The Project for Privacy & Surveillance Accountability is asking the U.S. Supreme Court to consider whether the Fourth Amendment allows law enforcement to use geofence warrants to retroactively track the movements of everyone in a defined area. These so-called “reverse warrants” involve law enforcement’s request for information from technology companies – like Google, Apple, Snapchat, Lyft, or Uber – that allows them to identify potential suspects in a crime.
 
This case began with a robbery in 2019 of $200,000 from a credit union in Midlothian, Virginia. Detectives soon hit a dead end in a search for suspects. So they served Google with a geofence warrant to provide certain cellphone data for everyone who passed through a circumscribed area around the credit union.
 
As a result, people suspected of no crime had their personal information examined by police. Targets included residents of a nursing home, diners and wait staff at a Ruby Tuesday restaurant, and guests who had checked into a Hampton Inn. The search led to the arrest and guilty plea of one Okello T. Chatrie, who now seeks to exclude this evidence on constitutional grounds.
 
Federal Judge Mary Hannah Lauck noted that because Google logs cellphone users’ location 240 times a day, technology gives police “an almost unlimited pool from which to seek location data” in a broad area in which everyone has “effectively been tailed.” But the U.S. Court of Appeals for the Fourth Circuit, sitting en banc to review a divided panel decision, held that this geofence warrant did not violate the Fourth Amendment.
 
The U.S. Supreme Court is now set to take up this question. In our brief, we are telling the Court that such dragnet surveillance is fundamentally incompatible with the Fourth Amendment’s core protections. 
 
Geofence Warrants Are “Digital General Warrants”
 
One of the primary abuses that motivated the Founders to create the Fourth Amendment was the use in colonial times of general warrants – broad search authorizations that allowed the King’s agents to rummage through private lives and property without individualized suspicion. Geofence warrants are their modern equivalent.
 
Instead of naming a person or place to be searched based on probable cause, geofence warrants similarly authorize the government to sift through massive location databases to identify people who might be worth investigating.
 
PPSA told the court that these warrants invert the constitutional order – everyone becomes a suspect first, and probable cause, if it appears at all, comes afterward.
 
The Supreme Court’s Carpenter Decision Was Not a Narrow Exception
 
Lower courts have struggled to apply the Supreme Court’s landmark decision in Carpenter v. United States (2018), which held that people have a reasonable expectation of privacy in long-term cellphone location records, even when those records are held by a third party. In Chatrie, the Fourth Circuit treated Carpenter as a narrow exception limited to long-term tracking of a single suspect. PPSA demonstrates that this take misreads the case entirely. 
 
Carpenter reaffirmed a broader principle: Fourth Amendment protections must preserve the level of privacy that existed at the nation’s founding, even as technology evolves. The fact that data is held by a third party – or that the government demands only a “slice” of a much larger tracking database – does not erase reasonable expectations of privacy. A two-hour window into a comprehensive location history can still reveal intensely private information – where someone worships, seeks medical care, attends political meetings, or simply lives their daily life.
 
PPSA is telling the Court that the privacy concerns raised by geofence warrants are even more severe than those in Carpenter, because they involve mass surveillance of unknown and unsuspected individuals. This is not targeted policing. It is suspicionless data mining.
 
Your Privacy Rights Depend on Where You Live
 
Courts across the country are sharply divided on this issue. The Fourth and Eleventh Circuits have suggested that geofence searches may not even trigger the Fourth Amendment. By contrast, the Fifth Circuit has correctly recognized that geofence warrants are unconstitutional in nearly all circumstances because they lack particularity and probable cause.
 
That split leaves Americans’ privacy rights dependent on geography, and in the case of Texas, whether state or federal proceedings are involved. PPSA urges the Supreme Court to step in now, before this powerful surveillance tool becomes permanently normalized.
 
The Constitution Must Keep Up with Technology
 
As PPSA warns, geofence warrants are only the beginning. We told the High Court:
 
“Fourth Amendment protections are not categorically lost when a person shares or stores his data with a third party while maintaining reasonable expectations and assurances of privacy. The Court should …  prevent a contrary understanding of Carpenter from continuing to erode Americans’ privacy – especially now, as third-party storage becomes more ubiquitous and artificial intelligence becomes powerful enough to piece together intimate information from seemingly innocuous details about a target’s life.”
 
The data that this practice puts at risk is not limited to location. The government has used other forms of these “reverse search warrants” to extract other private data, such as identifying anyone who has searched for a specific phrase or forcing commercial genealogy companies to allow access to their DNA databases.
 
Advances in artificial intelligence already allow law enforcement to infer locations from photos and videos, even when no geolocation data is attached. Without firm constitutional limits, today’s location dragnet could become tomorrow’s visual surveillance dragnet.
 
The Fourth Amendment’s precise wording is designed to prevent unchecked surveillance. PPSA’s calls on the Supreme Court to reaffirm that Americans do not surrender their constitutional rights simply by carrying a cellphone.

​Are you having a good day! I certainly am! When I got to work this morning I could barely contain my excitement at seeing such a full inbox of wonderful things to do! I swear, at times it seems almost criminal to accept pay for doing work I love so much!

[Smile in the direction of the workplace surveillance camera.]

Anyway, I’d love to join you in the breakroom, but I really can’t wait to get back to my workstation! Toodles!

Artificial intelligence is getting better at reading human emotion. It is used by commercial technology to perform “sentiment analysis,” reading the emotional tone of written communications – a valuable tool for HR departments, advertisers, and customer-engagement consultants.

The next bold step is already at the threshold: AI that can read emotions in our voices, the fleeting micro-expressions on our faces, and our body language. This technology will certainly expand into policing, hiring, and education. Are you acting guilty? Did you hide something in your job interview? Are you bored by the teacher’s lecture?

As biometric corridors become commonplace in U.S. airports, AI is being tested to read facial expressions and body language that could identify potential terrorists – based on the tidy theory that people who plan to blow themselves up at 35,000 feet tend to be nervous. But so are people who are running late for their connection, who just had an argument with a spouse, got fired, or are jet-lagged.

Emine Akar in a blog for the Institute for the Future of Work enumerated the potential pitfalls of emotional surveillance: “Emotions are not simply reflexes. They are complex, contextual, and culturally shaped experiences. A tear can mean grief, joy, manipulation, or even boredom.”

The other risk is that AI, which improves by the day, will read our emotions all too well. Pervasive emotional surveillance may force us to put on a happy face at work, school, and the airport. To frown may be to risk detention, detainment, or delay. We could even risk committing “facecrime,” to name just one of the clever neologisms of George Orwell’s 1984.

That novel’s protagonist, Winston Smith, was well acquainted with facecrime. One had to always have an expression of love when watching Big Brother on the telescreen. One had to have an expression of rage when engaging in the mandatory two minutes of hate. Smith knew that the “smallest thing could give you away. A nervous tic, an unconscious look of anxiety, a habit of muttering to yourself – anything that carried with it the suggestion of abnormality, of having something to hide.”

When we allow machines to read our emotions, we risk giving them power over us. “The danger here is not just that machines fail to understand us,” Akar wrote. “It’s that they may begin to discipline us – nudging our expressions, altering our behavior, shaping our emotional lives in invisible ways.”

This kind emotional manipulation was well captured in the movie Her, in which a man falls in love with an AI (not hard to do when the voice belongs to Scarlett Johansson). Pope Leo XIV is not being prescient – he is simply being current – when he warned us over the weekend about getting involved with “overly affectionate” chatbots, lest they become “hidden architects of our emotional states.”
​
We need to be more concerned about the implications of emotionless minds that can read, exploit, and manipulate our emotions. The European Union’s AI Act is one example of how to restrict emotional surveillance at school, work, and other sensitive areas. It is time for Congress, states, and technology leaders to put proper guardrails on emotional surveillance of Americans as well.

​The next time you get a letter asking you to join a class-action lawsuit for something that is in fact relevant to you … it’s probably not a coincidence.

Epic Systems is the largest vendor of electronic health records (EHR) in the United States. A few years ago, its engineers noticed that some of its customers were behaving suspiciously. Their internal investigation revealed what they allege are “organized syndicates” that purchased records under false pretenses in order to use the data for non-treatment purposes – mostly to generate client leads for law firms.

It's all in a new federal lawsuit against Health Gorilla and its customers. This suit was filed by Epic and various healthcare partners, including UMass Memorial, as detailed by Daniel Gilbert in The Washington Post last week (paywalled story here).

