In this age of “corporate social responsibility,” can a government regulator mount a pressure campaign to persuade businesses to blacklist unpopular speakers and organizations? Would such pressure campaigns force banks, cloud storage companies, and other third parties that hold targeted organizations’ data to compromise their clients’ Fourth as well as their First Amendment rights?
 
These are just some of the questions PPSA is asking the U.S. Supreme Court to weigh in National Rifle Association v. Vullo.  
 
Here's the background on this case: Maria Vullo, then-superintendent of the New York Department of Financial Services, used her regulatory clout over banks and insurance companies in New York to strongarm them into denying financial services to the National Rifle Association. This campaign was waged under an earnest-sounding directive to consider the “reputational risk” of doing business with the NRA and firearms manufacturers.

Vullo imposed consent orders on three insurers that they never again provide policies to the NRA. She issued guidance that encouraged financial services firms to “sever ties” with the NRA and to “continue evaluating and managing their risks, including reputational risks” that could arise from their dealings with the NRA or similar gun promotion organizations.
 
“When a regulator known to slap multi-million fines on companies issues ‘guidance,’ it is not taken as a suggestion,” said Gene Schaerr, PPSA general counsel. “It’s sounds more like, ‘nice store you’ve got here, it’d be shame if anything happened to it.’”
 
The U.S. Court of Appeals for the Second Circuit reversed a lower court’s decision that found that Vullo used threats to force the companies she regulates to cut ties with the NRA. The Second Circuit reasoned that: “The general backlash against gun promotion groups and businesses … could (and likely does) directly affect the New York financial markets; as research shows, a business's response to social issues can directly affect its financial stability in this age of enhanced corporate social responsibility.”

You don’t have to be an enthusiast of the National Rifle Association to see the problems with the Second Circuit’s reasoning. Aren’t executives of New York’s financial services firms better qualified to determine what does and doesn’t “directly affect financial stability” than a regulator in Albany? How aggressive will government become in using its almost unlimited access to buy or subpoena data of a target organization to get its way? We told the Court: “Even the stability of a single company is not enough; the government cannot override the Bill of Rights to slightly reduce the rate of corporate bankruptcies.”
 
In our brief, PPSA informs the U.S. Supreme Court about the dangers of a nebulous, government-imposed “corporate social responsibility standard.” We write:
 
“Using CSR – a controversial theory positing that taking popular or ‘socially responsible’ stances may increase corporate profits – to justify infringement of First Amendment rights poses a grave threat to all Constitutionally-protected individual rights.”
 
PPSA is reminding the Court that the right to free speech and the right to be protected from government surveillance are intwined.

​“Once again, the House has passed the Protect Reporters from Exploitive State Spying (PRESS) Act with unanimous, bipartisan support. Forty-nine states have press shield laws protecting journalists and their sources from the prying eyes of prosecutors. The federal government does not. From Fox News to The New York Times, government has surveilled journalists in order to catch their sources. Journalists have been held in contempt and even jailed for bravely safeguarding the trust of their sources.
 
“The PRESS Act corrects this by granting a privilege to protect confidential news sources in federal legal proceedings, while offering reasonable exceptions for extreme situations. Such laws work well for the states and would safeguard Americans’ right to evaluate claims of secret wrongdoing for themselves.
 
“Great credit goes to Rep. Kevin Kiley and Rep. Jamie Raskin for lining up bipartisan support for this reaffirmation of the First Amendment. As in 2022, the last time the House passed this act, the duty now shifts to the U.S. Senate to respond to this display of unanimous, bipartisan support. I am optimistic. At a time of gridlock, enacting this bill into law would be a positive message that would reflect well on every Senator.”

​Three of the largest pharmaceutical chains – CVS Health, Kroger, and Rite Aid – routinely hand over the prescription and medical records of Americans to police and government agencies upon request, no warrant required.
 
“Americans' prescription records are among the most private information the government can obtain about a person,” Sen. Ron Wyden (D-OR), and Reps. Pramila Jayapal (D-WA) and Sara Jacobs (D-CA) wrote in a letter to HHS Secretary Xavier Becerra revealing the results of a congressional investigation into this practice. “They can reveal extremely personal and sensitive details about a person’s life, including prescriptions for birth control, depression or anxiety medications, or other private medical conditions.”

The Washington Post reports that because the chains often share records across all locations, a pharmacy in one state can access a person’s medical history from states with more restrictive laws.
 
Five pharmacies – Amazon, Cigna, Optum Rx, Walmart, and Walgreens Boots Alliance – require demands for pharmacy records by law enforcement to be reviewed by legal professionals. One of them, Amazon, informs consumers of the request unless hit with a gag order. All the major pharmacies will release customer records, however, if they are merely given a subpoena issued by a government agency rather than a warrant issued by a judge. This could be changed by corporate policy. Sen. Wyden and Reps. Jayapal and Jacobs urge pharmacies to insist on a warrant rather than comply with a request or a subpoena. 
 
Most Americans are familiar with the strict privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) from filling out forms in the doctor’s office. Most will surely be surprised how HIPAA, as strict as it is for physicians and hospitals, is wide open for warrantless inspection by the government.
 
This privacy vulnerability is just one more example of the generous access government agencies have to almost all of our information.
 
Intelligence and law enforcement agencies can know just about everything about us through purchases of our most sensitive and personal information reaped by our apps and sold to the government by data brokers. As privacy champions in Congress press HHS to revise its HIPAA regulations to protect Americans’ medical data from warrantless inspection, Congress should also close all the loopholes by passing the Protect Liberty and End Warrantless Surveillance Act.

