Brewster Kahle offers a cookbook for fighting security letters

Just talked to Brewster Kahle at the Internet Archive about their successful settlement with the FBI of a lawsuit over a National Security Letter. The FBI had demanded personal information on a user; the Archive replied with a lawsuit challenging the propriety of the NSL. As part of the settlement, the Archive has been freed to talk about the case and to post the relevant documents. And that, Brewster said, is the biggest part of this victory:

What we wanted to do out of this was to leave a very public cookbook for how to push back. That was our goal in our negotiations with the FBI. We would not have settled without being able to talk about what the letters look like, how to push back and who to call.

Brewster Kahle, center, with, from left, Marcia Hoffman and Kurt Opsahl of EFF, Gordon Mohr of the Internet Archive, Ann Brick of the ACLU, and Tracey Jaquith of the Archive.

So, who to call? Call the ACLU and the EFF, Brewster said. "They will take your calls; they're world-class." And it's more than worth it to push back: "If you push back, the FBI has not only settled but they dont even ask for the information." So pushing back means libraries and businesses can fulfill their responsibilities to protect their patrons' and customers' information. The cookbook is on the EFF site in the form of the NSL itself, the Archive's response, all the court filings and the FBI's settlement letter. A National Security Letter is essentially a unilateral subpoena: there is no judicial review, recipients are under a gag order and threatened with a jail sentence for talking. This incident emphasizes to Brewster the importance of adopting a policy of minimal collection and retention of data.

Library reading records have been used over the ages for dragnet searches for politically undesirable people. Librarians are conscious of this history and have put in place principals to give us guidelines to push back on censorship and privacy invasions. We are now in the age of digital libraries and we need be sure we are true to the principles in this evolved world. Specifically, don't collect information that's not necessary for running the library.

The Archive simply does not collect IP addresses from users. "IP addreses and usage logs are the toxic waste of the digital age," he said. He called on the American Libraries Association and other libraries to adopt the practice and he called on private business to stop collecting and retaining usage logs for any longer than needed for business purposes. The most difficult aspect of the whole affair was the gag order, Brewster said.

I could not discuss this with the Archive board, staff or even my wife. The overhanging criminal penalties of a jail sentence made it very uncomfortable for me, but selling out our patrons' information was not an alternative. When I finally was able to tell the board and tell our staff and my family, they were universally extremely supportive. What I hope is that this help others to have the courage to be a librarian or to be a good businessman and not sell out their customers.

It is such an outrageous abuse of the Bill of Rights that the time has come for the next administration to Repeal the Patriot Act. "It was amended in 2006 to try keep them out of libraries, but it doesn't work," Brewster reports. It's a bad law whose time has passed.