A letter from Sen. Ron Wyden (D-OR) to Defense Secretary Lloyd Austin reveals that our government appears to be taking a warrantless and free-wheeling approach to purchasing Americans’ private data.
 
At first glance, this might come as an unexpected turn against the jurisprudential tide. In 2018, the U.S. Supreme Court held that the government needs a warrant to access the location history of an American taken from communications between cell phones and a cell tower. A reasonable interpretation of this case, Carpenter, should have prompted government lawyers to question any warrantless access to Americans’ electronic data. Like a flippant teenager, government lawyers – when presented with such a new restriction by the courts – take it as a sign that everything else must be permissible. You told me not to ride my bike in traffic. You never said anything about not smoking a cigarette.
 
In his letter, Sen. Wyden wrote that the Defense Intelligence Agency “recently informed my office that they have adopted the position that the Fourth Amendment, and the Supreme Court’s holding in the Carpenter case, do not apply to data about Americans that government buys, and only apply to data that the government acquires via compulsion.”
 
Sen. Wyden has long investigated the “shady, unregulated” sale of Americans’ personal information by data brokers to government agencies. He, along with Republican Sens. Rand Paul, Mike Lee, Steve Daines  and several Democratic senators, recently introduced The Fourth Amendment Is Not for Sale Act, which would restrict the ability of the government to buy our personal information from data brokers without a warrant.
 
Now Sen. Wyden is pressing the Department of Defense to answer questions about the legal analysis behind its theory, its scope of buying and using Americans’ data without a court order, and what the department knows – or doesn’t know – about the identities and citizenship of individuals whose data is being acquired.
 
The Oregon senator is also drilling down to ask if the DoD is collecting information from internet connected cars and from metadata, such as Domain Name System records. The latter could expose an individual’s internet browsing history. As we await answers, civil liberties advocates have more reason than ever to get behind The Fourth Amendment Is Not For Sale Act.

By BOB GOODLATTE AND MARK UDALL
Published on CHICAGO TRIBUNE
​MAY 05, 2021 AT 12:06 PM
--

​In the back of our minds, we know the “free” social media platforms and cellphone apps we use are not truly free. We always pay a cost in privacy. When your Facebook account shows you an ad for pet food or home exercise equipment, it is drawing on a highly detailed portrait assembled from your clicks and choices.

Throughout our day, sensitive data points that include our location, our browsing history and demographic details are captured to update a precise digital portrait of our interests, beliefs, actions and movements. This information is then shared with hundreds of bidders in a digital auction. This “real-time bidding” takes place in a few milliseconds in order to match you with an ad that you might click.

But the journey does not end there. Companies use your “bidstream” data to create a digital dossier that can predict your behaviors by mapping your past actions, which can then be sold by data brokers to hedge funds, marketers and political campaigns.

Some of these brokers also sell your personal information to the government, which amounts to a treasure trove of personal information for intelligence agencies and law enforcement to scan without having to bother with the pesky Fourth Amendment requirement for a probable cause warrant.

The U.S. Constitution requires the government to obtain such a warrant from a court before searching or seizing our “effects.” By tapping into Uncle Sam’s checkbook, however, the Defense Intelligence Agency, the Department of Homeland Security, the IRS and likely other agencies are sidestepping this basic requirement to obtain warrantless access to billions of digital “effects” on millions of Americans. The government is even purchasing access to billions of photos, downloaded in bulk by a data broker from Facebook, LinkedIn, Twitter and YouTube. According to media reports, our images are being illicitly scraped in violation of the terms of service of these popular social media platforms.

No one in Congress today has been more diligent in tracking and attempting to curb such excesses of government violations of Americans’ privacy than Sen. Ron Wyden, D-Oregon. He recently introduced landmark privacy legislation, the Fourth Amendment Is Not for Sale Act, that would close major loopholes in the Electronic Communications Privacy Act and the Foreign Intelligence Surveillance Act that the government is exploiting to simply buy our most sensitive and personal data.

