Your phone, like your dog, knows all about you. But your dog will never tell. Your smartphone does, all day long, producing data that the federal government can buy and access without a warrant.
The same, increasingly, is true of your car. It knows where you go, and for how long. For example, Tesla has internal cameras, and according to Elon Musk biographer, Walter Isaacson, that CEO wanted them to record drivers to defend the company against lawsuits in the event of an accident. As your car integrates with your smartphone, the automobile becomes just another digital device that tracks your every move. A contemporary car can accumulate 4,000 gigabytes of data every day. Our cars’ entertainment and communications systems track our address books, call logs and what we listen to. Systems made to monitor performance can report our weight, as well as where we’ve driven, and if we’ve driven there alone or with someone else. But at least your dog in the backseat still won’t rat you out. This is just one more way digital technology is narrowing the bounds of privacy to, essentially, floatation tanks. The good news is that lawmakers in the Bay State are reacting to defend the privacy of their constituents. Two bills, one introduced in the Massachusetts House and one in the Senate, would limit collected data, set rules for the security of that data, and require it to be purged after it becomes irrelevant. Moreover, data collection would require the consent of the owner. Jalopnik.com reports that privacy advocates, however, are finding loopholes in the law “wide enough to drive a Nissan through.” Whatever the strength of these bills, Protect The 1st commends Massachusetts lawmakers for thinking around the technological curve while that very technology hurtles us ever faster, ever forward. As with AI, a sense of urgency for predictive rulemaking is in order. There was a time when talking cars were a staple of science fiction. Now our cars tell us where to go and when to turn – and sometimes won’t shut up. What our cars will do next we may not be able to quite imagine. Massachusetts has started a debate that needs to go national and in high gear. An Example of American Techno-Masochism PPSA works hard to counter growing government surveillance. This generally means surveillance by U.S. federal agencies – such as FISA’s Section 702 authority passed by Congress for foreign surveillance but used to spy on Americans. We also scrutinize expanding surveillance by state and local police, including cell-site simulators that trick your smartphone into giving up your location and other information, and ubiquitous facial recognition software that can follow you around.
But our concerns about government surveillance don’t end with just our government. We are increasingly concerned about the regular and sometimes pervasive surveillance of Americans by the People’s Republic of China, most recently the potential for Beijing to use TikTok as a way to track 80 million Americans. Now, thanks to an investigative piece in The Free Press, we’ve learned that China is also looking to surveil Americans through an increasingly common technology in American cars – LIDAR, or Light Detection and Ranging. This is the system that allows self-driving and semiautonomous cars to track the traffic around them. LIDAR is also, The Free Press reports, “a mapping technology, an aid to the growing number of smart cities, a tool for robotics, farming, meteorology, you name it.” Who is the dominant manufacturer and seller of LIDAR technology in the United States? It is Hesai, a Chinese company that sells nearly one out of every two LIDAR systems globally. In sales, it far outsells all of its American competitors together. China is relying on an old playbook to dominate the U.S. and world markets in LIDAR. The Free Press reports that Hesai does this by offering a solid product, but one backed by Chinese subsidies to sell at below price. Why would they do that? An explanation comes from Sen. Ted Budd (R-NC), who fired off a letter earlier this summer to the Assistant Secretary of Defense for Industrial Base Policy. “[I]t is my understanding that the Chinese LIDAR companies are working with the Chinese Government and the People’s Liberation Army (PLA) to improve this technology and leverage it for Chinese military applications. Simultaneously, these companies have been flooding the U.S. market with low-cost, heavily subsidized Chinese LIDAR, potentially enabling the Chinese to collect a trove of valuable information … “Moreover, the Chinese Government is using LIDAR sensors to conduct police surveillance in the Xinjiang Uyghur Autonomous Region, where evidence suggests China is engaged in ongoing genocide of the Uyghur people.” Given that Chinese law enforces a “military-civil fusion” strategy on Chinese businesses, requiring every Chinese organization and citizen to “support, assist, and cooperate with the state intelligence work,” why on earth would we allow that same government to be able to spy on every American in every near-future car? It is one thing to be forced into the position of the Uyghurs. It is quite something else for the United States to willingly submit to techno-masochism. The Fourth Amendment of the U.S. Constitution protects Americans against “unreasonable” searches and seizures. But what is unreasonable? Is a low-flying drone taking photos of you and your property behind a privacy fence reasonable?
