Defenders of the surveillance status quo argue that the FBI and other agencies must be allowed to perform warrantless “defensive surveillance” of Americans’ communications to defend us against foreign cyberattacks. Civil libertarians respond that there is no “defensive exception” in the Fourth Amendment of the U.S. Constitution, which requires probable cause warrants before our communications can be monitored.
 
Left out of this debate, until now, is the practical effect of removing warrantless defensive surveillance. Do actual cyber experts agree that it would be a disaster?
 
Now, thanks to Tim Starks of The Washington Post, we know the answer to that question. The Post conducted a survey of “a group of high-level digital security experts from across government, the private sector and security research community.”
 
That survey asked these experts what Congress should do about Section 702 of the Foreign Intelligence Surveillance Act, the authority that enables the surveillance of foreigners on foreign soil, but which federal agencies have used to eavesdrop on Americans’ communications without a warrant. They asked:
 
Should Congress not reauthorize Section 702 this year, allowing this authority to expire? Or reauthorize it without changes? Or make changes to the law as the price of reauthorization?
 
Only 16 percent of respondents said that privacy violations under Section 702 justify scrapping the authority entirely. These respondents include the highly respected Sascha Meinrath of The X-Lab think tank.
 
“Antiquated frameworks like Section 702 have led to rampant unconstitutional surveillance of millions of innocent Americans,” The Post quoted Meinrath. “Section 702 does not function as intended and needs to be sunset in favor of a completely new surveillance-oversight framework that ensures meaningful transparency to Congress and individual accountability for violating the law.”
 
An opposite view comes from the leaders of federal law enforcement and intelligence agencies that Section 702 should be reauthorized without any changes. Only 20 percent of the cyber experts agreed with this position.
 
The rest – 64 percent – responded that Section 702 should be reauthorized with some changes. Some worried that the current form of Section 702 could gum up U.S. negotiations with the EU to secure a data privacy agreement. But many respondents advocate adding a warrant requirement when querying Americans’ communications.
 
Imagine that: requiring a federal statute to adhere to the Fourth Amendment of the U.S. Constitution. More than six out of ten cyber experts agree!

A bipartisan letter from eight U.S. senators to the Chief Postal Inspector brings to light the extent to which the U.S. government is spying on us through our mail. Digital scanning, and no doubt AI, have revived the relevance of pen and paper privacy concerns that led the Founders to craft the Fourth Amendment.
 
This surveillance involves “metadata,” a record of communications that typically refers to digital communications in the form of emails, instant messaging, and phone calls. Without delving into the content of a message, metadata can yield a surprisingly robust portrait of a target’s most sensitive and personal information. A Stanford University study of the phone records of 800 volunteers revealed who had an abortion, who was diagnosed with a neurological ailment, and who had purchased a firearm.
 
Courts recognize this power of metadata in the digital realm, requiring a judicial order before a government agency can monitor Americans’ metadata (although, like many such rules, it is sometimes more honored in the breach). But no such rules restrict the government from taking vast numbers of images of mail envelopes.
 
Such images are called “mail covers.” No court order is required for a federal agent to obtain your mail covers, just a request in writing to the U.S. Postal Inspection Service. Postal inspectors and law enforcement agencies had requested more than 135,000 mail covers between 2010-2014. There is no telling how many they request today.
 
Government audits reveal that the top agencies asking for mail covers were the IRS, the FBI, the Drug Enforcement Administration, and the Department of Homeland Security. This is a well-worn path. As the senators note, Thomas Jefferson, worried about “the infidelities of the post office,” had worked out early encryption technology for his correspondence with James Madison. The senators added: “While encryption technology has come a long way since then, and is now built into widely used mobile messaging apps, postal communications remain just as vulnerable to warrantless surveillance as they were in the 1700s.”
 
There are more modern examples of mass abuse of postal privacy. The Senate’s Church Committee revealed in 1976 that the CIA had photographed the exteriors of over two million pieces of mail and opened hundreds of thousands of letters. The FBI’s mass surveillance of the mail goes back to the 1940s.
 
PPSA supports the demand of these senators to harmonize the rules that govern postal metadata with those that govern digital metadata. We support their call to postal authorities that they “should, except in emergencies, only conduct mail covers when a federal judge has approved this surveillance.”
 
Meanwhile, be careful what you scribble on the back of an envelope.

Some champions of the reauthorization of Section 702 without changes have tried to spin proposed reforms of this authority to be a hobbyhorse of conservatives angered about the FBI’s baseless investigation of Trump campaign aide Carter Page.
 
But liberals and progressives are also becoming equally passionate about “reform or die.”
 
Late last week we reported that the FBI used Section 702 to conduct warrantless and illicit searches of Americans 278,000 times – and that some of the victims of these warrantless searches were protestors angered by the killing of George Floyd.
 
We quoted House Judiciary Chairman Jim Jordan (R-OH) and Ranking Member Jerry Nadler (D-NY) about their outrage over this revelation from an unsealed court document. Rep. Nadler noted that the FBI has repeatedly broken its promises, declaring: “Without significant changes to the law to prevent this abuse, I will oppose the reauthorization of this authority.”
 
Now the Chairman of the Senate Judiciary Committee, Sen. Dick Durbin (D-Ill), has weighed in. He tweeted:
 
Section 702 of FISA exists to protect America from foreign threats.
 
Instead, it has been abused again and again to spy on Americans.
 
This authority should not be renewed without significant reforms to safeguard Americans’ privacy and constitutional rights.
 
How direct – how simple – how inarguable.
 
When the chairmen of both the House and Senate Judiciary Committees, and the Ranking Member of the House Committee, insist on reform or nothing, surveillance hawks on the Hill would be wise to prepare for major concessions. The first of them should be to include a warrant requirement whenever an American’s 702 information is surveilled.

The FBI just completed one of the worst weeks in its history.
 
On Monday, Special Counsel John Durham came out with a detailed and scathing report that showed unmistakable bias by the FBI in using discredited allegations, paid for by a political campaign, to hoodwink the secret Foreign Intelligence Surveillance Court into allowing the agency to investigate presidential candidate Donald Trump. While the Durham report has been generally dismissed by major media and most on the left (with some notable exceptions), Republicans are hopping mad.
 
Now an unsealed court document shows that the FBI illicitly used Section 702 of FISA more than 278,000 times to delve into data meant to authorize the surveillance of foreigners on foreign soil – and Americans who “incidentally” get caught up in communications with those targeted foreigners.
 
Who were the FBI’s targets? They included activists arrested protesting the police killing of George Floyd. The FBI freely dipped into Section 702 to search the communications and digital trails of 133 people – presumably all Americans – for George Floyd-related demonstrations. Redactions make it unclear what, if any, nexus to foreign influence the FBI was looking for.
 
But wait, as they say in the ShamWow commercial, there’s more!
 
This same authority was used to run queries on 23,132 Americans to see if their presence at the Jan. 6, 2021, U.S. Capitol riot had any connection to foreign influence. The release from FISA Court Judge Rudolph Contreras stated that there was no reason to believe foreign powers were involved.
 
Still more!
 
The FBI conducted 656 queries of FISA information to do background checks on informants. Between 2016 and 2020, the FBI also used this foreign intelligence authority to conduct background searches on “police homicide reports, including victims, next-of-kin, witnesses, and suspects.”
 
Remember, this is an authority designed by Congress to catch foreign terrorists and spies.
 
Finally, the FBI conducted a batch query of 19,000 donors to a congressional campaign believed to be a target of foreign influence. Only eight identifiers had sufficient ties to “foreign influence activities” to meet FISA standards.
 
While expressing relief at recent procedural changes at the FBI, Judge Contreras wrote: “Nonetheless, compliance problems with querying of Section 702 information have proven to be persistent and widespread. If they are not substantially mitigated by these recent measures, it may become necessary to consider other responses, such as substantially limiting the number of FBI personnel with access to unminimized Section 702 information.”
 
