Byron Tau – journalist and author of Means of Control, How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State – discusses the details of his investigative reporting with Liza Goitein, senior director of the Brennan Center for Justice's Liberty & National Security Program, and Gene Schaerr, general counsel of the Project for Privacy and Surveillance Accountability.
Byron explains what he has learned about the shadowy world of government surveillance, including how federal agencies purchase Americans’ most personal and sensitive information from shadowy data brokers. He then asks Liza and Gene about reform proposals now before Congress in the FISA Section 702 debate, and how they would rein in these practices. Just as the government hates encryption, so too does it hate encryption’s physical analogue in the form of safety deposit boxes.
The mere existence of US Private Vaults – a company in Beverly Hills that could not reveal customers’ names because it did not collect them and could not open the vaults it provided because it did not keep duplicate keys – was prima facie evidence to the FBI of wrongdoing. Seeking to expose what it believed would be a nest of drug dealer cash, the FBI persuaded a magistrate to allow agents to open these vaults with the express purpose of checking the identities of account holders on sheets taped to the inside of the vault’s safety deposit boxes. FBI agents took this warrant as an excuse to seize assets over $5,000 – though the owners were charged with no crime. In 2021, Reason documented in stills taken from surveillance footage how agents rampaged through the vaults and boxes in a frenzy, ripping open a heavy-duty envelope full of gold coins kept by an 80-year-old woman for her retirement savings. Coins fell to the floor, which the FBI cannot account for now. Some $2,000 in cash seemingly “disappeared.” The woman and other victims, with the help of the Institute for Justice, mounted a class-action lawsuit against the FBI. While US Private Vaults later pled guilty to money laundering charges, these plaintiffs had a host of mundane reasons for turning to its services. Reasons varied from distrust of the stability of banks during the Covid era, to transferring assets from a bank in a wildfire zone, to finding that safety deposit boxes at other institutions had long waiting lists. The Ninth Circuit unanimously reversed a lower court verdict and rebuked the FBI for a lawless search. Judge Milan Smith Jr. said the government had opened the door to the “limitless searches of an individual’s personal belongings” reminiscent of the agents of the British crown in ransacking colonial America. The Ninth’s strong stand for the Fourth Amendment is good news. But, as we have seen in governments’ war on encryption, there is a mindset shared by many in law enforcement that something private is inherently suspicious and worthy of warrantless examination. “I Have to Pull Down My Pants in Order to Exercise a Constitutional Right"When Joseph Kamenshchik, an attorney in Nassau County, New York, sought a pistol license from the Nassau County Police Department, he faced an application process he described as “subjective, duplicative, overly broad and burdensome.” One requirement was for Kamenshchik to be subjected to a urinalysis test to screen for illicit drug abuse.
“I have to pull down my pants in order to exercise a constitutional right,” Kamenshchik told Samantha Max of non-profit news site Gothamist. Officials also demanded a list of Kamenshchik’s social media accounts. Ever since the U.S. Supreme Court struck down New York State’s restrictive gun permitting scheme in 2020 (New York State Rifle & Pistol Association Inc. v. Bruen), officials in that state have thrown up one roadblock after another in the application process, in an apparent effort to discourage New Yorkers from becoming legal, licensed gunowners. One state judge on Long Island didn’t buy that the state’s process was constitutionally justified. Justice James P. McCormack ruled that the Nassau County Police Department cannot require Kamenshchik to undergo testing of his urine or be forced to turn over a list of his social media accounts. “Irreparable harm exists because Kamenshchik is being denied a constitutional right,” Justice McCormack ruled. We would add that in fact two constitutional rights were violated – the imposition of an unreasonable search contrary to the Fourth Amendment, as well as discouragement of the exercise of Second Amendment rights. Even reasonable conditions for applicants in New York State are being applied in an unreasonable manner. The judge’s order asks the county to explain why it takes up to eight months to fingerprint an applicant. Justice McCormack declared: “This court wanted, and continues to want, an explanation as to why it takes so long, and why fingerprinting cannot take place at any precinct (like it can and does for other reasons.) Absent a valid reason, the court could be constrained to find the wait unreasonable and unconstitutional.” Officials in New York have every right to conduct background checks of applicants, as well as to have their fingerprints on file. But their actions show that it is their disagreement with the Supreme Court’s ruling that inspires the slow-walking of gun permit applications. Such practices veer perilously close to the old Confederacy’s doctrine of nullification. Most of all, imposing an unreasonable search of an applicant’s body chemistry or asking for access to all his or her social media activities shows blatant disrespect for the spirit and perhaps the letter of the Fourth Amendment. End-to-end encryption, in which only the sender and recipient have access to a message, is the saving grace of the online world, the last little bit of privacy most of us can expect to have in this era of near-ubiquitous surveillance. Tens of billions of encrypted messages are sent every day between users of WhatsApp, Signal, Apple’s iMessage and many other apps.
