The U.S. First Circuit Court of Appeals in 2024 held that the IRS did not violate the Fourth Amendment when it scooped up the financial records of one James Harper through a broad dragnet of the Coinbase cryptocurrency exchange. The court based this finding on a sweeping interpretation of the “third-party doctrine,” which “stems from the notion that an individual has a reduced expectation of privacy in information knowingly shared with another.” Given the terabytes of personal data that technology forces us to hand over to third-party companies, including our most intimate data – personal communications, online searches, health issues, and yes, financial holdings – does this mean that, as the First Circuit and other lower courts have ruled, there is essentially “no legitimate expectation of privacy” in that data? Consider that the U.S. Supreme Court has repeatedly held that the Fourth Amendment protects “that degree of privacy against government that existed when [it] was adopted.” Times change and technology evolves. Any inquiry into reasonableness should require a periodic recontextualizing of what the Founders intended. That’s not anti-originalism; it’s just a common-sense application of original intent with new technology and capabilities. The Supreme Court did just that in Carpenter v. United States, holding that the warrantless seizure of cell phone records constitutes a Fourth Amendment violation. In this case, at least, the high Court held that a reasonable expectation of privacy exists even when information is held by a third party. As the Court wrote, “when an individual ‘seeks to preserve something as private,’ and his expectation of privacy is ‘one that society is prepared to recognize as reasonable,’ official intrusion into that sphere generally qualifies as a search and requires a warrant supported by probable cause.” That goes not only for cell phone records but for any data that is supposed to be private. In our brief that PPSA filed with the Court, we explain that: “Despite Carpenter’s clear warning against allowing the third-party doctrine to degrade privacy via a ‘mechanical interpretation of the Fourth Amendment’ … lower courts have generally failed to heed that warning. Rather, they mechanically first ask if the information was disclosed to a third party and then treat this disclosure as a complete carveout from Fourth Amendment protections unless the circumstances closely or identically match Carpenter’s narrow facts.” In this era of breakneck technological change and cloud computing, much of our personal information is disclosed to third parties – even information of the most sensitive kind. An interpretation that third-party disclosure automatically nullifies your right to privacy is a flawed approach in the 21st century. As we demonstrated in our brief, the Supreme Court must act to “prevent a contrary understanding of Carpenter from continuing to erode Americans’ privacy as third-party storage becomes ubiquitous and artificial intelligence becomes powerful enough to piece together intimate information from seemingly innocuous details about a target’s life.” Technology is evolving too robustly and too rapidly for the third-party doctrine to remain stuck in the era of paper bills. The First Circuit’s extreme interpretation of the third-party doctrine is a quaint vestige of a prior age, no longer equal to technologies that the Supreme Court ruled contain all “the privacies of life,” and it would make the Fourth Amendment a mere piece of ink on parchment rather than a true safeguard of Founding-era levels of privacy. We reported in February that Texas Attorney General Ken Paxton is suing General Motors over its long-running, for-profit consumer data collection scheme it hatched together with insurance companies. Now Wired’s Dell Cameron reveals that automakers may be doing even more with your data, perhaps sharing it with law enforcement (often with and without a proper warrant). So you may be getting way more than you bargained for when you subscribe to your new vehicle’s optional services. In effect, your vehicle is spying on you by reporting your location to cell towers. The more subscription services you sign up for, the more data they collect. And in some cases, reports Wired, cars are still connecting with cell towers even after buyers decline subscriptions. All of that data can easily be passed to law enforcement. There are no set standards as to who gives what to whom and when. When authorities ask companies to share pinged driver data, the answers range from “Sure! Would you like fries with that?” to “Come back with a subpoena,” to “Get a warrant.” For its part, GM now requires a court order before police can access customers’ location data. But the buck can also be passed to the cell service providers, where the protocols are equally opaque. When Wired’s Cameron asked the various parties involved what their policies were, he was frequently met with the sound of crickets. Author John Mac Ghlionn sums up the state of automotive privacy: “Your car, once a symbol of independence, could soon be ratting you out to the authorities and even your insurance company.” It’s probably time to update “could soon be” to “is.” This technology gives police the ability to cast a wide dragnet to scoop up massive amounts of personal data, with little interference from pesky constitutional checks like the Fourth Amendment. Law enforcement agencies of all stripes claim their own compelling rights to collect and search through such data dumps to find the one or two criminals they’re looking for, needle-like, in that haystack of innocent peoples’ information. Since your driving data can be sold to data brokers, it is also likely being purchased by the FBI, IRS, and a host of other federal agencies that buy and warrantlessly inspect consumer data. Just over a year ago, Sens. Ed Markey (D-MA) and Ron Wyden (D-OR) fired off a letter to the chair of the FTC to demand more clarity about this dragnet approach. Caught with their hand in the cookie jar thanks to the resulting inquiry, GM agreed to a five-year hiatus on selling driver data to consumer reporting agencies. Where that leaves us with the police, as the Wired article reports, often remains an open question. In the meantime, consider adjusting your car’s privacy settings and opt outs. The more drivers who take these actions, the more clearly automakers, service providers, and law enforcement agencies will start to get the message. We’ve covered automated license plate reader (ALPR) software nearly 20 times in the last few years. That we are doing so again is a reminder that this invasive technology continues to proliferate. In the latest twist, an affluent LA community bought its own license-plate readers, gifted them to the Police Foundation; and, with approval from the City Council and the Police Commission, handed them to the LAPD. There was a proviso – that they only be used in said well-off LA community. Turns out the LAPD didn’t appreciate being told where to use ALPR tech and which brand to use. The head of the department’s Information Technology Bureau told the media that law enforcement agencies should be able to use plate reader technology as they see fit and should own and control the data collected. This seems more about turf than principle, given that the LAPD already has thousands of plate-reading cameras in use. This case brings a new question to an already intense debate. Should the well-connected be able to contract with local police to indiscriminately spy on masses of drivers, looking for those “who aren’t from around here”? It is concerning enough the LAPD has already built up one of the nation’s largest ALPR networks. This is an example of how for-profit startups like Flock Safety are trying to corner the market for this technology nationwide and doing so through opaque agreements with law enforcement agencies that are impermeable to public scrutiny and oversight. As with most surveillance tech, there are cases that justify their use. But these legitimate instances tend to be relatively few in number and should be executed with transparency in mind and