In October, the Michigan Supreme Court will hear oral arguments in what could well become a landmark privacy case. The outcome may help determine the national limits of drone surveillance – and perhaps influence the limits of government surveillance – for all Americans. The facts are pretty simple. Todd and Heather Maxon of Long Lake Township in Michigan live on a five-acre estate, where Todd likes to repair old cars. In 2008, the Township government charged the Maxons with operating an illegal junkyard. The couple and the Township reached a settlement. In 2018, the Township received tips that the Maxons had violated their settlement by bringing more cars onto their property, even though such vehicles were not visible from the street. So the Township hired a private drone operator to fly a high-resolution camera over the Maxon property to take images. The Maxons sued, claiming that their Fourth Amendment rights were violated. A lower court agreed with the government but was overturned in 2021 by the Michigan Court of Appeals. That court ordered that the drone photos be suppressed. At the heart of this case is the “reasonable expectation of privacy” articulated by Supreme Court Justice John Marshall Harlan II in Katz v. United States (1967). But technology keeps testing what is a reasonable expectation of privacy. The Supreme Court has zigged and zagged along the way, once upholding a wiretap to be permissible because it occurred at the telephone pole and did not require a physical intrusion into the home. Katz overturned that standard, invalidating an FBI wiretap of a public payphone, where the caller (a sports bookie) had a reasonable expectation that he would not be overheard. “The Fourth Amendment protects people, not places,” Justice Potter Steward declared in the Court’s majority opinion. But the Court returned somewhat to the physical intrusion standard – invalidating thermal imaging by police from the street that penetrated inside a target’s home in Kyllo v. United States (2001). The Cato Institute and Rutherford Institute, in an amicus brief, noted the problem with the physical intrusion standard: “At present, police are free to go through people’s garbage, look into their barn with a flashlight, and read through their bank records without going through the hassle of first securing a warrant.” We now live in an age of ubiquitous digital intrusion with government purchases of our private data, as well as optical intrusion from drones and other aerial surveillance. In other words, the current privacy standard is a jumbled mess. That is why the Maxon case is potentially so important. At its simplest, it will determine if drones – an increasingly ubiquitous reality in American life – will be freely used to spy on Americans in their backyards (as the New York City Police recently did over backyard barbecues during Labor Day). But we think the Maxon case may prove to be pivotal in defining – perhaps, eventually, by the U.S. Supreme Court – what privacy and reasonableness mean in an era of drones, facial recognition software, and artificial intelligence. For years PPSA has documented the increasing disposition of federal intelligence and law enforcement agencies to use the ever-expanding Glomar response – a “cannot confirm or deny” answer once reserved for the nation’s most closely guarded secrets – as a blanket response to any meddlesome Freedom of Information Act (FOIA) requests.
We should not overlook, however, another handy tool for FOIA avoidance, and that is to release the requested document but redact many or all of its meaningful parts. Now the Department of Justice Office of the General Counsel has perfected this technique, taking it to its logical end. It began in 2020 when PPSA joined with Demand Progress to file a FOIA request. Our request concerned surveillance that may be taking place under no statute, but instead under a self-professed authority of the executive branch known as Executive Order 12333. The reply from the FBI is, in its own way, telling. In the DOJ response, a certain Mr. or Ms. BLANK who holds the title of BLANK in the Office of the General Counsel returned with 40 pages of responsive documents. Thirty-nine pages are redacted in their entirety, as is the 40th page, with the redacted name of the signator and his/her redacted title, but with one, unredacted statement: Hope that’s helpful. There’s honestly no other way to take this than the Department of Justice shooting a middle finger at the very idea of a FOIA request, an exercise of the Freedom of Information Act, passed by Congress and signed into law by President Lyndon Johnson. This is a shame because the subject of this request is an important one. Demand Progress and PPSA based our FOIA request on a July 2020 letter from now-retired Sen. Patrick Leahy (D-VT) and current Sen. Mike Lee (R-UT) to then-Attorney General William Barr and then-Director of National Intelligence John Ratcliffe. The two senators noted the expiration of Section 215 of the Foreign Intelligence Surveillance Act (FISA), commonly known as the “business records” provision of FISA. The intelligence community had vociferously lobbied for the renewal of Section 215 with predictions that allowing its expiration would lead to something akin to the city-destroying scenes in the 1996 movie Independence Day. Then the Trump Administration called their bluff and allowed this authority to expire. The response from the intelligence community? Crickets. The sudden complacency of the intelligence community struck many as suspicious. Were federal intelligence and law enforcement agencies shifting their surveillance to another authority? Sens. Leahy and Lee seemed to think so. They wrote: “At times the executive branch has tenuously relied on Executive Order 12333, issued in 1981, to conduct surveillance operations wholly independent of any statutory authorization … This would constitute a system of surveillance with no congressional oversight potentially resulting in programmatic Fourth Amendment violations at tremendous scale … We strongly believe that such reliance on Executive Order 12333 would be plainly illegal.” This July 2020 letter, with a detailed series of penetrating questions about the practice and scope of 12333 surveillance, was issued by two powerful and respected members of the United States Senate … And it hit the walls of the Department of Justice and the Office of the Director of National Intelligence with all the full force of wet spaghetti. As with so many other congressional requests, this letter was not answered in any substantive way. So Demand Progress joined with PPSA in October 2020, in an effort to use the law to compel an answer, this time as a formal FOIA request. We leveraged that law to request responsive documents that would reveal how the agencies might be repurposing EO 12333 to pick up the slack from the expired 215 authority, in order to spy on persons inside the United States. And this is the answer we get. It can only be taken, in a general way, as confirmation that Executive Order 12333 is, in fact, being relied upon for the surveillance of people in the United States. This is one more reason why Congress should use the reauthorization of Section 702 to seek broad surveillance reform, including significant guardrails on Executive Order 12333. With mounting evidence of abuses of Americans’ civil rights, a powerful coalition of leading conservatives and liberals in Congress is building steam to do just that. Hope that’s helpful. "The government should do all it can to combat the illegal trafficking of dangerous drugs. But those efforts should not - and need not - come at the expense of Americans’ constitutional rights," writes Noah Chauvin in The Hill.
Noah is a counsel in the Liberty and National Security Program at the Brennan Center for Justice at NYU Law in The Hill. Montana governor Greg Gianforte recently signed into law SB 351, the Genetic Information Privacy Act. It’s the latest in Montana’s concerted effort to protect its citizens’ privacy interests in the face of evolving threats from emerging technologies.