​The Federal Reserve Board is publicly weighing whether or not to ask Congress to allow it to establish a Central Bank Digital Currency (CBDC), replacing paper dollars with government-issued electrons.
 
Given the growth of computing, a digital national currency may seem inevitable. But it would be a risky proposition from the standpoint of cybersecurity, national security, and unintended consequences for the economy. A CBDC would certainly pose a significant threat to Americans’ privacy.
 
A factsheet on the Federal Reserve website says, “Any CBDC would need to strike an appropriate balance between safeguarding the privacy rights of consumers and affording the transparency necessary to deter criminal activity.” The Fed imagines that such a scheme would rely on privacy-sector intermediaries to create digital wallets and protect consumers’ privacy.
 
Given the hunger that officialdom in Washington, D.C., has shown for pulling in all our financial information – including a serious proposal to record transactions from bank accounts, digital wallets, and apps – the Fed’s balancing of our privacy against surveillance of the currency is troubling. With digital money, government would have in its hands the ability to surveil all transactions, tracing every dollar from recipient to spender. Armed with such power, the government could debank any number of disfavored groups or individuals. If this sounds implausible, consider that debanking was exactly the strategy the Canadian government used against the trucker protestors two years ago.
 
Enter H.R. 1122 – the CBDC Anti-Surveillance State Act – which sets down requirements for a digital currency. This bill would prohibit the Federal Reserve from using CBDC to implement monetary policy. It would require the Fed to report the results of a study or pilot program to Congress on a quarterly basis and consult with the brain trust of the Fed’s regional banks.
 
Though this bill prevents the Fed from issuing CBDC accounts to individuals directly, there is a potential loophole in this bill – the Fed might still maintain CBDC accounts for corporations (the “intermediaries” the Fed refers to). The sponsors may want to close any loopholes there.
 
That’s a quibble, however. This bill, sponsored by Rep. Tom Emmer (R-MN), Majority Whip of the House, with almost 80 co-sponsors, is a needed warning to the Fed and to surveillance hawks that a financial surveillance state is unacceptable. 

​The American Civil Liberties Union, its Northern California chapter, and the Brennan Center, are calling on the Federal Trade Commission to investigate whether Meta and X have broken commitments they made to protect customers from data brokers and government surveillance.
 
This concern goes back to 2016 when it came to light that Facebook and Twitter helped police target Black Lives Matter activists. As a result of protests by the ACLU of Northern California and other advocacy groups, both companies promised to strengthen their anti-surveillance policies and cut off access to social media surveillance companies. Their privacy promises even became points of pride in these companies’ advertising.
 
Now ACLU and Brennan say they have uncovered commercial documents from data brokers that seem to contradict these promises. They point to a host of data companies that publicly claim they have access to data from Meta and/or X, selling customers’ information to police and other government agencies.
 
ACLU writes: “These materials suggest that law enforcement agencies are getting deep access to social media companies’ stores of data about people as they go about their daily lives.”
 
While this case emerged from left-leaning organizations and concerns, organizations and people on the right have just as much reason for concern. The posts we make, what we say, who our friends are, can be very sensitive and personal information.
 
“Something’s not right,” ACLU writes. “If these companies can really do all that they advertise, the FTC needs to figure out how.”
 
At this point, we simply don’t know with certainty which, if any, social media platforms are permitting data brokers to obtain personal information from their platforms – information that can then be sold to the government. Regardless of the answer to that question, PPSA suggests that a thorough way to short-circuit any extraction of Americans’ most sensitive and personal information from data sales (at least at the federal level) would be to pass the strongly bipartisan Protect Liberty and End Warrantless Surveillance Act. This measure would force federal government agencies to obtain a warrant – as they should anyway under the Fourth Amendment – to access the data of an American citizen.

A letter of protest sent by the lawyers of Rabbi Levi Illulian in August alleged that city officials of Beverly Hills, California, had investigated their client’s home for hosting religious gatherings for his family, neighbors, and friends. Worse, the city used increasingly invasive means, including surveilling people visiting the rabbi’s home, and flying a surveillance drone over his property.
 
A “notice of violation” from the city specifically threatened Illulian with civil and criminal proceedings for “religious activity” at his home. The notice further prohibited all religious activity at Illulian’s home with non-residents.
 
With support from First Liberty Institute, the rabbi’s lawyers sent another letter detailing an egregious use of city resources to launch a “full-scale investigation against Rabbi Illulian” in which “city personnel engaged in multiple stakeouts of the home over many hours, effectively maintaining a governmental presence outside Rabbi Illulian’s home.”
 
The rabbi’s Orthodox Jewish friends and family who visited his home had also received parking citations. The rabbi began to receive visits from the police for noise disturbances, such as on Halloween when other houses on the street were sources of noise as well. Police even threatened to charge Rabbi Illulian with a misdemeanor, confiscate his music equipment, and cite a visiting musician for violating the city’s noise ordinance, despite the obvious double-standard.
 
First Liberty was active in publicizing the city’s actions. In the face of bad publicity about this aggressive enforcement, the city withdrew its violation notice late last year.
 
That the city of Beverly Hills would blatantly monitor and harass a household over Shabbat prayers and religious holidays, particularly at a time of rising antisemitism, is made all the worse by sophisticated forms of surveillance aimed at the free exercise of religion. So city officials managed to abuse the Fourth Amendment to impinge on the First Amendment.
 
