A 2006 German film, The Lives of Others, created a vivid portrait of what it is like to live in a surveillance state – in this case, in old East Berlin under the watchful eye of the Stasi secret police. PPSA has catalogued all of the ways in which technology and thoughtless (and sometimes malign) government intentions bring us closer to living, if not exactly under the Stasi, to something closer to the panopticon in China.
A broad array of robust surveillance technologies is in use around the country – from drones, to ubiquitous private and public cameras, to purchased data owned and reviewed without warrants by government for insights into American’s relationships, location histories and communications, to the warrantless treasure trove of American data in FISA’s Section 702. All that’s lacking is the will and means to knit them all together, with AI technology to perform the menial task of constant surveillance for its human minders. With the emergence of local “fusion centers” around the country to integrate data, the United States is already well down this path. But another key element of a surveillance state, also amply demonstrated by old East Germany, was the willingness – sometimes the eagerness – of people to inform on others. Sometimes the informer was a former lover, a disgruntled neighbor, or a coworker with a grudge to settle. The Stasi was always willing to overlook the motivations of an informer if they had something good and juicy. This is not to say that the decision by financial institutions to volunteer – without any legal process – the confidential banking information of their clients to the FBI makes them Stasi informers or puts us all in Stasi land. Like almost all Americans, banking executives were appropriately horrified by the savage attack on the U.S. Capitol by a violent mob on January 6, 2021. Herein lies the danger – many loopholes in the law begin with a real, legitimate public outrage and the need to rectify it. But when major public and private institutions violate their customers’ reasonable expectations of privacy, in a way utterly outside the law, we normalize illicit behavior that can be used again in the future – and stretched beyond reason – for any purpose. Thanks to the investigations of the Judiciary Committee and its Weaponization subcommittee, we now know that major financial institutions voluntarily conducted a dragnet of vast numbers of customers and gave it apparently unprompted to the FBI and the Financial Crimes Enforcement Network (FinCEN). According to retired FBI Supervisory Intelligence Analyst George Hill, banks “with no directive from the FBI data-mined … customer base” and compiled massive information on customer transactions. Any customer who used a credit or debit card between Jan. 5 and Jan. 7, 2021, in the greater Washington, D.C. area, had their personal information swept up and sent to the FBI. Financial institutions also took an extra step to put anyone who had ever purchased a firearm on the top of that list. Documents obtained by Congressional investigators suggest that the executive branch was brainstorming informal methods – again, outside of any legal process – to obtain even more private customer information from financial institutions. No matter how heinous the acts of those who stormed the U.S. Capitol, this privately conducted dragnet relied on no law to report to the FBI the personal information of large numbers of innocent Americans with no connection whatsoever to that crime. Now Rep. Jim Jordan (R-OH), Chairman of the House Judiciary Committee, has subpoenaed Citibank for documents and communications related to violations of customer privacy. PPSA commends Chairman Jordan. Big corporations must not arrogate to themselves the ability to violate the privacy of their customers without disclosure or paying a price in the civil courts, as well as in the court of public opinion. Chairman Jordan and his committee are performing a necessary duty to nip this practice in the bud before businesses of all sorts begin to volunteer to a sometimes over-reaching government the private information we entrust to them. Sen. Rick Scott (R-FL) recently fired off a letter to FBI Director Christopher Wray holding the Bureau to account for its abuses of Section 702 of the Foreign Intelligence Surveillance Act to spy on American citizens through improper, warrantless searches. The senator points to the “growing list of abuses that have come to light committed by the employees of your agency and the apparent lack of public accountability.”
Sen. Scott’s letter comes on the heels of a tidal wave of reports detailing rampant misbehavior in the FBI. To cite a recent example, PPSA reported on a Foreign Intelligence Surveillance Court opinion that revealed the FBI has spied on high-level U.S. officials, including a U.S. senator, a state senator, and a judge. (The FBI had previously been caught examining the communications of Rep. Darin LaHood, Republican from Illinois). Sen. Scott wrote: “The most recent revelations of frequent and repeated abuses … by the FBI raise concerns for the American public that there are no limits—legal or otherwise—on your investigative powers even when it comes to spying on American citizens.” Sen. Scott’s letter was as substantive as it was critical, requesting the FBI to “explain the accountability for those rogue agents who conducted those illegal queries,” as well as a copy of the range of “‘possible’ disciplinary actions that could be implemented through ‘a new policy of escalating consequences.’” Sen. Scott put it best when he concludes, “the American people and their elected representatives in Congress want to believe in their government and deserve nothing short of full transparency and accountability from the FBI.” PPSA hopes the FBI will respond to this letter with more humility than the mixture of hubris and defensiveness that characterize the communications of Director Wray. State legislatures are passing age-verification laws that require users to upload driver’s licenses or passports to view pornographic material. This is well-meaning – and arguably necessary – legislation to protect children from viewing hardcore pornography online. Such a solution, however, has a drawback that needs to be addressed in legislative language. It leaves the door open for potentially catastrophic data privacy breaches – not to mention granting the FBI and other government agencies immense power, in the words of a declassified government report, to “facilitate blackmail, stalking, harassment, and public shaming.”
