The nomination of Tulsi Gabbard to serve as Director of National Intelligence promises to be contentious. One thing cannot be disputed: The former Congresswoman from Hawaii and lieutenant-colonel in the U.S. Army Reserve, with experience in Iraq and other dangerous countries, would bring a combination of responsible handling of secrets along with a solid record of surveillance reform. Gabbard voted for the USA RIGHTS Act and other measures that would require warrants for the government to access Americans’ data and to protect personal use of encrypted apps. Rep. Gabbard also filed an amendment to the National Defense Authorization Act in 2019 to prohibit government purchases of body cameras equipped with facial recognition and other biometric devices. In these and many other ways, Gabbard has compiled the record of a surveillance-reform leader. While in Congress, Gabbard served on the Homeland Security, Armed Services, and Foreign Relations Committees. A former Vice-Chair of the DNC, Gabbard made a long journey from being a staunch Democrat to supporting Donald Trump’s presidential campaign. As a private citizen, Gabbard is arguably a victim of surveillance abuse herself. Her record on surveillance reform is enough to send shivers down the backs of officials in the FBI and other intelligence organizations long used to warrantless access to Americans personal information. Not surprisingly, Gabbard is now being attacked in a whisper campaign by nameless sources for being a flake who has taken pro-Russian and pro-Syria positions. Gabbard is articulate in responding to these charges, portraying herself as foreign-policy realist. We hope the Senate will keep an open mind and listen to Tulsi Gabbard’s defense. Above all, we hope the Senate will consider the need to bring balance back to the intelligence community, which often helps itself to the purchased personal data of American citizens without bothering to seek a warrant. As a candidate, Donald Trump promised to reform FISA. Appointing Tulsi Gabbard to lead the intelligence community shows he’s serious about that. The next Director of National Intelligence should be someone who can restore a balance between the need to respect the constitutional rights of Americans and the need to keep America safe. The incoming Trump administration has an unparalleled opportunity to achieve historic surveillance reform. Donald Trump made campaign pledges to:
The Trump agenda on surveillance reform presages monumental and much needed reforms, from Section 702 reform to passage of the Fourth Amendment Is Not For Sale Act by both houses of Congress. The stars are aligning with the incoming administration. The 119th Congress must make the most of this historic opportunity. Ever have the uncanny feeling that as soon as you voice an interest in a consumer item – a vacation destination, a tie or a scarf, an exotic coffee – an ad for that very item appears in your social media feed? Are our phones listening to us and reporting what we say in private conversations to advertisers? The Electronic Frontier Foundation explores this question in this short video along with a factsheet. While EFF says our phones are probably not listening to us, the mechanisms behind this phenomena of coincidental ads are no less disturbing: As EFF observes, it isn’t just advertisers that are buying our digital lives from data brokers. The federal government is also buying this same intrusive data gleaned from our social media interests and apps. This is the worst violation of our privacy, one that comes from a federal government that has the power to raid our homes and charge us with crimes on the basis of personal information acquired without a warrant. All the more reason to urge your U.S. Senators to follow the example of the U.S. House of Representatives and pass The Fourth Amendment Is Not For Sale Act, which would require federal intelligence and law enforcement agencies to obtain probable cause warrants – as required by the U.S. Constitution – before examining our purchased data. The CFPB Curbs Worker Surveillance – Will the Government Live Up to Its Own Privacy Standards?10/31/2024
The Consumer Financial Protection Bureau (CFPB) is warning businesses that use of “black-box AI” or algorithmic scores about workers must be consistent with the rules of the Fair Credit Reporting Act. This means employers must obtain workers’ consent, provide transparency when data is used for an adverse decision, and make sure that workers have a chance to dispute inaccurate reports. That’s a good move for privacy, as far as it goes. The problem is, it doesn’t go nearly far enough because the federal government doesn’t impose these same standards on itself. First, PPSA agrees with the tightening of employers’ use of digital dossiers and AI monitoring. Whenever someone applies for a job, the prospective employer will usually perform a search about them on a common background-check site. It is not surprising that businesses want to know about applicants’ credit histories, to check on their reliability and conscientiousness, and if they have a possible criminal past. But third-party consumer reports offer much more than those obvious background checks. Some sites, for example, are used to predict the likelihood that you might favor union membership. More invasive still are apps that many employers are requiring new employees to install on personal phones to monitor their conduct and assess their performance. The decision to reassign employees, promote or demote them, or fire them are coming from automated systems, decisions made by machines that often lack context or key information. Federal agencies, from the CFPB to the Federal Trade Commission, have not been shy about calling out privacy violations like these of some businesses for years now. Too bad our government cannot live up to its own high standards. The government freely acknowledges that a dozen agencies – ranging from the FBI to the IRS, Department of Homeland Security, and the Pentagon – routinely buy the most intimate and personal data of Americans scraped from our apps and sold by shadowy data brokers. The data the government collects on us is far more extensive than anything a commercial data aggregator could find. The government can track our web browsing, those we communicate with, what we search for online, and our geolocation histories. This is far more invasive and intrusive than anything private businesses are doing in screening applicants and monitoring employees. Worse, the government observes no obligation to reveal how this data might be used to compile evidence against a criminal defendant in a courtroom, or if agencies are using purchased data to create dossiers on Americans to predict their future behavior. There is no equivalent of the Fair Credit Reporting Act when it comes to the government’s use of our data. But there is the Fourth Amendment Is Not For Sale Act, a bill that would require the government to obtain a probable cause warrant – as required by the Constitution – before inspecting our digital lives. The Fourth Amendment Is Not For Sale Act passed the House this year and awaits action in the U.S. Senate. Passing it in the coming lame-duck session would be one way to remove the hypocrisy of the federal government on the digital surveillance of American workers, consumers, and citizens. Government Promises to Protect Personal Data While Collecting and Using Americans’ Personal Data10/21/2024
Digital data, especially when parsed through the analytical lens of AI, can detail almost every element of our personal lives, from our relationships to our location histories, to data about our health, financial stability, religious practices, and political beliefs and activities.