This case is reminiscent of the surveillance of a church, Calvary Chapel San Jose, by Santa Clara, California, county officials, over its Covid-19 policies. Is there something about religious observances that attracts the ire of some local officials? Whatever their reasons, this story is the latest example of the need for local officials who are better acquainted with the Constitution.

​Late last week, Judge Rudolph Contreras ordered the NSA, the CIA, the FBI, and the Office of the Director of National Intelligence to respond to a PPSA Freedom of Information Act (FOIA) request. The government now has two weeks to schedule the production of “policy documents” regarding the intelligence community’s acquisition and use of commercially available information regarding 145 current and former Members of Congress.
 
This is the second time Judge Contreras has had to tell federal agencies to respond to a FOIA request PPSA submitted. In late 2022, Judge Contreras rejected in part the FBI’s insistence that the Glomar doctrine allowed it to ignore FOIA’s requirement to search for responsive records. Despite that clear holding, the FBI – joined this time by several other agencies – again refused to search for records in response to PPSA’s FOIA request. And Judge Contreras had to remind the agencies again that FOIA’s search obligations cannot be ducked so easily. 
 
Instead, Judge Contreras found that PPSA “logically and plausibly” requested the policy documents about the acquisition of commercially available information. And Judge Contreras concluded that a blanket Glomar response, in which the government neither confirms nor denies the existence of the requested documents, is appropriate only when a Glomar response is justified for all categories of responsive records.
 
The judge then described a hypothetical letter from a Member of Congress to the NSA that clarifies the distinction between operational and policy documents. He considered that such a letter might ask if the NSA “had purchased commercially available information on any of the listed Senators or Congresspeople” without revealing whether the NSA (or any other of the defendant agencies) “had a particular interest in surveilling the individual.” Judge Contreras decided that “it is difficult to see how a document such as this would reveal sensitive information about Defendants’ intelligence activities, sources, or methods.”
 
It is on this reasoning that the judge ordered these agencies to produce these policies documents. We eagerly awaits the delivery of these documents in both cases. Stay tuned.

​PPSA today announced that it is asking the District Court for the District of Columbia to force the FBI to produce two records about communications between government agencies and Members of Congress concerning their possible “unmasking” in secretly intercepted foreign conversations under the Foreign Intelligence Surveillance Act (FISA).
 
PPSA’s request to the court involves the practice of naming Americans – in this case, Members of the House and Senate – who are caught up in foreign surveillance summaries. In 2017, Sen. Lindsey Graham (R-SC) said he had reason to believe his identify had been unmasked and that he had written to the FBI about it. Similar statements have been made by other Members of Congress of both parties.
 
The matter seemed to have been settled in October 2022 when Judge Rudolph Contreras of the U.S. District Court of the District of Columbia declared that “communications between the FBI and Congress are a degree removed from FISA-derived documents and which discuss congressional unmasking as a matter of legislative interest, policy, or oversight … the FBI must conduct a search for any ‘policy documents’ in its possession.”
 
The FBI had first refused to release these documents under a broad and untenable interpretation of the Glomar doctrine, under which the government asserts it can neither confirm nor deny the existence of such records for national security reasons. After Judge Contreras swept that excuse away, the FBI in October 2023 asserted that three FOIA exemptions allow it to withhold requested documents.
 
The FBI has gone from obfuscation to outright defiance of the plain text of the law. It still claims that releasing correspondence with Congress would, somehow, endanger intelligence sources and methods. It is time for the court to step in and issue a legal order the FBI cannot openly defy.
 
Thus PPSA’s cross motion for summary judgment knocks down the FBI’s rationale and asks Judge Contreras to order the FBI to produce all FBI records reflecting communications between the government and Members of Congress on their “unmasking.”  
 
Earlier, the FBI had searched under a court order to find two relevant policy documents. These unreleased records include a four-page email between FBI employees and an FBI Intelligence Program Policy Guide. Significant portions of both documents are being withheld by the FBI because, the Bureau now asserts, of the three exemptions. It claims the disclosure can be withheld because it could implicate sources and methods, the records were created for law enforcement purposes, and because of confidentiality.
 
None of these excuses meet the laugh test for correspondence with Members of Congress. PPSA is optimistic the court will end the FBI’s two years of foot-dragging and order it to produce.

​PPSA has long warned that most drivers don’t realize that a modern car is a digital recording device. It tracks our travels, call logs, private text messages, even the impression our weight makes on our seat. Our car knows if we’re driving alone or with someone else. In all, a contemporary car accumulates vast amounts of data every day, much of it about us, where we’re going, and sometimes with whom.
 
Kashmir Hill in a recent New York Times piece described how a car can be turned into a digital weapon by a stalker or abusive partner. In one instance, a woman in divorce proceedings realized that her husband was tracking her through the location-based service in her Mercedes. When the woman visited a male friend, her husband sent the man a message with a thumbs-up emoji.
 
Another woman, also estranged from her spouse, found that he was remotely causing her parked Tesla to turn on with heat blasting on hot days, and cold air streaming on cold days.
 
Hill memorably wrote: “A car, to its driver, can feel like a sanctuary. A place to sing favorite songs off key, to cry, to vent or to drive somewhere no one knows you’re going.” That sanctuary, of course, is an illusion. Hill’s piece pointed not just to stalkers, but to the sharing of drivers’ consumer data with insurance companies and car companies.
 