In 2022, Louisiana passed HB 142, holding porn sites liable for failing to “perform reasonable age verification methods.” The bill sailed through the legislature with bipartisan support. Since then, six states have passed similar laws. Sixteen others have introduced them. Pornhub responded with suits against Louisiana and Utah, and has ceased doing business altogether in Arkansas, Mississippi, Utah, and Virginia. Today, if you visit Pornhub from an IP address in one of those states, the only thing you’ll see is a video message from porn star Cherie DeVille explaining why you can’t see her with her clothes off. DeVille’s message is a simplified version of arguments made by the Free Speech Coalition, a porn industry advocacy and trade group. One of the solutions offered by that group is to verify age by device. It would be child’s play, however, for hackers and government(s) to deanonymize IP addresses. Whether we adopt either age-verification solution – those of the legislators or those of the porn industry – a risk is created that hackers and the FBI can exploit adult’s private browsing histories. It’s not like there’s no appetite for government to use personal information. Documents obtained through a Freedom of Information Act request show that the Defense Intelligence Agency uses commercially available data for “cover operations.” The FBI has a team dedicated to parsing cell tower data. A multitude of federal, state, and local law enforcement – as well as intelligence agencies – regularly purchase vast troves of personal information from data brokers, and then warrantlessly search that data in flagrant violation of the Fourth Amendment. You’ll forgive us for not expecting government restraint when it is presented with an Aladdin’s Cave of mortifying search histories. Imagine, for example, a bystander in a white-collar crime investigation who gets a visit from an FBI agent seeking his cooperation as a wire-wearing, confidential informant. “By the way,” the agent says in passing, “this is neither here nor there, but I happened to notice that you frequent a website that makes creative uses of My Little Pony. Wouldn’t want that to get out, now would we?” It is likely that more legislators in more states will act out of the belief that hardcore porn seen by children is a crisis that needs to be addressed. Lawmakers should keep in mind, however, the need to include privacy measures in such legislation. One place to start would be a blanket restriction of any sale of browsing data, or warrantless access to it by government agencies. Or perhaps the sites could delete the data once approval is granted. We’re not sure what the best solution would look like, but we’ll know it when we see it. Gene Schaerr, PPSA general counsel, today announced the filing of an administrative appeal with the Department of Justice after a “ludicrous scavenger hunt response” from the FBI to a Freedom of Information Act (FOIA) request.
PPSA had submitted this FOIA request in mid-June asking for documents from DOJ law enforcement agencies. PPSA sought records about the use of administrative subpoenas, which are often used to collect bulk data rather than aim at an identifiable target for a specific reason, as required by the Fourth Amendment of the U.S. Constitution. These subpoenas are often used without any showing of probable case. To learn more about this practice, PPSA requested documents concerning when DOJ uses administrative subpoenas, “whether and when it has used them without probable cause, when it has used them as alternatives to a court-ordered subpoena, and when DOJ shares data obtained through administrative subpoenas with other federal or state agencies.” But the FBI couldn’t trouble itself to search for any records. Instead, the FBI blithely directed PPSA to rummage through the voluminous documents on its online “Search Vault,” suggesting that there could be responsive records somewhere in that database. The FBI never suggested that all responsive records would be found in the Vault. “The FBI’s scavenger hunt response is ludicrous,” Schaerr said. “PPSA sought records reflecting the FBI’s use of administrative subpoenas with and without probable cause. In both instances, the request did not require the FBI to do anything other than search for records concerning the use of administrative subpoenas, and how those subpoenas addressed the presence or absence of probable cause.” Schaerr cited a precedent, Miller v. Casey (1984), that the FBI is bound to read a FOIA request as drafted, not as agency officials might wish it was drafted. “The FBI’s willful refusal to search is a legal error,” Schaerr said. “The FBI might want to avoid the work FOIA requires of it, but we are hopeful the Director of Information Policy at DOJ, and beyond that if necessary, the courts, will recognize that the law does not recognize exceptions for inconvenience.” PPSA awaits responses from other DOJ components, ranging from the Executive Office for United States Attorneys, DOJ’s Criminal Division, the Drug Enforcement Administration, and the Bureau of Alcohol, Tobacco, Firearms and Explosives. Woman, Eight Months Pregnant, Arrested for Carjacking and RobberyPPSA has long followed the dysfunctionality of facial recognition technology and police overreliance on it to identify suspects. As we reported in January, three common facial recognition tools failed every time they were confronted with images of 16 pairs of people who resembled one another.
This technology is most apt to make mistakes with people of color and with women. Stories had piled up about Americans – overwhelmingly Black men – who have been mistakenly arrested, including one Georgia man arrested and held for a week for stealing handbags in Louisiana. That innocent man had never set foot in Louisiana. Now we have the first woman falsely arrested for the crime of resembling a scofflaw. Porcha Woodruff, a 32-year-old Black woman and nursing student in Detroit, was arrested at her doorstep while her children cried. Woodruff, eight months pregnant, was told by police that she was being arrested for a recent carjacking and robbery. “I was having contractions in the holding cell,” Woodruff told The New York Times’ Kashmir Hill. “My back was sending me sharp pains. I was having spasms.” After being released on bond, Woodruff had to go straight to the hospital. The obvious danger of this technology is that it tends to misidentify people, a problem exacerbated by distinctly lazy investigations by police. We see a larger danger: as public and private cameras are increasingly networked, and law enforcement agencies can fully track our movements, this technology will mistakenly put some Americans at the scene of a crime. And if the technology improves and someday works flawlessly? We can be assured of being followed throughout our day – who we meet with, where we worship or engage in political activity or protest – with perfect accuracy. The Heritage Foundation recently published a sweeping take on FBI reform by Distinguished Fellow Steven Bradbury that amounts to ripping up the current structure of the Bureau and starting over. There is much to appreciate in this iconoclastic report, with far-reaching changes that warrant careful review on Capitol Hill.
Here are some of Bradbury’s more intriguing proposals to “reimagine the FBI from the ground up”:
In addition to these structural changes, the report proposes a minimum set of actions required to end the FBI’s abuses of its authority. Worthy and sensible recommendations include reforms to insulate the FBI from the Section 702 program, to require the FISA Court to appoint an amicus in all politically sensitive cases involving U.S. persons, and to improve oversight of politically sensitive FBI investigations. PPSA commends Heritage for thinking outside of the Beltway box; however, countering FBI abuses is just one Washington element in need of reform. We are hopeful Congress will also focus on reforming Section 702, end warrantless data purchases, and address other abuses of Americans’ civil liberties. On Aug. 5, The Wall Street Journal gave readers an uncharacteristically off take about Section 702 of the Foreign Intelligence Surveillance Act. The Journal posed a false dichotomy – we must either reauthorize Section 702 as it is, or let it lapse and expose Americans to the next terrorist attack.
Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee, offered this response in a letter-to-the-editor. Americans who rely on WhatsApp, Signal, Telegram, and other encrypted messaging services for private conversations may soon have this option taken away from us – by the British House of Lords.
