FC: SEC is creating Net-surveillance system, and a response

[Declan McCullagh <declan () well com>]

SEC's Plan to Snoop for Crime on Web Sparks a Debate Over Privacy
28 Mar 2000
By Michael Moss
Staff Reporter of The Wall Street Journal

The Securities and Exchange Commission is moving
to create an automated surveillance system that
would scour the Internet for people who violate
securities law. The agency has begun receiving
proposals from vendors, who have conducted trial
runs in recent weeks.

But even before it gets under way, the
multimillion-dollar project is running into
trouble on privacy grounds.

The mechanism would monitor public Web sites,
message boards and chat groups. Anything deemed
suspicious -- like the phrase "get rich quick" --
would be copied into a database, analyzed and then
indexed for use by SEC investigators in bringing
civil proceedings against people suspected of
wrongdoing, according to the project-contractor
solicitation.

The SEC also wants to grab e-mail addresses and
other identifying information that would help
unmask message writers and Web-site owners who try
to remain anonymous.

Other federal agencies might develop their own
automated surveillance, the contracting records
indicate. "For us it's a very exciting prospect,"
says Phyllis J. Cela, acting director of
enforcement at the Commodity Futures Trading
Commission, which has begun talking to vendors.

But after reviewing the documents and holding
discussions with SEC officials, one invited
bidder, PricewaterhouseCoopers LLP, advised the
agency that it would not participate because the
endeavor might impinge on constitutional
protections against unlawful search and seizure.
Its chief concern: Innocent people would end up in
the database. "We had serious concerns about the
implications for the privacy of individuals on the
Web, and the implications for businesses on the
Web," says Beth Trent, a director who leads the
firm's Internet compliance unit.

[...]

In compiling Internet messages, the SEC says,
"Contractor shall include the following minimum
information pertaining to each indexed message:
the date of posting; title line; the groups to
which posted; nature of discussions; and the
disclosed affiliation, user name and e-mail
addresses of individuals posting information." The
contractor also has to make the database
accessible online to as many as 50 SEC staffers at
one time, and take steps to prevent unauthorized
access.

[...]






---------- Forwarded message ----------
Date: Tue, 28 Mar 2000 14:23:02 -0500
From: "Alexander, Brad" <Brad.Alexander () mail house gov>
Subject: SEC Online Surveillance
^A
The letter below responds to reports by the Wall Street Journal today
describing an SEC online monitoring plan that would sift the Internet for
key words, and save content containing them for enforcement action.

-- Brad Alexander
Communications Director, Rep. Barr
202-225-2931

March 28, 2000

Mr. Arthur Levitt, Jr.
Chairman
Securities and Exchange Commission
450 5th St NW
Washington, D.C.  20001-2739

IN RE: Online Fraud Monitoring

Dear Chairman Levitt:

As a Member of the House Banking and Financial Services Committee, I write
to express my concern with reports that the Securities and Exchange
Commission (SEC) plans to implement an automated system for monitoring
Internet speech on a massive scale.  In light of the serious constitutional,
legal and policy questions raised by such a system, I urge you to reconsider
this plan.

To use an analogy based on current practices, the fact that telephones may
be used to commit fraud does not entitle the FCC, the FBI, or the SEC to
engage in wholesale monitoring of all telephone conversations.  Instead, you
are required to go before a court, meet constitutional and statutory
requirements for a warrant, and listen only to specific conversations
pursuant to the court's order.  This system may seem inconvenient to you at
times, but it has done a remarkably good job of protecting the privacy of
American citizens without unduly hampering law enforcement.  It is difficult
to argue we should discard it, and adopt a new system of widespread
monitoring, simply because new technologies make such monitoring possible.

The system you are reportedly contemplating would turn current practices
upside down by monitoring large portions of online speech without a court
order, and sifting through that speech for items of interest to your or some
other federal agency.  Engaging in such a wide level of monitoring will have
a chilling effect on free speech online.  Furthermore, it seems likely
experienced criminals can easily avoid such well-publicized and widespread
monitoring, by simply encrypting their data or conducting business from
offshore havens.

While I understand the need to prevent securities fraud, federal agents
should not be allowed to sift through the conversations of millions of
innocent parties in order to do so.  I urge you to reconsider this plan and
adopt a system that is narrower in scope, and complies fully with
constitutional guarantees, as well as existing statutory protections.

With kind regards, I am,

very truly yours,

Bob Barr
Member of Congress


--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
--------------------------------------------------------------------------