Last week, leading civil libertarians – including PPSA’s own Senior Policy Advisor Bob Goodlatte – addressed Members of Congress and staff in a virtual conference detailing the need to add reforms to Section 702 of the Foreign Intelligence Surveillance Act.
Rep. Zoe Lofgren (D-CA) posted a particularly succinct and yet comprehensive description of the principles at stake in this debate. She addresses FBI Director Christopher Wray’s admission that the Bureau had purchased Americans’ location information without a court order. She noted the habit of the government to purchase our most sensitive data, bypassing “the Fourth Amendment simply by writing a check.”
Rep. Lofgren sets out what’s wrong, what needs to change, and the growing bipartisan determination to get real reform this year. She reminds us that “Congress can enact privacy protections for Americans without compromising national security, as it has done many times in the past.”
Mexican Gulf Fishing Company v. U.S. Department of Commerce: Case Highlights Danger of “Closely Regulated” Exception to the Fourth Amendment
Charter boat fishing companies recently won a major victory for the Fourth Amendment rights of all Americans. The Fifth Circuit Court of Appeals struck down a U.S. Department of Commerce requirement that would have forced charter boat owners to install, at their own expense, a “vessel monitoring system” that would continuously transmit their boats’ location, regardless of whether it was being used for commercial or personal purposes.
The court found that it “borders on incredible” that the government claimed it failed to notice personal privacy concerns in public comments to its rule.
This case is important because the Fourth Amendment warrant requirement protects more than homes. When the amendment was drafted, memories of British officials ransacking the offices of American merchants, shippers, and printers were fresh.
The Fourth Amendment, despite its absolute language, has eroded since the 1970s with the assertion by the courts that some industries have such a history of government oversight that no reasonable expectation of privacy exists. For such businesses – ranging from liquor sales, firearms dealing, mining, and auto junkyards – the threshold for whether a search is reasonable for purposes of the Fourth Amendment is much lower. Years ago, Justice William J. Brennan, Jr. worried that “heavily regulated” is an elastic concept which, if asked too broadly, would mean that “few businesses will escape such a finding.”
In the charter boat case, a lower court erred in lumping the charter boat fishing industry in with the more closely regulated commercial fishing industry. Charter boat fishing accounts for only two-tenths of one percent of annual fishing in the Gulf of Mexico. Nevertheless, the federal government found it necessary to require charter boat owners to install a GPS-enabled device at a cost of $3,000, with service fees of up to $75 per month, all for the pleasure of continuously reporting their whereabouts to Washington, D.C. The Fifth Circuit noted that charter boat owners earn, on average, $26,000 in net income. Disclosing the discovery of a prime fishing spot in the Gulf would constitute a hardship for many charter operators.
“The expansion of closely regulated-industry theory is a huge, huge danger to liberties for everybody,” said John Vecchione in a New Civil Liberties Alliance podcast, which represented the charter operators. Vecchione noted that the Fifth Circuit recognized that “as society grows, and regulation becomes more popular,” simply having to get a license could subject any business to warrantless inspections.
As it is, the reigning judicial standard seems thin to us. We fail to notice the “closely regulated” clause in the Fourth Amendment. But at least, we can be grateful that the Fifth Circuit placed an important guardrail against the expansion of this dubious doctrine.
Left Hooks and Right Jabs on Section 702
In this corner, we have Andrew Napolitano, libertarian-leaning former judge writing in The Washington Times. And in this corner, we have Bill Scher, liberal politics editor for The Washington Monthly.
Both men recently penned persuasive pieces about Section 702. Reading their articles in succession can be a vertigo-inducing experience. They look at the same federal surveillance authority embedded in the Foreign Intelligence Surveillance Act but see vastly different worlds.
Napolitano makes the case that Congress should allow Section 702 to expire at the end of this year. He traces the expansion of this authority – designed by Congress to allow U.S. intelligence agencies to track foreigners for the purpose of catching terrorists and spies – enabling domestic spying on U.S. citizens.
He concludes that Congress should allow Section 702 to die because it “permits the FBI to search those  databases without a search warrant, and if the NSA learns of evidence of criminal behavior without a warrant, requires it to share that evidence with the FBI.” He concludes that any Member of Congress who votes to reauthorize Section 702 “is unfit for office.”
Bill Scher describes the history of FISA, Section 702, and how partisan support for it has flipped back and forth. He notes that the Privacy and Civil Liberties Oversight Board (PCLOB), an independent watchdog set up by Congress, praised Section 702 in 2014 for contributing to “well over one hundred arrests on terrorism-related offenses.”
Scher acknowledges that the FBI is “overreaching” and has “given its critics plenty of fodder.” An Office of the Director of National Intelligence audit found that the FBI between December 2020 and November 2021 performed nearly 3.4 million queries on Americans, although Scher qualifies that this number contains large redundancies.
Scher buys into the argument that the FBI’s compliance is a problem of simply misunderstanding the querying rules. He adds that recent upgrades in FBI programs allow, as FBI Director Christopher Wray told Congress last week, a reduction of queries of Americans of 93 percent from the prior year.
What does PPSA say?
An FBI official has since disclosed to The New York Times that the actual number of individual Americans targeted with Section 702 queries in that roughly one year period is 204,090 times. That’s a lot less than 3.4 million, but it is still equal to about 560 searches per day, or roughly the population of Richmond, Virginia, illicitly searched every year.
Nor does Scher mention the change in attitude at PCLOB. Travis LeBlanc, who sits on the PCLOB Board, says: “We have a large number of compliance issues that we’ve seen over the years and the compliance issues particularly around U.S. person queries are quite significant.”
Most damningly, LeBlanc added that there are “minimal to negligible examples of the value” of domestic searches to national security. The FBI has used Section 702 data to do background checks, and in crimes ranging from bribery to health care fraud, hardly the stuff of national security.
