The USA PATRIOT Act marked its 10th anniversary last week, making this a good time to reflect on what the counter-terrorism law has meant to our constitutional democracy, individual freedoms and businesses. While recognizing with gratitude that we have been relatively safe from terrorism on our home soil for the past decade, we also have to acknowledge that some of the liberties we strive to protect have taken a hit. This isn't an academic discussion--the act's impact has touched not only lofty notions like the right to privacy and freedom of speech, but also very mundane matters, such as the adoption of cloud computing.

We have to start by recalling that our lawmakers passed the Patriot Act in a near hysteria in the aftermath of the Sept. 11, 2001 terrorist attacks. There were two lawmakers (Sen. Patrick Leahy, D-Vt. and Sen. Russ Feingold, D-Wis.) who made every effort to convince cooler heads to prevail, but the vast majority were all too easily pressured by the George W. Bush Administration into agreeing, with almost no debate, to inflate law enforcement's investigative and surveillance powers.

Realizing they were moving more or less blindly into uncharted territory, lawmakers added in sunset dates so the more controversial provisions could be reconsidered at a calmer time.

A thorough reconsideration really hasn't taken place, however, and the way in which the Patriot Act has been used and misused over the past decade has put a dent in the freedoms that it was intended to protect. We have no way of knowing, however, just how big the dent is. Lawmakers failed to establish the accountability requirements that must accompany such expanded police powers, and some of the most powerful tools the act gave law enforcement are accompanied by gag orders.

The Patriot Act expanded the FBI's authority to use National Security Letters, which allow the bureau to obtain information without a warrant or any judicial review of any kind. Perhaps you're familiar with one of these letters--last year, more than 24,000 NSLs were issued. They can be issued to get information not only from banks and telecom carriers, but also from insurance companies, travel agencies, casinos, pawn brokers, auto dealerships, boat dealerships, real estate agents and more. If you are a recipient, you are prohibited from telling anyone else about it (except in connection with seeking legal advice).

This isn't merely a philosophical burden. As Nicholas Merrill is prepared to tell you, it is very real: Merrill is living his eighth year under a gag order that accompanied an NSL the FBI handed him in 2004.

The owner of a small Internet service provider at the time, Merrill was ordered by the FBI to hand over information about a client. Rather than complying, he told the American Civil Liberties Union about it and filed a constitutional challenge in court. The government settled with him in August 2010, and he was permitted to reveal himself publicly in connection with the case, but he still can't discuss the facts of the NSL. In an op-ed published in The Washington Post last week, Merrill wrote that he believes the gag order "was motivated by a desire to insulate the FBI from public criticism and oversight."

In a similar double whammy, the Patriot Act's Section 215 expanded the FBI's "Access to Certain Business Records for Foreign Intelligence and International Terrorism Investigations." Under Section 215, the FBI can get a warrant for someone's business records, educational records, medical records and library records--or "any tangible things (including books, records, papers, documents, and other items)"--simply by claiming that the information may be related to an ongoing terrorism investigation or intelligence activity. The bureau does not even have to show probable cause. But here's the really bad part: If you are served with this type of warrant, you cannot tell anyone about it. It simultaneously eats away at the right to privacy and the right to free speech.

Last week, the Electronic Frontier Foundation and the ACLU each filed a lawsuit to compel the Department of Justice (including the FBI) to release information about requests made under Section 215 authority. The groups voiced concern that the FBI has expanded Section 215 power even beyond what is already known.

We haven't heard much from IT leaders in the United States about the Patriot Act's impact (and I don't blame you), but IT leaders in Europe have made it clear that safeguarding confidential data remains important to them, even during a war on terror. Over the summer, the Financial Times reported that European IT chiefs are reluctant to work with U.S. cloud service providers because they are worried that data stored by the provider could be handed over to the U.S. government. They voiced particular concern that they may not even be notified by the provider if this were to happen. The European Data Protection Directive requires that users be informed if personal information is disclosed, but U.S. providers have said that the Patriot Act would trump the directive.

Certainly nobody disagrees that when the country is confronted with new and terrifying threats, the government will likely need new powers to combat them. In a democracy, though, those powers need to be checked and balanced. It's time to think through the Patriot Act more calmly, recognizing that the war on terror is not going away any time soon and that it should not be waged in such a way as to defeat the cause it aims to serve.

When some of the more controversial provisions of the act came up for renewal in May, Sen. Ron Wyden, D-Ore., argued on the Senate floor that the government's interpretation of the law could be dramatically different from our assumptions. "When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry," Wyden told his colleagues. Shouldn't we be stunned and angry already? - Caron