there was 'reason' to think the FBI would have uncovered him, regardless.
The Patriot Act has proven to be one of the biggest threats to the privacy of US citizens over the past two decades. Despite starting life as a response to a horrific terrorist atrocity couched in the desire to protect, the provisions have fundamentally changed American citizens' attitudes to government surveillance as well as their own personal privacy.
The two key takeaways from the last two decades, in light of the fact the last sunset provisions expired this year, are as follows: The first is that despite the provisions expiring, it's unlikely that this is the last we'll see of the Patriot Act or legislation inspired by it. The second is that the Patriot Act, as intrusive as it is, has been merely one of many statutes that US law enforcement agencies have relied upon during the 21st century to surveil its citizens.
In 2023, if you're a US citizen, who knows what sort of legally binding demands from the government your internet service provider is either fending off or complying with? The answer isn't clear, and that's why technology like VPNs are becoming increasingly important. VPNs reroute all your traffic through a private server before it reaches the internet, so your internet history will be connected to the IP addresses of the servers, rather than yours. Check out our what is a VPN page for more details about how a VPN can help.
After a year that has seen creeping surveillance legislation imposed all around the world as countries scramble to deal with coronavirus, securing yourself online has become even more paramount.