Or Congress could just reform Section 702 to require warrants whenever the communications of Americans are searched. Alienated conservatives, progressives and civil libertarians, and their champions on the Hill now have more than enough reason to make it happen.
 
Jim Jordan (R-OH), Chairman of the House Judiciary Committee, tweeted in response to this Friday afternoon revelation: “Chris Wray told us we can sleep well at night because of the FBI’s so-called FISA reforms. But it just keeps getting worse.”
 
Ranking Member Rep. Jerry Nadler (D-NY) put out a statement: “The FBI says that they have instituted new procedures to make this kind of abuse impossible. They have made that promise before. Without significant changes to the law to prevent this abuse, I will oppose the reauthorization of this authority.”
 
It looks like the stars are aligning for Section 702 reform this year.

DNA technology has become so refined that, according to the New York Times, scientists can now conjure your identity and wanderings out of thin air.
 
In their quest to monitor animal species in nature, wildlife researchers have accidentally stumbled upon the ability to decode a person’s DNA found floating in the air, or lingering in water, snow, or practically anywhere you’ve been. The technology is so precise that scientists could recover medical and ancestry information from minute fragments you left behind while sitting in a park. The wind really does cry Mary, and all her relatives too.
 
This discovery is another technological accelerant of comprehensive surveillance. Authoritarian states could use this technology to locate downstream traces of repressed ethnic minorities, like Uighurs in China. Healthcare and biotech firms could trace genetic diseases to specific individuals and preemptively deny healthcare coverage or advertise treatments before that person would even know they have a vulnerability. Police could end up using this untested technology to mistakenly convict someone with DNA evidence, for which there are few legal protections, and from which there are minimal legal remedies.
 
Erin Murphy, a professor at New York University School of Law who specializes in the use of new technologies in the criminal legal system, is worried about the surveillance potential of this technology. She told The Times that the state of privacy protections is “a total wild west, a free for all… The understanding is police can sort of do whatever they want unless it’s explicitly prohibited.”
 
The history of forensic data use by authorities does not instill comfort. According to another NYT article, more than 150 men and women in America were exonerated in 2018 – just one year – because forensic experts exaggerated statistical claims to bolster unscientific assertions. While DNA matching is very reliable, it is not clear that trace amounts taken from the environment would equal that high degree of certainty. Despite the uncertainty about these technologies, “courts are still reluctant not to allow it or to overturn a case” because of the long precedent of their use, said Aliza Kaplan, a professor at Lewis & Clark Law School.
 
The problem is that, since the early 2000s, courts have held that a warrant is unnecessary for DNA that is not still attached to a person. As a result, the Fourth Amendment’s prohibition of “unreasonable search and seizure” without probable cause flies out the window the moment your DNA leaves your body. But given that DNA technology can now be used to sequence a person’s entire genome instantly and provide nuanced biological information, DNA can share a library full of your private information with third parties.
 
This is just another example of the widening capability of the surveillance state, from facial recognition, to our digital traces being purchased, to now actual traces of us in the environment. It is clear that privacy law has not kept pace with the rapid scientific developments of the last few decades, to the detriment of Americans. Congress must take steps to improve privacy of Americans’ data, including that taken from our very selves.

Most everyone has heard of Breonna Taylor, the 26-year-old emergency technician in Louisville, Kentucky, who was gunned down by police after a no-knock warrant was mistakenly executed at her apartment. But have you heard of Dennis Tuttle and Rhogena Nicholas?
 
This married couple were napping at home in east Houston on the evening of Jan. 19, 2019, when the Houston Police Department’s Narcotics Division burst through their front door. An officer immediately fired a shotgun, killing their dog. Dennis Tuttle reached for a revolver and fired at the intruders. “Once the homeowners thought that their doors were being kicked down by home invaders, they started firing, and the police responded in kind,” Rep. Gene Wu (D-Houston) told Houston Public Media.
 
Nicholas, 58, was shot twice. Tuttle, a 59-year-old Navy vet, was shot nine times. Both died at the scene. Four police officers were wounded, one paralyzed. Many observers strongly dispute the official contention that none of the officers’ injuries came from friendly fire. The veteran narcotics officer who obtained the no-knock warrant from a municipal court judge was later found to have lied. He said that the couple had been selling “black tar” heroin, a fact he had learned from a confidential informant. But there was no heroin or even a confidential informant. That officer, Gerald Goines, was hit with multiple federal and state charges, including two murder charges.
 
No-knock warrants are allowed by courts when there is an overwhelming threat of violence or destruction of evidence. Like many extraordinary law enforcement procedures – from the ability of the FBI to obtain Americans’ personal information from a surveillance program meant to catch foreign terrorists and spies, to “caretaker” entries by police into homes – the extraordinary no-knock warrant has become routine.
 
But at least in the case of no-knock warrants, states are beginning to restrict these procedures.
 
Rep. Gene Wu, a Democrat, introduced a bill in the Texas House of Representatives to require a chief of police or a designated supervisor to approve no-knock warrants. Officers carrying out the warrant would have to be in uniform or otherwise identifiable as police. Rep. Wu’s bill passed overwhelmingly in the House by a 104-33 margin, with strong Republican support. If the Texas Senate passes it and Gov. Greg Abbott signs it, Texas will become the fourth state after Florida, Oregon, and Virginia to restrict no-knock warrants.
 
In our many federal and state lawsuits, amicus briefs, and blogging, PPSA stresses that authorities must adhere to the Constitution’s Fourth Amendment requirement for a probable cause warrant to enter a home or surveil someone’s private information. But warrants are meaningless if the process is corrupted or judges act as rubber stamps.
 
The municipal judge in this case had routinely approved many such no-knock warrants. He had not, the judge told The Washington Post, reasoned that officer Goines was a liar. It turns out that Goines was a prolific liar. Texas authorities are now having to work through 14,000 cases touched by Goines to find innocent people railroaded by his false statements. So far, more than 160 cases have been dismissed. Some people serving prison sentences have been exonerated.
 
If Rep. Wu’s bill becomes law, it will tighten the requirements for a no-knock warrant. Municipal court judges who are not state-licensed attorneys will not be allowed to sign bench warrants for no-knocks.
 
We would add, however, that these same principles need to be applied to the highest levels of law enforcement, including the secret Foreign Intelligence Surveillance Court. A Department of Justice investigation revealed that the FBI lied by omission and commission to the judge of the secret court – and even submitted forged evidence – to secure a warrant to surveil an aide, Carter Page, in a presidential campaign and transition.
 
The warrants issued by the secret FISA court rarely, if ever, result in doors being knocked off their hinges. The existence of these warrants often never come to light, even to the targets of an investigation, yet they can be in their own way destructive to civil liberties.
 
If only a qualified judge should scrutinize a no-knock warrant for genuine evidence of an unmitigable danger, so too should a FISA judge have the advice and scrutiny afforded by civil liberties experts, or amici, in their secret proceedings.

​Credit to the Department of Justice for a voluminous response to our Freedom of Information Act (FOIA) request. Our request concerned the use of stingrays, or cell-site simulators, by that department and its agencies. Out of more than 1,000 pages in DOJ’s response, we’ve found a few gems. Perhaps you can find your own.
 
Review our digest of this document here, and the source document here.
 
The original FOIA request concerned DOJ policies on cell-site simulators, commonly known by the commercial brand name “stingrays.” These devices mimic cell towers to extract location and other highly personal information from your smartphone.
 
The DOJ FOIA response shows that the FBI in 2021 invested $16.1 million in these cell-site simulators (p. 209) in part to ensure they “are capable of operating against evolving wireless communications.” The bureau also asked for $13 million for “communications intercept resources.” This includes support for the Sensitive Investigations Unit’s work in El Salvador (p. 111).
 