Among other things, Epic’s investigation revealed that as many as thirty law firms appeared to have accessed patient records. Though no firms are named in the litigation, Epic says they don’t need to be. The suit alleges that, as gatekeeper, Health Gorilla was knowingly “in league with its connections’ misuse of health information as a commodity.”

Epic also claims that Health Gorilla’s customers went to great lengths to disguise themselves as healthcare providers to hide their true intent. These tactics included adding junk data to patient charts to “give the false impression they are treating patients.” Fictitious websites, shell companies, and the use of sham National Provider Identification numbers are cited as additional evidence of malfeasance mentioned in the complaint.

The lawsuit suggests that the schemers operate like a Hydra: “When one fraudulent entity is exposed, the bad actors birth a new one.” If Epic asked one company about unusual patterns in its records requests, submissions would abruptly stop only to be restarted by another.

As Brittany Trang of STAT News notes, the current lawsuit “raises fresh questions about how to guarantee patient records are only shared with legitimate medical providers.” Industry expert Don Rucker agrees, calling it “a fight over who controls access to clinical data and how those data are governed once they move outside the provider's EHR.”

Rucker and others point out that the HIPAA Privacy Rule – like most federal statutes on the matter – poorly defines “purpose of use,” leaving room for broad secondary categories that include, among other things, marketing.

The legitimate use of anonymized patient data is beyond dispute, especially when combined with responsible AI practices. Meta-analyses, for example, can lead to scientific breakthroughs including lifesaving treatments and cures. Anonymized data can improve quality standards and innovations in both practice and research methods.
​
In order for that to happen, HIPAA needs to be updated to protect privacy. A good first step would be for Congress to put guardrails on data brokers’ selling of Americans’ personal digital data.

​India is big on surveillance. In fact, you could call it a global surveillance innovator. Case in point: Sanchar Saathi, a state-authored spy app the government quietly demanded be pre-installed on all phones sold to its population of more than 1.4 billion people. Following widespread backlash, the order was rescinded.

The Internet Freedom Foundation called this attempt an effort to convert “every smartphone sold in India into a vessel for state-mandated software that the user cannot meaningfully refuse, control, or remove.”

India’s privacy policies rank among the world’s lowest, surpassed in most surveys only by the usual suspects, including China and Russia. Speaking of Russia, last August it mandated the pre-installation of the Kremlin’s Messenger Max app on every phone and tablet sold. So, if anything, India has joined the race for last place.

Lest we gloat, however, while India is third from last, the United States is seventh from last. Fully 40 countries outrank us (Ireland, France, and Portugal are among the best-rated nations). All of this “matters for the U.S.,” warns Rana Ayyub in The Washington Post, “because the underlying pressures are strikingly familiar.” Those pressures are manifold and include the following (with links to recent examples of each):
​

• Government purchases of data
  
  
• Facial recognition technology
  
  
• License plate readers
  
  
• The absence of a comprehensive federal privacy law
  
  
• Warrantless surveillance in violation of the Fourth Amendment

India is a mirror for our democracy – “a preview,” to quote Ayyub again, “of the political, social, and democratic costs of letting state access to digital infrastructure expand unchecked.”

A debate about whether or not to place meaningful checks on Section 702 of the Foreign Intelligence Surveillance Act looms this spring. It may be our last chance to begin reclaiming our Founders’ original defense of privacy – what Justice Louis Brandeis would eventually label the “right to be let alone.”
​
It may already be too late for India. It is not too late for us.

​School prepares students for the world of work by instilling discipline, the ability to manage a schedule and prioritize, to solve problems with curiosity and teamwork… and to become accustomed to always being under the watchful eye of the American surveillance state.
 
Public schools use AI software like Gaggle to scrutinize the emails, online chats, and online searches students make on school equipment. Joe Wilkins of Futurism recounts the ordeal reported by Lesley Mathis, a mother in Tennessee, whose eighth-grade daughter was “arrested, interrogated, strip-searched, and held in jail for a night, over some teasing online.”
 
What was this student’s offense?
 
Wilkins: “Specifically, the student’s friends had heckled her about her ‘Mexican’ complexion, even though she has a different ancestry. ‘On Thursday we kill all the Mexico’s,’ [sic] the eighth-grader quipped back.”
 
Was the remark stupid, tasteless, and uncalled for? Yes, yes, and yes. But, as Wilkins writes, “it was clearly a bit of eighth-grade immaturity boiling over, not an actionable threat.” A school counselor would have seen this for what it was. AI did not.
 
“It made me feel like, is this the America we live in?” Mathis said. “And it was this stupid, stupid technology that is just going through picking up random words and not looking at context.” But this was in keeping with Tennessee’s zero-tolerance law requiring any threat of mass violence against a school to be reported immediately.
 
For its part, Gaggle’s CEO Jeff Patterson told The Milwaukee Independent that in this case the school did not use Gaggle the way it is intended. “I wish that was treated as a teachable moment, not a law-enforcement moment,” Patterson said.


It is understandable – given how this nation is regularly traumatized by school shootings – why Tennessee has embraced such a standard. But when the filters are set so wide, and the reactions to infractions so extreme, it is hard to justify such a system on the basis of public safety as well as free speech.

Schools are learning, slowly, to put up guardrails against overreaction, but only after hard bumps into reality. Consider the policy of Philadelphia schools, which in 2010 allowed students to take school laptops home. None of these students were told that when opened, their laptops would snap an image of them at home – often in their bedrooms – every 15 minutes. One student, 15-year-old Blake Robbins, was accused by his school of being involved with illegal drugs on the basis of what his laptop had recorded. This charge was based on images of Blake lying on his bed, popping fruit-flavored candy into his mouth. Schools have since been taught by public backlash that watching a student in his bedroom is illicit. But privacy-infringing technology continues. It is legal for schools to monitor students’ public social-media posts and online activity made on students’ own devices and on their own time.
 
All of which prepares America’s public-school students for the new American workplace. In many offices, active surveillance of employees extends from the parking lot to the workstation, to the breakroom. Employers not only use technology to scrutinize employees’ search histories. They also use sensors to monitor “desk attendance,” and to follow employees as they move from office to office, on their breaks, and even – in some states – into the bathroom.

Nicole Kobie of ITPro reports that one in five office workers are now being monitored by some kind of activity tracker. She also reports surveys that tracked employees are 73 percent more likely to distrust their employer, and twice as likely to be job-hunting as those who are not tracked in their workplace.
 
In California, Assembly Bill 1331 would have barred monitoring in employee-only areas such as break rooms and locker rooms. The bill, which would have fined employers $500 per violation, recently died in the California State Senate.
 
There is likely a human cost – and thus a cost in learning at school and productivity at work – when surveillance records a person’s every move and utterance – all initially judged by artificial intelligence that lacks nuance and social intelligence. Such systems are not only Orwellian; they are also destructive of the trust that is needed for effective teamwork, whether between teacher and student, or employer and employee. 
 
Consider the story of Olivia Stober, in her interview with CBS News, who compared her old retail job – where her every interaction with customers was monitored and critiqued by her employer – with her new job, where she is a trusted employee and the cameras are aimed only at the establishment’s front door.
 
Unlike Stober, today’s students are being inured to constant surveillance as they graduate from classrooms to workplaces under the watchful eye of those who claim to only have our best interests at heart.

​The ACLU’s Jay Stanley just published a critique of the increasing push by states to adopt digital ID systems. It’s his fifth admonition in as many months, and the message is more urgent than ever: the digital ID bandwagon is becoming a rush job that threatens to discard privacy guardrails.

Of the many possible pitfalls, the greatest may be the ability of authorities to “un-person” someone. In the parlance of Orwell and his novel 1984, an “unperson” simply vanishes as every last record of that person’s existence is expunged.

Stanley's version of Orwell hinges on what happens when authorities revoke an ID that exists only in digital form. In his new essay, “How to Give the Government New Power to ‘Un-Person’ Someone, in Three Easy Steps,” Stanley unmasks the underlying features of digital IDs that can be revoked at will:

• It’s about control: “The big push for state digital driver's licenses that we’ve been warning about is effectively a movement to increase the power of big companies and government to control individuals.”

