Attorney General John Ashcroft has kicked off a road show, a 10-day, 20-stop tour to bolster flagging support for the USA PATRIOT Act and promote an as-yet unintroduced piece of legislation called the VICTORY Act. The NCC Privacy Group has recently obtained a draft copy of the VICTORY legislation, and it has some chilling implications for consumer privacy.

The full name of the VICTORY Act is the "Vital Interdiction of Criminal Terrorist Organizations Act of 2003," and like the "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorists" (USA PATRIOT) Act, it is a grab bag of enhanced police-state powers only tangentially related to its bombastic and acronymic title. It is Title V of the VICTORY Act that has the most direct effects on consumer privacy.

Section 503 grants the Attorney General the power to issue "administrative subpoenas" in investigations related to the extremely broad definition of "terrorism" instituted in the USA PATRIOT Act. (An "administrative subpoena" is like a search warrant automatically issued by the Clerk of Court, except without the bother of having a judge sign off on it.) This investigatory power of the DoJ includes the ability to subpoena consumer data from a business. And if so ordered by the Court, the business would not be able to tell anyone about the subpoena for 90 days. Infinite 90-day extensions of this time limit are also available.

This power would be very analogous to the USA PATRIOT Act search warrants issued by the secret FISA court. The House of Representatives has voted to defund enforcement of such warrants on bookstores and libraries.

Section 504 of the VICTORY Act basically lays out the same power for "fugitive" investigations with 30-day instead of 90-day intervals of secrecy orders. Section 504 specifically mentions subpoenaing consumer records from telecommunication companies, Internet service providers, and financial service firms such as banks.

And both sections grant civil immunity to businesses and their employees, who would be immune from civil liability for cooperating with the subpoena without challenging it, even if the administrative subpoena is found unconstitutional. This would override contractual agreements between consumers and businesses such as the business' privacy policy. So if a company's privacy policy is to resist potentially illegal or unconstitutional subpoenas in order to protect their customers' privacy, that company can ignore that policy and still be immune from civil litigation by the customer.

Section 505 of the VICTORY Act touches less on consumer privacy issues per se, but is another helpful illustration of how government often aggregates to itself powers to invade privacy that the private sector does not. Section 505 would change the rules by giving the Justice Department broad "judge-shopping" in getting warrants for wiretaps, allowing for petitions not just to judges but to those pseudo-judges known as "magistrates."

The VICTORY Act is said to be subject to further revision over the August recess. But if the provisions granting greater government access to consumer data and the nullification of consumer-business privacy contracts stand, its sponsors and supporters will all stand as Privacy Villains.

government surveillance

medical privacy

financial privacy

online privacy

News | Press Releases | Online Privacy Tools | Privacy Principles | Experts | Links
About NCC | About Consumer Alert | Contact Us | NCC Privacy Home