A new blog post from the White House details a Request for Information (RFI) from OMB’s Office of Information and Regulatory Affairs (OIRA) seeking to get its arms around this practice. The RFI seeks public input on “Federal agency collection, processing, maintenance, use, sharing, dissemination, and disposition of commercially available information (CAI) containing personally identifiable information (PII).” In plain language, the government is seeking to understand how agencies – from the FBI to the IRS, the Department of Homeland Security, and the Pentagon – collect and use our personal information scraped from our apps and sold by data brokers to agencies. This request for public input follows last year’s Executive Order 14110, which represented that “the Federal Government will ensure that the collection, use, and retention of data is lawful, is secure, and mitigates privacy and confidentiality risks.” What to make of this? On the one hand, we commend the White House and intelligence agencies for being proactive for once on understanding the privacy risks of the mass purchase of Americans’ data. On the other hand, we can’t shake out of our heads Ronald Reagan’s joke about the most terrifying words in the English language: “I’m from the government and I’m here to help.” The blog, written by OIRA administrator Richard L. Revesz, points out that procuring “CAI containing PII from third parties, such as data brokers, for use with AI and for other purposes, raises privacy concerns stemming from a lack of transparency with respect to the collection and processing of high volumes of potentially sensitive information.” Revesz is correct that AI elevates the privacy risks of data purchases. The government might take “additional steps to apply the framework of privacy law and policy to mitigate the risks exacerbated by new technology.” Until we have clear rules that expressly lay out how CAI is acquired and managed within the executive branch, you’ll forgive us for withholding our applause. This year’s “Policy Framework for Commercially Available Information” released by Director of National Intelligence Avril Haines, ordered all 18 intelligence agencies to devise safeguards “tailored to the sensitivity of the information” and produce an annual report on how each agency uses such data. It is hard to say if Haines’ directive represents a new awareness of the Orwellian potential of these technologies, or if they are political theater to head off legislative efforts at reform. Earlier this year, the U.S. House of Representatives passed the Fourth Amendment Is Not For Sale Act, which would subject purchased data to the same standard as any other personal information – a probable cause warrant. The Senate should do the same. The government’s recognition of the sensitivity of CAI and accompanying PII is certainly a step in the right direction. It is also clear that intelligence agencies have every intention of continuing to utilize this information for their own purposes, despite lofty proclamations and vague policy goals about Americans’ privacy. To quote Ronald Reagan again, when it comes to the promises of the intel community, we should “trust but verify.” A disturbing new report from the Wall Street Journal reveals the staggering extent to which a Chinese hacker group recently gained access to US critical infrastructure, including systems belonging to AT&T, Lumen, and Verizon that the federal government uses for wiretapping investigations. It’s a wakeup call, and a reminder that commercial encryption free of backdoor government access is increasingly paramount given the apparent susceptibility of the surveillance state to outside intrusion. According to WSJ, “[t]he surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations.” The hack, per the paper’s sources, appears “to be geared towards intelligence collection….” In other words, it’s a way to snoop on those in our government who doing the snooping on foreign adversaries like China. The fact that China-backed hackers can access our own investigative channels should make the hair on the back your neck stand up. But it’s an unfortunate inevitability when governments demand backdoors into encrypted commercial communications. As we wrote back in August: “Congress should … resist the persistent requests from the Department of Justice to compel backdoors for commercial encryption, beginning with Apple’s iPhone. The National Public Data hack reveals that the forced creation of backdoors for encryption would create new pathways for even more hacks, as well as warrantless government snooping.” A recent article at BGR puts a finer point on it, noting that, “[p]lacing a backdoor in any product … [invites] even more scrutiny from the hacking community. First, you [won’t] be able to keep it a secret. Second, if there’s a locked door to something, someone can always find the keys.” Outside of the national security implications at play here, the hack also implicates the data privacy of millions of Internet customers, which is already at enough risk domestically. (Reminder to the Senate: pass the Fourth Amendment Is Not for Sale Act.) Apple and all other telecom companies should stand strong in resisting federal efforts to gain access to their encrypted systems. And both law enforcement and policymakers should think again about creating backdoors that only bad actors can access. The Customs and Border Patrol (CBP) has little respect for the Fourth Amendment. From international airports to border stations, Americans returning from abroad often fall prey to the routine CBP practice of scanning their laptops, mobile phones, and other digital devices without a warrant.
As if that were not enough, CBP also scans people’s faith, violating their First Amendment rights as well. Consider the case of Hassan Shibly, a U.S. citizen and student at the University of Buffalo Law School. When he returned to the United States in 2010 with his wife, a lawful permanent resident, and their seven-month-old son, from a religious pilgrimage and family visit in the Middle East, Shibly was taken aside by CBP agents. A CBP officer asked him: “Do you visit any Islamist extremist websites?” And: “Are you part of any Islamic tribes?” And then the kicker: “How many gods or prophets do you believe in?” Other returning Muslim-Americans are interrogated about the mosques they attend, their religious beliefs, and their opinions about the U.S. invasion of Iraq and support for Israel. One New Jerseyan, Lawrence Ho, attended a conference in Canada and returned to the United States by car. He was asked: “When did you convert?” Ho does not know how the agent knew he had converted to Islam. A group of Muslim-Americans, fed up by this treatment, are now being represented by the American Civil Liberties Union in a suit before the Ninth Circuit Court of Appeals against CBP for civil rights violations. The plaintiffs are correct that subjecting Americans to deep questions about their faith – as a condition to reentry to their home – violates their First Amendment rights, as well as the Religious Freedom Restoration Act (RFRA). Ashley Gorski, senior staff attorney with ACLU’s National Security Project, said that “this religious questioning is demeaning, intrusive, and unconstitutional. We’re fighting for our clients’ rights to be treated equally and to practice their faith without undue government scrutiny.” To be fair, CBP has its work cut out for it when it comes to screening the border for potential terrorists. And we should not avert our eyes to the fact that there are sick and dangerous ideologies at work around the world. But we are also fairly confident that actual terrorists would not be stumped by the kind of naïve and unlawful interrogations CBP has imposed on these returning Americans. Heavy-handed questions about adherence to one of the great world religions doesn’t seem to be a useful security strategy or a demonstration that our government is familiar with its own Constitution. A Federal Trade Commission staff report released last week got huge play in the media. We were bombarded by stories about the FTC’s report that Meta, YouTube, and other major social media and video streaming companies are lax in controlling and protecting the data privacy of users, especially children and teens.