The UK Parliament is close to passing the Online Safety Bill, which will give the UK government the power to scan every message online. The stated purpose is to catch child abusers and terrorists. A blog posted by Element, the UK’s popular encrypted app, says the bill will be “the online equivalent of installing a CCTV camera into everyone’s bedroom, hooked up to an artificial intelligence classifier which sends footage back to the authorities whenever it thinks it sees something illegal happening.” The Element blog says that Apple (which has joined the coalition in opposition to this bill) has built-in scanning technology that has trouble distinguishing a cow from a horse. “The privacy implications are catastrophic.” Worst of all, the bill would likely defeat its own noble purpose. Once backdoors are introduced into encrypted services, tyrannical governments, terrorists, cartels, and abusers of women and children will eventually get their hands on it. The likely victims will be journalists and whistleblowers, dissidents, and women and their children hiding in shelters from their persecutors. “It means that healthcare information, financial details, conversations regarding air-traffic control, electricity grids, nuclear power plants, military maneuvers … none of it would be protected by end-to-end encryption,” blogger Matthew Hodgson writes on the Element blog. “Bad actors don’t play by the rules.” Such a capability would also give governments the means to deepen the censorship of the internet. If anyone doubts official determination to do so, the UK government recently added an amendment to this bill that “posting videos of people crossing the Channel that show that activity in a positive light” should be considered “priority illegal content.” Imagine if such tools of censorship were to be applied by either U.S. political party to the controversies surrounding the southern border of the United States, or any other contentious issue. Worse, the UK bill would hammer home the power of censorship, at least in the UK, with a threat of criminal sanctions for individual senior managers of online platforms. Hearing the tinkling of the jailer’s key, every executive would become a willing censor. If the UK presses forward with this bill, it will break end-to-end encryption, “opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves.” And that train of bad consequences will happen everywhere, including here in the USA. Any decent person wants to combat child abuse and terrorists. But it should not come about by involving millions of innocent people as collateral casualties, while arguably undermining the very noble goals of this legislation. The recently departed novelist, Milan Kundera, wrote that “a man who loses his privacy loses everything.” The Electronic Frontier Foundation is organizing a worldwide response. Americans can register our protest directly to Parliament here. PPSA is asking a DC federal court to compel the top federal intelligence and law enforcement agencies to search for records related to how they acquire and use the private, personal information of 110 Members of Congress purchased from third-party data brokers.
In a Freedom of Information Act (FOIA) request filed in July, 2021, PPSA had asked the Office of the Director of National Intelligence, the National Security Agency, the Department of Justice and the FBI, and the CIA for records related to the possible purchase and use of commercially available information on current and former members of the House and Senate Judiciary Committees. The request covered such leading Members of Congress as House Judiciary Chairman Jim Jordan, Ranking Member Jerry Nadler, Senate Judiciary Committee Chairman Dick Durbin, Ranking Member Chuck Grassley, and former Members that included Vice President Kamala Harris and Florida Governor Ron DeSantis. PPSA’s motion for summary judgment filed before the U.S. District Court for the District of Columbia confronts the assertion by these multiple agencies that to even search for responsive documents would harm national security. PPSA’s motion notes that under FOIA, “agencies must acknowledge the existence of information responsive to a FOIA request and provide specific, non-conclusory justifications for withholding that information.” The agencies instead stonewalled this FOIA request by invoking the judge-created Glomar response, meant to be a rare exception to the general rule of disclosure, which allows the government to neither confirm nor deny the existence of such records. “Requiring Defendants here to perform FOIA searches within the secrecy of their own silos does not, by itself, compel the automatic disclosure of any information whatsoever," PPSA declares in its motion. “[B]ecause the initial step of conducting an inter-agency search makes no such disclosure, their arguments are neither logical nor plausible justifications for shirking their duty to perform an internal search.” The issue of government spying into the private, personal information of Members of Congress, tasked with oversight of these agencies, involve the serious potential for executive intimidation of the legislative branch. The ODNI recently declassified an internal document noting that commercially available information can be used to “facilitate blackmail, stalking, harassment, and public shaming.” “The government doesn’t even want to entertain our question,” said Gene Schaerr, PPSA general counsel. “What do they have to hide?” PPSA previously commented on a New York Times scoop in April that revealed a contractor for the U.S. government had purchased and used a spy tool from NSO, the Israeli firm that developed and released Pegasus software into the wild – which can turn smartphones into pervasive surveillance tools.
The White House was surprised that its own government did business with NSO a few days after the administration had put that firm on the no-business “Entity List.” NSO was placed on this blacklist because its products, the U.S. Commerce Department declared, “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.” Understandably upset, the White House tasked the FBI to sleuth out who in the government might have violated the blacklist and used the software. Mark Mazzetti, Ronen Bergman, and Adam Goldman of The Times report that months later the FBI has come back with a definitive identification of this administration’s scofflaw. The FBI followed the breadcrumbs and discovered, you guessed it, that it was the FBI. Fortunately, the FBI did not purchase the “zero-day” spyware Pegasus, but another spy tool called Landmark, which pings the cellphones of suspects to track their movements. The FBI says it used the tool to hunt fugitives in Mexico. It also claims that the middleman, Riva Networks of New Jersey, had misled the FBI about the origins of Landmark. Director Christopher Wray discontinued this contract when it came to light. Meanwhile, The Times reports that two sources revealed that contrary to the FBI’s assertions, cellphone numbers were targeted in Mexico in 2021, 2022, and into 2023, far longer than the FBI says Landmark was used. We should not overlook the benefits of such FBI investigations. In fact, PPSA has a tip to offer. We suggest that the FBI track down the government bureau that has been routinely violating the U.S. Constitution by conducting backdoor searches with FISA Section 702 material, as well as warrantlessly surveilling Americans purchased data. More to follow. With perfect timing, Judge Christopher Cooper of the U.S. District Court in DC provided the U.S. Senate today with ample to reason to follow the example of the House and pass the PRESS Act. The judge seeks to compel CBS News senior correspondent Catherine Herridge to reveal her confidential source or sources for a news series she published when she was a journalist at Fox News.
