​With the passing of Pope Francis, it seems appropriate to reflect on his statements regarding surveillance, privacy, and human rights. In his 2024 World Day of Peace message, the pontiff declared:

• “Artificial intelligence, then, ought to be understood as a galaxy of different realities. We cannot presume a priori that its development will make a beneficial contribution to the future of humanity and to peace among peoples.”

 

• “Privacy, data ownership and intellectual property are other areas where these technologies engender grave risks. To which we can add other negative consequences of the misuse of these technologies, such as discrimination, interference in elections, the rise of a surveillance society, digital exclusion and the exacerbation of an individualism increasingly disconnected from society. All these factors risk fueling conflicts and hindering peace.”

 

• “Reliance on automatic processes that categorize individuals, for instance, by the pervasive use of surveillance or the adoption of social credit systems, could likewise have profound repercussions on the social fabric by establishing a ranking among citizens.”

 
The whole essay is worthy of our attention. It contains frank criticisms of the breakneck development of AI, as well as an important acknowledgement of China’s insidious “social credit” system, whereby its citizens are monitored and their behaviors graded.
 
Pope Francis himself had sufficient reason to be wary of surveillance states. Just a few weeks ago, the Vatican revealed that several of the pontiff’s senior aides discovered that foreign spy agencies had infected their smartphones with Pegasus spyware.

​Perhaps you had other things to do during last week’s House Judiciary hearing, “A Continued Pattern of Government Surveillance of U.S. Citizens.” So here’s a summary: The Judiciary’s Subcommittee on Crime and Federal Government Surveillance brought together witnesses from across the political spectrum (including PPSA’s own Gene Schaerr) to identify potential solutions to the ongoing (and growing) problem of Fourth Amendment abuse by government entities.
 
At the heart of the discussion was the need to import probable cause warrants – the key requirement of the Constitution’s Fourth Amendment – to the practice of federal agencies freely accessing our international communications, as well as our personal, digital data.
 
Witnesses effectively rebutted the fearmongering campaign by the intelligence community to convince us that a warrant requirement for federal surveillance of American citizens is too onerous, and too dangerous to entertain. But the most effective remarks came from a Member of the committee.
 
Rep. Brad Knott (R-NC), a former U.S. Attorney for the Eastern District of North Carolina, addressed the issue of warrant requirements with the assurance of a former federal prosecutor. He spoke of what it took for him to get permission to “flip the switch” on some of the most “intrusive” forms of wiretapping American citizens.
 
“So you have to demonstrate necessity,” Rep. Knott said. “You have to demonstrate why other techniques are futile … the rigor we had to exercise was very important … it kept the internal investigators accountable.”
 
Rep. Knott said the warrant process made sure investigations were “open and honest.” Investigators knew “that their actions were going to be subject to pen and paper. They were going to be subject to judicial review … and opposing counsel.”
 
Given the clarity and accountability added by warrants, Rep. Knott added:
 
“It’s amazing to me that there’s so much resistance to the warrant requirement alone.”
 
Throughout the 90-minute hearing, Members and witnesses stressed one thing:
 
The countdown clock is ticking on what may be our last, best chance at meaningful reform – including the adoption of a warrant requirement for U.S. citizens when Section 702 of the Foreign Intelligence Surveillance Act (FISA) comes up for renewal next year (it’s due to sunset in April 2026).
 
Section 702 is the legal authority that allows federal intelligence agencies to spy on foreign targets on foreign soil. But it also “incidentally” picks up the international communications of Americans, which can then be warrantlessly inspected by the FBI and other agencies.
 
Section 702 got a lot of airtime at the hearing and was frequently linked with the words “loophole” and “backdoor.” The Reforming Intelligence and Securing America Act (RISAA) of 2024 attempted to fix Section 702 – and did add some useful reforms – but it also left a loophole in which the FBI and others attempt to justify warrantless backdoor searches on Americans’ private communications.
 
For the FBI in particular, this has become the go-to means to warrantlessly develop domestic leads.
 
“Three million times they did [backdoor searches] in 2021,” lamented Judiciary Chairman Jim Jordan (R-OH). Or, as James Czerniawski of Americans for Progress, put it: “Time and time again we have caught the intelligence community with their hand in the constitutional cookie jar.”
 
Members and witnesses alike also addressed a privacy crisis even greater than Section 702 – the routine purchases made by federal agencies of Americans’ private digital information from data brokers.
 
ACLU’s Kia Hamadanchy reminded the subcommittee that the kind of data that can be bought and sold would be, in the words of a former CIA deputy director, “top secret” sensitive if gathered by traditional intelligence means. It would have to be kept “in a safe,” not in a database.
 
The hearing also got at what many consider the underlying issue driving the new era of surveillance. Namely, the acknowledgment that we increasingly live not in one world, but two – our physical reality and its digital twin. But unlike our world, the laws governing how the Fourth Amendment should be applied in the digital context are largely unwritten. In other words, said Rep. Andy Biggs (R-AZ), it’s the “Wild West.”
 
And Ranking Member Rep. Jamie Raskin (D-MD) added, “New technologies make it a lot harder to reign in government intrusion in the lives of the people.” The unwitting result? “We live in a modern, albeit consensual, surveillance state,” declared Phil Kiko, principal at Williams & Jensen and former Judiciary counsel.
 
With any luck, things might be different a year from now when FISA is up for renewal, thanks to a U.S. District Court ruling in January.
 
“To countenance this practice,” of warrantless surveillance, wrote the court, “would convert Section 702 into … a tool for law enforcement to run ‘backdoor searches’ that circumvent the Fourth Amendment.”
 
That legal precedent didn’t exist when the last Congress debated FISA reforms. Emboldened by this landmark decision, Reps. Jordan and Raskin are pledging to once again work together in a bipartisan spirit to win this fight. Their continuing partnership captures the spirit of the subcommittee’s hearing and should give reformers a renewed sense of hope.

​As we labor to protect our personal and business information from governments and private actors, it helps to think of our data as running through pipes the way water does. Just like water, data rushes from place to place, but is prone to leak along the way. Now, as the AI revolution churns on, workplaces are getting complete overhauls of their data’s plumbing. Some information leaks are thus almost inevitable. So, just as you would do under a sink with a wrench, you should be careful where you poke around.
 
