​San Jose, California, has 474 cameras tracking license plates – more than enough to create a network whose primary use seems to be mass invasions of privacy rather than criminal investigations. A new lawsuit against the city reveals that from June 2024 to June 2025, the police department conducted more than 250,000 warrantless searches of its license plate database.

City officials say the plate readers help solve serious crimes, including homicides, a claim the lawsuit does not dispute. But there aren't anywhere near 250,000 felonies in San Jose each year – which means those warrantless searches are being used for something else. The plaintiffs see two possibilities:

1) dragnet surveillance or

2) an outright tracking system.

If it is a tracking system that San Jose wants, it has the makings of one that is truly Orwellian. The city’s cameras apparently capture data points that include “vehicle, bumper stickers with political or other messages, make, model, color, and other details, depending on the camera's position, as well as GPS coordinates and date and time information.”

Even in camera-crazy, data-obsessed California, that’s pushing the envelope. What’s more, San Jose retains the data for a year, while the typical retention period in the state is 30 days. Few other jurisdictions use as many cameras, either per capita or in total.

Beyond the sheer scale, it’s the level of intimacy this data represents that rankles privacy advocates. Did you go to the gym last Tuesday morning before work? Did you go out on a date Friday night – and with whom? Did you go to a worship service or political rally? Or something else?
​
Who knows what peccadilloes lurk in the hearts of citizens? San Jose knows.

​When your identity is confirmed by a string of numbers in a computer, are you still yourself if the algorithm determines you (the person) are not you (the digital ID)?

One state, Utah, is leading the nation in answering this question with policies that safeguard humans, while Washington, D.C. is heading down the path of reducing humans to algorithms.
Consider ACLU’s Jay Stanley, who praised Utah for its “State-Endorsed Digital Identity” (SEDI), the state’s new framework for digital ID systems. In an approach that should be the norm rather than the notable exception, the Beehive State puts privacy first.

Utah begins with the conviction that identity “is not something bestowed by the state, but that inherently belongs to the individual; the state merely ‘endorses’ a person’s ID.” In other words, our identities belong to us. We are born with them. We own them. With that realization comes new-found respect for privacy and other forms of personal freedom. 

This view of identity stands in sharp contrast to the definition Stanley found in the data-driven world of federal law enforcement. With the feds, identity is becoming something only the state can grant, defaulting to incomplete or faulty digital verification of citizenship.

To be clear, both Utah’s SEDI platform and the federal approach utilize digital ID systems, but one is a case study in digital due diligence while the other illustrates the dangers of slapdash digital recklessness. The federal system is based on incomplete databases, poorly designed architecture, evolving (meaning, far from perfect) technology, and an utter disregard for the constitutional rights of individuals.

Utah’s approach differs from the federal approach in very important ways:
​

1. Being “user-centric” to ensure that government identification systems are used to empower individuals, not control them.
2. Being free from surveillance, visibility, tracking, or monitoring by any entity – including private companies and unauthorized government agencies and staff – other than the party that is solely authorized to check the ID.  
3. Making factors like security, completeness, and accuracy a top priority, in contrast to the unreliability of the facial recognition technology that underlies many of today’s digital verification systems.
4. Enforcing a user’s “right to paper” (or plastic), including continued and unfettered access to essential government services, even when using only non-digital, physical ID methods.  
5. Adhering strictly to constitutional rights, particularly Fourth Amendment protections against warrantless searches and dragnet-style fishing expeditions conducted without probable cause.

Stanley goes on to quote the Ranking Member of the House Homeland Security Committee, who reports that an app (called Mobile Fortify) used by Immigration and Customs Enforcement (ICE) now constitutes “definitive” determination of a person’s status “and that an ICE officer may ignore evidence of American citizenship – including a birth certificate.”

That’s bad enough on its own of course, but along the way, the government now sweeps up Americans’ biometric identifiers en masse. The databases Mobile Fortify accesses contain not only our photographs but enough records to constitute a permanent digital dossier.

Congress did not get to review, much less approve, any of this. The American people never voted on it. In fact, the whole thing leaves us wondering what happened to the Privacy Act, signed into law by President Ford in 1974. It has been described as “the American Bill of Rights on data.”  

By declaring that identity is solely digital, determined by stealthy algorithms and policies, and deniable to those whose data is non-existent, incomplete or inaccurate, the federal standard – in sharp contrast to Utah’s – subverts 250 years of traditional, constitutional practice. Remember: Our founders built the world’s most vibrant democracy on pieces of parchment copied by hand.

In any truly free society, identities are personal possessions (to help secure individual rights and facilitate their voluntary participation in society). Identities bestowed by the state ultimately serve only the state.

That we even need to ponder the nature of identity reveals the absurdity of these abuses our personhood and privacy. Nevertheless, here we are. Without transparent conversations and healthy debate, we face a future in which we are whomever the state says we are, made of malleable 0s and 1s, with nothing grounded in the physical world.
​
It's a discussion that, as of now, Utah alone seems committed to having.

​Those who live by surveillance cry by surveillance.
 
We wonder how many times politicians on both sides of the aisle will have to get slammed by the very government spying practices they’ve supported before this lesson sinks in.
 
Case in point: Rep. Eric Swalwell (D-CA). Last week, he filed a lawsuit against Bill Pulte, President Trump’s director of the Federal Housing Finance Agency, for accessing and leaking private mortgage records in retaliation for political speech.
 
Pulte has issued criminal referrals to the Department of Justice (DOJ) against Swalwell, New York Attorney General Letitia James, Sen. Adam Schiff (D-CA), and Federal Reserve Governor Lisa Cook on the basis of alleged mortgage fraud. A federal judge dismissed the charges against James, while President Trump used the allegation against Cook to fire her from the Federal Reserve Board (she remains in her job while the Supreme Court reviews the case).
 
Rep. Swalwell’s lawsuit makes an important point:
 
“Pulte’s brazen practice of obtaining confidential mortgage records from Fannie Mae and/or Freddie Mac and then using them as a basis for referring individual homeowners to DOJ for prosecution is unprecedented and unlawful.”
 
We cannot think of any prior use of private mortgage applications to harass political opponents (at least one of them, James, is arguably guilty of using lawfare herself to harass Donald Trump).
 
Pulte’s actions appear to be a flagrant violation of the Privacy Act of 1974, which governs how the government can and cannot handle Americans’ private information. The law, as Swalwell notes, “explicitly forbids federal agencies from disclosing – or even transmitting to other agencies – sensitive information about any individual for any purpose not explicitly authorized by law.”
 
Congress passed the Privacy Act to prevent the creation of a federal database that would create comprehensive dossiers on every American, something we’ve warned is now being attempted. The law specifically forbids agencies from freely sharing Americans’ confidential data gathered for one purpose (such as IRS tax collection), for another purpose (an FBI investigation). Agencies must issue written request justifying any such information sharing.
 
Pulte is anything but transparent.
 
“I’m not going to explain our sources and methods, where we get tips from, who are whistleblowers,” Pulte told the media. This mindset is in keeping with the corrupting spread of the best practices of the intelligence-surveillance state playbook. Today, it is the federal housing agency. We shouldn’t be surprised if tomorrow such “sources and methods” thinking trickles down to federal poultry inspections.
 