Under current law, the government cannot compel tech and phone companies to disclose our information without a court order. Why should data brokers be treated any differently? Under Wyden’s proposal, the government would have to get a court order to force data brokers to disclose our information.

The Wyden bill, also supported by Republican Sens. Rand Paul, Mike Lee and Steve Daines, as well as Senate Majority Leader Chuck Schumer, stops law enforcement and intelligence agencies from buying data on people in the United States and Americans abroad if that information is derived from hacking, deception, or a violation of a contract, privacy policy or terms of service — as is happening now with scraped images.

This legislation extends existing privacy laws to data cables and cell towers, so the government can’t do a “workaround” through infrastructure. It closes loopholes that permit the intelligence agencies to buy or otherwise acquire metadata about Americans’ international calls, texts and emails to family and friends abroad, and obtain records about their web browsing of foreign websites — the kind of disclosures that would normally require a court order.

The Wyden bill also takes away the ability of the attorney general to grant civil immunity to companies that assist with surveillance that is not required or permitted by statute. This is one of the most effective proposals Wyden offers. If data providers, whether tech firms, telecoms or data brokers, know that legal liability comes with obeying an illegal order, it is unlikely any will comply.

Don’t expect surveillance hawks to cheer this legislation, but they have no real reason to oppose it. If Wyden’s measure passes, U.S. law enforcement and intelligence agencies will still have powerful legal tools at their fingertips with which to follow leads that can catch terrorists, spies and dangerous criminals. They will just have to follow the rules.

The alternative is to let the practice of checkbook surveillance grow in scale and scope. If this subterranean subversion of our Constitution continues, the United States will be taking a long step toward granting our government the sort of omniscience over Americans that the People’s Republic of China enjoys over its people. While the intentions of many in the agencies and law enforcement are commendable, recent events suggest that our most admired institutions can be corrupted by political pressure and partisan bias.

It is time for policymakers to either respect the Fourth Amendment or publicly admit, as Hamlet said, it’s a custom more honored in the breach.

Bob Goodlatte is a former congressman from Virginia, the former chairman of the House Judiciary Committee, and now senior policy adviser with the Project for Privacy and Surveillance Accountability. Mark Udall is a former senator from Colorado who served on the Senate Select Committee on Intelligence.

The Project for Privacy and Surveillance Accountability filed a Freedom of Information Act (FOIA) request with the U.S. Department of Justice asking for records on how the department may be modifying, interpreting or replacing two key memos establishing safeguards against political misuse of federal investigations.
 
“In these contentious times, wouldn’t it be refreshing if one administration endorsed the policies of a previous administration to extend legal protections to people in both parties?” said Gene Schaerr, general counsel of the Project for Privacy and Surveillance Accountability. “The Biden Administration could do this by making permanent Justice Department rules intended to keep politics out of federal investigations. We hope our FOIA request will spur the administration to take this positive action, assuming they haven’t already.”
 
Last August, then-Attorney General William Barr reacted with memos establishing new rules after the fiasco of the FBI’s investigation of Trump campaign volunteer, Carter Page. This investigation had included the submission of a forged document in sworn testimony before the Foreign Intelligence Surveillance Court. A report from the Department of Justice inspector general documented 17 serious errors of omission and commission made in that investigation. The inspector general followed up with another report examining a sampling of 29 other, unrelated FISA applications involving U.S. citizens, finding errors in each one.
 
Among the many safeguards in Barr’s new policies were requirements regarding the investigation of a federal elected official, candidate and staff. One such requirement would be a “defensive briefing” of the target, unless the FBI Director determines in writing that such a briefing would not be appropriate. The attorney general would also have to approve surveillance applications for Americans in these categories.

PPSA’s FOIA asks the Department of Justice for all records supplementing, modifying, interpreting or replacing the memos. It also asks for records for preparations to comply with a required assessment of the implementation of the new rule.