oversight engaged. That’s a far cry from the “dragnet surveillance” approach currently in place, where the movements of millions of citizens who have done nothing wrong are tracked and stored in public and private databases for years at a time, all without a warrant or individual consent. The Biden administration’s State Department kept dossiers on Americans accused of acting as “vectors of disinformation.” This was a side activity of the now-defunct State Department Global Engagement Center (GEC). It secretly funded a London-based NGO that pressured advertisers to adhere to a blacklist of conservative publications, including The American Spectator, Newsmax, the Federalist, the American Conservative, One America News, the Blaze, Daily Wire, RealClearPolitics, Reason, and The New York Post. Now we know that the blacklisting went beyond publications to include prominent individuals. At least one of them, Secretary Rubio said, was a Trump official in the Cabinet room when the secretary made this announcement. “The Department of State of the United States had set up an office to monitor the social media posts and commentary of American citizens, to identify them as ‘vectors of disinformation,’” Rubio said on Wednesday. “When we know that the best way to combat disinformation is freedom of speech and transparency.” Jordan and Biggs Are Right – Protect Americans’ Privacy by Terminating the US-UK CLOUD Act Agreement5/2/2025
It looks like the CLOUD Act might soon evaporate. A bilateral agreement under that Clarifying Lawful Overseas Use of Data Act went into effect in 2022 to facilitate the sharing of data for law enforcement purposes. In February, the news leaked that the UK’s Home Office had secretly ordered Apple to provide a backdoor to the content of all of its users, Americans included. The order would effectively break the Apple iPhone’s Advanced Data Protection service that uses end-to-end encryption to ensure that only the account user can access stored data. In response, Rep. Jim Jordan, Chairman of the House Judiciary Committee, and Rep. Andy Biggs, Chairman of the Subcommittee on Crime and Federal Government Surveillance, have fired off a letter to Attorney General Pam Bondi asking her to terminate the agreement with the UK under the CLOUD Act. They understand the UK order would be a privacy catastrophe for Apple users around the world. Encryption protects dissidents, women and children hiding from abusive relationships, not to mention the proprietary secrets of innumerable businesses and people who simply value their privacy. Under the terms of the agreement, the two parties can renew the CLOUD Act every five years. Just after the 2024 election, however, then-Attorney General Merrick Garland preemptively renewed the agreement to try to discourage the incoming Trump Administration from canceling or changing the agreement. These two leading House Republicans told Bondi that the UK order “exposes all Apple users, including American citizens, to unnecessary surveillance and could enable foreign adversaries and nefarious actors to infiltrate such a backdoor.” Or, as Jordan and Biggs noted, President Trump told UK Prime Minister Keir Starmer that the order was like “something that you hear about with China.” Perhaps fearing a consumer backlash in the United Kingdom, the British government made a bid to keep Apple’s appeal of the order in a secret court session, claiming that even discussing the “bare bones” of the case would harm national security. The Investigatory Powers Tribunal rejected the government’s stance, guaranteeing at least some openness in the court’s deliberations. But we cannot count on the British government to get it right for Americans. For that reason, Chairmen Jordan and Biggs began heaving rhetorical chests of tea into the harbor. They wrote: “Accordingly, because the UK’s order could expose U.S. citizens to surveillance and enable foreign adversaries and nefarious actors to gain access to encrypted data, we respectfully urge you to terminate the Agreement and renegotiate it to adequately protect American citizens from foreign government surveillance.” Time to Wise Up to High Tech BurglaryIt might be time – and we can’t believe we’re typing this – to check your potted plants and hedges. If you don’t recognize that oddly shaped topiary in between the rhododendron and the geranium, it could be, well, a plant (as in a device placed there to spy on you). As we reported before, a new trend is blooming in larceny: burglars hiding cameras on properties in order to learn the habits of residents. Take a look at this recent report from KABC in Los Angeles. Similar instances have been linked to visitors from South America and hence are referred to as “burglary tourism.” But in reality, it’s just as much a home-grown problem. (No more gardening puns, we promise.) In the end, the source of the violation is irrelevant. What matters is that we’re dealing with some relatively sophisticated criminals. And what matters more is how to protect yourself. Here’s some advice:
CNET offers some additional guidance on how to thwart this high-tech thievery, including installing a video doorbell or a camera with audio that let’s you see (and ask annoying questions) in real time. Finally, if you do discover a hidden camera spying on you or your neighbors, call the police. Today, Hungary is ostensibly free, a democratic state in a union of democratic states. But something is rotten in Budapest. Prime Minister Viktor Orbán has been steadily fashioning a monoculture since his return to power 15 years ago, running afoul of European Union policies and democratic norms along the way. The most recent infraction is multifaceted, and it involves the use of facial recognition to target peaceful protesters for criminal prosecution. In March, Orbán’s subservient parliament railroaded the opposition and banned public gatherings of gay rights activists. With the stroke of a pen, Pride gatherings and related pro-gay rights protests were suddenly illegal. A month later, these crackdowns were enshrined in the country’s constitution (showing why America’s founders were wise to foresee the necessity in making the U.S. Constitution so notoriously difficult to amend). As in Putin’s Russia, the justification for this crackdown is that it’s necessary to protect children from “sexual propaganda” – even though we are talking about peaceful protests conducted by adults in city centers. However you feel about Pride parades, most Hungary watchers believe the prime minister needs to whip up a cultural scapegoat to rally his base in advance of next year’s elections. Hungary represents a turning point in the rise of the modern surveillance state in a developed country. Beyond the infringement of basic rights, it includes a chilling new embrace of facial recognition technology – specifically, to identify Pride participants (now officially designated as criminals) or likewise pick out faces from among the tens of thousands who are sure to illegally protest these new measures. At the moment, the punishment for such unconstitutional behavior is a fine of up to €500. Organizers, however, can be imprisoned for up to a year. But can even more draconian punishments be far behind? If you’re wondering how Hungary’s democratic partners in the European Union are reacting to all of this, the answer is not well. And it’s also raising important questions about the efficacy of the EU’s AI regulations in general (a debate about loopholes and guardrails that merits a separate discussion). For now, though, Americans should take in a cautionary warning from Hungary’s use of facial recognition software. Future uses of the technology here could target leaders of a MAGA or a Black Lives Matter protest. Facial recognition scans can pinpoint individuals, spotting the face in a crowd. It gives regimes the ability to come back later to arrest and persecute on a scale only Orwell could have conceived. All of this is enhanced by the unholy combination of data analytics, advanced algorithms, unprecedented computing power, and now generative AI. The uncomfortable truth of the modern era is inescapable: The