A major new source of leakage is conversational AI tools, which are built on language in all its forms – words and sentences, but also financial information, transcripts, personal records, documents, reports, memos, manuals, books, articles, you name it. When an organization builds a conversational AI tool, many of these source items are proprietary, confidential, or sensitive in some way. Same with any new information you give the tool or ask it to analyze. It absorbs everything into its big, electronic, language-filled brain. (Technically, these are called “large language models,” or LLMs, but we still prefer “big, electronic, language-filled brains.”)
 
So be careful where you poke around.
 
As Help Net’s Mirko Zorz reminds us, companies should give employees clear guidelines about safely using generative AI tools. Here is our topline advice for using AI at work.

• If it’s a public tool like ChatGPT, absolutely no confidential personal or business information should be entered that isn’t already publicly available. Just ask Samsung about their misadventure.

 

• Even internal, private company tools carry risk. Make sure you’re authorized to access the confidential information your system contains. And don’t add any additional sensitive information either (documents, computer code, legal contracts, etc.) unless you’re cleared to do so.

 

• Like a person, LLMs can be “tricked” into disclosing all manner of sensitive information, so don’t give your credentials to anyone who does not have the same authorization as you. Those new employees from Sector 7G? Sure they seem nice and perfectly harmless, but they could be corporate spies (or more likely, just untrained). Don’t trust them until they’re vetted.

 

• Any company that isn’t educating its employees on how to use AI tools acceptably is asking for trouble. If your company isn’t training you or at least providing basic guidelines, demand both. Vigilant employees are the last line of defense in any organization that doesn't bring its “A” game to AI. And “A” really is the operative letter here (we’re not just being cute). Authorization and Authentication are the bywords of any IT organization worth its salt in the AI space.

 

• Just because an approved software program you’ve been using at work for years has suddenly added an AI feature does NOT mean it’s safe to use. Consult with your IT team before trying the new feature. And until they give you the all-clear, be sure to avoid inputting any sensitive or otherwise restricted information.

​
Finally, leave everything work-related at work (wherever work is). When elsewhere, don’t use your work email to sign into any of the tens of thousands of publicly available AI applications. And never upload or provide any personal or private information that you don’t want absorbed into all those big, electronic, language-filled brains out there.
 
Because leaks are nearly inevitable.

​Like millions of other Americans, we are receiving text messages telling us that someone at a company’s HR department has noticed our very impressive resume and would like to discuss a job offer, call before the job’s filled! – or, we have an unpaid highway toll and must pay quickly to avoid a fine! – or, our package delivery has hit a snafu and we need to deal with it post haste, or it might get lost forever!
 
The FBI advises us to delete such texts and to never – as in NEVER!!! – click through them. Such messages aim to persuade you to add to the hundreds of millions of dollars Americans are losing to text scams every year from sophisticated gangs in China. As Americans become wary of these smishing scams (a portmanteau of “SMS” short-message service texts and “phishing”), criminals are becoming more sophisticated, often impersonating a credible brand or agency to make you think that you must provide your credentials, account numbers, Social Security number, or make a payment in order to avoid a severe penalty.
 
And if you do click through, you may also expose your phone to a malware infection that will endanger you long after the text is forgotten.
 
One telltale sign of a smishing scam is that the link points to a foreign top-level domain. Common ones are “com-track,” and “com-toll.” But China’s smishing gangs are getting good at embedding links in actual “.com” addresses for real brands and agencies. So always assume it is a scam.
 
What should you do if you receive such a suspicious text?
 
The FBI advises: “STOP! Take a moment to breathe deeply in and out.”
 
Again, NEVER!!! open the text.
 
Write down the issue on paper and delete the text.
 
And if you still have a tingle of doubt, go online and look up the main website and customer service number of the bank, delivery company, toll authority, or whatever, and ask them.
 
But you do have an impressive resume, by the way. Click here to learn more.

​April 19, 2025, is the 250th anniversary of the American Revolution. It’s a story most Americans know pretty well, but here at PPSA we’d like to highlight one of the more obscure portions of that history, but one that is of ultimate importance to the all-but-impossible dream the Revolution would eventually make real: The Bill of Rights.
 
The subject of today’s lesson? General warrants. If that doesn’t ring a bell, then be glad, because that means the Bill of Rights largely did its job. General warrants were one of the primary tools of tyranny King George used to oppress, even terrorize, the Colonists. Armed with general warrants, the Crown’s agents could search anywhere they wanted, for anything they wanted, and for any reason — or, even worse, for no reason at all.
 
General search warrants don’t name a specific person or place and don’t state what the authorities are looking for – making it possible to target people without reason or cause, and almost without limits. As you can imagine, such writs were widely abused. To quote the Declaration of Independence, the King “sent hither swarms of Officers to harass our people and eat out their substance.” Barging into homes, destroying property, searching belongings, and seizing whatever they wanted. And not just homes – shops, ships, banks, churches. Americans had had it.
 
And on April 19, 1775, they said enough was enough. And they meant it. Sixteen years and 8 months would pass between that day and the day the Fourth Amendment was ratified. The Fourth Amendment exists because it was, and is, the best answer to the outrageous indignity of general warrants. That’s what historians call a “direct line.”
 
It's appropriate on this occasion to also recall a recent historical reminder from Rep. Jamie Raskin, a Democrat who happens to represent a district from Maryland, one of the thirteen original colonies – “The Old Line State” – a moniker earned in blood defending Washington’s army on multiple occasions. 
 
Speaking recently at a House Judiciary Subcommittee hearing on government surveillance, Raskin quoted James Madison: “The essence of government is power; and power, lodged as it must be in human hands, will ever be liable to abuse.” It’s no accident of history that Madison drafted what would become the Fourth Amendment. Two and a half centuries later, patriots of all stripes are called once again to hold the line against a modern, invasive, and warrantless surveillance state.
 
That we are still battling unlawful searches and seizures suggests, in a sense, that some things never change. But it also proves the timeless wisdom of those original ideas – that some things should endure. In the Fourth Amendment and Bill of Rights, the Founders left us a sacred trust. “The right to be let alone,” wrote Justice Louis Brandeis, is “the most comprehensive of rights and the right most valued.”

​With the summer travel season imminent, the already hot (and recently explored) topic of warrantless searches at U.S. borders and ports of entry keeps getting hotter by the day. The latest twist comes from ZDNET, where David Berlind asks the age-old question: Biometric vs. Passcode?
 
