July was a banner month for surveillance reform. For years, civil libertarians have warned about the widespread practice of third-party data brokers selling Americans’ most sensitive and private information, scraped from our apps, to more than a dozen federal intelligence and law enforcement agencies, including the FBI, Drug Enforcement Administration, and the many agencies of the Department of Homeland Security.
The public is alarmed. Lawmakers in both parties are beginning to take effective action.
In July, the House Judiciary Committee unanimously passed The Fourth Amendment Is Not for Sale Act, which would restrict the ability of government agencies to warrantless extract Americans’ personal information from data purchases. Sen. Ron Wyden (D-OR) is reintroducing this measure in the Senate.
If the will of the Congress wasn’t clear enough, also in July the House passed an amendment sponsored by Rep. Warren Davidson (R-OH) and Sara Jacobs (D-CA) to the National Defense Authorization Act that expressly prohibits half of the intelligence community, including the NSA and the Defense Intelligence Agency, from purchasing our data at all, absent a warrant, court order, or subpoena.
Supporters of similar reforms range from the conservative Chairman of the House Judiciary Committee, Jim Jordan, to the liberal Ranking Member and former Chairman, Jerry Nadler. A passion for surveillance reform brings together respected members from Rep. Thomas Massie (R-KY) to Rep. Zoe Lofgren (D-CA), from Sen. Wyden to Sen. Mike Lee (R-UT).
It might seem, then, that surveillance reform is now a slam-dunk certainty. It isn’t.
Consider the fate of Lee-Leahy, a bill that would have imposed the rather modest goal of requiring the judges of the Foreign Intelligence Surveillance Act (FISA) court to seek the advice of civil liberties experts in cases that involve significant civil rights concerns when political, religious, or journalistic groups are surveilled and investigated. That measure passed the Senate in 2020 by an overwhelming 77 votes. Then, through a process of legislative confusion and the Trump Administration’s policy contortions, this modest and popular bill sailed into the round file like a paper airplane.
The Davidson-Jacobs Amendment and The Fourth Amendment Is Not For Sale Act risk dying in a far less dramatic way than Lee-Leahy did. All the elected champions of the surveillance state have to do is let these measures die in the darkness of a committee room or the Senate calendar. More good legislation has been killed by benign neglect than by explicit filibusters.
Any American who cares about privacy and civil liberties must draw two conclusions from this realization.
First, now more than ever, civil libertarians need to ramp up the activity. Members of Congress must know that this year we won’t settle for feel-good, symbolic votes. The Fourth Amendment Is Not For Sale Act must get a floor vote in the Senate.
Second, civil libertarians must continue to insist that FISA’s Section 702, an authority under which the government surveils foreigners, must be reformed so that it cannot continue to be used by the FBI and other agencies as a domestic surveillance tool. This reform must necessarily include closing the legal loophole that allows the government to buy our personal information and thumb through it, all without a warrant.
As Kenny Loggins sang so long ago, “this is it!” Our back is to the corner. Join the efforts of the civil liberties community by clicking here to stand up and fight!
On Friday, the Office of the Director of National Intelligence released a Foreign Intelligence Surveillance Court opinion that details blatant violations of Americans’ privacy. Most distressingly, high-profile American political leaders were among the targets surveilled by the FBI. The heavily redacted opinion released on Friday reveals that the FBI attempted improper searches of the communications of a United States Senator, a state senator, and a judge who complained about civil rights violations by local police.
If that sounds beyond the pale, the National Security Division (NSD) of the United States Department of Justice thought so, too.
In the former case, the NSD determined that the “querying standard” used by the FBI to obtain foreign intelligence information was not met. In the latter case, it’s a little more opaque. Last October, the FBI used the anonymous Judge’s social security number to search the Section 702 database. The Judge "had complained to FBI about alleged civil rights violations perpetrated by a municipal chief of police.” The National Security Division’s review stated that this search was also illicit.
While the U.S. Senator has been notified about the improper search, the state Senator and the state Judge have not. It is clear is that a continued pattern of government abuse persists when it comes to Section 702 of the Foreign Intelligence Surveillance Act.
Although the FISC states that, “there is reason to believe that the FBI has been doing a better job in applying the querying standard,” the anonymous judge also admits that “[t]he prevalence of non-compliant queries conducted by the FBI, and particularly of broad queries that were not reasonably likely to return foreign intelligence information or evidence of crime, has been a major focus of concern….”
Indeed it has been. In fact, the same court found in 2018 that there was a “deficiency in the FBI’s querying and minimization procedures” based on “large-scale, suspicionless queries….”
The Court found that the FBI’s implementation of remedial measures has improved the Bureau’s compliance with Section 702’s specificity requirements. But they make sure to soften that finding with a disclaimer: “NSD devotes substantial resources to its oversight efforts, but still can examine only a fraction of total FBI queries. It is therefore possible that serious violations of the querying standard have so far gone undetected.”
The FBI has a long track record of repeatedly misusing the Section 702 database, but to poll information on high-profile elected officials is a new level of abuse. These revelations come amid a push by the Biden administration to reauthorize Section 702 mere months before it expires at the end of this year. When federal authorities inappropriately attempt to spy on legislators – and even judges – we truly find ourselves with one foot off the merry-go-round. Congress must take this into account in the coming months.
A recent article by Dell Cameron at Wired reports on ongoing congressional efforts to close the federal loophole allowing police and intelligence authorities to collect sensitive personal data from United States citizens without a warrant, subpoena, or court order.
The Fourth Amendment Is Not For Sale Act, sponsored by Representative Warren Davidson with bipartisan support, would prevent government entities from purchasing Americans’ personal data without court authorization, dramatically restricting a practice that even the Director of National Intelligence admits has tremendous potential for abuse. The bill passed out of committee with flying colors following markup.
In Wired, Cameron aptly explains the many controversies surrounding this issue, including the ongoing game of legal pretzel logic the government has used to justify its continued purchase of consumer data for law enforcement purposes. As the author points out, not only can the government access these data, so too can private companies and foreign actors.
But, as PPSA Senior Policy Advisor Bob Goodlatte notes in the piece, it’s our own governing authorities with which we should be most concerned.
Goodlatte said, “None of those other entities can arrest you, can charge you with a crime, try you, sentence you, imprison you, restrain you, enjoin you, fine you, tax you. All of those are powers of government, and any American should be concerned about the ease with which the federal government can gather information about people.”
With the biggest privacy battle of the year yet to come in the form of reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, Fourth Amendment advocates can take comfort that these issues are getting the attention – and coverage – they deserve.
PPSA’s Gene Schaerr Appeals to Congress to Assert Its Authority to Protect Americans’ Privacy and the Fourth Amendment
End the “Game of Surveillance Whack-a-Mole"
Gene Schaerr, PPSA general counsel, in testimony before a House subcommittee on Friday, urged Congress to assert its prerogative to interpret Americans’ privacy and Fourth Amendment rights against the federal government’s lawless surveillance.
