​In February, we quoted CATO Institute senior fellow Julian Sanchez that the evidence presented by special counsel John Durham against lawyer Michael Sussman shows an interesting trail that leads from academic researchers, to private cybersecurity companies and security experts, to government snoopers.
 
Sanchez said: “A question worth asking is: Who has access to large pools of telecommunications metadata, such as DNS records, and under what circumstances can those be shared with the government?”
 
Sanchez’s prescient questions received partial answers today from Sen. Ron Wyden. The Oregon senator released a letter he sent to the Federal Trade Commission asking the agency to investigate Neustar, a company that links Domain Name System (DNS) services of websites to specific IP addresses and the people who use them.
 
Such companies, Sen. Wyden wrote, “receive extremely sensitive information from their users, which many Americans would want to remain private from third parties, including government agencies acting without a court order.” Some websites cited by the senator that consumers may visit but would not want known are the National Suicide Prevention Hotline, the National Domestic Violence Lifeline, and the Abortion Finder service.
 
Sen. Wyden wrote that Neustar, under former executive Rodney Joffe, sold data for millions of dollars to Georgia Tech, but not for purely academic research. Emails obtained by Sen. Wyden purportedly show that the FBI and DOJ “asked the researchers to run specific queries and that the researchers wrote affidavits and reports for the government describing their findings.”
 
Because Neustar obtained data from an acquired company – and that company explicitly promised to never sell users data to third-parties – Neustar violated that promise. Sen. Wyden says it is FTC policy that privacy promises to consumers must be honored when a company and its data change ownership.
 
“Senator Wyden provides sufficient reason for the FTC to open an investigation,” said Gene Schaerr, general counsel of Project for Privacy & Surveillance Accountability (PPSA). “But there is more reason for the judiciary committees of both houses of Congress to hold in-depth hearings. There are abundant signs that this story is just one example of a much bigger privacy crisis.”
 
Schaerr noted that intelligence and law enforcement agencies, from the Internal Revenue Service to the Drug Enforcement Administration, Customs and Border Protection, as well as the FBI, assert they can lawfully avoid the constitutional requirement for probable cause warrants by simply buying Americans’ personal information from commercial data brokers.
 
“Data from apps most Americans routinely use are open to warrantless examination by the government,” Schaerr said. “The Founders did not write the warrant requirement of the Fourth Amendment with a sub-clause, ‘unless you open your wallet.’ These practices are explicitly against the spirit and letter of the U.S. Constitution. Americans deserve to know how many agencies are buying data, how many companies are selling it, and what is being done with it.”

​The Electronic Frontier Foundation, an indispensable pioneer of surveillance accountability, has just released a powerful new version of its Atlas of Surveillance that gives Americans insight into the myriad surveillance technologies that are being used by more than 5,500 law enforcement agencies, across all levels of government, to watch Americans in all 50 states.
 
EFF is a notable leader in watching the watchers. In September, PPSA examined EFF’s helpful highlighting of marketing slides about the potential for Fog Technology to track people to their homes.
 
This Atlas of Surveillance, begun with the help of journalism students at the University of Nevada, Reno, recently hit a threshold of 10,000 data points, making it a robust – though not yet complete – survey of which surveillance technologies are being used in which communities.
 
We entered results for the District of Columbia to give it a try.

• The D.C. Metropolitan Police has automated license plate readers, maintains a registry of private and personal surveillance cameras, has a gunshot detection system, uses “video analytics” that can identify people in crowds, and since 2003 has owned cell-site simulator technology (stingrays) that can spoof cell towers and trick cellphones into divulging data.

 

• Choosing a small city at random – San Angelo, Texas – we find that the San Angelo Police Department has one drone, body cameras, and a partnership with Amazon’s Ring camera home surveillance, allowing it to ask for surveillance video from customers on the service’s Neighbors app.

 
John Stuart Mill, quoting the Roman satirist Juvenal, asked: Quis custodiet ipsos custodes? The Atlas of Surveillance gives us confidence that we can at least begin to watch the watchers.
 