PPSA has long warned of yet another sinister use of car-generated data. About a dozen federal law enforcement and intelligence agencies make free use of the data broker loophole to purchase consumer data scraped from our apps. There is no law or rule that forbids them from purchasing car-generated data as well. This vulnerability will only get worse if a Congressional mandate for a built-in drunk driver detection system leads to cameras and microphones allowing AI to passively monitor drivers’ movements and speech for signs of impairment.
 
Sens. Ron Wyden (D-OR) and Cynthia Lummis (R-WY), and Rep. Ro Khanna (D-CA), have addressed what government can do with car data under proposed legislation, “Closing the Warrantless Digital Car Search Loophole Act.” This bill would require law enforcement to obtain a warrant based on probable cause before searching data from any vehicle that does not require a commercial license. Another similar solution for all purchased commercial data is contained in the Protect Liberty and End Warrantless Surveillance Act, which passed the House Judiciary Committee with overwhelming bipartisan support.
 
The most maddening thing about all this car-generated data is that much of it is off-limits to the drivers themselves, especially if someone else (like an ex-spouse) owns the car’s title. Cars are driving the expectation of privacy off the road. It is time for Congress to act.

​Man proposes, God disposes, but Congress often just kicks the can down the road.
 
Throughout 2023, PPSA and our civil liberties allies made the case that Section 702 of the Foreign Intelligence Surveillance Act – enacted by Congress to give federal intelligence agencies the authority to surveil foreign threats abroad – has become a convenient excuse for warrantless domestic surveillance of millions of Americans in recent years. 
 
With Section 702 set to expire, the debate over reauthorizing this authority necessarily involves reforms and fixes to a law that functions in a radically different way than its Congressional authors imagined.
 
In December, a strong bipartisan majority in the House Judiciary Committee passed a well-crafted bill to reauthorize FISA Section 702 – the Protect Liberty and End Warrantless Surveillance Act. This bill mandates a robust warrant requirement for U.S. person searches. It curtails the common government surveillance technique of “reverse targeting,” which uses Section 702 to work backwards to target Americans without a warrant. It also closes the loophole that allows government agencies to buy access to Americans’ most sensitive and personal information scraped from our apps and sold by data brokers.
 
And the Protect Liberty Act requires the inclusion of lawyers with high-level clearances who are experts in civil liberties to ensure the secret FISA Court hears from them as well as from government attorneys.
 
The FISA Reform and Reauthorization Act from the House Permanent Select Committee on Intelligence would not stop the widespread practice of backdoor searches of Americans’ information. And it does not address the outrageous practice of federal agencies buying up Americans’ most sensitive and private information from data brokers.
 
In the crush of business, the deadline for reauthorizing Section 702 was delayed until early spring. Now the contest between the two approaches to Section 702 reauthorization begins in earnest.
 
With a recent FreedomWorks/Demand Progress poll showing that 78 percent of Americans support strengthening privacy protections along the lines of those in the Protect Liberty Act, reformers go into the year with a strong tailwind. While we should never underestimate the guile of the intelligence community, reformers look to the debate ahead with hopefulness and eagerness to win this debate to protect the privacy of all Americans.

​In July, we wrote about revelations that the U.S. Department of Justice subpoenaed Google for the private data of House Intel staffers looking into the origins of the FBI’s Russiagate investigation. Then, in October, we wrote about a FOIA request from Empower Oversight seeking documents shedding light on the extent to which the executive branch is spying on Members of Congress. Now, following the launch of an official inquiry, Rep. Jim Jordan has issued a subpoena to Attorney General Merrick Garland for further information on the DOJ’s efforts to surveil Congress and congressional staff.
 
On Halloween, Jordan launched his inquiry into the DOJ’s apparent attempts to spy on Congress, sending letters to the CEOs of Alphabet, Apple, AT&T, T-Mobile, and Verizon requesting, for example, “[a]ll documents and communications between or among Apple employees and Justice Department employees referring or relating to subpoenas or requests issued by the Department of Justice to Apple for personal or official records or communications of Members of Congress or congressional staff….”
 
Jordan also sent a letter to Garland, asserting that “[t]he Justice Department’s efforts to obtain the private communications of congressional staffers, including staffers conducting oversight of the Department, is wholly unacceptable and offends fundamental separation of powers principles as well as Congress’s constitutional authority to conduct oversight of the Justice Department.”
 
Nearly two months later, according to Jordan, the DOJ’s response has been insufficient. In a letter to Garland dated December 19, 2023, Jordan says that the “Committee must resort to compulsory process” due to “the Department’s inadequate response to date.”
 
That response, to be fair, did include a letter to Jordan dated December 4 conveying that the legal process used related to an investigation “into the unauthorized disclosure of classified information in a national media publication. Jordan, citing news reports, contends that the investigation actually “centered on FISA warrants obtained by the Justice Department on former Trump campaign associate Carter Page” (which the Justice Department Inspector General faulted for “significant inaccuracies and omissions”).
 
Whatever the underlying motivation, Jordan is right to find DOJ’s explanation to date unsatisfying. Spying on Congress not only brings with it tremendous separation of powers concerns but raises a broader question about FISA and other processes that would reveal Americans’ personal information without sufficient predication. 
 
We need answers. Who authorized these DOJ subpoenas? And how can we make sure this kind of thing doesn’t happen again? PPSA looks forward to further developments in this story.