Schaerr said the reauthorization of a major surveillance law this year is a priceless opportunity for Congress to enact many long-needed surveillance reforms. There is, Schaerr told the Members of the House Judiciary Subcommittee on Crime and Government Surveillance, no reason for Congress to defer on such a vital, national concern to the judiciary.
Congress also needs to assert its authority with executive branch agencies, he said. For decades, when Congress reforms a surveillance law, federal agencies simply move on to other legal authorities or theories to develop new ways to violate Americans’ privacy in “a game of surveillance whack-a-mole.”
“As the People’s agents, you can stop this game of surveillance whack-a-mole. You can do that by asserting your constitutional authority against an executive branch that, under both parties, is too often overbearing – and against a judicial branch that too often gives the executive an undeserved benefit of the doubt. Please don’t let this once-in-a-generation opportunity slip away.”
Schaerr was joined by other civil liberties experts who described the breadth of surveillance abuse by the federal government.
Liza Goitein of the Brennan Center for Justice at NYU Law School said that FISA’s Section 702 – crafted by Congress to enable foreign surveillance – has instead become a “rich source of warrantless access to Americans’ communications.”
She described a strange loophole in the law that allows our most sensitive and personal information to be sold to the government. The law prevents social media companies from selling Americans’ personal data to the government, but it does not preclude those same companies from selling Americans’ data to third-party data brokers – who in turn sell this personal information to the government.
Federal agencies assert that no warrant is required when they freely delve into such purchased digital communications, location histories, and browsing records. Goitein called this nothing less than the “laundering” of Americans’ personal information by federal agencies looking to get around the law.
“We’re a nation of chumps,” said famed legal scholar and commentator Jonathan Turley of the George Washington University Law School, for accepting “massive violations” of our privacy rights. He dismissed the FBI’s recent boasts that it had reduced the number of improper queries into Americans’ private information, likening that boast to “a bank robber saying we’re hitting smaller banks.”
Many members on both sides of the aisle echoed the concerns raised by Schaerr and other witnesses during the testimony. Commentary from the committee indicates that Congress is receptive to privacy-oriented reforms.
Gene Schaerr cautioned that Congress should pursue such a strategy of inserting strong reforms and guardrails into Section 702, rather than simply allowing this authority to lapse when it expires in December. Drawing on his experience as a White House counsel, Schaerr said the “executive branch loves a vacuum.” Without the statutory limits and reporting requirements of Section 702, the FBI and other government agencies would turn to other programs, such as purchased data and an executive order known as 12333, that operate in the shadows.
Despite this parade of horribles, the hearing had a cheerful moment when it was interrupted by the announcement of a major reform coalition victory. The Davidson-Jacobs Amendment passed the House by a voice vote during a recess in the hearing, an announcement that drew cheers from witnesses and House Members alike. This measure would require agencies within the Department of Defense to get a probable cause warrant, court order, or subpoena to purchase personal information that in other circumstances would require such a warrant.
Schaerr was optimistic that further reforms will come. He said:
“Revulsion at unwarranted government surveillance runs deep in our DNA as a nation; indeed, it was one of the main factors that led to our revolt against British rule and, later, to our Bill of Rights. And today, based on a host of discussions with many civil liberties and other advocacy groups, I’m confident you will find wide support across the ideological spectrum for a broad surveillance reform bill that goes well beyond Section 702.”
PPSA Applauds House Judiciary Committee for Unanimous Vote to Advance the Fourth Amendment Is Not For Sale Act
Earlier today the House Judiciary Committee voted to advance the Fourth Amendment Is Not For Sale Act out of committee by a 30-0 unanimous vote, with one abstention. PPSA applauds Chairman Jordan, Ranking Member Nadler, and the Members of the Committee for taking this important step to protect Americans’ privacy.
“Stopping the government from spying on Americans by buying their sensitive personal information from data brokers is a critical part of the government surveillance reforms Congress is working towards this year,” said Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee. “As Congress considers the reauthorization of Section 702 of FISA, it should hold strong to the principle that no surveillance authorities should be reauthorized without closing the data broker loophole. The Committee’s overwhelming, bipartisan, unanimous approval of the Fourth Amendment is Not For Sale Act sends a strong signal in that regard.”
Our digital devices can tell everything about us – who we visit, what we like and believe, who we befriend, where we go, our medical concerns, and other personal information.
The government is required by the Fourth Amendment of the U.S. Constitution to obtain a warrant before it can seize our personal information. But the government has found a workaround to the Constitution – law enforcement, intelligence, and other federal agencies spy on us by simply buying our personal information from shady data brokers. The Fourth Amendment Is Not for Sale Act will close this loophole and prevent the government from sidestepping our constitutional rights.
PPSA is pleased that the House Judiciary Committee reported H.R. 4250, the Protect Reporters from Exploitative State Spying (PRESS) Act, to the full House by a unanimous 23-0 vote.
Many reporters have had their records seized by federal prosecutors, sometimes by secret orders to cloud computing companies. This bill, long supported by PPSA and civil liberties sister organizations, would protect journalists and their sources by granting a privilege to shield confidential news sources in federal legal proceedings. It contains reasonable exceptions in cases where application of the privilege could result in serious harm.
Former Rep. Bob Goodlatte, who served as Chairman of the House Judiciary Committee and now as PPSA Senior Policy Advisor, said:
“Journalism and the right to report on government actions must be better protected. We’ve all seen law enforcement officials under multiple recent administrations issue secret orders to surveil the private communications of journalists. Their freedom to report on government misdeeds is critical to maintaining a free society, and I encourage the broader House of Representatives to swiftly approve this legislation, as they have in the past.”
PPSA would like to extend its gratitude to Reps. Kiley and Raskin for their leadership in introducing the bill, as well as to Chairman Jordan and Ranking Member Nadler for their support in moving it through committee.
The PRESS Act’s passage is the result of overwhelming bipartisan support for freedom of the press guaranteed by the First Amendment of the Constitution, as well as support for our Fourth Amendment right to privacy. We hope the full House will take up and pass this important legislation soon.
PPSA previously sent an appeal to every Member of the U.S. House urging them to vote for the Davidson-Jacobs Amendment to the National Defense Authorization Act (NDAA). It would place significant restrictions on the government’s purchase of Americans’ Fourth Amendment-protected sensitive, personal information without a warrant.
We attached to our letter the endorsement of this measure from more than 40 civil liberties allies—ranging from the ACLU to FreedomWorks, from the Brennan Center and Demand Progress to Americans for Prosperity and the Due Process Institute.
The strong bipartisan support in the House led to the passage of this important measure by voice vote.