Confidentiality is the lifeblood of a free press. From Watergate to Harvey Weinstein, confidential sources have helped journalists bring to light malfeasance and hidden crimes that otherwise would have continued. And a strong reporting culture is a counter to the growing surveillance state enabled by technology. That is why in September 2022, the House unanimously passed the bipartisan Protect Reporters from Exploitive State Spying, or PRESS Act – and why the House Judiciary Committee unanimously approved it again on July 19 of this year. This measure would bring the federal government up to speed with 49 states by shielding reporters from choosing between jail or ratting out whistleblowers and sources as ordered by a federal judge or prosecutor. The PRESS Act is reasonable legislation, allowing for exceptions in extreme cases. PPSA has long admired Catherine Herridge’s impartial and fearless reporting. We support her and all journalists who face these dilemmas. This is all the more reason why the House should again pass this bill and the U.S. Senate should take up the PRESS Act when Congress returns after August recess. July was a banner month for surveillance reform. For years, civil libertarians have warned about the widespread practice of third-party data brokers selling Americans’ most sensitive and private information, scraped from our apps, to more than a dozen federal intelligence and law enforcement agencies, including the FBI, Drug Enforcement Administration, and the many agencies of the Department of Homeland Security.
The public is alarmed. Lawmakers in both parties are beginning to take effective action. In July, the House Judiciary Committee unanimously passed The Fourth Amendment Is Not for Sale Act, which would restrict the ability of government agencies to warrantless extract Americans’ personal information from data purchases. Sen. Ron Wyden (D-OR) is reintroducing this measure in the Senate. If the will of the Congress wasn’t clear enough, also in July the House passed an amendment sponsored by Rep. Warren Davidson (R-OH) and Sara Jacobs (D-CA) to the National Defense Authorization Act that expressly prohibits half of the intelligence community, including the NSA and the Defense Intelligence Agency, from purchasing our data at all, absent a warrant, court order, or subpoena. Supporters of similar reforms range from the conservative Chairman of the House Judiciary Committee, Jim Jordan, to the liberal Ranking Member and former Chairman, Jerry Nadler. A passion for surveillance reform brings together respected members from Rep. Thomas Massie (R-KY) to Rep. Zoe Lofgren (D-CA), from Sen. Wyden to Sen. Mike Lee (R-UT). It might seem, then, that surveillance reform is now a slam-dunk certainty. It isn’t. Consider the fate of Lee-Leahy, a bill that would have imposed the rather modest goal of requiring the judges of the Foreign Intelligence Surveillance Act (FISA) court to seek the advice of civil liberties experts in cases that involve significant civil rights concerns when political, religious, or journalistic groups are surveilled and investigated. That measure passed the Senate in 2020 by an overwhelming 77 votes. Then, through a process of legislative confusion and the Trump Administration’s policy contortions, this modest and popular bill sailed into the round file like a paper airplane. The Davidson-Jacobs Amendment and The Fourth Amendment Is Not For Sale Act risk dying in a far less dramatic way than Lee-Leahy did. All the elected champions of the surveillance state have to do is let these measures die in the darkness of a committee room or the Senate calendar. More good legislation has been killed by benign neglect than by explicit filibusters. Any American who cares about privacy and civil liberties must draw two conclusions from this realization. First, now more than ever, civil libertarians need to ramp up the activity. Members of Congress must know that this year we won’t settle for feel-good, symbolic votes. The Fourth Amendment Is Not For Sale Act must get a floor vote in the Senate. Second, civil libertarians must continue to insist that FISA’s Section 702, an authority under which the government surveils foreigners, must be reformed so that it cannot continue to be used by the FBI and other agencies as a domestic surveillance tool. This reform must necessarily include closing the legal loophole that allows the government to buy our personal information and thumb through it, all without a warrant. As Kenny Loggins sang so long ago, “this is it!” Our back is to the corner. Join the efforts of the civil liberties community by clicking here to stand up and fight! One of the frustrations – there are many – of trying to pry answers about surveillance policy from federal agencies with Freedom of Information Act (FOIA) requests are the heavy redactions to responsive documents that protect “sources and methods.”
No one wants to blow a technique by which government intelligence and law enforcement agencies track bad guys. And no one wants an undercover agent or a confidential informant to wind up tied to a chair in dank basement because their cover was blown. And so when redactions come back with heavy ink, we are supposed to trust that the government has good reasons for holding back that information. According to an Executive Order issued by President Obama, EO 13526, information cannot be classified by the government to merely spare an agency embarrassment. Enter Paul Sperry of RealClear Investigations, who brings to light a new twist in a saga that we thought had been thoroughly explored – the problems with the FBI’s four applications to surveil Trump campaign advisor Carter Page in 2016 and 2017. Sperry reports that redactions in a “Classified Appendix” to Special Counsel John Durham’s final report have nothing to do with sources and methods. It concerns an FBI request to the secret FISA Court to allow the Bureau to continue spying on Carter Page in early 2017. The FBI indicated that it had verified a rumor that Page had worked with the Kremlin to swing the recent election in Trump’s favor. When the black ink is stripped away, Sperry reports, what did the redactions hide? They disguised the fact that the FBI took this investigative lead from a news story in The Washington Post, which the newspaper later retracted after determining it to be false. So that’s the FBI’s “source and method” deemed so sensitive that it had to be hidden from the public? It was a subscription to The Washington Post. Who knows what other embarrassments government hides with its redactions. When all else fails, the government can simply refuse to respond at all by issuing a Glomar response. This is a court-created doctrine that came out of a super-secret CIA project to refloat a sunken Soviet submarine. Ever since, the Glomar response has been used to protect information so sensitive that the government is allowed to neither confirm nor deny… anything. So forgive us if we’re jaded enough to believe that much of the black ink and Glomar responses are just the government protecting its own backside. The unanimous passage of the Fourth Amendment Is Not for Sale Act by the House Judiciary Committee, as well as the expiration of Section 702 of the Foreign Intelligence Surveillance Act, is spurring the National Security Agency into a furious lobbying campaign of the public and Congress to stop surveillance reform.
