Section 106 of the Anti-Terrorism Act of 2001 deals with intercepting "computer trespasser" communications. If the operator of a "protected computer" -- an Internet service provider -- believes someone is accessing the system without permission, the operator can ask federal investigators for help.
That assistance would involve wiretapping the intruder's communications without any judicial oversight, said John Podesta, a law professor at Georgetown University.
"If they're wrong about whether that person is actually a 'trespasser,' if they're a legitimate user, (other wiretap restrictions) apply," Podesta said. "This is a quite a big loophole in the basic scheme of having someone outside the investigative chain, a federal magistrate or judge, take a second, quiet look and see what's going on."
Lawmakers should be very careful in considering the bill, he said. The dangers of such a change in the law make the "computer trespasser" section an excellent candidate for a "sunset provision," where the change would expire after a set time.
The section's definition of accessing a computer without authorization is very loose, said James Dempsey, deputy director of the Center for Democracy and Technology.
It's so vague it could conceivably cover people illegally downloading copyrighted material, he said.
"We sort of glossed over it at first, and others did too," Dempsey said. "But the more we look at this, the broader it is. This provision has very little if anything to do with terrorism; it's an anti-hacker provision. How you draft this is extremely difficult, and (the right way) is not there in this proposal."
The Internet Caucus leadership also voiced opposition to the bill.
Rep. Bob Goodlatte, R-Va., said the bill hasn't achieved the proper balance between improving investigators' tools and preserving civil liberties, especially where the Net is concerned.
One area where the administration took the right stance, Goodlatte said, is on encryption -- the software that scrambles e-mail and other communication to protect it from hackers and others.
The Justice Department proposal doesn't mention it, he said, but he's worried about a Senate proposal would mandate "key escrow." This would involve encryption vendors storing the instructions for defeating their products with a third party, and a judge would release the key to investigators who show probable cause.
"The location where these keys are kept, and the feed from the (vendors) to where the keys are kept, would become a major, major target of terrorists and hackers," Goodlatte said. "Osama bin Laden is not going to escrow his keys, law-abiding citizens will and will be more vulnerable to attack."
Sen. Conrad Burns, R-Mont., another caucus leader, said trying to cap technology growth would be counterproductive. Instead, law enforcement tools should be carefully brought up to speed with today's technology, he said. Relaxing judicial control of wiretaps would be a step down the wrong path.
"We can do worse to ourselves in the heat of the moment, or the emotions of the times, by passing bad legislation that would affect us more, and for a longer time, than what the terrorists can do," Burns said.
Rep. Rick Boucher, D-Va., said attempts to expand less-intrusive wiretaps on phone numbers and addressing information, called "pen registers" or "trap and trace," would directly impact Internet users.
Such tools require less judicial review, he said, but could potentially provide investigators with glimpses of Web surfing activities that would otherwise require a full wiretap.
Boucher suggested any changes to pen register authorizations should explicitly exclude the content of any message, including the subject line of an e-mail.
Viet Dinh, assistant attorney general for legal policy at the Department of Justice, later said the department has inserted that sort of language into the administration's bill.