Judge Rudolph Contreras, of the U.S. District Court for the District of Columbia, gave PPSA a victory in our quest to compel the FBI to search and possibly produce correspondence between Members of Congress and agencies about their “unmasking.”
More than one year ago, PPSA filed suit to follow up on a Freedom of Information Act (FOIA) request asking the FBI to produce documents about the potential unmasking or identification of individual members of Congress whose messages are caught up in intercepts of foreign communications. We specifically asked for correspondence between House Members and Senators with federal agencies regarding unmasking. We also asserted that since the Gates Procedures – the method by which congressional identities are handled and can be deanonymized – are in the public domain, the FBI cannot issue a Glomar response, which neither confirms nor denies the existence of such records.
Judge Contreras denied this broader motion, saying it wasn’t relevant to the core request about acquiring correspondence. But he found merit with the other request about correspondence.
The judge wrote: “But there exists a separate category of documents: communications between the FBI and Congress that are a degree removed from FISA-derived documents and which discuss congressional unmasking as a matter of legislative interest, policy, or oversight … The FBI must conduct a search for any ‘policy documents’ in its possession.”
FBI attorneys had argued that the core of our request was for “operational documents” concerning congressional unmasking. Judge Contreras rejected that contention, noting there are not necessarily any law enforcement procedures, techniques, or guidelines “that would risk circumvention of the law … because acknowledging the existence of congressional inquiries would not necessarily reveal anything about the FBI’s operations.” Such policy documents are “well within the four corners of the FOIA request.”
If the FBI follows it traditional path and issues a Glomar response anyway, PPSA will be there to press further litigation. And we will report any findings with alacrity.
Samantha Murphy Kelly of CNN Business news has a snappy take on Amazon’s recent product press event. The company, she wrote, “knows when you’re in and out of the room. A gadget that monitors your breathing pattern while you sleep. An enhanced voice assistant that highlights just how much it knows about your everyday life.”
She notes another event where Amazon introduced drones and Astro, a dog-like robot that can patrol the home when you’re gone.
Will consumers be deterred by the creep factor of giving so much of our personal information taken from the intimacy of our homes? Kelly quotes a consumer analyst who said that “negative consumer attitudes” about data collection is lessened by the service, price, and convenience of these products.
It is easy to see why consumers are sanguine about sharing data with a company that sells products and services they like. All Amazon wants to do is to sell us even more products. Dangers emerge, however, when consumer data migrates beyond the company you’re doing business with. Amazon, for its part, says that “information about our customers is an important part of our business, and we are not in the business of selling our customers’ personal information to others.”
The company does share information with third parties, such as vendors whose goods are sold through Amazon. A recent FTC filing against the data broker Kochava shows that Amazon Web Services Marketplace allows companies to buy consumers’ IP addresses and precise geolocation histories. Amazon also encourages its Ring customers to share their data with police agencies across the country – creating a national surveillance network stitched together from more than three million cameras.
Whatever the limits of Amazon’s privacy policies, most of the other major social media platforms freely sell consumer data to brokers. Among the major customers of this data, as PPSA has endlessly reported, are the intelligence and law enforcement agencies of the U.S. government – reason why PPSA has joined with almost fifty other civil liberties organizations to call for the passage of the Fourth Amendment Is Not for Sale Act.
Your dog may follow you around the house, but she will never judge you. Not so with the many devices that are infiltrating into our lives.
Talk about bad timing.
A provisional finding by the Information Commission Office in the UK seems poised to slap a £27 million fine on TikTok for failing to meet Britain’s heightened online protections for minors. At the same time, the Biden administration is still conducting furious internal debate on the terms of a preliminary agreement with TikTok on how it stores the data of Americans.
A social media platform that has spread like wildfire, TikTok is owned by ByteDance, a Chinese company that must operate under a 2017 law requiring it to make all data available to Chinese intelligence. Given that TikTok has 80 million active users in the United States, the Biden administration understandably sees a massive security gap in allowing the Chinese Communist Party to follow one-fourth of the U.S. population.
This is not a speculative worry: PPSA reported in June that internal documents from TikTok made it clear that the Chinese Community Party could access its data.