There is much in this report to consider, especially where children are concerned. But there was also a lot that was off-target and missing. The FTC’s report blithely recommended that social media and video streaming companies abandon their practice of tracking users’ data. This would be no small thing. Without the tracking that allows Facebook to know that you’re an aficionado of, say, old movie posters, you would not receive ads in your feed trying to sell you just that – old movie posters. Forbid the trade-off in which we give away a bit of our privacy for a free service, and overnight large social media companies would collapse. Countless small businesses would lose the ability to go toe-to-toe with big brands. Trillions of dollars in equity would evaporate, degrading the portfolio of retirees and putting millions of Americans out of work. In a crisply written concurring and dissenting statement, FTC Commissioner Andrew Ferguson notes that the FTC report “reveals this mass data collection has been very difficult to avoid. Many of these products are necessities of modern life. They are critical access points to markets, social engagement, and civil society.” Ferguson looks beyond what the advertising logarithms of Meta or Google do with our data. He looks to how our data is combined with information from a host of sources, including our location histories from our smartphones, to enable surveillance. It is this combination of data, increasingly woven by AI, that creates such comprehensive portraits of our activities, beliefs and interests. These digital dossiers can then be put up for sale by a third-party data broker to any willing buyer. Ferguson writes: “Sometimes this information remains internal to the company that collected it. But often, they share the information with affiliates or other third parties, including entities in foreign countries like China, over which the collecting company exercises no control. This information is often retained indefinitely, and American users generally have no legal right to demand that their personal information be deleted. Companies often aggregate and anonymize collected data, but the information can often be reassembled to identify the user with trivial effort. “This massive collection, repackaging, sharing, and retention of our private and intimate details puts Americans at great risk. Bad actors can buy or steal the data and use them to target Americans for all sorts of crimes and scams. Others, including foreign governments who routinely purchase Americans’ information, can use it to damage the reputations of Americans by releasing, or threatening to release, their most private details, like their browsing histories, sexual interests, private political views, and so forth.” We would add that the FBI, IRS, and a host of other federal law enforcement and intelligence agencies also purchase our “dossiers” and access them without warrants. As dangerous as China is, it cannot send a SWAT team to break down our doors at dawn. Only our government can do that. The FTC report ignores this concern, focusing on the commercial abuses of digital surveillance while ignoring its usefulness to an American surveillance state. It is no small irony that a federal government report on digital surveillance doesn’t concern itself with how that surveillance is routinely abused by government. This insight gives us all the more reason to urge the U.S. Senate to follow the example of the House and pass the Fourth Amendment Is Not For Sale Act. This legislation requires the FBI and other federal agencies to obtain a warrant before they can purchase Americans’ personal data, including internet records and location histories. It is also time for Congress to shine a bright light on data brokers to identify all the customers – commercial, foreign, and federal – who are watching our digital lives. This year, the coalition of surveillance reformers in Washington, D.C., mounted the most spirited, bipartisan campaign in legislative history.
The reform coalition fought to require warrants for FISA Section 702, which authorizes the government to surveil foreign threats on foreign soil but is often used to spy on Americans. The House also passed the Fourth Amendment Is Not For Sale Act, which would forbid the warrantless collection of Americans’ personal, digital information. How did we do? The Section 702 fix was lost to a single, tie-breaking vote in the House. The Fourth Amendment Is Not For Sale Act remains stuck behind last-minute business in the Senate. It is easy for surveillance reformers to feel like Sisyphus, rolling legislative stones up Capitol Hill only have them come tumbling back down. But national reformers should take heart from the example set by Utah, which proves that surveillance reform is popular and that reasonable compromises can be set into law. Start with geofence warrants, which use a reverse search technique to pluck the identities of criminal suspects out of pools of data extracted from a given area. The federal Fifth and Fourth Circuit Courts of Appeal have taken starkly opposite views over whether geofence warrants can be allowed. The Fifth Circuit finds them to be inherently unconstitutional. The Fourth Circuit finds them to raise no Fourth Amendment issues at all. Meanwhile, the intrusion of government snooping grows. Google reports that requests for geofence warrants grew by 9,000 in 2019 to 11,500 in 2020. That number is surely much higher today. When the U.S. Supreme Court inevitably wades into this issue to resolve the circuit split, the Justices would well to consider the example set by Utah. Last year, Utah passed HB57, which balances law enforcement’s protection of public safety with the privacy rights of Utahans in law enforcement’s use of geofencing. Leslie Corbly of the Libertas Institute in Utah reports that as a result of this new law, police must now submit requests for geofence data to a judge for a warrant application. This new law also mandates that warrant applications must “include a notification to judges regarding the nature of a geofence search by way of a map or written description showing the size of the virtual geofence.” Results from the search must be specified and reported to the court, including not just the identification of criminal perpetrators, but also people not involved in a crime. Armed with enough information to evaluate the merits of a warrant request, judges remain involved with geofence warrants throughout the process. Finally, state law enforcement agencies must report the number of geofence warrants requested, the number approved by a judge, the number of investigations that used information obtained through a geofence warrant, and the number of electronic devices used for this collection. Mike Maharrey of the Tenth Amendment Center reports that Utah has “chipped away at the surveillance state,” passing laws limiting surveillance of all kinds. These include:
Utah demonstrates to Congress and the Supreme Court that we can place limits on surveillance while accepting reasonable access to information agencies need to protect the public. Gary Herbert, a former governor of Utah who signed many of these measures into law, said “Utah is no longer a flyover state.” When it comes to surveillance reform, Utah is a state that should lead the nation. And Utah should be an inspiration to reformers in Congress to keep pushing those boulders all the way to the top of the Hill. While partisan control of the U.S. Senate balances on a knife’s edge, also at stake is whether that body will have more surveillance reformers and protectors of privacy, or more defenders of the government surveillance status quo. We find no partisan correlation between the reformers and the defenders. Some of the most liberal/progressive and conservative candidates support reform of government surveillance programs to protect the Fourth Amendment rights of Americans and their privacy. The same diversity exists among those who stoutly defend the government’s supposed “right” to warrantlessly surveil Americans. You can review the PPSA Scorecard to see how your Senators (and Representative) fare in our ratings. We rate candidates on a grading scale from F to A+ (see details below). Here we apply these grades to eight of the closest or most-watched races for the U.S. Senate in 2024. We usually rate only the incumbent in each race because most opponents either have no voting record to score or, if an opponent was previously a Member of Congress, his or her votes are usually too far in the past to be relevant. ***Not pictured above is Former Rep. Debbie Mucarsel-Powell (D) who scored a D the 116th Congress (2019-2021). We should note that the last Senate candidate has an exceptionally troubling record on privacy and government surveillance. Rep. Adam Schiff, former House Intelligence Committee Chairman, is now running for the open Senate seat in California and polls show him with a comfortable lead. Should Schiff come to represent all the people of California, we hope he will “see the light” and become an advocate for his constituents’ privacy. In all races, voters, volunteers and campaign donors select their candidates by their stances on many positions. PPSA hopes that, in the coming election, you will consider your candidates’ stance on vital issues of surveillance and privacy. These include:
Again, please refer to our Scorecard for the records of other Members. As the 20th century Chicago columnist Sidney J. Harris observed: “Democracy is the only system that persists in asking the powers that be whether they are the powers that ought to be.” Here are the details of our grading system: “A+” = Members who voted for every major pro-privacy amendment or bill “A” = Members who voted for privacy on 80 to 99 percent of the votes “B” = Members who voted for privacy on 60 to 79 percent of the votes “C” = Members who voted for privacy on 40 to 59 percent of the votes “D” = Members who voted for privacy on 20 to 39 percent of the votes “F” = Members who voted for privacy on 0 to 19 percent of the votes The year is far from over and the U.S. House of Representatives has already had a banner year on privacy and surveillance reform. The House passed the Fourth Amendment Is Not for Sale Act, which would curb the purchases of Americans’ data by government agencies. It also passed the PRESS Act, which gives reporters and their sources protection from the prying of eyes of prosecutors. Finally, the House came within one vote of passing a measure to require the government to obtain a warrant before accessing Americans’ personal communications caught up in the global trawl of foreign surveillance programs authorized by FISA Section 702. But will the House of the 119th Congress be able to improve on these bold, pro-privacy stands? In our PPSA Scorecard we rate how all representatives (and senators) have voted on pro-privacy amendments or bills. Below are incumbents’ ratings from the 22 closest House races: Here is how evaluated these Members by their votes:
PPSA hopes that in the coming election, you will consider your candidates’ stance on vital issues of surveillance and privacy. Please refer to our Scorecard for the records of other Members. And don’t be shy about expressing your views on privacy and surveillance reform with your candidates. As Abraham Lincoln said: “If the people turn their backs to a fire they will burn their behinds, and they will just have to sit on their blisters.” In George Orwell’s Nineteen Eighty-Four, the walls of every domicile in Oceania bristle with microphones and cameras that catch the residents’ every utterance and action. In 2024, we have done Big Brother’s work for him. We have helpfully installed microphones and cameras around the interior of our homes embedded in our computers, laptops, smartphones, and tablets. Might someone be selling our conversations to companies and the federal government without our consent?