 

• It’s about power: “The power to revoke people’s IDs, cutting off in a single stroke their ability to access their accounts, visit much of the Internet, access government services, start a new job, obtain healthcare, and who knows what else. In short, kneecap their ability to function effectively in society.”

 

• It’s about dependency: “Make it frictionless to present an ID, which will make it easy for every business to demand your ID.”

 

• It’s a universal ID: “Build a new digital identity system, such as digital driver’s licenses, that comes to serve as the proof of identity (and age, and residency, and other characteristics) for the vast majority of the population in the vast majority of use cases.”

 

• It’s an at-will free-for-all: “People could be un-personed because of simple errors, because they have unfairly been accused of wrongdoing, or out of abusive targeting for political reasons.”

 

• It’s too easy: “With digital licenses, state governments can create a system that allows them to … reach into your digital wallet in your phone and remotely deactivate your ID.”

 

• It avoids individuality: “Don’t create protections for individuals (such as those that some states have erected around the scanning of barcodes on physical licenses).”

 

• Put plastic and paper on the road to extinction: “Before long, physical IDs may be treated as a second class after-thought as digital IDs become de facto mandatory.”

Stanley recommends that lawmakers impose statutory limits on the revocation of state-issued IDs, along with strong due-process protections. He also recommends adding technical guardrails against abusive revocation.
​
Stanley’s original piece goes into much more detail. We also recommend GovernmentTechnology reporter Nikki Davidson’s recent interview with Stanley – it is more than worth ten minutes of your time.

Has there ever been a more Orwellian-sounding program than “Total Information Awareness?”

This was the post-9/11 brainchild of the Defense Advanced Research Projects Agency (DARPA), a think tank for the Department of Defense. The idea was simple: collect all data on all Americans, then data-mine that giant pile of information to identify “terrorist patterns.”

The goal of Total Information Awareness was “predictive policing,” applying the same data-modeling techniques credit card companies use to spot fraudsters in order to catch terrorists before they act. The premise was dubious at its core – identifying terrorist patterns involves a far greater order of complexity than spotting someone misusing a credit card number.

Worse, in order for Total Information Awareness to work, the government would need to have access to virtually all information about every American. It would be like stamping out drunk driving – which every year kills four times as many Americans as the terrorist attacks of 9/11 did – by stopping every motorist every few miles to give them a breathalyzer.

Admiral John Poindexter, one of the masterminds of the project, wasn’t kidding when he called Total Information Awareness a “Manhattan Project for counterterrorism.” Sen. Ron Wyden (D-OR) called it the “biggest surveillance program in the history of the United States.” The ACLU in 2003 called it “the closest thing to a true ‘Big Brother’ program that has ever been seriously contemplated in the United States.”

But nothing was more telling than the slogan of the Information Awareness Office, the Pentagon office that ran the program: “Knowledge is Power.” But power over whom and for what purpose? Total Information Awareness could be used for terrorism today, tax compliance tomorrow, and political surveillance the day after that.

Congress was sufficiently alarmed to pull the plug on the Information Awareness Office in 2003. But in 2026, to quote the little girl in Poltergeist II, “they’re back.”

This time, the architects of total surveillance have been smart about branding. An executive order issued in March was titled “Stopping Waste, Fraud, and Abuse By Eliminating Information Silos.” It instructs all agencies and departments to make their information on Americans available to all other agencies.

These silos were there for a reason. They were put there by the Privacy Act of 1974, often described as “an American Bill of Rights on data.” The law’s purpose was to establish a Code of Fair Information Practice to govern the collection, maintenance, use, and dissemination of on all personally identifiable information (PII) of Americans. Despite this law, federal agencies are complying with the executive order, seeking data from each other and from the states (though 20 blue states are suing in federal court to stop data sharing).

The Immigration and Customs Enforcement agency (ICE) is now the gleaming tip of a data “ICEberg,” after a federal judge ruled that the Centers for Medicare and Medicaid Services can share the personal Medicaid data of 80 million Americans. Many agree with the administration that Medicaid needs to be reserved for Americans, not illegal aliens. But no one believes that there is anything close to 80 million illegals in the United States. How might all this PII on Americans be used? How long will this data be kept? How might it be shared with other agencies for very different purposes?
​
“Every generation imagines itself to be more intelligent than the one that went before it, and wiser than the one that comes after it,” George Orwell wrote. To blithely discard the guardrails of the Privacy Act – and to trust that vast amounts of highly personal information won’t one day be abused by the FBI, the IRS, and other agencies – is either cynical or beyond naïve.

​The Fourth Amendment to the Constitution requires law enforcement to obtain a warrant supported by probable cause before entering our homes. That very American principle has roots in English law, in the spirit of the 18th century prime minister who said that “the poorest man may, in his cottage, bid defiance to all the forces of the Crown.”

But another doctrine, the “community caretaking” standard, emerged from an understanding that the police may, in certain emergencies, enter a home without a warrant. In Brigham City v. Stuart (2006), the Court allowed police entry when there is an “objectively reasonable basis” for believing that someone inside is in danger of physical harm or in need of aid.

The U.S. Supreme Court in 2021 found, in Caniglia v. Strom, limits to this “community caretaking” exception to the warrant requirement. Last week, however, the Court took a step back in favor of warrantless entry in Case v. Montana, finding reason in common law to uphold the conviction of William Case.

A Montana resident, Case had repeatedly threatened suicide. When police showed up to perform “a welfare check” at Case’s home after receiving a distressing call from his girlfriend, they saw an empty holster and what appeared to them to be a suicide note on a table. Case had also threatened to kill any police officer who entered his home. The police eventually entered Case’s home without a warrant, found Case hiding in a closet with a black object in his hand, and shot him in the stomach.

Case survived and went to court to seek the exclusion of any evidence obtained from this warrantless intrusion. The Supreme Court ruled unanimously against him. The facts of this case, like the proverbial camel’s nose thrust under a tent, are undeniably ugly. But ugly or not, Case v. Montana is still a camel’s nose – one that portends danger for privacy.

This case has two underlying complexities to keep in mind whenever the Court reviews future cases on the emergency entry exception.

The first concern is the Court’s central reliance on common law. Justice Neil Gorsuch, in a concurring opinion, wrote that: “From before the founding through the present day, the common law has generally permitted a private citizen to enter another’s house and property in order to avert serious physical harm.”

The problem with Justice Gorsuch’s reliance on this “accumulated learning of common law” is that it is still trumped by the U.S. Constitution. There is no “community caretaking exception” to be found in the Fourth Amendment.

A second danger is that the community caretaking exception will be broadened.

In our brief to the Court, we warned about about the “diluting effect such a low bar for emergency-aid searches would cause in other contexts – especially regarding electronic devices … it seems inevitable that lowering the burden for warrantless home invasion would lower the burdens for warrantless invasion of all other repositories of private information.”

Millions of Americans have sensitive information in their phones – apps for alcohol, drug, and gambling addictions; apps for prayer requests; apps for pregnancy symptoms; apps for financial issues; and apps for romance. Cellphones can track Americans’ location, and data that reveals where an American worships, banks, organizes political activities, and maintains a network of friend and associates.
​
When the Court lowers the bar for warrantless entry into a home, it weakens constitutional protections everywhere else – especially in a world where our most intimate lives reside on digital devices. If this logic continues unchecked, today’s emergency entry into a house could tomorrow become emergency entry into a phone, a cloud account, or an entire digital life. That would be the kind of “general warrant” the Fourth Amendment was written to prevent.

​PPSA has long warned that allowing federal intelligence and law enforcement agencies to purchase Americans’ personal digital data from data brokers would build a surveillance state. Now the federal government has put in place the most effective tools to activate that surveillance state in America.
 
This is the natural consequence of two technologies purchased by Immigration and Customs Enforcement (ICE). Whether you believe ICE’s approach to mass deportations is necessary, or an exercise in cruelty, there is no question that what ICE is doing with technology is guaranteed to transform the whole balance between the federal government and its citizenry. It is deploying two forms of surveillance without a warrant that can track people to meetings with friends, their place of work, and homes, their houses of worship, while also drawing on data gleaned from social media to compile dossiers on Americans’ beliefs and personal associations. In using these technologies, ICE often doesn’t know if the target is an American citizen or someone who is not lawfully in this country.
 
Joseph Cox of 404 Media, in his most recent blockbuster revelation, details the consequences of two technologies purchased from a company called Penlink.
 