What, you were expecting “Plastic vs. Paper?”
 
Seriously, it’s come to this: How do American citizens best thwart their own government from its attempts to violate our constitutional rights? Specifically, how do citizens prepare against warrantless searches of their personal devices at border crossings, as Customs and Border Patrol agents seem increasingly determined to carry out?
 
The CliffsNotes version of ZDNET’s advice: The spoken word still matters (for now) relative to the Constitution, as in, “No person … shall be compelled in any criminal case to be a witness against himself.” Speech existed when the Constitution was written; biometric tech (fingerprint scanning, facial recognition, etc.) did not.
 
Put another way, being pressured to verbally recite your passcode could be construed as self-incrimination. So it is easier to refuse a request to speak it than to stand still and have your face open your device. But this much is sure: biometrics aren’t spoken, so that line to the Fifth Amendment is dotted at best. The same goes for Miranda. “The right to remain silent” is predicated on you actually remaining silent.
 
As for the Fourth Amendment itself, the Supreme Court has yet to meaningfully clarify its 1985 declaration that the Fourth’s “balance of reasonableness is qualitatively different at the international border than in the interior.” In practice, this means warrantless searches of your devices coming through customs is allowed. Among the many unanswered questions, what constitutes a “routine” search?
 
Is the biometric vs. passcode distinction a completely absurd technicality straight out of Monty Python? You bet your sweet privacy it is. But it’s also a gray area of unsettled law, so technicalities are currently one of our last defenses against this particular strain of government intrusion.

​There’s a relatively new twist in identity theft – synthetic identity theft, meaning the individual elements of the fake identity are either stolen from multiple victims or fabricated. Because none of the pieces are from the same victim, it’s like building a new person out of the spare parts of others – hence Frankenstein.
 
What’s the appeal? From the fraudster’s perspective, the Frankenstein approach offers numerous advantages over traditional identity theft (where a single, real person’s whole identity is stolen). The two biggest advantages are:

1. It’s much harder to detect: Because the identity doesn’t belong to a single real person, there’s no one to notice suspicious activity right away. Alerting tools may miss them too, especially if some of the data used is associated with someone whose credit file is inactive (like a child, an elderly person, even the homeless – all folks who are highly unlikely to check the status of their credit).
   ​
2. Frankensteins build their own credit: Fraudsters using these accounts may apply for small lines of credit and pay on time, slowly raising the profile’s creditworthiness before eventually going after the bigger prizes. Along the way, no one’s complaining to the bank or credit bureaus about being denied because when the theft is so fragmented, no one notices. In the end, it’s about patience and playing the long game. Scammers taking that approach are far more likely to succeed.

 
CNET’s Neal O’Farrell says the way to watch out for this kind of identity theft is to keep an eye on your Social Security Number. Phone numbers and addresses can change; SSNs are static. So if Frankenstein’s SSN happens to be yours, well, you get the picture. O’Farrell specifically recommends these steps:

1. Freeze your credit reports. It’s both free and easy to do. And if you need to temporarily unfreeze your credit reports for a legitimate reason, that’s even easier.
   
   
2. Monitor your SSN. And the best way to do that is to create a “my Social Security” account. Launched in 2012 and recently beefed up from a credentials standpoint, set a reminder on your calendar and check in once a month. It’s not proactive, so it won’t alert you, but checking it regularly does allow you to see if the activity associated with your SSN looks normal. And creating an account yourself prevents anyone else from doing it, so there’s that.  
   ​
3. Check your credit reports regularly. Weekly would be nice. Note that we’re not talking about checking your credit SCORE, we’re talking about checking your credit REPORTS. There are multiple ways to go about this. CNET explains the options.

 
Finally, consider the Federal Reserve Toolkit devoted to this subject, specifically, the Fed’s Synthetic Identity Fraud Mitigation Toolkit. Aimed primarily at businesses and the payment industry, it contains plenty of information of value to any audience, including individuals and families. We asked them to rename it the “Frankenstein Identity Fraud Mitigation Toolkit,” but you can imagine how that went.
 
File all of the above under the folder named, “Reality, New.” We agree that it’s something of a pain, but ultimately it’s just about forming a few new habits.

​Traveling with electronic devices this summer? Of course you are.
 
Would you like those devices searched by federal agents? Of course not.
 
Think the Fourth Amendment protects you from such searches? Think again, says the ACLU.
 
As we’ve written previously, U.S. ports of entry are twilight zones where the Fourth Amendment is more of a suggestion than a right. Having monitored this issue for years, the ACLU recently updated their advice for travelers. Here’s a summary version from the ACLU:

• Limit devices and data: Don’t take them if you don’t need them, or consider travel-only devices that don’t contain sensitive information.
• Encrypt & ship: Instead of packing them, ship them, but realize that Customs and Border Protection (CBP) reserves the right to search international packages – so encrypt them. A forensic search could get around some encryption, but it’s still good to play defense.
• Encryption is the new reality: While we’re on the subject, adjust your thinking and embrace encryption as something you need to do, not just the techie-crypto crowd. Here’s a guide recommended by the ACLU. There are many others, of course.
• Is this thing on? Active devices are suspicious devices. If you insist on traveling with them (see above) turn them off when crossing. If on (not recommended), then airplane mode only.
• Leave it in the cloud: Get out of the habit of storing sensitive or private information on your devices. Use end-to-end encrypted cloud-storage accounts instead. Then disable those apps for traveling and delete the caches. CBP claims it is against policy for border agents to search cloud-stored data on electronic devices. Fingers crossed.
• About those photos: It’s cloud time again. Digital cameras don’t offer encrypted storage, so upload and delete if you’re worried. And, yes, digital cameras are considered electronic devices.
• “Privileged” travelers? We mean actual privilege, as in the attorney-client kind. Do not volunteer this information, but if agents announce they’re going to search, first let them know the device contains privileged material. In such cases, CBP is supposed to follow special procedures that set a higher bar. Again, fingers crossed.

​
CBP agents can’t force you do anything (surrender a password, for example), but if you lock horns then you’d better be prepared to stay at the airport awhile or at least say goodbye to your electronic devices for weeks or even months.
 
This is all a pain. But the better strategy is to plan ahead.