The New York Times today reports that the outline of the provisional agreement with the administration would require TikTok to store its American data in the United States, most likely with Oracle. Oracle would monitor the service for algorithms that the Chinese government could use to steer Americans to its propaganda. And the deal would require TikTok to create a board of security experts answerable to the U.S. government.
Former President Trump had failed in his effort to force ByteDance to sell TikTok to a U.S. company. Sen. Marco Rubio (R-FL), chairman of the U.S. Senate Select Committee on Intelligence, said that without such a divestiture, the relationship with Beijing will “likely leave significant national security issues regarding operations, data and algorithms unresolved.”
Facial recognition software is a problem when it doesn’t work. It can conflate the innocent with the guilty if the two have only a passing resemblance. In one test, it identified 27 Members of Congress as arrested criminals. It is also apt to work less well on people of color, leading to false arrests.
But facial recognition is also problem when it does work. One company, Vintra, has software that follows a person camera by camera to track any person he or she may interact with along the way. Another company, Clearview AI, identifies a person and creates an instant digital dossier on him or her with data scrapped from social media platforms.
Thus, facial recognition software does more than locate and identify a person. It has the power to map relationships and networks that could be personal, religious, activist, or political. Major Neill Franklin (Ret.) Maryland State Police and Baltimore Police Department, writes that facial recognition software has been used to violate “the constitutionally protected rights of citizens during lawful protest.”
False arrests and crackdowns on dissenters and protestors are bound to result when such robust technology is employed by state and local law enforcement agencies with no oversight or governing law. The spread of this technology takes us inch by inch closer to the kind of surveillance state perfected by the People’s Republic of China.
It is for all these reasons that PPSA is heartened to see Rep. Ted Lieu join with Reps. Shelia Jackson Lee, Yvette Clark and Jimmy Gomez on Thursday to introduce the Facial Recognition Act of 2022. This bill would place strong limits and prohibitions on the use of facial recognition technology (FRT) in law enforcement. Some of the provisions of this bill would:
The introduction of this bill is the result of more than a year of hard work and fine tuning by Rep. Lieu. This bill deserves widespread recognition and bipartisan support.
The first responsive information from the Office of the Director of National Intelligence to a Freedom of Information Act (FOIA) lawsuit for records concerning U.S. intelligence purchases of the private data of American citizens is trickling in. As often happens, cursory information allows us to catch a glimpse of secret practices, if only through a glass darkly.
The ears of civil libertarians perked up when Director of National Intelligence Avril Haines (1:17:05 mark) in her Senate confirmation hearings in early 2021 was asked about purchases of Americans’ data by Sen. Ron Wyden, (D-OR). She responded:
“I would seek to try to publicize, essentially, a framework that helps people understand the circumstances under which we do that and the legal basis that we do that under.”
Haines further promised to provide transparency “so people have an understanding of the guidelines under which the intelligence community operates.”
On May 17, 2021, PPSA requested records related to statements by Director Haines concerning the promise to publicize the circumstances under which the U.S. intelligence community purchases Americans’ private data, and its legal basis for doing so. After one year of awaiting a response – long past the statutory deadline – PPSA filed a lawsuit in July 2022 to press ODNI to respond to the request.
PPSA announces today that it received a reply that ODNI conducted a search and found approximately 1,000 emails potentially responsive to our request.
ODNI, however, explains that it does not have “de-duplication” software that would winnow the body of records to single copies. This is remarkable, since almost every other executive agency has such software, including many under ODNI’s purview. Searches of the documents will have to be done by hand and eye. With personnel changes, ODNI explains, it can only begin releasing records in late November – eighteen months after the submission of the FOIA request and in the middle of the holiday and travel season.
PPSA filed a motion asking a federal court to require ODNI to process at least 500 pages of records a month.
“What is most interesting about ODNI’s response,” said Gene Schaerr, general counsel of PPSA, “is that it has perhaps a thousand emails about living up to Director Haines’ promise of a degree of transparency without referring to a single document that would actually indicate that the office is transparent.”
PPSA will release more information from this legal action as ODNI produces results.
A new report by the United Nations Human Rights Council highlights how much of a global issue spyware has become. The Office of the High Commissioner for Human Rights calls for greater attention to threats to data privacy, to the development of state-sponsored spyware capabilities, and especially to the dangerous software Pegasus, which can remotely infiltrate smartphones and turn them into spying devices. PPSA has reported in the past on the emerging threat Pegasus poses to nations and individuals around the world. It is heartening to see the UN take this data privacy crisis seriously as a human rights issue.