Concerning the FBI’s learning curve, pardon us if we’re suspicious that the Bureau has taken 14 years to wrap its head around the need to use a warrant when checking data to investigate Americans. Yes, the program is complex. But 14 years? And if the Bureau truly has come up with methods of ensuring compliance, what harm would it be to add an explicit requirement for a probable cause warrant when investigating an American?
About Judge Napolitano’s piece, we sympathize with his outrage over the sometimes cavalier treatment of the U.S. Constitution. We agree with House Republicans who reject the administration’s proposal for a “clean” authorization without reforms. For Congress to pass Section 702, it will need to be rewritten. Surveillance that impacts Americans should be grounded in statute and Fourth Amendment-protected data should only be examined after obtaining a probable cause warrant.
On the other hand, following Napolitano’s advice and allowing Section 702 to expire would not end the federal surveillance of Americans. It would simply liberate it by permitting the federal government to conduct surveillance under no law, but under an executive order, 12333, without any legal barriers or guardrails.
Scher describes the opposition to reauthorizing Section 702 as coming from the ultra-conservative and ultra-progressive wings of the two parties. This is not the reality we see. We speak to Members of Congress every day. Many thoughtful Members – liberals, conservatives, and moderates – are deeply concerned that we have created a national security exception to the Fourth Amendment.
Bottom line: The opponents of Section 702 should know that reauthorizing this authority with serious reforms would amount to a great victory for civil liberties. The proponents of Section 702 should understand that if they succeed in rejecting these serious reforms, the denial of reauthorization is a real possibility.
Sticking too hard to maximalist positions could resemble a title bout with no winner.
By the end of 2023, Congress must decide whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act. Section 702 was intended to provide U.S. agencies with the statutory authority to collect intelligence only from foreigners abroad. Unfortunately, for over a decade, agencies have abused this authority, using loopholes in Section 702 to conduct warrantless surveillance on millions of Americans.
For example, a report published by ODNI in April 2022 disclosed that, in 2021 alone, the FBI conducted as many as 3.4 million searches of Section 702-acquired data for information about Americans and their communications. And in 2018, Foreign Intelligence Surveillance Court (FISC) Judge James Boasberg rebuked the FBI for improper use of 702 databases against Americans. The misuse of this surveillance is “widespread.” The FISC also revealed that the FBI has used warrantless NSA data in a range of cases involving purely domestic issues.
Such a system is worse than broken. It is assembling the elements for a pervasive, unaccountable surveillance state. Congress should not reauthorize Section 702 without making significant reforms to ensure these abuses do not continue under any authority.
Legislation that reauthorizes Section 702 must ensure compliance with key principles:
These principles are critical to Americans’ privacy and civil liberties. In 2023, Congress must end the pervasive abuse of Section 702 and other surveillance authorities.
Fourth Amendment, U.S. Constitution: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
Mark Udall, former U.S. Senator from Colorado and PPSA Senior Policy Advisor, interviews two senior attorneys from the American Civil Liberties Union (ACLU), Ashley Gorski, and Patrick Toomey, about Section 702 of the Foreign Intelligence Surveillance Act.
Sen. Udall says Section 702 was intended by Congress to be a tool to catch foreign spies and terrorists, not to be used for domestic spying. Patrick Toomey notes that it has been used millions of times by the FBI to spy on Americans. Hear:
Finally, hear a review of how Section 702 must be reformed before Congress can consider reauthorizing it.
In “A Scanner Darkly,” a 2006 film based on a Philip K. Dick novel, Keanu Reeves plays a government undercover agent who must wear a “scramble suit” – a cloak that constantly alters his appearance and voice to avoid having his cover blown by ubiquitous facial recognition surveillance.
At the time, the phrase “ubiquitous facial recognition surveillance” was still science fiction.
Such surveillance now exists throughout much of the world, from Moscow, to London, to Beijing. Scramble suits do not yet exist, and sunglasses and masks won’t defeat facial recognition software (although “universal perturbation” masks sold on the internet purport to defeat facial tracking).
Now that companies like Clearview AI have reduced human faces to the equivalent of personal ID cards, the proliferation of cameras linked to robust facial recognition software has become a privacy nightmare. A year ago, PPSA reported on a technology industry presentation that showed how stationary cameras could follow a man, track his movements, locate people he knows, and compare all that to other data to map his social networks. Facial recognition doesn’t just show where you went and what you did: it can be a form of “social network analysis,” mapping networks of people associated by friendship, work, romance, politics, and ideology.
Nowhere is this capability more robust than in the People’s Republic of China, where the surveillance state has reached a level of sophistication worthy of the overused sobriquet “Orwellian.” A comprehensive net of data from a person’s devices, posts, searches, movements, and contacts tells the government of China all it needs to know about any one of 1.3 billion individuals.
That is why so many civil libertarians are alarmed by the responses to an ACLU Freedom of Information (FOIA) lawsuit. The Washington Post reports that government documents released in response to that FOIA lawsuit show that “FBI and Defense Department officials worked with academic researchers to refine artificial-intelligence techniques that could help in the identification or tracking of Americans without their awareness or consent.”
The Intelligence Advanced Research Projects agency, a research arm of the intelligence community, aimed in 2019 to increase the power of facial recognition, “scaling to support millions of subjects.” Included in this is the ability to identify faces from oblique angles, even from a half-mile away.
The Washington Post reports that dozens of volunteers were monitored within simulated real-world scenarios – a subway station, a hospital, a school, and an outdoor market. The faces and identities of the volunteers were captured in thousands of surveillance videos and images, some of them captured by drone. The result is an improved facial recognition search tool called Horus, which has since been offered to at least six federal agencies. An audit by the Government Accountability Office found in 2021 that 20 federal agencies, including the U.S. Post Office and the Fish and Wildlife Service, use some form of facial recognition technology.
