USA Patriot Act of 2001
The “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism” Act consists of ten separate titles (sections), most of which have “sunset” provisions. It provided the following changes to existing laws affecting Higher Education:
Family Education Records Privacy Act (FERPA)
If a federal official obtains a court order relevant to a terrorist investigation, the law now requires that an educational institution must turn over the requested records without the student’s consent, effectively extending the “health and safety” FERPA provisions already in place. The institution need not maintain a record of the disclosure. This change is not subject to the “sunset” provision of the Act.
Foreign Intelligence Surveillance Act (FISA)
A federal agency, with a court order, can obtain business records regarding an investigation of “internal terrorism or other clandestine intelligence activities” if the investigation is not of a US person on the basis of activities protected by the 1st amendment. (Lowering the FISA Court standard for approval.) There is also a requirement prohibiting the record keeper from disclosing the request to anyone other than those persons necessary to produce the records.
Electronic Communications Privacy Act (ECPA)
A law enforcement “rubber stamp” subpoena (e.g., much easier to obtain) and “emergency disclosure” provisions are new exceptions to ECPA, along with a computer trespass provision that makes it legal for a network owner/operator to ask for federal law enforcement investigation of a computer abuse situation, without them having to obtain any other authorization (i.e., subpoena).
USA Patriot Act and the University of Iowa
Terrorism/Rubber Stamping:
…should someone representing themselves as an agent in law enforcement ask you to provide the content of electronic communication, or information about users of, or traffic on, the University of Iowa network, with or without written authorization, contact the IT Security Officer (5-6332) or University Chief Information Officer (CIO), who will make the necessary communication to the Office of the General Counsel.
Emergency Disclosure:
…if you should access electronic information which you believe is an emergency situation involving immediate danger of death or serious physical injury, contact the Department of Public Safety (DPS - call 911) immediately. After relating the information to DPS, contact the IT Security Officer or University Chief Information Officer (CIO).
Computer Trespass:
… anyone who knows or believes their system(s) have been compromised by a computer trespasser and who wishes to have law enforcement investigate, should first report the situation to the IT Security Officer or University CIO, who in consultation with General Counsel, will determine if a law enforcement investigation is appropriate. See the University’s IT Security Incident Escalation Policy.