On the policy side, we’ve reported that some federal agencies, such as the Bureau of Alcohol, Tobacco, Firearms and Explosives, maintain that stingrays are not GPS location identifiers for people with cellphones. This is technically true. Stingrays do not download location data or function as GPS locators. But this is too clever by half. Included in this release is an Obama-era statement by former Department of Justice official Sally Yates that undermines this federal claim by stating: “Law enforcement agents can use cell-site simulators to help locate cellular devices whose unique identifiers are known …” (p. 17)
 
This release gives an idea of how versatile stingrays have become. The U.S. Marshals Service (p. 977) reveals that it operates cell-site simulators and passive wireless collection sensors to specifically locate devices inside multi-dwelling buildings.
 
Other details sprinkled throughout this release concern other, more exotic forms of domestic surveillance.
 
For example, the U.S. Marshals Service Service has access to seven aircraft located around the country armed with “a unique combination of USMS ELSUR suite, high resolution video surveillance capability … proven to be the most successful law enforcement package” (p.881-883).
 
A surveillance software, “Dark HunTor,” exposes user data from Tor, the browser meant to make searches anonymous, as well as from dark web searches for information. (p. 105) In addition, the U.S. Marshals Service Service “has created the Open-Source Intelligence Unit (OSINT) to proactively review and research social media content. OSINT identifies threats and situations of concern that may be currently undetected through traditional investigative methods. Analyzing public discourse on social media, its spread (‘likes,’ comments, and shares), and the target audience, the USMS can effectively manage its resources appropriate to the identified threats.” (p. 931)
 
The DOJ release also includes details on biometric devices, from facial recognition software to other biometric identifiers, (p.353), as well as more than $10 million for “DNA Capability Expansion” (p.365).
 
Is that all? Feel free to look for yourself.

​Section 702 of the Foreign Intelligence Surveillance Act – the authority that allows the FBI and other agencies to review Americans’ communications “incidentally” collected in foreign surveillance – is set to expire Dec. 31. And the intelligence community and its champions on Capitol Hill are pulling out all the stops to ensure that reauthorization happens with little or no change.
 
Their message is that personal and national security will be at risk if we entertain any surveillance reforms. Otherwise, curtailing the federal government’s power to review our personal information opens the door to cybercriminals, human traffickers, and fentanyl dealers, while making us all stooges of the People’s Republic of China.
 
These smashmouth tactics show just how panicked the surveillance lobby is becoming. They can see that for the first time in almost a half-century an unprecedented coalition of conservatives and liberals have come together for surveillance reform. From Rep. Darin LaHood (R-IL), who leads the 702 working group in the House, to Rep. Jerry Nadler (D-NY), Ranking Member of the House Judiciary Committee, Members of Congress are concerned about the widespread potential for the FBI and other agencies to abuse Section 702 data. This authority was crafted by Congress to authorize foreign surveillance but is used by the FBI as a warrantless “backdoor search” of Americans.
 
“Under an authority as powerful as Section 702, even if the intelligence agencies are not targeting us directly, the government is sweeping up records of our banking, our meetings, our education, and our simplest human interactions,” Rep. Nadler said.
 
Rep. LaHood, who favors reauthorization and recently revealed that he himself was surveilled by the FBI, is adamant that a “clean” – or unamended – version of 702 is not acceptable.
 
Thus the emergence of this left-right coalition for Section 702 reform has the intelligence community in full lobbying mode. Officials who rarely appear in public are suddenly coming out of the shadows to make public statements and appearances.
 
For example, Tonya Ugoretz, assistant director of the FBI’s directorate of intelligence, spoke at a recent Aspen Institute conference. She addressed a proposal advanced by Travis LeBlanc, who sits on the watchdog Privacy and Civil Liberties Oversight Board, for a warrant requirement for Americans under Section 702. “In most instances, it would likely be impossible to meet the probable cause standard,” she said.
 
Poor Fourth Amendment, which has no cyber carveout for probable cause warrants. Yes, the Fourth Amendment is part of the U.S. Constitution. But it is just too unwieldy and inconvenient to be incorporated in some form or fashion into Section 702. Sorry.
 
Another strategy of the intelligence community and its Hill champions seems to be to go on the offensive with messaging bills. These bills are aimed at underscoring how much we need government regulation of encryption, social media, and surveillance to protect us from the vilest crimes and worst threats to our civilization.
 
For example, the Cooper Davis Act would require social media, private messaging services and cloud providers to report users’ discussions about illegal drug sales to the Drug Enforcement Administration, which would then be free to share it with other agencies. This bill is being sold as a counter to America’s out-of-control fentanyl and opioid epidemic.
 
The Electronic Frontier Foundation notes that Cooper Davis would “result in a host of inaccurate reports and in companies sweeping up innocent conversations, including conversations about past drug use or treatment.” We would add that DEA would likely be inundated with a lot of old Cheech & Chong routines. It is unlikely, however, that actual fentanyl dealers will get caught posting: “Hey, buy discount fentanyl here.”
 
Another example is the Restrict Act, which would grant the U.S. Secretary of Commerce sweeping powers to protect Americans from being exploited by China and other hostile nations. It is a study in overkill. It empowers the Secretary to “identify, deter, disrupt, prevent, prohibit, investigate, or otherwise mitigate” speech regarding “federal elections” and “national security.” If enacted into law, the Restrict Act would transform the Commerce Secretary into yet another surveillance authority and a national speech czar.
 
Yet another overkill bill is the EARN IT Act, which would impose criminal or civil liability on encryption services, holding that the mere use of encryption is evidence that a service is reckless or negligent in identifying child sexual abuse material. Forget that encryption is used by billions of people around the planet to protect their privacy. EARN IT would steamroll over the rights of millions of Americans who use encryption to protect themselves from cyberthieves, trolls, stalkers, and other threats, while arguably backfiring in actually protecting children by undermining prosecutions.
 
None of these bills is likely to pass. All of them underscore the argument of the intelligence community that any reform is too risky for children, national security, and health, as well as keeping us safe from China.
 
There are signs this rhetorical overkill is not working. Even Sen. Mark Warner (D-VA), who chairs the Senate Select Committee on Intelligence, is saying, “I’m open to reforms” of Section 702.
 
PPSA believes it is well within our country’s ability to do a better job of protecting children, defeating drug traffickers, and deterring China without resorting to warrantless surveillance of Americans. With sensible reforms, we can protect both our safety and our civil liberties.

​Friday’s government report on surveillance from the Office of the Director of National Intelligence (ODNI) shows that the number of times the FBI searched for Americans’ data in the Section 702 database fell by 95 percent from 2021 to 2022.
 
This proves, the FBI claims, that its “culture of compliance” and reformation of its internal processes are working. Agents must now affirmatively opt-in to Section 702, whereas before, the FBI says, they could bumble into using Section 702 data without fully realizing it.
 
In terms of raw numbers, the FBI searched the Section 702 database almost 120,000 times last year, down from around 3 million such searches in 2021. And almost all of those 120,000 queries were to seek out connections between Americans’ communications and foreign spies and security threats. Slightly different definitions yield 200,000 as the number of such queries, but still a significant drop from 3 million.
 
Civil liberties advocates and their champions on the Hill are not impressed.
 
As Congress faces the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, Members from both parties continue to insist that statutory reforms be made in Section 702 to compel FBI compliance with the Fourth Amendment requirement for a probable cause warrant.
 
The FBI has been caught in the past using these surveillance tools for purely domestic crimes, ranging from bribery to health care fraud, that clearly should have required a warrant. FBI agents have delved into Section 702-derived information to do background checks on journalists, community leaders, religious communities, and activists, and at least one Member of Congress, Rep. Darin LaHood (R-Ill).
 
Perhaps this explains why Rep. LaHood, with House Permanent Select Committee on Intelligence Chairman Rep. Mike Turner (R-OH), issued a cool response to the ODNI report:
 
“While there was a sharp decline in U.S. person queries from December 2021 to November 2022, it is incumbent upon Congress, not the Executive Branch, to codify reforms to FISA Section 702.”
 