One such technology is Webloc, which allows ICE to draw a rectangle, circle, or polygon around a portion of a city and pick out smartphones of interest. Cox writes that “they can get more details about that particular phone, and, by extension, its owner by seeing where else it has traveled both locally and across the country. Users can click a route feature which shows the path the device took.”
 
Webloc’s surveillance relies on exploiting code in ordinary apps on our phones, like games and weather apps, that track our location. The rest comes from data brokers that sell our private information through real-time bidding. In the digital age, we are all standing on the digital auction block.
 
Another Penlink technology, called Tangles, is a social media monitoring product that can take an image of a person’s face on the street, identify that person, locate that person’s social media feeds, and produce a “sentiment analysis” from that target’s posts. At a glance, the government will have a file on your beliefs.
 
These new government capabilities should worry conservatives, libertarians, and MAGA supporters, as well as liberals and progressives. The effectiveness of such technologies makes it inevitable that it will spread beyond ICE to the FBI, IRS, and other agencies, as the government works to break down the traditional data silos between agencies. They are sure to be used against Americans by administrations of both parties.
 
Webloc and Tangles cost only a few million dollars – a rounding error for the federal government. As these capabilities expand and become daily practice, the constitutional balance of government by the consent of the governed – based on the Fourth Amendment’s requirement for a probable cause warrant – will inevitably give way to authoritarian control.
 
Only Congress can stop this. As the surveillance debate heats up ahead of the reauthorization of FISA Section 702 in April, Congress must urgently use that debate to pass a bill or an amendment that will restrict the currently unrestricted purchasing of Americans’ data by the government.
 
As an old Kenny Loggins rock song put it, “make no mistake where you are, your back’s to the corner … stand up and fight.” Let Congress know it is not acceptable for federal agencies to buy our private and sensitive data without a warrant.

The fatal shooting of 37-year-old Renee Nicole Good by an Immigration and Customs Enforcement agent in Minneapolis is proving to be a national ideological Rorschach Test. Some who watch the video of the event see an officer reacting in fear for his life; others, including former Secretary of State Hillary Clinton, see a “murder.”

As ambiguous as the video may be, imagine if there were no video at all. Would we be better off? At least there is a record that can be examined and debated. Without this video, we would be left with hearsay and fallible memories – weak tools for judging the use of deadly force.

Yet according to the Trump administration, the person who recorded this encounter had no right to do so – and may have even committed a crime.

Department of Homeland Security Secretary Kristi Noem (hat tip to G.J. Ciaramella, Reason) equated filming officers with “violence” and “doxing,” adding “it’s videotaping them where they’re at when they’re out on operations, encouraging other people to come and to throw things, rocks, bottles.” DHS Assistant Secretary for Public Affairs Tricia McLaughlin said that “videotaping ICE law enforcement and posting photos and videos of them online” is a crime, and that “we will prosecute those who illegally harass ICE agents to the fullest extent of the law.”

No one disputes that harassing and threatening officers is a crime. But recording them is not. The right to document public officials performing public duties is well established in federal courts. Seven federal circuits have recognized Americans’ “right to record” – the right to hold up a smartphone and make a video of law enforcement in action.

The Fourth Circuit made that explicit in a case involving a passenger who livestreamed a traffic stop. The court held that “livestreaming a police traffic stop is speech protected by the First Amendment,” explaining that “recording police encounters creates information that contributes to discussion about governmental affairs.”

We have to agree with Reason’s Ciaramella:

“Recording government agents is one of the few tools citizens have to hold state power accountable. Any attempt to define observation as ‘violence’ is not only unconstitutional – it’s authoritarian gaslighting. When a government fears cameras more than crimes, it isn’t protecting the rule of law. It’s protecting itself.”

Too many in the Trump administration have slipped into a lazy – and dangerous – syllogism. “Videotaping” law enforcement = “doxing” = “violence” = “terrorism.” We do not discount by any means the need to protect officers. But the logic now coming from Washington is as simple as it is dangerous.
​
You have the right to record the police. There should be no erase button on this principle.

​Here’s some good news – when it comes to privacy, California is catching up to privacy leaders like Utah and Montana. Three new data-privacy bills in Sacramento would give California consumers powerful new tools to manage their personal information.

The three legislative initiatives would:

• Put guardrails on the use and sale of personal information (PI)

 

• Ban the sale of geolocation data

 

• Expand the definition of PI as a category (a definition that hasn’t been revisited since California passed its Information Practices Act in 1977).

These bills would build on a solid base of existing reforms. California has launched a data-broker enforcement strike force. In the 2023 Delete Act, it created a centralized website for consumers to opt out of sales of their data and delete the data already collected by brokers. Another new law also requires web browsers to let consumers set one universal privacy control. California, home to the nation’s tech industry, is suddenly a national leader on privacy.

As our readers know, the gathering, buying, and selling of personal data is big business. Worse, it takes shockingly few data points to identify us as individuals. In today's information economy, that knowledge is gold – to government agencies, police, marketers, and hackers alike.

The Delete Act now shines a spotlight on data brokers and their shadowy privacy practices. And the new enforcement strike force adds muscle, promising real accountability for brokers – and the businesses that rely on them – to adhere to their privacy policies.

CalPrivacy executive director Tom Kemp said:

“Data brokers pose unique risks to Californians through the industrial-scale collection and sale of our personal information. The widespread availability of digital dossiers makes it easier for our personal information to be weaponized against us, and even well-meaning data brokers can be victims of data breaches that leave all of us vulnerable.”

Under the law, brokers must register with the state and pay an annual fee. That annual registration fee is funding the new Delete Request and Opt-Out Platform (DROP). Starting in August, California residents who use this free service can have their data profiles wiped – and kept that way, with mandatory deletions every 45 days.

Next up – the California Opt Me Out Act, which goes into effect in 2027. It will require major browsers to offer users one simple switch – one click to say “no” to data sharing across thousands of websites. Technically, it’s known as an OOPS, an Opt-Out Preference Signal.

It certainly doesn’t sound like a mistake. Here’s hoping – California dreamin’ – that these initiatives take root. Perhaps they will be so well received that our representatives in Washington will be inspired to follow suit by curbing the limitless appetite of federal agencies for Americans’ personal data.
​
The last hope may still be a dream. But if the nation’s most populous state can take such steps, it’s a dream worth having.

​Privacy is a bedrock of American democracy. The fight to preserve it never ends, and the struggle ever been more fierce.

PPSA stood in the gap throughout 2025 alongside our coalition allies. On this news blog we published more than 200 articles calling attention to surveillance threats to Americans’ privacy. But we did more than raise awareness and offer our perspective. We took action. Here’s a list of the concrete ways we engaged in the privacy fight throughout 2025:

On the public record:

• PPSA’s senior policy advisor and former House Judiciary Chairman Bob Goodlatte supported congressional efforts to repeal the Corporate Transparency Act, whose database provisions and disclosure requirements represent an unprecedented threat to Americans’ financial privacy. Two months later, Treasury announced it would no longer enforce the CTA’s penalties. Secretary Scott Bessent called it a “victory for common sense.”
  
• Bob Goodlatte also dispatched a letter to Attorney General Pam Bondi warning of the UK’s abuse of technical capabilities notices (TCNs) under the CLOUD Act agreement. “I am deeply troubled by how the United Kingdom has taken advantage of our goodwill,” he wrote, urging the Department of Justice to suspend the Agreement unless and until the UK withdraws its use of TCNs. These secret orders, issued under the UK Investigatory Powers Act, can compel U.S. technology companies to weaken, delay, or suspend the deployment of essential security features.
  
• Gene Schaerr, PPSA general counsel, praised a district court ruling in United States v. Hasbajrami. This ruling found that warrantless searches of U.S. citizens’ communications are an abuse of the Foreign Intelligence Surveillance Act (FISA) and violate the Fourth Amendment. “We can have aggressive protection of the American people while standing up for the Constitution,” Schaerr said. “This court recognized that those two principles can go hand in hand.”
  
• PPSA President Erik Jaffe called on the U.S. government to push back against the British government’s “internet imperialism” when it demanded that Apple provide Whitehall with access to all encrypted communications. He said: “Efforts to give the government back-door access to encryption is no different than the government pressuring every locksmith and lock maker to give it an extra key to every home and apartment.”