The central importance of encryption to privacy is described in an amicus brief by the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation, Mozilla, and several other activist groups and corporations. They stand in opposition to a preliminary injunction request by Nevada Attorney General Aaron Ford in his lawsuit to stop Meta from launching a new encrypted version of its Messenger app, ostensibly because it would pose a new threat to the safety of children. The facts are on Meta’s side. End-to-end encryption has been an optional feature of Messenger for eight years. Attorney General Ford ignores the host of other encrypted services millions of Americans use, singling out Meta as a test case. If he were to succeed in breaking open Messenger’s encryption, the attorney general would in essence be setting a precedent for the nation, maybe even for the world. The clear and passionate language of the civil liberties amicus brief gets to the heart of what is at stake: “Society has long recognized that people thrive when we have the ability to engage in private, unmonitored conversations. Sharing confidences enables people to form friendships and intimate relationships, obtain information about sensitive matters, and construct different identities depending on the audience. We know this from our own lives, whether engaging in pillow talk, meeting a friend for a walk, or forming an invitation-only club. Important, human things happen when we can be confident that no one is listening in.” Nothing about end-to-end encryption prevents law enforcement from accessing the message from either the recipient or the sender. But preventing companies from providing security, as the Nevada AG seeks to do, creates security risks from bad actors, including both criminals and government officials who would abuse their power by illegally accessing messages. The brief quotes respected child protection organizations that encrypted channels protect children from violent family members, stalkers, and predators, and in parts of the world where there is armed conflict. Hackers in 2015 stole five million customer details from a children’s technology and toy firm, including sensitive information. Because these chats between parents and children were unencrypted, the leak gave criminals the names, ages, and addresses of millions of children. The amici also write of just how onslaughts against privacy, like that of the Nevada Attorney General, break with American tradition. They write: “In any other era, a claim that government may obligate us to record and preserve our conversations, just in case investigators wanted to review them later, would be laughably ridiculous. It would simply have been beyond the pale to suggest that people could be required to record their conversations in a language that law enforcement could readily understand and access. Basic conversational privacy was assumed, and rightly so.” Legal precedent is also on the side of civil liberties. The Ninth Circuit recognized encryption’s importance “to reclaim some portion of the privacy we have lost” 25 years ago in rejecting the U.S. government’s export restrictions on strong cryptography. (See EFF on Bernstein v. Department of Justice) While advocates of privacy have a solid chance of prevailing in state court in Las Vegas, encryption is endangered across the pond by Section 122 of the United Kingdom’s Online Safety Act, passed in late 2023. The law requires companies to use technology that would scan users’ messages to make sure they are not transmitting illegal content, like Child Sexual Abuse Material. Doing this without breaking end-to-end encryption is currently impossible. The UK’s internet regulator, Ofcom, has relented in requiring content monitoring, for now, for the simple reason that such technology does not yet exist. With developments in AI, however, it might come sooner than we think. Matthew Hodgson, CEO of Element, told WIRED, that such scanning tech would undermine encryption and provide “a mechanism where bad actors of any kind could compromise the scanning system in order to steal the data flying around the place.” Anti-encryption regulators only to need to win in one jurisdiction to threaten the viability of encryption globally, from women and children hiding from abusive situations to dissidents living in dictatorships. From London to Las Vegas, encryption – and privacy – are at risk. “We Don’t Need a Warrant" A federal class-action lawsuit in Brooklyn claims that caseworkers from New York City’s Administration for Children’s Services use lies, coercive techniques, and threats to gain entry into homes without a court order.
The plaintiffs tell a chilling story in their filing. “One night, without warning, a mother in New York City hears a knock on the door. Her children are home with her. The family is cooking, or playing, or sleeping. “When the mother opens the door, two government investigators are standing outside, loudly demanding to be let inside. She is surprised and confused. She asks what this is about. The investigators command the mother. You have to let us in. We need to look in your home. We don’t need a warrant. We’re going to get the police here if you refuse. We’re not leaving until we come inside. If you don’t let us in, we’re going to take your children. “The mother has no choice, it seems. Terrified, she reluctantly opens the door and steps aside, and the investigators walk into her home. It is clear that there is no present danger to anyone in the house, but still the investigators search the home top to bottom. They look inside medicine cabinets, under beds, in closets and dresser drawers, in the refrigerator, and in the cupboards. The mother does not know why this is happening. The children are scared by the strangers combing through their clothes. “The investigators demand to see the children’s bodies under their clothes. They tell the mother to leave them alone in a room with her children. The investigators command the children. Lift up your shirt. Pull down your pants. I need to see your chest, your legs, your back. The mother fears that if she does not acquiesce to the investigators’ demands, they will take her children at any moment. Her fear is reasonable; the investigators are telling her that might happen. “The investigators leave as abruptly as they arrived. They have threatened to return, even though they found no evidence that the children are in danger. There seem to be no rules and no laws to protect the mother and her children from this intrusion.” This may seem a little novelistic for a court filing. Yet this vignette agrees with an interview given by one of the plaintiffs, Shavano Warmington, a mother of six who lives in Queens. She told The New York Daily News, “When ACS comes, they treat me like a criminal in my own home. They give no respect to my wishes. They come banging the doors so loud that the neighbors came out wanting to know what was going on. The caseworkers don’t show identification and they threaten to bring the police if I don’t allow them entry.” As with law enforcement, child protective agencies must balance their need to investigate against the need to respect the Fourth Amendment, which forbids entry into a home without a warrant. An ACS spokeswoman told The Daily News that the agency is expanding an initiative to inform families of their rights during child welfare probes. It should be said that these claims have yet to be adjudicated. We affirm that society has no more urgent or solemn obligation than to protect children. For this reason, the child protective service agencies throughout the United States are instrumental in investigating possible cases of abuse and neglect. Surely this important job can be performed with sensitivity and respect for the constitutional rights of parents. A federal court has given the go-ahead for a lawsuit filed by Just Futures Law and Edelson PC against Western Union for its involvement in a dragnet surveillance program called the Transaction Record Analysis Center (TRAC).
Since 2022, PPSA has followed revelations on a unit of the Department of Homeland Security that accesses bulk data on Americans’ money wire transfers above $500. TRAC is the central clearinghouse for this warrantless information, recording wire transfers sent or received in Arizona, California, New Mexico, Texas, and Mexico. These personal, financial transactions are then made available to more than 600 law enforcement agencies – almost 150 million records – all without a warrant. Much of what we know about TRAC was unearthed by a joint investigation between ACLU and Sen. Ron Wyden (D-OR). In 2023, Gene Schaerr, PPSA general counsel, said: “This purely illegal program treats the Fourth Amendment as a dish rag.” Now a federal judge in Northern California determined that the plaintiffs in Just Future’s case allege plausible violations of California laws protecting the privacy of sensitive financial records. This is the first time a court has weighed in on the lawfulness of the TRAC program. We eagerly await revelations and a spirited challenge to this secretive program. The TRAC intrusion into Americans’ personal finances is by no means the only way the government spies on the financial activities of millions of innocent Americans. In February, a House investigation revealed that the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has worked with some of the largest banks and private financial institutions to spy on citizens’ personal transactions. Law enforcement and private financial institutions shared customers’ confidential information through a web portal that connects the federal government to 650 companies that comprise two-thirds of the U.S. domestic product and 35 million employees. TRAC is justified by being ostensibly about the border and the activities of cartels, but it sweeps in the transactions of millions of Americans sending payments from one U.S. state to another. FinCEN set out to track the financial activities of political extremists, but it pulls in the personal information of millions of Americans who have done nothing remotely suspicious. Groups on the left tend to be more concerned about TRAC and groups on the right, led by House Judiciary Chairman Jim Jordan, are concerned about the mass extraction of personal bank account information. The great thing about civil liberties groups today is their ability to look beyond ideological silos and work together as a coalition to protect the rights of all. For that reason, PPSA looks forward to reporting and blasting out what is revealed about TRAC in this case in open court. Any revelations from this case should sink in across both sides of the aisle in Congress, informing the debate over America’s growing surveillance state. The reform coalition on Capitol Hill remains determined to add strong amendments to Section 702 of the Foreign Intelligence Surveillance Act (FISA). But will they get the chance before an April 19th deadline for FISA Section 702’s reauthorization?