University of Nevada, Reno, interns did a professional job of integrating public documents, crowdsourced information, and news articles to compile this atlas. Kudos to EFF and to their UNR student partners. Be sure and check the Atlas to see how you’re being watched in your community.

​Is a “special needs exception” to the Fourth Amendment much different from a “community caretaking exception?” PPSA filed a brief before the U.S. Supreme Court demonstrating that it is not.
 
The U.S. Supreme Court ruled in 2021 in Caniglia that the police acted improperly by entering a man’s home and confiscating his guns under the “community caretaking” doctrine – in which the police are making a “welfare check” rather than acting as law enforcement officers. The High Court saw through this precedent from the 1970s and ruled that supposedly “non-investigative” intrusions into a home are what they seem to be – plain violations of the Fourth Amendment.
 
To the astonishment of many legal observers, the Second Circuit Court of Appeals ignored this unanimous Supreme Court opinion in a nearly identical case. In Torcivia v. Suffolk County, the Second Circuit applied a flexible “special needs exception” to the Fourth Amendment. One familiar example of this exception is when authorities decide that some local requirement, such as curbing drunk driving with spot checks, is necessary. But this case did not involve a car on the highway: it involved warrantless entry into a home and the confiscation of a citizen’s lawfully-owned firearms.
 
The government responded to our petition for the Court to hear Torcivia with the straight-face argument that the community caretaking exception is not the special needs exception. No one claimed it was. But we told the Court that the “logic underlying the special needs exception is indistinguishable from the logic this Court rejected in Caniglia.”
 
Our brief demonstrates to the Court that absent emergency circumstances or consent, if the “government can overcome the warrant requirement that has traditionally protected the home merely by pointing to an interest that the government feels is sufficiently strong, then the Fourth Amendment no longer serves as a meaningful limit on government power.”
 
We added:
 
“Respondents cannot escape that the Second Circuit applied the special needs exception to a seizure of firearms located in the home of a person not on probation or parole. That extension cannot be squared with this Court’s precedents or with the text, history, and tradition of the Fourth Amendment.”

George Washington is often quoted as telling Thomas Jefferson that the Senate was meant to “cool” hot legislation from the House, just as saucers were used to cool tea. Senators today furiously debate whether the extra-constitutional rule that enables the filibuster is needed to facilitate the cooling of political passions, or if the 60-vote threshold has transformed the Senate into an abattoir for change of any sort.
 
Whichever side one comes down on in that debate, shouldn’t the Senate move swiftly on an issue it had already overwhelmingly approved with a filibuster-proof majority in the recent past?
 
In 2020, 77 senators voted in favor of the measure then known as the Lee-Leahy Amendment, which would give the secret Foreign Intelligence Surveillance Court (FISC) access to independent advice from experts on civil liberties, known as amici, when the government seeks to spy on domestic media, as well as religious, political, and other particularly sensitive groups. The amendment died when the underlying bill reauthorizing government access to business records was pulled at the last minute by President Trump.
 
Now known as Leahy-Lee, this measure is being proposed as an amendment to the defense authorization bill. Leahy-Lee would satisfy liberal concerns that the FBI uses powers meant for foreign intelligence to target the First Amendment rights of vulnerable minorities and protest groups. Conservatives have fresh reason for concern given the revelations from the Durham investigation about FBI applications before the FISC to spy on a presidential campaign aide. Time and again, the FBI has proven reckless and disingenuous.
 
Aside from National Eat a Peach Day and the like, a 77-vote margin is about as enthusiastic a showing as any substantive bill gets in the Senate. And yet when there was a recent chance to append Leahy-Lee to the National Defense Authorization Act for 2023, the amendment appeared nowhere in the manager’s report.
 
The Project for Privacy and Surveillance Accountability is joining with the American Civil Liberties Union, Americans for Prosperity, Demand Progress, the Due Process Institute, FreedomWorks, Restore the Fourth, and the Wikimedia Foundation to call on senators to hold a floor vote on Leahy-Lee now or in the coming lame duck session.
 
In our coalition letter, we told the Senate that “Leahy-Lee would safeguard Americans’ First Amendment rights by empowering the Court with the advice of amici when government seeks to use foreign intelligence surveillance in such sensitive investigative matters. Expert amici are the only representatives the public has before the FISC, even though these court decisions can secretly affect the privacy of every single person in the United States.”
 