In the legal and legislative arenas:

• In two separate appearances, Schaerr testified before Congress that Section 702 is symptomatic of the larger anti-privacy, pro-surveillance arc the U.S. government has increasingly embraced. “Elements of an emerging American surveillance state are being knitted together before our eyes,” he warned. In April 2026, Congress will have the opportunity to reform FISA Section 702. In testimony before the House Judiciary Committee, Schaerr anticipated that moment by outlining four critical reforms advanced by PPSA and our allies.

In court:

• In Case v. Montana, PPSA filed a brief asking the U.S. Supreme Court to preserve the privacy standard previously established in Caniglia v. Strom. The Caniglia ruling greatly restricted the use of warrantless home entry under the “community caretaking” exception. Our message? Ignoring that standard is a slippery slope. “Lowering the burden for warrantless home invasion would lower the burdens for warrantless invasion of all other repositories of private information.” PPSA’s amicus brief was the only one filed in the case, and the Supreme Court granted the petitioner’s request a few months later.
  
• Lowering privacy standards is inextricably linked to diminishing expectations of a right to privacy. Preventing this destructive codependence was at the heart of the brief we filed with the Supreme Court on behalf of James Harper. In Harper's case, the First Circuit’s interpretation of the third-party doctrine would have limited the notion of privacy to something belonging to the bygone era of paper and ink. Our data deserves the same privacy the Founders granted its physical analogs in the 19th century, especially as “third-party storage becomes ubiquitous” in the digital age.
  
• Such sweeping interpretations of the third-party doctrine bedeviled privacy rights at every turn in 2025. In a Wisconsin case, we reminded the state’s high court that searches of personal data were subject to the Fourth Amendment regardless of how that data is stored: “The ransacking of our cloud-based data is much like the ‘general warrants’ of the colonial era, when agents of the Crown could rifle through anyone’s documents at will.”

PPSA also filed briefs in 2025 before the Supreme Court on the nature of geofence warrants, before a federal appellate court on the expansive practice of border searches of phones, and before a state court on sweeping searches of data in a phone unrelated to a probable cause warrant.

Near the end of the year, we applauded the Judiciary Committee’s bipartisan – and unanimous – decision to put the Non-Disclosure Order (NDO) Fairness Act before the full House for a vote. Earlier in the year, PPSA congratulated House Majority Whip Tom Emmer (R-MN) for his tireless work to pass the Anti-CBDC bill, forbidding the Federal Reserve from establishing a government-issued digital currency. As we noted at the time, a central bank digital currency “would enable mass surveillance of American consumers, and the debanking of any targeted group.”

Finally, we were encouraged when the Department of Justice showed a more responsive spirit in reply to one of our FOIA requests. In the past, when we asked about internal policies regarding the use of cell-site simulators (“stingrays”), we were met with non-reply responses, often redacted to the point of absurdity. This time, however, the department suggested it intends to comply with its 2015 memo requiring probable cause warrants before stingrays could be used.
​
We are glad to see a change of heart, but we won’t stop issuing FOIAs. Trust, but verify.

​Michael Moore is a retired public-school teacher living in San Francisco. Nearly every day, as he drives to the store, to his sons’ schools, or to meet friends and family, his movements are watched and recorded at every turn. But he is not being tailed by a private detective or by the police.

Moore, like every other driver in San Francisco, is being tracked because he must navigate through the city’s network of almost 500 automated license plate readers (ALPRs).

These devices, operated by the San Francisco Police Department (SFPD), constitute a major link in the national surveillance network that the vendor Flock Safety is providing to state and local law enforcement. Moore has had enough. At the end of December, he filed a class action lawsuit in a federal courtroom on his behalf and on behalf of his fellow San Franciscans against the city and its police department over this continuous violation of their Fourth Amendment rights.

In his suit, Moore states that Flock ALPRs “make it functionally impossible to drive anywhere in the City without having one’s movement tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of one’s movements.”

Here are some of the topline revelations from Moore’s lawsuit:

Suspiciousness surveillance: Of the over 1 billion license plate scans collected by 82 agencies nationwide in 2019, “99.9 percent of this surveillance data was not actively related to any criminal investigation when it was collected.”

Creates “vehicle fingerprints”: “When Flock Cameras capture an image of a car, Flock’s software uses machine learning to create what Flock calls a ‘Vehicle Fingerprint.’ The ‘fingerprint’ includes the color and make and model of the car and any distinctive features, like an anti-Trump bumper sticker or roof rack. Flock’s software converts each of those details into text and stores them into an organized database.”

Tracks social networks: “Flock provides advanced search and artificial intelligence functions that SFPD officers can use to output a list of locations a car has been captured, create lists of cars that have visited specific locations, and even track cars that are seen together.”

Data stored indefinitely: “The data that Flock Cameras collect belong to the SFPD but Flock retains data on a rolling 30-day basis. Nothing, however, prevents the SFPD or its officers from downloading and saving the data for longer than SFPD’s 365-day retention period.”

Flock doesn’t just see and record – it thinks and analyzes:

“ALPR technology is a powerful surveillance tool that is used to invade the privacy of individuals and violate the rights of entire communities. ALPR systems collect and store location about drivers whose vehicles pass through ALPR cameras’ fields of view, which, along with the date and time of capture, can be organized by a database that develops a driver profile revealing sensitive details about where individuals work, live, associate, worship, protest and travel.”

Moore’s lawsuit poses a profound constitutional question: Can a city turn every resident into a perpetual suspect simply for driving on public roads?
​
The Fourth Amendment was written to forbid dragnet surveillance untethered to suspicion, warrants, or individualized cause. Yet San Francisco has quietly constructed a system that records nearly every movement of its citizens, not because they are suspected of wrongdoing, but because technology makes it easy. If this practice is allowed to stand, the right to move freely without government monitoring may become a relic – honored in theory, but surrendered in practice to cameras, algorithms, and convenience.

​If you got a Roomba for Christmas, we have good news and bad news. The good news is that your product will likely continue to be supported despite the company’s recent bankruptcy filing. The bad news: this Massachusetts-based brand may soon be just another piece of Chinese-owned spy tech.

Amazon tried to buy iRobot, the maker of Roomba, in 2021, but that deal was ultimately nixed by the Federal Trade Commission on antitrust grounds. Now, if a judge approves the pending sale of iRobot to Shenzhen Picea Robotics, Roomba will join numerous brands under the ever-expanding surveillance umbrella that many Chinese products represent.

Not that China is the sole problem when it comes to protecting the privacy of American consumer data. The United States has no robust privacy laws apart from a few state initiatives, and the data practices of companies like Amazon are a mixed bag. But the Chinese Communist Party doesn't even pretend to care about privacy, instead marketing highly functional (and affordable) electronics capable of gathering all manner of personal information. This ill-fated combination has created a veritable Wild West when it comes to the consumer electronics market.

iRobot says Roomba will remain an American brand, a claim that means little when no one is minding the privacy store in the first place. So you can either trust that your data will be treated with care (good luck) or you can try to protect yourself just a bit. According to experts, disconnecting from Wi-Fi and Bluetooth will likely disable any advanced features but will not prevent Roomba models from actually cleaning.

“Advanced features” in this context mostly mean updates to the app, which Roombas can operate without. And it certainly refers to a data pipeline that goes straight to who-knows-where, replete with maps of your home’s layout and eye-level images of your pets and you playing on the floor. Remember, any connected devices, including vacuum cleaners, can be (and have been) hacked.
​
Apps are black holes for data and privacy anyway. So just press “Clean” and forget it.

​In the 1980s, singer Rockwell went to the top of the charts with “Somebody’s Watching Me,” a synth-pop, R&B celebration of unrestrained paranoia. In one verse, he asks: “Can the people on TV see me, or am I just paranoid?”

On that point, you can relax. The (truly) odious Jackson Lamb in Slow Horses and the passive-aggressive aliens on Pluribus cannot see you. But if you have a smart TV equipped with a camera for recognizing gesture control, or for making video calls, your TV itself might be watching you – although manufacturers are dropping this feature after being hit with a tsunami of consumer outrage. After all, who is at their best sitting on the couch at 9 o’clock at night?

The real danger is Automated Content Recognition (ACR) technology, which can capture screenshots of a user’s television display every 500 milliseconds, monitoring your viewing in real time, and transmitting that information back to the company without your knowledge or consent. Your personal information then becomes a commodity on the consumer data market.