Few worry about this because of explicit promises by tech companies not to enable their microphones to be used against us. Google, Amazon, Meta are firm in denying that they eavesdrop on us. For example, Meta states that “sometimes ads can be so specific, it seems like we must be listening to your conversations through our microphones, but we’re not.” Still, many of us have had the spooky sensation of talking about something random but specific – perhaps a desire to buy a leather couch or take a trip to Cancun – only to find our social media feeds littered with ads for couches and resorts in Cancun. The tech companies’ explanation for this is that we sometimes perform online searches for things, forget about them, and then mistakenly attribute the ads in our social media feeds to a conversation. We hope that’s the case. But now we’re not so sure. 404 Media has acquired a slide deck from Cox Media Group (CMG) that claims its “Active-Listening” software can combine AI with our private utterances captured by 470-plus sources to “improve campaign deployment, targeting and performance.” One CMG slide says, “processing voice data with behavioral data identifies an audience who is ‘ready to buy.’” CMG claims to have Meta’s Facebook, Google, and Amazon as clients. After this story broke, the big tech companies stoutly denied that they engage in this practice and expressed their willingness to act against any marketing partner that eavesdrops. This leaves open the possibility that CMG and other actors are gathering voice data from microphones other than from those of their big tech clients. What these marketers want to do is to predict what we will want and send us an ad at the precise time we’re thinking about a given product. The danger is that this same technology in the hands of government could be used to police people at home. This may sound outlandish. Yet consider that a half-dozen federal agencies – ranging from the FBI to the IRS – already routinely purchase our geolocation, internet activity, and other sensitive information we generate on our social media platforms – and then access it freely, without a warrant. Considering what our government already does with our digital data, the addition of our home speech would be an extension of what is already a radical new form of surveillance. Congress should find out exactly what marketers like CMG are up to. As an urgent matter of oversight, Congress also should also determine if any federal agencies are purchasing home voice data. And while they’re at it, the Senate should follow the example of the House and pass the Fourth Amendment Is Not For Sale Act, which would stop the practice of the warrantless purchasing of Americans’ personal, digital information by law enforcement and intelligence agencies. When we’re inside our car, we feel like we’re in our sanctuary. Only the shower is more private. Both are perfectly acceptable places to sing the Bee Gee’s Staying Alive without fear of retribution.
And yet the inside of your car is not as private as you might think. We’ve reported on the host of surveillance technologies built into the modern car – from tracking your movement and current location, to proposed microphones and cameras to prevent drunk driving, to seats that report your weight. All this data is transmitted and can be legally sold by data brokers to commercial interests as well as a host of government agencies. This data can also be misused by individuals, as when a woman going through divorce proceedings learned that her ex was stalking her by following the movements of her Mercedes. Now another way to track our behavior and movements is being added through a national plan announced by the U.S. Department of Transportation called “vehicle-to-everything” technology, or V2X. Kimberly Adams of marketplace.org reports that this technology, to be deployed on 50 percent of the National Highway System and 40 percent of the country’s intersections by 2031, will allow cars and trucks to “talk” to each other, coordinating to reduce the risk of collision. V2X will smooth out traffic in other ways, holding traffic lights green for emergency vehicles and sending out automatic alerts about icy roads. V2X is also yet one more way to collect a big bucket of data about Americans that can be purchased and warrantlessly accessed by federal intelligence and law enforcement agencies. Sens. Ron Wyden (D-OR) and Cynthia Lummis (R-WY), and Rep. Ro Khanna (D-CA), have addressed what government can do with car data under proposed legislation, “Closing the Warrantless Digital Car Search Loophole Act.” This bill would require law enforcement to obtain a warrant based on probable cause before searching data from any vehicle that does not require a commercial license. But the threat to privacy from V2X comes not just from cars that talk to each, but also from V2X’s highway infrastructure that enables this digital conversation. This addition to the rapid expansion of data collection of Americans is one more reason why the Senate should follow the example of the House and pass the Fourth Amendment Is Not For Sale Act, which would end the warrantless collection of Americans’ purchased data by the government. We can embrace technologies like V2X that can save lives, while at the same time making sure that the personal information about us it collects is not retained and allowed to be purchased by snoops, whether government agents or stalkers. What NPD’s Enormous Hack Tells Us About the Reckless Collection of Our Data by Federal Agencies8/23/2024
How to See if Your Social Security Number Was Stolen Was your Social Security number and other personal identifying information among the 2.9 billion records that hackers stole from National Public Data?
