The Project for Privacy and Surveillance Accountability joined almost 70 civil liberties groups urging Homeland Security Secretary Alejandro Mayorkas to order his agencies to discontinue – or at least clarify – their use of Clearview AI facial recognition software.
Clearview AI boasts that it has the largest database of facial images, more than 3 billion in all. Many of these are scraped from popular social media platforms in violation of those platforms’ terms of service.
“With one picture secretly taken with a cellphone or surveillance camera, a government agent without a warrant might access your religious and political beliefs, your home address and phone number, your work history and employer, pictures of your family, you name it,” said Erik Jaffe, president of PPSA. “With a snap, a government snoop can know everything about you.
“While many groups who signed this letter are concerned about how Clearview AI might be used, or misused, by a specific government agency, our concern goes further,” Jaffe said. “We signed this letter because we believe it is an important shot across the bow to warn Washington of technology that enables Panopticon levels of surveillance normally reserved for regimes that routinely repress political freedom.
“We hope this letter sparks the debate that is needed on how to restrain and govern the worrisome power of this technology,” Jaffe said.
The Project for Privacy and Surveillance Accountability plans to file an amicus brief supporting an effort by the American Civil Liberties Union to require the Foreign Intelligence Surveillance Court (FISC) and the Foreign Intelligence Surveillance Court of Review (FISCR) to make their opinions public.
PPSA blogged about this issue last September and remains deeply concerned by the fact that the courts have interpreted their jurisdiction so narrowly that they have largely insulated themselves from any accountability.
“A secret court issuing secret opinions shaping the scope of secret government surveillance is inherently offensive to the Constitution,” said Gene Schaerr, PPSA’s general counsel. “If it is true that FISC and FISCR lack jurisdiction to even consider constitutional challenges, then the public will never know what the government is doing in its name. Kudos to the ACLU for taking the lead on asking the Supreme Court to take a definitive stand. PPSA is proud to join with our peers in the civil liberties community to support this effort.”
Ted Olson, who was head of the Justice Department Office of Legal Counsel under President Reagan, oversaw the practices of the National Security Agency. He is now leading the team asking the Supreme Court to allow the American public to learn about government surveillance.
“While some disclosures are allowed, it is the executive branch that decides what we can and cannot know,” Schaerr said. “There is no conceivable justification for judicial secrecy under our Constitution. We hope the Supreme Court takes this case, because if it does, the Justices will surely side with the Constitution.”
Schaerr also noted that this case highlights the need for passage of the Lee-Leahy amendment to the Foreign Intelligence Surveillance Act, which would require the FISA court to include an independent expert in any case with significant constitutional implications. Co-sponsored by Sens. Patrick Leahy (D-VT) and Mike Lee (R-UT), the Lee-Leahy amendment passed the Senate with 77 votes last year.
In September, 2020, PPSA filed a Freedom of Information Act (FOIA) request with the CIA, FBI, NSA, ODNI, Department of Justice, State Department, and National Archives and Records Administration. We asked them to simply reveal any references to Executive Order 13526 in their records since its adoption in 2009.
This order prohibits classification of material in order to “conceal violations of law, inefficiency, or administrative error” or to “prevent embarrassment to a person, organization, or agency.” It also obligates each agency to create internal procedures to challenge improper classification decisions.
While the CIA and ODNI stated that they had begun their searches pursuant to our FOIA request, the FBI and State Department have rejected identical requests, claiming they were “too vague.” This is despite the fact that our requests are bolstered by federal precedent compelling agency responses to FOIA requests for all documents mentioning specific search terms. As reviewing courts have explained, such requests for simple keyword searches leave "virtually no guesswork" about what documents will be responsive to the request.
Every American knows the simple “CTRL F” function on our computer keyboards to search for keywords. The FBI and State Department nevertheless maintain our request to be too “vague” to manage such a simple search. The inconsistency is striking when compared with the other agencies that did not plead “vagueness.”
As of now, both the FBI and the State Department have rejected our appeals, exhausting possible administrative remedies and freeing PPSA to enforce those agencies’ statutory disclosure duties in federal court.
Concerns continue to mount over the quantity of classified materials and the possible circumvention of federal law. So troubling was this trend that even as far back as 1989, former Solicitor General for Richard Nixon, Erwin Griswold, who argued the Pentagon Papers case on behalf of the government, wrote: “[I]t quickly becomes apparent to any person who has considerable experience with classified material that there is massive overclassification and that the principal concern of the classifiers is not with national security, but rather with governmental embarrassment of one sort or another.”