There are several possible scenarios as this deadline closes. One of them might be a vote on the newly introduced “Reforming Intelligence and Securing America” (RISA) Act. This bill is a good-faith effort to represent the narrow band of changes that the pro-reform House Judiciary Committee and the status quo-minded House Permanent Select Committee on Intelligence could agree upon. But is it enough? RISA is deeply lacking because it leaves out two key reforms.
The bill does include a role for amici curiae, specialists in civil liberties who would act as advisors to the secret FISA court. RISA, however, would limit the issues these advisors could address, well short of the intent of the Senate when it voted 77-19 in 2020 to approve the robust amici provisions of the Lee-Leahy amendment. For all these reasons, reformers should see RISA as a floor, not as a ceiling, as the Section 702 showdown approaches. The best solution to the current impasse is to stop denying Members of Congress the opportunity for a straight up-or-down vote on reform amendments. The contest between surveillance reformers and defenders of domestic surveillance is set to come to a showdown in the second week of April. Speaker Mike Johnson told Politico that his “current plan is to run FISA as a standalone the week after Easter.” Section 702 of the Foreign Intelligence Surveillance Act (FISA) allows federal agencies to gather foreign intelligence but has been used by the government to conduct domestic surveillance on millions of Americans in recent years. Its reauthorization, with or without reforms, will almost certainly come to a vote before its expiration on April 19. The big question is whether the House will be allowed vote on two reform amendments. These amendments would impose warrant requirements before federal agencies could inspect the communications of Americans caught up in the global trawl of intelligence agencies, as well as for the sensitive, personal information of Americans scraped by apps and sold by data brokers to the government. These amendments are backed by strong bipartisan support that spans across the aisle and includes leaders of the Freedom and Progressive caucuses. The odds of votes on reform amendment on the House floor increased with renewed pressure for reform coming from the Senate. Sens. Dick Durbin (D-IL) and Mike Lee (R-UT) introduced the Security and Freedom Enhancement (SAFE) Act, which includes the prime provisions of House reformers, with a few pragmatic concessions to the needs of intelligence practitioners. The route to this moment has been long and tortuous. The House reauthorization bill, and a chance to vote on the two warrant amendments, was pulled at the request of the intelligence community in February when it became clear these measures likely had majority support. With powerful bipartisan support for reform now coming from two respected lawmakers on the Senate Judiciary Committee, it will be hard to stiff-arm reformers again in either chamber. That doesn’t mean it cannot happen. Expect the champions of the surveillance status quo to come up with new legislative tricks and scares (remember the Putin space nuke debacle?) before April’s vote. PPSA will be tracking every development in this struggle. Registering your determination for surveillance reform now will help maintain the “current plan” for reauthorization, debate, and vote on reform amendments. Tell your U.S. House Representative:“Stop the FBI and other government agencies from spying on innocent Americans. Please fight for a vote to reform FISA’s Section 702 with warrant requirements, both for Section 702 data and for our sensitive, personal information sold to the government by data brokers.” The best intentions of Amazon to reduce easy, warrantless surveillance of the American people are being undermined by cheap, Chinese cameras.
PPSA has long tracked the privacy threat of Amazon’s cooperative agreements with more than 2,000 police and fire departments to solicit Ring videos for neighborhood surveillance from customers. In January, we celebrated Amazon’s disabling of its Request for Access tool, a feature that facilitated requests from law enforcement to ask Ring camera owners to volunteer video of their neighbors and neighborhood. The Electronic Frontier Foundation was so impressed by Amazon’s move that they removed Ring from its Atlas of Surveillance, a comprehensive, national map of points of police surveillance. In March, EFF removed 2,530 data points from its Atlas because Amazon will no longer facilitate warrantless requests for consumer video footage. As EFF notes, this does not mean that the police won’t still be able to access Ring footage. PPSA reported in February that law enforcement in central Texas are ho-hum about Amazon’s policy change, telling reporters they will simply appeal to individual households to ask for videos. But at least this means police requests will be tied to actual events, requiring an expenditure of shoe leather after a burglary, car accident, or fire, instead of a broad array of surveillance footage available for police to examine. Around the same time, journalists Stacey Higginbotham and Daniel Wroclawski of Consumer Reports (CR) demonstrated the alarming vulnerability of cheap, Chinese doorbell cameras sold by Amazon, as well as by Walmart, Sears, and Chinese online retailers Shein and Temu. These cameras are sold by the thousands under an ever-shifting array of brand names, but all are connected to the same app called Awit, owned by Shenzen-based Eken Group Ltd., and apparently managed in North America out of an apartment in east Los Angeles County. Higginbotham and Wroclawski reported that with the use of the Awit app, these cameras were easily compromised and used for remote surveillance of their owners – the exact opposite of the purpose of a security camera. They wrote: “People who face threats from a stalker or estranged abusive partner are sometimes spied on through their phones, online platforms, and connected smartphone devices. The vulnerabilities CR found could allow a dangerous person to take control of the video doorbell on their target’s home, watching when they and their family members come and go.” Worse, these doorbells expose their owners’ home IP address and Wi-Fi network name to the internet without encryption. They also lack a visible ID issued by the Federal Communications Commission, making them illegal to sell in the United States. Weeding out junk products is probably a difficult task for Amazon, given the shape-shifting, brand-changing nature of some providers. Like many Chinese-made products, these doorbell cameras are booby-trapped, either through sloppiness or by intention, or perhaps both. It doesn’t take a lot of imagination to envision them being used against U.S. officials, civilian or military, by Chinese intelligence during a crisis. Imagine the intelligence value of seeing National Security Council personnel leaving their homes at the same time around 2 a.m. Amazon’s top search results showed few of these Chinese cameras available now, though it is hard to tell given the plethora of ever-changing brand names. Perhaps Amazon products should come with a cautionary “China” sticker for consumers. Our general counsel, Gene Schaerr, explains in the Washington Examiner how the Biden administration's recent executive order to protect personal data from government abuse falls short. Hint: It excludes our very own government's abuse of our personal data.