“This vote is vital because our digital histories reveal our personal lives—where we’ve been, who we’ve met or communicated with, what we’ve searched for online, even our medical issues,” we wrote. “A digital portrait can be more personal and intimate than a diary.
“Yet, under current practice, federal agencies purchase our most sensitive and personal information scraped from apps and sold by third-party data brokers. The general counsels of intelligence and law enforcement agencies assert a right to see our most personal information without the need to get a warrant, in flagrant disregard of the Fourth Amendment to the Constitution.”
“This is the kind of practice one expects of a surveillance state, not America.”
The House now officially agrees. This measure would require agencies within the Department of Defense to get a probable cause warrant, court order or subpoena to purchase personal information that in other circumstances would require such a warrant.
“This amendment strikes a reasonable balance between respecting the privacy of Americans while leaving the government with the power to search for potential threats to the homeland,” says Bob Goodlatte, PPSA Senior Policy Advisor. “The Senate should respect the groundswell of bipartisan support shown in the House today for this amendment in the NDAA.”
In today’s House Committee Judiciary hearing with FBI Director Christopher Wray, Rep. Pramila Jayapal (D-WA) expertly revealed the extent to which the FBI is unwilling to publicly discuss its use of commercially available information (go to 1:10:50 mark).
Rep. Jayapal asked the director about his claim before the Senate Intelligence Committee in March that the FBI had previously purchased Americans’ location data information from internet advertisers but had stopped the practice. Why, then, Jayapal asked, did a report from the Office of the Director of National Intelligence (ODNI) reveal that the government continues to purchase Americans’ personal data scraped from apps and sold to the government by third-party data brokers?
The report was surprising for its frankness. An ODNI panel admitted that such data can be used to “facilitate blackmail, stalking, harassment, and public shaming.”
Rep. Jayapal asked how the FBI uses such data. Director Wray responded that this is too complex to cover in a short exchange. He said there are so many precise definitions that he had best send “subject matter experts” from the FBI to give Rep. Jayapal a briefing, presumably behind closed doors and under classified rules that would prevent public discussion.
Rep. Jayapal then went on to note that more than historic location data is at stake. Purchased data, she said, include biometric data, medical and mental health records, personal communications, and internet search histories and activities. She asked Director Wray: Does the FBI have a written policy on how it uses such commercially available information?
Director Wray did not seem sure. He replied that he would be happy to provide a private briefing.
Rep. Jayapal next asked if there is an FBI policy for using purchased information against Americans in criminal cases.
Once again, Director Wray punted.
After Rep. Jayapal was finished, House Judiciary Chair Jim Jordan (R-OH), said that her remarks were “well said,” and promised a bipartisan approach on the issue. Speaking for Republicans, Chairman Jordan told Rep. Jayapal, chair of the progressive caucus, “you have friends over here who want to help you with that.”
We suggest that a bipartisan next step could be an open hearing with the FBI’s experts on how much purchased information is obtained and how it is used.
Sens. Ron Wyden and Rand Paul are renewing their push for the Protecting Data at the Border Act, a bill to ensure that government agents, including agents of Customs and Border Protection, obtain a warrant to search the personal data of Americans returning from abroad. The measure would send a resolute message: Americans' digital privacy is guaranteed, even at the border.
Until 2014, the federal government claimed it did not need a warrant to search a device if a person had been arrested. In Riley v. California, a landmark Supreme Court case, the Justices unanimously held that the warrantless, deep search of the digital contents of a cell phone during an arrest is unconstitutional under the Fourth Amendment. If this principle pertains to an arrestee, how much more should it pertain to an American citizen who is merely traveling?
Yet border zones, whether points of entry to Canada or Mexico, or airports, have become legal twilight zones where the Fourth Amendment is treated as a suggestion. With ever-increasing international traffic, the potential for government misconduct grows as well.
PPSA has called attention to constitutional loopholes at the border before. In 2021, we reported that two troubling trends at the border threatened the rights of Americans. One is the rollout of facial recognition technology and other biometric surveillance by Customs and Border Patrol, which is used on citizens and non-citizens who arrive at a U.S. airport. The other – and by far the most intrusive – is the existing practice of accessing the contents of returning citizens’ cellphones, laptops, and other electronic devices.
In 2017, a NASA employee was stopped by Customs and Border Patrol agents and told he could not leave until he gave CBP agents his password to his phone, which belonged to NASA and contained sensitive and confidential information. In an ACLU petition filed to the Supreme Court in 2021 (Merchant v. Mayorkas), eleven U.S. citizens sued over having their electronic devices examined at the border without a warrant or reasonable suspicion. Unfortunately, the Court declined to hear the case.
PPSA endorses the Protecting Data at the Border Act. This bill will go a long way towards codifying and ensuring that the Fourth Amendment protects American citizens at the border. The bill will also prohibit officials from delaying or denying entry to the U.S. if a person declines to hand over devices and requires law enforcement to have probable cause to seize a device.
Bob Goodlatte, PPSA senior policy advisor and former Chairman of the House Judiciary Committee, said:
“There is no excuse for the government to suspend the Fourth Amendment at the border. While it is reasonable for border agents to protect the nation with inspections for pests, contraband, and illegal narcotics, it is an outrageous violation of the Constitution for agents to scan the contents of our digital devices, delving into the sensitive and personal aspects of our domestic lives.
“Sens. Ron Wyden and Rand Paul are stepping up to remind the government that we don’t shed our constitutional rights just because we travel.”
The digital trail you leave behind can be used to create a profile of you by your race, religion, gender, sexual orientation, financial issues, personal medical history, mental health, and your physical location.
PPSA has long warned against the routine sale of our personal and sensitive information scraped from apps and sold to U.S. federal agencies by data brokers. The general counsels of these law enforcement and intelligence agencies claim that they are not violating the Fourth Amendment prohibition against warrantless search and seizure because they are not seizing our data at all.
They’re just buying it.
That is galling enough, but what about hostile governments accessing your most personal information? They have no guardrails and would surely have no scruples in using your information against you and, for those in the military or other sensitive positions, the United States.
Under Chinese law, China’s technology companies are obligated to share their data with Chinese intelligence. Imagine all the data Chinese military, intelligence, and commercial actors have on the 80 million American users of TikTok. Then multiply that by all the data China acquires through legal, commercial means.
“Massive pools of Americans’ sensitive information – everything from where we go, to what we buy and what kind of health care services we receive – are for sale to buyers in China, Russia and nearly anyone with a credit card,” said Sen. Ron Wyden, (D-OR), sponsor of the Protecting Americans’ Data from Foreign Surveillance Act of 2023.
“The privacy and security of our data is essential to the freedoms we hold dear,” said co-sponsor Sen. Cynthia Lummis (R-WY). “If foreign adversaries can access our data, they can control it.”