development and deployment of modern surveillance has gone hand in hand with modern authoritarianism, from Russia to China and Iran. Just imagine what might have happened if J. Edgar Hoover had access to facial recognition tech and AI. We imagine it would have looked like Orbán’s dystopian democracy. Budapest Pride is not backing down, celebrating its 30th anniversary in a public demonstration in June. The world will be watching to see how this technology is used. In Star Wars lore, it was the democratic, peace-loving Republic that built the first fleet of Star Destroyers. But the fleet was quickly repurposed for evil after the Republic fell. What was once a defensive force for good became a heavy-handed tool of occupation and terror. In a galaxy closer to home, imagine the development of a fully integrated civilian computer system designed to help a technological democracy of 345 million people operate smoothly. In the early 21st century, successive governments on both the right and left embraced the idea that “data is the new oil” and began the process of digitizing records and computerizing analog processes. Generative artificial intelligence, vast increases in computing power, and the rise of unregulated data brokers made the creation of a single database containing the personal information and history of every citizen readily available to federal agencies. At first, the system worked as advertised and made life easier for everyone – streamlining tax filing, improving public service access, facilitating healthcare management, etc. But sufficient guardrails were never established, allowing the repurposing of the system into a powerful surveillance tool and mechanism of control. This scenario is now on the brink of becoming historical fact rather than cinematic fiction. “Data collected under the banner of care could be mined for evidence to justify placing someone under surveillance,” warns Indiana University’s Nicole Bennett in a recent editorial for The Conversation. And if you like your social critiques with a side of irony, the Justice Department agreed with her in its December 2024 Artificial Intelligence and Criminal Justice report. It concluded that the AI revolution represents a two-edged sword. While potentially a driver of valuable new tools, its use must be carefully governed. The Justice Department said that AI data management must be “grounded in enduring values. Indeed, AI governance in this space must account for civil rights and civil liberties just as much as technical considerations such as data quality and data security.” Yet the government is proceeding at breakneck speed to consolidate disparate databases and supercharge federal agencies with new and largely opaque AI tools, often acquired through proprietary corporate partnerships that currently operate outside the bounds of public scrutiny. Anthony Kimery of Biometric Update has described the shift as a new “arms race” and fears that it augers “more than a technological transformation. It is a structural reconfiguration of power, where surveillance becomes ambient, discretion becomes algorithmic, and accountability becomes elusive.” The Galactic Republic had the Force to help it eventually set things right. We have the Fourth – the Fourth Amendment, that is – and the rest of the Bill of Rights. But whether these analog bulwarks will hold in the digital age remains to be seen. To quote Kimery again, we are “a society on the brink of digital authoritarianism,” where “democratic values risk being redefined by the logic of surveillance.” In the late 19th century, American business embraced the management philosophy of Frederick Winslow Taylor, author of The Principles of Scientific Management. He wrote: “In the past the man has been first; in the future the system must be first.” So managers put their factory systems first by standardizing processes and performing time and motion studies with a stopwatch to measure the efficiency of workers’ every action. Nineteenth century workers, who were never first, became last. Now intrusive surveillance technology is bringing this management philosophy to the knowledge economy. This entails not just the application of reductionism to information work, but the gross violation of employee privacy. This was brought home when Paulina Okunyté of Cybernews reported on Thursday that WorkComposer, an employee surveillance app that measures productivity by tracking logging activity and regular screenshots of employees, left over 21 million images exposed in an unsecured bucket in Amazon’s cloud service. WorkComposer also logs keystrokes and how much time an employee spends on an app. As a result, usernames and passwords that are visible in screenshots might enable the hijacking of accounts and breaches of businesses around the world. “Emails, documents, and projects meant for internal eyes only are now fair game for anyone with an internet connection,” Okunyté writes. With 21 million images to work with, there is plenty of material for cyberthieves and phishing scammers to victimize the people who work for companies that use WorkComposer software. This incident exposes the blinkered philosophy behind employee surveillance. As we have reported, there are measurable psychological costs – and likely productivity costs – when people know that they are being constantly watched. Vanessa Taylor of Gizmodo reports that according to a 2023 study by the American Psychological Association, 56 percent of digitally surveilled workers feel tense or stressed at work compared to 40 percent of those who are not. We also question the usefulness of such pervasive tracking and surveillance. Efficiency is a commendable goal. Surely there are broader and less intrusive ways to measure employee productivity. Such close monitoring runs the risk of focusing workers on meeting the metrics instead of bringing creativity or bursts of productivity to their jobs. Allowing people to take a break every hour to listen to a song on earbuds might, in the long run, make for better results and greater efficiency. Just don’t make a funny face or sing along, the whole world might see you. Batman isn’t the only one who needs to worry about “unmasking.” This is the term of art for when federal officials ask that an American’s personal, international communications be deanonymized. “Upstreaming” is the National Security Agency practice of working with companies like Verizon or AT&T to create backdoors into the internet backbone to use targeted keywords to collect the content of Americans’ communications. The practice of unmasking rose from 198 instances in 2013 to 5,000 in 2020. As this increase occurred, the intent of these searches began to look more and more political. In 2017, National Security Advisor Susan Rice issued unmasking orders for identities of transition team members for Donald Trump’s first administration. More troubling, U.N. Ambassador Samantha Power or someone in her office made hundreds of unmasking requests. Nearly 270 of these requests came days or even hours before Power’s service in government ended. Some of these unmasking orders were not supported by any legitimate national security justification by Section 702. Many were not subjected to “minimization” procedures to ensure that private information was performed in as limited a way as possible. PPSA has long sought to learn how unmasking and upstreaming might be used against Members of Congress with oversight responsibility over the intelligence community. So we filed FOIA requests with DOJ to seek answers, including records on potential spying on 48 current and recent Members of Congress, ranging from former Vice President Kamala Harris to now-Secretary of State Marco Rubio, Rep. Jim Jordan to Sen. Ron Wyden. We’ve yet to receive a fulsome answer to our Freedom of Information Act requests (FOIA) seeking records reflecting policies governing the unmasking of Members of Congress. But the Criminal Division of the Department of Justice has now informed us in writing that “no responsive records subject to the FOIA were located.” “In other words, the Criminal Division claims to have no policies on how it might warrantlessly tap into the identity of Members of Congress in international communications, and potentially the content of their communications,” said Gene Schaerr, general counsel of PPSA. “When agencies spy on the very people who are charged with their oversight, you might think that at least some policies would be in place. “And you might also think – given that spying on Congress necessarily involves the civil rights of us all – that there would be some internal guardrails or training material,” Schaerr said. “But you would be wrong.” PPSA will report any further revelations in our ongoing efforts to dig out more information on how the intelligence community might be spying on Congress. With the passing of Pope Francis, it seems appropriate to reflect on his statements regarding surveillance, privacy, and human rights. In his 2024 World Day of Peace message, the pontiff declared:
The whole essay is worthy of our attention. It contains frank criticisms of the breakneck development of AI, as well as an important acknowledgement of China’s insidious “social credit” system, whereby its citizens are monitored and their behaviors graded. Pope Francis himself had sufficient reason to be wary of surveillance states. Just a few weeks ago, the Vatican revealed that several of the pontiff’s senior aides discovered that foreign spy agencies had infected their smartphones with Pegasus spyware. Rep. Knott: “It’s Amazing to Me That There’s So Much Resistance to the Warrant Requirement” Perhaps you had other things to do during last week’s House Judiciary hearing, “A Continued Pattern of Government Surveillance of U.S. Citizens.” So here’s a summary: The Judiciary’s Subcommittee on Crime and Federal Government Surveillance brought together witnesses from across the political spectrum (including PPSA’s own Gene Schaerr) to identify potential solutions to the ongoing (and growing) problem of Fourth Amendment abuse by government entities. At the heart of the discussion was the need to import probable cause warrants – the key requirement of the Constitution’s Fourth Amendment – to the practice of federal agencies freely accessing our international communications, as well as our personal, digital data. Witnesses effectively rebutted the fearmongering campaign by the intelligence community to convince us that a warrant requirement for federal surveillance of American citizens is too onerous, and too dangerous to entertain. But the most effective remarks came from a Member of the committee. Rep. Brad Knott (R-NC), a former U.S. Attorney for the Eastern District of North Carolina, addressed the issue of warrant requirements with the assurance of a former federal prosecutor. He spoke of what it took for him to get permission to “flip the switch” on some of the most “intrusive” forms of wiretapping American citizens. “So you have to demonstrate necessity,” Rep. Knott said. “You have to demonstrate why other techniques are futile … the rigor we had to exercise was very important … it kept the internal investigators accountable.” Rep. Knott said the warrant process made sure investigations were “open and honest.” Investigators knew “that their actions were going to be subject to pen and paper. They were going to be subject to judicial review … and opposing counsel.” Given the clarity and accountability added by warrants, Rep. Knott added: “It’s amazing to me that there’s so much resistance to the warrant requirement alone.” Throughout the 90-minute hearing, Members and witnesses stressed one thing: The countdown clock is ticking on what may be our last, best chance at meaningful reform – including the adoption of a warrant requirement for U.S. citizens when Section 702 of the Foreign Intelligence Surveillance Act (FISA) comes up for renewal next year (it’s due to sunset in April 2026). Section 702 is the legal authority that allows federal intelligence agencies to spy on foreign targets on foreign soil. But it also “incidentally” picks up the international communications of Americans, which can then be warrantlessly inspected by the FBI and other agencies. Section 702 got a lot of airtime at the hearing and was frequently linked with the words “loophole” and “backdoor.” The Reforming Intelligence and Securing America Act (RISAA) of 2024 attempted to fix Section 702 – and did add some useful reforms – but it also left a loophole in which the FBI and others attempt to justify warrantless backdoor searches on Americans’ private communications. For the FBI in particular, this has become the go-to means to warrantlessly develop domestic leads. “Three million times they did [backdoor searches] in 2021,” lamented Judiciary Chairman Jim Jordan (R-OH). Or, as James Czerniawski of Americans for Progress, put it: “Time and time again we have caught the intelligence community with their hand in the constitutional cookie jar.” Members and witnesses alike also addressed a privacy crisis even greater than Section 702 – the routine purchases made by federal agencies of Americans’ private digital information from data brokers. ACLU’s Kia Hamadanchy reminded the subcommittee that the kind of data that can be bought and sold would be, in the words of a former CIA deputy director, “top secret” sensitive if gathered by traditional intelligence means. It would have to be kept “in a safe,” not in a database. The hearing also got at what many consider the underlying issue driving the new era of surveillance. Namely, the acknowledgment that we increasingly live not in one world, but two – our physical reality and its digital twin. But unlike our world, the laws governing how the Fourth Amendment should be applied in the digital context are largely unwritten. In other words, said Rep. Andy Biggs (R-AZ), it’s the “Wild West.” And Ranking Member Rep. Jamie Raskin (D-MD) added, “New technologies make it a lot harder to reign in government intrusion in the lives of the people.” The unwitting result? “We live in a modern, albeit consensual, surveillance state,” declared Phil Kiko, principal at Williams & Jensen and former Judiciary counsel. With any luck, things might be different a year from now when FISA is up for renewal, thanks to a U.S. District Court ruling in January. “To countenance this practice,” of warrantless surveillance, wrote the court, “would convert Section 702 into … a tool for law enforcement to run ‘backdoor searches’ that circumvent the Fourth Amendment.” That legal precedent didn’t exist when the last Congress debated FISA reforms. Emboldened by this landmark decision, Reps. Jordan and Raskin are pledging to once again work together in a bipartisan spirit to win this fight. Their continuing partnership captures the spirit of the subcommittee’s hearing and should give reformers a renewed sense of hope. As we labor to protect our personal and business information from governments and private actors, it helps to think of our data as running through pipes the way water does. Just like water, data rushes from place to place, but is prone to leak along the way. Now, as the AI revolution churns on, workplaces are getting complete overhauls of their data’s plumbing. Some information leaks are thus almost inevitable. So, just as you would do under a sink with a wrench, you should be careful where you poke around. A major new source of leakage is conversational AI tools, which are built on language in all its forms – words and sentences, but also financial information, transcripts, personal records, documents, reports, memos, manuals, books, articles, you name it. When an organization builds a conversational AI tool, many of these source items are proprietary, confidential, or sensitive in some way. Same with any new information you give the tool or ask it to analyze. It absorbs everything into its big, electronic, language-filled brain. (Technically, these are called “large language models,” or LLMs, but we still prefer “big, electronic, language-filled brains.”) So be careful where you poke around. As Help Net’s Mirko Zorz reminds us, companies should give employees clear guidelines about safely using generative AI tools. Here is our topline advice for using AI at work.
