The USA PATRIOT Act: An Analysis of Privacy in the Context of a Changing Definition of Security

The terrorist attacks of September 11, 2001, and the subsequent “war on terror” have created a divisive climate in terms of discussions of personal privacy and management of public information. One side of the issue supports limited privacy and retention of “sensitive” information in the interest of greater security and a means of defeating terrorism. The opposite side notes the loss of privacy and posits a “Big Brother” scenario. Regardless of the differing views, an infirm definition of privacy in the context of the evolution of the national security concept created conditions for a marked dissensus in privacy and information policy. Laws created in reaction to the terror attacks have compelled greater discussion of privacy law and illustrated fundamental alterations to the balance of power within the Federal government. In this paper I will consider the following questions: 1) How has the concept of national security evolved, especially with respect to information policy and the power of the executive branch? 2) What are the effects of the homeland security concept on privacy, particularly with regards to political dissent? 3) How have these changes affected the structure of privacy policy in the United States?

From “National Security” to “Homeland Security”

To understand how federal information policy has changed with recent events, it is helpful to understand some history behind the concept of national security and the ways in which the sense of national self has changed. The concept of national security in the United States is an expression of the idea of a national self that projects national defense into the realm of foreign policy. Scholarly discussions of U.S. foreign policy and national interests in the mid-1930's described foreign policy interests at the time to be primarily economic in scope. During the intervening years between World Wars One and Two, events occurring outside the borders of the nation were increasingly viewed as being directly pertinent to internal interests. A corresponding assertion held that the U.S. should have the ability to protect its internal values from external threats, and advocated the integration of American military power and foreign policy,1 a concept which came to be known as “national security” (Relyea, 2003).

The national security concept matured after the U.S. emerged from the Second World War into primarily an information restriction concept that attributed greater powers to the executive branch of government. The National Security Act of 1947 codified the national security concept and established a number of institutional structures for managing information that the executive thought to be sensitive to the cause of national security. In addition to specifying procedural methods, the executive branch of government controlled the new national security instruments: the Central Intelligence Agency, National Security Council, and a reorganized military. The public, as represented by the legislative branch, was largely removed from the decision process for determining what, exactly, constitutes national security2 (Relyea, 2003).

The interactions of the various security instruments soon came to define national security in terms of restraint of information. For example, classification of government information (e.g., “secret”, “top secret”) became a primary tool for determining the potential for accessibility of documents available outside and within the security apparatus. Furthermore, restriction of scientific research and the authorization of exceptions to patent law were implemented to protect against the hindrance of technological advancements considered to be in the interest of national security (Relyea, 2003). In each of these cases, the determination of what information is vital to national security originated from within the executive branch, and thus an increasing amount of government-generated information was removed from the scrutiny of the public.

Threats to the security of the United States came to be defined during the Cold War as both external and internal in nature, particularly as directed against the government. During the course of the Cold War, the primary external concerns to the security of the United States were related to various communist and socialist nations and insurgencies, particularly the Soviet Union and the Warsaw Pact states in Eastern Europe and conflicts in Eastern Asia. By the mid-1960's, domestic unrest over civil rights and Vietnam led many within the government to believe that foreign interests supported domestic dissent as well as traditional espionage. These sentiments defined the security of the nation in terms of security of the government, a definition that marks a shift of the idea of the national self from one that includes the nation at large to one that excludes the opinions of those who express dissent. The fundamental assumption supporting the redefinition of national self is that what is good for the government is good for the public (Flaherty, 1997, p. 173).

Although the attacks of September 11, 2001, did not change the fundamental definition of the security threat to the U.S., they provided the impetus for the conceptual shift from national security to “homeland security.” The homeland security concept maintains the idea of an exclusive national self and shares the characteristics of national security involving information restriction and executive authority. Furthermore, homeland security borrows from the civil defense concept in that both are related to imminent physical threats to the security of the nation (Relyea, 2002). The definition of the threats to national security remained essentially the same, but the decentralized and unconventional nature of the organizations which were considered to be responsible for the attacks validated and increased fears of domestic threats.

The most prominent embodiment of the homeland security concept is the USA PATRIOT Act of 20013 which, among other things, enacted measures to remove barriers to the cooperation of foreign and domestic intelligence activities, enhanced domestic surveillance, and deferred to the executive certain judicial proceedings for accused terrorists and selected foreign combatants. Additionally, the executive initiated a number of information policy changes in response to the attacks including major procedural restrictions to Freedom of Information Act requests, the wholesale removal of “sensitive” information from government Web sites, and new executive orders regarding the disposition of records created by previous administrations (Relyea, 2002). The political atmosphere that resulted from these measures removed from public view some of the actions of the government and consequently revived a “war-in-peace” mentality similar to that of the Cold War.