The reauthorization of FISA Section 702, which allows federal agencies to conduct international surveillance for national security purposes, has languished in Congress like an old Spanish galleon caught in the doldrums. This happened after opponents of reform pulled Section 702 reauthorization from the House floor rather than risk losing votes on popular measures, such as requiring government agencies to obtain warrants before surveilling Americans’ communications.
But the winds are no longer becalmed. They are picking up – and coming from the direction of reform. Sen. Dick Durbin (D-IL), Chairman of the Senate Judiciary Committee, and fellow committee member Sen. Mike Lee (R-UT), today introduced the Security and Freedom Enhancement (SAFE) Act. This bill requires the government to obtain warrants or court orders before federal agencies can access Americans’ personal information, whether from Section 702-authorized programs or purchased from data brokers. Enacted by Congress to enable surveillance of foreign targets in foreign lands, Section 702 is used by the FBI and other federal agencies to justify domestic spying. According to the Foreign Intelligence Surveillance Act (FISA) Court, under Section 702 government “batch” searches have included a sitting U.S. Congressman, a U.S. Senator, journalists, political commentators, a state senator, and a state judge who reported civil right violations by a local police chief to the FBI. It has even been used by government agents to stalk online romantic prospects. Millions of Americans in recent years have had their communications compromised by programs under Section 702. The reforms of the SAFE Act promise to reverse this trend, protecting Americans’ privacy and constitutional rights from the government. The SAFE Act requires:
Durbin-Lee is a pragmatic bill. It lifts warrants and other requirements in emergency circumstances. The SAFE Act allows the government to obtain consent for surveillance if the subject of the search is a potential victim or target of a foreign plot. It allows queries designed to identify targets of cyberattacks, where the only content accessed and reviewed is malicious software or cybersecurity threat signatures. The SAFE Act is a good-faith effort to strike a balance between national security and Americans’ privacy. It should break the current stalemate, renewing the push for debate and votes on amendments to the reauthorization of Section 702. How to Tell if You are Being Tracked Car companies are collecting massive amounts of data about your driving – how fast you accelerate, how hard you brake, and any time you speed. These data are then analyzed by LexisNexis or another data broker to be parsed and sold to insurance companies. As a result, many drivers with clean records are surprised with sudden, large increases in their car insurance payments.
Kashmir Hill of The New York Times reports the case of a Seattle man whose insurance rates skyrocketed, only to discover that this was the result of LexisNexis compiling hundreds of pages on his driving habits. This is yet another feature of the dark side of the internet of things, the always-on, connected world we live in. For drivers, internet-enabled services like navigation, roadside assistance, and car apps are also 24-7 spies on our driving habits. We consent to this, Hill reports, “in fine print and murky privacy policies that few read.” One researcher at Mozilla told Hill that it is “impossible for consumers to try and understand” policies chocked full of legalese. The good news is that technology can make data gathering on our driving habits as transparent as we are to car and insurance companies. Hill advises:
What you cannot do, however, is file a report with the FBI, IRS, the Department of Homeland Security, or the Pentagon to see if government agencies are also purchasing your private driving data. Given that these federal agencies purchase nearly every electron of our personal data, scraped from apps and sold by data brokers, they may well have at their fingertips the ability to know what kind of driver you are. Unlike the private snoops, these federal agencies are also collecting your location histories, where you go, and by inference, who you meet for personal, religious, political, or other reasons. All this information about us can be accessed and reviewed at will by our government, no warrant needed. That is all the more reason to support the inclusion of the principles of the Fourth Amendment Is Not for Sale Act in the reauthorization of the FISA Section 702 surveillance policy. Does the intelligence community have a secret veto?Time and again, the forces of the surveillance status quo have prevented Congress from voting on reforms of FISA Section 702 – the authority passed by Congress to allow the government to track foreign threats but has been used in recent years to surveil millions of ordinary Americans.
The intelligence community especially doesn’t want Congress to demand closure of the loophole that allows the government to purchase your most sensitive and personal information from data brokers. Federal agencies can use this data to accumulate a portfolio of your health and medical issues, personal life, financial concerns, religious beliefs and worship, and political posts and activities. Repeated attempts by the U.S. House of Representatives to debate and hold a floor vote on these reform amendments to Section 702 have been stalled by legislative maneuvers and gamesmanship. At the same time, the government has applied to the FISA Court to extend Section 702 without reforms for a whole year, which could elbow Congress out of the policy process entirely. While Congress struggles, a poll conducted by YouGov, commissioned by FreedomWorks and DemandProgress, show the American people – Republicans, Democrats, and independents – are paying attention and they do not like what they see:
In the reauthorization of Section 702, Americans demand that Congress:
Members of Congress are now asking themselves: If I allow these domestic surveillance programs to continue, how am I going to explain this my constituents? You can help clarify this issue for your Member of Congress. Tell your U.S. House Representative: “Stop the FBI and other government agencies from spying on innocent Americans. Please fight for a vote to reform FISA’s Section 702 with warrant requirements, both for Section 702 data and for our sensitive, personal information sold to the government by data brokers.” While Congress debates adding reforms to FISA Section 702 that would curtail the sale of Americans’ private, sensitive digital information to federal agencies, the Federal Trade Commission is already cracking down on companies that sell data, including their sales of “location data to government contractors for national security purposes.”