Translation: FBI, we still don’t trust you – Congress is going to have to enact rules to make you adhere to the Fourth Amendment’s requirement for a probable cause warrant.
 
It’s easy to see why. If the FBI’s programmatic change to opt-in is what made the difference, then either the great majority of queries before changes were made to the FBI system were unlawful – likely many millions of unlawful searches – or the FBI is willing to forgo a huge number of lawful queries for the sake of compliance. If you buy the FBI’s arguments, they are doing this despite the bureau’s often dire warnings that any pullback would result in massive risks to national security and public safety.
 
So which is it?
 
“Is 200,000 warrantless queries better than 3.4 million warrantless queries?” Elizabeth Goitein of the Brennan Center for Justice’s liberty and national security program told The Washington Post. “When you ask the question, you get a sense of how warped the universe we’re in is – that somehow 200,000 warrantless searches a year are an acceptable number.”
 
We add that it’s as if the residents of cities the size of Montgomery, Alabama, or Tacoma, Washington, were illegally surveilled. Does that sound like something to celebrate?
 
The FBI responds that many of its searches are conducted to protect victims from cybercrimes. But there is, Goitein says, no “victim exception” to the Fourth Amendment. “They are basically admitting that they’re searching Americans’ communications and most private, personal information without probable cause.”
 
All of which begs the question – if you think there’s a crime, why not obtain a criminal search warrant?
 
Worse, Congress and the public are left to look at this latest report through a glass, darkly. The FBI is not transparent in its methodology. It does not give a full accounting of the rules by which it catalogs and lists its searches. If the Drug Enforcement Administration runs a query and shares what it learns about an American citizen with the FBI, is that counted under these rules? How does the FBI count batch queries (multiple queries under a common justification) over one-offs?
 
Only Congress can dispel the murkiness by demanding answers. And as it does, expect to see even more reasons for statutory reforms as the precondition for the reauthorization of Section 702.

​Happy World Press Freedom Day! If you are a journalist heading out to do an interview, please be careful in your movements, your digital security, and the protection of your sources. In some countries, you might want to check under your car before starting the ignition.
 
But be advised that even these safety measures may not be enough to protect you.
 
Like many declarations of the United Nations, the 30th anniversary of World Press Freedom Day is observed in the breach in many UN member countries. The UN Secretary General Antonio Guterres said that the number of journalists killed in 2022 was 50 percent higher than the previous year. UNESCO reports that in all, 86 journalists were killed last year.
 
That’s a reporter killed every four days.
 
In Mexico, where many journalists have been murdered, the government and the cartels are the most prolific users of Pegasus, surveillance software that can transform any smartphone into a comprehensive 24/7 surveillance device. This spyware reveals one’s texts, emails, images, and calendar, while turning a smartphone’s microphone and camera against its owner. The New York Times reports that Mexico’s federal spy agency has “targeted more cellphones with the spyware than any other government agency in the world.”
 
And, of course, criminal actors have full use of this technology in much of the world. Cartels used Pegasus to track down journalist Cecilio Pineda Birto hours after he accused the state police force and local politicians of conspiring with violent criminals. He was gunned down while waiting for his car to come out of a carwash. Twenty-six Mexican journalists were targets of interest by a buyer of this technology in recent years.
 
This is in keeping with Secretary Guterres’ statement that “90 percent of the journalists killed” are “covering local issues, human rights violation, corruption, illegal mining, environment problems.” He added that many of the killers “are not only state actors, they are organized crime, drug lords, environmental criminals.”
 
In some parts of the world, the line between state actors and thuggery is nonexistent. Witness the ordeal of Evan Gershkovich of The Wall Street Journal, arrested on specious charges of being an American spy by the judicial puppets of the Vladimir Putin regime. Or Jimmy Lai, the Hong Kong publisher who bravely defied the Chinese Communist Party and has disappeared behind bars.
 
In other parts of the world, journalists are intimidated by online attacks and loose libel laws that keep journalists legally and psychologically intimidated.
 
Throughout, the marriage of increasingly potent surveillance technology and illiberal regimes is making the practice of journalism more difficult. This is true even in the United States. A Texas journalist was arrested for – get this – “misuse of official information.” A Wall Street Journal reporter in Arizona was arrested for doing man-on-the-street interviews.
 
The press can often come at the truth with a slant or a sensational angle. The press can just get a story wrong. But the free and open practice of journalism is in the long run the only way for a free society to self-correct and sift out the truth. As the founders insisted, freedom of the press safeguards society against official corruption, malfeasance, and the lawless exercise of power.
 
Now the free practice of journalism globally, and even at home, can be compromised by powerful spyware. It is also threatened by our government’s possession of our communications and online activity through Section 702 of the Foreign Intelligence Surveillance Act, as well as the bulk purchase of Americans’ digital information from data brokers.
 
While 49 U.S. states have press shield laws, there is no federal law that protects the notes and sources of a journalist from being seized by a federal prosecutor. All the more reason to celebrate World Press Freedom in America by asking Congress to get behind the PRESS Act, which would extend these basic protections to the federal government.

​New draft rules from Beijing require Alibaba, Baidu, and other Chinese social media companies to include “socialist values” in their versions of the generative AI software. This will likely broaden Washington’s debate about which Chinese platforms to ban other than TikTok.
 
But the dramatic handwringing on Capitol Hill about Chinese social media weaponizing the data of American citizens is only part of the story. The fact is that with or without your subscribership to TikTok or any other Chinese social media platforms, the People’s Republic of China probably already knows a lot about you. This is true for the same reason that U.S. federal agencies, ranging from the FBI to the Department of Homeland Security, to the IRS and the Pentagon, also have all your most personal data at their fingertips.
 
Whether Washington or Beijing, governments get the skinny on our private lives in the same way: they buy it from third-party data brokers, who in turn purchase our most sensitive, personal information scraped from popular apps and social media platforms.
 
In this way, data brokers compile a profile of you that includes your race, ethnicity, religion, gender, sexual orientation, and income level; major life events like pregnancy and divorce; medical information like drug prescriptions and mental illness; where you’ve been according to your real-time smartphone location history; details about your family and friends; what you search for online; and your politics and beliefs. There is a reason why data brokers – shadowy players you’ve likely never heard of – are often called the “middlemen of surveillance capitalism.”
 
They scrape and sell thousands of data points on billions of people, creating profiles of our financial, cultural, and private lives. The primary customers for this data are businesses that want to show you ads. But there is nothing to keep China from buying this information, too. In fact, PPSA has it on good authority that China does just that through intermediaries.
 
Klon Kitchen of the American Enterprise Institute calls China’s purchases of Americans’ data a gaping vulnerability that is “grossly underappreciated.” And Kitchen notes that what China doesn’t buy, it steals. He quotes FBI Director Christopher Wray who said last year, “If you are an American adult, it is more likely than not that China has stolen your personal data.”
 
Now is not the right time for Capitol Hill to deal with this complex issue. As efforts to counter Chinese penetration and exploitation of American data ramp up, it is important for Congress to make an immediate priority to address problems with U.S. government surveillance of its own citizens.
 
But Congress is going to have to deal with China and other governments purchasing our data in the near future. As politicians debate the dangers of TikTok, we should keep in mind how much of our personal information China already buys from the middlemen of surveillance.

​A House subcommittee hearing today demonstrated widespread, bipartisan recognition of the need to reform Section 702 of the Foreign Intelligence Surveillance Act (FISA).
 
Both the Chairman and Ranking Member of the full House Judiciary Committee – Rep. Jim Jordan (R-OH) and Rep. Jerry Nadler (D-NY) – called for their committee colleagues to lead bipartisan reforms to prevent further, significant abuses of this authority. Jordan, looking over his shoulder to Rep. Nadler, highlighted “the fact that we can get bipartisan on protecting civil liberties.”
 