In short, our government is aggressively researching facial recognition tools that are already used by the Russian and Chinese governments to conduct the mass surveillance of their peoples.
Nathan Wessler, deputy director of the ACLU, said that the regular use of this form of mass surveillance in ordinary scenarios would be a “nightmare scenario” that “could give the government the ability to pervasively track as many people as they want for as long as they want.”
As we’ve said before, one does not have to infer a malevolent intention by the government to worry about its actions. Many agency officials are desperate to catch bad guys and keep us safe. But they are nevertheless assembling, piece-by-piece, the elements of a comprehensive surveillance state.
Rep. Darin LaHood Reveals that At Least One Member of Congress Was Improperly Surveilled by the FBI – Himself
FBI Director Christopher Wray rankles many Members of Congress and civil libertarians by presenting a smooth, bland, and impenetrable affect when faced with tough questions. He did himself no favors when, responding to criticism about the 17 errors of commission and omission on the Carter Page scandal highlighted by the Department of Justice Inspector General, he said: “Thanks for the constructive criticism.”
Today he brought that poker face to Thursday’s House Permanent Select Committee on Intelligence. When asked about FBI’s use of Section 702 of the Foreign Intelligence Surveillance Act (FISA) by Rep. Darin LaHood (R-IL), Wray said the FBI had made mistakes in the Page affair under Title I of FISA, another authority under a previous director. By implication, this means that 702 must be hunky-dory.
But this overlooks the acknowledgment by a senior FBI official to New York Times journalist Charlie Savage that the FBI had used Section 702 some 204,090 times in warrantless surveillance of Americans in just one year alone.
Rep. LaHood also dug into Wray on the revelation that at least one Member of Congress had his name used as a query term in one 702 search.
“I want to make clear the FBI's inappropriate querying of a duly elected member of Congress is egregious and a violation [that] not only that degrades the trust in FISA but is viewed as a threat to the separation of powers," LaHood said during the hearing.
Then came a development as close to a Perry Mason moment as a Congressional hearing room has experienced since the early Cold War.
“I have had the opportunity to review the classified summary of this violation, and it is my opinion that the member of Congress that was wrongfully queried multiple times solely by his name was in fact me,” Rep. LaHood said.
Toward the end of his questioning, Rep. LaHood underscored that he is heading the Section 702 reauthorization working group for Congress. Expect LaHood to ask if other Members of Congress were treated the same way by the FBI, with constructive criticism – and new limits on the FBI’s authority – to follow.
In today’s public hearing before the U.S Senate Select Committee on Intelligence, Sen. Mike Rounds (R-SD) asked FBI Director Christopher Wray about the need to reauthorize Section 702 authority of the Foreign Intelligence Surveillance Act.
This question was asked in the shadow of a Wall Street Journal story last year reporting that the FBI had conducted up to 3.4 million U.S. person queries in 2021, or warrantless searches of Americans’ personal data from the 702 database.
At the time, the FBI cautioned on background that the number was inflated by the inclusion of Americans’ data in an effort to protect these potential victims from cyberattacks from China, Russia, and other hostile countries. In today’s session, Director Wray said the FBI is “surgical and judicious” in its searches, making big strides in its database systems and training to minimize such intrusions.
Director Wray further asserted that in 2022, the Bureau had achieved a 93 percent reduction in such U.S. person queries. This apparently includes the elimination of those cases that fall in the cyber category. Shortly after, Charlie Savage of The New York Times reported that a senior FBI official clarified that the actual number was shy of 204,090.
In other words, the FBI director today admitted that the Bureau had compromised the Fourth Amendment rights of Americans about 204,000 times in just one year, or about 559 times per day. To put this in comparative terms, Sen. Rounds might want to consider that this number equals the total population of South Dakota’s largest city – Sioux Falls – plus the small city of Aberdeen.
PCLOB Board Member: Section 702 Domestic Searches of Americans of “Minimal to Negligible” Value
Travis LeBlanc, board member of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB), takes his position as a privacy watchdog seriously. Until the appointment of Sharon Bradford Franklin as PCLOB Chair, LeBlanc was the lone voice of public criticism and questioning of the largely secret activities of the intelligence community.
Expectations for PCLOB have long been low. A report on a surveillance authority, Executive Order 12333, was six years in the making. The public-facing version turned out to be a high school-level paper that seemed written out of Wikipedia. In June 2021, LeBlanc went public with his dissatisfaction with PCLOB’s timidity to explore contentious issues, such as 12333 and a program called XKEYSCORE that allows the NSA to sweep the global internet.
PCLOB of late has been showing its colors as an independent agency. It has long examined Section 702 of the Foreign Intelligence Surveillance Act, which allows intelligence agencies to carry out warrantless data collection. In recent years, there has been mounting evidence that the FBI has used Section 702 data as a “backdoor search” tool to warrantlessly locate information about Americans. The Office of the Director of National Intelligence has reported that the FBI has conducted up to 3.4 million searches for U.S. persons in the body of 702 data.
On Monday, LeBlanc appeared at the State of the Net Conference in Washington, reported by cyberscoop.com.
“We have a large number of compliance issues that we’ve seen over the years and the compliance issues particularly around U.S. person queries are quite significant,” LeBlanc said, expressing concern about Congress renewing this authority without serious reforms. He suggested Congress should consider adding a warrant process for searches of Americans.
Most interesting of all, LeBlanc said there are “minimal to negligible examples of the value” of these domestic searches. His statement rebuts the claim in January by Gen. Paul Nakasone, who heads the U.S. Cybercommand, who appeared before PCLOB in a public event to discuss many foreign threats that he said had been detected and neutralized because of Section 702. LeBlanc’s statement adds some missing context to the general’s characterization on the domestic uses of this program. It seems on the domestic side to be all violation and no value, at least from a national security standpoint.