NSA lobbyists argue that it would be hobbled by the House measure, which would require agencies to obtain a probable cause warrant before purchasing Americans’ private data. Former intelligence community leaders are also making public statements, arguing that passage of Section 702 of the Foreign Intelligence Surveillance Act (FISA) with any meaningful changes or reforms would simply be too dangerous. George Croner, former NSA lawyer, is one of the most active advocates of the government’s “nothing to see here, folks” position. In March, Croner portrayed proposals for a full warrant requirement as a new and radical idea. He quoted two writers that concern over warrantless, backdoor searches is a concern of “panicky civil libertarians” and right-wing conspiracy theorists. In a piece this week, Croner co-authored a broadside against the ACLU’s analysis of the NSA’s and FBI’s mass surveillance. For example, Croner asserts that civil liberties critics are severely undercounting great progress the FBI has made in in reducing U.S. person queries, a process in which agents use the names, addresses, or telephone numbers of Americans to extract their private communications. Croner celebrates a 96 percent reduction in such queries in 2022 as a result of process improvements within the FBI. But, to paraphrase the late, great Henny Youngman, 96 percent of what? Ninety-six percent of a trillion data points? A quadrillion? The government’s numbers are murky and ever-changing, but the remaining amount appears, at the very least if you take these numbers at face value, to constitute well over 200,000 warrantless searches of Americans. Elizabeth Goitein of the Brennan Center for Justice, who has placed her third installment in a series on Section 702 in the online outlet Just Security – a masterclass on that program and why it must be reformed – has her own responses to Croner. While Croner portrays a warrant requirement for reviewing Americans’ data as a dangerous proposal, Goitein sees such a requirement as way to curb “backdoor searches,” and return to the guarantees of the Fourth Amendment. Goitein writes: “For nearly a decade, advocates, experts, and lawmakers have coalesced around a backdoor search solution that would require a warrant for all U.S. person queries conducted by any U.S. agency. Indeed, some broadly supported proposals have gone even further and restricted the type of information the government could obtain even with a warrant.” She describes a Review Group on Intelligence and Communications Technologies that included many, like former CIA acting director Michael J. Morrell, who are anything but panicky civil libertarians. This group nevertheless found it responsible to recommend warrants “based on probable cause” before surveilling a United States person. Other supporters of probable cause warrants range from Rep. Thomas Massie (R-KY) and Zoe Lofgren (D-CA), to Sens. Dianne Feinstein (D-CA), Mike Lee (R-UT), and former Sen. Kamala Harris (D-CA). They all saw what Goitein describes: “Without such a measure, Section 702 will continue to serve as an end-run around the protections of the Fourth Amendment and FISA, and the worst abuses of the power to conduct U.S. queries will continue.” We eagerly await ACLU’s response to Croner’s critique. Such debates, online and perhaps in person, are the only way to winnow out who is being candid and who is being too clever by half. It is a healthy development for intelligence and civil libertarian communities to debate their clashing views before the American people and the Congress rather than leave the whole discussion to secret briefings on Capitol Hill. Does the Fifth Amendment privilege against self-incrimination prevent the government from forcing a defendant to unlock their cellphone? That’s the question at issue in People v. Sneed, a recent case brought before the Illinois Supreme Court, which found in favor of the state.
This ruling is a blow to Fifth Amendment protections in the digital age and an interpretation that cannot be sustained if we are to properly extend constitutional protections to ever-evolving technology. In an amicus brief before the court, the American Civil Liberties Union aptly laid out the arguments against compelling passwords from the accused. Fifth Amendment protections against self-incrimination, they point out, derive from the founders’ fears of an American “Star Chamber,” the English judicial body that became synonymous with oppressive interrogation tactics and a lack of due process. Drawing on this foundation, the American legal system has largely supported the notion that “the State cannot compel a suspect to assist in his own prosecution through recall and use of information that exists only in his mind.” To do so would impose a “cruel trilemma” on a defendant who would face an impossible choice: perjury, self-incrimination, or contempt of court. As the ACLU points out, numerous high courts (including Indiana and Pennsylvania) have found that password disclosure constitutes testimony because it draws from “the contents of one’s mind.” Yet courts in New Jersey and Massachusetts have sided with Illinois, presenting a significant conflict of law in the ongoing effort to adapt constitutional precepts to our changing society. In finding for the state and forcing the defendant, Sneed, to unlock his cellphone, the Illinois Supreme Court drew on a somewhat obscure legal exception to the Fifth Amendment right against self-incriminating testimony known as the “foregone conclusion” doctrine. That exception, which the Supreme Court of the United States has applied only once before, holds that producing a password is not testimonial when the government can show, with reasonable particularity, that it already has knowledge of the evidence it seeks, that the evidence was under control of the defendant, and that the evidence is authentic. The idea is that the act of producing a password has little testimonial value in and of itself. The court misapplied that doctrine here, placing the focus on the password rather than the contents of Sneed’s cellphone. The court drew on precedents that probable cause justifies the intrusion: “Any information that may be found on the phone after it is unlocked is irrelevant, and we conclude that the proper focus is on the passcode.” But probable cause does not constitute evidentiary certainty. And, in applying its analysis to passcodes rather than the contents of a safe or lockbox or cellphone, the court ignores that the Supreme Court of the United States’ use of this exception in Fisher v. United States (1976) depended on a specific, narrow set of facts. There, the analysis focused on the production of business documents already proven to exist – not on a passcode. Allowing the “foregone conclusion” exception to apply to testimonial production of cellphone passwords opens the door to forcible government snooping across the vast scope of our digital lives. Gaining access to someone’s cellphone can reveal anything and everything about that person – including the most intimate details of a life. As the ACLU put it: “Locked phones and laptops may impose obstacles to law enforcement in particular cases. So do window shades. It is sometimes true that constitutional protections interfere with law enforcement investigations.” Until the Supreme Court of the United States resolves this issue, our Fifth Amendment rights in the digital age remain in doubt. On Friday, the ACLU fired a full salvo at the FBI after the Office of the Director of National Intelligence released two court opinions that detail blatant violations of Americans’ privacy, including a sitting state court judge. The opinions come from the Foreign Intelligence Surveillance Court and describe how the entire national intelligence community, not just the FBI, performed numerous violations of legal requirements and court-ordered rules intended to protect Americans’ privacy.