Finally, leave everything work-related at work (wherever work is). When elsewhere, don’t use your work email to sign into any of the tens of thousands of publicly available AI applications. And never upload or provide any personal or private information that you don’t want absorbed into all those big, electronic, language-filled brains out there. Because leaks are nearly inevitable. Like millions of other Americans, we are receiving text messages telling us that someone at a company’s HR department has noticed our very impressive resume and would like to discuss a job offer, call before the job’s filled! – or, we have an unpaid highway toll and must pay quickly to avoid a fine! – or, our package delivery has hit a snafu and we need to deal with it post haste, or it might get lost forever! The FBI advises us to delete such texts and to never – as in NEVER!!! – click through them. Such messages aim to persuade you to add to the hundreds of millions of dollars Americans are losing to text scams every year from sophisticated gangs in China. As Americans become wary of these smishing scams (a portmanteau of “SMS” short-message service texts and “phishing”), criminals are becoming more sophisticated, often impersonating a credible brand or agency to make you think that you must provide your credentials, account numbers, Social Security number, or make a payment in order to avoid a severe penalty. And if you do click through, you may also expose your phone to a malware infection that will endanger you long after the text is forgotten. One telltale sign of a smishing scam is that the link points to a foreign top-level domain. Common ones are “com-track,” and “com-toll.” But China’s smishing gangs are getting good at embedding links in actual “.com” addresses for real brands and agencies. So always assume it is a scam. What should you do if you receive such a suspicious text? The FBI advises: “STOP! Take a moment to breathe deeply in and out.” Again, NEVER!!! open the text. Write down the issue on paper and delete the text. And if you still have a tingle of doubt, go online and look up the main website and customer service number of the bank, delivery company, toll authority, or whatever, and ask them. But you do have an impressive resume, by the way. Click here to learn more. Are We Guarding Their Sacred Trust? April 19, 2025, is the 250th anniversary of the American Revolution. It’s a story most Americans know pretty well, but here at PPSA we’d like to highlight one of the more obscure portions of that history, but one that is of ultimate importance to the all-but-impossible dream the Revolution would eventually make real: The Bill of Rights. The subject of today’s lesson? General warrants. If that doesn’t ring a bell, then be glad, because that means the Bill of Rights largely did its job. General warrants were one of the primary tools of tyranny King George used to oppress, even terrorize, the Colonists. Armed with general warrants, the Crown’s agents could search anywhere they wanted, for anything they wanted, and for any reason — or, even worse, for no reason at all. General search warrants don’t name a specific person or place and don’t state what the authorities are looking for – making it possible to target people without reason or cause, and almost without limits. As you can imagine, such writs were widely abused. To quote the Declaration of Independence, the King “sent hither swarms of Officers to harass our people and eat out their substance.” Barging into homes, destroying property, searching belongings, and seizing whatever they wanted. And not just homes – shops, ships, banks, churches. Americans had had it. And on April 19, 1775, they said enough was enough. And they meant it. Sixteen years and 8 months would pass between that day and the day the Fourth Amendment was ratified. The Fourth Amendment exists because it was, and is, the best answer to the outrageous indignity of general warrants. That’s what historians call a “direct line.” It's appropriate on this occasion to also recall a recent historical reminder from Rep. Jamie Raskin, a Democrat who happens to represent a district from Maryland, one of the thirteen original colonies – “The Old Line State” – a moniker earned in blood defending Washington’s army on multiple occasions. Speaking recently at a House Judiciary Subcommittee hearing on government surveillance, Raskin quoted James Madison: “The essence of government is power; and power, lodged as it must be in human hands, will ever be liable to abuse.” It’s no accident of history that Madison drafted what would become the Fourth Amendment. Two and a half centuries later, patriots of all stripes are called once again to hold the line against a modern, invasive, and warrantless surveillance state. That we are still battling unlawful searches and seizures suggests, in a sense, that some things never change. But it also proves the timeless wisdom of those original ideas – that some things should endure. In the Fourth Amendment and Bill of Rights, the Founders left us a sacred trust. “The right to be let alone,” wrote Justice Louis Brandeis, is “the most comprehensive of rights and the right most valued.” It’s Beyond Ridiculous that We Have to Worry About This With the summer travel season imminent, the already hot (and recently explored) topic of warrantless searches at U.S. borders and ports of entry keeps getting hotter by the day. The latest twist comes from ZDNET, where David Berlind asks the age-old question: Biometric vs. Passcode? What, you were expecting “Plastic vs. Paper?” Seriously, it’s come to this: How do American citizens best thwart their own government from its attempts to violate our constitutional rights? Specifically, how do citizens prepare against warrantless searches of their personal devices at border crossings, as Customs and Border Patrol agents seem increasingly determined to carry out? The CliffsNotes version of ZDNET’s advice: The spoken word still matters (for now) relative to the Constitution, as in, “No person … shall be compelled in any criminal case to be a witness against himself.” Speech existed when the Constitution was written; biometric tech (fingerprint scanning, facial recognition, etc.) did not. Put another way, being pressured to verbally recite your passcode could be construed as self-incrimination. So it is easier to refuse a request to speak it than to stand still and have your face open your device. But this much is sure: biometrics aren’t spoken, so that line to the Fifth Amendment is dotted at best. The same goes for Miranda. “The right to remain silent” is predicated on you actually remaining silent. As for the Fourth Amendment itself, the Supreme Court has yet to meaningfully clarify its 1985 declaration that the Fourth’s “balance of reasonableness is qualitatively different at the international border than in the interior.” In practice, this means warrantless searches of your devices coming through customs is allowed. Among the many unanswered questions, what constitutes a “routine” search? Is the biometric vs. passcode distinction a completely absurd technicality straight out of Monty Python? You bet your sweet privacy it is. But it’s also a gray area of unsettled law, so technicalities are currently one of our last defenses against this particular strain of government intrusion. And He May Steal Part of Your Identity to Buy Them There’s a relatively new twist in identity theft – synthetic identity theft, meaning the individual elements of the fake identity are either stolen from multiple victims or fabricated. Because none of the pieces are from the same victim, it’s like building a new person out of the spare parts of others – hence Frankenstein. What’s the appeal? From the fraudster’s perspective, the Frankenstein approach offers numerous advantages over traditional identity theft (where a single, real person’s whole identity is stolen). The two biggest advantages are:
CNET’s Neal O’Farrell says the way to watch out for this kind of identity theft is to keep an eye on your Social Security Number. Phone numbers and addresses can change; SSNs are static. So if Frankenstein’s SSN happens to be yours, well, you get the picture. O’Farrell specifically recommends these steps:
Finally, consider the Federal Reserve Toolkit devoted to this subject, specifically, the Fed’s Synthetic Identity Fraud Mitigation Toolkit. Aimed primarily at businesses and the payment industry, it contains plenty of information of value to any audience, including individuals and families. We asked them to rename it the “Frankenstein Identity Fraud Mitigation Toolkit,” but you can imagine how that went. File all of the above under the folder named, “Reality, New.” We agree that it’s something of a pain, but ultimately it’s just about forming a few new habits. The ACLU’s Updated Travel Advice with Privacy in Mind Traveling with electronic devices this summer? Of course you are. Would you like those devices searched by federal agents? Of course not. Think the Fourth Amendment protects you from such searches? Think again, says the ACLU. As we’ve written previously, U.S. ports of entry are twilight zones where the Fourth Amendment is more of a suggestion than a right. Having monitored this issue for years, the ACLU recently updated their advice for travelers. Here’s a summary version from the ACLU:
CBP agents can’t force you do anything (surrender a password, for example), but if you lock horns then you’d better be prepared to stay at the airport awhile or at least say goodbye to your electronic devices for weeks or even months. This is all a pain. But the better strategy is to plan ahead. Columbia’s Knight Institute Goes to Court to Find Out As we’ve noted, a veritable gaggle of organizations (including a service called Gaggle) are helping schools to monitor student activity on district-issued devices – tracking every website, every keystroke (and potentially snapping pictures of students’ private lives). These arrangements lack transparency. Parents are only told it’s necessary to ensure “public safety” or some version of “safeguarding student mental health.” In the meantime, school districts and taxpayers are shelling out millions to the ed tech industry. And all that collected data? Surveillance companies like GoGuardian and Gaggle have signed a Student Privacy Pledge that they will not sell students’ personally identifying information. Despite pledges from school districts and tech companies, more clarity is needed about who can access students’ information and why. This inscrutable practice of student monitoring is about to get a little more attention – in the form of a lawsuit aimed at unearthing the facts. Attorney Jennifer Jones of the Knight First Amendment Institute describes the student surveillance industry in detail and makes the legal case against it in the Teen Vogue online newsletter. The Knight Institute’s lawsuit isn’t the first of its kind, but its timing amid the cultural chaos of artificial intelligence suggests it could be a tipping point for transparency. This lawsuit is also not about specific privacy violations alleged by individuals, so it won’t be settled for damages as some previous cases have been. On paper, student surveillance systems sound great: The monitoring is designed to prevent self-harm, cyberbullying, and violence. And yet, as Jones points out, the standard list of related keywords and websites the software provides can be customized – making it capable of going far beyond universal safety concerns to serve the political or cultural agenda du jour. What happens if a student tries to access a banned book, for example? Should that be reported? This is all just one search word away from a dystopian episode of the Twilight Zone. As has been reported from multiple quarters, there is scant and merely anecdotal evidence that any of these systems accomplish what they purport to – but evidence of plenty of misfires. Moreover, the law on which this burgeoning surveillance apparatus is based, the Children’s Internet Protection Act of 2000, requires no measures beyond basic obscenity filters. The ed tech industry has done a bait and switch to take advantage of well-intentioned school administrators who are desperate to solve some of the most heartbreaking problems of our time. It would be nice if AI-powered surveillance was the quick fix, but it’s not. It is a blunt force instrument with chilling implications up and down the Bill of Rights. We don’t need to normalize an educational-corporate-juridical surveillance state. The answers to the problems of school violence and self-harm are not easy, and they won’t be solved by technology alone. They must be mitigated through connection and relationships: Talking not stalking. So it’s time for a reckoning, and a conversation that brings all of us to the table. We hope the Knight First Amendment Institute’s lawsuit makes that candid and open conversation happen. Here’s some suggested further reading: Superman Isn’t the Only One with X-Ray Vision: Apparently, Your Wi-Fi Can See Through Walls Too4/11/2025
We are reminded of a Vice story in 2023 that should have received much more attention than it did. Then again, it can be challenging to keep up when new threats to privacy seem to emerge daily. That story, with a very recent twist, is thus: It turns out that Wi-Fi is capable of sensing human presence, potentially even pinpointing location, determining posture/position, and tracking movement. Unsurprisingly, the underlying technology is courtesy of Facebook’s AI team, using optical methods like cameras. Now, Carnegie-Mellon researchers have realized that Wi-Fi is the perfect vehicle for solving “limitations” with the original optical approach, limitations such as not being able to see people in the dark or behind furniture. And that’s not creepy at all, is it? Call us old-fashioned but we just have the feeling that terrible things could come from being able to spy on people in the dark. And we unequivocally declare that the rudimentary nature of what Carnegie-Mellon has “accomplished” won’t remain that way for long. Believe us when we say, technologists will figure this out and in very short order. Because, wouldn’t you know it, Carnegie-Mellon’s iteration is just the latest in a long line of “Wi-Fi sensing” advancements. According to MIT, it’s a broad field with the potential to “usher in new forms of monitoring.” They predict that in effect it’s the future of motion detection technology. Only that future is now. Verizon, Origin Wireless, Cognitive Systems Corporation, AXIS, and Infineon all have services on offer that use some form of Wi-Fi sensing. The goals – “health metrics,” “elder safety,” “home security” – sound commendable, as is always the case with privacy incursions and surveillance overreach. The commercial and social justifications are also appealing, even compelling. But what happens when someone with less-than-wholesome intentions gains access? To