At that same January event, Cindy Cohn of the Electronic Frontier Foundation: “I think we have to be honest at this point that the U.S. has de facto created a national security exception to the U.S. Constitution.” LeBlanc’s statement on Monday seems to add – “and for what?”
Politico: DHS Employees So Worried About Domestic Surveillance They Asked About Legal Liability Insurance
“Run Like a Corrupt Government"
Politico on Monday released the results of an investigation into activities of “virtually unknown” domestic intelligence activities within the Department of Homeland Security.
In documents obtained by Politico, one DHS employee said that the DHS Office of Intelligence and Analysis is “shady” and is “run like a corrupt government.” Some employees were so worried about the thin legal justification for their domestic spying activities that they wanted their employer to cover them with legal liability insurance.
A survey by I&A Field Operations Division, now called the Office of Regional Intelligence, found that one-half of respondents said they had alerted managers that they were concerned their activity was inappropriate or illegal. Many felt senior leadership had an “inability to resist political pressure.”
“In recent years, the office’s political leadership – Democrat and Republican – has pushed I&A to take a more and more expansive view of its mandate, putting officers in the position of surveilling Americans’ views and associations protected by the U.S. Constitution,” said Spencer Reynolds, counsel at the Brennan Center for Justice at New York University Law School, himself a former DHS intelligence and counterintelligence attorney. “There’s a tendency to use the office’s power to paint political opponents – be they left-wing demonstrators or QAnon truthers – as extremists and dangerous. This has had a disastrous impact on morale – most people don’t join the Intelligence Community to monitor their fellow Americans’ political, religious, and social beliefs.”
He added that I&A’s leadership has “sidelined” oversight offices, leaving employees little recourse but to comply.
I&A intelligence agents can also seek voluntary interviews with incarcerated people, including people awaiting trial. They must state that the interview is voluntary and that they have no sway over judges either in criminal or immigration cases. But they also can seek these interviews with inmates and those awaiting trial without alerting their attorneys. In many cases, the interviewees’ lawyers aren’t aware that the conversations are happening.
“While this questioning is purportedly voluntary, DHS’s policy ignores the coercive environment these individuals are held in,” said Patrick Toomey of the American Civil Liberties Union National Security Project. “It fails to ensure that individuals have a lawyer present, and it does nothing to prevent the government from using a person’s word against them in court.”
The civil liberties community owes a big debt of gratitude to Politico for this in-depth piece. Domestic intelligence gathering is pervasive and often without guardrails. Congress has much to investigate.
Will the Intelligence Community Remove Warrantless Surveillance of Americans from Section 702?
Letter from Attorney General Garland and Director Haines
Attorney General Merrick Garland and Director of National Intelligence Avril Haines wrote to the leaders of Congress to tell them that they must reauthorize Section 702 of the Foreign Intelligence Surveillance Act – “promptly” – so terrorists and foreign actors won’t attack us.
And to be fair, there are terrorists and state actors who wish to reach into our homeland and do us harm. The attorney general and director inform us that Section 702 data has been used to protect “against national security threats” from China and North Korea. It stopped components for weapons of mass destruction from reaching foreign actors, and disrupted terrorist and cyber threats. To which we say, thank you for your service!
Yet, we wish that were all. This letter ignores important failings of Section 702. They write, “Because Section 702 can only be used to target individual non-U.S. persons located outside the United States, it may not be directed against Americans at home or abroad.”
This is not, however, what happens. It is what is supposed to happen because Congress explicitly crafted Section 702 to protect us against the kinds of national security threats named in the letter from Garland and Haines. It forbids domestic spying and commands agencies to observe the Fourth Amendment.
The secret Foreign Intelligence Surveillance Court revealed in 2020 that the FBI has used Section 702 data in cases that include “health-care fraud,” “public corruption and bribery,” and more serious domestic concerns like extremists and “violent gangs.” The court observed: “None of these queries was related to national security.”
Nor did Garland and Haines address the FBI’s warrantless 3.4 million backdoor searches of Americans’ data in 2021 – a figure published by the agency itself, which has also been revealed as “murky,” suggesting that part of FISA reauthorization should require the FBI to get its own data in order. It is this kind of behavior that prompted the FISA Court to issue several opinions finding “widespread violations” by the FBI in its use of Americans’ communications in backdoor searches. One of them was an unnamed Member of Congress. The failure of the government to report systemic non-compliance prompted the secret court to denounce the National Security Agency for an institutional “lack of candor.” As we’ve noted elsewhere, that’s a choice phrase the FBI uses when it terminates an agent for lying to the Bureau.
The letter does promise that the intelligence community and Department of Justice are committed “to engaging with Congress on potential improvements to the authority that fully preserve its efficacy,” but no substantive reforms are named. Many civil liberties groups see this letter as a very discouraging opening bid given the massive extent of government surveillance of Americans.
The danger for the intelligence community is that if they play a game of chicken with Congress, they might well lose with the expiration of this authority. On the other hand, if they are serious – and are willing to accept an ironclad prohibition of the warrantless surveillance of Americans from Section 702 data – the law should have an excellent chance of being reauthorized before it expires in December.
We can protect both national security and the rights of Americans from warrantless government surveillance. We urge General Garland and Director Haines to listen and be willing to live up to the guarantees of the Fourth Amendment.
Did You Know Your Jeweler and Car Dealer Report You to the Feds?
Federal intelligence and law enforcement agencies and their champions on Capitol Hill are bringing together – often with the best of intentions – all the elements needed to create a Chinese-style comprehensive surveillance state here at home. Rep. John Rose (R-TN), a member of the House Committee on Financial Services, is aiming to curb the government’s thirst for surveillance in at least one domain – our personal financial information.
First, some background. Last year, PPSA reported on the Transparency and Accountability in Service Providers Act that would have enlisted a host of employees of non-bank financial institutions to spy on their customers and report any activity deemed suspicious to the Federal Crimes Enforcement Network (FinCEN).