Meanwhile, we remain dry-eyed over Rep. Swalwell’s plight.
 
As a member of the House Judiciary Committee, Swalwell argued against – and voted against – the Protect Liberty and End Warrantless Surveillance Act. This bill would have reformed Section 702 of the Foreign Intelligence Surveillance Act by requiring a warrant before the government could access U.S. citizens’ data collected through programs enacted to surveil foreign threats on foreign soil.
 
The Protect Liberty Act would have ended the government practice of using a foreign database to conduct “backdoor searches” on Americans… not unlike, say, a regulatory agency pulling a political opponent’s private mortgage application. The principle of mutually assured payback is something to keep in mind when lawmakers again debate the provisions of Section 702 in April.

Imagine being targeted for surveillance because of your race – not with facial recognition or government inspection of your personal digital data, but through your electric meter. If you lived in parts of Sacramento, this is exactly what happened, as a decade-long scheme quietly bled Americans’ privacy one kilowatt hour at a time.

Sacramento’s Municipal Utility District (SMUD) and local police zeroed in on Asian-American customers, flagging those deemed to be using “too much” electricity. Many were assumed to be growing marijuana illegally – and police eagerly requested bulk data on entire ZIP codes to feed their suspicions.

The Electronic Frontier Foundation in July joined the Asian American Liberation Network to ask the Sacramento County Superior Court to end the local utility district’s illegal dragnet surveillance program. Last week, the court agreed, finding that routine, ZIP-code-wide data dumps had nothing to do with “an ongoing investigation.”

The court wrote:

“The process of making regular requests for all customer information in numerous city ZIP codes, in the hopes of identifying evidence that could possibly be evidence of illegal activity, without any report or other evidence to suggest that such a crime may have occurred, is not an ongoing investigation.”

The response from EFF was even sharper:

“Investigations happen when police try to solve particular crimes and identify particular suspects. The dragnet that turned all 650,000 SMUD customers into suspects was not an investigation.”

The court recognized the obvious danger – dragnets turn vast numbers of innocent citizens and entire communities into suspects.

Still, it wasn’t a clean sweep. The court stopped short of ruling that SMUD’s practice violated the “seizure and search” clause in California’s Constitution.
​
But even a qualified victory is still a victory. We are reminded that privacy wins do happen – one dragged-into-the-sunlight surveillance program at a time. This win is something to be thankful for as we count our blessings this week.

Enraged by The Marion County Record’s reporting on a public document about a restaurateur’s DUI, officers of the Marion, Kansas, police department and the local sheriff’s department raided the newspaper, and seized its computers, servers, and cellphones. Editor Eric Meyer had his home raided while his 98-year-old mother Joan – a former editor – watched the police ransack her home in great distress.
 
Joan Meyer died the next day.
 
Marion County has now agreed to pay a total of $3 million to the victims of this raid in 2023 and to Joan Meyer’s estate. The Marion County Sheriff’s Office, for its part in the raid, issued an apology as well as a check:
 
“This likely would not have happened if established law had been reviewed and applied prior to the execution of the warrants.”

The Freedom of the Press Foundation responded by saying:
 
“The First and Fourth Amendments strongly protect against searches of journalists and newsrooms.
 
“Under the Fourth Amendment, a search warrant must be supported by probable cause, which means a likelihood that contraband or evidence of a crime will be found at a particular place. The government must also specify the place to be searched and the thing to be seized.
 
“When a search warrant targets materials protected by the First Amendment – like notes, recordings, drafts, and materials used or created by journalists – the Fourth Amendment’s requirements must be scrupulously followed, the Supreme Court has said.
 
“This means that judges must be extra strict in applying the Fourth Amendment’s requirements when a search impacts First Amendment rights, which it will any time it involves a journalist or newsroom. What judges should never do is allow overly broad searches where police rifle through journalists’ desks and computer files willy-nilly in the hopes of turning up something ‘incriminating.’”
 
The Freedom of the Press Foundation also noted that Kansas, like most states, has a press shield law that would have required a court hearing before law enforcement could rifle through journalists’ confidential sources. The federal Privacy Protection Act of 1980 requires law enforcement to obtain a subpoena, not just a warrant, thereby giving The Record an additional opportunity to challenge the demand in court.
 
The Freedom of the Press Foundation concluded:
 
“Journalists also have a right to publish information given to them by a source, even if the source obtained it illegally, as long as the journalist didn’t participate in the illegality. That means that if a source gives a journalist a document or recording that the source stole, the journalist can’t be punished for publishing it.
 
“Because these things are not crimes, it also means that accessing publicly available information or publishing information that a source illegally obtained can’t be the basis for a raid on a newsroom or search of a journalist’s materials.
 
“Next time, think before you raid.”

Another in a long line of privacy-busting apps is making headlines. Anthony Kimery of Biometric Update reports that Immigration and Customs Enforcement (ICE) has an app that allows an officer to photograph a license plate, run it through commercial platforms and “instantly retrieve a vehicle’s historical sightings.”

The data that can be called up includes a vehicle’s “travel history, ownership records, and associated personal data.” In other words, portfolio building. In the old days, the feds mostly kept extensive files on criminals, suspects, and witnesses. Now merely driving a vehicle is reason enough to assemble a dossier that includes almost everything there is to know about someone.

The tech is powered by Motorola and Thomson Reuters among others. Privacy advocates have previously called out Motorola for license-plate privacy breaches. A 2022 Georgetown University report identified this firm as a go-to seller for agencies in search of consumer data, including utility records and driver’s license information. In 2019, Vice reported that the company’s contracts with ICE were lucrative, which perhaps is why “The Answer Company” wouldn’t respond with details about those dealings when Privacy International pressed for details in 2018. 

With this latest reporting, Kimery makes clear that ICE has found the perfect partners in its quest to build a national surveillance infrastructure:

“The scale is enormous. With billions of detections stored in Motorola’s network and deep identity datasets flowing from Thomson Reuters, the mobile app gives ICE a level of situational awareness that previously required specialized investigative teams and large analytic centers.”

The newly invigorated shift toward a national scale is an ominous one. Whereas agencies like ICE previously focused on border regions, ABC News notes:

“Border Patrol has built a surveillance system stretching into the country’s interior that can monitor ordinary Americans’ daily actions and connections for anomalies instead of simply targeting wanted suspects. Started about a decade ago to fight illegal border-related activities and the trafficking of both drugs and people, it has expanded over the past five years.”

Thomson Reuters previously got into trouble for selling personal data, a fact that the City of Denver recalled this summer when it put the brakes on an extension of its police contract with the company. Thoughtful objections by municipalities like Denver are admirable. But without robust constitutional guardrails installed by Congress and the states, there's no stopping invasive juggernauts like this one. As we concluded the last time we shared news about Motorola’s involvement in license plate surveillance:

“The need for lawmakers in Congress and the state capitals to set guardrails on these integrating technologies is growing more urgent by the day. Perhaps the best solution to many of these 21st century problems is to be found in a bit of 18th century software – the founders’ warrant requirement in the Fourth Amendment to the Constitution.”

​Robert Frommer, a senior attorney with the Institute for Justice, tells the harrowing story of George Retes, a U.S. citizen and Army veteran of the Iraq War, who was stopped in his car during an immigration sweep.