Subcommittee chairman Andy Biggs (R-AZ) had earlier opened the hearing by saying Section 702 reform requires a “rare bipartisan effort.” Rep. Jerry Nadler (D-NY) agreed bipartisan action is needed. He complained about the government “keeping us in the dark” on the numbers of warrantlessly collected data of Americans. The result of this secrecy, he said, is the backdoor surveillance of Americans that “is neither hypothetical nor rare.”
 
Sharon Bradford Franklin, chair of the independent watchdog of the independent agency that protects civil liberties in government counterterrorism programs, spelled out three specific reforms. Even the title of the hearing, “Fixing FISA: How a Law Designed to Protect Americans Has Been Weaponized Against Them,” was telling. It set the tenor of skeptical and substantive questions from representatives from both parties.
 
By the end, it was clear that the push for Section 702 reform is strong and accelerating.
 
Franklin, Chair of the Private and Civil Liberties Oversight Board (PCLOB), noted that Section 702 – because it aims to collect the data of foreigners presumed to be located abroad – does not need to observe the Fourth Amendment requirement for a probable cause warrant. Nevertheless, Americans’ communications get “incidentally” caught up in this surveillance.
 
“The term incidental makes it sound like a small amount, but we don’t actually know the scope of this collection,” Franklin said. “The government argues it is not feasible to calculate a meaningful number.”
 
“They won’t tell us,” Chairman Jordan said sharply. “No idea how many Americans are pulled into incidental collection – the FBI won’t tell us.” He later fired a warning shot, “How about we put the FBI out of this business altogether?”
 
There was widespread recognition among committee members that the FBI is withholding any suggestion of the magnitude of incidental collection. This was a perfect set-up for Franklin to make the first of her three recommendations.

• “I believe an estimate that involves some margin of error can still be meaningful and helpful to Congress as you assess what safeguards are needed under Section 702.”

 
Franklin then turned to how Section 702 – an authority designed by Congress to permit the surveillance of foreigners – has become a method by which the government can warrantlessly surveil Americans.
 
“No judge ever reviews analysts’ targeting procedures,” she said, because they target foreigners who do not enjoy U.S. constitutional protections. Thus, she said, there is no judicial review on the front-end of the process. Nor, because the authority is ostensibly about foreigners, is there a warrant “requirement at the backend to establish probable cause or obtain permission from a federal judge,” even when Americans become the target of 702 surveillance.
 
This is what, Franklin said, privacy advocates mean by Section 702 enabling “backdoor searches.” She noted the FBI has recently released a set of reforms and improvements to its FISA process. These include changing default settings in the FBI’s query system so agents must affirmatively opt in to have their queries run through 702 data and establishing special approvals for sensitive queries such as those involving elected officials, members of the media, academia, and religious leaders.
 
“These reforms are welcome,” Franklin said, “but I do not believe these changes are sufficient to address the privacy threats posed by these warrantless searches seeking information about specific Americans.”

• “I urge you to incorporate a requirement for FISA Court review of U.S. person query terms, to ensure protection of Americans’ Fourth Amendment rights.”

 
Third and finally, Franklin addressed the issue of “abouts” information – collecting references from third parties about an American. In 2018, Congress suspended the collection of “abouts” data, but the current law allows the government to restart the practice at will. This is dangerous, she said, because it allows the government to “acquire communications extensively between people about whom the government had no prior suspicion, or even knowledge of their existence, based entirely on what is contained within the contents of their communications.”

• Franklin told Congress it should eliminate any ability for the government to return to “abouts” data collection because it contains such “unique privacy risks.”

 
Franklin’s testimony was a good summation of the issues at stake in Section 702, as well as her recommendations.
 
Rep. Laurel Lee (R-FL) noted the call to require amici – legal experts in civil liberties – to advise the secret FISA court whenever it considers surveillance requests from the government that involve Americans’ fundamental freedoms in politics, religion, and journalism.
 
Department of Justice Inspector General Michael Horowitz seemed to agree. He responded that in the secret hearings, “agents never face a challenge or a cross examination” unlike an ordinary criminal trial. Facing cross-examination by a privacy advocate, Inspector Horowitz said, “focuses the mind.”
 
The lasting impact of the hearing will likely be Franklin’s three recommendations – to get the government to produce an estimate of incidental collection of Americans communications, to involve FISA court review of the query terms for Americans, and to remove the ability of the government to return to the collection of “abouts” information.

Watch the full hearing: 

The spokespersons of the intelligence community promise in hearings, when asked about multiplying reports of lawless surveillance of the American people, that they intend to adhere to a “culture of compliance.”
 
But compliance with what?
 
A glimpse into official thinking can be seen in internal documents recently released by the FBI that give guidance to agents searching the vast oceans of data swept up under the authority of the Foreign Intelligence Surveillance Act (FISA). It includes procedures for reviewing Americans’ communications collected without a warrant under Section 702, the authority devised for surveilling foreigners abroad. It details the ways in which agents can, under rules established by the secret FISA Court, search these records for evidence of a crime not relating to national security, even though the primary purpose Congress crafted FISA and Section 702 was to catch foreign terrorists and spies.
 
This workaround rests on the fact that with the global integration of communications, it is impossible to sweep up large amounts of communications without “incidentally” sweeping up the communications of Americans. The culture of compliance at the FBI is about compliance with its own internal rules. These documents demonstrate the extent to which queries about U.S. persons Section 702 data – performed more than 200,000 times last year alone – have become the FBI’s honeypot for domestic surveillance.
 
That is why 702 information has been used in investigating purely domestic crimes and investigations, from bribery to health care fraud – hardly matters of national security.
 
These documents show the extent to which the FBI has elaborate rules in place to sanitize the ways agents access this information to obtain Americans’ communications in a domestic criminal investigation. But you will search this document in vain for mention of the words “privacy,” “warrants,” and “Fourth Amendment.”
 
How’s that for an idea – a culture of compliance with the U.S. Constitution?

The Capitol dome is ringing and reverberating like a bell after being struck by Jordain Carney’s article in Monday’s Politico about the FBI’s lack of credibility on the Hill.
 
Carney spells out what until now has been whispered – that years of disingenuous claims by the FBI is making it the odd man out in this year’s reform of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
 
For years, PPSA has been critical of the defensive, often patronizing, tone of FBI Director Christopher Wray who praises the bureau’s “culture of compliance.” He glosses over years of FBI lying about bulk collection of Americans’ data and massive amounts of backdoor searches as if he had accidentally taken a sip from someone else’s water glass over lunch.
 
Wray has particularly rubbed Republicans the wrong way. After the Justice Department Inspector General detailed the manifold failings of the FBI in its FISA Title I Carter Page investigation – from lying by omission to the secret FISA court (later to be compounded by the submission of a forged document by an FBI lawyer) – Wray had a snappy comeback. He thanked the inspector for his “constructive criticism.”
 
At the time, Rep. Tom McClintock (R-CA) responded by detailing how much is at stake when the FBI overreaches: “The FBI can be entrusted with the most terrifying powers that we can give our government – the power to ruin people’s lives, the power to invade their privacy, to launch pre-dawn raids on their homes, to bankrupt them with legal costs, to deprive them of their liberty.”
 
Undaunted, Wray doubled down with his smooth, nothing-to-see here demeanor in recent testimony on the Hill. He revealed that the Section 702 program saw a 93 percent decrease between 2021 and 2022 in the number of FBI searches for U.S. persons – only to have staff reveal to The New York Times that the remaining number is 204,090. That’s still millions of Americans illicitly surveilled outside the Constitution in just a few years.
 
“The FBI is absolutely the problem child in FISA and 702,” House Intelligence Chairman Mike Turner (R-OH) told Carney. “The abuses are abhorrent. Wray is not a compelling advocate for FISA or 702, because he’s not been a compelling advocate for reform.”
 
It didn’t help that the lawmaker tasked with spearheading the reauthorization of Section 702, Rep. Darin LaHood (R-IL), turned out to be the very Member of Congress who had his name used in three queries, compromising all his private communications. Rep. LaHood, who is generally supportive of 702 reauthorization, told Wray in a recent hearing that a clean, or unamended, reauthorization of Section 702 was not in the cards.
 
