I was watching the evening news the other night, and was taken with a story about a cute nine-year-old boy who went to the city council in his little town of Severance, Colorado.
He was there to ask them to abolish the town’s 100-year-old ordinance that banned snowball fights. The boy’s polished presentation to the council won them over, and they voted unanimously in his favor!
Democracy and common sense prevailed.
This story called to my mind all the archaic and arcane laws that are on the books where I live. Some of them are complete nonsense. Others, if they were actually enforced, would certainly raise a backlash among all the “normal” people (the above-referenced story from Colorado did not report whether there had been any illegal snowball fights, or whether there had been any arrests made or citations issued).
After considering so many irrelevant laws, I came up with my own top-five favorites,:
#5. In my home state of Indiana, it’s illegal for bars to actually run drink specials during happy hour
#4. In Alabama, bear-wrestling matches are illegal
#3. In North Carolina, there is a statutory 5-hour limit on Bingo games
#2. Also from my home state, it’s illegal to sell cars on Sunday
#1. The U.S. PATRIOT Act
I include the Patriot Act because it has long been the subject of debates, arguments, and even fear, among the fundraising community. It has been a particular bane to our nonprofit friends in Canada and other countries who are trying to do business with companies located here in the US. Many of them are afraid to do business here because of it!
I’ve read up as much as I could on this subject, and have come up with a profound question:
While the Patriot Act is still on the books, is there anything left of it? Is it still relevant? Was it ever relevant?
The Patriot Act was passed in a big hurry by the US Congress on the heels of the infamous 9/11 terrorist attacks (incidentally, my first month of working in the nonprofit tech sector). Many of the Representatives and Senators who voted to pass the Patriot Act admitted that they never read any of it! But it seemed like the right thing to do, since America “needed to do something” to protect ourselves from future attacks.
Not surprisingly, most of the provisions of this hastily passed legislation failed to survive judicial scrutiny and were subsequently deemed to be in violation of the U.S. Constitution. So the act has been largely gutted for all intents and purposes.
Perhaps the most famous fight within the Patriot Act was over the government’s desire to perform “bulk surveillance” of phone activity, by mass-collecting metadata from phone service providers — in effect spying on all their customers. That proved to be unconstitutional, as well as wildly unpopular among most of us regular folks who like to use the phone.
But the Patriot Act provision that got the most attention in the nonprofit community was a provision to allow the FBI to demand access to private computer databases. Apparently, the FBI could come into your nonprofit and demand that you turn over access to all your supporter data. If your data was hosted in the cloud, maybe they could even go to your Internet Services Provider (ISP) and demand whole-cloth access to all their hosted data!
Because of this fear, many non-US nonprofits (understandably) refused to do business with any company whose data was hosted on US soil.
While I could find hardly any cases where the FBI actually tried to exercise this authority, it appears that the answer is “no, they can’t.”
Way back in 2004, the FBI demanded access to data from an Internet Service Provider who was hosting data for a library in Connecticut. (Why the library was under scrutiny by the FBI, I could not tell.) In any case, the library and its ISP challenged the FBI in court, they prevailed, and the FBI went away empty handed. This was a victory for the Library, and perhaps more importantly, for the Internet Service Provider who was charged with safeguarding their data.
If the federal government failed in its attempt to confiscate data from a library in Connecticut, it seems highly unlikely that they’re going have better luck trying to crack Amazon, or Google, or your local ISP or wherever your nonprofit data is stored.
So back to my earlier question: what is left of the Patriot Act, if anything? At the very least, two of its most profound provisions have been neutralized by our own courts.
To further push the implications of the Patriot Act into the margins of irrelevancy, President Trump has forced the issue of a new trade deal with our North American trading partners. What we knew as NAFTA has been replaced with the much cussed and discussed United States-Mexico-Canada Agreement (USMCA), or sometimes referred to as “the new NAFTA” (signed by all the heads of state, awaiting ratification by their legislative bodies).
While there is plenty to love and plenty to hate about this deal, the new agreement does pay some particular attention to the propriety of digital assets, and states specifically (in Article 19.12):
“No Party (country) shall require a covered person (business) to use or locate computing facilities in that Party’s territory as a condition for conducting business in that territory.”
This provision speaks to a former Canadian regulation that in fact required Canadian businesses to work only with service providers that hosted their data on Canadian soil. This regulation was enacted in direct response to the passage of the Patriot Act.
IT World Canada sums it up this way:
The digital trade section of the agreement – chapter 19 – limits requirements placed by the government on where data is stored or transferred. The federal government can’t require that data centers be located in Canada in order to conduct business in the country.
Over the past two years, many hyperscale cloud providers have created a Canadian region with data centres either in Toronto or Montreal in order to work with Canadian firms. Services such as Amazon Web Services, Microsoft Azure, Gloogle Cloud, and IBM Cloud are already established in Canada. But this provision could affect vendor’s policies on how they manage backups of customer data.
The agreement also says that the cross-border transfer of information shouldn’t be restricted, including personal information. However, there is wiggle room to create restrictions that could “achieve a public policy objective.”
While that requirement is no longer in effect, many nonprofits in Canada still adhere to it, though there appears to be no credible risk that their data could ever be seized by any government authority.
Maybe in the near future, when you google “arcane and stupid laws,” you’ll find the Patriot Act.
(Great news though — you won’t find the Colorado snowball fight ban on the list!)
DISCLAIMER: This article is for informational purposes only, and does not constitute professional legal advice. Please consult independent legal advice for information specific to your organization.