He was on his way to work when he encountered an Immigration and Customs Enforcement (ICE) roadblock. A melee broke out between protesters and ICE agents. Retes’s car was engulfed in tear gas.

The Institute for Justice reports that agents smashed Retes’s car window, dragged him out, and forced him to the ground with knees on his neck and back – even though he was not resisting.

Despite Retes presenting proof of his citizenship, ICE agents detained him for three days without charges, strip-searched him, and forced him to provide DNA samples. He was not allowed to call a lawyer or given a hearing before a judge. Because Reyes was held incommunicado, his family was left to frantically search for him.

Writing in MSN, Frommer explores what happens to the biometric data ICE collected on Reyes.

“In addition to our DNA, the Department of Homeland Security (DHS) has recently and quietly authorized ICE officers to forcibly collect and retain intimate identifiers: our fingerprints and digital images of our faces. Combined with other technologies, the department is creating a general warrant for our persons, the kind of abuse that ignited the American Revolution.

“A DHS document, meant to ensure our privacy, lays out the facts. An app called Mobile Fortify allows ICE and Customs and Border Protection (CBP) officers to photograph and scan anyone they ‘encounter’ in the field, regardless of citizenship or immigration status. If there isn’t a photo match, officers can collect people’s fingerprints, which are then checked against DHS biometric records. Once DHS has that sensitive data, the app feeds it into CBP’s Automated Targeting System – an enormous watch list that merges border records, passport photos and prior ‘encounter’ images. CBP retains every nonmatch photograph for 15 years, meaning that even if you’re an American citizen mistakenly stopped on the street, the government has your biometric records for (almost) a generation.”
​
Congress should investigate and debate this retention of Americans’ biometric records before reauthorizing a single surveillance authority. And PPSA is hopeful that ICE will be forced to explain its unconstitutional detention of George Reyes when it faces his lawsuit under the Federal Torts Claim Act.

​When it was recently revealed that Special Counsel Jack Smith used a grand jury subpoena to secretly access the phone records of eight U.S. Senators and one Member of the House, we were outraged.

We quoted Chief Justice John Roberts in Carpenter v. United States (2018) that “this Court has never held that the Government may subpoena third parties for records in which the subject has a reasonable expectation of privacy.”

We’ve also stood fast by the principle that a right is only a right if it has a remedy, which necessarily includes the ability to sue government officials who violate your constitutional rights.

Concerning the spying on Members of Congress, we wrote: “Senators, like everyone else, deserve a reasonable expectation that their phone records are private.”

Why, then, are so many House Republicans and Democrats up in arms about a last-minute provision stuck into the short-term funding bill that President Trump signed on Wednesday night? That provision, now law, allows individual senators to be awarded up to $500,000 in retroactive lawsuits against the government if their data was sought or obtained without them being notified.

Executive branch surveillance of senators is concerning because it directly impacts the independence of the legislative branch, the functioning of democracy, and thus ultimately the rights of us all. But does this have to mean that the rest of us should be treated as chopped liver?

Think about it:
​

• You cannot sue or in any way impede the dozen federal agencies – ranging from the FBI to the IRS and Department of Homeland Security – for purchasing your most sensitive personal digital data and examining it without a warrant.

 

• You cannot sue if the National Security Agency uses the “Make Everyone a Spy” law to ask your gym, office landlord, or church to hand over records of your communications carried by free Wi-Fi systems.

 

• You cannot sue if a federal prosecutor makes a similar intrusion into your phone logs but keeps it secret with a Non-Disclosure Order (NDO).

Only U.S. senators can sue for being improperly surveilled. And the money they can collect now they can stick right into their bank accounts. The Senate in the last Congress refused to join the House in passing the NDO Fairness Act, which would have restricted the government’s currently unlimited ability to issue gag orders to digital and telecom companies to prevent them from telling you that your records have been accessed.

About this last-minute Senate maneuver, Rep. Chip Roy (R-TX) said, “There’s going to be a lot of people, if they look and understand this, are going to see it as self-serving, self-dealing kind of stuff.”

As we approach next year’s reauthorization of FISA Section 702 – a surveillance authority enacted by Congress for foreign surveillance – Congress will have a golden opportunity to debate a number of reforms that can protect the rights of constituents.
​
Remember us?

​Customs and Border Protection (CBP) has long asserted a right to inspect the contents of the digital devices of Americans returning from abroad. Now, Wired’s Dell Cameron and Matt Burgess report that the recent increase in these invasive practices at ports of entry has caused the number of international visitors to the United States to plummet. They note that while most of these searches are basic, “where agents manually scroll a person’s phone,” deeper, tool-based sweep-searches do occur.
 
In either scenario, refusing to provide a passcode means subjecting oneself to massive delays or even the seizure of one’s device(s). And while digital inspection at the border is not a new trend, it’s a rapidly increasing one.
 
CBP’s own data shows warrantless digital inspections conducted at the border jumped from 8,503 in 2015 to more than 50,000 this year.
 
This accelerating increase of warrantless scanning of digital devices at the border is attracting attention internationally and concern here at home.
​
Four years ago we noted the need for respect for the Fourth Amendment at U.S. borders and entry zones. Sens. Ron Wyden (D-OR) and Rand Paul (R-KY) introduced the Protecting Data at the Border Act, and then renewed their push to pass this initiative. In between, investigative journalist Jana Winter found that CBP was spying on journalists.
 
By that time, the Inspector General of the Department of Homeland Security (DHS) had issued a scathing report on the privacy violations committed by its various agencies – with agents helping themselves freely to Americans’ location histories and other personal data. This was, the IG found, partly because the DHS Privacy Office “did not follow or enforce its own privacy policies and guidance.”
 
And it appears that the agency is still not adhering to its own internal procedures in collecting and retaining Americans’ personal data. On the heels of the phone search story comes another tale of CBP overreach. Only this time, it isn’t about personal devices. Rather, the agency is looking for contractors to build a massive fleet of AI-powered surveillance trucks.
 
Wired reports: “With a fleet of such vehicles, each would act as a node in a wider surveillance mesh.” This is a technical point, but its chilling philosophical ramifications are what strike us most. 
 
Node by node, our government is building a surveillance net to cover the country. This is all the more reason for Congress to use the upcoming debate over the reauthorization of FISA Section 702 in April to subject every element of this emerging surveillance state to long-delayed scrutiny.

​Imagine a dish called Surveillance Stew. It’s served anytime multiple privacy-threatening technologies come together, rather like a witch’s brew of bad ideas. It's best served cold.

The latest Surveillance Stew recipe includes location data, social media, and facial recognition. Nicole Bennett, who studies such things, writes in The Conversation that this particular concoction represents a turning point: borders are no longer physical but digital. The government has long held that the border is a special zone where the Fourth Amendment has little traction. Now the government is expanding border rules to the rest of America.

Immigration and Customs Enforcement (ICE) has put out a call to purchase a comprehensive social media monitoring system. At first glance, Bennett notes, it seems merely an expansion of monitoring programs that already exist. But it’s the structure of what’s being proposed that she finds new, expansive, and deeply concerning. “ICE,” she writes, “is building a public-private surveillance loop that transforms everyday online activity into potential evidence.”