The UN report focuses on three core trends relating to the role of member states in safeguarding and promoting the right to privacy:
The report draws special attention to Pegasus.
“The extent of Pegasus spyware operations and the number of victims are staggering… Reporting in 2021 revealed that at least 189 journalists, 85 human rights defenders, over 600 politicians and government officials, including cabinet ministers, and diplomats were affected as targets.”
The report notes that at least 65 governments have acquired commercial spyware surveillance tools. NSO Group, the Israeli company that developed Pegasus, reported that 60 government agencies in 45 countries are among its customers.
The UN report states: “While purportedly being deployed for combating terrorism and crime, such spyware tools have often been used for illegitimate reasons, including to clamp down on critical or dissenting views and on those who express them, including journalists, opposition political figures and human rights defenders…”
The report also condemned efforts by governments to undermine the security and confidentiality of encrypted communications – a key goal not just of repressive regimes, PPSA would add, but of some in the Department of Justice and FBI.
Governments continue to take steps to undermine that privacy, either by legislative fiat or by sophisticated hacking techniques. In some countries, encryption providers have been required to ensure that law enforcement or other government agencies have access to all communications upon request, effectively obliterating any privacy that encryption may have provided.
This is a brave report. PPSA is pleased to see the UN Human Rights Council recognize privacy as a human right, contrary to the practice of repressive governments, including China and Russia, which have seats on the UN Security Council. Unfortunately, the UN’s warnings on pervasive surveillance also need to be taken seriously by democratic governments, including some in positions of authority in the United States.
If you thought being subjected to “random” TSA screenings at airports was dehumanizing, just imagine your most sensitive, personal digital information being secretly reviewed by any one of thousands of government agents operating without a warrant or public oversight.
The Customs and Border Protection Commissioner Christopher Magnus revealed to Sen. Ron Wyden (D-OR) that the agency is scooping data from thousands of seized electronic devices every year. (Hat tip to Drew Harwell of The Washington Post for detailing this abuse of privacy.) That data is then added to a CBP database accessible by more than 2,700 CBP agents. That data – which can include call logs, messages, contact lists, and photos – can be kept for up to 15 years.
This story is just the latest development in a long-running series of data privacy breaches by federal law enforcement officials. Sen. Wyden criticized the agency for “allowing indiscriminate rifling through Americans’ private records.”
CBP conducted more than 37,000 searches of travelers’ devices in the 12 months ending in October 2021. According to The Washington Post, the default configuration for some data searches has been to download and retain all contact lists, call logs and messages. This means potentially millions of calls, contacts, and text messages from thousands of phones could be compromised.
It has long been known that CBP makes generous use of the “border search” exception in Fourth Amendment law. Sen. Wyden’s revelation about the scale and the scope of this loophole reveals an egregious new threat to the security of Americans’ data privacy. Congress must act now to bolster protections for data privacy.
It is high time for the Supreme Court to review and modify the judicially created border search exception in light of the massive amounts of information being seized from law-abiding citizens and then stored for long periods of time. If the Court does not protect the Fourth Amendment, then Congress should step up.
Last year, Sens. Wyden and Rand Paul (R-KY) introduced legislation that would require border officials to get a warrant before searching a traveler’s device. Congress should also pass the Fourth Amendment Is Not for Sale Act to ensure this database doesn’t fall into the hands of data brokers.
Spotlight Now on Senate
The U.S. House of Representatives passed the Protect Reporters from Exploitative State Spying (PRESS) Act with unanimous, bipartisan support today.
This bill, long supported by PPSA and civil liberties sister organizations, would protect journalists and their sources by granting a privilege to protect confidential news sources in federal legal proceedings. Former Rep. Rick Boucher (D-VA), friend of PPSA and the original author of an earlier version of this bill, said:
“Kudos to Rep. Jamie Raskin for shepherding this bill through the House in such a busy season. The PRESS Act passed unanimously today because courts continue to hold journalists in contempt and even jail them for refusing to reveal their confidential sources. The House today made a bold statement that this is not acceptable. I am heartened to see such a strong, bipartisan stand for a free and unintimidated press.”