As we’ve noted, a veritable gaggle of organizations (including a service called Gaggle) are helping schools to monitor student activity on district-issued devices – tracking every website, every keystroke (and potentially snapping pictures of students’ private lives). These arrangements lack transparency. Parents are only told it’s necessary to ensure “public safety” or some version of “safeguarding student mental health.” In the meantime, school districts and taxpayers are shelling out millions to the ed tech industry.
 
And all that collected data? Surveillance companies like GoGuardian and Gaggle have signed a Student Privacy Pledge that they will not sell students’ personally identifying information. Despite pledges from school districts and tech companies, more clarity is needed about who can access students’ information and why.

This inscrutable practice of student monitoring is about to get a little more attention – in the form of a lawsuit aimed at unearthing the facts. Attorney Jennifer Jones of the Knight First Amendment Institute describes the student surveillance industry in detail and makes the legal case against it in the Teen Vogue online newsletter.

The Knight Institute’s lawsuit isn’t the first of its kind, but its timing amid the cultural chaos of artificial intelligence suggests it could be a tipping point for transparency. This lawsuit is also not about specific privacy violations alleged by individuals, so it won’t be settled for damages as some previous cases have been.
​
On paper, student surveillance systems sound great: The monitoring is designed to prevent self-harm, cyberbullying, and violence. And yet, as Jones points out, the standard list of related keywords and websites the software provides can be customized – making it capable of going far beyond universal safety concerns to serve the political or cultural agenda du jour. What happens if a student tries to access a banned book, for example? Should that be reported? This is all just one search word away from a dystopian episode of the Twilight Zone.
 
As has been reported from multiple quarters, there is scant and merely anecdotal evidence that any of these systems accomplish what they purport to – but evidence of plenty of misfires. Moreover, the law on which this burgeoning surveillance apparatus is based, the Children’s Internet Protection Act of 2000, requires no measures beyond basic obscenity filters. The ed tech industry has done a bait and switch to take advantage of well-intentioned school administrators who are desperate to solve some of the most heartbreaking problems of our time.
 
It would be nice if AI-powered surveillance was the quick fix, but it’s not. It is a blunt force instrument with chilling implications up and down the Bill of Rights. We don’t need to normalize an educational-corporate-juridical surveillance state. The answers to the problems of school violence and self-harm are not easy, and they won’t be solved by technology alone. They must be mitigated through connection and relationships: Talking not stalking.
 
So it’s time for a reckoning, and a conversation that brings all of us to the table. We hope the Knight First Amendment Institute’s lawsuit makes that candid and open conversation happen.
 
Here’s some suggested further reading:

• Associated Press
• New York Times
• The74
• Wired
• Center for Democracy & Technology

​We are reminded of a Vice story in 2023 that should have received much more attention than it did. Then again, it can be challenging to keep up when new threats to privacy seem to emerge daily.
 
That story, with a very recent twist, is thus: It turns out that Wi-Fi is capable of sensing human presence, potentially even pinpointing location, determining posture/position, and tracking movement. Unsurprisingly, the underlying technology is courtesy of Facebook’s AI team, using optical methods like cameras. Now, Carnegie-Mellon researchers have realized that Wi-Fi is the perfect vehicle for solving “limitations” with the original optical approach, limitations such as not being able to see people in the dark or behind furniture.
 
And that’s not creepy at all, is it?
 
Call us old-fashioned but we just have the feeling that terrible things could come from being able to spy on people in the dark. And we unequivocally declare that the rudimentary nature of what Carnegie-Mellon has “accomplished” won’t remain that way for long. Believe us when we say, technologists will figure this out and in very short order. Because, wouldn’t you know it, Carnegie-Mellon’s iteration is just the latest in a long line of “Wi-Fi sensing” advancements. According to MIT, it’s a broad field with the potential to “usher in new forms of monitoring.” They predict that in effect it’s the future of motion detection technology.
 
Only that future is now. Verizon, Origin Wireless, Cognitive Systems Corporation, AXIS, and Infineon all have services on offer that use some form of Wi-Fi sensing. The goals – “health metrics,” “elder safety,” “home security” – sound commendable, as is always the case with privacy incursions and surveillance overreach. The commercial and social justifications are also appealing, even compelling. But what happens when someone with less-than-wholesome intentions gains access? To say that we need robust guardrails around such technology is the epitome of understatement.
 
And the time to build those guardrails for private and public use of this technology? Probably 2023.

​Congratulations to Director of National Intelligence Tulsi Gabbard for launching a serious effort at intelligence community (IC) reform.
 
On Tuesday, Director Gabbard announced a “Task Force to Restore Trust in the Intelligence Community and End Weaponization of Government Against Americans.” Rather than saddle Washington with an unwieldy new acronym, TFRTICEWGAA, this task force will be known as the Director’s Initiatives Group (DIG).
 
“I established the Director’s Initiative Group to bring about transparency and accountability across the IC,” Director Gabbard said in a statement.
 
She lists many DIG priorities that are familiar hobby horses of this administration, though they are admittedly responses to deep and serious abuses – from official and secret government censorship during the Biden administration, to weaponization of government for political purposes.
 
What we find most intriguing about DIG is its charge to engage in mass declassification. We’ve long called out the absurd lengths the federal government goes to stamp “classified” on even the most innocuous documents, often in conflict with executive orders to declassify.
 
In this new effort we see enormous potential for DIG to inform Congress and the American people of key facts regarding oversight of intelligence community programs. A few are:
 

• How many Americans (or “U.S. Persons”) by year have had their communications warrantlessly collected and reviewed by federal agencies under FISA Section 702, a law meant to allow surveillance of foreign targets on foreign soil?
• How many times has evidence gleaned from Section 702 been used by prosecutors against American criminal defendants? Was the origin of such evidence revealed to those defendants’ counsels?
• How much money does each federal intelligence and law enforcement agency spend on purchasing the private and sensitive data of Americans from third-party data brokers?
• Who are the data brokers who sell this information to the government?
• How does each agency use this information obtained without warrants?

 
For years, PPSA has used FOIA and legal action to try to force the government into revealing how often it has “unmasked” – or internally revealed the identity – Members of Congress whose communications get picked up in surveillance. We also want to know if the agencies are using these surveillance authorities, whether Section 702 or purchased data, to surveil Members of Congress on the House and Senate Judiciary and Intelligence Committees, those with specific oversight of the intelligence community.
 