Now Carney reveals that congressional “negotiators are already signaling that they will likely miss the Dec. 31 deadline to re-up the warrantless surveillance.”
 
PPSA hopes that in investigating FBI abuses that Congress looks at other agencies – from NSA to DEA – that also promise a “culture of compliance.” They all need to be reined in instead of following the FBI in the wrong direction. Congress needs to act with strong reforms of Section 702 that require probable cause warrants whenever an American is targeted, as the Constitution requires.

​The Project for Privacy and Surveillance Accountability joined with more than a dozen civil liberties organizations in an open letter warning Congress about the dangers of the Restrict Act, which would give the Secretary of Commerce sweeping powers over virtually all information technology.
 
“The scope of the act is enormous,” the coalition letter reads, “and may allow the administrative state to issue regulations affecting telecommunications, cryptocurrencies, press freedoms, and the use of and access to the Internet itself.”
 
The bill would create criminal penalties that carry up to 20 years in prison and up to $1 million in fines, as well as civil asset forfeitures.
 
If enacted, the Restrict Act would necessitate and likely authorize even more domestic spying on Americans than currently occurs, while cracking down on lawful speech. It is a recipe for an American surveillance state.

PPSA's senior policy advisors, Bob Goodlatte and Mark Udall, writes in Real Clear Politics.

​As is often said in Washington, never let a good crisis go to waste. The national security state is visibly winding up to expand surveillance of the American people in the wake of the posting of sensitive U.S. government secrets in a Discord chat room by a 21-year-old airman.
 
Officialdom’s appetite for more domestic surveillance was already evident before the leak with the introduction of the vaguely drafted Restrict Act. This bill, which has significant bipartisan support, would give the Commerce Secretary sweeping powers to regulate all communications technology and much of the content that it carries. That bill would hit those deemed to have violated unclear parameters of Restrict’s allowable behavior with $1 million fines and 20 years in prison.
 
NBC News now reports that senior administration and congressional officials say the “Biden Administration is looking at expanding how it monitors social media sites and chatrooms.”
 
The only problem with monitoring chatrooms is that they are private discussions. Forgive our quaintness, but systematic intrusion into all of America’s chatrooms by government-operated AI would be a massive violation of the Fourth Amendment.
 
This would be an intrusion on such a scale as to trouble even many surveillance hawks. Consider former National Security Agency general counsel Glenn Gerstell, who has taken to the airwaves to tout the reauthorization of the highly problematic Section 702 of the Foreign Intelligence Surveillance Act. This is the authority that has been misused by the FBI to conduct backdoor searches of Americans’ communications. Even he sees the potential for overreaching here.
 
Gerstell told NBC News: “We do not have nor do we want a system where the United States government monitors private internet chats.”
 
Why, then, is this being considered? The government was mortified to learn that the leak had occurred and reported by The New York Times and open-source intelligence organization Bellingcat.
 
It would be a serious error to respond to a crisis that resulted from a poorly-designed system of security within the government and treat it as reason to increase domestic surveillance of the American people.

​The FBI explained to Charlie Savage of The New York Times why it used the name of Rep. Darin LaHood (R-IL) as a search term. The FBI says it was conducting a “defensive” investigation ostensibly to protect the congressman. Along the way, the bureau took no trouble to adhere to rules that would have excluded Rep. LaHood’s personal and irrelevant communications when delving into his data collected under Section 702 of the Foreign Intelligence Surveillance Act (FISA).
 
In December, 2021, a government report first revealed that a Congressman’s name had been used in such a search without using minimization procedures to protect his privacy. That the subject of this surveillance was Rep. LaHood was dramatically revealed in a March hearing when the Illinois congressman said he believed his name had been used for the Section 702 query. Section 702 is an authority Congress authorized explicitly to surveil foreign actors in foreign settings who pose a threat to national security.
 
The FBI is generous with itself in how it treats the collection of Americans’ communications that are “incidentally” swept up in 702 data collection. With so much of global communications running through North America – and so many Americans in communication with foreigners – the private messages of American citizens and people on U.S. soil have a degree of exposure far beyond anything Congress imagined when it amended FISA with Section 702 in 2008.
 
This authority has since become a wide-open back door through which the FBI can surveil someone, then concoct a different predicate to follow up on the evidence it has seized. Years of experience with FBI misbehavior explains why Rep. LaHood, a former counterterrorism prosecutor, struck a newly confrontational tone in a recent hearing with FBI Director Christopher Wray.
 
“I want to make clear the FBI's inappropriate querying of a duly elected member of Congress is egregious and a violation not only that degrades the trust in FISA but is viewed as a threat to the separation of powers," LaHood said to Director Wray.
 
Now FBI backgrounders are telling The New York Times that the reason for the query was because the bureau believed Rep. LaHood was a target of a Chinese intelligence operation. FBI surveillance occurred at a time when LaHood, whose district includes soybean farmers and Caterpillar, was caught between President Trump’s tariffs imposed on Chinese goods and the dependence of his constituents on trade with China.
 
Thus, intelligence community apologists are now using “defensive investigation” as yet another reason why we cannot allow a warrant requirement to gum up the works. Matt Olsen, now an assistant attorney general, argued in Slate a few years ago that entering an American’s email address or phone number into the database “is not the initiation of a new surveillance or search protected by the Fourth Amendment and subject to the warrant requirement. It is the review of information that the agency has already obtained by lawfully targeting others and that now resides in its databases.”
 
This assertion is that these aren’t general warrants, prohibited by the Constitution, if the government already possesses your data. The founders added the Fourth Amendment to the Constitution to prevent general warrants like those of the British Crown. According to Olsen’s theory, if the king’s agents had thought to lock up every Bostonian’s private papers in a warehouse, it would have amounted to one, big legal search.
 
A hypothetical situation shows how far afield this is from the Fourth Amendment. Put aside that Rep. LaHood has a reputation for being an honest and decent fellow. Hypothetically, would the FBI have ignored incriminating information of a non-national security crime if it had been found in a congressman’s private messages? Consider that the secret FISA court revealed that Section 702 has already been used in health care fraud, bribery, and other cases having nothing to do with national security.
 
Now the FBI is peddling to The Times the notion that all is fair game if the purpose of the search is purely defensive. After all, they were merely trying to protect Rep. LaHood, right? But if that’s the case, why didn’t the FBI inform Rep. LaHood he was a target of the Chinese? Why did he have to intuit this from reading classified material years after the fact?
 
The reason is clear. The government always wants to retain the right to go after the subject of the search. That is why the intelligence community and its apologists want an exception for backdoor searches but have no interest in a consent requirement.
 
We hope Rep. LaHood keeps this in mind when he works with his colleagues to craft the strong reforms that, he said, must be the price of Section 702 reauthorization in this Congress.

​Now another Israeli company joins the NSO Group for its flagrant disregard for human rights, democracy, and digital privacy in the name of profit.
 
QuaDream has been identified by The Citizen Lab at the Monk School of Global Affairs and Public Policy as the developer of a new spyware, Reign. Like the more notorious Pegasus, Reign infiltrates phones without requiring the target to click on a malicious link or to even take any action at all. 
 
Citizen Lab found that Reign can:

• Record audio from phone calls
• Record audio from its microphone, capturing conversations in the vicinity of a phone.
• Take pictures through the device’s front or back camera.
• Steal passwords and other security information from an iPhone’s keychain.
• Track the device’s (and therefore, the user’s) locations and movements.
• Search files for specific content.

And when the job is complete, Reign self-destructs, removing most of the evidence that it was at ever at work in the victim’s phone.
 
For decades, iPhone users enjoyed superior security. Reign took a big bite out of Apple’s vaunted security features. It infected some victims’ phones by sending them an iCloud invitation, following up on previous invitations, which makes the fake resend invisible to the user. Meanwhile, Google has issued some software patches to address vulnerabilities with its Android smartphone.