Montana was in the vanguard of digital privacy protection in 2013 when it passed HB 603, requiring judicial authorization before law enforcement is permitted to access location data. This was a full five years before Carpenter v. United States, in which the U.S. Supreme Court recognized that warrantless access to such information violates the Fourth Amendment. Since that time, Montana’s has passed into law:
(Hat tip to Jennifer Lynch of the Electronic Frontier Foundation for a good breakdown of this decade-long trajectory.) Montana also passed a 2021 constitutional amendment with sweeping support that added electronic data and communications to the state’s search and seizure protections. (Montana’s recent ban on TikTok resulted in some privacy benefits but significantly more consternation from some in the media.) This year’s Genetic Information Privacy Act is one of the most robust genetic privacy laws of its kind, reinforcing the 2021 law and creating consent requirements for genetic data processing and for all subsequent uses of that data. It requires a “high-level privacy policy overview” from companies for all new customers. And, absent consent, it strictly prohibits the transfer of genetic data to employers or health and life insurance companies. The statutory definition of genetic data, meanwhile, has been broadened to include “self-reported health information” and otherwise plug gaps in potential uses of consumer information. To date, Washington has failed to pass much in the way of meaningful digital privacy legislation (or genetic privacy legislation outside of a non-discrimination bill in 2008 and piecemeal HIPAA protections). The United States has a number of older information privacy laws related to specific sectors such as health care and finance, and they’ve been used to prevent certain harms. In short, the federal government broadly allows the collection of personal data, then subsequently regulates certain industries that use that data. It’s a reactive – rather than proactive – way to address a growing threat to privacy. As a result, individual states are stepping in to act on privacy in the digital age. It’s encouraging to see a bipartisan array of state legislatures do so: California, Connecticut, Colorado, Indiana, Iowa, Montana, Tennessee, Virginia, and Utah have already passed or enacted comprehensive data privacy laws. As for genetic privacy, other states should consider following Montana’s lead. As digitization of medical records becomes standardized and genetic sequencing becomes easier, authorities and private actors have ever more avenues for accessing your information. Whether it’s warrantless law enforcement searches of DNA databases, use of medical information by private companies for employment and insurance purposes or even the private patenting of human genes – the threats are manifold – and scary. Our (cowboy) hats are off to Montana for its forward-thinking efforts to safeguard our rights in the face of rapidly advancing technology. Our bipartisan coalition is prompting former intelligence agency officials to carry the Biden administration's water by lobbying hard to kill Section 702 reform. Our Senior Policy Advisor and former U.S. Congressman, Bob Goodlatte, and Americans for Prosperity's deputy director of Federal Government Affairs, Matthew Silver, cut through the spin in RealClearPolitics.
1.3 Million IC Security Clearances – But House Only Trusted With a Few?Mark Davis, PPSA’s Director of Policy, recently spoke to a group of Legislative Directors for Members of the U.S. House of Representatives about the intelligence community’s opposition to House oversight of its activities.
Davis discussed the need to enhance Congressional oversight. The number of staffers with security clearance sufficient to help their Members review the operations of the intelligence community is sharply limited. Most House offices cannot have a staffer who obtains “top secret” and “sensitive compartmented information,” or TS/SCI clearance. Davis discussed proposals to allow every Member of the House to advance one staff member for such clearance, subject to passing a background check. Davis told the Legislative Directors: “The reform of Section 702 must ensure that Congress itself has the tools to conduct necessary oversight of surveillance agencies—including sufficiently cleared staff for each Member. There are about 1.3 million intelligence community employees and consultants with top-secret clearance. It is insulting to hold, as the intelligence community does, that it would be dangerous to add a few hundred more on Capitol Hill.” Our senior policy advisors, Former U.S. Congressman and Chair of the House Judiciary Committee, Bob Goodlatte, and former U.S. Senator, Mark Udall, provide how we don’t have to choose between security and the Constitution. We can have both.
Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-9/11 surveillance policy may be doomed.
Its guests on Thursday included privacy and national security experts from the American Civil Liberties Union, Brennan Center for Justice at NYU School of Law, Electronic Information Privacy Center, and Demand Progress, among a dozen other groups. The largely progressive coalition further included conservative nonprofits such as FreedomWorks and Americans for Prosperity. Bob Goodlatte, a former Republican chair of the House Judiciary Committee who now serves as a senior advisor to the nonprofit Project for Privacy and Surveillance Accountability, also attended. Over a dozen privacy, civil rights, and civil liberties groups from across the political spectrum met yesterday with Director of National Intelligence (DNI) Avril Haines and other high ranking intelligence community officials to discuss Section 702 of the Foreign Intelligence Surveillance Act (FISA 702), and connected surveillance issues such as data purchases and surveillance pursuant to Executive Order 12333.
Following the meeting, the undersigned attendees (full list below) issued the following statement: “We appreciate DNI Haines taking time to hear our serious concerns with warrantless FISA 702 surveillance, but remain deeply distressed that the intelligence community will not commit to any of the meaningful reforms that are critical to protect Americans’ privacy. “After years of misuse such as deliberately seeking out private messages of activists on the left and right, a batch of 19,000 campaign donors, and lawmakers, it’s clear that FISA 702 and related surveillance powers need serious change. The administration and intelligence community must be willing to come to the table and accept significant new privacy protections that advocates, Congress, and the American people are calling for. There simply isn’t a path to reauthorization built on half-measures, window dressing, and codification of internal procedures that have repeatedly failed to protect Americans’ civil rights and civil liberties.” As detailed in a letter provided to DNI Haines in advance of the meeting, participants view reauthorization of FISA 702 as dependent on a range of meaningful reforms, including:
Statement above attributable to the following organizations:
The output of former NSA officials in pushing for a “clean,” or unamended, reauthorization of Section 702 of the Foreign Intelligence Surveillance Act has been prolific. Several such pieces have recently run in the op-ed pages of The Hill newspaper alone.