Their bill is also supported in the Senate by Sens. Sheldon Whitehouse (D-RI), Bill Hagerty (R-TN), Martin Heinrich (D-NM), and Marco Rubio (R-FL). It is supported in the House by Rep. Warren Davidson (R-OH) and Rep. Anna Eshoo (D-CA). This bill would apply tough criminal and civil penalties to prevent employees of foreign corporations like TikTok from accessing U.S. data from abroad.
“Freedom surrendered is rarely reclaimed,” said Rep. Davidson. PPSA agrees and supports this bill.
“The need to address foreign exploitation of Americans’ data is urgent,” said Bob Goodlatte, former House Judiciary Committee Chairman and Senior Policy Advisor to PPSA. “This legislation should also prompt us to get our own house in order. Members should address exploitation of our personal information by our government. I hope every member who signs on to this bill supports requiring the U.S. government to obtain a warrant when it wishes to inspect our commercially acquired information, as well as data from Section 702 of the Foreign Intelligence Surveillance Act.”
The substance of Special Prosecutor John Durham’s appearance earlier this week before the House Permanent Select Committee on Intelligence (HPSCI) is not public. But it is clear from the attitudes of Members who emerged from that closed hearing that what they heard – and discussed – left them with a determination to insist on reform of Section 702 of the Foreign Intelligence Surveillance (FISA) as a condition for renewing this surveillance authority in December.
Durham’s famous report on the FBI/Carter Page surveillance scandal centered around FISA’s Title 1 authority, which involved repeated submissions by the FBI to surveil Trump campaign aid Page. With lies of omission and commission, these submissions included a forged document by an FBI lawyer that attempted to hide Page’s service to the CIA as a highly rated informant.
Rep. Mike Turner, committee chairman, and Rep. Jim Himes, ranking member, both agreed that Durham’s appearance before the committee without cameras led to a probing and dispassionate discussion that included ways to reform Section 702 of the Foreign Intelligence Surveillance Act (FISA).
“It was interesting to hear from Mr. Durham that he has concerns that there are reforms that need to go in place, and that there are still issues that need to be addressed,” Chairman Turner said. “I think that we were able to get some information that would be very helpful for us and the work that we have to do on both FISA renewal, FISA reforms, and also reform issues with the FBI.”
Ranking Member Himes also came out of that HPSCI hearing saying that there was a near-unanimous view on the committee that 702 has to be “reauthorized with reforms.”
It is easy to connect the dots. If Members heard how easily the FBI could misinform a FISA court judge, how much easier would it be to jump any guardrails when Americans’ personal data is examined under the 702 process, which is not under any judicial review? And it is likely the hearing unscored for Members that even when there is a federal judge, whenever there is a case in which sensitive First Amendment rights of Americans are at stake – as in the obvious case of a presidential campaign – the appointment of a civil liberties expert as an advisor to the court, or amicus, should be required.
Just imagine how much trouble might have been avoided for the nation, a presidential campaign, and the FBI itself if the bureau had been simply forced to answer tough questions before FISA court Judge James Boasberg.
Admits Potential for Abuse of Government Spying into Americans’ Politics, Religion, and Sex Lives
For years, PPSA has warned about the vast amounts of sensitive personal information about our private lives that are scraped from our apps and sold by third-party data brokers to government intelligence and law enforcement agencies. Now we have telling details from the inside.
On Friday, the Office of the Director of National Intelligence released a declassified report from a senior advisory group that sheds new light on the dangers posed by Commercially Available Information (CAI). Unlike most government documents, this report is remarkably self-aware and willing to explore the dangers of this policy in plain language.
This panel details all the many sorts of data that the government collects about us from commercial sources.
One data broker with the exceptionally creepy name of PeekYou brags that it “collects and combines scattered content from social sites, news sources, homepages, and blog platforms to present comprehensive online identities.”
The panel is forthright about how this data can be used to “facilitate blackmail, stalking, harassment, and public shaming.” It is not difficult, the report notes, for deanonymized information (which exposes a person’s identity) sold by data brokers to be combined or used with other data “to reverse engineer identities or deanonymize various forms of information.”
The authors of this report recognize how dangerous it is for the intelligence community to have this much commercially available information on its citizenry at its fingertips.
“The government would never have been permitted to compel billions of people to carry location tracking devices on their persons at all times, to log and track most of their social interactions, or to keep flawless records of all their reading habits. Yet smartphones, connected cars, web tracking technologies, the Internet of Things, and other innovations have had their effect without government participation. While the IC cannot willingly blind itself to this information, it must appreciate how unfettered access to CAI increases its power in ways that may exceed our constitutional traditions or other societal expectations.”
The authors note that “CAI could be used, for example, to identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.” And the danger to the American people is not just from our government: this report warns of “intelligence benefits to our adversaries,” allowing foreign agencies to use open-source intelligence and AI to disinform and influence the public.
It cites a chilling factoid from a Duke University report that of the 10 major data brokers, three advertise an ability to provide data to identify U.S. military personnel.
The ODNI report quotes the Duke study that foreign actors could use CAI “to bolster their influence campaigns to interfere in U.S. electoral processes. Criminal organizations could use this data to build profiles on and subsequently target prosecutors and judges. Foreign intelligence organizations could acquire this data through a variety of means – including through front companies that could legally purchase the data from U.S. brokers and through simply hacking a data broker and stealing it all – to build profiles on politicians, media figures, diplomats, civil servants, and even suspected or secretly identified intelligence operatives.”
The authors recognize a danger for U.S. agencies, that “mission creep” can “subject CAI collected for one purpose to other purposes that might raise risks beyond those originally calculated.” It raises the question of the government’s obligation to respect the Fourth Amendment in accessing technologies that track our movements. It highlights the principles set out in a Supreme Court opinion that requires a warrant for certain kinds of cellsite location data.
Yet the report notes that the Defense Intelligence Agency nevertheless provides funding to “another agency” for it to purchase commercially available geolocation data aggregated from smartphones. The author admits it is unclear whether this data is for U.S. locations or foreign ones. The report says that agencies rely on a facial recognition company, Clear, not only to “resolve identities,” but also to locate people.
The authors challenge the bland assertions of federal agencies that Commercially Acquired Information, CAI, is the same as Publicly Available Information, PAI.
“In our view, profound changes in the scope and sensitivity of CAI have overtaken traditional understandings, at least as a matter of policy. Today’s publicly available CAI is very different in degree and in kind from traditional PAI.”
The authors refer to Riley v. California, a Supreme Court case that required a warrant before police could access information in a suspect’s cellphone. The report quotes the Court that asserting that modern CAI is materially indistinguishable from traditional PAI “is like saying a ride on horseback is materially indistinguishable from a flight to the moon.”