Microsoft, which partnered with Citizen Lab, reported that the technology has been used to surveil journalists, political opposition figures, and an NGO in countries ranging from the Middle East to Central Europe and Latin America.
 
We have seen time and again that commercially developed spyware finds its most lucrative market in sales to repressive governments and the world’s most dangerous criminal enterprises. While the Israeli government seems alert now to the threat posed by the commercial spyware sector, other actors around the world are surely poised to pick up the slack. The arms race between Apple, Google, and Samsung against spyware developers will continue apace. In the meantime, as former Vice President Nelson Rockefeller said: “If you don’t want it known, don’t say it over the phone.”
 
Or anywhere within twenty feet of your smartphone.

​Jim Jordan, Chairman of the House Judiciary Committee, fired off a subpoena to FBI Director Christopher Wray on Monday asking for a full response to a whistleblower’s leaked report that the FBI planned to monitor Catholic organizations dedicated to the Latin mass as breeding grounds for terrorists. He asked for more detail on a plan to insert undercover agents to develop sources within the Church to investigate such “Radical Traditional Catholics,” or in FBI parlance, RTCs.
 
It all began when former Special Agent Kyle Seraphin revealed a memo showing that the FBI’s Richmond, Virginia office was infiltrating Catholic parishes, acting on agents’ suspicion that those who prefer traditional Latin masses are connected to white supremacy. “The document assesses with ‘high confidence’ the FBI can mitigate the threat of Radical-Traditionalist Catholics by recruiting sources within the Catholic Church,” Seraphin wrote at the time.
 
Embarrassed by this story, the FBI rescinded the memo and blamed it on bad decision-making in the Richmond field office for the document’s “creation and dissemination.” Members of the House Select Committee on the Weaponization of the Federal Government were not satisfied. How did this idea get started? Who approved it?
 
The FBI, after trying to ignore these questions, produced an 18-page response in March that Jordan on Monday called “partial” and “substandard.”
 
Jordan’s subpoena demands responses to his queries without redactions, asking for details on the report that “at least one undercover employee, sought to use local religious organizations as ‘new avenues for tripwire and source development.’”
 
The FBI has a history of insensitivity to the free exercise of religion and the privacy of religious institutions. The bureau famously targeted worshippers in a mosque in Southern California in 2006-2007 without any probable cause the government is willing to discuss. The FBI paid an informant to infiltrate the mosque and plant listening devices.
 
No Islamic terrorists were found.
 
We’ll report on further developments as the FBI is tasked to produce a more forthcoming explanation of its targeting of “RTCs.”

We’ve reported on robust, zero-click malware like Pegasus and Reign that state actors and criminal syndicates can use to transform your smartphone into a 24/7 surveillance device. These infiltrations don’t require you to make a single click or take any action, but lower-tech threats to privacy are proliferating from users’ interactions with mundane sources as well.
 
The FBI is now warning Americans to avoid using free charging stations in airports, hotels, and shopping centers. The Bureau reports that bad actors can use charging stations to infiltrate devices, installing malware or monitoring software to remotely steal your data.
 
By connecting your devices to a public charging station, a user could be vulnerable to “juice jacking,” malware that hijacks your charging cable during a charge. With malware and other cybersecurity threats installed onto a charging station, you could import them directly into your phone without ever knowing.
 
Smartphones and devices with the latest security updates might be fine, but hackers can continually modify their malware programs to evade detection. Juice jacking is just one way that hackers can hit your devices. A device’s defenses against these vulnerabilities are only as good as their most recent software update, so a phone that hasn’t been updated in weeks or months is especially open to attack.
 
While low-level malware attacks pose a significant risk to cybersecurity, they could be overtaken by far more powerful zero-click attacks that require no action on the victim’s part. The vector of these attacks can be global.
 
NSO Group’s Pegasus and QuaDream’s Reign are zero-click attacks that overcome the need to trick a user into taking an action. Pegasus can infiltrate a smartphone, reading text messages, tracking calls, collecting passwords, tracking location, accessing the device's microphone and camera, and harvesting information from apps. This technology is frightening because Pegasus or Reign can be installed remotely on smartphones even with the most up-to-date security software, all without the user ever touching their devices.
 
If bad actors using malware to infiltrate public charging stations to infect older device models is the Covid of malware, then a fully commercialized Pegasus or Reign would be more like the Black Plague. While Americans on travel can prevent attacks by bringing their own battery charger, nothing at present could prevent the epidemic if zero-click attacks proliferate in the wild.
 
Tech companies are in a continuous arms race with hackers and malware developers. The best thing you can do now is to regularly update your software and avoid public charging stations as if they were dirty bathrooms.

Last year, Sens. Ron Wyden and Martin Heinrich revealed that the Department of Homeland Security had tracked millions of wire money transfers by Americans. Now, thanks to a Freedom of Information Act request from WIRED, we’ve learned of a legal tool used by another part of DHS, Immigration and Customs Enforcement (ICE), to extract data from elementary schools, news organizations, and abortion clinics.
 
Called 1509 customs summonses, these requests are authorized by law to be used in criminal investigations about illegal imports or unpaid customs duties.
 
WIRED examined ICE’s subpoena tracking database and found agents issued more than 170,00 customs summonses from the beginning of 2016 through August 2022. Congress granted this power to ICE to allow it to efficiently follow up on customs issues without having to wait for a warrant from a judge.
 
Among the targets of ICE customs summonses are a youth soccer league, surveillance video from a major abortion provider in Illinois, student records from an elementary school in Georgia, health records from a state university’s student health service, data from three boards of elections or election departments, and data from a Lutheran organization that aids refugees.
 
WIRED reports: “In at least two instances, agents at ICE used the custom summons to pressure news organizations to reveal information about their sources.” In 2017, ICE had also illegally used a custom summons to try to force Twitter to reveal the owner of an anonymous account.
 
ICE spokesmen told WIRED that there were reasonable explanations for these requests, including investigations into the spread of child sex abuse material. But many civil liberties observers are skeptical of any claim made by federal agencies. ACLU’s Nathan Freed Wessler said that without access to the underlying subpoenas, there is no way to tell if ICE had abused its authority.
 
This is a clear case where Congressional oversight is mandatory. The House and Senate Judiciary Committees must investigate the rationales for these customs summonses – especially those that were aimed at news organizations. And they should take the next step by passing the PRESS Act to protect journalists from being compelled by federal prosecutors to reveal their sources.

The New York Times broke the story that a front company in New Jersey signed a secret contract with the U.S. government in November 2021 to help it gain access to the powerful surveillance tools of Israel’s NSO Group.
 
PPSA previously reported that the FBI had acquired NSO’s signature technology, Pegasus, which can infiltrate a smartphone, strip all its data, and transform it into a 24/7 surveillance device. Mark Mazzetti and Ronen Bergman of The Times now report that the FBI in recent years had performed tests on defenses against Pegasus and “to test Pegasus for possible deployment in the bureau’s own operations inside the United States.” An FBI spokesperson told these journalists the FBI’s version of the software is now inactive.
 
The secret contract also grants the U.S. government access to NSO’s powerful geolocation tool called Landmark. Mazzetti and Ronen report that such NSO technology has been used thousands of time against targets in Mexico – and that Mexico is named as a venue for the use of NSO technology. Two sources told the journalists that the “contract also allows for Landmark to be used against mobile numbers in the United States, although there is no evidence that has happened.”
 
This story is catching the Biden Administration flat-footed, which had declared this technology a national security threat while placing NSO on a Commerce Department blacklist. In light of these new revelations, Members of Congress should ask the Directors of National Intelligence, the CIA, FBI, and DEA:

• Has your agency ever used Pegasus against a person inside the United States?

 

• Given Director Christopher Wray’s recent admission in congressional testimony that the FBI tracked the location data of U.S. persons over an unspecified period in the past, has the FBI ever deployed Landmark in a domestic context?

 

• Has DEA or any other federal agency ever deployed Landmark domestically?