Hackers can seize our Social Security numbers and much more, not only from large commercial sites like National Public Data, but also from government sites and the data brokers who sell our personal information to federal agencies. Such correlated data can be used to impersonate you with the financial services industry, from credit card providers to bank loan officers. And once your Social Security number is stolen, it is stolen for life. To find out if your Social Security number and other personal information was among those taken in the National Public Data hack, go to npd.pentester.com. It has been obvious for more than a decade now that the Social Security number is a flawed approach to identification. It is a simple nine-digit number. A fraudster who knows the last few digits of your Social Security number, what year you were born, and where, can likely calculate your number. Because your Social Security number is so often used by dozens of institutions, it is bound to be hacked and sold on the dark web at some point in your life. Yet this insecure form of identification, taken in Is there a better way? Sophie Bushwick asked this question in a 2021 Scientific American article. She reported that one proposed solution is a cryptographic key, those long strings of numbers and symbols that we all hate to use. Or a USB could be plugged into your computer to authenticate you as its owner. Scans of your fingerprints, or face, could also authenticate your identity. The problem is that any one of these methods can also be hacked. Even biometrics is vulnerable since this technology reduces your face to an algorithm. Once the algorithm for your face or fingerprint (or even worse, your iris, which is the most complex and unique biometric identifier of them all) is stolen, your own body can be used against you. There are no perfect solutions, but multifactor identification comes the closest. This technique might combine a text of a one-time passcode to your phone, require a biometric identifier like a fingerprint, and a complex password. Finding and assembling all these elements, while possible, would be a prohibitively difficult chore for many if not most hackers. Strengthening consumer identification, however, is only one part of the problem. Our personal information is insecure in other ways. A dozen federal agencies, including the FBI, IRS, Department of Homeland Security and Department of Defense, routinely purchase Americans’ personal data. These purchases include not just our identifying information, but also our communications, social media posts, and our daily movements – scraped from our apps and sold by data brokers. How secure is all the data held by those third-party brokers? How secure is the government’s database of this vast trove of personal data, which contains the most intimate details of our lives? These are urgent questions for Congress to ask. Congress should also resist the persistent requests from the Department of Justice to compel backdoors for commercial encryption, beginning with Apple’s iPhone. The National Public Data hack reveals that the forced creation of backdoors for encryption would create new pathways for even more hacks, as well as warrantless government snooping. Finally, the Senate should follow up on the House passage of the Fourth Amendment Is Not For Sale Act, which would prohibit government collection of our personal information without a warrant. Protect your data by calling or emailing your senators: Tell them to pass the Fourth Amendment Is Not For Sale Act. Our data will only become more secure if we, as consumers and citizens, demand it. U.S. intelligence agencies justify tens of thousands of warrantless backdoor searches of Americans’ communications by claiming an exception to the Fourth Amendment for “defensive” purposes.
In testimony to Congress, FBI Director Christopher Wray has said that such defensive searches are absolutely necessary to protect Americans in real time who may be potential victims of foreign intelligence agents or cyberattacks. On this basis, the FBI and other agencies every year conduct tens of thousands of warrantless “backdoor” searches of Americans’ communications with data extracted from programs authorized by FISA Section 702 – even though this program was enacted by Congress not to spy on Americans, but to authorize U.S. agencies to surveil foreign spies and terrorists located abroad. Noah Chauvin, Assistant Professor of Law at Widener University School of Law, in a 53-page paper neatly removes every leg of the government’s argument. He begins with the simple observation that there is no “defensive” exception in the Fourth Amendment. Indeed, an analogous claimed exception for “community caretaking” was rejected by the U.S. Supreme Court in the 2021 decision on Caniglia v. Strom, holding that the government could not enter a home without a warrant based on the simple, non-exigent claim that the police needed to check on the homeowner’s well-being. Whether for community caretaking or for surveillance, the “we are doing this for your own good” excuse does not override the Fourth Amendment. In surveillance, the lack of constitutional validity makes the government’s position “a political argument, not a legal one.” Chauvin adds: “It would be perverse to strip crime victims of the Fourth Amendment’s privacy protections – a person should not lose rights because they have been violated.” It is apparently on the basis of such a “defensive search,” for example, that the FBI violated the Fourth Amendment rights of Rep. Darin LaHood (R-Ill). In that case, the FBI was concerned that Rep. LaHood was being unknowingly targeted by a foreign power. If the FBI can secretly violate the rights of a prominent and respected Member of Congress, imagine how blithely it violates your rights. While making these sweeping claims of violating the Fourth Amendment to protect Americans, “the government has provided almost no public information about how these defensive backdoor searches work.” Chauvin adds: “The government has claimed it uses backdoor searches to identify victims of cyberattacks and foreign influence campaigns, but has not explained how it does so, saying only that backdoor searches have ‘contributed to’ or ‘played an important role in’ intelligence services.” Also unexplained is how the government identifies potential American victims, or why it searches for victims instead of potential perpetrators. Nor does it reveal its success rate at identifying potential victims and how that compares to traditional methods of investigation. Finally, Chauvin asks: “Would obtaining permission before querying a victim compromise the investigation?” It is a matter of settled law that any American can give informed consent to waive his or her Fourth Amendment rights. “It seems particularly likely,” Chauvin writes, “that would-be victims will grant the government permission to perform defensive backdoor searches.” One can easily imagine a long list of companies – from hospitals to cloud providers – that would grant such blanket permission. So why not just do that? Finally, Chauvin appeals to Congress not just to remedy this backdoor search loophole for Section 702. He proposes closing this loophole for Americans’ digital data that U.S. intelligence and law enforcement agencies purchase from third-party data brokers, as well as for Executive Order 12333, a non-statutory surveillance authority claimed by the executive branch. At the very least, Congress should demand answers to Chauvin’s questions about how defensive searches are used and how they work. He concludes, “the government’s policy preferences should never override Americans’ constitutional rights.” United States v. ChatrieWe reported on the bold opinion of federal district Judge Mary Hannah Lauck of Virginia who ruled in 2022 that the government erred by seeking a warrant for the location histories of every personal digital device within a 17.5-acre area around a bank that had been robbed in Richmond, Virginia, in 2019.
To identify the suspect, Nathaniel Chatrie, law enforcement officials obtained a geofence warrant from Google, requesting location data for all devices within that large area. Swept into this mass surveillance – reminiscent of the “general warrants” of the colonial era – were people in restaurants, in an apartment complex, and an elder care facility, as well as innumerable passersby. Judge Lauck wrote that these consumers were almost all unaware that Google logs their location 240 times a day. She wrote: “It is difficult to overstate the breadth of this warrant” and that every person in the vicinity has “effectively been tailed.” At times it almost seems that no good opinion goes upheld, at least where the Fourth Amendment is concerned. On July 9, the Fourth Circuit Court of Appeals reversed Judge Lauck’s decision in United States v. Chatrie. The court held that a geofence warrant covering a busy area around a bank robbery did not qualify as a Fourth Amendment search at all, a sweeping decision that has serious implications for privacy rights and law enforcement practices across the country. The two-judge majority on the Fourth Circuit Court of Appeals concluded that the geofence warrant did not, after all, constitute a Fourth Amendment search because the collection of location data from such a broad geographic area, even a busy one, did not infringe upon reasonable expectations of privacy. Got that? Judge J. Harvie Wilkinson III, writing for the majority, emphasized that the geofence warrant was a valuable tool for law enforcement in solving serious crimes. He wrote that the use of such warrants is necessary in an era where traditional investigative methods may be insufficient to address modern criminal activities. In a strongly worded dissent (beginning on p. 39), Judge James Andrew Wynn Jr. criticized the majority opinion, highlighting the potential dangers of allowing such broad warrants. Judge Wynn, with solid logic and command of the relevant precedents, demonstrated that the decision undermines the Fourth Amendment’s protections and opens the door for pervasive surveillance. Judge Wynn showed that the geofence warrant lacked the necessary particularity required by the Fourth Amendment. By allowing the collection of data from potentially thousands of innocent people, the warrant was not sufficiently targeted to the suspect. He emphasized that individuals have a reasonable expectation of privacy in their location data, even in public places. The widespread collection of such data without individualized suspicion poses significant privacy concerns. And Judge Wynn warned that the majority's decision sets a dangerous precedent, ignoring the implications of the U.S. Supreme Court’s 2018 Carpenter v. United States opinion in its landmark case on location data. So what, you might ask, is the harm of geofencing in this instance, which caught a suspect in a bank robbery? Answer: Enabling law enforcement to use geofence warrants in such a broad way will almost certainly lead to a variety of novel contexts, such as political protests, that could implicate Americans’ rights to free speech and freedom of assembly. Judge Wynn's dissent highlights the need for a careful balance between effective law enforcement and the preservation of civil liberties. While the majority’s decision underscores the perceived necessity of geofence warrants in modern investigations, Judge Wynn's dissent serves as a poignant reminder of the constitutional protections at stake. The Electronic Frontier Foundation reports that Chatrie’s lawyers are petitioning for an en banc hearing of the entire Fourth Circuit to review the case. PPSA supports that move and we hope that if it happens, there are judges who take the same broad view as Judge Lauck and Judge Wynn. PPSA Asks Supreme Court to Hear X Corp.’s Constitutional Case Against Surveillance Gag Orders7/10/2024
PPSA announced today the filing of an amicus brief asking the U.S. Supreme Court to take up a case in which X Corp., formerly Twitter, objects to surveillance and gag orders that violate the First Amendment and pose a threat to the Fourth and Sixth Amendments as well.