Among the 7.2 million government informants deputized to spy would have been “financial gatekeepers” ranging from attorneys to trustees, those who wire money, financial services advisors, financial managers, and most of the financial services industry. Thankfully, that proposal did not make it into law in the last Congress.
But existing financial regulations in the current anti-money laundering regime are extensive. Banks continuously scrutinize customers’ accounts and send voluminous reports to FinCEN, recording and reporting your financial life to the government without having to bother with warrants or other niceties required by the Fourth Amendment.
Other “financial institutions” are similarly required to make such reports, including merchants you might never have imagined would be in this category – ranging from pawn shops, to car dealers, to jewelers, to broker-dealers.
At a CATO event Monday, Rep. Rose, himself a former banker with deep experience in trying to comply with the law, spoke of the impossibility of financial institutions in deciphering exactly what regulations require of them in compiling “suspicious activity reports” and “currency transactions reports.”
“Banks have no idea what to report,” Rep. Rose said. As a result, reporting institutions, fearing that an omitted line of data might later be used against them by law enforcement, tend to throw as much of our data – aka, our privacy – as they can at the feds.
“They want as much as they can get,” Rep. Rose said. He added that these regulations largely explain the rising cost of opening a checking account. Similar federal requirements are heaped on ATM systems, raising costs, and creating fewer outlets for low-income and the unbanked or underbanked.
Aaron Kline of the Brookings Institution noted this system’s hunger for ever-more data isn’t even a good one for law enforcement. “They are looking for a needle in a haystack, but they keep pouring in more hay.”
Kline suggested that policymakers from across the spectrum have a common interest in reforming this flatly unconstitutional financial surveillance system. Those on the left want to make it easier and cheaper for the unbanked and low-income bank customers to get access to financial services. Those on the right are concerned that these programs violate civil liberties. And even law enforcement should be interested in reform so it can refine its searches for patterns typical of terrorists, human traffickers, and drug dealers, instead of drinking from a digital firehose.
Perhaps such a coalition will support Rep. Rose’s Bank Privacy Reform Act, which would reform the Bank Secrecy Act of 1970 by repealing requirements for financial institutions to report their customers’ financial information and transaction histories to government agencies without a warrant.
Under Rep. Rose’s bill, financial institutions would still maintain customer records for government to examine… but only after agents present them with a probable cause warrant, as the Founders intended.
WASHINGTON EXAMINER: Why did CBS allow intelligence officials to mislead about the Foreign Intelligence Surveillance Act?
Our General Counsel, Gene Schaerr, writes in the Washington Examiner on how CBS News and their podcast, Intelligence Matters, enabled a completely one-sided, misleading interview about our government's domestic surveillance. Every citizen should be outraged on how our privacy rights are being abused all around.
SCOTUS Denies Wikimedia Case
Civil Libertarians Vow to Reform Section 702
The U.S. Supreme Court today declined to hear Wikimedia v. NSA, a lawsuit challenging the mass, secret surveillance of Americans’ online communications.
The ACLU had gone to court to challenge a National Security Agency program under the Foreign Intelligence Surveillance Act (FISA), which the agency uses to continuously monitor international and domestic communications across the internet’s main pathways.
“In analog terms, it’s as if government agents were opening the international letters passing through a U.S. post office en masse, reading the contents, and then keeping many of those letters in a file for years,” wrote Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee, in a recent op-ed.
Goodlatte compared this intrusion by the government into American’s emails, web-browsing content, and search engine queries to the “general warrants” of the colonial era that had helped spark the American Revolution.
“Worse, the government asserts that this case cannot even be litigated,” said Gene Schaerr, PPSA general counsel. “Under the government’s interpretation of the ‘state secrets’ doctrine, major surveillance programs of the government can never be litigated.
“This denial shows all the more reason why Congress needs to step in and use the pending reauthorization of Section 702 – a principal surveillance authority in FISA – to close loopholes the government is exploiting.”
WASHINGTON EXAMINER: The Supreme Court’s chance to take on government surveillance and secrecy
Next week, the justices will decide whether to take up a case, Wikimedia Foundation v. NSA, that raises a narrow but vital question for surveillance and the rule of law. Wikimedia asks the Supreme Court to decide whether and when the government can invoke secrecy to halt lawsuits challenging executive branch overreach.
The Supreme Court’s decision on whether to take up this case will have long-lasting implications for independent oversight of the NSA, CIA, and FBI, and other intelligence agencies. Meanwhile, the public’s privacy hangs in the balance.
You know you’ve in the hot seat when you get Rep. Pramilia Jayapal, Chair of the House Progressive Caucus; Rep. Andy Biggs, Former Chair of the House Freedom Caucus; and Rep. Warren Davidson, member of the Freedom Caucus and the House Republican Study Committee, on your case.
“This is totally unacceptable AND a great example of why any FISA reauthorization must include meaningful reforms to protect Fourth Amendment rights,” Rep. Jayapal tweeted in response to a Demand Progress report on FBI agents “breaking their own rules” and “unlawfully fishing through untold millions of communications that were swept up under Section 702.”
“The government abused its foreign intelligence gathering tools to spy on an unnamed Congressman and a local political organization,” tweeted Rep. Davidson. “These abuses are exactly why Congress must reform FISA this year. Warrantless surveillance of Americans is illegal.”
For years now, PPSA has been filing Freedom of Information requests and motions in federal courts to compel the intelligence community to release documents about government surveillance and unmasking of Members of Congress. We’ve yielded some data, but at times our efforts have felt like the long siege of an impregnable castle.
That stone wall has just been hit by a large boulder catapulted by Rep. Andy Biggs (R-AZ), Chairman of the Judiciary Subcommittee on Crime and Federal Government Surveillance. Rep. Biggs’ letter centers around Section 702 of the Foreign Intelligence Surveillance Act that grants authority to federal agencies to surveil the communications of foreigners located abroad.