Texas Attorney General Ken Paxton said in a statement that this technology can put private and sensitive information – from passwords to bank information – at risk. Consumer activist and privacy expert Louis Rossmann explains that if your TV is connecting to home security cameras, if you use your TV as a computer screen for searching the web, or if you send videos and photos through your TV, ACR captures all that information.  

“The television is, unfortunately, a form of spyware,” says Rossmann.

Paxton is now suing Sony, Samsung, and LG, as well as Chinese-based Hisense and TCL Technology Corporation for secretly recording and harvesting consumer data.

“Companies, especially those connected to the Chinese Communist Party, have no business illegally recording Americans’ devices inside their own homes,” Attorney General Paxton said. “This conduct is invasive, deceptive, and unlawful. The fundamental right to privacy will be protected in Texas because owning a television does not mean surrendering your personal information to Big Tech or foreign adversaries.”

Watch Rossmann for detailed descriptions of these companies’ labyrinthine concept of informed consent and the technical ways you can try to sidestep surveillance. As Paxton’s lawsuit matures, we will see if courts will find actual law-breaking here, or just another abuse of consumer trust.
​
Stay tuned.

​There are few spaces meant to be more private than the bedroom. But that, writes Wired’s Chloe Valentine, may be about to change. In a trend that gives a twisted new meaning to the concept of the “Internet of Things,” sex toys are joining the ranks of app-connected devices. As they do, the adult toy industry has found a way to breach one of privacy’s few remaining sanctums.

Who knew there was an app for that?

But here’s the thing about apps: users see them as a way to interact with devices. Companies, however, view them as something much more valuable – collectors of data that can be monetized. And what better place to collect personal information than the boudoir?

As if data privacy wasn’t already teetering on the brink, along comes a new – and deeply invasive – set of variables to track and mine for insights. Think of it this way: If it’s a setting on the device, it’s measurable. And if it’s measurable, it has value to the company that markets it.

Behavioral data is especially valuable but was long notoriously difficult to obtain until about a decade ago, when the consumer IoT market began to proliferate. Thanks to the rise of connected devices, companies can now acquire behavioral data about their consumers in the most accurate and intimate way possible – by observing them in the act.

For those who are comfortable with sex toy companies gathering their behavioral data, that’s their prerogative. But sexual behavior data potentially includes many things: location information, usage frequency, which toy a consumer is using, even which functions and intensity settings they choose. When combined with purchase records and demographic data, this amounts to an expansive – and intensely personal – profile.

Moreover, there is no way to truly guarantee anonymity, despite what organizations may claim. Meanwhile, the potential actions of hackers or other bad actors remain an ever-present threat. And in the end consumer data is just as likely as not to end up in the hands of brokers who won’t hesitate to sell it to any interested parties (whether obtained legally or not, the rotten practice of data brokering remains perfectly legal).

If you add cameras and Wi-Fi to the mix, then you’ve got another layer of “What could possibly go wrong?” Here one need only recall the sordid tale of the Savkom Siime Eye, an early entrant in the field of IoT adult toys.

If you get one of the new generation of adult toys, start by checking permission settings in the product’s app – and on your smart phone more generally. Most smartphones eagerly assist apps in sharing information, so you might be shocked to learn just how much your data gets around.

As a reminder, check the app settings for your other connected devices, including:

Appliances, smart glasses, security cameras, vehicles, doorbells, wearables, children’s toys, small electrics, TVs, thermostats, plugs and switches, lightbulbs, speakers, navigation systems, locks, motion detectors, smoke alarms, air purifiers, humidifiers, blinds, garage door openers, irrigation systems, solar panels, rechargeable batteries, carbon monoxide detectors, projectors, soundbars, gaming consoles, rings, hearing aids, scales, bikes, scooters, conference systems, printers, lighting panels, pet feeders, litter boxes, aquariums, and birdhouses.

Plus your toothbrush. And don’t forget your mattress.
​
Feeling safe now?

​Fresh on the heels of the Bill of Rights’ 234th birthday comes a salient reminder of just how difficult it is for those in power to resist abusing their authority, and why the Fourth Amendment in particular is every bit as relevant today as it was in 1791.

Wilmer Chavarria is suing the U.S. Department of Homeland Security (DHS) for an incident in Houston in July. According to his lawsuit, U.S. Customs and Border Patrol (CBP) agents detained him, demanded his passwords, then searched the contents of his devices as he tried to enter the country at George Bush Intercontinental.

Actually, make that returning home rather than trying to enter – Wilmer Chavarria is as American as tarta de manzana. He’s a school superintendent in Vermont, where apples are the state fruit and apple pie is literally the state pie (either à la mode or with cheddar). Born in Nicaragua, Chavarria became a citizen of the United States in 2018 after coming here a full decade earlier to do that most American of things – get an education. That day in July, this American citizen was returning home after visiting his mother and family in Nicaragua.

CBP separated him from his husband, then interrogated Chavarria for several hours before releasing him without explanation. Along the way, he was informed that he had no Fourth Amendment right to resist. The primary problem with that argument is, of course, that the Fourth Amendment applies to all American citizens. It clearly states that no one living under the authority of the Constitution must endure unreasonable search and seizure, and that a warrant, based on probable cause, must be obtained by authorities whenever one’s personal effects are to be searched.

To be clear, these protections do not apply to noncitizens seeking to enter the country. Chavarria was utterly and completely covered the moment he finished swearing “so help me God,” on the day of his naturalization. 

Another potential problem with the DHS/CBP argument is a landmark 2014 decision in which the U.S. Supreme Court declared that digital devices like cellphones are covered by the amendment’s original language of “persons, houses, papers, and effects.” But the ruling left the notorious “border exception” intact, which may explain CBP’s inclination to take a constitutional mile with the mere inch the parchment actually gives them. With any luck, Chavarria’s case may breathe renewed life into the space that United States v. Smith clawed back from the border exception in 2023.

Despite such rulings, border agents seem not only unfazed but also emboldened. According to research by the Pacific Legal Foundation, warrantless searches of electronic devices have quadrupled in the decade since the high court’s original 2014 ruling.

When asked about cases like Chavarria’s, CBP demurs. These tactics are “rare” and “highly regulated” according to the agency’s assistant commissioner Hilton Beckham. She also insisted to the Houston Chronicle that such searches are only used to combat serious crimes. “Lawful travelers,” she says, need not fear.

By such logic, Chavarria must have somehow represented a danger to national security. Perhaps New England schoolchildren, gay marriage, and naturalized Nicaraguans are a greater existential threat to the future of the republic than anyone previously realized.

Or it could be good old fashioned political targeting. In April, mere months before his trip, Chavarria refused to sign his state’s request to certify to the U.S. Department of Education that Vermont was not using “illegal DEI practices.” And he did so on the record, noting that his district is the most diverse in the state. The federal request was one that some 19 states, eventually including Vermont, simply refused to comply with. Agree or disagree with that position, it should be a matter of serious concern for people of all political stripes if the government applied a political standard to its warrantless intrusion into an American’s digital devices.

It is perhaps no coincidence, then, that before he even boarded his domestic flight back to Vermont that day, Chavarria received an email. In it, CBP announced that his longtime TSA Global Entry status had been revoked because he suddenly “did not meet program eligibility requirements.”
​
So it’s come to this: If you’re traveling abroad, consider using burner phones and leaving your personal and work devices at home.

​If you’ve read Rick Atkinson’s prize-winning books on the American Revolution or watched Ken Burns’ documentaries on that founding event, you know how deeply Americans have always valued privacy. The Revolution itself was sparked, in part, by outrage over the British Crown’s use of “general warrants” – sweeping authorities that allowed the King’s agents to ransack homes, warehouses, offices, and ships at dock in search of anything they deemed suspicious.

Now, nearly 250 years after the Declaration of Independence, London is at it again.

This time, the British government is executing a plan to override the security and encryption protections built into U.S. technology products – exposing the private data of Americans, and potentially users around the world, beginning with Apple devices.

The CLOUD Act — and a Deal Gone Wrong

PPSA Senior Policy Advisor Bob Goodlatte knows this territory well. A former congressman from Virginia and Chairman of the House Judiciary Committee, Goodlatte helped lead passage in 2018 of the Clarifying Lawful Overseas Use of Data Act, better known as the CLOUD Act.