The FISC writes that the FBI repeatedly engaged in prohibited searches of Section 702 databases for information pertaining to unsuspected targets. The opinions also demonstrate the evolving uses of Section 702: the NSA is reportedly using its Section 702 powers “to conduct routine, suspicionless searches of people overseas who are applying for immigration benefits or seeking to travel to the United States.” The FISC notes the unprecedented nature of this kind of use for Section 702. The data of millions of Americans who are in contact with people seeking to come to the United States will surely be swept up by this new trend. Patrick Toomey, former U.S. Senator and Deputy Director of the American Civil Liberties Union’s National Security Project, said that “These disturbing new revelations show how Section 702 surveillance, a spy program the government claims is focused on foreign adversaries, is routinely used against Americans, immigrants, and people who are not accused of any wrongdoing.” PPSA is astonished by the revelations disclosed by these two FISC opinions. The latitude for abuse of surveillance powers has only grown. Meanwhile, more and more Americans are being caught in the crossfire. Congress must act now to secure the privacy rights of Americans everywhere. On Friday, the Office of the Director of National Intelligence released a Foreign Intelligence Surveillance Court opinion that details blatant violations of Americans’ privacy. Most distressingly, high-profile American political leaders were among the targets surveilled by the FBI. The heavily redacted opinion released on Friday reveals that the FBI attempted improper searches of the communications of a United States Senator, a state senator, and a judge who complained about civil rights violations by local police.
If that sounds beyond the pale, the National Security Division (NSD) of the United States Department of Justice thought so, too. In the former case, the NSD determined that the “querying standard” used by the FBI to obtain foreign intelligence information was not met. In the latter case, it’s a little more opaque. Last October, the FBI used the anonymous Judge’s social security number to search the Section 702 database. The Judge "had complained to FBI about alleged civil rights violations perpetrated by a municipal chief of police.” The National Security Division’s review stated that this search was also illicit. While the U.S. Senator has been notified about the improper search, the state Senator and the state Judge have not. It is clear is that a continued pattern of government abuse persists when it comes to Section 702 of the Foreign Intelligence Surveillance Act. Although the FISC states that, “there is reason to believe that the FBI has been doing a better job in applying the querying standard,” the anonymous judge also admits that “[t]he prevalence of non-compliant queries conducted by the FBI, and particularly of broad queries that were not reasonably likely to return foreign intelligence information or evidence of crime, has been a major focus of concern….” Indeed it has been. In fact, the same court found in 2018 that there was a “deficiency in the FBI’s querying and minimization procedures” based on “large-scale, suspicionless queries….” The Court found that the FBI’s implementation of remedial measures has improved the Bureau’s compliance with Section 702’s specificity requirements. But they make sure to soften that finding with a disclaimer: “NSD devotes substantial resources to its oversight efforts, but still can examine only a fraction of total FBI queries. It is therefore possible that serious violations of the querying standard have so far gone undetected.” The FBI has a long track record of repeatedly misusing the Section 702 database, but to poll information on high-profile elected officials is a new level of abuse. These revelations come amid a push by the Biden administration to reauthorize Section 702 mere months before it expires at the end of this year. When federal authorities inappropriately attempt to spy on legislators – and even judges – we truly find ourselves with one foot off the merry-go-round. Congress must take this into account in the coming months. In late 2022, pursuant to its internal policy, Google informed two customers about law enforcement action taken against them by the Department of Justice five years prior. The customers in question: Republican staffers working for then-House Intelligence Committee Chairman Devin Nunes. According to contemporaneous reports, authorities subpoenaed addresses, screen names, telephone and payment records, and “all customer and subscriber account information” related to the two staffers. What’s more, as the Wall Street Journal editorial board recently pointed out, this was apparently done without informing Congress, as is typical practice.
One of the targeted staffers was Kash Patel, who at the time served as senior counsel to the House Intel Committee. Given the Committee’s focus at the time – looking into the origins of the FBI’s investigation of alleged collusion between the Trump campaign and Russia – some dot-connecting might well be warranted. What truly shocks the conscience, however, is that Justice would clandestinely spy on Congress in the first place. As the Wall Street Journal wrote, “If DOJ used its law enforcement tools to snoop on Mr. Nunes, that would be an abuse of power.” Now, House Judiciary Chairman Jim Jordan has issued a letter to FBI Director Christopher Wray demanding answers. All who care about data privacy – and the integrity of congressional authority – deserve them. A recent article by Dell Cameron at Wired reports on ongoing congressional efforts to close the federal loophole allowing police and intelligence authorities to collect sensitive personal data from United States citizens without a warrant, subpoena, or court order.
The Fourth Amendment Is Not For Sale Act, sponsored by Representative Warren Davidson with bipartisan support, would prevent government entities from purchasing Americans’ personal data without court authorization, dramatically restricting a practice that even the Director of National Intelligence admits has tremendous potential for abuse. The bill passed out of committee with flying colors following markup. In Wired, Cameron aptly explains the many controversies surrounding this issue, including the ongoing game of legal pretzel logic the government has used to justify its continued purchase of consumer data for law enforcement purposes. As the author points out, not only can the government access these data, so too can private companies and foreign actors. But, as PPSA Senior Policy Advisor Bob Goodlatte notes in the piece, it’s our own governing authorities with which we should be most concerned. Goodlatte said, “None of those other entities can arrest you, can charge you with a crime, try you, sentence you, imprison you, restrain you, enjoin you, fine you, tax you. All of those are powers of government, and any American should be concerned about the ease with which the federal government can gather information about people.” With the biggest privacy battle of the year yet to come in the form of reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, Fourth Amendment advocates can take comfort that these issues are getting the attention – and coverage – they deserve. From Left to Right and across the nation, trust in American governing institutions is at rock bottom. Just this week, the Wall Street Journal ran an opinion piece with some eye-catching stats. A recent poll conducted by NBC found that only 37% of the public holds a positive view of the FBI, down from 52% in 2018. Among Republicans, that number is 17%.