More recently, a 2011 report to the President by the Information Security Oversight Office, as required by EO 13526, showed that even after the order’s passage, derivative classification activity continued to skyrocket, quadrupling in four recent years.
Like a bad housekeeper sweeping dirt under the rug, the bureaucracy seems to be latching on to derivative classification as the place to evade accountability. PPSA will continue to fight for transparency and accountability in government surveillance.
Congress relies on the Privacy and Civil Liberties Oversight Board (known by the inelegant acronym, PCLOB), an independent, bipartisan agency that conducts oversight of U.S. intelligence, to ensure that federal efforts to deter threats to the United States are balanced with Americans’ constitutional rights.
Six years ago, PCLOB set out to examine the implications of Executive Order 12333 on privacy and civil liberties. They finally released their report on the afternoon of Good Friday, 2021. Perhaps they judged that a good time to avoid getting any attention whatsoever.
EO 12333 was an executive order issued by President Reagan in 1981 to organize the government’s collection, analysis, and use of foreign intelligence and counterintelligence. This intelligence comes from human sources, by interception of communications, by cameras and other sensors on satellites and aerial systems, and through relationships with intelligence services of other government. Sen. Richard Burr, former chair of the Senate Intelligence Committee, alarmed the civil liberties community when he said 12333 allows the executive branch to do whatever it wants, without “guardrails” or statutory authority for mass surveillance.
PPSA and many other civil liberties organizations were eagerly waiting for the completion of this study to see if any powers from this non-statutory order were being used to replace the legal authorities from Section 215 of the Patriot Act, which expired a year ago.
After six years of asking questions and rummaging through classified material – in the words of the board, “deep dive reviews” of classified information – PCLOB has produced … a high school term paper. As term papers go, it is well organized and thorough in its description of how 12333 organizes intelligence. It has sections on “History” and “Contents of EO 12333.”
It does offer a gentle recommendation that the agencies should accelerate their reviews of policies and constitutional requirements in light of the pace of technological change. One can almost sense their racing hearts as they dared to put themselves right on the line with that one.
Other than that, there is no mention of how 12333 might be filling in for Section 215 or much of anything else. It tells us it examined NSA XKEYSCORE on global internet surveillance, but doesn’t offer any useful insights into this program.
There are no criticisms of any substance, no revelations or serious recommendations. What you do get is a source on 12333 that reads like Wikipedia. PCLOB also helpfully assures us that at every turn, the intelligence agencies have procedures for the collection and use of information concerning U.S. persons in accordance with guidelines approved by the Attorney General.
That’s it. That’s what six years of investigation by PCLOB gets you. Perhaps for its next assignment, PCLOB might spend the next six years producing a graphic on “How a Bill Is Made.”
Congress should quit pretending that it can rely on PCLOB, whose chairman and four part-time board members must be confirmed by the Senate. PCLOB has not even bothered to pretend it is about oversight.
PPSA urges you to contact your House representative and senators and demand they conduct hearings into the dependability of PCLOB, as well as to ask about the legal authorities under which the government is now conducting surveillance.
Late last week, the Supreme Court issued an opinion in Torres v. Madrid. This case considered whether a Fourth Amendment seizure occurs when a police officer shoots someone, even if that person “temporarily eludes capture” after being shot. Citing common-law history and its own precedents, the Court answered that a Fourth Amendment seizure does, in fact, occur.
This case is an important win for all Americans. The Fourth Amendment’s text promises the “right of the people to be secure in their persons.” In resolving the question before it, the Court took the opportunity to highlight how the “essence” of the Fourth Amendment’s promise is the “privacy and security of individuals.” The Fourth Amendment, it reasoned, protects against “arbitrary invasion by government officials” by securing the same “degree of privacy against government that existed” at the Founding. In so doing, the Fourth Amendment “preserves personal security with respect to methods of apprehension old and new.”
As PPSA argued in briefs we filed earlier this year in Lange v. California and in Caniglia v. Strom, we agree with the Court about how the Fourth Amendment secures individual privacy. Both Lange and Caniglia are still pending before the Court, and both cases ask important questions about when the government can enter a person’s home. We expect opinions in those cases in June, and we will report back once we have them. For now, we can optimistically look to the Court’s invocation of privacy’s importance in Torres as a sign of how it will resolve Lange and Caniglia.
PPSA today filed a Freedom of Information Act (FOIA) request for FBI records related to a government admission that at least one Foreign Intelligence Surveillance Act (FISA) Court order involved the collection of web browsing data of an identified U.S. web page.