The FTC’s words follow serious action. In January, the FTC announced proposed settlements with two data aggregators, X-Mode Social and InMarket, for collecting consumers’ precise location data scraped from mobile apps. X-Mode, which can assimilate 10 billion location data points and link them to timestamps and unique persistent identifiers, was targeted by the FTC for selling location data to private government contractors without consumers’ consent. In February, the FTC announced a proposed settlement with Avast, a security software company, that sold “consumers’ granular and re-identifiable browsing information” embedded in Avast’s antivirus software and browsing extensions. What is the legal basis for the FTC’s action? The agency seems to be relying on Section 5 of the Federal Trade Commission Act, which grants the FTC power to investigate and prevent deceptive trade practices. In the case of X-Mode, the FTC’s proposed complaint highlight’s X-Mode’s statement that their location data would be used solely for “ad personalization and location-based analytics.” The FTC alleges X-Mode failed to inform consumers that X-Mode “also sold their location data to government contractors for national security purposes.” The FTC’s evolving doctrine seems even more expansive, weighing the stated purpose of data collection and handling against its actual use. In a recent blog, the FTC declares: “Helping people prepare their taxes does not mean tax preparation services can use a person’s information to advertise, sell, or promote products or services. Similarly, offering people a flashlight app does not mean app developers can collect, use, store, and share people’s precise geolocation information. The law and the FTC have long recognized that a need to handle a person’s information to provide them a requested product or service does not mean that companies are free to collect, keep, use, or share that’s person’s information for any other purpose – like marketing, profiling, or background screening.” What is at stake for consumers? “Browsing and location data paint an intimate picture of a person’s life, including their religious affiliations, health and medical conditions, financial status, and sexual orientation.” If these cases go to court, the tech industry will argue that consumers don’t sign away rights to their private information when they sign up for tax preparation – but we all do that routinely when we accept the terms and conditions of our apps and favorite social media platforms. The FTC’s logic points to the common understanding that our data is collected for the purpose of selling us an ad, not handing over our private information to the FBI, IRS, and other federal agencies. The FTC is edging into the arena of the Fourth Amendment Is Not for Sale Act, which targets government purchases and warrantless inspection of Americans’ personal data. The FTC’s complaints are, for the moment, based on legal theory untested by courts. If Congress attaches similar reforms to the reauthorization of FISA Section 702, it would be a clear and hard to reverse protection of Americans’ privacy and constitutional rights. Ken Blackwell, former ambassador and mayor of Cincinnati, has a conservative resume second to none. He is now a senior fellow of the Family Research Council and chairman of the Conservative Action Project, which organizes elected conservative leaders to act in unison on common goals. So when Blackwell writes an open letter in Breitbart to Speaker Mike Johnson warning him not to try to reauthorize FISA Section 702 in a spending bill – which would terminate all debate about reforms to this surveillance authority – you can be sure that Blackwell was heard.
“The number of FISA searches has skyrocketed with literally hundreds of thousands of warrantless searches per year – many of which involve Americans,” Blackwell wrote. “Even one abuse of a citizen’s constitutional rights must not be tolerated. When that number climbs into the thousands, Congress must step in.” What makes Blackwell’s appeal to Speaker Johnson unique is he went beyond including the reform efforts from conservative stalwarts such as House Judiciary Committee Chairman Jim Jordan and Rep. Andy Biggs of the Freedom Caucus. Blackwell also cited the support from the committee’s Ranking Member, Rep. Jerry Nadler, and Rep. Pramila Jayapal, who heads the House Progressive Caucus. Blackwell wrote: “Liberal groups like the ACLU support reforming FISA, joining forces with conservatives civil rights groups. This reflects a consensus almost unseen on so many other important issues of our day. Speaker Johnson needs to take note of that as he faces pressure from some in the intelligence community and their overseers in Congress, who are calling for reauthorizing this controversial law without major reforms and putting that reauthorization in one of the spending bills that will work its way through Congress this month.” That is sound advice for all Congressional leaders on Section 702, whichever side of the aisle they are on. In December, members of this left-right coalition joined together to pass reform measures out of the House Judiciary Committee by an overwhelming margin of 35 to 2. This reform coalition is wide-ranging, its commitment is deep, and it is not going to allow a legislative maneuver to deny Members their right to a debate. U.S. Treasury and FBI Targeted Americans for Political BeliefsThe House Judiciary Committee and its Select Subcommittee on the Weaponization of the Federal Government issued a report on Wednesday revealing secretive efforts between federal agencies and U.S. private financial institutions that “show a pattern of financial surveillance aimed at millions of Americans who hold conservative viewpoints or simply express their Second Amendment rights.”