We urge the Senate to show that it can respond to popular support and broad, bipartisan agreement in its own ranks to hold a vote on this needed check and balance on federal surveillance.

A growing number of House and Senate members are supporting the Fourth Amendment Is Not for Sale Act, which would require law enforcement and intelligence agencies to obtain a probable cause warrant before accessing Americans’ personal information purchased from a private-sector data broker.
 
But what about non-state actors buying our information?
 
A recent lawsuit brought against private-data broker Kochava by the Federal Trade Commission reveals the horrific exposure of Americans’ most personal data to unseen – and possibly unknown – private actors.
 
Kochava claims to have “rich geo data spanning billions of devices globally,” with location data feed that “delivers raw latitude/longitude data with volumes around 94B-plus billion geo transactions per month, 125 million monthly active users, and 35 million daily active users, on average observing more than 90 daily transactions per device.”
 
In its filing on Aug. 29, the FTC writes that a purchaser would only need to provide Kochava a personal email address and describe the intended use as “business” to gain access to your data from Kochava.
 
“The location data provided by Kochava is not anonymized,” the FTC filing asserts. “It is possible to use the geolocation data, combined with the mobile devices MAID (Mobile Advertising ID), to identify the mobile device’s user or owner.”
 
The FTC claims:
 
“Precise geolocation data associated with MAIDs, such as the data sold by Kochava, may be used to track consumers to sensitive locations, including places of religious worship, places that may be used to infer an LGBTQ+ identification, domestic abuse shelters, medical facilities, and welfare and homeless shelters.” It can identify women who visit reproductive clinics and people who attend services at Jewish, Christian, Islamic and other religious denominations’ places of worship.
 
Kochava, the FTC claims, does not employ a blacklist that removes or obfuscates data-set location signals from these sensitive locations.
 
The facts presented by the FTC, as alarming as they are, should not get mixed up in the separate debate on the Hill over restricting the government’s ability to purchase our private data. The many federal agencies that buy our data are not just violating our privacy. They are eviscerating the plain meaning of the Constitution’s Fourth Amendment, which requires government to get a warrant from a court to access our personal information.
 
The solution to private-sector access to personal information is a deep and complex debate taking place within multiple Congressional committees and stakeholders from business and consumer groups. Passing the Fourth Amendment Is Not for Sale Act in this Congress, which would close off the government’s warrantless access to Americans’ personal information, would be a strong predicate for that next step in the privacy debate.

​In a hearing over the summer, the House Judiciary Committee took a hard look at the way in which private data brokers freely sell Americans most personal information to a host of government law enforcement and intelligence agencies.
 
Chairman Jerry Nadler said that digital tracking is “so precise that officers can track individuals within specific homes and businesses … tracking your location over time, within inches, without any due process whatsoever.
 
“The end result is that, just by going about your daily life, your data may be swept up in and make you the subject of a criminal investigation … If law enforcement and intelligence agencies remain unrestrained in their ability to purchase this data, our right to privacy will be at best illusory.”
 
Ranking Member Jim Jordan said that the government continues to transform guardrails meant to protect privacy into loopholes to allow the government to do whatever it wants. Jordan said, “this is wrong and it’s un-American.”
 
Representatives of both parties expressed dismay about how freely federal agencies utilize and abuse surveillance powers in defiance of the Fourth Amendment. Rep. Zoe Lofgren detailed the many ways the U.S. Immigration and Customs Enforcement agency tracks Americans’ daily movements and extracts personal information from utility records. Rep. Andy Biggs spoke of the uses to which the government can employ geolocation tracking against Americans.
 
In short, the House Judiciary Committee did an excellent job of teeing up the issue. Now it is time to swing the club for a legislative solution.
 
On Wednesday, PPSA joined with Americans for Prosperity, Demand Progress, the Due Process Institute and Free Press Action to call on the committee to take bipartisan action and mark up the Fourth Amendment Is Not for Sale Act.