Director Gabbard has undertaken a strong and necessary corrective within the intelligence community – and one from the top, no less. Despite her position, she will no doubt encounter resistance and obfuscation along the way. But if she presses forward, Director Gabbard can reinforce the power of Congress to create guardrails and constitutional protections on programs that operate in near darkness.

​On a summer day in 1915 a commercial attaché for the German embassy fell asleep on a train, only to awaken with jolt to realize he was at his stop. In his haste to depart, the diplomat left behind his briefcase – stuffed with all the details of Germany’s clandestine spy ring against the United States and plans to cross America’s northern border to wage mayhem against British Canada. An American agent tailing the German made the correct decision to grab the case rather than continue to follow his target.
 
This is just one of the engrossing stories in The Triumph of Fear, a new book by Patrick Eddington, senior fellow in homeland security and civil liberties at the Cato Institute. Eddington traces the trajectory of rising government surveillance from the Spanish-American War under William McKinley to the Cold War under Dwight D. Eisenhower. Along the way, Eddington details how the interception of telegrams and the passage of the 1917 Espionage Act set the legal and institutional basis for today’s surveillance state and the government’s digital spying on the American people.
 
The contents of the diplomat’s briefcase proved the Woodrow Wilson administration was right to be paranoid about Germany’s intentions. But almost all of Germany’s covert actions were conducted by German agents and nationals, not by sympathetic Americans. This did not keep President Wilson from tarring Americans who objected to the U.S. entry into the war or who opposed the draft by peaceful, political means as traitors. President Wilson said:
 
“There are citizens of the United States, I blush to admit, born under other flags but welcomed under our generous naturalization laws to the full freedom and opportunity of America, who have poured the poison of disloyalty in the very arteries of our national life … to debase our politics to the uses of foreign intrigue.”
 
In service of this all-out war on dissent, Wilson secured passage of the Espionage Act, which continues to give the government broad powers to prosecute Americans for being perceived as helping hostile powers. One official warned “postal employees to be on the lookout for material that might ‘embarrass or hamper the government.’” Before long, the government had created an informal, national network of snitches, a milder version of the later East German Stasi apparatus. The precursor of the FBI, the Federal Bureau of Investigation, had been reading telegrams from Western Union and major communications providers since the Spanish-American War.
 
Few Americans of stature objected. One of them, Sen. Robert LaFollette, the progressive Republican from Wisconsin, warned Americans that “private residences are being invaded, loyal citizens of undoubted integrity and probity arrested, cross-examined, and the most sacred constitutional rights guaranteed to every American citizen are being violated.”
 
The courts were no bulwark against this trashing of the Constitution. The U.S. Supreme Court upheld the conviction of Charles Schenck for mailing leaflets to draft-age men asking them to take political action to oppose the draft. Before long, the government felt free to deport anarchist Emma Goldman and put Eugene Debs, the socialist candidate for president, in prison for opposing the war. Eddington writes:
 
“The American national security state, created in peace and vastly expanded during war, would now become a permanent feature of national life, complete with enduring, draconian national security laws.”
 
If you want to know how we got here, Triumph of Fear is an entertaining read and an essential one. It also casts a mirror on the current state of surveillance and speech. Today, as in the Wilson era, we are challenged to separate explicit calls from violence from controversial speech. Today, as then, the government warrantlessly inspects Americans’ movements, associations, and statements, but with infinitely more precision and more data than could be reaped just by reading telegrams.

​House Members asked leading civil liberties experts to testify this morning on the “continued pattern of government surveillance of American citizens.” Gene Schaerr, PPSA general counsel, testified before the Subcommittee on Crime and Government Surveillance, setting out the dimensions of the federal government’s spying on Americans. He also spoke optimistically that Congress can rein in these practices. Here’s an excerpt from his written statement:
 
“We have seen under administrations of both parties the expansion of myriad forms of privacy-destroying technologies and practices – elements of an emerging American surveillance state being knitted together before our eyes.
 
“Like the proverbial frog unaware that it is slowly being boiled alive, Americans are being progressively trapped in a system of national surveillance. This is not happening because federal agencies are run by tyrants. The men and women in the intelligence community are passionate about their mission to protect the American people and our homeland. But in their zeal to execute their important mission, they are rapidly creating the elements of a pervasive American surveillance state. And astonishingly fast changes in technology are helping build this surveillance state before our laws can catch up to keep it within the constraints of our Constitution.
 
“At airports, at malls, on the streets, we are identified and tracked by our faces. Cellsite simulators in geofenced areas ping our phones to follow our movements. Our automobiles keep a record of every place we drive. Our digital devices at international terminals are subject to having all their contents downloaded and inspected without a warrant. Moreover, thanks to purchases of Americans’ digital information from data brokers, federal agencies ranging from the FBI to the IRS, Department of Homeland Security, and the Department of Defense, routinely access, without a warrant, digital information far more personal than what can be gathered by hand or found in a diary.  To top it off, we also face the routine collection of Americans’ communications ‘incidentally’ caught up in the global data trawl of programs authorized by Section 702, and in the past few years alone the FBI has conducted hundreds of thousands of warrantless searches of the Section 702 database specifically looking for Americans’ communications. 
 
“The end result is that the government is now able to collect and search through vast amounts of Americans’ communications and other personal data with ineffective statutory limits and limited congressional oversight. The personal data thus obtained reveals much about our health, mental health, and personal relations. Worse, all this data generated from myriad sources can then be woven together by the instant power of artificial intelligence to comprehensively track where we go, who we meet with, what we say or share in private, and what we believe. As a result, federal agencies are capable of generating comprehensive political, religious, romantic, health, and personal dossiers on every American from information gathered without a warrant. 
 
“This is as about as far from the Founders’ vision of the Fourth Amendment as one can imagine. Revulsion at government surveillance runs deep in our DNA as a nation; indeed, it was one of the main factors that led to our revolt against British rule and, later, to our Bill of Rights. Agents of the Crown could break into a warehouse or a home to inspect bills of lading or a secret political document, but they couldn’t access anything close to the wealth of private information contained in our digital lives today.
 