At the heart of this conspiracy is the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and the FBI, which oversaw secret investigations with the help of the largest U.S. banks and financial institutions. They did not lack for resources. Law enforcement and private financial institutions shared customers’ confidential information through a web portal that connects the federal government to 650 companies that comprise two-thirds of the U.S. domestic product and 35 million employees. This dragnet investigation grew out of the aftermath of the Jan. 6 riot in the U.S. Capitol, but it quickly widened to target the financial transactions of anyone suspiciously MAGA or conservative. Last year we reported on how the Bank of America volunteered the personal information of any customer who used an ATM card in the Washington, D.C., area around the time of the riot. In this newly revealed effort, the FBI asked financial services companies to sweep their database to look for digital transactions with keywords like “MAGA” and “Trump.” FinCEN also advised companies how to use Merchant Category Codes (MCC) to search through transactions to detect potential “extremists.” Keywords attached to suspicious transactions included recreational stores Cabela’s, Bass Pro Shop, and Dick’s Sporting Goods. The committee observed: “Americans doing nothing other than shopping or exercising their Second Amendment rights were being tracked by financial institutions and federal law enforcement.” FinCEN also targeted conservative organizations like the Alliance Defending Freedom or the Eagle Forum for being demonized by a left-leaning organization, the Institute for Strategic Dialogue in London, as “hate groups.” The committee report added: “FinCEN’s incursion into the crowdfunding space represents a trend in the wrong direction and a threat to American civil liberties.” One doesn’t have to condone the breaching of the Capitol and attacks on Capitol police to see the threat of a dragnet approach that lacked even a nod to the concept of individualized probable cause. What was done by the federal government to millions of ordinary American conservatives could also be done to millions of liberals for using terms like “racial justice” in the aftermath of the riots that occurred after the murder of George Floyd. These dragnets are general warrants, exactly the kind of sweeping, indiscriminate violations of privacy that prompted this nation’s founders to enact the Fourth Amendment. If government agencies cannot satisfy the low hurdle of probable cause in an application for a warrant, they are apt to be making things up or employing scare tactics. If left uncorrected, financial dragnets like these will support a default rule in which every citizen is automatically a suspect, especially if the government doesn’t like your politics. The growth of the surveillance state in Washington, D.C., is coinciding with a renewed determination by federal agencies to expose journalists’ notes and sources. Recent events show how our Fourth Amendment right against unreasonable searches and seizures and our First Amendment right of a free press are inextricable and mutually reinforcing – that if you degrade one of these rights, you threaten both of them.
In May, the FBI raided the home of journalist Tim Burke, seizing his computer, hard drives, and cellphone, after he reported on embarrassing outtakes of a Fox News interview. It turns out these outtakes had already been posted online. Warrants were obtained, but on what credible allegation of probable cause? Or consider CBS News senior correspondent Catherine Herridge who was laid off, then days later ordered by a federal judge to reveal the identity of a confidential source she used for a series of 2017 stories published while she worked at Fox News. Shortly afterwards, Herridge was held in contempt for refusing to divulge that source. This raises the question that when CBS had earlier terminated Herridge and seized her files, would network executives have been willing to put their freedom on the line as Herridge has done? In response to public outcry, CBS relented and handed Herridge’s notes back to her. But local journalists cannot count on generating the national attention and sympathy that a celebrity journalist can. Now add to this vulnerability the reality that every American who is online – whether a national correspondent or a college student – has his or her sensitive and personal information sold to more than a dozen federal agencies by data brokers, a $250 billion industry that markets our data in the shadows. The sellers of our privacy compile nearly limitless data dossiers that “reveal the most intimate details of our lives, our movements, habits, associations, health conditions, and ideologies.” Data brokers have established a sophisticated system to aggregate data from nearly every platform and device that records personal information to develop detailed profiles on individuals. To fill in the blanks, they also sweep up information from public records. So if you have a smartphone, apps, or search online, your life is already an open book to the government. In this way, state and federal intelligence and law enforcement agencies can use the data broker loophole to obtain information about Americans that they would otherwise need a warrant, court order, or subpoena to obtain. Now imagine what might happen as these two trends converge – a government hungry to expose journalists’ sources, but one that also has access to a journalist’s location history, as well as everyone they have called, texted, and emailed. It is hardly paranoid, then, to worry that when a prosecutor tries to compel a journalist to give up a source through legal means, purchased data may have already given the government a road map on what to seek. The combined threat to privacy from pervasive surveillance and prosecutors seeking journalists’ notes is serious and growing. This is why PPSA supports legislation to protect journalistic privacy and close the data broker loophole. The Protect Reporters from Exploitive State Spying, or PRESS Act, would grant a privilege to protect confidential news sources in federal legal proceedings, while offering reasonable exceptions for extreme situations. Such “shield laws” have been put into place in 49 states. The PRESS Act, which passed the House in January with unanimous, bipartisan support, would bring the federal government in line with the states. Likewise, the Fourth Amendment Is Not For Sale Act would close the data broker loophole and require the government to obtain a warrant before it can seize our personal information, as required by the Fourth Amendment of the U.S. Constitution. The House Judiciary Committee voted to advance the Fourth Amendment Is Not For Sale Act out of committee with strong bipartisan support in July. The Judiciary Committee also reported out a strong data broker loophole closure as part of the Protect Liberty Act in December. Now, it’s up to Congress to include these protection and reform measures in the reauthorization of Section 702. PPSA urges lawmakers to pass measures to protect privacy and a free press. They will rise or fall together. The Biden Administration has placed the people, the industry, and the national security of the United States on the edge of a cyber cliff and is threatening to push us all off.
Does that sound alarmist? Consider: Wikipedia brings together thousands of volunteers to curate a free, online encyclopedia about – well, everything – including the policies and personalities of repressive, homicidal regimes from Russia, to China, to North Korea. In the last decade, the Wikimedia Foundation, the non-profit that hosts Wikipedia, has received increasing requests to provide user data to governments and wealthy individuals. These foreign appeals not only seek to bowdlerize accurate information and censor editorial content, they also ask for personal data to enable retaliation against the volunteers who edit Wikipedia. On one level, this is actually kind of funny. Dictators and cartel bosses who rule by terror at home are reduced to making polite requests to the Wikimedia Foundation because the current system denies them local access to Wikipedia data. The architecture of an open internet, which forbids forced data localization, thus throws up roadblocks for malevolent foreign interests that would access Americans’ online, personal information. Now Americans’ privacy and the security of U.S. data is completely at risk because of U.S. Trade Representative Katherine Tai’s astonishing withdrawal of support for the underpinnings of a global internet before the World Trade Organization. Tai’s move leaves the Biden Administration moving in opposite directions at once. With one hand, the Biden Administration recently issued an executive order cracking down on the sale of Americans’ personal data by data brokers to foreign “countries of concern.” With the other hand – the president’s trade representative – the U.S. offered to drop its long-standing opposition to forced data localization and to forced transfers of American tech companies’ algorithms to governments around the world. Tai would hand the keys to America’s digital kingdom to more than 80 countries, including China. It is not only Americans who will be at risk, but political dissidents and religious minorities around the world. “Growing requirements for data localization are happening alongside a global crackdown on free expression,” wrote the American Civil Liberties Union, the Center for Democracy & Technology, Freedom House, Information Technology and Innovation Foundation, Internet Society, PEN America, and the Wikimedia Foundation. “And people’s personal data – which can reveal who they voted for, who they worship, and who they love – can help facilitate this … 78 percent of the world’s internet users live in countries where simply expressing political, social, and religious viewpoints leads to legal repercussions.” The Biden Administration’s forced disclosure of source codes will undermine the national and personal security of our country. Why? And for what? We are not sure, but it is clear that it would put all Americans’ privacy and personal security at risk. China is planning to build a large base on the moon in the 2030s, with science labs, housing for astronauts, and a fleet of robots. It is also planning to bring up the advanced technologies that enable its 600-million camera Skynet system to surveil the Chinese people.