When many consumers think of their digital privacy, they think first of what’s on their computers and shared with others by text or email. But the complex, self-regulating network that is the internet is not so simple. Our online searches, texts, images, and emails – including sensitive, personal information about health, mental health, romances, and finances – are backed up on the “cloud,” including data centers like X Corp.’s that distribute storage and computing capacity. Therein lies the greatest vulnerability for government snooping. The growth of data centers is prolific, rising from 2,600 to 5,300 such centers in 2024. And with it, so have government demands for our data. When federal agencies – often without a warrant – seek to access Americans’ personal data, more often than not they go to the companies that store the data in places like these data centers. For years, this power involved large social media and telecom companies. The power of the government to extract data, already robust, increased exponentially with the reauthorization of FISA Section 702 in April, which included what many call the “Make Everyone a Spy Act.” This provision defines an electronic communication service provider as virtually any company that merely has access to equipment, like Wi-Fi and routers, that is used to transmit or store electronic communications. On top of that, the government then slaps the data center or service provider with a Non-Disclosure Order (NDO), a gag order that prevents the company from informing customers that their private information has been reviewed. One such company – X Corp. – has been pressing a constitutional challenge against this practice regarding a government demand for former President Trump’s account data. PPSA has joined in an amicus brief supporting X’s bid for certiorari, asking the Court to consider the constitutional objections to government conscription of companies that host consumers’ data as adjunct spies, while restraining their ability to speak out on this conscription. In the case of X, the government has seized the company’s records on customer communications and then slapped the company with an NDO to force it to shut up about it. The government claims this secrecy is needed to protect the investigation, even though the government itself has already publicized the details of its investigation. Whatever you think of Donald Trump, this is an Orwellian practice. PPSA’s amicus brief informed the Court that the gag order “makes a mockery of the First Amendment’s longstanding precedent governing prior restraints. And it will only become more frequent as third-party cloud storage becomes increasingly common for everything from business records to personal files to communications …” The brief informs the Court: “NDOs can be used to undermine other constitutionally protected rights” beyond the First Amendment. These rights include the short-circuiting of Fourth Amendment rights against warrantless searches and Sixth Amendment rights to a public trial in which a defendant can know the evidence against him. Partial solutions to these short-comings are winding their way through the legislative process. Sen. Mark Warner, Chairman of the Senate Intelligence Committee, introduced legislation to narrow the scope of businesses covered by the new, almost-universal dragooning of businesses large and small as government spies – though House Intelligence Chairman Mike Turner is opposing that reasonable provision. Last year, the House passed the NDO Fairness Act, which requires judicial review and limited disclosures for these restraints on speech and privacy. As partial solutions wend their way through Congress, this case presents a number of well-defined concerns best defined by the Supreme Court. PPSA has fired off a succession of Freedom of Information Act (FOIA) requests to leading federal law enforcement and intelligence agencies. These FOIAs seek critical details about the government’s purchasing of Americans’ most sensitive and personal data scraped from apps and sold by data brokers.
PPSA’s FOIA requests were sent to the Department of Justice and the FBI, the Department of Homeland Security, the CIA, the Defense Intelligence Agency, the National Security Agency, and the Office of the Director of National Intelligence, asking these agencies to reveal the broad outlines of how they collect highly private information of Americans. These digital traces purchased by the government reveal Americans’ familial, romantic, professional, religious, and political associations. This practice is often called the “data broker loophole” because it allows the government to bypass the usual judicial oversight and Fourth Amendment warrant requirement for obtaining personal information. “Every American should be deeply concerned about the extent to which U.S. law enforcement and intelligence agencies are collecting the details of Americans’ personal lives,” said Gene Schaerr, PPSA general counsel. “This collection happens without individuals’ knowledge, without probable cause, and without significant judicial oversight. The information collected is often detailed, extensive, and easily compiled, posing an immense threat to the personal privacy of every citizen.” To shed light on these practices, PPSA is requesting these agencies produce records concerning:
Shortly after the House passed the Fourth Amendment Is Not For Sale Act, which would require the government to obtain probable cause warrants before collecting Americans’ personal data, Avril Haines, Director of National Intelligence, ordered all 18 intelligence agencies to devise safeguards “tailored to the sensitivity of the information.” She also directed them to produce an annual report on how each agency uses such data. PPSA believes that revealing, in broad categories, the size, scope, sources, and types of data collected by agencies, would be a good first step in Director Haines’ effort to provide more transparency on data purchases. The recent passage of the Fourth Amendment Is Not For Sale Act by the House marks a bold and momentous step toward protecting Americans' privacy from unwarranted government intrusion. This legislation mandates that federal law enforcement and intelligence agencies, such as the FBI and CIA, must obtain a probable cause warrant before purchasing Americans’ personal data from brokers. This requirement closes a loophole that allows agencies to compromise the privacy of Americans and bypass constitutional safeguards.