 
This breaking story will likely force the Biden White House to promulgate new rules limiting the use of NSO technology by federal law enforcement and intelligence agencies. As it does, Congress should be involved every step of the way.
 
This technology is frightening because NSO tools can be installed remotely on smartphones with the most updated security software, and without the user succumbing to phishing or any other obvious form of attack. The need for a detailed policy limiting the use of these tools is urgent. NSO technology is to ordinary surveillance what nuclear weapons are to conventional weapons. Because nuclear weapons are hard to make, Washington, D.C. had time to plan and enact a global non-proliferation regime that delayed their proliferation. In the case of Pegasus and Landmark, however, this technology easily proliferated in the wild before Washington was even fully aware of its existence.
 
Pegasus has been used by drug cartels to track down and murder journalists. It has been used by an African government to listen in on conversations between the daughter of a kidnapped man and the U.S. State Department. It was famously used to plan the murder of Adnan Khashoggi. Does anyone doubt that Russian and Chinese intelligence have secured their own copies? Now Washington is both racing to catch up with foreign adversaries and limit the use of this technology at the same time.
 
NSO, through its amoral proliferation of dangerous technology, has made the world a riskier place. As federal agencies seek to get their hands on this technology, Congress should paint a bright red line – DO NOT USE DOMESTICALLY, EVER.

The U.S. State Department last week released a document that offers “Guiding Principles on Government Use of Surveillance Technologies.” This paper gives other countries advice on how to use technical, legal, and transparency rules to keep surveillance technology from destroying democracy and privacy.
 
But it is fair to ask: How well does Washington, D.C. live up to its own advice?
 
That pervasive surveillance is going global is indisputable. On the same day the State Department released this paper, two New York Times journalists reported on all the exotic items for sale at a Dubai surveillance conference – facial recognition software that tracks individuals across cities, facial recognition goggles, and miniaturized cameras and recording devices inside fake car key remotes and coffee cups.
 
Surveillance technology, including the universal smartphone violator Pegasus, are making a Chinese-style surveillance state possible. The State Department document cautions countries against going down this path toward totalitarian surveillance that leaves people no room for privacy.
 
The State Department warns that surveillance can be used to target journalists, political opposition members, and activists, as well as marginalized minorities. We should take this standard as a marker for our improvement as well. According to the secret Foreign Intelligence Surveillance Court, the FBI has conducted “widespread violations” by conducting warrantless, backdoor searches of communications. It has come to light that the FBI has plumbed FISA data with search terms for: a U.S. Congressman, “a local political party,” “multiple U.S. government officials, journalists, and political commentators,” as well as two “Middle Eastern” men, flagged by a witness because they were loading boxes into a vehicle.
 
The State Department advises upholding “procedural rights” that protect the offline and online civic space of a country. State also says that “the quantity and nature of information collected through surveillance technology and the timeframe for which that data is retained should be limited to what is relevant or necessary …”
 
In this light, we should note that U.S. defendants have little ability to know if a backdoor search of their data has been used to target them. In court, defendants have practically no such rights – especially with a “state secrets” privilege that effectively makes discovery of the use of warrantless surveillance impossible.
 
And what to make of State’s advice concerning limits on the quantity of data? In addition to having access to the National Security Agency’s torrent of global and domestic data, the FBI buys metadata and even content scraped from apps and sold to the government by third-party data brokers.
 
We point out these contradictions to underscore the need for Congress to use the pending reauthorization vote of FISA’s Section 702 – which ostensibly authorizes surveillance of foreign actors abroad – to perform a deep, investigatory dive into surveillance abuse. That knowledge can guide the drafting of meaningful reforms – including a warrant requirement whenever Americans are the government’s target.
 
The United States is a world leader when it comes to protecting civil liberties. If we complete the job, we will continue to be the country that others look to emulate.

​Never let a moral panic go to waste. A legitimate concern – the likely exposure of 150 million Americans’ data from TikTok to the People’s Republic of China – somehow morphed into the Restrict Act, which never mentions TikTok.
 
Supported across the ideological spectrum by Sens. Mark Warner, Joe Manchin, Mitt Romney, and Shelley Moore Capito, the Restrict Act would transform a rather innocuous figure, the Secretary of Commerce, into an American Cardinal Richelieu.
 
The bill would empower the Secretary of Commerce “to review and prohibit certain transactions between persons in the United States and foreign adversaries” regarding virtually all hardware and software communications technology, as well as data storage, machine learning, predictive analytics, and data science providers. The bill also covers software for desktops, mobile applications, gaming, payment, and web-based applications.
 
The bill labels the People’s Republic of China, as well as Cuba, Iran, Russia, North Korea, and Venezuela as foreign adversaries, which they certainly are. But it would grant the Secretary the power to consult with the Director of National Intelligence to name any country’s technology as a national security threat.
 
In addition, under the bill the Secretary would have the power to ban “entities” held by hostile foreign labor unions, equity investors, partnerships or of “any participation […] and of any character.” It covers just about every aspect of technology and e-commerce with a potentially foreign connection.
 
The Secretary of Commerce, usually known for cutting ribbons and handing out awards, would acquire duties commonly associated with the CIA’s Clandestine Service. Commerce Secretary Gina Raimondo would be empowered to “identify, deter, disrupt, prevent, prohibit, investigate, or otherwise mitigate” not just the “information and communications technology products” listed above, but also anything that could be construed to involve “Federal elections” and “national security.” The bill also targets “the digital economy,” presumably meaning the Secretary of Commerce could, with the stroke of a pen and no further debate in Congress, deter, disrupt, or prevent Bitcoin and other cryptocurrencies.
 
Americans who violate these restrictions would face up to $1 million in fines and 20 years in prison. And violate what, exactly? This bill is as vague as it is repressive. As Elizabeth Nolan Brown of Reason notes, the Restrict Act could easily be interpreted as criminalizing virtual private networks, which enable Americans’ privacy. Thus, teenagers who use VPNs to watch burping contests on TikTok could face a $1 million fine and 20 years in prison.
 
“We’ve seen many times the way federal laws are sold as attacks on big baddies like terrorists and drug kingpins yet wind up used to attack people engaged in much more minor activities,” Brown wrote. Or, as Cardinal Richelieu said, “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”
 
As extreme as it is, it would be a mistake to discount the Restrict Act. The White House is strongly backing it. On Capitol Hill, this legislation has momentum, surfing on the cresting wave of indignation after the poorly received testimony of TikTok’s CEO. And if it falls short, it reveals a deep state hunger for power that will surely find expression in smaller, more passable bills.
 
Which raises the question: If we reject the Restrict Act, what should be done about TikTok?
 
As civil libertarians, we find ourselves at a point of agony concerning the proposed banning of TikTok’s social media platform in the United States. We don’t like government having the power to pull down a vibrant ecosystem of speech, one with many minority viewpoints, and on which small businesses and influencers depend.
 
Yet TikTok’s promise to quarantine Americans’ data from ByteDance, its Chinese owner, is risible. ByteDance must comply with a Chinese law that mandates sharing data with Chinese intelligence. As we’ve pointed out, TikTok has repeatedly violated its own standards – most recently by allegedly surveilling American journalists in a likely attempt to catch dissidents or whistleblowers.
 
Nor would “Project Texas” – TikTok’s proposal to house American data, most likely with Oracle in Austin – be a foolproof way to quarantine Americans’ data from China.
 
Vigilance about government surveillance must include all governments. As overbearing as Washington can be, nothing compares to the malevolence of the Chinese Communist Party toward the United States and the American people. For that reason, it makes sense to ban TikTok or force a sale under current sanctions law or a narrowly targeted bill.
 
But the Restrict Act gives overreaction a bad name. It would be a rich irony if Congress protected Americans from the importation of Chinese surveillance by turning the Department of Commerce into the technology police, enforcing vague laws with sweeping investigatory power. The Restrict Act is a blueprint for tyranny.