“Skynet” is, of course, familiar to American ears as the AI villain in the Terminator movies. It is also the actual term China uses in English for its surveillance network, a term deriving from an ancient Chinese proverb that includes the line, “There is forever a net in the sky.” Stephen Chen of the South China Morning Post informs us that the meaning here is that those who do wrong or resist the regime will not escape the celestial net. China’s experience with the Skynet system, which fields two cameras for every Chinese adult, has taught the regime how to manage such amounts of surveillance data. This knowledge will be useful in building out a Skynet for the moon. The purpose, say Chinese aerospace agencies, is to create a massive video surveillance system that is “capable of identifying, locating, tracking and aiming at suspicious targets independently.” If so, perhaps the moon really will be looking down on us. PPSA, in concert with a coalition of major civil liberties groups from the left, right, and center, is appealing to Members of Congress “to oppose any legislative end-run that allows the FBI and other intelligence agencies to continue to spy on Americans without giving Congress the opportunity to vote on reforms.”
The word from Capitol Hill is that the intelligence community is now lobbying to attach a reauthorization of FISA Section 702 to a “must-pass” spending measure. Such a maneuver would cement the intelligence community’s strategy of denying Members of Congress a chance to have a debate and to vote on reforms to this surveillance authority. Our letter, which includes Americans for Prosperity, the Brennan Center for Justice, Demand Progress, FreedomWorks, and the Wikimedia Foundation, warns Congress: “The Fourth Amendment will become a constitutional dead letter if the government can continue to track our every movement, communications, where we worship, our financial and health issues, what we believe, and our political activity without warrants.” Our letter concludes: “Congress must be able to vote on reforms rather than being faced with a ‘take-it-or-leave-it’ choice between funding the government and protecting Americans’ liberties.” Our FISA Reform Coalition letter ended by urging Congress to stand up for Americans’ privacy, the Constitution, and against the insulting premise that Members of Congress should not be allowed to vote on surveillance reform. Tell your Representative in the U.S. House that you want the FBI and other federal intelligence agencies to stop spying on you and your family.
In recent years, the FBI and other agencies have freely dipped into Americans’ private communications and data caught up in foreign surveillance. The FBI, IRS, Drug Enforcement Administration, Pentagon, and other agencies also track your every move by purchasing your geolocation data and other sensitive, personal information scraped from the apps on your cellphone and sold to the government by shady data brokers. Your personal information from these sources tells the FBI where you’ve been and where you’re going, where you worship, who you date or have fun with, and all about your health, financial information, personal beliefs, and political activities. Do you trust this government to have so much power over your life? Consider that the FBI has already been caught dipping into Americans’ personal communications in recent years by the millions. The government has followed our political and religious activities for years without warrants, spied on 19,000 donors to a Congressional campaign, and spied on a state senator, a state judge, a U.S. Congressman, and U.S. Senator. If judges and Members of Congress can have their rights violated, imagine how much respect the FBI and other government agencies have for your privacy. For now, champions of the intelligence community on Capitol Hill have used a legislative maneuver to prevent a vote that would require the government to get warrants before looking at your private information. The FBI and their friends know that if these amendments get a fair vote on the House floor, they will lose. So they’ve upended the whole process. This is dirty pool. The lack of a vote denies your Member of Congress the right to debate and vote for reform. Unchallenged, this maneuver ensures that the FBI and other agencies will continue to ignore the Fourth Amendment to the U.S. Constitution, which clearly mandates that the government go to a court and obtain a warrant before your personal communications can be inspected. So tell your U.S. House Representative to demand that the FBI and other federal agencies stop accessing your private, personal communications and data without a warrant. Tell your U.S. House Representative: “Stop the FBI from spying on innocent Americans. Please fight for a vote to reform FISA’s Section 702 with warrant requirements, both for Section 702 data and for our sensitive, personal information sold to the government by data brokers.” On Thursday, the Cato Institute filed a motion in federal court that would compel the Department of Justice to release internal audits of the FISA Section 702 program.
The timing is critical. Cato senior fellow Patrick Eddington is asking the court to release these audits soon, by March 29 at the latest, so these audits can inform the Congressional debate on the reauthorization of FISA Section 702. That statute, which authorizes surveillance on foreign targets but has been used to justify millions of acts of domestic surveillance in recent years, must be reauthorized by April 19. DOJ does release summaries of these audits, but they are terse and without much detail. The full texts of the internal DOJ audits remain secret from both the American people and their elected representatives. A long-standing Freedom of Information Act request for these records filed by Cato has languished since last June. Cato’s filing now communicates a sense of urgency to the court. “American citizens and Congress have no way of comparing DOJ claims about alleged reductions in violations with what the original audits themselves reveal about those violations,” Eddington wrote on a Cato blog. PPSA applauds Cato and Patrick Eddington for taking the initiative. We urge the U.S. District Court of the District of Columbia to expedite the release of these audits in time to inform the debate – doing so out of respect for Congress and the American people. When we covered a Michigan couple suing their local government for sending a drone over their property to prove a zoning violation, we asked if there are any legal limits to aerial surveillance of your backyard.