“Month by month, it is harder to square this emerging surveillance state with the ‘consent of the governed’ concept articulated in the Declaration of Independence and embodied in Article I of the Constitution. The Founders believed that American citizens should not be subject to surveillance by their own government without their consent – in the form of a statute duly enacted by their representatives in Congress. They should not be subject to surveillance at the whim of any executive official, none of whom has authority to consent to surveillance on their behalf …
 
“In the face of a surveillance state growing at breakneck speed, this Committee has shown leadership and a sense of urgency that matches the moment. We don’t have to supinely accept the erosion of all privacy. We don’t have to trust that government agents and future administrations will always use these awesome powers solely for national security. These technologies simply offer too much power to trust that future guardians will not be tempted to misuse them, as they have done in the past.
 
“In short, you have shown that you can protect both the constitutional rights of your constituents and also keep them safe from foreign and domestic threats. I urge you to uphold the Constitution by once again advancing – and persuading your fellow Members to adopt – a warrant requirement for both government-purchased data and data collected under Section 702.”
 
You can read Gene Schaerr’s full testimony here, and watch the full hearing here.

​Jeremy Bentham, the Enlightenment era philosopher of utilitarianism, sketched out the concept of a Panopticon – a prison designed to keep inmates under constant inspection by guards. 

What are the psychological consequences of knowing that one is being watched constantly? Last year we reported that SciTechDaily reported on an Australian study revealing that people who know they are being surveilled become hyperaware of faces, recognizing others faster than a control group. They become a little jumpy, always on the lookout to categorize someone as benign or a potential threat.

And those results came from knowing that one is being surveilled by a camera. What happens to the mental health and social life of people who are being watched not only by gear and gadgets, but also by government agents tailing them everywhere? Imagine putting out the garbage, going to a store, or picking up the kids from school only to see a familiar stranger across the street watching you.

This is the fate of “defector families” in North Korea. When someone defects from North Korea, the government punishes the defector’s relatives by subjecting them to persistent, relentless surveillance.

NK News profiles one such family who went through elaborate procedures to obtain internal travel documents to attend a family wedding. They turned back when they realized that their wedding party would also include a full complement of government agents tailing them and recording their every utterance and move.

“They went home to avoid making their relatives uncomfortable or causing problems on such an important day,” NK News reported.

A source told an NK reporter:

“These people live in an invisible prison, constantly anxious because everything they do is being watched. This surveillance and pressure cause severe psychological pain. One defector’s family described their difficulties, saying they must live their entire lives feeling like criminals from the moment they’re branded as having a defector relative. They gradually began avoiding people because having every breath, meal, and word monitored and reported became unbearable.”
​
The United States is not North Korea. But we should not kid ourselves that the mounting surveillance of Americans – by facial recognition, by the tracking of our phones and cars, by the purchasing of our personal data – is free of a psychological cost.

​If this were a political thriller, “Quiet Skies” might be Russia’s clandestine government surveillance program being used to eliminate enemies of the state by poisoning their tea with polonium every time they take a flight.

In reality, “Quiet Skies” is the Transportation Security Administration’s secret spying program for the Air Marshal Service. First outed by the Boston Globe in 2018, Quiet Skies singles out potentially dangerous flyers for close attention and inspection (“enhanced observation”).

Enhanced observation is a 45-minute process that squeezes every inch of clothing, inspects the lining of suitcases, and requires a live review of every electronic device (meaning take it out, turn it on, and hand it over). Two bomb-sniffing canine teams and a plainclothes TSA supervisor may also be involved and, in the sky, up to three Air Marshals are tasked with watching these suspected passengers’ every move.

“SSSS” is TSA’s boarding pass designation for this treatment, which suggests that no focus groups or historians were consulted beforehand.

Such inspections in many cases are undoubtedly necessary to track bad actors intent on doing harm to the United States. As people who fly often with our family members, we are glad the government is on the lookout for the next potential shoe-bomber. Whistleblowers have indicated that the program, however, is also being abused as a means of targeting political opponents rather than as a $400-million-dollar anti-terrorist safety net.

Just ask Tulsi Gabbard, who was targeted in 2024 after returning from Rome with her husband. By then, of course, the Iraq War veteran and former Democratic representative had become the Biden Administration’s persona non grata du jour after she endorsed and campaigned for Donald Trump.

With Gabbard now the Director of National Intelligence, we hope that Rep. Tim Burchett’s (R-TN) request for answers as to why Gabbard was targeted will now see the light of day. Was she simply unlucky in being randomly chosen for this treatment, which has happened to one of us?
​
If politics is involved in any way, that would be a very serious misuse of security policy. You don’t have to be a fan of Director Gabbard to see how such an authority could be misused by any administration in any direction. Employing such tools to surveil political opponents is how republics fall.

​An administrative subpoena is a contradiction in terms – a compulsory government demand for records issued without a judge. It is a tool that bypasses the judiciary, sidestepping the Fourth Amendment’s core protection of neutral oversight.

PPSA filed a Freedom of Information Act request with the Department of Justice’s Office of the Inspector General (OIG) seeking clarity on how administrative subpoenas are used – specifically, whether they require probable cause and whether any have ever been denied for lacking it. On those points, the OIG said it had no records. But it did release one document – a 15-page internal manual that shows how investigators issue subpoenas – often without court involvement and sometimes without notifying the target.

The manual makes one thing clear: subpoena power isn’t just held by top DOJ officials. It’s been pushed down the chain to the very investigators working the cases. FBI Special Agents in Charge (SACs) in field offices can issue subpoenas on their own authority – no judge, no internal check, no outside approval. Unless the target is someone “sensitive,” such as a journalist, judge, or senior government official, nobody else has to sign off.

These SAC-issued subpoenas can grab a lot, including names, addresses, phone logs, session times, and payment details from phone and internet providers. They can also pull records from hotels, rental car agencies, utility companies, and more. If financial records are involved, agents can delay telling the customer for up to 90 days. But in many cases, the manual doesn’t require telling the person at all. The government often collects this data quietly, without the target ever knowing.

And the courts? They only show up if someone refuses to comply. At that point, the OIG might ask a judge to enforce the subpoena. But that’s the exception. Most subpoenas never see a courtroom. The OIG has no records showing that it applies any standard, like probable cause, before issuing them. And its manual doesn’t lay out a clear evidentiary threshold. That means there’s no neutral party reviewing the request, and no formal limit on how broad or invasive it can be.