Having defined the problems, the authors of this report advance possible solutions. They propose internal processes that could minimize the dangers of mass collection of our private information, changes in how information is cataloged, developing standards and procedures, heightening approvals for information in “sensitive” categories, the creation of additional mitigation measures, and developing more “precise sensitivity and privacy-protecting guidance for PAI.”
The authors of this report should be commended for their frankness. Their solution, however, would merely replicate the failed approach of the FBI in its repeated attempts to reform the processes used to extract Americans’ personal information from Section 702 of the Foreign Intelligence Surveillance Act.
In both instances, the answer to these dilemmas is the Fourth Amendment’s probable cause warrant, an 18th century solution for these 21st century dilemmas.
Four Surveillance Experts Explain
Ever wonder why Congress doesn’t do a better job of oversight of the intelligence community and its vast, unaccountable surveillance system that spies on us?
The answer, says Bob Goodlatte, former chairman of the House Judiciary Committee and PPSA Senior Policy Advisor, is that the security clearances held by Members are meaningless if the executive branch restricts what they are allowed to see. And some Members have become too close to the agencies they are tasked with overseeing to do their job objectively.
Another factor in weakening Congressional oversight is that many Members of Congress are deeply reliant on staff to dig into intelligence reports, analyze what they are reading, and come away with critical insights into the surveillance activities of U.S. federal intelligence and law enforcement agencies. In the House, most Members do not even have staffers with high levels of security clearance to perform this function.
Thus, free of strong Congressional oversight, federal agencies “spy first, ask for forgiveness later,” says Jake Laperruque of the Center for Democracy and Technology. As a result, Laperruque says, “violations are epic in scale.” When federal agencies are caught stretching or breaking the laws they respond with a charade of addressing rule-breaking with tighter rules.
Thus, Laperruque adds, agencies follow a tried-and-true formula of “violate, tweak rules, repeat.”
These are just some of the nuggets from an hour-long conversation between Goodlatte, Laperruque, Liza Goitein of the Brennan Center for Justice, in a discussion moderated by Cato Institute senior fellow, Patrick Eddington.
Watch and you will learn about the origins of foreign surveillance authorities used by agencies to spy on Americans, as well as why Bob Goodlatte believes that simply allowing one of them, Section 702, to expire would be a mistake. (Go to 36:00 mark).
In the course of the 2020 presidential election, the FBI approached and pressured Twitter to grant the agency access to private user data. This information has come to light as part of the “Twitter Files” expose, a sprawling series of reports based on internal documents made available through Elon Musk’s ownership of the site.
In January of 2020, Yoel Roth, former Twitter Trust and Safety head, was pressured by the FBI to provide access to data ordinarily obtained through a search warrant. Roth had been previously approached by the FBI’s national security cyber wing in 2019 and had been asked to revise Twitter’s terms of service to grant access to the site’s data feed to a company contracted by the Bureau.
Roth drafted a response to the FBI, reiterating the site’s “long-standing policy prohibiting the use of our data products and APIs for surveillance and intelligence-gathering purposes, which we would not deviate from.” While Twitter would continue to be a partner to the government to combat shared threats, the company reiterated that the government must continue to “request information about Twitter users or their content […] in accordance with [the] valid legal process.”
Twitter and other social media platforms have been aware of increasing FBI encroachment for some time. In January of 2020, Carlos Monje Jr., former Director of Public Policy and Philanthropy at Twitter, wrote to Roth, saying “we have seen a sustained (if uncoordinated) effort by the IC [intelligence community] to push us to share more info & change our API policies. They are probing & pushing everywhere they can (including by whispering to congressional staff)...” Accordingly, from January 2020 and November 2022, over 150 emails were sent between the FBI and Roth.
Not only is the FBI trying to gain a backdoor into Twitter’s data stream, in several cases, the Bureau has pressured Twitter to pre-emptively censor content, opinions, and people. For example, the agency allegedly demanded that Twitter tackle election misinformation by flagging specific accounts. The FBI pointed to six accounts, four of which were ultimately terminated. One of those profiles was a notorious satire account, which calls into question the FBI’s ability to spot fakes. In November, the FBI handed Twitter a list of an additional twenty-five accounts that “may warrant additional action.” And, of course, there is the story about Hunter Biden’s laptop. According to the “Twitter Files,” the FBI pressured Twitter to censor the story as a possible Russian misinformation attack. This was a major story mere days before a presidential election, which the FBI worked to suppress.
Expanding efforts by the FBI to gain a backdoor into private social media information is a grave concern, as is the Bureau’s efforts to suppress information. That the agency continues to pursue such options even after being advised that those options violate normal legal procedures is yet another example of how the agency has become increasingly politicized, to the extent that a House Judiciary Committee report described the Bureau’s hierarchy as “rotted at its core” and embracing a “systemic culture of unaccountability.” This is a serious cause for concern given the widespread effects that the agency’s use and potential misuse of its authorities can have on the country as a whole.
“Just One Sign of a Much Larger Privacy Crisis"
In February, we quoted CATO Institute senior fellow Julian Sanchez that the evidence presented by special counsel John Durham against lawyer Michael Sussman shows an interesting trail that leads from academic researchers, to private cybersecurity companies and security experts, to government snoopers.
Sanchez said: “A question worth asking is: Who has access to large pools of telecommunications metadata, such as DNS records, and under what circumstances can those be shared with the government?”
Sanchez’s prescient questions received partial answers today from Sen. Ron Wyden. The Oregon senator released a letter he sent to the Federal Trade Commission asking the agency to investigate Neustar, a company that links Domain Name System (DNS) services of websites to specific IP addresses and the people who use them.
Such companies, Sen. Wyden wrote, “receive extremely sensitive information from their users, which many Americans would want to remain private from third parties, including government agencies acting without a court order.” Some websites cited by the senator that consumers may visit but would not want known are the National Suicide Prevention Hotline, the National Domestic Violence Lifeline, and the Abortion Finder service.
Sen. Wyden wrote that Neustar, under former executive Rodney Joffe, sold data for millions of dollars to Georgia Tech, but not for purely academic research. Emails obtained by Sen. Wyden purportedly show that the FBI and DOJ “asked the researchers to run specific queries and that the researchers wrote affidavits and reports for the government describing their findings.”
Because Neustar obtained data from an acquired company – and that company explicitly promised to never sell users data to third-parties – Neustar violated that promise. Sen. Wyden says it is FTC policy that privacy promises to consumers must be honored when a company and its data change ownership.
“Senator Wyden provides sufficient reason for the FTC to open an investigation,” said Gene Schaerr, general counsel of Project for Privacy & Surveillance Accountability (PPSA). “But there is more reason for the judiciary committees of both houses of Congress to hold in-depth hearings. There are abundant signs that this story is just one example of a much bigger privacy crisis.”