​Less consumer tracking leads to less fraud. That’s the key takeaway from a new study conducted by the National Bureau of Economic Research in its working paper, “Consumer Surveillance and Financial Fraud.”
 
Using data obtained from the Federal Trade Commission and the Consumer Financial Protection Bureau, as well as the geospatial data firm Safegraph, the authors looked at the correlation between Apple’s App Tracking Transparency framework and consumer fraud reports.
 
Apple’s ATT policy requires user authorization before other apps can track and share customer data. In April 2021, Apple made this the default setting on all iPhones, ensuring that users would no longer be automatically tracked when they visit websites or use apps. This in turn dealt a hefty financial blow to companies like Snap, Facebook, Twitter, and YouTube, which collectively lost about $10 billion after implementation.
 
The authors of the paper obtained fraud complaint figures from the FTC and the CFPB, then employed machine learning and targeted keyword searches to isolate complaints stemming from data privacy issues. They then cross-referenced those complaints with data acquired by Safegraph showing the number of iPhone users in a given ZIP code.
 
According to the paper, a 10% increase in Apple users within a given ZIP code leads to a 3.21% reduction in financial fraud complaints. 
 
As the Electronic Frontier Foundation points out in a recent article about the study: “While the scope of the data is small, this is the first significant research we’ve seen that connects increased privacy with decreased fraud. This should matter to all of us. It reinforces that when companies take steps to protect our privacy, they also help protect us from financial fraud.”
 
Obviously, more companies should follow Apple’s lead in implementing ATT-like policies. More than that, however, we need better and more robust laws on the books protecting consumer privacy. California has passed a number of related bills  in recent years, most recently creating a one-stop opt-out mechanism for data collection. Colorado did the same. 
 
As other states and nations (and even CIA agents) wake up to the dangers of data tracking, this new study can serve as compelling, direct evidence showing why more restrictive settings – and consumer privacy – should always be the default.

​With Congress extending the reauthorization of FISA Section 702 until April, the debate over surveillance can be expected to fire up again when Members return in January. As Members relax and reorient over the holidays, we urge them to take a moment to listen to what the American people are saying.
 
The conservative FreedomWorks and the progressive Demand Progress, both highly respected advocacy organizations with deep grassroots, came together to conduct a national poll on the public’s approval of specific measures. Some of these measures are in the FISA Reform and Reauthorization Act passed by the House Intelligence Committee, and some in the Protect Liberty and End Warrantless Surveillance Act, passed 35-2 by the House Judiciary Committee.
 
Across the board, Americans overwhelmingly support the provisions in the Protect Liberty Act.
​

• 78 percent support Congress strengthening privacy protections (in Protect Liberty Act, but not in the FISA "Reform" and Reauthorization Act).
  
  
• 76 percent support Congress requiring a warrant before Americans' international communications are searched by government agencies (in Protect Liberty Act, but not in the FISA “Reform” and Reauthorization Act).
  
  
• 80 percent support Congress requiring a warrant before purchasing Americans’ location and internet records from data brokers (in Protect Liberty Act, but not in the FISA "Reform" and Reauthorization Act. 

 
House Judiciary Chairman Jim Jordan, writing in The Wall Street Journal, declared that, “in the wake of serious FISA abuses, our fidelity must be to the Constitution, not the surveillance state.” The FreedomWorks/Demand Progress poll shows that the American people agree.

​PPSA has often covered abuses of the geolocation tracking common to cellphones – from local governments in California spying on church-goers, to “warrant factories” in Virginia in which police obtain hundreds of warrants for thousands of surveillance days, often for minor infractions.
 
Geolocation tracking can be among the most pernicious compromises of personal privacy. In Carpenter v. United States (2018), the U.S. Supreme Court held that warrants are needed to inspect cellphone records extracted from cell-site towers, recognizing just how personal a target’s movements can be.
 
Writing for the majority, Chief Justice John Roberts wrote: “Unlike the nosy neighbor who keeps an eye on comings and goings, they [new technologies] are ever alert, and memory is nearly infallible.” The narrowness of Carpenter has not, however, prevented the FBI and other federal agencies from tracking people’s movements without a warrant by merely buying their data from third-party data brokers.
 
The FBI may soon, however, have much less to buy.
 
Orin Kerr, writing in the Volokh Conspiracy in Reason, informs us that “Google will no longer keep location history even for the users who opted to have it turned on. Instead, the location history will only be kept on the user’s phones.” Kerr adds: “If Google doesn’t keep the records, Google will have no records to turn over.”
 
A corporate decision in Silicon Valley has thus removed a major pillar of government surveillance. It says something about the current state of this country when a Big Tech giant is more responsive to consumers than government is to its citizens. But don’t be surprised if the feds start to pressure Google to reverse its decision.

The Project for Privacy and Surveillance Accountability (PPSA) will be scoring this week’s votes on each of the two competing bills to reauthorize Section 702 of the Foreign Intelligence Surveillance Act.

For our followers, PPSA will positively score Members who vote in favor of the Protect Liberty and End Warrantless Surveillance Act, which passed the House Judiciary Committee this week in an overwhelming bipartisan 35-2 vote.

We will negatively score Members who vote in favor of the FISA Reform and Reauthorization Act from the House Permanent Select Committee on Intelligence.

PPSA supports the Protect Liberty bill because it places critical guardrails and limits on warrantless FBI and other government surveillance of Americans, while reauthorizing Section 702 to protect national security.