The base stock of Surveillance Stew came with Palantir’s development of a national database that could easily be repurposed into a federal surveillance system. Add ICE’s social media monitoring function and the already-thoroughgoing Palantir system becomes “a growing web of license plate scans, utility records, property data and biometrics,” says Bennett, “creating what is effectively a searchable portrait of a person’s life.”

Such a technology gumbo seems less a method for investigating individual criminal cases than a sweeping supposition that any person anywhere in the United States could, at any moment, be a “criminal.” It’s a dragnet, says Wired’s Andrew Couts, noting that 65 percent of ICE detainees had no criminal convictions. Dragnets are inimical to privacy and corrosive to the spirit of the Constitution.

Traditional, law-based approaches to enforcement are one thing – and enforcement, of course, is ICE’s necessary job. The problem now, warns Bennett, is that “enforcement increasingly happens through data correlations” rather than the gathering of hard evidence.

We agree with Bennett's conclusion that these sorts of “guilt by digitization” approaches fly in the face of constitutional guardrails like due process and protection from warrantless searches. To quote Wired’s Couts again, “It might be ICE using it today, but you can imagine a situation where a police officer is standing on a corner and just pointing his phone at everybody, trying to catch a criminal.”

The existence of Palantir’s hub makes it inevitable that ICE’s expanded monitoring capability will migrate to other agencies – from the FBI to the IRS. And when that happens, what ICE does to illegal immigrants can just as easily be done to American citizens – by any government entity, for any reason.
​
When our daily lives are converted into zeroes and ones, the authorities can draw “borders” wherever they want.

​Search our news blog for "Flock" and you'll hit the jackpot. This company has been a consistent source of concern for privacy watchdogs.
 
Just last week, the ACLU’s Jay Stanley summarized the results of a detailed Massachusetts open-records investigation. Thanks to Flock’s contracts with more than 40 Massachusetts police departments, Bay State drivers can now be tracked by 7,000 of the company’s customers – “in real time, without a warrant, probable cause, or even reasonable suspicion of wrongdoing.” To be clear, that surveillance of Massachusetts drivers can be conducted from other parts of the country… because why wouldn’t Texas authorities want to know what Massachusetts drivers are up to?
 
This chilling state of affairs is the result of Flock’s boilerplate contract language, which only changes if a police department demands it (most have not). The company’s contracts include an “irrevocable, worldwide, royalty-free, license to use the Customer Generated Data for the purpose of providing Flock Services.”
 
Stanley’s article includes additional anecdotes about Flock’s propensity for over-sharing that suggest the issue goes far beyond Massachusetts. In Virginia, for example, reporters found that “thousands of outside law enforcement agencies searched Virginians’ driving histories over 7 million times in a 12-month period.” As we’ve written before, Virginia is already one of the most surveilled states in the country, thanks largely to vendors like Flock Safety.
 
Consider following the ACLU’s advice for pushing back against this kind of Orwellian oversight. If we don’t say anything, nothing is going to change.

​Flock Safety – the vendor installing license plate readers across the country – is now helping police departments enhance their drone fleets with artificial intelligence. With this surveillance comes improved public safety, but also new threats to privacy and personal freedom.

Police drones are not an exotic trend. From 2018 to 2024, the number of police and sheriff departments with drones has risen by 150 percent – for a total of about 1,500 drone-enabled departments.

Increasingly, these drones have brains as well as eyes. Rather than requiring a human operator to direct them, a new generation of autonomous drones can work in concert with an officer at the scene. Lieutenant Ryan Sill, Patrol Watch Commander of the police department in Hayward, California, writes in Police 1 News of surveillance vendor Axon’s “One-Click” drone technology for Autonomous Aerial Vehicles (AAVs):

“The future is one where an AAV can be assigned to each officer, deploying from a patrol car, operating independently without the need for a pilot, responding to voice commands, and completing tasks as directed by the officer.”
​
The integration of AI and drone technology is undeniably a boon to public safety. One of the most dangerous police activities – both for police officers and the public – is the high-speed pursuit of criminals in cars. Increasingly, suspects in cars and on foot can run all they want, but they can be tracked wherever they go by drones.

​Intelligent drones can also zoom quickly to an accident or crime scenes. They can record incidents and respond to situations in ways that assist police departments with too-few officers.

But intelligent drones bring with them the likelihood that all the information they collect will be abused. Then there is information that won’t be collected by drones operated by citizens and journalists in airspace cleared by police drones. Earlier this month, the Federal Aviation Administration imposed a 12-day ban on all non-governmental drone flights across much of Chicago. This coincided with the arrival of National Guard troops and federal agents to conduct immigration raids.

ACLU reports: “This raises the sharp suspicion that it is intended not to ensure the safety of government aircraft, but (along with violence, harassment, and claims of ‘doxing’) is yet another attempt to prevent reporters and citizens from recording the activities of authorities.”

Even more concerning is the emergence of drones that can predict crime.

Malavika Madgula of Sify.com writes about “Dejaview,” a new South Korean technology that “blends AI with real-time CCTV to discern anomalies and patterns in real-life scenarios, allowing it to envisage incidents ranging from drug trafficking to pettier offenses with a sci-fi-esque accuracy rate of 82 percent.”

Knowing that a synthetic brain is watching you for any sign that you might be a criminal is hardly the vibe of a free society. Madgula writes: “It could trigger feelings of heightened self-awareness and unease for even the most innocuous of activities, such as taking a shortcut on your way home or using a cash machine.”
​
Elon Musk famously worried that in AI “we’re summoning the demon.” The demon is welcomed by law enforcement because he is enormously useful in protecting communities. Without guardrails in place to prevent the misuse of this immense collection of our personal movements, activities and associations, it could also turn out to be a Faustian bargain.

​Outrage, the currency of our times, is being minted at a furious rate over Special Counsel Jack Smith’s use of grand jury subpoenas to spy on the telephone metadata records of eight senators and one congressman around the time of the Jan. 6th 2021 assault on the U.S. Capitol.

One statement of majestic and appropriate outrage – the gold standard, if you will – came from Sen. Rand Paul (who was not among those surveilled). He wrote in Breitbart:

“Our Founding Fathers objected to general warrants that allowed soldiers to go from house to house searching homes of American colonists, [and] I think they would be equally horrified by a government that goes from phone to phone collecting data on all Americans.”

Then there is Sen. Lindsey Graham, one of the targets of Smith’s surveillance, who shouted (rhetorically, starting at 2:35) at Attorney General Pam Bondi, “Can you tell me why my phone records, when I’m the Chairman of the Judiciary Committee, were sought by the Jack Smith agents, why did they ask to know who I called and what I was doing from January 4th to the 7th, can you tell me that?”

It's a good question.

David Corn, writing in the progressive Mother Jones, had his own angle of outrage – that President Trump “incited a violent assault on the Capitol, and for hours – as cops were being beaten and Democratic and Republican legislators were being threatened – did nothing in the hope this domestic terrorism would benefit him and allow him to stay in power …

“Should that not have been thoroughly investigated?”

Another good question.

Here’s our take. Yes, after the trashing of the U.S. Capitol, savage beatings of Capitol police, and the erection of a gallows to “hang Mike Pence,” it would have been astonishing for the government not to investigate. But when the executive branch spies on the metadata of Members of Congress – data that can yield a wealth of private information – you would expect a special prosecutor, appointed by one president to investigate his predecessor and likely future opponent, to dot all “i’s” and cross all “t’s.”