The latest op-ed, by former senior NSA and Department of Homeland Security officials Jon Darby and Thomas Warrick, is a masterpiece of misdirection. It begins with the oft-told tale of Secretary of State Henry Stimson in 1929 closing down the “Black Chamber,” a New York City office in which government cryptographers broke the codes of Japanese and other foreign diplomats. “Gentlemen,” Stimson famously said, “do not read each other’s mail.” Stimson reversed his elevated sense of etiquette when he became Secretary of War during World War Two – and the ability to break Japanese codes became central to Allied victory. The implication here is that civil libertarians today who complain about Section 702 are sniffy idealists who would expose us to great danger. To buttress this point, Darby and Warrick cite several intelligence successes, including the breaking of the plot to bomb New York City’s subway in 2009. With Russia and China turning increasingly hostile, Darby and Warrick say that we need robust means to intercept those who threaten the safety of the American homeland. To which PPSA and many other civil libertarians say, “hurrah!” We take issue, however, with the central metaphor of their piece – Henry Stimson’s ending of foreign surveillance. No foreigner enjoys the protections of the Fourth Amendment of the Constitution. When it comes to foreign terrorists and spies, we say surveil away. Our concern arises when the communications of millions of Americans are folded into Section 702 surveillance. Whenever an American becomes a target of a government investigation, a probable cause warrant is required by the Fourth Amendment of the Constitution to examine their communications. Take the case cited by Darby and Warrick – the planned New York City bombing involving an Afghan-American who was in communication with Al-Qaeda in Pakistan and traveled to meet them. That alone should have been enough to obtain a probable cause warrant to inspect the target’s communications. Darby and Warrick acknowledge that “for a time, the FBI routinely searched databases with information collected under Section 702’s authority even in non-national security investigations.” Victims of such improper government surveillance included a Member of the U.S. House, a U.S. senator, a state senator, a judge, a local political party, and 19,000 donors to a congressional campaign, among many others. Darby and Warrick assure us that these abuses were “corrected” when “additional safeguards” were put in place. Despite large reductions in the numbers of Americans who have their data hoovered up, however, more than 200,000 warrantless searches are still taking place every year. As Sen. Mike Lee of Utah notes, the correct number for violations of the Constitution is zero. If Congress misses this rare opportunity to impose a warrant requirement, expect the FBI and other agencies to quickly revert to old ways. A final point: There is an air of unreality surrounding the debate over the Section 702 database. It is, after all, likely small compared to the database of warrantlessly obtained and inspected personal information of Americans that is commercially acquired by our government. About a dozen federal agencies, from NSA, to DoD, to IRS, to the FBI, to DHS, purchase our personal data scraped from apps and sold by third-party data brokers. Government lawyers blandly assert they are not violating the constitution’s prohibition against seizing our data. They are, after all, merely buying it. That strikes most Members of Congress and their constituents as sophistry. Our digital actions – whom we communicate with, where we go, what we search online for – can be our most personal information, revealing our romantic lives, our health issues, our religious beliefs and worship, and our political activities. Yet the government – including the agencies that Darby and Warrick served – routinely ransack what essentially are our personal diaries without a warrant or oversight of any sort. The coming debate over the reauthorization of Section 702 will be our best opportunity in a generation to curb the government’s appetite for all our information. We should not let this rare chance pass us by. While many of us were grilling hot dogs and hamburgers, the line between sci-fi dystopia and reality got a little blurrier. The New York City Police Department announced it was using aerial drones to “check in” on parties held across the city over the Labor Day weekend.
The NYPD is making the move, it says, in response to complaints about large and noisy parties during the holiday weekend. At a press conference, Assistant NYPD Commissioner Kaz Daughtry said: “If a caller states there’s a large crowd, a large party in a backyard, we’re going to be utilizing our assets to go up and go check on the party.” The practice of aerial surveillance is escalating. New York police used drones just four times in 2022 but have so far used them 124 times in 2023. Mayor Eric Adams has said he wants to see police further embrace the “endless” potential of drones. The decision is almost certainly illegal. Daniel Schwarz, a privacy and technology strategist at the New York Civil Liberties Union, says mass drone surveillance may violate the city’s Public Oversight of Surveillance Technology (POST) Act. This is an ordinance passed in 2020 that requires the NYPD to disclose its surveillance tactics. The proliferation of drones over our backyards, however, may not be unconstitutional. U.S. Supreme Court precedent on the Fourth Amendment has dealt with aerial surveillance before. In the 1988 case Florida v. Riley, the Court held that Florida did not violate a man’s right against unreasonable searches when police, on a tip, flew a helicopter over his property and observed a greenhouse in which the man was growing marijuana. The greenhouse was not visible from the ground and could only be detected aerially. But nearly 40 years have passed since Florida v. Riley, and in that time police departments across the country have been able to amass and deploy an entire fleet of small, flexible aerial drones. Whereas police might have been constrained by the cost to own and operate a helicopter in the past, today’s police departments can operate a sizable drone fleet at a fraction of the price, enabling a near permanent aerial surveillance force. Further compounding the problem is the high degree of reciprocity between local law enforcement and the national security center. A Department of Justice response to a PPSA Freedom of Information Act request shows that local governments have received fleets of drones and other surveillance technology from the federal government. As Washington floods local police forces with hovering spies, it is time for cities and states to update our laws and jurisprudence on aerial surveillance. Rep. Matt Gaetz (R-FL) recently introduced the USPIS Surveillance Protection Act, legislation that would defund the Internet Covert Operations Program (iCOP), an initiative of the United States Postal Inspection Service (USPS) that, among other things, gathers intelligence from U.S. citizens' social media posts. Under this program, yet another federal agency is assuming the disturbing power to surveil broad swaths of Americans’ digital communications.