The USA PATRIOT Act and Privacy

Having examined the evolution of the homeland security concept we may now ask: how has the transition to homeland security affected privacy, particularly considering the redefined national self? One of the trends implied by the laws implemented under the homeland security concept is that individual privacy and security are necessarily opposed. The new powers of the executive branch give wide latitude for restricting the flow of information about the government, while increasing the amount of information that may be gathered by the government in the interest of security. The conflict between security and privacy is not a new one – for example, the Privacy Act of 1974 was a result of earlier concerns about privacy with respect to government's use of personal information.

Gellman provides the perspective that many of the changes caused by the PATRIOT Act are incremental and necessary for addressing the threat of terrorism (2002). The changes made by the act, he asserts, are mostly involved in extending existing intelligence authority and do not alter the scope or function of the majority of the privacy laws. Yet the speed with which the new measures were adopted has caused alarm for privacy advocates. Additionally, initiatives by the administration have demonstrated the willingness of the executive to continue making such incremental changes and to extend existing changes.4 On the other hand, proposed legislation would modify the original act, mostly in favor of limiting the powers that were originally granted.5 The debates conducted by the legislative branch suggest that the public is generally wary about actions by the executive that indicate preference for security over privacy and further suggest opportunistic motives.6

Gellman also asserts that the passage of the PATRIOT Act suggests that the public is willing to accept diminished privacy in order to deter terrorism (2002). It is plausible that fear and anger among the public following the September 11th attacks may be reflected in the provisions of the PATRIOT Act, but a number of incidents that occurred during the deliberations in Congress during the five-week lifespan of the act suggest that the opinion of the public had little direct effect on the proceedings. Access to the Congress was restricted due to anthrax attacks that occurred early in October, 2001, which effectively stopped for a period of time most postal and face-to-face communications between the public and their representatives.7 Furthermore, many of the deliberations were held in closed-door sessions in Congress. Finally, many legislators did not have sufficient opportunity to review the final text of the act before it was brought to vote (McCullagh, 2001 & E.F.F., 2001). These factors suggest that the attitudes of the public may not have been fully realized by the Congress while it drafted and reviewed the PATRIOT Act.

Some of the most important changes made by the PATRIOT Act regarding privacy and confidentiality of information involves the disclosure of various types of records. Title V, §507 and §508, grants the Justice Department authority to request access to records from educational institutions and the National Center for Educational Statistics (NCES) respectively. Each of these provisions requires that the investigating authority seeking access to the records does so for purposes of a terrorism investigation, and relieves personnel from the agency or institution of liability for the disclosure. The NCES provision is particularly interesting in that the new rules violate the privacy laws under which the NCES operates.8 The change now allows such records, originally collected in the understanding of confidentiality, to be used to assist federal investigations. This change will more than likely complicate collection of such data from voluntary providers in the future (Gellman, 2002). Similarly, a provision in Title II, §215, modifies the Foreign Intelligence Surveillance Act of 1978 to allow the FBI to clandestinely access private and business records and “tangible things” in the course of a terrorism investigation. Unlike the provisions in §507 and §508, access granted under §215 would prohibit disclosure about the occurrence of such access.

The records access provisions of the PATRIOT Act, particularly those of §215, grant significant new powers to law enforcement. Exceptions have been made, however, for prohibiting the investigation of people based solely on the exercise of First Amendment rights under the Constitution. Furthermore, Congress provides oversight of all attempts to access records. The warrants for such access, however, are issued by a secret court for charges of terrorism which are much more subjective than traditional criminal charges. The definition of what constitutes terrorist activity is malleable under law, and attempts have been made to redefine terrorism to such a lower standard that common crime could be considered terrorism.9 The danger of a shifting definition of terrorism is that many acts of dissent that involve incidents that might ordinarily be considered as common crime could instead be defined as terrorism and expose the participating groups to investigation under more powerful and less accountable law enforcement powers.

The Privacy Landscape

It is generally accepted that the balance of privacy and security has shifted, but what effect have the changes had on the structure of U.S. privacy policy? As a whole, the PATRIOT Act has lowered the privacy “baseline” in the United States, but privacy has certainly not disappeared. Continued shifting of the privacy baseline is made possible because of the nature of the American privacy law, which developed as a patchwork of laws and judicial discourse that essentially legalized existing practices. The primary federal privacy law, the Privacy Act of 1974, is based in the conceptual framework of the Fair Information Practices (FIPs), but in practice the law has unevenly applied FIPs across the public and private realms, and the law is often insufficiently supported by the agencies to which the law is applicable (Gellman, 1997). One of the problems is that the Privacy Act is applicable only to the executive branch, and no such similar measures exist for protecting privacy in the remainder of the Federal government or in the private sector. Another problem is that commercially maintained information is subject to an array of incomplete and conflicting sectoral laws. Inconsistent privacy standards for commodified information presents an irony in that security in this case could actually be compromised by less privacy.10 The undulating privacy landscape is confusing in itself without the added uncertainty due to security concerns. Therefore, it is difficult to discern what level of privacy Americans have had by law, let alone to be able to discern how it has changed and to what degree.