Rep. Biggs fired off a letter to FBI Director Christopher Wray that begins by quoting a December report from the Office of the Director of National Intelligence (ODNI) that notes federal agents have used data collected under Section 702 authority to query:
We would add that the ODNI also reported that similar queries included journalists and political commentators. Again, these domestic surveillance queries were conducted out of Section 702 data that Congress explicitly defined as being about foreign intelligence.
Rep. Biggs notes that when Section 702 was last up for reauthorization, Members of Congress had the temerity to consider adding an amendment requiring a warrant for access to 702 data relating to Americans. Strictly speaking, this provision would be redundant, since that requirement is already bright line set out by the Founders in the Fourth Amendment to the Constitution. But mules often need to be struck more than once.
Even this modest step, however, was opposed then by the federal intelligence agencies. Biggs wrote they “used scare tactics to convince legislators that unchecked use of this information is only way to keep our nation from harm.”
Now Rep. Biggs is putting questions to Director Wray, demanding to know if the Member of Congress in the ODNI report was informed of how his name was used in an investigation. Was anyone disciplined for using warrantless surveillance against a Member of Congress? Rep. Biggs asks about how many times queries were performed on other Members of Congress or their staff, political party officials, or campaign personnel and candidates. And then he poses the same questions about the queries concerning a local political party.
Members of Congress and politicians are entitled to the same Fourth Amendment protection as any other American. More to the point, when the rights of a politician are violated – even if it is a candidate you dislike – such a violation affects the political rights of every American.
PPSA has been posing these questions in the form of FOIA requests and lawsuits for years. It is good to know that we now have backup from a leading member of the House Judiciary Committee.
Director Wray, the next move is yours.
Our senior policy advisors, former U.S. Congressman Bob Goodlatte and former U.S. Senator Mark Udall, map out four basic principles all surveillance programs should be subject to by Congress before the reauthorization of Section 702 can be contemplated.
We reported last March on the incisive – but curiously incomplete – ruling by Judge Mary Hannah Lauck of the federal district court in Richmond, Virginia, who held that a broad geofence warrant was unconstitutional.
This case began when Richmond police set out to catch a bank robber. They asked Google to sweep seven days’ worth of location data from a geofenced area large enough to track people and their devices in a targeted area, from diners at a Ruby Tuesday restaurant, to any one of the guests at a Hampton Inn, to residents of an apartment complex and a senior living facility.
In this case, United States v. Chatrie, Judge Lauck noted Google logs cellphone users’ location 240 times a day. She wrote that because of this, Google gives the police “an almost unlimited pool from which to seek location data” in a broad area in which everyone in that pool has “effectively been tailed.”
In a detailed ruling, she wrote that Google’s database “appears to be the most sweeping, granular, and comprehensive tool – to a significant degree – when it comes to storing location data.” Despite finding the warrant unconstitutional, however, Judge Lauck did not suppress the evidence because she ruled that the police acted in “good faith.”
The technology in question is both granular and unreliable. It can tell police which floor of a building a person was on. But this same technology can also yield false positives – putting someone at a location she was not at, transforming an innocent person into a suspect.
Now the ACLU and Electronic Frontier Foundation have teamed up to file two amicus briefs in Chatrie and another case yielding similar issues, People v. Meza. In the latter case, police requested data for a geographic area equivalent to about 24 football fields.
In their briefs before appellate courts, ACLU and EFF argued that these “general warrants” do not require the police to show probable cause to believe any one device was linked to a crime under investigation.
Despite Judge Lauck’s well-reasoned and well-researched affirmation of the Fourth Amendment, her decision lacked teeth because the evidence – tainted as it was – was ruled admissible. This is no mere pedantic distinction in a single case involving a bank robber.
Google reports that geofenced warrants now constitute more than one-quarter of the total warrants it receives. PPSA joins our civil liberties colleagues in urging the appellate courts to crack down on these wide-ranging, indiscriminate general warrants for the digital age.
The U.S. Supreme Court should grant review in Moore v. United States, a case loaded with unintended consequences for digital as well as physical privacy but one clouded by a 3-3 deadlock in the First Circuit Court of Appeals.
The case involves the suspicion by the Bureau of Alcohol, Tobacco and Firearms (ATF) that Nia Moore-Bush was using the home of her mother, Daphne, to sell narcotics and firearms. Without seeking a warrant, ATF placed a video camera on a utility pole across the street from her house. Agents could control the camera, allowing them to see (both live and in recordings) the facial expressions of visitors, details of their clothing, small objects in their hands, and the license plate numbers of cars parked in the home’s driveway.
And so the ATF agents watched and waited… watched and waited… for eight months… until they obtained the purported evidence they were hoping for.
The presence of a neighbor’s Ring camera across the street would be problematic enough. But the installation of a persistent watch over a house by the police necessarily involves the Fourth Amendment at its core.
Three judges on the First Circuit believed this persistent surveillance violated the Fourth Amendment. Three did not. The three who saw a violation rested their case on Justice Harlan’s test of whether an activity violated a “reasonable expectation of privacy.” In its amicus brief, the Cato Institute criticized Justice Harlan’s test as circular, one that requires judges to “use their own views or best estimations about privacy,” which in turn “guide societal expectations.”
Cato presented a clearer standard, calling on the Court to “hew more closely to the actual text of the Fourth Amendment in determining whether government action amounts to a constitutionally cognizable search […] And here, the highly directed and persistent observation of Moore at her home is a ‘search’ for evidence against her in the natural sense of the term.” Cato also noted that the Supreme Court has repeatedly emphasized that “the home is first among equals. At the [Fourth] Amendment’s very core stands the right of a man to retreat into his own home and there be free from unreasonable governmental intrusion.”