PPSA first got involved in this issue after Charlie Savage of The New York Times reported on a Nov. 25 letter from John Ratcliffe, former director of National Intelligence, to Sen. Ron Wyden (D-OR), correcting an earlier letter denying that any of the 61 orders issued by the FISA court in the past year involved tracking web browsing. In his revision, Ratcliffe said that one of the orders did involve collection of visits from foreign IP addresses to a U.S. web page.
At the time of the report of the correction, we noted that as usual with the surveillance bureaucracy, we are left with more questions than answers.
Did the FBI collect web browsing data before that time?
With the expiration of Section 215, is the FBI collecting web browsing data now under a different authority?
With an agency tracking visits from foreign IP addresses to a U.S. website, how does it treat the incidental collection of data on U.S. persons that would inevitably be revealed during such tracking?
With these questions in mind, PPSA is asking for all FBI records mentioning or responding to the correspondence between Sen. Wyden and Richard Grenell and John Ratcliffe, both former heads of the Office of the Director of National Intelligence.
“Our request is targeted and highly specific,” said Gene Schaerr, general counsel of PPSA. “Given the high level of this correspondence, there is no reason why the FBI should not be able to produce these documents. We hope that when they do, it will shed light on why the government felt the need to undertake warrantless surveillance of web browsing in the United States.”
PPSA will report the FBI’s response as soon as it is delivered.
The National Security Agency, facing a Freedom of Information Act (FOIA) request and lawsuit from PPSA, reversed its position and promised to search for records regarding its possible surveillance of 48 current and former Members of Congress with oversight responsibility over U.S. intelligence agencies.
In December, PPSA filed suit against the NSA and with five other departments and agencies, seeking these records. Almost fifty lawmakers were listed in the lawsuit, including now-Vice President Kamala Harris, Sen. Marco Rubio, Sen. Dianne Feinstein, Sen. Tom Cotton, Rep. Adam Schiff and Rep. Devin Nunes.
The lawsuit followed a Freedom of Information Act (FOIA) request in October, 2020, seeking records on the “unmasking” of identities of these 48 Members and former Members of Congress in communications, as well as the use of their identities as search terms in internet traffic, a practice called “upstreaming.”
The NSA had previously rejected PPSA’s request in an earlier filing. In a communication with PPSA, NSA wrote: “[P]lease be advised that NSA collects and provides intelligence derived from foreign communications to policymakers, military commanders, and law enforcement officials. We do this to help these individuals protect the security of the United States, its allies, and their citizens from threats such as terrorism, weapons of mass destruction, foreign espionage, international organized crime, and other hostile activities.”
NSA denied the request because “FOIA does not apply to matters that are specifically authorized under criteria established by an Executive Order to be kept secret in the interest of national defense or foreign relations.”
In December, 2020, PPSA filed a lawsuit challenging the rejection. This week, PPSA received the following letter from an officer at NSA: “I have determined the FOIA Officer’s processing of your request was inadequate, and I am granting your appeal.”
NSA: “I have determined the FOIA Officer’s processing of your request was inadequate, and I am granting your appeal.”
The NSA should now reveal whether these Members of Congress have been subjected to either of the two intelligence practices under the Foreign Intelligence Surveillance Act (FISA), Section 702, which allows foreign surveillance but forbids spying on “U.S. persons” located inside the United States.
With unmasking, approximately twenty employees of the NSA have the authority to internally reveal the identities of Americans caught up in the surveillance of foreign communications. Unmasking results in the naming of an American in intelligence summaries.
Upstreaming, like unmasking, is subject to minimization procedures, meant to restrict the use of information about a U.S. person to a tight circle of recipients with a need to know.
PPSA will report our findings on possible government surveillance of Members of Congress with intelligence oversight authority as soon as we obtain them.
PPSA has also filed similar lawsuits against the Department of Justice and FBI, the Office of Director of National Intelligence, the Central Intelligence Agency and the Department of State.
Here is the list of 48 current and former members of committees with intelligence oversight responsibility including in PPSA’s suits and inquiries:
Yesterday, the Supreme Court heard oral argument in Caniglia v. Strom, a case asking whether the police can enter a person’s home without a warrant when they are acting in a non-investigative, “community-caretaking” capacity. The limited community-caretaking exception previously has allowed the police to search impounded vehicles, but the Supreme Court has never before extended it to the home. PPSA filed a brief in this case earlier this year examining the common-law history of the Fourth Amendment’s warrant requirement and explaining that, at common law, a community-caretaking exception broad enough to allow warrantless entry into the home would have been unthinkable.