Bob Goodlatte, PPSA Senior Policy Advisor, returns to the House Judiciary Committee, which he once chaired, to explain how the government sidesteps the constitutional requirement for a probable cause warrant by simply buying our personal digital information from private data brokers. He also discusses the need to pass The Fourth Amendment Is Not for Sale Act. You can read his testimony or listen to him testify, beginning at the 14:26 mark.

Watch here:

The U.S. House of Representatives today passed the NDO Fairness Act by voice vote. This legislation would restrain the government practice of using non-disclosure orders to block service providers from informing American consumers that their personal information held by third parties, often in the cloud, has been searched by the government.
 
“This was a strong stand by the House that Americans are concerned about privacy and will not grant the government carte blanche to riffle through our personal data in defiance of the Fourth Amendment to the Constitution,” said Bob Goodlatte, PPSA senior policy advisor and former Chairman of the House Judiciary Committee. “This measure earlier passed the Judiciary Committee by a unanimous, bipartisan voice vote – a good sign of how popular it is on both sides of the aisle. And kudos to Chairman Jerry Nadler and Ranking Member Jim Jordan for driving it to a successful floor vote.”
 
The Project for Privacy and Surveillance Accountability earlier joined with 11 other leading civil liberties organizations in sending a letter (see below) to every Member of the House urging passage.
 
“PPSA will now join with our civil liberties peer organizations to encourage passage of this legislation in the Senate,” Goodlatte said. “There is great support behind this bill by the American people, which should provide enough momentum to expeditiously propel this bill to final passage.”

This bill, H.R. 7072, passed by a unanimous, bipartisan voice vote in the House Judiciary Committee on April 6. Once enacted into law, this measure will rein in the widespread practice by the government in surveilling Americans’ email and internet records and then obtaining a non-disclosure order (NDO) to block service providers from notifying their customers that their personal information has been searched.
 
Under current practice, thousands of Americans – including many who are not even under investigation or suspected of any wrongdoing – will never know that records that could potentially reveal their health status, financial transactions, and personal relationships have been disclosed to the government. Recent media reports reveal that federal agencies have obtained non-disclosure orders when demanding the private data of Members of Congress, journalists at major news outlets, and law-abiding companies. If powerful individuals and institutions can be targeted in secret, just imagine how little power the average individual has in the face of such actions.
 
People who have been subject to surveillance should have a right to know that their personal information has been obtained by the government. Among other things, the secrecy imposed by a non-disclosure order has the effect of denying the person being investigated the ability to challenge such an order in court. In such cases, there may be no way to hold the government accountable for unlawful surveillance—a state of affairs that only increases the likelihood of improper conduct by the government.
 
The NDO Fairness Act is an important first step toward bringing balance to this system by amending 18 U.S.C. 2705 to require prosecutors to justify their non-disclosure orders in court and limit both initial orders and any extensions to a reasonable time period of 60 days. It would also require notice to customers 72 hours after these orders expire, including what information was disclosed.
 
This Act is not a comprehensive solution to the problem of notice. There are service providers who do not provide notice to their customers when the government obtains their data. In many of those cases, the targets of surveillance will continue to be unaware of the surveillance, as the government’s own legal obligations to notify the targets are far too weak. Nonetheless, the NDO Fairness Act makes a significant improvement to the status quo and could serve as a model for further efforts to contain secret government surveillance and data collection.
 
That is no doubt why the NDO Fairness Act enjoys wide, bipartisan support in the Judiciary Committee. It was introduced by Chairman Jerry Nadler and Rep. Scott Fitzgerald, and the committee markup session featured enthusiastic support from Ranking Member Jordan as well as other leading members of both parties. 
 
The NDO Fairness Act is an important curb on governmental power that will help protect our rights without weakening the government’s ability to identify wrongdoers. We urge you to support the Act. And we stand ready to support and amplify your efforts.
 
Thank you.
 
Sincerely,
 
Advocacy for Principled Action in Government
American Civil Liberties Union
Americans for Prosperity
Brennan Center for Justice at NYU School of Law
Demand Progress
Due Process
Free Press Action
FreedomWorks
Government Information Watch
Muslim Justice League
Project for Privacy and Surveillance Accountability
Restore The Fourth