Jacob Hill, A.C. Buehler Library at Elmhurst College
Johanna Delaney, Hinsdale Public Library Board of Trustees
It could be anybody in your library; the student who reserves the same study room every week. A teenager who is always requesting DVDs that are not in the system. That retiree who consistently requests help filling out FOIA forms. Suddenly you’re staring at an official document naming that person as central to an investigation by a United States government law enforcement agency. In circumstances such as these, YOU would be compelled to compile and submit patron records. These types of investigative requests fall under the USA PATRIOT Act, and compliance is mandatory. Information can include anything and everything related to a person’s library “footprint,” such as computer usage documentation, circulation data, print records, internet histories, and interlibrary loan requests.
Provisions of the USA PATRIOT Act can potentially affect any librarian in America. It doesn’t matter what kind of library, or what kind of services are provided, or how we feel about government investigations; when a formal request is received, there is a legal obligation to disclose the relevant information available. Additionally, due to “gag order” provisions in the statutes, a librarian who receives an order under the USA PATRIOT Act is prohibited from discussing the issue with anyone other than a library’s attorney and staff who would assist in fulfilling the request. Anyone who violates such a gag order could face severe penalties.
What does this mean for libraries? How do we proceed if presented with an order under the Act? The following is an overview of the current USA PATRIOT Act and a brief summary of procedural recommendations from the American Library Association (ALA).
The Patriot Act Today
More than ten years after it was enacted, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001—i.e., the USA PATRIOT Act (herein also "the PATRIOT Act" or "the Act")—remains in full force and effect and relevant to public, private, and academic libraries. Originally enacted in the wake of the attacks of September 11, 2001, the PATRIOT Act amended a variety of federal statutes to expand the power of law enforcement officials to gain access to business, medical, educational, and library records and to monitor telephone communications, public computers, and internet traffic. Although the Act has been criticized by the ALA, the American Civil Liberties Union (ACLU), and legislators who are concerned about the potential for abusive invasions of privacy under the Act, it has survived such criticism as well as a number of challenges in federal court.
For libraries, Sections 215 and 505 of the PATRIOT Act are particularly pertinent. Section 215 allows FBI agents to present a library with an order issued ex parte (from one party) by a Foreign Intelligence Surveillance Court (FISC) "requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities."1 Under such an order, a library may be required to produce not only documents but also computer files and hard drives. Furthermore, Section 215 prohibits a librarian from discussing a FISC order with the patron who is under investigation. Under Section 215’s gag order provision, a librarian may only discuss the FISC order with (1) another staff member for the purposes of producing the subject material and (2) an attorney whose advice is sought regarding the order.
Under Section 505 of the Patriot Act, the FBI may issue "National Security Letters" (NSLs), requiring records of electronic communications from any library or library consortium that is deemed to be a "wire or electronic communications service provider."2 Unlike an order that is issued under Section 215 of the Patriot Act, the issuance of an NSL is not subject to judicial oversight. Rather, the FBI may issue an NSL simply based on a claim that the "records sought are relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities."3 In addition, a gag order provision like that in Section 215 restricts the disclosure of any information regarding the NSL, and anyone convicted of violating the gag order faces up to five years in prison.
Importantly, both Sections 215 and 505 provide that investigations of United States citizens may not be conducted solely on the basis of activities that are protected under the First Amendment of the Constitution. Furthermore, due to concerns about the potential for abuse, Sections 215 and 505 were originally subject to “sunset” provisions that allowed them to expire unless expressly re-authorized by Congress. Despite the objections of the ALA and others, however, Section 215 was most recently re-authorized in 2011 until 2014. And in 2006, Section 505 was made a permanent federal statute.
Challenges to the PATRIOT ACT
Amendments to the Act passed in 2006 allow for challenges to the validity of FISC orders and NSLs and their accompanying gag orders. Any such challenges are subject to strict legal standards, however, which may effectively bar most actions. To date, lawsuits challenging orders under the PATRIOT Act have had minor effects. Most recently in July 2012, a cellular phone service provider challenged the constitutionality of a National Security Letter it received in a United States District Court.4 This is only the fourth time NSL statutes have been been significantly challenged (the first ruling, Doe vs. Ashcroft , resulted in increased Congressional oversight of aggregate NSL requests5), so it remains to be seen what might develop in the years ahead.
Protecting Patron Privacy under the PATRIOT Act
Although the American Library Association's Code of Ethics6 and Illinois Law7 impose upon librarians an affirmative duty to protect the privacy of patrons and the confidentiality of library records, if presented with a legitimate FISC order or NSL, librarians are compelled to turn over to law enforcement officials whatever documents, etc., are specified. Nevertheless, in complying with such an order or NSL, a library must continue to protect patron privacy and the confidentiality of records to the extent possible under the law.
Accordingly, as a matter of course, every library should:
- Adopt policies to ensure patron privacy and the confidentiality of records.
- Designate a staff member to be in charge of handling any law enforcement requests (generally the library director or a supervising librarian).
- Avoid creating unnecessary records and avoid retaining records "that are not needed for efficient operation of the library."8
- Adopt specific procedures that are to be followed if presented with a FISC order or NSL under the PATRIOT Act. For guidance see Confidentiality and Coping with Law Enforcement Inquiries: Guidelines for the Library and Its Staff, on the ALA website (http://www.ala.org/offices/oif/ifissues/confidentiality).
- Ensure that all staff members are familiar with library policies and procedures regarding patron privacy in general and FISC orders and NSLs under the PATRIOT Act in particular.
According to the Electronic Privacy Information Center (http://www.epic.org), there have been over 250,000 NSL requests since 2002—to place this number in context, prior to the USA PATRIOT Act, there had been a cumulative total of 8,500 requests. Although numbers are down from the 2003-2006 time period, there were still 16,511 requests in 2011. In addition, 1,745 FISA applications were approved in 2011, none of which were rejected by authorizing authorities. This figure reflects a 10.5 percent increase in applications over the previous year.9 It is clear that both FISA and NSL orders will remain a part of the Justice Department’s toolkit for years to come, and imperative that we remain informed on these topics.
Special thanks to Deborah Caldwell-Stone, deputy director of the ALA Office for Intellectual Freedom, for her assistance with this article.