• by Wendy Davis  @wendyndavis, October 4, 2004

A federal court ruling last week nixing a post-September 11 law that allowed government agents to secretly obtain information from Internet service providers hasn't yet received much attention in the online marketing world. But it should.

In many ways, the case was a significant win for both online businesses and Internet users.

The ruling, issued Sept. 29 by federal district judge Victor Marrero, struck down provisions of a law that required Internet service providers to turn over information about individuals to government agents in response to so-called "national security letters." The law authorizing national security letters stems from 1986, but was amended and broadened in October 2001 by the USA Patriot Act, which expanded a number of governmental powers in the wake of the Sept. 11 2001 terrorist attacks.

As written, the law prohibited the providers from challenging the request in court, or from disclosing to anyone--including their own attorneys--that an agent had even made the request.

In other words, once an FBI agent sent a national security letter to--say--America Online, AOL had no recourse but to comply, without even the option of going before a judge and asking for court review.

While an Internet service provider did go to court this spring to challenge the law, doing so theoretically put the company at risk of violating the law, said Arthur Eisenberg, a New York Civil Liberties Union lawyer who represented the company. In fact, because the company that challenged the law wasn't allowed to say it had received a national security letter, the provider sued under the name "John Doe." Its identity is still secret.

Marrero found that the law violated both the constitutional prohibitions against unlawful searches and seizures and the Internet service provider's free speech rights. Stunningly, he also found that the law potentially violates Internet users' free speech rights--even though no Internet subscribers were part of the lawsuit. A national security letter, wrote Marrero, "may, in a given case, violate a subscriber's First Amendment privacy rights, as well as other legal rights, if judicial review is not readily available." The opinion noted that other, pre-Sept. 11 government surveillance measures, such as wiretaps, require court authorization.

The decision comes at a time when online businesses continue to face an uphill battle persuading consumers that their private information is safe. The ruling--although limited to specific surveillance provisions--is still seen by industry observers as consumer-friendly for coming down on the side of protecting online privacy.

"It's probably as much a victory for consumers and businesses as privacy rights advocates," said privacy maven Alan Chapell, president of Chapell Associates in New York, of the decision. Consumers, said Chapell, are "very concerned about identity theft or companies doing something that's malicious with your data." To that extent, a ruling such as this one--which discourages consumer information from being used in a way the consumer didn't intend--instills user confidence.

The case also demonstrates that at least one Internet service provider--albeit an anonymous one--was willing to go to bat to protect its users' privacy. When privacy is concerned, simply making an effort to protect it might encourage customers. "Part of a good business model is robust protection of consumers' information," said Richard Purcell, chief executive officer of the consultancy Corporate Privacy Group in Nordland, Wash. and Microsoft's former chief privacy officer.

Marrero stayed his decision for 90 days to give the government an opportunity to appeal.