The CLOUD Act allows the United States and trusted foreign partners to enter into data-sharing agreements, enabling law enforcement to seek data through warrants or subpoenas regardless of where that data is stored. But Congress paired this authority with firm guardrails to protect privacy, civil liberties, and the rule of law.

One of those agreements – the U.S.–UK Data Access Agreement (DAA) – has now veered sharply off course.

“I am deeply troubled by how the United Kingdom has taken advantage of our goodwill,” Goodlatte wrote in a letter sent late last week to Attorney General Pam Bondi.

Britain’s Abuse of Surveillance Powers

At issue is the UK’s use of so-called Technical Capabilities Notices, or TCNs, issued under the UK Investigatory Powers Act. These secret orders can compel U.S. technology companies to weaken, delay, or suspend the deployment of essential security features, including end-to-end encryption.

“The threat to Americans’ privacy from these measures is real,” Goodlatte warned, whether the UK’s actions affect U.S. companies’ global products or are limited to services offered in Britain. Even in the latter case, he explained, the consequences are profound: increased risk of global surveillance, compromised digital infrastructure, and a direct assault on the protections Congress demanded when it approved the agreement.

Approval Rights and Gag Orders on U.S. Companies

Goodlatte also pointed to a particularly alarming requirement: U.S. companies must notify the British government before rolling out security upgrades – precisely the kind of foreign leverage Congress explicitly sought to prevent.

The CLOUD Act’s promise of streamlined cross-border cooperation, he wrote, “was never intended by Congress to be leveraged by a foreign partner to compel any form of ‘backdoor’ access or other types of decryption assistance.”

Even worse, UK policy reportedly imposes gag orders that prevent U.S. companies, starting with Apple, from disclosing this interference even to the U.S. government itself.

The Only Remedy: Suspend the Agreement

The CLOUD Act anticipated this scenario. Under the DAA, the United States may suspend or terminate the agreement when a partner government’s laws or practices materially undermine its privacy and civil liberties commitments.

“Accordingly,” Goodlatte wrote, “I urge the Department of Justice to invoke Article 12.3 and suspend the Agreement unless and until the UK withdraws its use of TCNs.”

During passage of the CLOUD Act, Goodlatte insisted on strong congressional oversight of the law’s implementation. Now, he is calling on the Justice Department to enforce the deal’s terms – and protect Americans from a digital revival of the general warrants our founders fought to abolish.
​
Expect sitting Members of Congress to take up that call as well.

​Almost every day, we learn of new capabilities in China’s ever-expanding surveillance and intimidation operations. Xi Jinping’s regime is perfecting its ability to track enemies, even as far from Beijing as West Texas.

Consider the story of Li Chuanliang, a retired Communist Party official who fled China and was granted asylum in the United States. Now in Midland, Texas, Li told the Associated Press:

“They track you 24 hours a day. All your electronics, your phone – they’ll use every method to find you, your relatives, your friends, where you live: No matter where you are, you’re under their control.”

What’s even more disturbing may be the source of China’s capabilities. Technology first deployed to track and persecute China’s Muslim Uyghur minority now helps power the country’s worldwide surveillance network,  supported by technology developed in the United States.

When the AP asked U.S. companies about their role in such potentially deadly technology transfer, most deflected: “IBM said in a statement that it sold its division making the i2 program in 2022, and has ‘robust processes’ to ensure its technology is used responsibly. Oracle declined comment, and Microsoft did not respond.”

But for China, it’s all been a golden opportunity – literally. The regime named the U.S.-derived lynchpins of its surveillance network “Golden Tax,” “Golden Finance,” and “Golden Audit.” (See also China’s notorious Golden Shield program, which American cyber-giant Cisco helped to build.)

The Chinese Communist Party hunts for its perceived enemies in-person as well as online. It involves attempts to recruit American citizens to the cause, according to court filings against two Chinese organizations. The schemes included the use of fake social media accounts to intimidate Chinese dissidents residing abroad.

And, it seems, they occasionally have help from U.S. citizens such as an ex-New York cop convicted of hunting dissidents for the PRC. It’s a sordid tale and, sadly, far from an isolated incident. Nor is the tale of such transnational aggression limited to state actors like China alone.

In addition to matters of statecraft, the human toll exacted by such global Big Brother programs is immeasurable, as seen in the mental health effects of state surveillance on Chinese students who are merely studying in the United States. Some have cut all ties to family and friends back home to protect their loved ones from the suspicion that comes from simply being in America.

We should remember these souls during this season of light. If you know a Chinese student or resident who doesn’t seem to have many friends here, it might not be by choice. Consider reaching out to them in person and offering your support. Just be careful about using your cellphone (or theirs) to make plans. Consider getting your church involved too, like congregants in Midland did for Li and others.
​
Speaking of which, check out the AP’s poignant photo essay chronicling Li’s attempts to build a new life in Midland, together with other Chinese expatriates.

​The Bill of Rights was ratified on this day in 1791 — guaranteeing that in addition to free speech, freedom of religious exercise, the right to due process, and other natural rights — that the government must obtain a probable cause warrant from a judge before it can search our persons, houses, papers, and effects. It established what the Founders hoped would be a bright line against unreasonable searches and seizures.
 
Unfortunately, with the rise of surveillance technology, the Fourth Amendment is often observed today in the breach. But it is still a shield against police entry into Americans' home and unreasonable physical searches. Let this birthday remind us of the need to jealously guard our freedoms — and extend them to the digital world, as well as the physical. 

VICE recently interviewed privacy expert Jason Bassler about the many ways that surveillance has crept into our daily lives and become more or less normalized. Jason is the co-founder of the Free Thought Project, whose site you might not want to visit if you’re already paranoid about being watched.

Among the observations that Jason offered VICE were the following. Think of them as a “State of Our Privacy” report:

Smartphones are the well-connected spies in our hand:

“Today’s mobile tech goes far beyond anything we saw even five years ago. Our phones constantly ping GPS satellites, Wi-Fi networks, and cell towers to triangulate our location, whether or not you’re using a map app. Apps quietly harvest this data and sell it to data brokers, who in turn sell it to agencies like ICE, the FBI, and even the U.S. military.”

If it’s a border, it’s biometric:

“TSA is expanding biometric surveillance across nearly all U.S. airports as part of a $5.5 billion modernization push. Airports nationwide will be utilizing facial recognition software, and over 250 airports will be accepting digital ID verification. It’s a similar situation with the U.S. Customs and Border Protection. Biometric data collected at borders is often retained indefinitely, and it’s increasingly shared with law enforcement and intelligence agencies, raising concerns about lack of oversight. Border control isn’t just about fences anymore. It’s about fingerprints, facial scans, and AI predictions.”

License plate readers are nearly ubiquitous:

“They’re designed to capture, analyze, and store vehicle data in real time. Think of them as a cop on the corner of your street, taking notes about every car that passes – its color, its make, its year, where it’s going, how often it goes there, how long it stays, and much more. Now, imagine an army of cops on every corner of your city doing that. This is what Flock [Safety brand] cameras are, except they are mounted on poles and traffic lights.”

Bassler also recommends the following ways to fight back against what he calls the growing “ecosystem” of surveillance and its normalizing influence:

• “Obscure your biometrics, especially if you’re at a protest or political event.

​

• Opt for strong passwords and turn off biometric unlocking features on your phone and devices.

 

• Disable GPS or Bluetooth when not in use, and avoid apps that demand location access.

 

• Use privacy-first tools and tech. Encrypted messaging apps like Signal help; VPNs and privacy browsers like Brave all help move in a better direction.

 

• Minimize your data trail – don’t overshare on social media, avoid posting real-time location or personal identifiers. Also, always opt out when possible. Decline facial scans at airports, stores, and events.”

Finally, Bassler reminds us to push back politically and let our voices be heard. One way to do that is to remind Congress to finish passing the Fourth Amendment Is Not For Sale Act and send it to the president’s desk.
​
For Vice’s interview with Bassler go here.

​Now more than ever, be careful about choosing collaboration partners. That’s the lesson Strategy Risks and the Human Rights Foundation are drawing in a new report. Their findings are a jaw-dropping wake-up call about China manipulating Western institutions into giving up cutting-edge AI knowledge to serve its dictatorship.

Here’s the play-by-play:
​

1. Beginning in 2000, the U.S. and UK governments, along with other Western sources, funded numerous research projects at various academic institutions, including at MIT, Stanford, and Oxford.  
   