Documents reveal that the USPS used the iCOP program to monitor social media content that revealed the when and where of planned protests and other posts it found “inflammatory.” The program was also used to monitor conservative-leaning social media sites for potential violent activity by groups like the Proud Boys. You don’t have to defend the extreme views of some of these groups to feel the tug of the slippery slope. Rep. Gaetz called the program a “clandestine domestic surveillance program,” saying, “The USP Inspection Service is operating outside of its USPS jurisdiction when it monitors internet users’ sharing of information.” The government is no stranger to using the mail service to spy on American citizens. In May, PPSA wrote that agencies often obtain so-called “mail covers,” photo images of mail envelopes. Such analog-style “metadata” can give any interested party information about whom you are writing to and who is writing back. Between 2010 to 2014, postal inspectors and law enforcement agencies requested more than 135,000 mail covers. Among the top agencies requesting mail covers were the IRS, the FBI, and the Department of Homeland Security. PPSA is pleased to see Rep. Gaetz’ bill begin to address the widespread practice of federal monitoring of Americans’ internet posts. In the era of digital communications, it is worrying to see the USPS transition from a postal to a surveillance agency. Congress must take steps to reign in this covert and lesser-known form of government spying now. When spy novelist John le Carré left MI-6 to become a writer, he said that he had resolved to have “nothing to do with the intelligence world.” Would that the same could be said of former intelligence community lawyers. During the relative quiet of August, attorneys who once served the alphabet soup of agencies – NSA, NSC, CIA – have been busy posting pieces and writing op-eds why Congressional reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) should be passed with minimal changes. If Congress amends Section 702 with a warrant requirement to spy on the communications of American citizens, they tell us, the nation will be in peril.
Civil libertarians are responding with vigor. Witness the incisive piece by Patrick Toomey, Sarah Taitz, and Kia Hamadanchy of the American Civil Liberties Union in the online journal justsecurity.org, a clear-eyed response to all the recent fearmongering by this intelligence community campaign. Toomey and his colleagues offer a wide-ranging survey of Section 702 and the dangers posed by how it is used in a way that is both deep and accessible. The ACLU hits the main point early and with great clarity: “If the purpose of Section 702 is to ‘target’ foreigners for intelligence gathering, then officials should have no qualms about imposing robust safeguards for Americans … but for too long, officials have tried to have it both ways – claiming that the law was not intended to spy on Americans, while using Section 702 to do just that.” ACLU more than amply demonstrates that Section 702 has become a “domestic surveillance tool, with agents and analysts routinely searching through the enormous pool of collected data for the private communications of Americans.” ACLU adds: “With that fact finally in the open, the rules written into the law should reflect the bedrock protections the Constitution requires.” This strong piece is a welcome rejoinder. As Congress prepares to return in September, defenders of the surveillance status quo have been busy warning that a warrant requirement of Section 702 would allow Chinese and Russian agents to run rampant, or that warrants would hobble law enforcement, drowning the nation in fentanyl. The ACLU’s recent piece is a sign, however, that champions of reforms are not going to let up in our corrections and rebuttals. Our coalition of civil liberties groups will be briefing leading newspapers and their editorial boards. We are reaching out to reporters to correct misleading claims and steer journalists to the right information. And we will continue to update our resource on Section 702, fisareform.org. Intelligence community disinformation is, as they say, a target-rich environment. We act in the confidence that the case for warrants and other reforms will be matters of common sense and bedrock American principles for Members of Congress and their constituents. Federal Agencies Can Walk (Fight Fentanyl) and Chew Gum (Respect the Constitution) at the Same Time8/31/2023
For years, the excuse the intelligence community has trotted out to derail surveillance reform was the need to prevent a re-building of “the wall” – shorthand for the refusal of the FBI and CIA to share information between each other, and within their own organizations – that could have stopped the 9/11 terrorist attacks.
This was more than a little disingenuous. There was no “wall.” There was no law or formal policy that kept these agencies from sharing appropriate alarm about flight students who wanted to learn to pilot large passenger jets, while skipping the part about landing. The 9/11 Commission appropriately put the blame on sluggish, bureaucratic behavior that allowed that awful day to happen. The 9/11 excuse to avoid any and all reforms to Section 702 of the Foreign Intelligence Surveillance Act (FISA) doesn’t have the same punch it used to have. So the apologists for the intelligence community are changing tack. They now argue that Congress must pass Section 702 as it is or else the nation will drown in a sea of fentanyl. A recent article in The Charlotte News & Observer demonstrates how the apologists for the status quo are now using fentanyl to lobby North Carolina’s two senators, Thom Tillis and Ted Budd, to walk away from changes to Section 702. Both senators have bravely stood up for their constituents by speaking out for the need for surveillance reform. This is part of a larger effort by the McClatchy media group to run stories, from The Miami Herald to The Kansas City Star. That nationwide series links senators skeptical about Section 702 to the assertion that a Section 702 probable cause warrant requirement would degrade law enforcement’s ability to stop fentanyl distribution. No one disagrees that the smuggling of this deadly drug into the United States is a national crisis. It is estimated that 150 Americans die every day from synthetic opioid poisoning. Fentanyl, which can be 50 times more potent than heroin, is particularly dangerous. PPSA and other civil libertarian groups agree that fighting fentanyl smuggling and marketing is a major national struggle that law enforcement should be fully engaged in countering. But these efforts by the intelligence community smack of fear-mongering. We are adamant in our conviction that we can fight fentanyl without throwing out the Fourth Amendment to the U.S. Constitution, which forbids unreasonable searches and seizures of our personal information. Section 702 enables surveillance of foreign nationals for national security purposes. Because all communications are global, and many Americans have conversations with foreigners, millions of Americans have their data caught up in 702’s dragnet. And, as we have seen, the FBI and other agencies have warrantlessly accessed the personal information of Americans millions of times in recent years – including the personal data of political leaders, that of a U.S. senator, a House Member, a state senator, and a judge. Here’s a tip for the FBI: no Member of Congress is engaged in the smuggling and distribution of fentanyl. What excuse, then, does the FBI have for intruding into the personal communications and data of leading politicians? Perhaps Sens. Tillis and Budd might want to ask the intelligence community questions about that. The bottom line is that the FBI and other agencies should be able to prosecute fentanyl smugglers and sellers and respect the U.S. Constitution at the same time. “The reform debate is about this program’s broad intrusion on Americans’ privacy,” ACLU’s Patrick Toomey told The News & Observer. “If the purpose of Section 702 is to target foreigners for intelligence purposes, as officials often say, then they should stop stonewalling robust protections for Americans.” A 2006 German film, The Lives of Others, created a vivid portrait of what it is like to live in a surveillance state – in this case, in old East Berlin under the watchful eye of the Stasi secret police. PPSA has catalogued all of the ways in which technology and thoughtless (and sometimes malign) government intentions bring us closer to living, if not exactly under the Stasi, to something closer to the panopticon in China.