Instead of adhering to a strict constitutional standard, Jack Smith predicated his surveillance of U.S. senators and a representative on a subpoena issued by a grand jury. Such a panel, as New York Chief Judge Sol Wachtler famously said, would gladly indict a ham sandwich if that was what the prosecution wanted.

In his Breitbart piece, Sen. Paul quotes Chief Justice John Roberts when the Supreme Court held in Carpenter v. United States (2018) that geolocation from cellphone metadata was a privacy interest protected by the Fourth Amendment. Justice Roberts, for the majority, wrote, “this Court has never held that the Government may subpoena third parties for records in which the subject has a reasonable expectation of privacy.”

Senators, like everyone else, deserve a reasonable expectation that their phone records are private. Of course, senators – also, like everyone else – are not exempt from lawful investigations. But when one branch investigates another – when one political party investigates its opponents – is it too much to ask that the government respect the Fourth Amendment? If Jack Smith had a good reason to surveil nine Members of Congress, he should have made his case for probable cause before a neutral magistrate and obtained a warrant – as the Constitution requires.
​
That Smith instead chose to slather two pieces of bread with mustard and add a slice of ham indicates (mixed metaphor alert) that he was on nothing more than a fishing expedition. When politics intersect with criminal law, prosecutors must adhere to the most rigorous standards. That is in keeping with the character of an exceptional nation. We must not lose it.

​Section 702 of the Foreign Intelligence Surveillance Act is an authority enacted by Congress to allow U.S. intelligence agencies to surveil foreign spies and terrorists. But it has been used in the past by the federal government to extract the communications of millions of Americans.

• Among those who had their privacy violated by Section 702 data were 19,000 donors to a congressional campaign. This authority was also used to spy on a state senator, a state judge, a congressman, and a U.S. senator. If judges and Members of Congress can have their rights violated, imagine how much respect the FBI and other government agencies have for your privacy.

Concerned by this abuse of Section 702 authority, Congress put this surveillance power on a short leash – with the next reauthorization in April 2026.
 
Now Sen. Tom Cotton (R-AR) is reportedly promoting the idea of delaying the next reauthorization of this key surveillance authority for another 18 months. No matter how well-intentioned, this is a bad idea that would derail any meaningful debate on surveillance reform in this and the next Congress.  
 
Such a delay would also remove any leverage Congress has to perform meaningful oversight of an intelligence community that resists accountability at almost every turn.
 
The April 2024 Debate Produced Significant Reforms
 
The last reauthorization demonstrates that the leverage of a hard deadline at a relatively calm time in the legislative calendar yields results.

• In the face of furious lobbying by the intelligence community, surveillance reformers on the Hill managed to leverage the April 2024 hard deadline to require the FBI to provide quarterly reports on the number of Americans targeted under Section 702.

 

• Champions of reform proposed a warrant requirement for the extraction of an American’s communications – an amendment that came within one vote of passing the House. Congress also took the Section 702 debate as an opportunity to end “abouts” data collection, a loose practice that prompted the FISA Court to publicly excoriate the National Security Agency for an “institutional lack of candor” about a “very serious Fourth Amendment issue.”

Finally, Congress shortened the window for the next reauthorization of Section 702 – and its attendant surveillance debate – from five years to just two. This ensured that any new issues that emerged would be tracked by congressional overseers.
 
The Issues Ahead
 
With the next Section 702 reauthorization vote set for April 2026, Congress is beginning once again to treat it as an opportunity to discuss broader surveillance policy.
Emerging questions include:
​

• Why, and under what exact authority, did the FBI surveil the communications of eight senators and one House Member in 2021?

 

• A recent Department of Justice report portrays FBI agents as suffering from anxiety and “audit fatigue” in meeting the requirements of Section 702 reforms. If this is the case, couldn’t their anxiety be relieved by sharing responsibility with judges in the form of warrants?

 

• The FBI, IRS, and other federal agency purchase the digital breadcrumbs we leave online when we communicate or conduct an online search. When, if ever, will Congress get another opportunity to require a warrant for the acquisition of Americans’ personal data?

 

• If the Section 702 debate is scrapped next April, when else will Congress get a chance to review the operations of the “make everyone a spy” provision, a last-minute addition in the 2024 debate that obliges almost all businesses to help the government spy on their customers?

If your answer to the above questions is that these issues can simply be taken up after the 18-month extension, think again.
 
The Crowded Calendar of October 2027
 
The beauty of an April reauthorization is that it falls at a fairly calm time in the legislative calendar. An 18-month delay would bump the Section 702 reauthorization vote and the next surveillance debate into the next Congress, to October 2027, amid the press of business around the end of the budgetary cycle. Such debates would have to compete with a likely continuing resolution and a host of contentious spending measures.
 
There would be no time to debate anything about surveillance. It would just be another “clean” reauthorization – which would suit the advocates of the status quo just fine.
Members should remain firm: Congress agreed to an April 2026 reauthorization debate for Section 702.
 
Let’s keep it that way.

“Just because you’re paranoid doesn’t mean they aren’t after you,” says Yossarian, Joseph Heller’s terrified bomber pilot in Catch-22. The same could now be said by eight U.S. Senators and one U.S. House Member – all Republicans – who were secretly spied upon by the FBI during the Biden administration.
​
For five years now, the Project for Privacy and Surveillance Accountability has filed Freedom of Information Act (FOIA) requests demanding records from the FBI and other intelligence agencies about the possible surveillance of Members of Congress. We used every legal avenue – from FOIA requests to lawsuits – to compel the FBI, the Department of Justice, the Office of the Director of National Intelligence (ODNI), the National Security Agency, and the Department of State to disclose documents about the possible surveillance of Members of Congress with oversight responsibility over this intelligence community.

In short, we wanted to know if the FBI and other agencies were “overseeing” their ostensible overseers in Congress.

The government’s only response was the flippant use of the “Glomar response,” a court-created doctrine in which an agency can issue a “neither confirm nor deny” answer. In one instance, a response from ODNI came back within four business days, unprecedented speed for the bureaucracy. The Glomar response was originally created to protect a super-secret CIA project to retrieve a sunken Soviet nuclear submarine. Now it is being used to hide domestic spying.

At the time, Gene Schaerr, PPSA general counsel, responded: “The government doesn’t want to even entertain our question. What do they have to hide?”

Now we know at least part of what the government has to hide.

The FBI in 2023 analyzed the phone records of Sen. Lindsey Graham (R-SC), Sen. Bill Hagerty (R-TN), Sen. Josh Hawley (R-MO), Sen. Dan Sullivan (R-AK), Sen. Tommy Tuberville (R-AL), Sen. Ron Johnson (R-WI), Sen. Cynthia Lummis (R-WY), Sen. Marsha Blackburn (R-TN), and Rep. Mike Kelly (R-PA).

Among them we count three sitting members of the Senate Judiciary Committee, charged with oversight of the FBI, as being targeted by Bureau surveillance.

What was the FBI up to? The FBI document states it “conducted preliminary toll analysis on limited toll records,” meaning it secured and analyzed calls made by these Members in relation to their votes on whether to certify the 2020 presidential election results. The FBI’s analyses were based on metadata – who called whom and when. As research from Stanford University has shown, such seemingly innocuous records can yield “surprisingly sensitive personal information” about the likely contents of those calls.