   
2. Using that money, the researchers partnered with two state-backed Chinese AI labs (this is where you should say, “Uh-oh!”) and co-authored roughly 3,000 papers.
   
   
3. This was applied research, a branch of academia that over the past 20 years has come to dominate high-dollar research grants, especially in the areas of security and technology. These papers were tasked with finding answers to real-world questions.
   
   
4. And while such pragmatic endeavors are not problematic in principle, these particular real-world questions weren’t about polar ice cap tenacity or the migration patterns of Central American bees. Instead, they’re straight out of Voldemort’s dark-arts agenda: How to track multiple “objects” (e.g., people) simultaneously. How to recognize the gait patterns of individuals (it turns out such patterns can be as unique as fingerprints), and how to see in the dark (because who doesn’t want to be able to do that?).
   
   
5. Why on earth would the Chinese be interested in obtaining the answers to such curious questions? The Chinese Communist Party’s technocratic authoritarian superstate requires certain capabilities: Mass surveillance, gathering intel on Western corporations, and exploring the intersections of AI, mathematics, and physics.

It gets worse. U.S. Department of Defense agencies were also involved in the funding process, and their specialized involvement helped drive research into national security questions: Optical-phase-shifting tech and biometric monitoring, to cite two examples. The Chinese military is keen on tracking people using drones and facial recognition algorithms. Or more to the point: it is keen on surveilling, detaining, and persecuting more than one million Uyghur Muslims. 

The report found that ethics watchdogs on the Western side lost their bark. Only two bothered to call out the troubling connection between Western institutions and their Chinese collaborators in the five years since 2020. “A staggering lack of interest,” is how the Human Rights Foundation characterized it to Fox News Digital. Still, in defense of what may have simply been an appalling level of naiveté on the part of Western researchers, the report concludes:

“Chinese laboratories are rarely listed as direct grant recipients, allowing them to bypass due-diligence checks while benefiting directly through co-authorship and knowledge transfer. Taxpayer resources generate knowledge that flows into institutions embedded in China’s apparatus of repression.”

The report then calls for the following guardrails: Mandatory due diligence on human rights, full disclosure of international partnerships, and expanded ethics mandates for AI institutes. It’s a lesson the FBI itself still needs to learn. We would add that this revelation cries out for congressional oversight and hearings – and if the facts warrant it – threats to cut off federal funding.

Of course, those guardrails will have no effect on China’s institutions, where security and technology firms are required to share their findings with the Chinese Communist Party.
​
But at least such reforms will give us a fighting chance to stymie these covert spycraft efforts, as well as to disabuse ourselves of the Faustian illusion that such collaborations were ever, or will ever be, business as usual.

​PPSA General Counsel Gene Schaerr told the House Judiciary Committee on Thursday morning that Congress faces four critical opportunities to restore Americans’ privacy as Section 702 of the Foreign Intelligence Surveillance Act (FISA) comes up for reauthorization in April.

Schaerr praised the committee for holding a timely oversight hearing as the nation approaches the 250th anniversary of the Declaration of Independence. “But with every passing year,” he said, “it is harder to square our emerging surveillance state with the ‘consent of the governed’ articulated in the Declaration.”

One driver of the surveillance state is FISA Section 702, originally enacted to target foreign threats on foreign soil, but which has instead become a tool the federal government uses to warrantlessly spy on Americans at home, he told the committee.

Schaerr then outlined four reforms Congress can enact in the coming months:

1. Add a probable-cause warrant requirement for “queries” – or searches – of Americans' communications caught up in Section 702 surveillance.

Under current rules, government personnel can conduct “backdoor searches” of Americans’ emails, messages, and other communications collected under Section 702 without court approval. A warrant requirement would close this loophole.

2. Require warrants when federal agencies, from the FBI to the IRS, purchase Americans’ sensitive digital information from data brokers.

This commercially available data includes Americans’ browsing histories, transaction and purchase records, online searches, and other revealing information about their private beliefs and associations. It is far more intimate than anything gleaned from diaries or public records.

3. Narrow the 2024 “make everyone a spy” provision.

Added in the final hours of the last surveillance debate, this law obligates providers of free Wi-Fi to comply with secret NSA demands for private communications. It allows the government to conscript office-space providers – including those who rent space to media organizations, law firms, and political campaigns – into enabling warrantless surveillance of people using their buildings’ internet networks. Even churches and other houses of worship could be targeted.

4. Strengthen the role of cleared civil-liberties experts (amici) in the FISA Courts.

Schaerr urged Congress to require courts to rely on amici for politically sensitive FISA cases by finally enacting the “Lee-Leahy Amendment” that passed the Senate in 2020 with 77 votes.
“Nearly a decade after the Trump campaign and transition were illegally surveilled, this key reform – which would have prevented many of the abuses that occurred in 2016 – is still not in place,” Schaerr said. He also urged the loosening of restrictions that prevent existing amici from accessing key materials and proceedings, needed for meaningful oversight inside the secret courts.

Schaerr concluded by praising the committee for taking the lead on congressional surveillance reform.

“With the bipartisan focus that has come to define this Committee’s work in this important area, I am confident that you can right this ship,” Schaerr said.

Gene Schaerr’s full written testimony can be read here.

​On Thursday, December 11 at 9 a.m. (ET), Gene Schaerr, PPSA’s General Counsel, will testify before the House Judiciary Committee – examining the growth of the surveillance state and how Congress can rein it in.

​You will hear:
 

• How the government continues to use Section 702 – a legal authority designed by Congress to surveil foreign threats on foreign soil – to conduct “backdoor searches” of Americans on American soil.

 

• How federal agencies routinely purchase Americans’ sensitive personal digital information, giving the government warrantless access to electronic records, web-browsing activities, transaction and purchase records, online searches, and other data that can be more personal and intimate than a diary.

 

• How a new authority obligates providers of office space for media outlets, law firms, and political campaigns to facilitate warrantless surveillance of their tenants. Even houses of worship are vulnerable to being asked to spy on their congregants.

 

• How the secret surveillance court continues to grant some requests to monitor Americans without meaningful review by experts in civil liberties.

 
Other witnesses will include:
 

• Brett Tolman, Former U.S. Attorney, District of Utah; Executive Director, Right on Crime

 

• James Czerniawski, Head of Emerging Technology Policy, Consumer Choice Center

 

• Liza Goitein, Senior Director, Liberty & National Security, Brennan Center for Justice

 
Again, watch it live at 9 a.m. (ET) on Thursday, Dec. 11, or catch the replay at your convenience.

Axios contributors Christine Clarridge and Russell Contreras recently assessed the increasingly ominous role artificial intelligence is playing in cybercrime. Deepfakes, ransomware, identity hijacks, and infrastructure hacks are all newly elevated threats – widely varied acts that previously required specialized expertise and massive organizations.
But not anymore. Now, they write:

“Off-the-shelf AI lowers the skill level and cost of carrying out attacks, enabling small crews to execute schemes that previously required nation-state resources.”

Here's what else their snapshot revealed:

• Financial systems seem especially vulnerable, but the threat isn’t limited to banks. It potentially affects any entity with customer accounts, from hospitals to water plants to retailers.

• “Crimes can now hit millions at once with voice clones and account takeovers, while local agencies are trained and funded to chase one case at a time.”

• AI can commit crimes humans aren’t capable of: “AI can create automations to ‘lock pick’ into a system millions of times per second, something humans can't do.”

• Almost anything can be disabled in such attacks: a Port of Seattle attack “disabled airport kiosks, baggage systems and Wi-Fi, while exposing data for roughly 90,000 people.” Speaking of Seattle, the Seattle Public Library “suffered a ransomware attack that wiped out its catalog, computers, Wi-Fi and e-books.” It cost Seattle a million dollars and three months to fully recover.

• The Chinese government is all-in: “State-backed hackers used AI tools from Anthropic to automate breaches of major companies and foreign governments during a September cyber campaign.” That attack marks a particularly dark turn, since the level of human involvement required was minimal thanks to AI’s assistance.

• More crimes are happening: “Generative AI has increased the speed and scale of synthetic-identity fraud,” especially where real-time payment systems are involved.

​

• And they are happening faster: “A deepfake attack occurred every five minutes globally in 2024, while digital-document forgeries jumped 244% year-over-year.”

When it comes to cybercrime, these stats suggest that it pays to be more than a little paranoid.