say that we need robust guardrails around such technology is the epitome of understatement. And the time to build those guardrails for private and public use of this technology? Probably 2023. Congratulations to Director of National Intelligence Tulsi Gabbard for launching a serious effort at intelligence community (IC) reform. On Tuesday, Director Gabbard announced a “Task Force to Restore Trust in the Intelligence Community and End Weaponization of Government Against Americans.” Rather than saddle Washington with an unwieldy new acronym, TFRTICEWGAA, this task force will be known as the Director’s Initiatives Group (DIG). “I established the Director’s Initiative Group to bring about transparency and accountability across the IC,” Director Gabbard said in a statement. She lists many DIG priorities that are familiar hobby horses of this administration, though they are admittedly responses to deep and serious abuses – from official and secret government censorship during the Biden administration, to weaponization of government for political purposes. What we find most intriguing about DIG is its charge to engage in mass declassification. We’ve long called out the absurd lengths the federal government goes to stamp “classified” on even the most innocuous documents, often in conflict with executive orders to declassify. In this new effort we see enormous potential for DIG to inform Congress and the American people of key facts regarding oversight of intelligence community programs. A few are:
For years, PPSA has used FOIA and legal action to try to force the government into revealing how often it has “unmasked” – or internally revealed the identity – Members of Congress whose communications get picked up in surveillance. We also want to know if the agencies are using these surveillance authorities, whether Section 702 or purchased data, to surveil Members of Congress on the House and Senate Judiciary and Intelligence Committees, those with specific oversight of the intelligence community. Director Gabbard has undertaken a strong and necessary corrective within the intelligence community – and one from the top, no less. Despite her position, she will no doubt encounter resistance and obfuscation along the way. But if she presses forward, Director Gabbard can reinforce the power of Congress to create guardrails and constitutional protections on programs that operate in near darkness. On a summer day in 1915 a commercial attaché for the German embassy fell asleep on a train, only to awaken with jolt to realize he was at his stop. In his haste to depart, the diplomat left behind his briefcase – stuffed with all the details of Germany’s clandestine spy ring against the United States and plans to cross America’s northern border to wage mayhem against British Canada. An American agent tailing the German made the correct decision to grab the case rather than continue to follow his target. This is just one of the engrossing stories in The Triumph of Fear, a new book by Patrick Eddington, senior fellow in homeland security and civil liberties at the Cato Institute. Eddington traces the trajectory of rising government surveillance from the Spanish-American War under William McKinley to the Cold War under Dwight D. Eisenhower. Along the way, Eddington details how the interception of telegrams and the passage of the 1917 Espionage Act set the legal and institutional basis for today’s surveillance state and the government’s digital spying on the American people. The contents of the diplomat’s briefcase proved the Woodrow Wilson administration was right to be paranoid about Germany’s intentions. But almost all of Germany’s covert actions were conducted by German agents and nationals, not by sympathetic Americans. This did not keep President Wilson from tarring Americans who objected to the U.S. entry into the war or who opposed the draft by peaceful, political means as traitors. President Wilson said: “There are citizens of the United States, I blush to admit, born under other flags but welcomed under our generous naturalization laws to the full freedom and opportunity of America, who have poured the poison of disloyalty in the very arteries of our national life … to debase our politics to the uses of foreign intrigue.” In service of this all-out war on dissent, Wilson secured passage of the Espionage Act, which continues to give the government broad powers to prosecute Americans for being perceived as helping hostile powers. One official warned “postal employees to be on the lookout for material that might ‘embarrass or hamper the government.’” Before long, the government had created an informal, national network of snitches, a milder version of the later East German Stasi apparatus. The precursor of the FBI, the Federal Bureau of Investigation, had been reading telegrams from Western Union and major communications providers since the Spanish-American War. Few Americans of stature objected. One of them, Sen. Robert LaFollette, the progressive Republican from Wisconsin, warned Americans that “private residences are being invaded, loyal citizens of undoubted integrity and probity arrested, cross-examined, and the most sacred constitutional rights guaranteed to every American citizen are being violated.” The courts were no bulwark against this trashing of the Constitution. The U.S. Supreme Court upheld the conviction of Charles Schenck for mailing leaflets to draft-age men asking them to take political action to oppose the draft. Before long, the government felt free to deport anarchist Emma Goldman and put Eugene Debs, the socialist candidate for president, in prison for opposing the war. Eddington writes: “The American national security state, created in peace and vastly expanded during war, would now become a permanent feature of national life, complete with enduring, draconian national security laws.” If you want to know how we got here, Triumph of Fear is an entertaining read and an essential one. It also casts a mirror on the current state of surveillance and speech. Today, as in the Wilson era, we are challenged to separate explicit calls from violence from controversial speech. Today, as then, the government warrantlessly inspects Americans’ movements, associations, and statements, but with infinitely more precision and more data than could be reaped just by reading telegrams. “This is as about as far from the Founders’ vision of the Fourth Amendment as one can imagine" House Members asked leading civil liberties experts to testify this morning on the “continued pattern of government surveillance of American citizens.” Gene Schaerr, PPSA general counsel, testified before the Subcommittee on Crime and Government Surveillance, setting out the dimensions of the federal government’s spying on Americans. He also spoke optimistically that Congress can rein in these practices. Here’s an excerpt from his written statement: “We have seen under administrations of both parties the expansion of myriad forms of privacy-destroying technologies and practices – elements of an emerging American surveillance state being knitted together before our eyes. “Like the proverbial frog unaware that it is slowly being boiled alive, Americans are being progressively trapped in a system of national surveillance. This is not happening because federal agencies are run by tyrants. The men and women in the intelligence community are passionate about their mission to protect the American people and our homeland. But in