A broad array of robust surveillance technologies is in use around the country – from drones, to ubiquitous private and public cameras, to purchased data owned and reviewed without warrants by government for insights into American’s relationships, location histories and communications, to the warrantless treasure trove of American data in FISA’s Section 702. All that’s lacking is the will and means to knit them all together, with AI technology to perform the menial task of constant surveillance for its human minders. With the emergence of local “fusion centers” around the country to integrate data, the United States is already well down this path. But another key element of a surveillance state, also amply demonstrated by old East Germany, was the willingness – sometimes the eagerness – of people to inform on others. Sometimes the informer was a former lover, a disgruntled neighbor, or a coworker with a grudge to settle. The Stasi was always willing to overlook the motivations of an informer if they had something good and juicy. This is not to say that the decision by financial institutions to volunteer – without any legal process – the confidential banking information of their clients to the FBI makes them Stasi informers or puts us all in Stasi land. Like almost all Americans, banking executives were appropriately horrified by the savage attack on the U.S. Capitol by a violent mob on January 6, 2021. Herein lies the danger – many loopholes in the law begin with a real, legitimate public outrage and the need to rectify it. But when major public and private institutions violate their customers’ reasonable expectations of privacy, in a way utterly outside the law, we normalize illicit behavior that can be used again in the future – and stretched beyond reason – for any purpose. Thanks to the investigations of the Judiciary Committee and its Weaponization subcommittee, we now know that major financial institutions voluntarily conducted a dragnet of vast numbers of customers and gave it apparently unprompted to the FBI and the Financial Crimes Enforcement Network (FinCEN). According to retired FBI Supervisory Intelligence Analyst George Hill, banks “with no directive from the FBI data-mined … customer base” and compiled massive information on customer transactions. Any customer who used a credit or debit card between Jan. 5 and Jan. 7, 2021, in the greater Washington, D.C. area, had their personal information swept up and sent to the FBI. Financial institutions also took an extra step to put anyone who had ever purchased a firearm on the top of that list. Documents obtained by Congressional investigators suggest that the executive branch was brainstorming informal methods – again, outside of any legal process – to obtain even more private customer information from financial institutions. No matter how heinous the acts of those who stormed the U.S. Capitol, this privately conducted dragnet relied on no law to report to the FBI the personal information of large numbers of innocent Americans with no connection whatsoever to that crime. Now Rep. Jim Jordan (R-OH), Chairman of the House Judiciary Committee, has subpoenaed Citibank for documents and communications related to violations of customer privacy. PPSA commends Chairman Jordan. Big corporations must not arrogate to themselves the ability to violate the privacy of their customers without disclosure or paying a price in the civil courts, as well as in the court of public opinion. Chairman Jordan and his committee are performing a necessary duty to nip this practice in the bud before businesses of all sorts begin to volunteer to a sometimes over-reaching government the private information we entrust to them. Sen. Rick Scott (R-FL) recently fired off a letter to FBI Director Christopher Wray holding the Bureau to account for its abuses of Section 702 of the Foreign Intelligence Surveillance Act to spy on American citizens through improper, warrantless searches. The senator points to the “growing list of abuses that have come to light committed by the employees of your agency and the apparent lack of public accountability.”
Sen. Scott’s letter comes on the heels of a tidal wave of reports detailing rampant misbehavior in the FBI. To cite a recent example, PPSA reported on a Foreign Intelligence Surveillance Court opinion that revealed the FBI has spied on high-level U.S. officials, including a U.S. senator, a state senator, and a judge. (The FBI had previously been caught examining the communications of Rep. Darin LaHood, Republican from Illinois). Sen. Scott wrote: “The most recent revelations of frequent and repeated abuses … by the FBI raise concerns for the American public that there are no limits—legal or otherwise—on your investigative powers even when it comes to spying on American citizens.” Sen. Scott’s letter was as substantive as it was critical, requesting the FBI to “explain the accountability for those rogue agents who conducted those illegal queries,” as well as a copy of the range of “‘possible’ disciplinary actions that could be implemented through ‘a new policy of escalating consequences.’” Sen. Scott put it best when he concludes, “the American people and their elected representatives in Congress want to believe in their government and deserve nothing short of full transparency and accountability from the FBI.” PPSA hopes the FBI will respond to this letter with more humility than the mixture of hubris and defensiveness that characterize the communications of Director Wray. State legislatures are passing age-verification laws that require users to upload driver’s licenses or passports to view pornographic material. This is well-meaning – and arguably necessary – legislation to protect children from viewing hardcore pornography online. Such a solution, however, has a drawback that needs to be addressed in legislative language. It leaves the door open for potentially catastrophic data privacy breaches – not to mention granting the FBI and other government agencies immense power, in the words of a declassified government report, to “facilitate blackmail, stalking, harassment, and public shaming.”
