Patriot Tact — A Better Way to Prevent Crime in Libraries

[This is a letter sent to the Boston Globe in response to the horrid Op-Ed contribution “When Librarians protect terrorists” by Richard L. Cravatts on February 6th, 2006. I called the paper to see what follow-up they planned on this, but learned nothing. This is obviously much too long to be a letter, now. I’ve added some links here for your viewing pleasure.]

There is most certainly a balance to be struck between security and liberty, but it is impossible to seek balance unless one is standing firmly on a set of facts.

Richard Cravatts subjected your readers to a harangue about the Newton Free Library and its fidelity to the rule of law. He paints such stalwarts as having "a misunderstanding of both Section 215 of the Patriot Act as well as the protections provided in the Constitution’s Fourth Amendment." It might have been a nice touch if Mr. Cravatts had actually explained Section 215. That the editors failed to steer him in that direction is perhaps a violation of the Eighth Amendment– cruel and unusual punishment for a hapless hack contributor to your opinions page.

I looked up the Patriot Act online (H.R. 3162 of 2001). Section 215(b)(2)(b) clearly states that the FBI can a special warrant via the FISA court to “obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities." I also found that the ACLU has listed many concerns about the wide latitude of interpretability of the various clauses, but not this one.

"International terrorism"– missing from the breezy account of the showdown at Homer Street was the precise words the FBI used to describe how the bomb threat to Brandeis University extended beyond our shores. Judging by the White House’s recent forced clarifications about the distinction between international and domestic, it is clear that international would have to involve one party not being in the United States. This was inter-city, and at most inter-area-code.

Others could argue the legal case better– but the FBI didn’t. Last week they conceded to the Newton TAB that this wasn’t an emergency, and their spokeswoman even went as far to say that the Patriot Act was not involved. For her part, Library Director Kathy Glick-Weil explained that there were would have been no question of the library’s offering help had it been a real emergency.

Perhaps a point can be made about possible efforts to improve the technology and not the law.

Mr. Cravatts complains about the ten hours that elapsed while the FBI petitioned a judge for that artifact of 18th century mindset, the search warrant. But he fails to consider the more critical three hours from the time the threatining email was received. The Newton TAB account reported that the email was received at 11am, but its provenance was not decoded until almost 2pm.

If civil society is truly interested in seeking to maintain an acceptable level of public safety– and I’ll change to the first person plural at this point– we should insist on a service for our email similar to *57 for our phones (which sends instant trace information to law enforcement). At present, a recipient of an email of indeterminant source needs to find the X-Originating-IP header, but as this is an obsure technical detail hidden by most software programs, and thus harder to recall in a high-stress situation. This returns a numerical address which would then be looked up in the domain name service to retrieve the hostname, and from there on to figure out where geographically the computer is. That this can be forged by a wily hacker does not change the reality that it is often not by the average nut in a library. Curiously, this originating IP is stripped away by the fast-growing GMail service from the “don’t be evil” Internet company, Google. Incidentally, such a design choice also confounds spam blockers.

With such a working "email traceback" system, law enforcement would take some giant steps forward. The recipient of an email would one- or two-click send this to law enforcement ("Are you sure you want to report this email?") who should take no time at all to give a friendly call to the probable location ("We have reason to believe that someone at workstation 23 just sent a email threat from that computer.") Certainly this system would need more design to prevent abuse; librarians (and cybercafe owners) needn’t be deputized into regular law enforcement. Still, I submit that such a system is preferable to having a patrol show up three hours after the fact, looking to confiscate computers.

Just because we can build control into our software doesn’t mean we should install too much control, as the foremost scholar of Internet law, Lawrence Lessig, has articulated. But we should be cognizant of the mininum that can be done in order to match the public safety already afforded by the telephone systems. Improving the trace facilities of email would preclude the Patriot Act for a little more patriot tact in these circumstances.

Update: Two letters from librarians in Wednesday’s paper take issue with Cravatts’s piece. But neither points out that the underlying premise is completely wrong.

The damage has been done: it’s been picked up by the National Review Online and the Free Republic and amplified outwards to the rest of the wingers.

Update February 16th: A response from the Newton Mayor and the Library Directory finally appeared in the form of an op-ed in the Globe. Why did it take ten days, when it took myself and other supporters one day? They didn’t point out that the FBI exonerated them, but that should be the Globe’s responsibility. Ombudsmen Richard Chacon has not gotten back to me. Though I did quiz a veteran Globe reporter this weekend, who admitted that the issue has been discussed around the newsroom about fact-checking in Op-Ed’s in general.