This might be legal under current statutes, but it doesn’t square with the U.S. Constitution. The Fourth Amendment is meant to protect us from unreasonable government demands for our private information. That protection means more than just saying ‘no’ to searches. It means requiring the government to justify its snooping before it happens. When agents can issue their own subpoenas without a judge’s okay, and collect sensitive personal data without notice, those safeguards vanish. And when the data involved reveals what people believe, where they go, and who they talk to, it’s not just a privacy issue. It’s a First Amendment problem, too.

No government investigator should have the power to demand private records without meaningful guardrails. If the government wants access to your private records, it should meet clear standards and operate under real oversight. When free speech, a free press, or freedom of association are on the line, the protections should be even stronger.
​
PPSA urges Congress to put limits on administrative subpoenas before they quietly erode the rights our nation’s founders set out to protect.

The threat landscape is growing again. This time, reports Forbes contributor Zak Doffman, the FBI is warning Americans about online utility sites, especially those offering free online document converter tools or a tool for downloading audio or video files (MP3, MP4, etc.).

Basically if it’s “online” and “free” and purports to do something you really need done – just say no. It’s not worth it.

Yes, these sites “work” in that you may well get your converted file or the downloading program you need. But you’re also likely to get your sensitive information stolen and malware or ransomware installed on your device.

And while there are legitimate utility sites out there, the scam sites will try to mimic their URLs. So, unless you know the site from prior experience and can trust it, or unless the site has been vetted by your tech team or the cyber gurus in your life, then don’t engage.
​
Better yet, don’t enter “free online document converter” in your search bar in the first place. It’s worth investing in official tools for all such tasks. Because not having your information stolen or your computer invaded is a value at any price.

As facial recognition and biometric scanning systems expand to 400 U.S. airports, Sen. Jeff Merkley (D-OR) is asking if this could be the beginning of a U.S. surveillance state.
 
In a video interview with Philip Wegman of RealClearPolitics, Sen. Merkley said:
 
“I'm concerned about the way facial recognition is used to encroach upon freedom and privacy around the world. We see China enslaving a million Uyghurs, and a tool they use is facial recognition software. It's so inexpensive and pervasive; if you put that power in the hands of a government, you can't know where it's going to go.

“This is not the kind of tool you want to give to the government in a free country. You would never know you have the ability to opt out at any airport where they're doing this program."

The Corporate Transparency Act’s plan to surveil 32 million American small businesses has been stopped cold.
 
On March 26, the Treasury Department published an interim final rule that removes the onerous beneficial ownership reporting requirement. From now on, only foreign entities are required to report or update the personal information of anyone who owns 25 percent or more of a given business.

There are good ways to track the money networks of terrorists, drug dealers, and other criminals. But asking hard-working American small business owners to spend hours and money to report information that doesn’t reveal any of that information was an idea whose time will deservedly never come.

We still look forward to the day when the “Repealing Big Brother Overreach Act” can be signed into law and the Corporate Transparency Act will be dismantled in toto.
​
No one expects “foreign reporting companies” to be transparent about which criminals might happen to own their businesses anyway. In the meantime, Treasury’s Financial Crimes Enforcement Network needs to find more realistic ways to safeguard the financial system from illicit activity – or at least be honest about its intent to extend surveillance over Americans’ financial transactions under the guise of flawed legislation like the CTA.

​Remember when the only person you worried might fall prey to scammers was your favorite aunt, who had only her Welsh Corgi at home with her during the day? “Now, Trixie,” you’d say, “don’t agree to anything and always call me first.”
 
Those days are over.
 
Forget your late aunt Trixie. Worry about yourself. Imagine if you received a phone call from a close friend, family member, even your spouse that was actually an utterly-convincing AI-generated version of that person’s voice – urgently begging you to provide a credit card number to spring her out of a filthy jail in Veracruz or pay an emergency room hospital bill.
 
The age of AI augers many things, we are told. But while we’re waiting for flying taxis and the end of mundane tasks, get ready to question the veracity of every form of media you encounter, be it text, image, audio, or video. In what is sure to be the first of many such public service announcements, the FBI is warning that the era of AI-powered fraud hasn’t just dawned, it is fully upon us.
 
The theme of the FBI’s announcement is “believability.” It used to be that scams were easy to spot – the writing was laughably bad, or the video and audio were noticeably “off” or even a little creepy – a phenomenon known as the Uncanny Valley effect. The newfound power of generative AI to produce realistic versions of traditional media has put an end to such reliable tells.
 
Anyone who thinks they’re immune to such trickery misunderstands the nature of generative AI.
 
Consider:

• In how many languages can you write fluently? It doesn’t matter because whatever the answer is, generative AI’s got you beat.

 

• That person you were flirting with via text? Generative AI chatbots are better at responding and demonstrating empathy. When they say, “I’ll message you this afternoon to see how your day went,” they actually do. And they will remember to ask you about the acupuncture treatment you had after scraping your post about it from your social media.

 

• Don’t bother asking scammers to prove their identity – fake passports and driver’s licenses are a generative AI specialty, right down to the photos. (Or ask anyway in case they happen to be amateurs, but don’t stop there).

​
Whenever a friend or family member sends a video that clearly shows him or her in need of help (stranded on vacation or having their wallet stolen at a nightclub perhaps), don’t automatically assume it’s real no matter how convincing it looks. And thanks to generative AI’s “vocal cloning” ability, a straight-up phone call is even easier to fake.
 
So, what can we do?
 
The FBI advises: Agree to a secret password, phrase, or story that only you and your family members know. Do the same with your friend groups. Then stick to your guns. No matter how close your heartstrings come to breaking, if they don’t know the secret answer, it’s a scam-in-waiting.
 
The FBI also recommends limiting “online content of your image or voice” and making social media accounts private. Fraudsters scrape the online world for these artifacts to produce their deepfake masterpieces. All generative AI needs to create a convincing representation of you is a few seconds of audio or video and a handful of images.
 
Rest in peace, Aunt Trixie. We miss her and the good old days when all we had to do was warn her not to give her personal information to a caller who said he was from the Corgi Rescue Fund. Today, if an AI scamster wanted to, he could now have Aunt Trixie call you from the grave, needing money, of course.

​Your genetic blueprint is your most unique identifier, packed with deeply personal information.