Barr wrote that the “American people must have confidence that the United States Government will collect and use this information in a manner that protects the civil liberties of all Americans, avoids interference in the political process, and complies with the Constitution and the laws of the United States.”

Schaerr noted: “If anything, the need to rebuild confidence in the integrity of the government is even greater than it was a year ago. Trust is at an all-time low. Republicans are still smarting from the Carter Page investigation predicated on an opposition research document. Democrats, for their part, voice public concern about the potential for unequal law enforcement. Both parties are making allegations about elections. Putting a Democratic imprimatur on these policies would be reassuring to Americans of all stripes.”

​The Project for Privacy and Surveillance Accountability today filed a lawsuit against six federal agencies to compel them to reveal records mentioning the handling of policies governing classification decisions under Executive Order 13526.
 
President Obama issued this executive order in 2009, saying he was attempting to curb the breakneck growth of classified documents in the federal government by requiring agencies to create internal procedures to challenge improper classification decisions. In the president’s words, the agencies “must not withhold information for self-serving reasons or simply to avoid embarrassment.”
 
“Think us naïve, but PPSA thought at the very least we could discover how agencies responded to the president,” said Gene Schaerr, PPSA general counsel. “We want to ask if the agencies have done anything to comply with President Obama’s executive order.”
 
On Sept. 28, 2020, PPSA sent a Freedom of Information request to the six agencies asking for all records mentioning two sections of EO 13526 that limit classification decisions, covering a date range from Dec. 29. 2009 to Sept. 25, 2020.
 
The FOIA requests went to the Department of Justice, the Office of the Director of National Intelligence, the National Security Agency, the Central Intelligence Agency, the Department of State and the National Archives and Records Administration. 
 
“The FBI did reply that the request did not have sufficient detail, though it is hard to imagine how the request could have been more detailed,” Schaerr said. “The State Department similarly denied the request, saying that PPSA’s filing did not reasonably describe the records sought. The CIA and ODNI agreed to search for records, but haven’t actually disclosed anything yet.”
 
The Freedom of Information Act gives government agencies a maximum of thirty business days to comply with the request. All of these agencies well exceeded their time limit allowed under law.
 
“With none of the six agencies giving a substantive or credible reply, we’re filing a lawsuit in the U.S. District Court for the District of Columbia to compel their disclosure,” Schaerr said. “We’ll report any significant responses or developments in court.”

On Monday afternoon, the presiding judge of the Foreign Intelligence Surveillance Court (FISC), Judge James E. Boasberg, revealed new instances of warrantless use of National Security Agency data by the FBI, including the improper search of information about Americans in emails.
 
The government is allowed under Section 702 of the FISA Amendment Act to access phone calls and internet communications of noncitizens abroad with an American. The FBI can use this raw intelligence without a warrant, but only for national security investigations.
 
Judge Boasberg’s report shows that while the FBI properly used some of this warrantless surveillance information to identify potential domestic terrorists, it ran over 40 improper queries for run-of-the-mill criminal investigations relating to health-care fraud, bribery, and other crimes by citizens posing no threat to national security and fully protected by the Fourth Amendment.
 
“It has proven almost impossible for the FBI to resist the temptation to use powerful technology to gather warrantless evidence in purely criminal matters, not national security,” said Gene Schaerr, PPSA general counsel.
 
In September, the judge revealed that an FBI field office used 124 improper queries of warrantless surveillance information, including background checks on community leaders in a law enforcement-sponsored “Citizens Academy,” and people providing office repairs.
 
As with last year’s revelations, the most recent batch of warrantless queries happened before the FBI pledged to do better with improvements in training and procedural safeguards. While issuing the report, Judge Boasberg approved the NSA program for another year. He ruled that “the FBI’s querying and minimization procedures meet statutory and Fourth Amendment requirements.”
 