But what about the actual act of “retreating?” The ATF’s intrusion brings into play the idea of “curtilage” – how far out from the door does the heightened protection of one’s home extend? The Supreme Court had found in June 2021 in Lange v. California that a Fourth Amendment violation had occurred when a police officer put his foot under a closing garage door sensor to force a door open to chase a misdemeanant.
What PPSA told the Court in our Lange brief applies here:
While the protections for electronic devices and communications remain under development, it is unlikely that courts would give such information sources more protection than the home. Accordingly, if the Court were to create a categorical misdemeanor exigency rule applicable to home entry, that rule would inexorably be extended to warrantless entry into electronic sources of information, posing an even more pernicious and extensive threat to privacy and its Fourth Amendment protections.
For example, today’s smartphones and other devices contain information detailing every aspect of a person’s life: messages to family, identifying documents, intimate pictures, personal journals, health information, financial data, and more are likely to be found on a device that the government has the technical ability to search remotely.
The Supreme Court can help curtail the many threats to Americans’ privacy – including digital privacy – by upholding the principle that intrusive, persistent surveillance always requires a probable cause warrant. Moore offers the Court a good opportunity to do just that.
H.L. Mencken observed that “balloonists have an unsurpassed view of the scenery, but there is always the possibility that it may collide with them.” On Saturday came the collision. With the undisguised joy of children popping a balloon with a needle, Americans celebrated when a U.S. Air Force F-22 Raptor fired a single missile to send China’s surveillance balloon, aka “the red zeppelin,” into the Atlantic off the coast of South Carolina.
Good enough. But is our own government also using surveillance balloons to spy on American citizens?
In 2019, a Pentagon contractor sought permission from the Federal Communications Commission to conduct wide-area surveillance tests over six Midwestern states – South Dakota, Minnesota, Iowa, Wisconsin, Missouri, and Illinois. The aerospace-defense corporation Sierra Nevada said in this filing that balloons would be tested to “provide a persistent surveillance system to locate and deter narcotic trafficking and homeland security threats.”
The Guardian broke the story that these spy balloons, capable of loitering over cities for weeks or months, probably carried military-grade surveillance equipment, perhaps even Gorgon Stare – a pack of nine cameras capable of taking panoramic images of city-sized or larger areas to offer 24-hour coverage. Such visuals, downloaded and recorded, would give federal agents the ability to rewind and follow the movements of a single person or vehicle.
“We do not think American cities should be subject to wide-area surveillance in which every vehicle could be tracked wherever they go,” Jan Stanley of the American Civil Liberties Union told The Guardian. “Even in tests, they’re still collecting a lot of data on Americans: who’s driving to the union house, the church, the mosque, the Alzheimer’s clinic.”
The Baltimore police ran a similar program using a spy plane that captured panoramas of that city. A federal appeals court declared the program unconstitutional in June 2021. By then, however, almost 1 million images had already been entered as evidence in criminal cases.
It would be good to know the outcome of the Pentagon’s balloon experiment. Was any actionable intelligence used from this program? Did this program continue domestically in some form or fashion, or was it (forgive us) merely a trial balloon that went nowhere?
Congress Should Not Reauthorize FISA Section 702 Without Key Principles to Protect Civil Liberties
PPSA has joined with other civil liberties organizations to distribute this message to Members of Congress and their staff.
By the end of 2023, Congress must decide whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act. Section 702 was intended to provide U.S. agencies with the authority to collect foreign intelligence. Unfortunately, for over a decade agencies have abused this authority to an extreme degree, using loopholes in Section 702 to conduct warrantless surveillance on millions of everyday Americans.
A report published by ODNI in April 2022 disclosed that, in 2021 alone, the FBI conducted as many as 3.3 million searches of Section 702-derived data for information about Americans' communications. And in 2018, Foreign Intelligence Surveillance Court (FISC) Judge James Boasberg rebuked the FBI for improper use of 702 databases against Americans. The FISC also revealed that the FBI has used warrantless NSA data in a wide range of cases involving purely domestic issues.
Such a system is worse than broken: it is assembling the elements for a pervasive, unaccountable surveillance state. Congress should not reauthorize Section 702 without making significant reforms to ensure these abuses end once and for all.
Specifically, legislation to reauthorize Section 702 should ensure compliance with these key principles:
These principles are critical to protecting Americans’ privacy and civil liberties. We must end the pervasive abuse of Section 702 and other surveillance authorities.
Fourth Amendment, U.S. Constitution: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
What’s Behind ATF’s Redactions?
PPSA recently reported that the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), in a response to our Freedom of Information Act (FOIA) request, downplayed its use of stingrays, as cell-site simulators are commonly called. Yet one agency document revealed that stingrays are “used on almost a daily basis in the field.”
This was a critical insight into real-world practice. These cell-site simulators impersonate cell towers to track mobile device users. Stingray technology allows government agencies to collect huge volumes of personal information from many cellphones within a geofenced area.
We now have more to report with newly-released documents that, as before, include material for internal training of ATF agents. One of the most interesting findings is not what we can see, but what we can’t see – the parts of documents ATF takes pains to hide. The black ink covers a slide about the parts of the U.S. radio spectrum. Since this is a response to a FOIA request about stingrays, it is likely that the spectrum discussed concerns the frequencies telecom providers use for their cell towers. What appears to be a quotidian training course for agents on electronic communications has the title of the course redacted.
If that is so, was there something revealing about the course title that we are not allowed to see? Could it be “Stingrays for Dummies?”
The redactions also completely cover eleven pages about pre-mission planning. Do these pages reveal how ATF manages its legal obligations before using stingrays?
This course presentation ends somewhat tastelessly, a slide with a picture of a compromised cell-tower disguised as a palm tree.
In the release of another tranche of ATF documents, forty-five pages are blacked out. It appears from the preceding email chain that these pages included subpoenas for a warrant executed with the New York Police Department. The document assigns any one of a pool of agents to “swear out” a premade affidavit to support the subpoena.