That is one reason why Sen. Chuck Grassley, Chairman of the Senate Judiciary Committee, called this a “weaponization by federal law enforcement under Biden” that was “arguably worse than Watergate.”

We predict this is just the tip of the iceberg. The ease with which the FBI surveilled prominent Members of Congress hints at the underlying reasons for which PPSA’s queries have been batted away so consistently by the intelligence community. We believe that time will reveal that there is more – much more – evidence of the intelligence community accessing the private communications of Congress.

Next year Congress will hold a debate over the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act. It should be clear to all Members that the FBI can’t be trusted. We need reforms across the board, from ending the abuse of Section 702 as a source of warrantless domestic surveillance, to ending government data purchases.

​You might think that where you go and with whom you meet is your private information. And it is. But now it’s also accessible to the government, with a federal agency purchasing software to track the location of your phone.

Joseph Cox of 404 Media reports that the U.S. Immigration and Customs Enforcement (ICE) is buying an “all-in-one” surveillance tool from Penlink to “compile, process, and validate billions of daily location signals from hundreds of millions of mobile devices, providing both forensic and predictive analytics.”

That chilling quote is ICE’s own declaration. Apparently, acquiring Penlink’s proprietary tools are the only way to beat criminals at their own game.

ICE is not taking us down a slippery slope. It is going straight to the gully, discarding any concept of the prohibition against warrantless surveillance in violation of the Fourth Amendment. From there, monitoring the movements of the general population is simply an act of political will. As with facial recognition software, notes the Independent’s Sean O’Grady, it is one more example of the “creeping ubiquity of various types of surveillance.”

Indeed, location is but one element of commercial telemetry data (CTD), the industry term for information acquired from cellphone networks, connected vehicles, websites, and more. PPSA readers know that banning the sale of CTD to government agencies is one goal of the bipartisan Fourth Amendment Is Not For Sale Act, which passed the House in the previous Congress.

Collecting and selling CTD is the shady business of the data broker industry, a practice the Federal Trade Commission once tried, meekly, to rein in. Indeed, for one brief shining moment, even ICE previously announced it would stop buying (but continue to use) CTD after the Department of Homeland Security’s own Inspector General found that DHS agencies weren’t giving privacy protections their due.

And yet here we are. As the Electronic Frontier Foundation’s Beryl Lipton recently put it in Forbes:

“This extension and expansion of ICE’s Penlink contract underlines the federal government’s enthusiasm for indiscriminate and warrantless data collection on as many people as possible. We’re still learning about the extent of the government’s growing surveillance apparatus, but tools like Penlink can absolutely assist ICE in turning law-abiding citizens and protestors into targets of the federal government.”
​
These tools are in the hands of ICE today, but they could be in the hands of the FBI, IRS, and other federal agencies in the blink of an eye. Congress should take note of this development when it debates reauthorization of a key surveillance authority – FISA Section 702 – next spring.

​That shouldn’t merit a headline, but it does. We’ve often reported on the Department of Justice’s responses to our Freedom of Information Act (FOIA) requests for internal policies concerning the use of cell-site simulators, commonly known as stingrays.

In the past, we’ve received non-response responses to our FOIA request, including one in which DOJ sent us 40 redacted pages from MISTER BLANK in the office of BLANK, with only this statement: “Hope that’s helpful.” We noted at the time that this could only be taken as a middle-finger salute to FOIA itself.

There now seems to be a more responsive spirit at DOJ. A new reply to our FOIA request arrived this month. True, it was still less than fulsome. But it was a response! And what it did reveal was encouraging. It showed a determination to abide by a 2015 DOJ memo requiring probable cause warrants before this technology can be used, except in emergency circumstances.

DOJ personnel were informed:

“The core of this new policy is to require search warrants for use of the devices, except in rare circumstances such as a threat to life and limb. It also requires transparency with the courts in the way that we apply for legal process, and it dictates what should be done with information about cell phones that are not related to the investigation.”

This leaves you wondering why some previous respondents at DOJ chose obfuscation and a rude brushoff instead of showcasing an internal determination to abide by the Fourth Amendment.

Stingrays are devices that mimic cell towers, pinging the phones of people within a geofenced area to reveal their location, movements, and potentially some contents within their phones. This technology can sweep up the personal information of hundreds of people in a given area. This actually happened when the Richmond, Virginia, police searched for a bank robber. Their sweep compromised the Fourth Amendment rights of diners in a Ruby Tuesday restaurant, guests at a Hampton Inn, residents of an apartment complex, and seniors in an assisted living facility.

This incident demonstrates that while the Justice Department has a tight policy regarding the use of stingrays, different rules apply to a dozen other federal agencies and at least 75 state agencies around the country that also use this surveillance technology. The FBI instructs police to use stingrays to develop leads, but use other means to develop “primary evidence.” This sure sounds like a suggestion to construct parallel evidence.

Shouldn’t defendants know if evidence used against them was taken from their phones?
​
Still, we are happy to take good news when we can get. Here’s to encouraging the DOJ to continue to abide by its policy of applying a warrant requirement to stingrays.

​We’ve reported extensively on how high schools across the United States are monitoring the communications of students for the sake of “safety.” Now an anonymous teacher in the United Kingdom, after learning that a system called Senso secretly monitors whatever students or staff type, explains his concerns about privacy – but also, much more.

From Unherd:

“At first, I thought my reaction was about privacy. Partly, it was. But what lingered – what I kept turning over – was something else. A kind of moral labour was being handed over to a machine: the quiet discipline of noticing, of staying with another person’s experience, of holding their reality in mind. And no one seemed to notice, or care. 

“What I was seeing – or rather, what was vanishing – was a form of attention. Not just focus or vigilance, but something older and more human. The effort to see someone in their full, contradictory reality – not as a data point, a red flag, or a procedural category …

“Tools like Senso make that trade easy – and invisible. They train us to scan for risk, not to remain with the person. Moral attention is the ground of judgement, the beginning of care. It is also a stance of active presence: an effort to refuse reducing the person in front of us to the signals a system is designed to detect. 

“As Simone Weil wrote: ‘Attention is the rarest and purest form of generosity.’ It is not just noticing – it is the effort to see someone else as they are, without turning away … 
​
“Sociologists have long recognised that moral life depends not only on individual decisions, but on shared structures. When those structures weaken – when proximity is replaced by process – something shifts. The moral weight of a situation is no longer felt; it is processed. As judgement is replaced by assessment, the capacity for care erodes.”

​Clearview AI is raking in the cash with its facial recognition software, signing lucrative contracts that make all Americans easier targets for government surveillance. The latest award is a $10 million deal with the Department of Homeland Security (DHS) to support Immigration and Customs Enforcement (ICE) operations.

Clearview was previously fined more than $30 million by Dutch regulators for privacy violations related to data collection. It also settled privacy violation charges in the U.S. for tens of millions more. But none of that has stopped the company from becoming a favorite of law enforcement and government intelligence agencies in the United States. In fact, we’ve written about the dangers of facial recognition more times than we can count. Its continued popularity only proves that the federal government cares more about purchasing facial recognition software than regulating its use. As a result, states have had to step in and fill the regulatory gap.