“It’s an open question whether the FBI has been caught red handed or flat footed,” Schaerr said. “The FISC must keep close tabs on this program over the next year. Congress should consider adding statutory sanctions for using warrantless surveillance for ordinary, domestic law enforcement.”

The Project for Privacy and Surveillance Accountability joined almost 70 civil liberties groups urging Homeland Security Secretary Alejandro Mayorkas to order his agencies to discontinue – or at least clarify – their use of Clearview AI facial recognition software.
 
Clearview AI boasts that it has the largest database of facial images, more than 3 billion in all. Many of these are scraped from popular social media platforms in violation of those platforms’ terms of service.
 
“With one picture secretly taken with a cellphone or surveillance camera, a government agent without a warrant might access your religious and political beliefs, your home address and phone number, your work history and employer, pictures of your family, you name it,” said Erik Jaffe, president of PPSA. “With a snap, a government snoop can know everything about you.
 
“While many groups who signed this letter are concerned about how Clearview AI might be used, or misused, by a specific government agency, our concern goes further,” Jaffe said. “We signed this letter because we believe it is an important shot across the bow to warn Washington of technology that enables Panopticon levels of surveillance normally reserved for regimes that routinely repress political freedom.
 
“We hope this letter sparks the debate that is needed on how to restrain and govern the worrisome power of this technology,” Jaffe said.

The Project for Privacy and Surveillance Accountability plans to file an amicus brief supporting an effort by the American Civil Liberties Union to require the Foreign Intelligence Surveillance Court (FISC) and the Foreign Intelligence Surveillance Court of Review (FISCR) to make their opinions public.
 
PPSA blogged about this issue last September and remains deeply concerned by the fact that the courts have interpreted their jurisdiction so narrowly that they have largely insulated themselves from any accountability.
 
“A secret court issuing secret opinions shaping the scope of secret government surveillance is inherently offensive to the Constitution,” said Gene Schaerr, PPSA’s general counsel. “If it is true that FISC and FISCR lack jurisdiction to even consider constitutional challenges, then the public will never know what the government is doing in its name. Kudos to the ACLU for taking the lead on asking the Supreme Court to take a definitive stand. PPSA is proud to join with our peers in the civil liberties community to support this effort.”
 
Ted Olson, who was head of the Justice Department Office of Legal Counsel under President Reagan, oversaw the practices of the National Security Agency. He is now leading the team asking the Supreme Court to allow the American public to learn about government surveillance.
 
“While some disclosures are allowed, it is the executive branch that decides what we can and cannot know,” Schaerr said. “There is no conceivable justification for judicial secrecy under our Constitution. We hope the Supreme Court takes this case, because if it does, the Justices will surely side with the Constitution.”
 
Schaerr also noted that this case highlights the need for passage of the Lee-Leahy amendment to the Foreign Intelligence Surveillance Act, which would require the FISA court to include an independent expert in any case with significant constitutional implications. Co-sponsored by Sens. Patrick Leahy (D-VT) and Mike Lee (R-UT), the Lee-Leahy amendment passed the Senate with 77 votes last year.

In September, 2020, PPSA filed a Freedom of Information Act (FOIA) request with the CIA, FBI, NSA, ODNI, Department of Justice, State Department, and National Archives and Records Administration. We asked them to simply reveal any references to Executive Order 13526 in their records since its adoption in 2009.

This order prohibits classification of material in order to “conceal violations of law, inefficiency, or administrative error” or to “prevent embarrassment to a person, organization, or agency.” It also obligates each agency to create internal procedures to challenge improper classification decisions.

While the CIA and ODNI stated that they had begun their searches pursuant to our FOIA request, the FBI and State Department have rejected identical requests, claiming they were “too vague.” This is despite the fact that our requests are bolstered by federal precedent compelling agency responses to FOIA requests for all documents mentioning specific search terms. As reviewing courts have explained, such requests for simple keyword searches leave "virtually no guesswork" about what documents will be responsive to the request.