The problem is not that we have too much privacy or no privacy in the United States, it is that we do not have an adequate means of determining how much privacy we have or how much we should have. Absolute statements regarding the degree to which privacy and security are at odds does little to address inconsistent application of privacy law to both public and private information and to discern the degree to which our political system is responsive to the needs of both privacy and security. True national security may best be realized through policies that assure security for the nation as a whole, both in terms of personal privacy and reasonable procedures for law enforcement.


1From the perspectives of Charles A. Beard, Edward M. Earl, Arnold Wolfers, and Nicolas Spykman (Relyea, 2002, p. 214).

2Quotations: “[T[he cumulative effect... was one of giving the executive overwhelming latitude to determine national security and, accordingly, what actions could be appropriately taken regarding it.” (my emphasis) and “[E]very president since Truman has relied on two doctrines to justify executive initiatives to protect national security: inherent presidential power and posthoc congressional ratification.” (Relyea, 2002, p. 216)

3The full title is the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism” Act; PL 107-56, 115 Stat. 272 (2001).

4The administration, particularly the Justice Department, is an outspoken proponent of the USA PATRIOT Act. Attorney General John Ashcroft has been the most outspoken and has conducted promotional tours to increase support for the PATRIOT Act and similar legislation. The Justice Department sponsors a Web site for the purpose of supporting PATRIOT against dissenting views (Department of Justice, 2003). Finally, the Justice Department helped to draft legislation (“Domestic Security Enhancement Act”) in early 2003 that was quickly dubbed “PATRIOT-II” due to the prescriptions for greater FISA authority and removal of the FISA requirement for a terrorists to be identified with a foreign power (Library of Congress, 2003).

5Selected bills prescribing lesser or modified authority under USA PATRIOT and similar acts proposed in 2003: H.R. 3171 - “Benjamin Franklin True Patriot Act”; S.1552 - “Protecting the Rights of Individuals Act”; S.1695 - “‘PATRIOT Oversight Restoration Act of 2003”; S.1701 - “Reasonable Notice and Search Act”; S.1709 - “Security and Freedom Ensured Act of 2003” or the “SAFE Act”; S.609 - “Restoration of Freedom of Information Act of 2003” (Library of Congress, 2003).

6Regarding actions taken by key decision makers within the executive branch: “Some of the information restrictions are realistic responses to the attack and its uncertain aftermath. Other actions seem more like opportunistic moves to tether an ideological agenda to an overarching event.” (Feinberg, 2002, p. 266).

7The first contaminated letter was found on 15 October, 2001; ; USA PATRIOT was signed into law on October 26th.

8The NCES operates under the Department of Education and falls under the executive branch. The Privacy Act of 1974 applies specifically to all areas of the executive.

9For example, the State of Utah created statutes in 2001 to punish acts of “commercial terrorism” which closely resemble many common crimes of property and person, specifically “intent to... damage, deface, or destroy any property on the premises of the business; commit an assault on any person; or commit any other felony.” no specific mention is made of political intent as it would apply to the traditional definition of terrorism. The law allows exceptions under the Labor Relations Act and the First Amendemnt. (Utah Code, Title 76, Chapter 10, Sections 2401 & 2402;

Also, the definition of terrorist was expanded in draft legislation introduced in January 2003 named the “Domestic Security Enhancement Act of 2003” sought to remove the requirement that a terrorist be affiliated with a “foreign power”; Described in H.R. 3171, 108th Congress (Library of Congress, 2003).

10One may envision a situation where a terrorist organization obtains personal data for use in establishing false identities through indirect commercial transactions.


Electronic Frontier Foundation (E.F.F.) (2001). EFF analysis of the provisions of the USA PATRIOT Act that relate to online activities. Retrieved on 18 October, 2003 from

Feinberg, F.E. (2002). Homeland security: Implications for information policy and practice—first appraisal. Government Information Quarterly, 19(3), 265-288.

Flaherty, D. (1997). Controlling surveillance: Can privacy protection be made effective? In Agre, P. & Rotenburg, M. (Eds.), Technology and privacy: The new landscape (pp. 167-192). Cambridge, MA: MIT Press.

Gellman, R. (1997). Does privacy law work? In Agre, P. & Rotenburg, M. (Eds.), Technology and privacy: The new landscape (pp. 193-219). Cambridge, MA: MIT Press.

Gellman, R. (2002). Perspectives on privacy and terrorism. Government Information Quarterly, 19(3), 255-264.

McCullagh, D. (2001). USA Act stampedes through. Wired. Retrieved on 18 October, 2003, from,1294,47858,00.html

Relyea, H.C. (2002). Homeland security and information. Government Information Quarterly, 19(3), 213-223.

U.S. Department of Justice (2003). Preserving life and liberty. Retrieved on 16 October, 2003, from

U.S. Library of Congress (2003). Thomas – Legislative information on the Internet. Retrieved on 18 & 19 October, 2003, from