How might it be used? Your DNA could be subpoenaed by law enforcement to connect you to an investigation. It could be used to predict your predisposition to a disease, prompting an insurance company to raise your premiums. It can also compromise the privacy of your children and other relatives up, down, and across your family tree.

Seven million 23andMe customers learned this the hard way in 2023 when hackers gained access to their family trees, birth years, and geographic locations.

If you’ve ever sent in a saliva test for a 23andMe genetic profile, you should seriously consider having it and your data destroyed NOW. This is because 23andMe is going into voluntary Chapter 11 restructuring and could be sold – and with it, all your supremely private information the company holds.
​
Here are instructions from California Attorney General Rob Bonta on how to destroy your sample and delete your genetic data with 23andMe. Other DNA home-testing sites also offer delete functions in their account settings.

​Imagine a law enforcement agent – an FBI agent, or a detective in a large police department – who wants to track people passing out leaflets.
 
Current technology might use facial recognition to search for specific people who are known activists, prone to such activity. Or the agent could try not to fall asleep while watching hours of surveillance video to pick out leaflet-passers. Or, with enough time and money, the agent could task an AI system to analyze endless hours of crowds and human behavior and to eventually train it to recognize the act of leaflet passing, probably with mixed results.
 
A new technology, Vision Language Models (VLMs), are a game-changer for AI surveillance, as a modern fighter jet is to a biplane. In our thought experiment, all the agent would have to do is simply instruct a VLM system, “target people passing out leaflets.” And she could go get a cup of coffee while it compiled the results.
 
Jay Stanley, ACLU Senior Policy Analyst, in a must-read piece, says that a VLM – even if it had never been trained to spot a zebra – could leverage its “world knowledge (that a zebra is like a horse with stripes.)” As this technology becomes cheaper and commercialized, Stanley writes, you could simply tell it to look out for kids stepping on your lawn, or to “text me if the dog jumps on the couch.”
 
“VLMs are able to recognize an enormous variety of objects, events, and contexts without being specifically trained on each of them,” Stanley writes. “VLMs also appear to be much better at contextual and holistic understandings of scenes.”
 
They are not perfect. Like facial recognition technology, VLMs can produce false results. Does anyone doubt, however, that this new technology will only become more accurate and precise with time?
 
The technical flaw in Orwell’s 1984 is that each of those surveillance cameras watching a target human required another human to watch that person eat, floss, sleep – and try not to fall asleep themselves. But VLMs make those ever-watching cameras watch for the right things.
 
In 1984, George Orwell’s Winston Smith ruminated that:
 
“It was terribly dangerous to let your thoughts wander when you were in a public place or within range of a telescreen. The smallest thing could give you away. A nervous tic, an unconscious look of anxiety, a habit of muttering to yourself – anything that carried with it the suggestion of abnormality, of having something to hide." 
 
Thanks to AI – and now to VLMs – the day is coming when a government official can instruct a system, “show me anyone who is doing anything suspicious.”
 
Coming soon, to a surveillance state near you …

​The drafters of the U.S. Constitution could not have imagined Google, Apple, and cell-site technologies that can vacuum up the recorded movements of thousands of people. Still smarting from the British colonial practice of ransacking rows of homes and warehouses with “general warrants,” the founders wrote the Fourth Amendment to require that warrants must “particularly” describe “the place to be searched, and the persons or things to be seized.”
 
Courts are still grappling with this issue of “particularity” in geofence warrants – technology that analyzes mass data to winnow out suspects. Now a federal court in Mississippi has come down decisively against non-particular searches in location-and-time based cell tower data.
 
To reach this conclusion, Judge Andrew S. Harris had to grapple with a Grand Canyon of circuit splits on this question. His opinion is a concise and clear dissection of divergent precedents from two higher circuit courts.
 
Harris begins with the Fourth Circuit Court of Appeals in Virginia in United States v. Chatrie (2024), which held that because people know that tech companies collect and store location information, that a defendant has no reasonable expectation of privacy.” The Fourth Circuit reached its decision, in part, because Google users must “opt in to Location History” to enable Google to track their locations.
 
The Fifth Circuit Court of Appeals in New Orleans took the Fourth Circuit’s reasoning and chopped it up for jambalaya. The Fifth drew heavily on the U.S. Supreme Court’s 2018 United States v. Carpenter opinion – which held that the government’s request for seven days’ worth of location tracking from a man’s wireless carrier constituted an unconstitutional search.
 
This data, the Supreme Court reasoned, deserves protection because it provides an intimate window into a person’s life, revealing not only his particular movements, but through them his “familial, political, professional, religious, and sexual associations.”’ Despite a long string of cases holding that people have no legitimate expectation of privacy when they voluntarily turn over personal information to third parties, the U.S. Supreme Court held that a warrant was needed in this case.
 
The Fifth followed up on Carpenter’s logic with a fine distinction in United States v. Smith (2024): “As anyone with a smartphone can attest, electronic opt-in processes are hardly informed and, in many instances, may not even be voluntary.” That court concluded that the government’s acquisition of Google data must conform to the Fourth Amendment.
 
The Fifth thus declared that geofence warrants are modern-day versions of general warrants and are therefore inherently unconstitutional. That finding surely rattled windows in every FBI, DEA, and local law enforcement agency in the United States.
 
Judge Harris worked from these precedents when he was asked to review four search-warrant applications for location information from a data dump from a cell tower. The purpose of the request was not trivial. An FBI Special Agent wanted to see if he could track members of a violent street gang implicated in a number of violent crimes, including homicide. The government wanted the court to order four cell-service provides to produce data for 14 hours for every targeted device.   
 
Judge Harris wrote that the government “is essentially asking the Court to allow it access to an entire haystack because it may contain a needle. But the Government lacks probable cause both as to the needle’s identifying characteristics and as to the many other flakes of hay in the stack … the haystack here could involve the location data of thousands of cell phone users in various urban and suburban areas.”
 
So Judge Harris denied the warrant applications.
 
Another court in another circuit may have well come to the opposite conclusion. Such a deep split on a core constitutional issue is going to continue to deliver contradictory rulings until it is resolved by the U.S. Supreme Court. In the meantime, Judge Harris – a graduate of the University of Mississippi Law School – brings to mind the words of another Mississippian, William Faulkner: “We must be free not because we claim freedom, but because we practice it.”