While this act primarily targets law enforcement and intelligence agencies, it is crucial to extend these protections to all federal agencies. Non-law enforcement entities like the Treasury Department, IRS, and Department of Health and Human Services are equally involved in the purchase of Americans' personal data. The growing appetite among these agencies to track citizens' financial data, sensitive medical issues, and personal lives highlights the need for a comprehensive warrant requirement across the federal government. How strong is that appetite? The Financial Crimes Enforcement Network (FinCEN), operating under the Treasury Department, exemplifies the ambitious scope of federal surveillance. Through initiatives like the Corporate Transparency Act, FinCEN now requires small businesses to disclose information about their owners. This data collection is ostensibly for combating money laundering, though it seems unlikely that the cut-outs and money launderers for cocaine dealers and human traffickers will hesitate to lie on an official form. This data collection does pose significant privacy risks by giving multiple federal agencies warrantless access to a vast database of personal information of Americans who have done nothing wrong. The potential consequences of such data collection are severe. The National Small Business Association reports that the Corporate Transparency Act could criminalize small business owners for simple mistakes in reporting, with penalties including fines and up to two years in prison. This overreach underscores the broader issue of federal agencies wielding excessive surveillance powers without adequate checks and balances. Another alarming example is the dragnet financial surveillance revealed by the House Judiciary Committee and its Select Subcommittee on the Weaponization of the Federal Government. The FBI, in collaboration with major financial institutions, conducted sweeping investigations into individuals' financial transactions based on perceptions of their political leanings. This surveillance was conducted without probable cause or warrants, targeting ordinary Americans for exercising their constitutional rights. Without statutory guardrails, such surveillance could be picked up by non-law enforcement agencies like FinCEN, using purchased digital data. These examples demonstrate the appetite of all government agencies for our personal information. Allowing them to also buy our most sensitive and personal information from data brokers, which is happening now, is about an absolute violation of Americans’ privacy as one can imagine. Only listening devices in every home could be more intrusive. Such practices are reminiscent of general warrants of the colonial era, the very abuses the Fourth Amendment was designed to prevent. The indiscriminate collection and scrutiny of personal data without individualized suspicion erode the foundational principles of privacy and due process. The Fourth Amendment Is Not For Sale Act is a powerful and necessary step to end these abuses. Congress should also consider broadening the scope to ensure all federal agencies are held to the same standard. Katie King in the Virginian-Pilot reports an in-depth account about the growing dependency of local law enforcement agencies on Flock Safety cameras, mounted on roads and intersections to catch drivers suspected of crimes. With more than 5,000 police agencies across the nation using these devices, the privacy implications are enormous.
Surveillance cameras have been in the news at lot lately, often in a positive light. Local news is consumed by murder suspects and porch pirates alike captured on video. The recently released video of a physical attack by rapper Sean “Diddy” Combs on a girlfriend several years ago has saturated media, reminding us that surveillance can protect the vulnerable. The crime-solving potential of license plate readers is huge. Flock’s software runs license plate numbers through law enforcement databases, allowing police to quickly track a stolen car, locate suspects fleeing a crime, or find a missing person. With such technologies, Silver and Amber alerts might one day become obsolete. As with facial recognition technology, however, license plate readers can produce false positives, ensnaring innocent people in the criminal justice system. King recounts the ordeal of an Ohio man who was arrested by police with drawn guns and a snarling dog. Flock’s license plate reader had falsely flagged his vehicle as having stolen tags. The good news is that Flock insists it is not even considering combining its network with facial recognition technology – reducing the possibility of both technologies flagging someone as dangerous. As with so many surveillance technologies, the greater issue in license-plate readers is not the technology itself, but how it might be used in a network. “There’s a simple principle that we’ve always had in this country, which is that the government doesn’t get to watch everybody all the time just in case somebody commits a crime – the United States is not China,” Jay Stanley, a senior analyst with the American Civil Liberties Union, told King. “But these cameras are being deployed with such density that it’s like GPS-tracking everyone.” License plate readers could, conceivably, be networked to track everywhere that everyone goes – from trips to mental health clinics, to gun stores, to houses of worship, and protests. With so many federal agencies already purchasing Americans’ sensitive data from data brokers, creating a national network of drivers’ whereabouts is just one more addition to what is already becoming a national surveillance system. With apologies to Jay Stanley, we are in serious danger of becoming China. As massive databases compile facial recognition, location data, and now driving routes, we need more than ever to head off the combination of all these measures. A good place to start would be for the U.S. Senate follow the example of the House by passing the Fourth Amendment Is Not For Sale Act. The surveillance state is hitting small businesses hard lately. If the “Make Everyone a Spy” provision weren’t enough, the Corporate Transparency Act (CTA) imposes sweeping disclosure requirements on “beneficial owners” of small businesses, with harsh punishments for mistakes on an official form.
After the National Small Business Association sued the Treasury Department, a federal court declared the CTA unconstitutional. It issued a scholarly opinion that explored the nuances of Congress’s power to regulate interstate commerce. Treasury appealed to the Eleventh Circuit. In our amicus brief, PPSA tells the Eleventh Circuit that the lower court got it right, but that there’s an easier way to resolve this case. We inform the court that the Fourth Amendment provides the “straightforward and resounding answer” that the CTA is unconstitutional. PPSA warns that the CTA’s database provisions pose an unprecedented threat to Americans’ privacy that are “even more disturbing” than the new rule’s disclosure requirements. We explain that the information collected from tens of millions of beneficial owners will be stored in what the government calls an “accurate, complete, and highly useful database” that can be searched by multiple federal agencies, no warrant required. And while the government claims this data will be used to catch tax cheats, the CTA says it will be used in conjunction with state and tribal authorities, who have no power to enforce federal tax laws. Creating such a database for warrantless inspection by the FBI, IRS, DEA, and Department of Homeland Security is obviously ripe for abuse. Our brief explains how this database could be used to identify owners of businesses with an ideological character – like political booksellers – and single out their investors for retaliation. This is not a far-fetched hypothetical. Many agencies, including the Treasury Department, have engaged in politically motivated financial investigations, documented in detail by the House Judiciary Committee. Our brief notes that the database will be so sophisticated that it should be evaluated under a U.S. Supreme Court precedent addressing high-tech surveillance, just as the Fourth Circuit did for Baltimore’s database-driven aerial surveillance program. And that precedent explains that surveillance tools can’t be used to undermine the sort of privacy that existed when the Fourth Amendment was adopted. We told the court: “This database thus has the sort of ‘depth, breadth, and comprehensive reach,’ that is simply incompatible with ‘preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.’” As pernicious as the database itself is, recent advances in technology make it even worse. With modern machine learning, seemingly innocuous personal details can be linked up in disturbing ways. For instance, researchers have known how to identify authors based on a collection of anonymous posts since 2022. PPSA points out that the government could identify authors with views it dislikes, see if they pop up in the beneficial owner database, and have multiple agencies launch pretextual investigations. Next, we address how advancing AI technology could make such surveillance even more potent, then urged the court not to “leave the public at the mercy of advancing technology,” but to preserve Founding-era levels of privacy despite the march of technology. Readers might notice a pattern of AI exacerbating existing privacy invasions, from mass facial recognition to drone surveillance to a proliferating body of databases. So far, the government has relied on the “special needs” exception. This rule allows the government to keep its own house in order, with the warrantless drug testing of schoolteachers and top-secret national security employees. But this authority is often abused, as we’ve noted previously. Our brief explains that this exception doesn’t even apply to information collected to identify crimes – which is exactly what the government claims the CTA is supposed to help with. But the struggle for constitutional rights and privacy remains multilayered. If the CTA remains struck down, the government will still be purchasing vast amounts of Americans’ personal information from shady “data brokers.” That’s why we applauded the House recently for passing the Fourth Amendment Is Not For Sale Act, and urge the Senate to do so as well. Now it is up to the Eleventh Circuit to protect the American people from an overbearing government, hungry to track our every move. Now that the House has passed the Fourth Amendment Is Not for Sale Act, senators would do well to review new concessions from the intelligence community on how it treats Americans’ purchased data. This is progress, but it points to how much more needs to be done to protect privacy.