PPSA opposes the HPSCI bill because it rubberstamps the FBI’s and other agencies’ warrantless surveillance of Americans for years to come, while actually expanding the ability of the government to spy on Americans.

The table below highlights the key differences between the two bills.

“There would be eyes everywhere,” is how the Brennan Center’s Elizabeth Goitein reacted to a provision in the FISA Reform and Reauthorization Act (FRRA), a House Intelligence bill that would widen the trawl of digital collection of Americans’ information.
 
Section 504 of the FRRA would target businesses far outside of the tech sector that are not communications companies. By widening the definition of an “electronic communication service provider,” FRRA’s Section 504 could enlist coffee shops, libraries, hotels, and Airbnbs into snooping on Americans.
 
“Any entity that you visit as a customer, that provides Wi-Fi service, could be required to let the government tap into its equipment, and pull out the entire stream of communications,” Goitein told Vice’s Motherboard.
 
Many have characterized this provision as a Trojan Horse. This provision would likely result in improper collection of Americans’ domestic communications, leading to the government compelling “Upstream” access to data networks from businesses with no experience in managing the legal intricacies of communications management, or ability to filter out select communications.
 
“This is a wolf in sheep’s clothing,” the Brennan Center said in a joint statement with the Electronic Frontier Foundation about this purported “reform” legislation.

​The House Judiciary Committee today passed the Protect Liberty and End Warrantless Surveillance Act with an overwhelmingly bipartisan vote.
 
Unlike competing proposals – such as the FISA Reform and Reauthorization Act now before the House Permanent Select Committee on Intelligence (HPSCI) – the Protect Liberty Act mandates a robust warrant requirement for U.S. person searches under FISA Section 702. It curtails the common government surveillance technique of “reverse targeting” – using FISA’s Section 702 authority to work backwards to target Americans without a warrant.
 
The Protect Liberty Act adopts language from the Fourth Amendment Is Not for Sale Act. This language closes the loophole that allows government agencies to buy access to Americans’ most sensitive and personal information scraped from apps and sold by data brokers.
 
The Protect Liberty Act also requires amicus participation in FISA cases to protect the public and the Constitution, ensuring that the secret FISA Court will hear from civil liberties experts as well as government attorneys.
 
And the bill would require FBI agents seeking search orders to testify to the accuracy of their reasons for bringing the search.
 
In contrast, the competing FISA Reform and Reauthorization Act emerging from HPSCI has a weak warrant requirement that would not stop the widespread practice of backdoor searches of Americans’ information. And it does not address the outrageous practice of federal agencies buying up Americans’ most sensitive and private information from data brokers.
 
The contrast between these two bills could not be starker. Ranking Member Jerry Nadler (D-NY) said the Protect Liberty Act is the only one of these two bills “that can pass on a floor vote.”
 
House Judiciary Chairman Jim Jordan says he expects a floor vote next week.
 
PPSA applauds the committee for passing this bill with such strong, bipartisan support. We are grateful to committee Chairman Jim Jordan (R-OH), Ranking Member Jerry Nadler (D-NY), Rep. Andy Biggs (R-AZ) (who introduced the bill), Rep. Sara Jacobs (D-CA), Rep. Russell Fry (R-SC), Rep. Ted Lieu (D-CA), Rep. Eli Crane (R-AZ), as well as leaders of the House Freedom Caucus and Progressive Caucus, Reps Warren Davidson (R-OH) and Rep. Pramila Jayapal (D-WA).
 
PPSA is also grateful to all the Members of the House Judiciary Committee who offered helpful amendments to strengthen the bill.
 
PPSA will follow this fast-moving story.

A report in The Wall Street Journal does a masterful job of combining graphics and text to illustrate how technology embedded in our phones and computers to serve up ads also enables government surveillance of the American citizenry.
 
The WSJ has identified and mapped out a network of brokers and advertising exchanges whose data flows from apps to Defense Department, intelligence agencies, and the FBI. The WSJ has compiled this information into several illustrative animated graphs that bring the whole scheme to life.
 
Here’s how it works: As soon as you open an ad-supported app on your phone, data from your device is recorded and transmitted to buyers. The moment before an app serves you an ad, all advertisers in the bidding process are given access to information about your device. The first information up for bids is your location, IP address, device, and browser type. Ad services also record information about your interests and develop intricate assumptions about you.
 
Many data brokers regularly sell Americans’ information to the government, where it may be used for cybersecurity, counterterrorism, counterintelligence, and public safety – or whatever a federal agency deems as such.
 
Polls show that Americans are increasingly concerned about their digital privacy but are also fatalistic and unaware about their privacy options as consumers.
 
According to a recent poll by Pew published last month, 81 percent of U.S. adults are concerned about how companies use the data they collect. Seventy-one percent are concerned about how the government uses their data, up from 64 percent in 2019. There is also an increasing feeling of helplessness: 73 percent of adults say they have little to no control over what companies do with their data, while 79 percent feel the same towards the government. The number of concerned Americans rises to 89 percent when the issue of children’s online privacy is polled. Crucially, 72 percent of Americans believe there should be more regulation governing the use of digital data.
 
Despite high levels of concern, nearly 60 percent of Americans do not read the privacy policies of apps and social media services they use. Most Americans do not have the time or legal expertise to carefully study every privacy policy they encounter. Given that one must accept these terms or not be online, it is simply impractical to expect Americans do so. Yet government agencies assert that it is acceptable to collect and review Americans’ most personal data without a warrant because we have knowingly signed away our rights.
 
