PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Surveillance

As many of the recent revelations of government surveillance and information gathering are revealing, government agencies such as the FBI and NSA are violating the law. Recently, the DOJ investigation into the FBI’s use of NSLs reveals many violations of law. So where are the penalties?

In the latest surveillance scandal, the FBI says that it is sorry. According to the New York Times:

Mr. Mueller embraced responsibility for the lapses, detailed in a report by the inspector general of the Justice Department, and promised to do everything he could to avoid repeating them. . . .

Mr. Mueller left open the possibility that some F.B.I. employees might be disciplined for their errors involving national security letters. In response to a question, he said there had been “no discussion” on whether he should step down.

One of the problems with the law is that it doesn’t say much with regard to penalties for NSLs. When the FBI contravenes the law, is the only sanction that they must apologize, appear contrite, and say that they might possibly discipline a few folks? The law provides extraordinary powers to the FBI when it comes to NSLs, and these are issued in tense situations of national security, so it is predictable that overzealousness and abuses might occur. That’s why the law needs to be more than a guideline. It needs enforcement teeth.

Another interesting aspect of the NSL provision in the Electronic Communications Privacy Act, 18 U.S.C. § 2709, is that it doesn’t appear to specify any penalties for Internet Service Providers that don’t comply. The statute says that an ISP “shall comply” with an NSL and it imposes a gag order. But what’s the penalty for not complying? The statute doesn’t appear to specify one. Does anybody know what the penalty is?

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01