Though liberals may still hold a somewhat more positive view of one of the country’s most powerful agencies, the same cannot be said for the police. Increased scrutiny and distrust towards the police in the wake of George Floyd’s killing in 2020 have gutted the force’s ranks. Since 2020, over 1,000 cops have prematurely retired from the Los Angeles Police Department alone. In just New York, about 1,400 NYPD cops are expected to resign this year before reaching retirement age. Overall, there were 50% more resignations nationally last year than in 2019. Across the board, Americans are repulsed by the routine abuse of power. Is it any surprise, though, given the widespread feeling (backed by the FBI’s own data) that the FBI is all too happy to invade Americans’ security by spying on them, directly or indirectly? As the Office of the Director of National Intelligence revealed, the FBI conducted as many as 3.4 million searches of U.S. data in 2021. The Office of the Inspector General also released a report detailing “widespread non-compliance” with procedures and ethics rules. The WSJ article argues that social breakdown—violence, lawlessness, drug addiction, but also distrust in the “institutions that provide the bedrock of domestic tranquility”—begets only further repressive tactics such as a willingness to engage in and tolerate greater surveillance in the name of safety and security. Just look at El Salvador, where a sudden rise in the country’s homicide rate, making the country the murder capital of the world, was met with fierce state reprisals. El Salvador crushed its violent crime, but at what cost to constitutional and civil liberties? Only time will tell. The U.S. should avoid such a route for the reason that Americans’ distrust of governing institutions is due to the fact that they are being too heavy-handed, not that they are doing too little. Further invasions into privacy, crackdowns, and reprisals will only inflame the situation. Nor does adherence to constitutional procedures give way to higher crime and further social breakdown. The Fourth Amendment’s warrant requirement does not force us to sacrifice security where the need is genuine. It acts as a check against lazy assumptions and active abuse while also shining a harsh light on the exercise of the necessary but dangerous powers we hand to the government. Recognizing the need for effective policing is not incompatible with recognizing the need for checks on abuse or overzealousness. In fact, the two are inextricably interrelated. A country cannot have good policing where abuse is rampant. PPSA’s Gene Schaerr Appeals to Congress to Assert Its Authority to Protect Americans’ Privacy and the Fourth AmendmentEnd the “Game of Surveillance Whack-a-Mole" Gene Schaerr, PPSA general counsel, in testimony before a House subcommittee on Friday, urged Congress to assert its prerogative to interpret Americans’ privacy and Fourth Amendment rights against the federal government’s lawless surveillance.
Schaerr said the reauthorization of a major surveillance law this year is a priceless opportunity for Congress to enact many long-needed surveillance reforms. There is, Schaerr told the Members of the House Judiciary Subcommittee on Crime and Government Surveillance, no reason for Congress to defer on such a vital, national concern to the judiciary. Congress also needs to assert its authority with executive branch agencies, he said. For decades, when Congress reforms a surveillance law, federal agencies simply move on to other legal authorities or theories to develop new ways to violate Americans’ privacy in “a game of surveillance whack-a-mole.” Schaerr said: “As the People’s agents, you can stop this game of surveillance whack-a-mole. You can do that by asserting your constitutional authority against an executive branch that, under both parties, is too often overbearing – and against a judicial branch that too often gives the executive an undeserved benefit of the doubt. Please don’t let this once-in-a-generation opportunity slip away.” Schaerr was joined by other civil liberties experts who described the breadth of surveillance abuse by the federal government. Liza Goitein of the Brennan Center for Justice at NYU Law School said that FISA’s Section 702 – crafted by Congress to enable foreign surveillance – has instead become a “rich source of warrantless access to Americans’ communications.” She described a strange loophole in the law that allows our most sensitive and personal information to be sold to the government. The law prevents social media companies from selling Americans’ personal data to the government, but it does not preclude those same companies from selling Americans’ data to third-party data brokers – who in turn sell this personal information to the government. Federal agencies assert that no warrant is required when they freely delve into such purchased digital communications, location histories, and browsing records. Goitein called this nothing less than the “laundering” of Americans’ personal information by federal agencies looking to get around the law. “We’re a nation of chumps,” said famed legal scholar and commentator Jonathan Turley of the George Washington University Law School, for accepting “massive violations” of our privacy rights. He dismissed the FBI’s recent boasts that it had reduced the number of improper queries into Americans’ private information, likening that boast to “a bank robber saying we’re hitting smaller banks.” Many members on both sides of the aisle echoed the concerns raised by Schaerr and other witnesses during the testimony. Commentary from the committee indicates that Congress is receptive to privacy-oriented reforms. Gene Schaerr cautioned that Congress should pursue such a strategy of inserting strong reforms and guardrails into Section 702, rather than simply allowing this authority to lapse when it expires in December. Drawing on his experience as a White House counsel, Schaerr said the “executive branch loves a vacuum.” Without the statutory limits and reporting requirements of Section 702, the FBI and other government agencies would turn to other programs, such as purchased data and an executive order known as 12333, that operate in the shadows. Despite this parade of horribles, the hearing had a cheerful moment when it was interrupted by the announcement of a major reform coalition victory. The Davidson-Jacobs Amendment passed the House by a voice vote during a recess in the hearing, an announcement that drew cheers from witnesses and House Members alike. This measure would require agencies within the Department of Defense to get a probable cause warrant, court order, or subpoena to purchase personal information that in other circumstances would require such a warrant. Schaerr was optimistic that further reforms will come. He said: “Revulsion at unwarranted government surveillance runs deep in our DNA as a nation; indeed, it was one of the main factors that led to our revolt against British rule and, later, to our Bill of Rights. And today, based on a host of discussions with many civil liberties and other advocacy groups, I’m confident you will find wide support across the ideological spectrum for a broad surveillance reform bill that goes well beyond Section 702.” Earlier today the House Judiciary Committee voted to advance the Fourth Amendment Is Not For Sale Act out of committee by a 30-0 unanimous vote, with one abstention. PPSA applauds Chairman Jordan, Ranking Member Nadler, and the Members of the Committee for taking this important step to protect Americans’ privacy.
“Stopping the government from spying on Americans by buying their sensitive personal information from data brokers is a critical part of the government surveillance reforms Congress is working towards this year,” said Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee. “As Congress considers the reauthorization of Section 702 of FISA, it should hold strong to the principle that no surveillance authorities should be reauthorized without closing the data broker loophole. The Committee’s overwhelming, bipartisan, unanimous approval of the Fourth Amendment is Not For Sale Act sends a strong signal in that regard.” Our digital devices can tell everything about us – who we visit, what we like and believe, who we befriend, where we go, our medical concerns, and other personal information. The government is required by the Fourth Amendment of the U.S. Constitution to obtain a warrant before it can seize our personal information. But the government has found a workaround to the Constitution – law enforcement, intelligence, and other federal agencies spy on us by simply buying our personal information from shady data brokers. The Fourth Amendment Is Not for Sale Act will close this loophole and prevent the government from sidestepping our constitutional rights. House Judiciary Committee Passes Protect Reporters from Exploitative State Spying (PRESS) Act7/19/2023
PPSA is pleased that the House Judiciary Committee reported H.R. 4250, the Protect Reporters from Exploitative State Spying (PRESS) Act, to the full House by a unanimous 23-0 vote.