Based on the oral argument, Americans concerned with protecting the home from warrantless government intrusion have reason to be partially optimistic. Although there was plainly some disagreement between the Justices, multiple Justices expressed concern with categorically extending the community-caretaking exception to the warrant requirement for searches of and seizures from the home:
Several Justices, most vigorously the Chief Justice and Justices Alito and Kavanaugh, however, seemed highly concerned with various potential, but uncertain, emergencies that might not satisfy a strict “exigent circumstances” rule, but nonetheless seemed like reasonable warrantless searches to them. The examples pressed involved the elderly who may have fallen or otherwise injured themselves as well as potential suicide risks. Where you cannot be sure an emergency exists, but there is a fear that it might.
Given the Justices’ voiced concerns over limiting the doctrine, it seems likely that, even if the Court were to expand the community-caretaking exception to the home in some cases involving risks to the elderly, children, or potentially suicidal individuals, it would may provide some limiting guidance to stop the exception to the warrant requirement from overrunning the rule when it comes to the home.
As PPSA explained in our brief in this case, however, even a narrow expansion of the exception to the home would pose grave concerns for privacy and deviate from the common law. Most notably, anything the police see in a person’s home while lawfully acting as caretakers could be used in criminal proceedings against them under what is known as the plain-view doctrine. And the concerns over health and safety of persons in the home can more than adequately be addressed through the historically grounded exigent circumstances doctrine or simply by getting a warrant in cases of genuine concern. We hope the Court here continues its longstanding practice of looking to the common law by requiring the government to obtain a warrant before entering a home in all but the most extreme cases. Only by declining to extend the exception to the home will the Court be able to preserve the home’s centuries-old protections. PPSA will report on the Court’s opinion, expected by June.
True story: A billionaire is enjoying dinner in a restaurant when his daughter unexpectedly walks in with a date he does not recognize. The billionaire surreptitiously snaps a picture of the young man and uses his phone to run the image through software from a leading facial recognition company in which he has invested. Within a short time, the father has the man’s name and can access vast amounts of information about him.
This is one detail in Kashmir Hill’s New York Times riveting investigative piece on Clearview AI, demonstrating how the company skirts the terms of service rules of big social media platforms and stretches the law to scrape data and thereby obtain a powerful capability in facial recognition.
Deploying facial recognition to identify strangers had generally been seen as taboo, a dangerous technological superpower that the world wasn’t ready for. It could help a creep ID you at a bar or let a stranger eavesdrop on a sensitive conversation and know the identities of those talking. It could galvanize countless name-and-shame campaigns, allow the police to identify protesters and generally eliminate the comfort that comes from being anonymous as you move through the world.
Hill also demonstrates how the company’s technology has been a boon in catching pedophiles and human traffickers. Somewhere between 600 and 3,000 law enforcement agencies use this technology. Clearview’s database grew from 20 million faces to more than 1 billion in 2018.
So if you are on Facebook, LinkedIn or the like, it’s likely that your face is already in Clearview’s database.
Does Clearview technology’s data scrapping violate the Computer Fraud and Abuse Act? A federal judge in the Ninth Circuit found that the copying of publicly available information does not violate this anti-hacking law. But the ACLU is using a tough Illinois statute to challenge Clearview.
PPSA will monitor and report regularly on this rapidly evolving issue.
“Every time you ride your bike down this block, there are probably 50 cameras that watch you going past,” said a California mother to her 7-year-old son. “If you make a bad choice, those cameras will catch you.”
This is one of the powerful nuggets from an investigative piece by Drew Harwell in The Washington Post.
He writes that “the proliferation of the kind of surveillance cameras once limited primarily to airports, banks and convenience stores also has meant millions of unsuspecting people – including camera owners’ neighbors, peaceful protestors, and anyone else walking down a residential block – are being recording without their knowledge or consent.”
Ring also has its own social network, Neighbors, the very system that caught the 7-year-old throwing a foam volleyball that harmlessly bounced off a neighbor’s security camera. More than 70 people, Harwell reports, formed opinions about appropriate punishments for the boy and commented on the mother’s parenting skills. Turns out the panopticon is being run by nosy neighbors rather than jailers.
While the Ring system has helped solve crimes, from porch pirates to homicides, something this pervasive has a troubling, if less visible, cost. Once again, Americans are becoming inured to another technology taking away more of our privacy.