There is good news. In the struggle for government surveillance reform currently taking place on Capitol Hill – and the introduction of the Protect Liberty and End Warrantless Surveillance Act – Americans are getting a better understanding of the costs of being treated as digital chattel by data brokers and government.

​The House Judiciary Committee today announced its long-awaited bill that reauthorizes Section 702 of the Foreign Intelligence Surveillance Act (FISA) while reforming provisions that have allowed warrantless spying on Americans by federal agencies.
 
Enacted in 2008, Section 702 permits the FBI, the CIA, the National Security Agency, and the National Counter Terrorism Center to search through billions of warrantlessly acquired international communications to surveil foreign targets on foreign soil. The emails, texts messages, internet data, and other communications of Americans are also incidentally swept up in this program, allowing agencies to look for specific information about U.S. persons (U.S. citizens and permanent residents) without a warrant, as required by the Fourth Amendment of the U.S. Constitution.
 
Statement of Bob Goodlatte, former Chairman of the House Judiciary Committee and PPSA Senior Policy Advisor:
 
“The House Judiciary Committee has unveiled the most important government surveillance reform measure since the creation of FISA in 1979.
 
“This bill addresses a growing crisis. Our government, with the FBI in the lead, has come to treat Section 702 – enacted by Congress for the surveillance of foreigners on foreign soil – as a domestic surveillance program of Americans.
 
“The government used this authority to conduct over 200,000 ‘backdoor searches’ of Americans in 2022. Section 702 has been used to search the communications of sitting House and Senate Members, protesters across the ideological spectrum, 19,000 donors to a congressional campaign, journalists, and a state court judge. The American people can see that Section 702 has morphed into something that Congress never intended. 
 
“The House Judiciary Committee – with the leadership of Chairman Jim Jordan, Ranking Member Jerry Nadler, and Rep. Andy Biggs – has now crafted a bill that restores the rule of law. This bill allows Section 702 to continue to protect Americans by conducting surveillance of foreign spies and terrorists. But it does so in a way that respects the Fourth Amendment. By achieving this balance, the Judiciary Committee’s bill promises to rebuild the trust of the American people in the law, strengthening freedom from unwarranted surveillance and our right to privacy, as well as our national security.”
 
Statement of Gene Schaerr, PPSA general counsel:
 
“The House Judiciary Committee bill brings sweeping and needed reforms to Section 702 while respecting the legitimate needs of national security. It addresses the prime problems with this authority, establishing a clear warrant requirement. But it also includes some masterful reforms to practices and programs outside of Section 702 that, if left unaddressed, would merely be used by government agencies to end-run the Section 702 reforms.
 
“The House Judiciary Committee bill, for example, imposes a warrant requirement on the government to access and inspect data scraped from consumer apps and sold to the government by data brokers. Without this fix, the government would continue to have ready access to Americans’ most sensitive information – about our medical issues, our location histories and travels, our financial records, and those with whom we associate for political, religious, or personal reasons.
 
“This bill also puts an amicus, a representative of the public’s interest in privacy, into the secret FISA courtroom to challenge the issuance of warrants when the government exceeds its authority.
 
“For years, champions of the Constitution have had to play a game of whack-a-mole with the surveillance state, closing one surveillance loophole only to find federal agencies easily replacing it by exploiting another. Although it will likely see further improvements in the legislative process, the House Judiciary Committee bill closes most of the big loopholes, forcing federal agencies to respect the Fourth Amendment.
 
“We commend Chairman Jordan, Ranking Member Nadler, and Rep. Biggs for their hard work and wise judgments in crafting a bill that will better protect both our national security and our constitutional rights.”

​Defenders of the surveillance status quo in Congress are perplexed by the success of reform proposals and are flailing in response. Some have made national media appearances that give the American people an inaccurate picture of how Section 702 works and how the government uses it to access large amounts of Americans’ personal information without a warrant.
 
One such champion did not do his cause any favors when he made inflammatory statements on Face the Nation on Sunday about the leading Members of Congress who want to bring Section 702 of the Foreign Intelligence Surveillance Act in line with the Fourth Amendment of the Constitution. We were told that Chairman Jim Jordan and many of his bipartisan colleagues on the House Judiciary Committee want to “hinder” the process of foreign intelligence and “don’t fully understand” Section 702’s “value and importance to national security.” Moreover, Jordan and his colleagues would “foolishly” cut off one of the most important tools for protecting national security.
 
What we didn’t hear was anything about Section 702’s long litany of abuses, or the need to protect the freedoms and privacy of law-abiding Americans from government snooping. Protecting Americans’ rights and upholding the Constitution is a duty of the House Judiciary Committee. With primary jurisdiction over this program, the bipartisan team of reformers on the House Judiciary Committee understand this surveillance program all too well. They are working on a bill that has far greater substance than what Sen. Mike Lee has called the “window dressing” reforms of the House Intelligence Committee bill, the full text of which has yet to be released.
 
It was never explained in this Face the Nation interview that Section 702 – enacted by Congress to authorize surveillance of foreign spies and terrorists on foreign soil – has morphed into a domestic spying program that in recent years has compromised the privacy of Americans millions of times. Add to that the practice of federal agencies buying Americans’ most sensitive and personal information from data brokers and holding and examining it without a warrant, as required by the Constitution, and you have a recipe for a surveillance state.
 