Schaerr noted that intelligence and law enforcement agencies, from the Internal Revenue Service to the Drug Enforcement Administration, Customs and Border Protection, as well as the FBI, assert they can lawfully avoid the constitutional requirement for probable cause warrants by simply buying Americans’ personal information from commercial data brokers.
“Data from apps most Americans routinely use are open to warrantless examination by the government,” Schaerr said. “The Founders did not write the warrant requirement of the Fourth Amendment with a sub-clause, ‘unless you open your wallet.’ These practices are explicitly against the spirit and letter of the U.S. Constitution. Americans deserve to know how many agencies are buying data, how many companies are selling it, and what is being done with it.”
The Internet of Things (IoT), long promised, is already here. It is happening incrementally – from coffee makers, to cars, to refrigerators – that send voluminous quantities of our personal information to the cloud. As the IoT knits together, consumers need to know how our information is being collected.
Most people are unaware that refrigerators, washers, dryers, and dishwashers now often have audio and video recording components. By 2026, over 84 million households will have smart devices, each one a node within a seamless web of personal information. But how will this storehouse of personal data be regulated?
Looking ahead to the growing hazards of the near-future, Sen. Maria Cantwell (D-WA), and Sen. Ted Cruz (R-TX), introduced the Informing Consumers about Smart Devices Act. This legislation would require the Federal Trade Commission to create reasonable disclosure guidelines for products that have video or audio recordings.
“Most consumers expect their refrigerators to keep the milk cold, not record their most personal and private family discussions,” Sen. Cantwell said.
We would make the larger point that Americans shouldn’t have to think about what they say or do in the presence of their appliances. (Although it would be nice to have a smart refrigerator that slaps our hand after 9 p.m.) The greater issue is that all the data that apps, and perhaps now our smart appliances, extract from us can be accessed by government agencies without any need to obey the constitutional requirement to obtain a warrant. All an agency needs to do to obtain our personal information is to purchase it from a private data broker.
That’s all the more reason to pass the Fourth Amendment Is Not For Sale Act.
Is a “special needs exception” to the Fourth Amendment much different from a “community caretaking exception?” PPSA filed a brief before the U.S. Supreme Court demonstrating that it is not.
The U.S. Supreme Court ruled in 2021 in Caniglia that the police acted improperly by entering a man’s home and confiscating his guns under the “community caretaking” doctrine – in which the police are making a “welfare check” rather than acting as law enforcement officers. The High Court saw through this precedent from the 1970s and ruled that supposedly “non-investigative” intrusions into a home are what they seem to be – plain violations of the Fourth Amendment.
To the astonishment of many legal observers, the Second Circuit Court of Appeals ignored this unanimous Supreme Court opinion in a nearly identical case. In Torcivia v. Suffolk County, the Second Circuit applied a flexible “special needs exception” to the Fourth Amendment. One familiar example of this exception is when authorities decide that some local requirement, such as curbing drunk driving with spot checks, is necessary. But this case did not involve a car on the highway: it involved warrantless entry into a home and the confiscation of a citizen’s lawfully-owned firearms.
The government responded to our petition for the Court to hear Torcivia with the straight-face argument that the community caretaking exception is not the special needs exception. No one claimed it was. But we told the Court that the “logic underlying the special needs exception is indistinguishable from the logic this Court rejected in Caniglia.”
Our brief demonstrates to the Court that absent emergency circumstances or consent, if the “government can overcome the warrant requirement that has traditionally protected the home merely by pointing to an interest that the government feels is sufficiently strong, then the Fourth Amendment no longer serves as a meaningful limit on government power.”
“Respondents cannot escape that the Second Circuit applied the special needs exception to a seizure of firearms located in the home of a person not on probation or parole. That extension cannot be squared with this Court’s precedents or with the text, history, and tradition of the Fourth Amendment.”
Chris Gilliard in Atlantic describes a day of “luxury surveillance” – what an affluent consumer experiences by being willing to have his heartbeat, sleep, fitness, mood, digital orders, and daily queries continuously tracked.
This is not, Gilliard writes, a dystopian vision. In Gilliard’s “day in the life” description all the services and devices are current Amazon products endowed with what the company calls “ambient surveillance.” They could just as easily be Apple Watches, Apple, Samsung or Google smartphones, or Google Nest devices. What could be wrong, then, with consumers by the millions opting into ambient surveillance?
Gilliard sees a lot wrong. He offers a cautionary note from personal experience:
“Growing up in Detroit under the specter of the police unit STRESS – an acronym for ‘Stop the Robberies, Enjoy Safe Streets’ – armed me with a very specific perspective on surveillance and how it is deployed against Black communities. A key tactic of the unit was the deployment of the surveillance in the city’s ‘high crime’ areas. In two and a half years of operation during the 1970s, the unit killed 22 people, 21 of whom were Black.”
Now, Gilliard writes, “think of facial recognition falsely incriminating Black men, or the Los Angeles Police Department requesting Ring-doorbell footage of Black Lives Matter protests.”
We would add that one problem with luxury surveillance is that all this data being compiled on us can be easily acquired by local law enforcement, as well as by federal agencies ranging from the Department of Defense to the Department of Homeland Security. It is one thing to be surveilled in order to have an ad slipped into your social media feed. It is something else to find a SWAT team knocking down your door at dawn. Luxury surveillance is a boon for consumers until it isn’t. All the more reason why Americans should support the Fourth Amendment Is Not for Sale Act, which would at least constrain the ability of the government to get around the Constitution by buying our most personal information.
Charles C.W. Cooke in National Review recently penned a provocative essay that says what some conservative Republicans and progressive Democrats are thinking – dismantle the FBI!
Cooke makes a case that ever since J. Edgar Hoover took over the Bureau of Investigation, the FBI has been “a violent, expansionist, self-aggrandizing, and careless outfit that sits awkwardly within the American constitutional order.”
Cooke presents the FBI’s parade of horribles: J. Edgar Hoover presented President Truman with a plan to suspend habeas corpus and put 12,000 Americans into military facilities and prisons at the outbreak of the Korean War. The FBI under Hoover’s leadership tried to convince Dr. Martin Luther King Jr. to commit suicide. It helped presidents destroy their enemies and used blackmail to intimidate the FBI’s critics (paranoia fueled from the likely fact that Hoover himself was eminently blackmailable). It doubled down on a macho confrontation with David Koresh, clearly a psychopath, leading to the deaths of 75 people, 17 of them children. We would add to that list a bureau headquarters that actively blocked investigations from the field that could have stopped 9/11.