The ATF reveals it uses stingrays on aircraft, which requires a high level of administrative approval. It seems, however, from an ATF PowerPoint presentation that this is a policy change, which suggests that prior approvals were lax. Was this a reaction to the 2015 Department of Justice’s policy on cell-site simulators? If aerial surveillance now requires a search warrant, what was previously required – and how was such surveillance used? Was it used against whole groups of protestors?
Finally, the documents reveal that the ATF has had cell-site simulators in use in field divisions in major cities, including Chicago, Denver, Detroit, Houston, Kansas City, Los Angeles, Phoenix, and Tampa, as well as other cities.
PPSA will report more on ATF’s ongoing document dumps as they come in.
By The Way... Here's How ATF Glosses Over Its Location Tracking
The training manual of the Bureau of Alcohol, Tobacco, Firearms and Explosives states that cell-site simulators “do not function as a GPS locator, as they do not obtain or download any location information from the device or its applications.” This claim is disingenuous. It is true that exact latitude and longitude data are not taken. But by tricking a target’s phone into connecting and sending strength of signal data to a cell tower, the cell-site simulator allows the ATF to locate the cellphone user to within a very small area. If a target uses multiple cell-site simulators, agents can deduce his or her movements throughout the day.
Below is an example from a Drug Enforcement Agency document that shows how this technology can be used to locate a target (seen within the black cone) in a small area.
Now Even License Plates Can Be Hacked
The generation of children who grew up entranced by Dr. Seuss’s 1990 bestseller “Oh, the Places You’ll Go!” are now adults who are definitely going places – with every move tracked and recorded in multiple ways.
In the 2018 Carpenter case, the U.S. Supreme Court held that Americans have a reasonable expectation of privacy with respect to their historical location data. This expectation, the Court reasoned, requires a probable cause warrant under the Fourth Amendment before someone’s location history can be inspected by law enforcement. That sounds like a definitive ruling, but it wasn’t.
Law enforcement agencies expand legal loopholes and use legal tricks to get around this narrow opinion. For example, last year the Virginia Mercury news organization found that 18 police departments around the state accessed more than 7,000-days-worth of surveillance, often in pursuit of minor criminal cases. How did the police get around the Carpenter rule? By creating their very own assembly line for warrants. In another example, stingrays – cell-site simulators that mimic cell towers – are still used by at least 14 federal agencies and 75 state agencies to locate people. And, of course, our cars have become digital devices with GPS features that record our trips.
Now it has been revealed by security researchers that they can track one’s location by hacking digital license plates in California. These are special plates that Golden State residents can sport for a monthly fee, giving them a battery- or wire-powered plate that can digitally update the bottom line of their license plate to display changing messages (such as celebrating a recent bowl win by the customer’s football team). They also text owners if a car has been removed without permission, sending a “stolen” alert.
Vice’s Motherboard reports that security researchers gained administrative access to the sole provider of these plates, Reviver. Through this access, the researchers tracked vehicles and their movements by GPS. They could also change the digital slogans at the bottom. On the more benign end, imagine switching someone’s “Go Cal!” license plate to “Go Stanford!” Far more maliciously, the researchers surmised that an actual attacker could also delete a customer’s Reviver plate. Somewhat concerning is the researchers’ discovery that granting themselves superuser access gave them the ability to track vehicles – which begs the question of why the company manufacturing these license plates felt the need to give themselves this ability to begin with.
Reviver told Vice that it had quickly patched the system. The security of digital license plates is a concern for the minority of drivers who’ve purchased this technology and can afford its monthly fee. The larger issue is that as the Internet of Things unfolds, we’re going to be tracked eight ways to Sunday that the law allows.
When more cases about permutations of location tracking next appear before the Supreme Court – and the narrowness of Carpenter ensures that it will – the Justices should take that as an opportunity to issue a more comprehensive ban on warrantless tracking.
Details Emerge on Illegal Financial Spying by 600-Plus Federal, State, and Local Agencies
In March, PPSA reported on the existence of a unit of the Department of Homeland Security that accessed bulk data on Americans’ money wire transfers above $500. This data was collected by a non-profit, private-sector organization, the Transaction Record Analysis Center (TRAC), that relied on what the ACLU calls “overbroad and illegal subpoenas” issued by the State of Arizona.
At the time, PPSA asked how many federal, state, and local agencies accessed this data from TRAC. Now we know, thanks to an investigation by Sen. Ron Wyden (D-OR) and the ACLU, which released startling results today. Surveying more than 200 documents, they report:
Under the law, a bank must receive a subpoena for bank records and notify customers that their records have been examined. No such protections exist for money transfer companies subpoenaed to provide bulk information to the TRAC program.
As we reported last year, domestic wire transfers within the United States between American citizens are also being pulled by TRAC.
Arizona had set up TRAC with settlement money from Western Union. With that money now exhausted, Sen. Wyden believes that TRAC is now federally funded. Sen. Wyden told The Wall Street Journal that TRAC lets the government “serve itself an all-you-can-eat buffet of Americans’ personal financial data while bypassing the normal protections for Americans’ privacy.”
Gene Schaerr, PPSA general counsel, said:
“This purely illegal program treats the Fourth Amendment as a dish rag. We commend Sen. Wyden and ACLU for giving us a better understanding of the scale of this program, as well as the likelihood that taxpayers’ dollars are being used to spy on us. This warrantless intrusion into the financial privacy of millions of Americans suspected of no crime ought to excite the bipartisan interest of the newly elected House majority as well as Sen. Wyden and his colleagues.”
Listen to a discussion about the ways our government spies on us and what we can do about it this year. This is a talk between Bob Goodlatte, former Chairman of the House Judiciary Committee and PPSA Senior Policy Advisor, and Sean Vitka, Senior Policy Counsel for Demand Progress.