A federal court ruling last week nixing a post-September 11 law that allowed government agents to secretly obtain information from Internet service providers hasn't yet received much attention in the
online marketing world. But it should.
In many ways, the case was a significant win for both online businesses and Internet users.
The ruling, issued Sept. 29 by federal district judge
Victor Marrero, struck down provisions of a law that required Internet service providers to turn over information about individuals to government agents in response to so-called "national security
letters." The law authorizing national security letters stems from 1986, but was amended and broadened in October 2001 by the USA Patriot Act, which expanded a number of governmental powers in the
wake of the Sept. 11 2001 terrorist attacks.
As written, the law prohibited the providers from challenging the request in court, or from disclosing to anyone--including their own attorneys--that
an agent had even made the request.
In other words, once an FBI agent sent a national security letter to--say--America Online, AOL had no recourse but to comply, without even the option of going
before a judge and asking for court review.
While an Internet service provider did go to court this spring to challenge the law, doing so theoretically put the company at risk of violating the
law, said Arthur Eisenberg, a New York Civil Liberties Union lawyer who represented the company. In fact, because the company that challenged the law wasn't allowed to say it had received a national
security letter, the provider sued under the name "John Doe." Its identity is still secret.
Marrero found that the law violated both the constitutional prohibitions against unlawful searches and
seizures and the Internet service provider's free speech rights. Stunningly, he also found that the law potentially violates Internet users' free speech rights--even though no Internet subscribers
were part of the lawsuit. A national security letter, wrote Marrero, "may, in a given case, violate a subscriber's First Amendment privacy rights, as well as other legal rights, if judicial review is
not readily available." The opinion noted that other, pre-Sept. 11 government surveillance measures, such as wiretaps, require court authorization.
The decision comes at a time when online
businesses continue to face an uphill battle persuading consumers that their private information is safe. The ruling--although limited to specific surveillance provisions--is still seen by industry
observers as consumer-friendly for coming down on the side of protecting online privacy.
"It's probably as much a victory for consumers and businesses as privacy rights advocates," said privacy
maven Alan Chapell, president of Chapell Associates in New York, of the decision. Consumers, said Chapell, are "very concerned about identity theft or companies doing something that's malicious with
your data." To that extent, a ruling such as this one--which discourages consumer information from being used in a way the consumer didn't intend--instills user confidence.
The case also
demonstrates that at least one Internet service provider--albeit an anonymous one--was willing to go to bat to protect its users' privacy. When privacy is concerned, simply making an effort to protect
it might encourage customers. "Part of a good business model is robust protection of consumers' information," said Richard Purcell, chief executive officer of the consultancy Corporate Privacy Group
in Nordland, Wash. and Microsoft's former chief privacy officer.
Marrero stayed his decision for 90 days to give the government an opportunity to appeal.