Champions of surveillance are also wrong when they say that the bipartisan team that wants to reform Section 702 are hindering its passage. The bipartisan Judiciary Committee bill will reauthorize Section 702 for the purpose Congress intended – gathering intelligence about noncitizens outside the United States – while imposing a warrant requirement when the government wants to search Section 702-gathered information about American citizens. The Judiciary Committee, with a long history of protecting civil rights, is expected to soon mark up and pass a strong, bipartisan bill that will give federal agencies the tools they need to protect our national security while safeguarding our constitutional rights.

​In January 2021, Sen. Ron Wyden (D-OR) released an unclassified memo from the Defense Intelligence Agency revealing it was purchasing, retaining, and using Americans’ location data. This flies in the face of Carpenter v. United States, a Supreme Court opinion requiring a warrant to examine Americans’ location history. Sen. Wyden next pressed the Department of Defense to identify which other agencies within the Department are buying Americans’ personal data, including location data and web browsing records.
 
The government answered with a “Controlled Unclassified Information” (CUI) response. Sen. Wyden took to the floor to call this “a made-up designation with no basis in law” to “keep this unclassified information from the American public.” A letter from Sen. Wyden to Defense Secretary Lloyd Austin asking him to clarify this extra-legal restriction resulted in a response letter from an underling declining to approve the release of the unclassified information.
 
Now Sen. Wyden has hit on a strategy that is sure to get the attention of the intelligence community. Sen. Wyden says that he has, with “reluctance,” held up the promotion of Lt. Gen. Timothy Haugh to the grade of general to serve as Director of the National Security Agency and Commander of the U.S. Cyber Command. Sen. Wyden will keep this hold in place until the government provides “yes” or “no” answers as to whether the NSA is buying Americans’ location data and web browsing records.
 
“The American people have a right to know whether the NSA is conducting warrantless domestic surveillance of Americans in a manner that circumvents the Fourth Amendment to the Constitution,” Sen. Wyden said.
 
We are grateful to the men and woman who work hard to keep us safe. But the time has come for champions of civil liberties to respond to hardball tactics with some of our own. If the intelligence community and its enablers on the Hill continue to act with disrespect, what is happening to Lt. Gen. Haugh could be done across the entire alphabet soup of federal intelligence agencies.

​One of the main shortcomings of the Section 702 extension bill authored by the House Permanent Select Committee on Intelligence (HPSCI) is that it includes no provision to restrict the sale of our personal, sensitive information scraped from our apps, sold to the government by data brokers, and routinely accessed by about a dozen federal agencies without a warrant.
 
As we’ve written before, the information captured by data brokers can be more intimate than a diary, containing our financial and health records, details of our dating lives, as well as our political or religious associations. Every now and then, a revelation pops out – such as the Pentagon’s spying on a Muslim dating app. But the overall danger remains somewhat abstract to most people. 
 
Now, thanks to Aram Sinnreich and Jesse Gilbert in Rolling Stone, we can better visualize how much usable information can be easily obtained from just one broker of consumers’ commercially available data. They contracted with Near, which aggregates smartphone location data to trace the foot traffic of about 1.6 billion people in 44 countries. To demonstrate the power of this technology, Sinnreich and Gilbert – using their laptops from their couches – purchased location data on visitors to and from former President Trump’s Mar-a-Lago estate. They wrote:
 
“Within a few minutes, we had a report profiling thousands of visitors to Trump’s club over the course of an entire year, including details like where they live and work, their ages, incomes, ethnicities, education levels, where they were immediately before visiting, and where they spent their time on property once they got there.”
 
The authors note that Near is just one of hundreds of such services. A well-funded or state-sponsored effort could easily generate rich intelligence and the stuff of blackmail by combining the information from multiple data brokers with data from hundreds of apps, including common games most people download on their smartphones. If they can do this to a former president, Sinnreich and Gilbert write, they can certainly do it to you.
 
This story ought to prompt Congress to seize the reauthorization of Section 702 as an opportunity to place restrictions on warrantless government access to our most personal information.

​More than 50 House Members from both parties signed a letter authored by Rep. Warren Davidson (R-OH) and Zoe Lofgren (D-CA), warning House and Senate leadership not to reauthorize and extend Section 702 of the Foreign Intelligence Surveillance Act alongside the “must pass” National Defense Authorization Act (NDAA).
 
“If Section 702 is to be reauthorized for even a single day, it must be through standalone legislation subject to robust, open debate and amendment,” the House Members state. “This controversial law has a history of abuse, including spying on Americans, including tens of thousands of protestors as well as journalists, campaign supporters, Members of the U.S. Congress, and presidential campaigns.”
 
Signers include House progressive leaders like Rep. Pramila Jayapal (D-WA), Rep. Ro Khanna (D-CA), and Rep. Jamie Raskin (D-MD), as well as solid conservatives ranging from Rep. Andy Biggs (R-AZ) to Rep. Ben Cline (R-VA) to Rep. Harriett Hageman (R-WY).
 
“[S]lipping a short-term reauthorization into a larger bill would rightly be seen as circumventing the democratic process, ignoring the will of Congress, and disregarding the concerns of the American people,” the House Members conclude.
 
PPSA hopes House and Senate Leadership see the blinking red lights here. If leadership were to override the long-pent up debate over Section 702 – enacted by Congress to surveil foreigners on foreign soil but often used by the FBI and other federal agencies as a domestic spy program – it would leave a legacy of bitterness, suspicion, and distrust from which the intelligence community might never recover.