In this case before the Michigan Supreme Court, Maxon v. Long Lake Township, counsel for the local government said that the right to inspect our homes goes all the way to space. He described the imaging capability of Google Earth satellites, asking: “If you want to know whether it’s 50 feet from this house to this barn, or 100 feet from this house to this barn, you do that right on the Google satellite imagery. And so given the reality of the world we live in, how can there be a reasonable expectation of privacy in aerial observations of property?” One justice reacted to the assertion that if Google Earth could map a backyard as closely and intimately as a drone, that would be a search. “Technology is rapidly changing,” the justice responded. “I don’t think it is hard to predict that eventually Google Earth will have that capacity.” Now William J. Broad of The New York Times reports that we’re well beyond Google Earth’s imaging of barns and houses. Try dinner plates and forks. Albedo Space of Denver is making a fleet of 24 small, low orbit satellites that will use imagery to guide responders in disasters, such as wildfires and other public emergencies. It will improve the current commercial standard of satellite imaging from a focal length of about a foot to about four inches. A former CIA official with decades of satellite experience told Broad that it will be a “big deal” when people realize that anything they are trying to hide in their backyards will be visible. Skinny-dipping in the pool will only be for the supremely confident. To his credit, Albedo chief Topher Haddad said, “we’re acutely aware of the privacy implications,” promising that management will be selective in their choice of clients on a case-by-case basis. It is good to know that Albedo likely won’t be using its technology to catch zone violators or backyard sunbathers. We’ve seen, however, that what is cutting-edge technology today will be standard tomorrow. This is just one more way in which the velocity of technology is outpacing our ability to adjust. There is, of course, one effective response. We can reject the Michigan town’s counsel argument who said, essentially, that privacy’s dead and we should just get over it. Courts and Congress should define orbital and aerial surveillance as searches requiring a probable cause warrant, as defined by the Fourth Amendment of the U.S. Constitution, before our homes and backyards can be invaded by eyes from above. The greatest danger to privacy is not that Albedo will allow government snoops to watch us in real time. The real threat is a satellite company’s ability to collect private images by the tens of millions. Such a database could then be sold to the government just as so much commercial digital information is now being sold to the government by data brokers. This is all the more reason for Congress to import the privacy-protecting warrant provisions of the Fourth Amendment Is Not For Sale Act into the reauthorization of FISA Section 702. In the last century, the surveillance state was held back by the fact that there could never be enough people to watch everybody. Whether Orwell’s fictional telescreens or the East German Stasi’s apparatus of civilian informants, there could simply never be enough watchers to follow every dissident, while having even more people to put all the watcher’s information together (although the Stasi’s elaborate filing system came as close as humanly possible to omniscience).
Now, of course, AI can do the donkey work. It can decide when a face, or a voice, a word, or a movement, is significant and flag it for a human intelligence officer. AI can weave data from a thousand sources – cell-site simulators, drones, CCTV, purchased digital data, and more – and thereby transform data into information, and information into actionable intelligence. The human and institutional groundwork is already in place to feed AI with intelligence from local, national, and global sources in more than 80 “fusion centers” around the country. These are sites where the National Counterterrorism Center coordinate intelligence from the 17 federal intelligence agencies with local and state law enforcement. FBI, NSA, and Department of Homeland Security intelligence networks get mixed in with intelligence from the locals. If you’ve ever reported something suspicious to the “if you see something, say something” ads, a fusion center is where your report goes. With terrorists and foreign threats ever present, it makes sense to share intelligence between agencies, both national and local. But absent clear laws and constitutional limits, we are also building the basics of a full-fledged surveillance state. With no warrant requirements currently in place for federal agencies to inspect Americans’ purchased digital data, there is nothing to stop the fusion of global, national, and local intelligence from a thousand sources into one ever-watchful eye. Step by step, day by day, new technologies, commercial entities and government agencies add new sources and capabilities to this ever-present surveillance. The latest thread in this weave comes from Axon, the maker of Tasers and body cameras for police. Axon has just acquired Fusus, which grants access to the camera networks of shopping centers, hospitals, residential communities, houses of worship, schools, and urban environments for more than 250 police “real-time crime centers.” Weave that data with fusion centers, and voilà, you are living in a Panopticon – a realm where you are always seen and always heard. To make surveillance even more thorough, Axon’s body cameras are being sold to healthcare and retail facilities to be worn by employees. Be nice to your nurse. Such daily progress in the surveillance state provides all the more reason for the U.S. House in its debate over the reauthorization of FISA Section 702 to include a warrant requirement before the government can freely swim in this ocean of data – our personal information – without restraint. David Pierce has an insightful piece in The Verge demonstrating the latest example of why every improvement in online technology leads to a yet another privacy disaster.
He writes about an experiment by OpenAI to make ChatGPT “feel a little more personal and a little smarter.” The company is now allowing some users to add memory to personalize this AI chatbot. Result? Pierce writes that “the idea of ChatGPT ‘knowing’ users is both cool and creepy.” OpenAI says it will allow users to remain in control of ChatGPT’s memory and be able to tell it to remove something it knows about you. It won’t remember sensitive topics like your health issues. And it has a temporary chat mode without memory. Credit goes to OpenAI for anticipating the privacy implications of a new technology, rather than blundering ahead like so many other technologists to see what breaks. OpenAI’s personal memory experiment is just another sign of how intimate technology is becoming. The ultimate example of online AI intimacy is, of course, the so-called “AI girlfriend or boyfriend” – the artificial romantic partner. Jen Caltrider of Mozilla’s Privacy Not Included team told Wired that romantic chatbots, some owned by companies that can’t be located, “push you toward role-playing, a lot of sex, a lot of intimacy, a lot of sharing.” When researchers tested the app, they found it “sent out 24,354 ad trackers within one minute of use.” We would add that data from these ads could be sold to the FBI, the IRS, or perhaps a foreign government. The first wave of people whose lives will be ruined by AI chatbots will be the lonely and the vulnerable. It is only a matter of time before sophisticated chatbots become ubiquitous sidekicks, as portrayed in so much near-term science fiction. It will soon become all too easy to trust a friendly and helpful voice, without realizing the many eyes and ears behind it. |
Categories
All
|