Every American knows the simple “CTRL F” function on our computer keyboards to search for keywords. The FBI and State Department nevertheless maintain our request to be too “vague” to manage such a simple search. The inconsistency is striking when compared with the other agencies that did not plead “vagueness.”

As of now, both the FBI and the State Department have rejected our appeals, exhausting possible administrative remedies and freeing PPSA to enforce those agencies’ statutory disclosure duties in federal court.

Concerns continue to mount over the quantity of classified materials and the possible circumvention of federal law. So troubling was this trend that even as far back as 1989, former Solicitor General for Richard Nixon, Erwin Griswold, who argued the Pentagon Papers case on behalf of the government, wrote: “[I]t quickly becomes apparent to any person who has considerable experience with classified material that there is massive overclassification and that the principal concern of the classifiers is not with national security, but rather with governmental embarrassment of one sort or another.”

More recently, a 2011 report to the President by the Information Security Oversight Office, as required by EO 13526, showed that even after the order’s passage, derivative classification activity continued to skyrocket, quadrupling in four recent years.
Like a bad housekeeper sweeping dirt under the rug, the bureaucracy seems to be latching on to derivative classification as the place to evade accountability. PPSA will continue to fight for transparency and accountability in government surveillance.

Congress relies on the Privacy and Civil Liberties Oversight Board (known by the inelegant acronym, PCLOB), an independent, bipartisan agency that conducts oversight of U.S. intelligence, to ensure that federal efforts to deter threats to the United States are balanced with Americans’ constitutional rights.
 
Six years ago, PCLOB set out to examine the implications of Executive Order 12333 on privacy and civil liberties. They finally released their report on the afternoon of Good Friday, 2021. Perhaps they judged that a good time to avoid getting any attention whatsoever.
 
EO 12333 was an executive order issued by President Reagan in 1981 to organize the government’s collection, analysis, and use of foreign intelligence and counterintelligence. This intelligence comes from human sources, by interception of communications, by cameras and other sensors on satellites and aerial systems, and through relationships with intelligence services of other government. Sen. Richard Burr, former chair of the Senate Intelligence Committee, alarmed the civil liberties community when he said 12333 allows the executive branch to do whatever it wants, without “guardrails” or statutory authority for mass surveillance.
 
PPSA and many other civil liberties organizations were eagerly waiting for the completion of this study to see if any powers from this non-statutory order were being used to replace the legal authorities from Section 215 of the Patriot Act, which expired a year ago.
 
After six years of asking questions and rummaging through classified material – in the words of the board, “deep dive reviews” of classified information – PCLOB has produced … a high school term paper. As term papers go, it is well organized and thorough in its description of how 12333 organizes intelligence. It has sections on “History” and “Contents of EO 12333.”
 
It does offer a gentle recommendation that the agencies should accelerate their reviews of policies and constitutional requirements in light of the pace of technological change. One can almost sense their racing hearts as they dared to put themselves right on the line with that one.
 
Other than that, there is no mention of how 12333 might be filling in for Section 215 or much of anything else. It tells us it examined NSA XKEYSCORE on global internet surveillance, but doesn’t offer any useful insights into this program.
 
There are no criticisms of any substance, no revelations or serious recommendations. What you do get is a source on 12333 that reads like Wikipedia. PCLOB also helpfully assures us that at every turn, the intelligence agencies have procedures for the collection and use of information concerning U.S. persons in accordance with guidelines approved by the Attorney General.
 
That’s it. That’s what six years of investigation by PCLOB gets you. Perhaps for its next assignment, PCLOB might spend the next six years producing a graphic on “How a Bill Is Made.”
 
Congress should quit pretending that it can rely on PCLOB, whose chairman and four part-time board members must be confirmed by the Senate. PCLOB has not even bothered to pretend it is about oversight.