Many have more recent reasons to suspect the FBI is rigging its investigations. In recent years, an FBI lawyer was caught and convicted of presenting altered evidence and lying to the Foreign Intelligence Surveillance Court in an effort to hide Carter Page’s service to the CIA. The FBI today has excellent justification to pursue those who invaded and trashed the U.S. Capitol on Jan. 6, and perhaps reason to pursue an investigation of former President Donald Trump’s handling of classified material – but these investigations will always be suspect to millions of Americans because of the FBI’s involvement in partisan forgery and in peddling the Steele Report, which the FBI knew at the time was unreliable. On the other side of the ideological fence, the FBI has employed invasive surveillance techniques to spy on Americans who exercised their First Amendment rights by protesting police misconduct.
So Cooke’s cry to dismantle the FBI, once a fringe opinion, is sure to have resonance with many on the right and left.
As outrageous as the FBI has been at times, however, we counsel critics remember its value in keeping us safe from terrorists, human traffickers, cyber-criminals and foreign intelligence agents from Russia and China. And make no mistake, Russian and Chinese agents and their subordinated or blackmailed helpers are in America in force and doing great harm to our country. Fighting these threats are some of the most capable and patriotic men and women we’ve ever met.
So what to do?
Cooke offers a list of potential reforms he had toyed with before deciding to argue for the wholesale dismantlement of the FBI. Cooke’s list is well thought-out and worthy of a second look and of being quoted at length:
We endorse Cooke’s strong list of reforms, to which we propose two of our own.
In looking at the history of the FBI, strong leadership has often come from its field offices. But leadership in the top tiers of the J. Edgar Hoover Building has shown itself to be entrenched with Washington power-seeking and socially enmeshed with media and political circles.
If one wants to bring about change, perhaps a good place to start would be to divert resources taken up by HQ and spread them out of Washington and into the field offices.
Andrew McCarthy, in a reply to Cooke in National Review, promotes the idea of separating the intelligence function of the FBI from its law enforcement function. This would return the FBI to being an agency dedicated solely to law enforcement. It would create an American version of the UK’s MI-5 for the purpose of counterintelligence. Like MI-5, the new agency would have no police powers (though the creation of a 19th intelligence agency in the U.S. government would undoubtedly bring fresh concerns about surveillance and privacy).
Another needed change would be to instill into the culture of headquarters something similar to that of the senior ranks of the U.S. military, which eschews any sign of partisanship. Many generals and admirals will not discuss their political views. Some make it a point of pride not to vote. This may be asking too much of civilian officials, but if an agent is assigned to a team that deals with political crimes, with First Amendment implications that resonate nationally, being an outspoken partisan should be reason enough for an immediate transfer to some other important line of duty.
Samantha Murphy Kelly of CNN Business news has a snappy take on Amazon’s recent product press event. The company, she wrote, “knows when you’re in and out of the room. A gadget that monitors your breathing pattern while you sleep. An enhanced voice assistant that highlights just how much it knows about your everyday life.”
She notes another event where Amazon introduced drones and Astro, a dog-like robot that can patrol the home when you’re gone.
Will consumers be deterred by the creep factor of giving so much of our personal information taken from the intimacy of our homes? Kelly quotes a consumer analyst who said that “negative consumer attitudes” about data collection is lessened by the service, price, and convenience of these products.
It is easy to see why consumers are sanguine about sharing data with a company that sells products and services they like. All Amazon wants to do is to sell us even more products. Dangers emerge, however, when consumer data migrates beyond the company you’re doing business with. Amazon, for its part, says that “information about our customers is an important part of our business, and we are not in the business of selling our customers’ personal information to others.”
The company does share information with third parties, such as vendors whose goods are sold through Amazon. A recent FTC filing against the data broker Kochava shows that Amazon Web Services Marketplace allows companies to buy consumers’ IP addresses and precise geolocation histories. Amazon also encourages its Ring customers to share their data with police agencies across the country – creating a national surveillance network stitched together from more than three million cameras.
Whatever the limits of Amazon’s privacy policies, most of the other major social media platforms freely sell consumer data to brokers. Among the major customers of this data, as PPSA has endlessly reported, are the intelligence and law enforcement agencies of the U.S. government – reason why PPSA has joined with almost fifty other civil liberties organizations to call for the passage of the Fourth Amendment Is Not for Sale Act.
Your dog may follow you around the house, but she will never judge you. Not so with the many devices that are infiltrating into our lives.
If you thought being subjected to “random” TSA screenings at airports was dehumanizing, just imagine your most sensitive, personal digital information being secretly reviewed by any one of thousands of government agents operating without a warrant or public oversight.
The Customs and Border Protection Commissioner Christopher Magnus revealed to Sen. Ron Wyden (D-OR) that the agency is scooping data from thousands of seized electronic devices every year. (Hat tip to Drew Harwell of The Washington Post for detailing this abuse of privacy.) That data is then added to a CBP database accessible by more than 2,700 CBP agents. That data – which can include call logs, messages, contact lists, and photos – can be kept for up to 15 years.
This story is just the latest development in a long-running series of data privacy breaches by federal law enforcement officials. Sen. Wyden criticized the agency for “allowing indiscriminate rifling through Americans’ private records.”
CBP conducted more than 37,000 searches of travelers’ devices in the 12 months ending in October 2021. According to The Washington Post, the default configuration for some data searches has been to download and retain all contact lists, call logs and messages. This means potentially millions of calls, contacts, and text messages from thousands of phones could be compromised.
It has long been known that CBP makes generous use of the “border search” exception in Fourth Amendment law. Sen. Wyden’s revelation about the scale and the scope of this loophole reveals an egregious new threat to the security of Americans’ data privacy. Congress must act now to bolster protections for data privacy.
It is high time for the Supreme Court to review and modify the judicially created border search exception in light of the massive amounts of information being seized from law-abiding citizens and then stored for long periods of time. If the Court does not protect the Fourth Amendment, then Congress should step up.
Last year, Sens. Wyden and Rand Paul (R-KY) introduced legislation that would require border officials to get a warrant before searching a traveler’s device. Congress should also pass the Fourth Amendment Is Not for Sale Act to ensure this database doesn’t fall into the hands of data brokers.
Last week, PPSA reported on Fog Reveal, a product from Fog Data Science that sells billions of data points extracted from apps on 250 million mobile devices to local police departments. An unlimited-use, one-year subscription costs a department only $7,500.
For this price, Fog Reveal offers a powerful capability, the ability to track hundreds of millions of Americans in their daily movements. It allows police to locate every device in a given geo-fenced area. It also allows police to trace the location history of a single device (and therefore, its user) over months or years.
Fog Data Science claims that it is respectful of privacy because it does not reveal the names or addresses of individual users. But a slide show from Fog Data Science prepared for police highlights how this technology can easily be used to track a suspect to his or her “bed-down” over a 180-day period. (Hat tip to the Electronic Frontier Foundation, which helpfully added yellow highlights to significant passages of Fog documents.)
It is more than a stretch then to call this data “anonymized” when it follows people to their homes, as well as to their houses of worship, meetings with friends or lovers, trips to health or mental health clinics, journalists meeting with whistleblowers, or other locales that reveal sensitive and personal information.