Many reporters have had their records seized by federal prosecutors, sometimes by secret orders to cloud computing companies. This bill, long supported by PPSA and civil liberties sister organizations, would protect journalists and their sources by granting a privilege to shield confidential news sources in federal legal proceedings. It contains reasonable exceptions in cases where application of the privilege could result in serious harm. Former Rep. Bob Goodlatte, who served as Chairman of the House Judiciary Committee and now as PPSA Senior Policy Advisor, said: “Journalism and the right to report on government actions must be better protected. We’ve all seen law enforcement officials under multiple recent administrations issue secret orders to surveil the private communications of journalists. Their freedom to report on government misdeeds is critical to maintaining a free society, and I encourage the broader House of Representatives to swiftly approve this legislation, as they have in the past.” PPSA would like to extend its gratitude to Reps. Kiley and Raskin for their leadership in introducing the bill, as well as to Chairman Jordan and Ranking Member Nadler for their support in moving it through committee. The PRESS Act’s passage is the result of overwhelming bipartisan support for freedom of the press guaranteed by the First Amendment of the Constitution, as well as support for our Fourth Amendment right to privacy. We hope the full House will take up and pass this important legislation soon. In 2020, the Foreign Intelligence Surveillance Court (FISC), embarrassed by the many lapses uncovered by Department of Justice Inspector General Michael Horowitz, ordered the FBI to take steps to ensure greater consistency and accuracy in its Foreign Intelligence Surveillance Act (FISA) applications. How have the Bureau’s efforts progressed? As we reported in September of that year, the FBI was developing a new system, known as “the Bridge,” that would increase collaboration within the FBI, as well as between the FBI and the DOJ Office of Intelligence, to improve compliance with the law on surveillance. The Bridge will automatically cross-reference new data with existing data in FBI’s current case-management system, Sentinel.
The Bridge was slated to be completed around the end of 2021. Two years later, the Bridge is reportedly nearing completion and will finally be ready by the end of this year. The FISA Court ordered the FBI to provide quarterly updates about the status of the Bridge’s development. Now, PPSA has learned from documents supplied in response to Freedom of Information Act requests that the FBI has decided that it no longer wants to provide the court with updates on the development of its technology. The FBI recently delivered a motion for relief to the court to be relieved from having to submit these two-page reports. Instead, the FBI wants to notify the court whenever “the Bridge has completed its long-term testing and has been fully implemented,” or when “there are any substantive updates to report.” This mode of reporting is not a good sign for the court’s imposition of an oversight obligation on the FBI, allowing the Bureau to decide when and how it wants to comply with the FISA Court. Thus, a quarterly two-page report constitutes an unbearable onus for the FBI. When the Bridge is already years late and the FBI has a track record of failing to hold itself accountable, can we really trust the agency to do its due diligence without renewed oversight? Last month, we wrote about a surprisingly frank report from the Office of the Director of National Intelligence admitting the government’s increasing role in utilizing Commercially Available Information about United States citizens for investigative purposes. Despite the Supreme Court’s ruling in Carpenter v. United States, which held that a warrant is required before the government can seize location history from cell-site records, the report candidly reveals that the bulk collection of Americans’ private data continues unabated. Now, the Commonwealth of Massachusetts is taking steps to ban the purchase and sale of location data altogether. It’s a blunt solution to a complex issue, and a bellwether for where this debate might be headed.
“Location data” refers to information about the geographic locations of mobile devices like smartphones or tablets. When collected, this data can be used for relatively benign purposes like marketing – but also to identify the movements of individuals and discern their identities (a 2013 study found that only four spatio-temporal data points are required to identify someone in most circumstances). A host of companies collect this information, package it, and sell it to private actors like advertisers – and, increasingly, law enforcement agencies. The government can learn a lot about you based on your movements – and they know it. For example, the FBI has its own team dedicated to analyzing cell tower data. A growing number of states are now taking action to protect the digital privacy of their residents. Laws passed in California and Virginia require the affirmative consent of consumers before geolocation data can be used for specified purposes. The European Union has gone further, prohibiting the use of sensitive data by default unless a company can demonstrate that its use falls under a specifically enumerated exemption. In the United States, Massachusetts’ Location Shield Act (H.357|S.148) is by far the most comprehensive effort yet to protect our data from unwarranted (or warrantless) snooping. The bill’s drafters couch it within a social policy framework; it’s described as “An Act protecting reproductive health access, LGBTQ lives, religious liberty, and freedom of movement by banning the sale of cell phone location information.” Such concerns are not unfounded. As the ACLU writes, “In the aftermath of the Supreme Court’s Dobbs decision…journalists found that data brokers have continued to buy, repackage and sell the location information of people visiting sensitive locations including abortion clinics. This puts people who seek or provide care in our state at risk of prosecution and harassment, creating a vulnerability in our state’s post-Roe protections.” Beyond addressing those concerns, however, the bill does a lot to broadly reinforce our Fourth Amendment rights against unreasonable searches and seizures, implementing a warrant requirement for any law enforcement access to location data. Such restrictions would clear away some of the murk surrounding this issue in the wake of the Carpenter case, which required a warrant when accessing location data from phone companies, but which holds limited relevance when such data are readily available for commercial purchase. (Obviously, the same legal reasoning should apply.) Americans are waking up to the dangers of the $16 billion data brokerage industry. In Massachusetts, 92% of survey respondents said the government should enshrine stronger protections for consumer data – all the way back in 2017. Whether this bill makes it over the finish line or not, it’s a clear sign that Americans want comprehensive data privacy reform. And Massachusetts’ solution is one we’ll readily share. |
Categories
All
|