their zeal to execute their important mission, they are rapidly creating the elements of a pervasive American surveillance state. And astonishingly fast changes in technology are helping build this surveillance state before our laws can catch up to keep it within the constraints of our Constitution. “At airports, at malls, on the streets, we are identified and tracked by our faces. Cellsite simulators in geofenced areas ping our phones to follow our movements. Our automobiles keep a record of every place we drive. Our digital devices at international terminals are subject to having all their contents downloaded and inspected without a warrant. Moreover, thanks to purchases of Americans’ digital information from data brokers, federal agencies ranging from the FBI to the IRS, Department of Homeland Security, and the Department of Defense, routinely access, without a warrant, digital information far more personal than what can be gathered by hand or found in a diary. To top it off, we also face the routine collection of Americans’ communications ‘incidentally’ caught up in the global data trawl of programs authorized by Section 702, and in the past few years alone the FBI has conducted hundreds of thousands of warrantless searches of the Section 702 database specifically looking for Americans’ communications. “The end result is that the government is now able to collect and search through vast amounts of Americans’ communications and other personal data with ineffective statutory limits and limited congressional oversight. The personal data thus obtained reveals much about our health, mental health, and personal relations. Worse, all this data generated from myriad sources can then be woven together by the instant power of artificial intelligence to comprehensively track where we go, who we meet with, what we say or share in private, and what we believe. As a result, federal agencies are capable of generating comprehensive political, religious, romantic, health, and personal dossiers on every American from information gathered without a warrant. “This is as about as far from the Founders’ vision of the Fourth Amendment as one can imagine. Revulsion at government surveillance runs deep in our DNA as a nation; indeed, it was one of the main factors that led to our revolt against British rule and, later, to our Bill of Rights. Agents of the Crown could break into a warehouse or a home to inspect bills of lading or a secret political document, but they couldn’t access anything close to the wealth of private information contained in our digital lives today. “Month by month, it is harder to square this emerging surveillance state with the ‘consent of the governed’ concept articulated in the Declaration of Independence and embodied in Article I of the Constitution. The Founders believed that American citizens should not be subject to surveillance by their own government without their consent – in the form of a statute duly enacted by their representatives in Congress. They should not be subject to surveillance at the whim of any executive official, none of whom has authority to consent to surveillance on their behalf … “In the face of a surveillance state growing at breakneck speed, this Committee has shown leadership and a sense of urgency that matches the moment. We don’t have to supinely accept the erosion of all privacy. We don’t have to trust that government agents and future administrations will always use these awesome powers solely for national security. These technologies simply offer too much power to trust that future guardians will not be tempted to misuse them, as they have done in the past. “In short, you have shown that you can protect both the constitutional rights of your constituents and also keep them safe from foreign and domestic threats. I urge you to uphold the Constitution by once again advancing – and persuading your fellow Members to adopt – a warrant requirement for both government-purchased data and data collected under Section 702.” You can read Gene Schaerr’s full testimony here, and watch the full hearing here. PPSA General Counsel Set to Testify Before Congress on Alarming Government Surveillance Practices4/7/2025
Our General Counsel, Gene Schaerr, will be providing a testimony in the House tomorrow where he will address the problems with domestic surveillance and provide workable solutions that we at PPSA along with our allies are fighting for. WASHINGTON, D.C. - The House Judiciary Subcommittee on Crime and Federal Government Surveillance will hold a hearing on Tuesday, April 8, 2025, at 10:00 a.m. ET. The hearing, "A Continued Pattern of Government Surveillance of U.S. Citizens," to examine the government's abuse of its surveillance authorities, including the Foreign Intelligence Surveillance Act, the government's purchasing of data, and new and emerging technologies like facial recognition. The hearing will also discuss past legislative efforts to protect Americans' civil liberties and constitutional right to privacy under the Fourth Amendment and identify additional potential legislative solutions. WITNESSES:
Jeremy Bentham, the Enlightenment era philosopher of utilitarianism, sketched out the concept of a Panopticon – a prison designed to keep inmates under constant inspection by guards. What are the psychological consequences of knowing that one is being watched constantly? Last year we reported that SciTechDaily reported on an Australian study revealing that people who know they are being surveilled become hyperaware of faces, recognizing others faster than a control group. They become a little jumpy, always on the lookout to categorize someone as benign or a potential threat. And those results came from knowing that one is being surveilled by a camera. What happens to the mental health and social life of people who are being watched not only by gear and gadgets, but also by government agents tailing them everywhere? Imagine putting out the garbage, going to a store, or picking up the kids from school only to see a familiar stranger across the street watching you. This is the fate of “defector families” in North Korea. When someone defects from North Korea, the government punishes the defector’s relatives by subjecting them to persistent, relentless surveillance. NK News profiles one such family who went through elaborate procedures to obtain internal travel documents to attend a family wedding. They turned back when they realized that their wedding party would also include a full complement of government agents tailing them and recording their every utterance and move. “They went home to avoid making their relatives uncomfortable or causing problems on such an important day,” NK News reported. A source told an NK reporter: “These people live in an invisible prison, constantly anxious because everything they do is being watched. This surveillance and pressure cause severe psychological pain. One defector’s family described their difficulties, saying they must live their entire lives feeling like criminals from the moment they’re branded as having a defector relative. They gradually began avoiding people because having every breath, meal, and word monitored and reported became unbearable.” The United States is not North Korea. But we should not kid ourselves that the mounting surveillance of Americans – by facial recognition, by the tracking of our phones and cars, by the purchasing of our personal data – is free of a psychological cost. |
Categories
All
|