In 2022, Louisiana passed HB 142, holding porn sites liable for failing to “perform reasonable age verification methods.” The bill sailed through the legislature with bipartisan support. Since then, six states have passed similar laws. Sixteen others have introduced them. Pornhub responded with suits against Louisiana and Utah, and has ceased doing business altogether in Arkansas, Mississippi, Utah, and Virginia. Today, if you visit Pornhub from an IP address in one of those states, the only thing you’ll see is a video message from porn star Cherie DeVille explaining why you can’t see her with her clothes off. DeVille’s message is a simplified version of arguments made by the Free Speech Coalition, a porn industry advocacy and trade group. One of the solutions offered by that group is to verify age by device. It would be child’s play, however, for hackers and government(s) to deanonymize IP addresses. Whether we adopt either age-verification solution – those of the legislators or those of the porn industry – a risk is created that hackers and the FBI can exploit adult’s private browsing histories. It’s not like there’s no appetite for government to use personal information. Documents obtained through a Freedom of Information Act request show that the Defense Intelligence Agency uses commercially available data for “cover operations.” The FBI has a team dedicated to parsing cell tower data. A multitude of federal, state, and local law enforcement – as well as intelligence agencies – regularly purchase vast troves of personal information from data brokers, and then warrantlessly search that data in flagrant violation of the Fourth Amendment. You’ll forgive us for not expecting government restraint when it is presented with an Aladdin’s Cave of mortifying search histories. Imagine, for example, a bystander in a white-collar crime investigation who gets a visit from an FBI agent seeking his cooperation as a wire-wearing, confidential informant. “By the way,” the agent says in passing, “this is neither here nor there, but I happened to notice that you frequent a website that makes creative uses of My Little Pony. Wouldn’t want that to get out, now would we?” It is likely that more legislators in more states will act out of the belief that hardcore porn seen by children is a crisis that needs to be addressed. Lawmakers should keep in mind, however, the need to include privacy measures in such legislation. One place to start would be a blanket restriction of any sale of browsing data, or warrantless access to it by government agencies. Or perhaps the sites could delete the data once approval is granted. We’re not sure what the best solution would look like, but we’ll know it when we see it. Gene Schaerr, PPSA general counsel, today announced the filing of an administrative appeal with the Department of Justice after a “ludicrous scavenger hunt response” from the FBI to a Freedom of Information Act (FOIA) request.
PPSA had submitted this FOIA request in mid-June asking for documents from DOJ law enforcement agencies. PPSA sought records about the use of administrative subpoenas, which are often used to collect bulk data rather than aim at an identifiable target for a specific reason, as required by the Fourth Amendment of the U.S. Constitution. These subpoenas are often used without any showing of probable case. To learn more about this practice, PPSA requested documents concerning when DOJ uses administrative subpoenas, “whether and when it has used them without probable cause, when it has used them as alternatives to a court-ordered subpoena, and when DOJ shares data obtained through administrative subpoenas with other federal or state agencies.” But the FBI couldn’t trouble itself to search for any records. Instead, the FBI blithely directed PPSA to rummage through the voluminous documents on its online “Search Vault,” suggesting that there could be responsive records somewhere in that database. The FBI never suggested that all responsive records would be found in the Vault. “The FBI’s scavenger hunt response is ludicrous,” Schaerr said. “PPSA sought records reflecting the FBI’s use of administrative subpoenas with and without probable cause. In both instances, the request did not require the FBI to do anything other than search for records concerning the use of administrative subpoenas, and how those subpoenas addressed the presence or absence of probable cause.” Schaerr cited a precedent, Miller v. Casey (1984), that the FBI is bound to read a FOIA request as drafted, not as agency officials might wish it was drafted. “The FBI’s willful refusal to search is a legal error,” Schaerr said. “The FBI might want to avoid the work FOIA requires of it, but we are hopeful the Director of Information Policy at DOJ, and beyond that if necessary, the courts, will recognize that the law does not recognize exceptions for inconvenience.” PPSA awaits responses from other DOJ components, ranging from the Executive Office for United States Attorneys, DOJ’s Criminal Division, the Drug Enforcement Administration, and the Bureau of Alcohol, Tobacco, Firearms and Explosives. Woman, Eight Months Pregnant, Arrested for Carjacking and RobberyPPSA has long followed the dysfunctionality of facial recognition technology and police overreliance on it to identify suspects. As we reported in January, three common facial recognition tools failed every time they were confronted with images of 16 pairs of people who resembled one another.
This technology is most apt to make mistakes with people of color and with women. Stories had piled up about Americans – overwhelmingly Black men – who have been mistakenly arrested, including one Georgia man arrested and held for a week for stealing handbags in Louisiana. That innocent man had never set foot in Louisiana. Now we have the first woman falsely arrested for the crime of resembling a scofflaw. Porcha Woodruff, a 32-year-old Black woman and nursing student in Detroit, was arrested at her doorstep while her children cried. Woodruff, eight months pregnant, was told by police that she was being arrested for a recent carjacking and robbery. “I was having contractions in the holding cell,” Woodruff told The New York Times’ Kashmir Hill. “My back was sending me sharp pains. I was having spasms.” After being released on bond, Woodruff had to go straight to the hospital. The obvious danger of this technology is that it tends to misidentify people, a problem exacerbated by distinctly lazy investigations by police. We see a larger danger: as public and private cameras are increasingly networked, and law enforcement agencies can fully track our movements, this technology will mistakenly put some Americans at the scene of a crime. And if the technology improves and someday works flawlessly? We can be assured of being followed throughout our day – who we meet with, where we worship or engage in political activity or protest – with perfect accuracy. The Heritage Foundation recently published a sweeping take on FBI reform by Distinguished Fellow Steven Bradbury that amounts to ripping up the current structure of the Bureau and starting over. There is much to appreciate in this iconoclastic report, with far-reaching changes that warrant careful review on Capitol Hill.