PPSA general counsel Gene Schaerr, said:
“Today’s approval reflects the common sense behind this bill. Passage of this bill with unanimous, bipartisan support is a reaffirmation of the First Amendment’s guarantee of protection for a free press. If such a law works well for the vast majority of states, there is no excuse for the federal government to be so far behind the times.”
Former Rep. Bob Goodlatte who served as Chairman of the House Judiciary Committee, and now as PPSA Senior Policy Advisor, said:
“When a bill passes so easily after being praised by two of my former colleagues, House Judiciary Committee Chairman Jerry Nadler and Ranking Member Jim Jordan, that tells you something about the need for this bill to become law.
“The question now is will the U.S. Senate respond to the enthusiastic, bipartisan support displayed by the House? This bill has been sponsored in the past by now-Senate Majority Leader Chuck Schumer and Sen. Lindsey Graham. Enacting this bill into law would be a positive message that every senator can take home.”
Last week, PPSA reported on Fog Reveal, a product from Fog Data Science that sells billions of data points extracted from apps on 250 million mobile devices to local police departments. An unlimited-use, one-year subscription costs a department only $7,500.
For this price, Fog Reveal offers a powerful capability, the ability to track hundreds of millions of Americans in their daily movements. It allows police to locate every device in a given geo-fenced area. It also allows police to trace the location history of a single device (and therefore, its user) over months or years.
Fog Data Science claims that it is respectful of privacy because it does not reveal the names or addresses of individual users. But a slide show from Fog Data Science prepared for police highlights how this technology can easily be used to track a suspect to his or her “bed-down” over a 180-day period. (Hat tip to the Electronic Frontier Foundation, which helpfully added yellow highlights to significant passages of Fog documents.)
It is more than a stretch then to call this data “anonymized” when it follows people to their homes, as well as to their houses of worship, meetings with friends or lovers, trips to health or mental health clinics, journalists meeting with whistleblowers, or other locales that reveal sensitive and personal information.
For those in law enforcement who go through the motions of filing a warrant, Fog Data Science offers a template warrant. Such warrants are misbegotten. They can be employed to follow a number of people in the vicinity of a crime or track everyone who attended a political protest. The Fourth Amendment requires “probable cause” in which a warrant describes “the place to be searched, and the persons or things to be seized.” It makes a mockery of the Constitution’s requirement for particularity when the police have at their fingertips a whole ocean of data involving many people. How can such a requirement be fulfilled when Fog technology allows police to go on a fishing expedition in that ocean, with any American potentially being a catch?
It is through technologies such as Fog Reveal that our country, device by device, is moving steadily toward becoming a full-fledged surveillance state.
Such details should spur Congress to investigate the uses of this technology. It should also inspire Congress to pass the Fourth Amendment Is Not for Sale Act, which would block the auctioning of our private, personal information to all government agencies.
An elegant essay by Adrian Wooldridge in Bloomberg makes a connection between the Chinese surveillance state – “using the awesome power of data harvesting and artificial intelligence to compile more information on its citizens than any society has ever managed before” – and Western “surveillance capitalists” who are making our country a little more like China day by day.
PPSA has long warned that all the elements are falling into place to create an American surveillance state.
Here are just a few of the ways in which this is happening: The federal government and local police departments use “stingray” technology to trick Americans’ phones to betray your location and other personal information. Authorities can purchase your location history with Fog Reveal technology and capture all your comings and goings. Or they can just buy your personal information from a private data broker, as many federal agencies do.
The growing web of the “internet of things” will only produce more reportable data about you, from the cars we drive, to our refrigerators and other appliances in our home. A surveillance loophole was even recently found in a Chinese-made coffee maker.
Wooldridge reports that the Chinese Communist Party is at the cutting edge, “developing a new sort of ‘digital phrenology’ by monitoring people’s facial expression for signs of anger and new forms of racial profiling by creating a world-leading DNA database.” Governments, including our own, exert “relentless pressure for the misuse of information even as the quality and quantity of available information grows exponentially.”
The techno-optimists of the 1990s waxed rhapsodic about how the internet was going to liberate the human mind. Wooldridge comes to an opposite conclusion with these chilling words: “The arc of the digital revolution bends toward tyranny.”