For those in law enforcement who go through the motions of filing a warrant, Fog Data Science offers a template warrant. Such warrants are misbegotten. They can be employed to follow a number of people in the vicinity of a crime or track everyone who attended a political protest. The Fourth Amendment requires “probable cause” in which a warrant describes “the place to be searched, and the persons or things to be seized.” It makes a mockery of the Constitution’s requirement for particularity when the police have at their fingertips a whole ocean of data involving many people. How can such a requirement be fulfilled when Fog technology allows police to go on a fishing expedition in that ocean, with any American potentially being a catch?
It is through technologies such as Fog Reveal that our country, device by device, is moving steadily toward becoming a full-fledged surveillance state.
Such details should spur Congress to investigate the uses of this technology. It should also inspire Congress to pass the Fourth Amendment Is Not for Sale Act, which would block the auctioning of our private, personal information to all government agencies.
PPSA recently reported that prosecutors charged two Twitter employees with being spies for Saudi Arabia. One of the men fled the country. The other was convicted.
Now, more bad news for Americans concerned about privacy. While Twitter’s shareholders were approving the $44 billion sale of their company to Elon Musk on Tuesday, Peiter Zatko, Twitter’s former head of security, testified before the Senate Judiciary Committee about the state of security inside the social media platform. Zatko said that the FBI had informed him that at least one agent of China’s Ministry of State Security was “on the payroll inside Twitter.”
Zatko told the senators: “I discovered that the company had ten years of overdue critical security issues, and it was not making meaningful progress on them. This was a ticking time bomb of security vulnerabilities.” He added that he made the decision to inform the FBI, which led to his dismissal. “In those disclosures, I detail how the company leadership misled its Board of Directors, regulators, and the public. Twitter’s security failures threaten national security, compromise the privacy and security of users, and at times threaten the very continued existence of the company.”
In his more than two hours of testimony, Zatko described Twitter’s senior management as deliberately ignoring security issues to protect the bottom line. “It doesn’t matter who has keys if you don’t have any locks on the doors,” he said. “It’s not far-fetched to say an employee inside the company could take over the accounts of all the senators in this room.”
At least two agents for the Indian government were on the company payroll, Zatko said, as well as the one from China. Some ads sponsored by the Chinese government appeared to have been designed to specifically capture user information.
“Twitter is acting dangerously and negligently to turn its back on user safety,” Nora Benavidez, Free Press senior counsel, told The New York Times. These alleged Twitter breaches, as bad as they are, come on top of a host of similarly disturbing stories about privacy.
From foreign infiltration of Twitter, to potential exposure of the data of American TikTok users to Chinese intelligence, to the practice of private data brokers selling Americans’ personal information scrapped from apps to U.S. law enforcement and intelligence agencies – it is clear that we are in a privacy crisis with implications for Americans’ well-being and national security. One way that Congress can respond to that crisis is by passing the Fourth Amendment is Not for Sale Act, which would ban the sale of private data to the government. Once that bill passes, it will be a helpful achievement in creating momentum to deal with all the remaining privacy issues.
To quote a line from a great play, “attention must be paid.”
A growing number of House and Senate members are supporting the Fourth Amendment Is Not for Sale Act, which would require law enforcement and intelligence agencies to obtain a probable cause warrant before accessing Americans’ personal information purchased from a private-sector data broker.
But what about non-state actors buying our information?
A recent lawsuit brought against private-data broker Kochava by the Federal Trade Commission reveals the horrific exposure of Americans’ most personal data to unseen – and possibly unknown – private actors.
Kochava claims to have “rich geo data spanning billions of devices globally,” with location data feed that “delivers raw latitude/longitude data with volumes around 94B-plus billion geo transactions per month, 125 million monthly active users, and 35 million daily active users, on average observing more than 90 daily transactions per device.”
In its filing on Aug. 29, the FTC writes that a purchaser would only need to provide Kochava a personal email address and describe the intended use as “business” to gain access to your data from Kochava.
“The location data provided by Kochava is not anonymized,” the FTC filing asserts. “It is possible to use the geolocation data, combined with the mobile devices MAID (Mobile Advertising ID), to identify the mobile device’s user or owner.”
The FTC claims:
“Precise geolocation data associated with MAIDs, such as the data sold by Kochava, may be used to track consumers to sensitive locations, including places of religious worship, places that may be used to infer an LGBTQ+ identification, domestic abuse shelters, medical facilities, and welfare and homeless shelters.” It can identify women who visit reproductive clinics and people who attend services at Jewish, Christian, Islamic and other religious denominations’ places of worship.
Kochava, the FTC claims, does not employ a blacklist that removes or obfuscates data-set location signals from these sensitive locations.
The facts presented by the FTC, as alarming as they are, should not get mixed up in the separate debate on the Hill over restricting the government’s ability to purchase our private data. The many federal agencies that buy our data are not just violating our privacy. They are eviscerating the plain meaning of the Constitution’s Fourth Amendment, which requires government to get a warrant from a court to access our personal information.
The solution to private-sector access to personal information is a deep and complex debate taking place within multiple Congressional committees and stakeholders from business and consumer groups. Passing the Fourth Amendment Is Not for Sale Act in this Congress, which would close off the government’s warrantless access to Americans’ personal information, would be a strong predicate for that next step in the privacy debate.
In a hearing over the summer, the House Judiciary Committee took a hard look at the way in which private data brokers freely sell Americans most personal information to a host of government law enforcement and intelligence agencies.
Chairman Jerry Nadler said that digital tracking is “so precise that officers can track individuals within specific homes and businesses … tracking your location over time, within inches, without any due process whatsoever.
“The end result is that, just by going about your daily life, your data may be swept up in and make you the subject of a criminal investigation … If law enforcement and intelligence agencies remain unrestrained in their ability to purchase this data, our right to privacy will be at best illusory.”
Ranking Member Jim Jordan said that the government continues to transform guardrails meant to protect privacy into loopholes to allow the government to do whatever it wants. Jordan said, “this is wrong and it’s un-American.”
Representatives of both parties expressed dismay about how freely federal agencies utilize and abuse surveillance powers in defiance of the Fourth Amendment. Rep. Zoe Lofgren detailed the many ways the U.S. Immigration and Customs Enforcement agency tracks Americans’ daily movements and extracts personal information from utility records. Rep. Andy Biggs spoke of the uses to which the government can employ geolocation tracking against Americans.
In short, the House Judiciary Committee did an excellent job of teeing up the issue. Now it is time to swing the club for a legislative solution.
On Wednesday, PPSA joined with Americans for Prosperity, Demand Progress, the Due Process Institute and Free Press Action to call on the committee to take bipartisan action and mark up the Fourth Amendment Is Not for Sale Act.