Here are some of Bradbury’s more intriguing proposals to “reimagine the FBI from the ground up”:
In addition to these structural changes, the report proposes a minimum set of actions required to end the FBI’s abuses of its authority. Worthy and sensible recommendations include reforms to insulate the FBI from the Section 702 program, to require the FISA Court to appoint an amicus in all politically sensitive cases involving U.S. persons, and to improve oversight of politically sensitive FBI investigations. PPSA commends Heritage for thinking outside of the Beltway box; however, countering FBI abuses is just one Washington element in need of reform. We are hopeful Congress will also focus on reforming Section 702, end warrantless data purchases, and address other abuses of Americans’ civil liberties. On Aug. 5, The Wall Street Journal gave readers an uncharacteristically off take about Section 702 of the Foreign Intelligence Surveillance Act. The Journal posed a false dichotomy – we must either reauthorize Section 702 as it is, or let it lapse and expose Americans to the next terrorist attack.
Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee, offered this response in a letter-to-the-editor. Americans who rely on WhatsApp, Signal, Telegram, and other encrypted messaging services for private conversations may soon have this option taken away from us – by the British House of Lords.
The UK Parliament is close to passing the Online Safety Bill, which will give the UK government the power to scan every message online. The stated purpose is to catch child abusers and terrorists. A blog posted by Element, the UK’s popular encrypted app, says the bill will be “the online equivalent of installing a CCTV camera into everyone’s bedroom, hooked up to an artificial intelligence classifier which sends footage back to the authorities whenever it thinks it sees something illegal happening.” The Element blog says that Apple (which has joined the coalition in opposition to this bill) has built-in scanning technology that has trouble distinguishing a cow from a horse. “The privacy implications are catastrophic.” Worst of all, the bill would likely defeat its own noble purpose. Once backdoors are introduced into encrypted services, tyrannical governments, terrorists, cartels, and abusers of women and children will eventually get their hands on it. The likely victims will be journalists and whistleblowers, dissidents, and women and their children hiding in shelters from their persecutors. “It means that healthcare information, financial details, conversations regarding air-traffic control, electricity grids, nuclear power plants, military maneuvers … none of it would be protected by end-to-end encryption,” blogger Matthew Hodgson writes on the Element blog. “Bad actors don’t play by the rules.” Such a capability would also give governments the means to deepen the censorship of the internet. If anyone doubts official determination to do so, the UK government recently added an amendment to this bill that “posting videos of people crossing the Channel that show that activity in a positive light” should be considered “priority illegal content.” Imagine if such tools of censorship were to be applied by either U.S. political party to the controversies surrounding the southern border of the United States, or any other contentious issue. Worse, the UK bill would hammer home the power of censorship, at least in the UK, with a threat of criminal sanctions for individual senior managers of online platforms. Hearing the tinkling of the jailer’s key, every executive would become a willing censor. If the UK presses forward with this bill, it will break end-to-end encryption, “opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves.” And that train of bad consequences will happen everywhere, including here in the USA. Any decent person wants to combat child abuse and terrorists. But it should not come about by involving millions of innocent people as collateral casualties, while arguably undermining the very noble goals of this legislation. The recently departed novelist, Milan Kundera, wrote that “a man who loses his privacy loses everything.” The Electronic Frontier Foundation is organizing a worldwide response. Americans can register our protest directly to Parliament here. PPSA is asking a DC federal court to compel the top federal intelligence and law enforcement agencies to search for records related to how they acquire and use the private, personal information of 110 Members of Congress purchased from third-party data brokers.
In a Freedom of Information Act (FOIA) request filed in July, 2021, PPSA had asked the Office of the Director of National Intelligence, the National Security Agency, the Department of Justice and the FBI, and the CIA for records related to the possible purchase and use of commercially available information on current and former members of the House and Senate Judiciary Committees. The request covered such leading Members of Congress as House Judiciary Chairman Jim Jordan, Ranking Member Jerry Nadler, Senate Judiciary Committee Chairman Dick Durbin, Ranking Member Chuck Grassley, and former Members that included Vice President Kamala Harris and Florida Governor Ron DeSantis. PPSA’s motion for summary judgment filed before the U.S. District Court for the District of Columbia confronts the assertion by these multiple agencies that to even search for responsive documents would harm national security. PPSA’s motion notes that under FOIA, “agencies must acknowledge the existence of information responsive to a FOIA request and provide specific, non-conclusory justifications for withholding that information.” The agencies instead stonewalled this FOIA request by invoking the judge-created Glomar response, meant to be a rare exception to the general rule of disclosure, which allows the government to neither confirm nor deny the existence of such records. “Requiring Defendants here to perform FOIA searches within the secrecy of their own silos does not, by itself, compel the automatic disclosure of any information whatsoever," PPSA declares in its motion. “[B]ecause the initial step of conducting an inter-agency search makes no such disclosure, their arguments are neither logical nor plausible justifications for shirking their duty to perform an internal search.” The issue of government spying into the private, personal information of Members of Congress, tasked with oversight of these agencies, involve the serious potential for executive intimidation of the legislative branch. The ODNI recently declassified an internal document noting that commercially available information can be used to “facilitate blackmail, stalking, harassment, and public shaming.” “The government doesn’t even want to entertain our question,” said Gene Schaerr, PPSA general counsel. “What do they have to hide?” |
Categories
All
|