The new ICE contract means that Clearview will be used to help identify individuals accused of assaulting its officers – a commendable goal. But the accumulation of Americans’ faces into a single database is an immense temptation for abuse in many other domains, including surveillance for political reasons.

You may applaud or deplore ICE’s new aggressiveness. The larger is issue what the government, or Clearview itself, will do down the road with the mass collection of America’s facial data. Our faces, along with the rest of our biometric data – and our privacy in general – remain for sale. Of course, we’re assuming that the software will actually recognize us rather than mistake us for someone else.

As spy tech goes, facial recognition can’t seem to win for losing.
​
It’s enough to make one yearn for the quaint times of Oscar Wilde, who once said, “I never forget a face, but in your case I will make an exception.”

Prof. Alicia Jessop

​We recently reported that the popularity of wearables is eroding confidence in the idea that private, candid conversations will always remain private. Now Charlie McGill and The American Prospect report that HHS Secretary Robert F. Kennedy Jr. “wants a wearable on every American body.” They described this announcement as “curious” given that five years ago the Secretary himself blasted wearables and other smart devices as being about “surveillance, and harvesting data.”

That was then. A massive, government-funded pro-wearables ad campaign will soon promote Secretary Kennedy’s long-held view that eating right and exercising is superior to pharmaceutical remedies. He also wants HHS to popularize wearables: “You know the [sic] Ozempic is costing $1,300 a month, if you can achieve the same thing with an $80 wearable, it's a lot better for the American people.”

Persuading people to take better care of themselves is certainly a commendable goal for an HHS Secretary. But the security and privacy risks inherent to wearables are also a veritable bonanza for data brokers. On the Dark Web in 2021, healthcare data records were worth $250 each, compared to $5.40 for a payment card record. Just imagine what they’ll be worth in four years’ time if the HHS plan comes to fruition. Meanwhile, companies are lining up to cash in on the wearables boom that the department is promoting.

Companies that buy our data usually just want to target customers with ads and appeals. On a more sinister level, our health data derived from wearables – about as personal as information can be – will be sold by data brokers to about a dozen federal agencies, ranging from the FBI and the IRS to the Department of Homeland Security.

Health data from wearables will surely become part of a single, federal database of Americans’ information. “Techno-utopianism” observes Natalia Mehlman Petrzela “assumes more sophisticated technology always yields a better future.” Without constructing the requisite privacy guardrails for the data new technologies generate, quantifying ourselves on such an extreme scale may invite unwanted scrutiny.
​
Do we really want the FBI or the IRS to be able to warrantlessly access our deeply personal health issues? The wearables revolution, and the data it generates, is just another privacy violation that should prompt Congress to enforce the Fourth Amendment by forbidding the government from warrantlessly purchasing our most personal data.

America’s enemies aren’t storming our shores with tanks and planes – they’re breaking into our email, phone, and data systems. And right now, we’re making their job too easy.
 
The U.S. Senate can toughen up America’s defenses by passing the Lummis-Wyden amendment (S. Amdt. 3186) to the 2026 National Defense Authorization Act. This bipartisan fix would finally force the Pentagon to use secure, encrypted communications – and end its costly dependence on a handful of Big Tech vendors.
 
The Scale of Attacks
 
In 2023, Chinese hackers broke into Microsoft-hosted government email accounts, stealing 60,000 messages from the State Department alone. A year later, another Beijing-backed group hacked into AT&T and Verizon, tapping phones of Americans that included presidential candidate Donald Trump and then-Sen. J.D. Vance.
 
But Vance’s conversations were kept safe. How? He relied on Signal, the end-to-end encrypted app that even the hackers couldn’t crack.
 
The obvious takeaway is that without end-to-end encryption, our most sensitive communications are one hack away from the front page of Beijing’s intelligence briefings.
 
The Lummis-Wyden Fixes
 

• Mandates encryption. The Pentagon must be required to use secure, end-to-end encrypted systems whenever possible.

 

• Ends vendor lock-in. No more being trapped inside Microsoft Teams or Google Docs. Interoperability will be the law, so new and better tools can compete.

 

• Saves money and boosts innovation. Opening the market to smaller, nimbler companies means lower costs and stronger security.

 
Why It Matters

Our military today is stuck in walled gardens built by giant tech firms that all too often proved eminently hackable. That’s bad for taxpayers and disastrous for national security. Hackers don’t need to break into every office at the Pentagon – they just need to knock down the door of one weak provider. The Lummis-Wyden amendment puts a lock on those doors.
 
Congress Must Choose Security
 
Congress can keep letting foreign spies read Cabinet-level emails and tap presidential phone calls, or it can finally demand that the Pentagon use the best tools available. This amendment is a wake-up call that we can’t defend the country with outdated software. Encryption and competition would at least give our country a fighting chance to keep China and other bad actors out of our business.
 
PPSA calls on the Senate to pass the Lummis-Wyden Amendment to stop giving hackers the upper hand. This measure will better protect our service members, the American homeland, and the private deliberations of our leaders.

Just a quick update about the ever-expanding toolkit of the technocratic mass surveillance state: The new kid on the block is GeoSpy, which can examine a photograph and extrapolate your location in seconds. It claims to accomplish this by using only visual data in the image rather than metadata. From a purely technical perspective, that’s a big achievement.

From a privacy standpoint, it’s a nightmare.

According to an account first reported by 404 Media and summarized by Alex Hively of SlashGear, the original open source version of GeoSpy was quickly removed when it became clear that it could be used to stalk people. Company founder Daniel Heinen later admonished Joe Rogan and guests in a tweet reminding them that GeoSpy is “only for Law Enforcement and Government” use (which, at the time of the tweet had recently become true).

That GeoSpy is now “only for” law enforcement and government use is cold comfort. It seems an all-too-familiar narrative, reminding us of Clearview AI’s similarly reckless approach to the ethics of identification technology. By the end of 2021, the facial recognition startup had scraped ten billion images from the web and social media, providing agencies with a powerful new tool to instantly identify us and aid in the quick construction of dossiers of our beliefs, activities, and relationships.

And now, thanks to breakneck developments in technology, the government can now both identify us and locate us. Consider this statement from GeoSpy founder Heinen:

“My job as a leader in my space is to build the best technology that customers are asking for. It's not my job to play the ethics game because our elected officials will eventually figure that out. I have full faith in the American people to decide who to elect and what to vote on.”

(If this were a video, here is where we’d cut away to a dark screen and the sound of crickets.)
We won’t belabor the point as our readers know full well where all of this is likely to lead. But we will quote ourselves from a related article decrying the surveillance capabilities of drones and satellites: “What is cutting-edge technology today will be standard tomorrow. This is just one more way in which the velocity of technology is outpacing our ability to adjust.”

With the rise of GeoSpy, we now have one more reason for Congress and the states to hit pause and reassert the privacy guarantees inherent in the Fourth Amendment.

One last thing: Don’t assume you’re safe just because GeoSpy found a picture that you took indoors. It appears they’ve cracked that nut too, having discovered that their visual model can learn “regional architectural cues.” Silly us, we thought all apartment kitchens looked the same.

As Malwarebytes advises, “It’s just become even more important to be conscious about the pictures we post online.”

Director George A. Romero said of his horror masterpiece, The Night of the Living Dead, that “if it doesn’t scare you, you’re already dead.”
 
Section 215 of the PATRIOT Act – the “business records” provision – should at least concern you. This surveillance authority sunsetted on March 15, 2020, after Congress failed to renew it. And yet, somehow, it continues to roam the landscape. As it does, significant questions about how this oddly enduring authority is being practiced deserve an answer.
 
Section 215 was the legal authority under which federal intelligence agencies obtained secret orders from the Foreign Intelligence Surveillance Court to review personal information from “tangible things.” This broad category could include location data, medical records, travel records, and more, in paper form or from electronic communications relating to any transaction.

The FBI in the past used Section 215 authority to collect phone logs cataloging records of calls and texts, and internet logs revealing the identities of people who visited particular web pages, and other sensitive data. After Congress prohibited bulk acquisition of records in 2015, Section 215 prompted agencies to use a “specific selection term” to narrow the scope of their investigations. The government uses “unique identifiers” like email addresses extracted from data to target individuals within collected data. 
 
Congress chose to let Section 215 expire in 2020, shutting it down entirely and requiring the government to use a more narrowly tailored authority called pen register/trap and trace orders.
 
But five years after Section 215’s expiration, the program continues to operate as a zombie authority.

• The law’s expiration clause allows continued use of this authority for investigations that were ongoing at the time of expiration or to investigate “offenses or potential offenses” that occurred before the sunset. This is a broad standard that grants agencies considerable authority to link any current target to past activities.

 
There is evidence that Section 215 is enjoying a robust afterlife. According to the most recent ODNI Statistical Transparency Report:

• The number of business records orders and the estimated targets of such orders ranged between five and eleven in 2022, 2023 and 2024.
  
  
• Yet, somehow, the estimated number of unique identifiers used to communicate information collected under 215 authority ranged from 55,431 in 2022, to 5,412 in 2023, and 63,260 in 2024.

​The many unanswered questions about Section 215’s afterlife activities cry out for oversight. Congress should require the government to answer:
​

• Why are there so many unique identifiers for such few targets?

 

• Is this disparity because the source of the collection is communications metadata?

 

• Or is it an overly generous interpretation of what constitutes a “contact”?

 

• Or is this number simply skewed because the targets are associated with malicious hacking? 

The answers to these questions may be innocuous. But when a legal authority continues to produce such large and unexplained numbers five years after its expiration, Congress needs to start asking questions.

On April 8, the Board of Scarsdale Village, New York, approved a $2.1 million contract with Flock Safety to bring mass camera surveillance to its community.
 
Many residents of Scarsdale, the wealthiest suburb in the United States, were disturbed by the apparent contravention of the Board’s rules, giving no advance notice or allowing any public comment before voting 6-1 vote to approve the contract. Many of its residents are deeply troubled about the implications of Flock Safety camera surveillance, which enables AI-powered license plate readers to follow residents in their daily travels.
 
Jessica Burbank followed this story on Drop Site News, writing: “Flock is a $7.5 billion surveillance technology company, operating in over 5,000 communities across 49 states. Flock has a proven playbook to expand through securing local government contracts, often behind closed doors.”
 
Burbank reports on the public comments of Scarsdale resident Charles Seife, a former employee of the National Security Agency, who said:
 
“The system that Scarsdale wishes to implement is extremely dangerous … The records are kept for several weeks. At the very least, they allow retroactive surveillance. These systems are immensely popular with politicians and law enforcement, even though they do real and palpable damage to the citizenry …
 
“We're creating that database so that we can always do that for anyone, that you're constantly tracking people's movements. You have that system in place so that you don't need to articulate the suspicion before you're gathering that on someone, before you're actually trying to tag someone with wrongdoing. When you have that system there, all someone has to do is say, I don't like that person. And then you've got that surveillance already established.”
 
Seife later told Drop Site News: “Freedoms don't come back and privacy doesn't come back, and we are taking these irreversible steps so blithely for no real reason.”
 
Another Scarsdale resident, Josh Frankel, said: “The way I see it, it is not a matter of if this data will be abused and misused, only a matter of when and by whom.”

We share our most personal information with banks, telecoms, online search engines, and social media platforms. They know what we spend our money on, with whom we communicate, what we search for, and what we read and post. What could be more personal than that? So whenever we allow corporations to hold such personal information in digital form, can that be taken as a presumption that we’ve just given away our right to privacy?
 
Advocates for a sweeping interpretation of the “third-party doctrine” believe so. The very act of sharing our data, they hold, automatically relinquishes any right to privacy. The government thus doesn’t need to seek a probable cause warrant to review our private information, as the Constitution requires. This is not a matter of theory. A complex web of federal and state law effectively requires communications companies – through a risk of ruinous fines – to search through the content of their customers’ data, and report suspicious results to law enforcement.
 
This is what happened to a Wisconsin man, Michael Gasper. His data was flagged by Snapchat’s automated scans as child sexual abuse material, and reported to the National Center for Missing and Exploited Children. Based on this tip, a law enforcement officer was the first actor to perform a human review of the flagged file, though he did so without bothering to obtain a probable cause warrant, as the Fourth Amendment requires.
 
Initially, a lower court recognized that Gasper had a reasonable expectation of privacy in data he uploaded to the cloud through Snapchat. But the Wisconsin Court of Appeals held otherwise, reasoning that Snapchat’s Terms of Service – a lengthy contract most users “agree” to by checking a box, without ever reading it – eliminated any expectation of privacy. Now PPSA has filed a brief before the Wisconsin Supreme Court demonstrating that this ruling would undermine the heart of the Fourth Amendment. It would also defy a line of U.S. Supreme Court precedent that has long condemned overbroad interpretations regarding government access to third-party data.
 

• PPSA told the Wisconsin Supreme Court that the Fourth Amendment protects the degree of privacy that existed at the Founding despite advances in technology. This is not a reach. In the 18th century, Americans often entrusted their private property – and with it, their personal information – for limited uses by third parties, such as for custody, repair or transportation. Property owners maintained an expectation of privacy over their property, including their documents, when entrusted to a holder. In the 19th century, the Supreme Court held that letters sent through the mail “can only be opened and examined” under a warrant. Why should the cloud be treated any differently?

 

• Snapchat informed users, through its Terms of Service, that it performed automated searches for illicit material – essentially warning that it complies with the law. The state argues that this means Snapchat users have no expectation of privacy. But we told the Wisconsin high court: “when private reporting is mandated with significant penalties for noncompliance, such reports are state action, not private searches.”

 

• What about the eyeball search conducted by the law enforcement officer? We told the court: “But even if they were private searches, law enforcement cannot use them as a stepping stone to later, more expansive searches without complying with the Fourth Amendment.”

We reminded the Wisconsin Supreme Court that the U.S. Supreme Court in Carpenter v. United States held that the government did not have the right to warrantlessly track a suspect’s location through historic call records.
 
We urge the court to realize that we can protect children from exploitation and abuse while taking the time to obtain a warrant based on probable cause. Otherwise, policy will continue to subject the private data of all Americans to warrantless searches.
 
The ransacking of our cloud-based data is much like the “general warrants” of the colonial era, when agents of the Crown could rifle through anyone’s documents at will. This practice was one of the prime outrages that sparked the American Revolution. We should not tolerate the government’s general warrants today.