Avril Haines, Director of National Intelligence (DNI), released a “Policy Framework for Commercially Available Information,” or CAI. In plain English, CAI is all the digital data scraped from our apps and sold to federal agencies, ranging from the FBI to the IRS, Department of Homeland Security, and Department of Defense. From purchased digital data, federal agents can instantly access almost every detail of our personal lives, from our relationships to our location histories, to data about our health, financial stability, religious practices, and politics. Federal purchases of Americans’ data don’t merely violate Americans’ privacy, they kick down any semblance of it. There are signs that the intelligence community itself is coming to realize just how extreme its practices are. Last summer, Director Haines released an unusually frank report from an internal panel about the dangers of CAI. We wrote at the time: “Unlike most government documents, this report is remarkably self-aware and willing to explore the dangers” of data purchases. The panel admitted that this data can be used to “facilitate blackmail, stalking, harassment, and public shaming.” Director Haines’ new policy orders all 18 intelligence agencies to devise safeguards “tailored to the sensitivity of the information” and produce an annual report on how each agency uses such data. The policy also requires agencies:
Details for how each of the intelligence agencies will fulfill these aspirations – and actually handle “sensitive CAI” – is left up to them. Sen. Ron Wyden (D-OR) acknowledged that this new policy marks “an important step forward in starting to bring the intelligence community under a set of principles and polices, and in documenting all the various programs so that they can be overseen.” Journalist and author Byron Tau told Reason that the new policy is a notable change in the government’s stance. Earlier, “government lawyers were saying basically it’s anonymized, so no privacy problem here.” Critics were quick to point out that any of this data could be deanonymized with a few keystrokes. Now, Tau says, the new policy is “sort of a recognition that this data is actually sensitive, which is a bit of change.” Tau has it right – this is a bit of a change, but one with potentially big consequences. One of those consequences is that the public and Congress will have metrics that are at least suggestive of what data the intelligence community is purchasing and how it uses it. In the meantime, Sen. Wyden says, the framework of the new policy has an “absence of clear rules about what commercially available information can and cannot be purchased by the intelligence community.” Sen. Wyden adds that this absence “reinforces the need for Congress to pass legislation protecting the rights of Americans.” In other words, the Senate must pass the Fourth Amendment Is Not For Sale Act, which would subject purchased data to the same standard as any other personal information – a probable cause warrant. That alone would clarify all the rules of the intelligence community. But Who Will Fine the FBI? The Federal Communications Commission on Monday fined four wireless carriers – Verizon, AT&T, Sprint, and T-Mobile – nearly $200 million for sharing the location data of customers, often in real-time, without their consent.
The case is an outgrowth of an investigation that began during the Trump Administration following public complaints that customers’ movements were being shared in real time with third-party companies. This is sensitive data. As FCC Chairwoman Jessica Rosenworcel said, consumers’ real-time location data reveals “where they go and who they are.” The carriers, FCC declared, attempted to offload “obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained.” The telecoms complain that the fines are excessive and ignore steps the companies have taken to cut off bad actors and improve customer privacy. But one remark from AT&T seemed to validate FCC’s charge of “offloading.” A spokesman told The Wall Street Journal that AT&T was being held responsible for another’s company’s violations. Verizon spokesman told The Journal that it had cut out a bad actor. These spokesmen are pointing to the role of data aggregators who resell access to consumer location data and other information to a host of commercial services that want to know our daily movements. The spokesmen seem to betray a long-held industry attitude that when it sells data, it also transfers liability, including the need for customer consent. Companies of every sort that sell data, not just telecoms, will now need to study this case closely and determine whether they should tighten control over what happens to customer data after it is sold. But there is one glaring omission in the FCC’s statement. It glides past the government’s own culpability in degrading consumer privacy. A dozen federal law enforcement and intelligence agencies, ranging from the FBI to the ATF, IRS, and Department of Homeland Security, routinely purchase and access Americans’ personal, digital information without bothering to secure a warrant. Concern over this practice is what led the House to recently pass The Fourth Amendment Is Not For Sale Act, which would require government agencies to obtain warrants before buying Americans’ location and other personal data from these same data brokers. It is good to see the FCC looking out for consumers. But who is going to fine the FBI? We needed a little perspective before reporting on the historic showdown on the reauthorization of FISA Section 702 that ended on April 19 with a late-night Senate vote. The bottom line: The surveillance reform coalition finally made it to the legislative equivalent of the Super Bowl. We won’t be taking home any Super Bowl rings, but we made a lot of yardage and racked up impressive touchdowns.
For years, PPSA has coordinated with a wide array of leading civil liberties organizations across the ideological spectrum toward that key moment. We worked hard and enjoyed the support of our followers in flooding Congress with calls and emails supporting privacy and surveillance reform. So what was the result? We failed to get a warrant requirement for Section 702 data but came within one vote of winning it in the House. There was a lot of good news and new reforms that should not be overlooked. And where the news was bad, there are silver linings that gleam.
We come out of this legislative fracas bloodied but energized. We put together a durable left-right coalition in which House Judiciary Committee Chairman Jim Jordan and Ranking Member Jerry Nadler, as well as the heads of the Freedom and Progressive caucuses, who worked side-by-side. For the first time, our surveillance coalition had the intelligence community and their champions on the run. We lost the warrant provision for Section 702 only by a tie vote. Had every House Member who supported our position been in attendance, we would have won. This bodes well for the next time Section 702 reauthorization comes up. We will be ready. Let’s not forget that a recent bipartisan YouGov poll shows that 80 percent of Americans support warrant requirements. We sense a gathering of momentum – and we look forward to preparing for the next big round in April 2026. A recent House hearing on the protection of journalistic sources veered into startling territory.
As expected, celebrated investigative journalist Catherine Herridge spoke movingly about her facing potential fines of up to $800 a day and a possible lengthy jail sentence as she faces a contempt charge for refusing to reveal a source in court. Herridge said one of her children asked, “if I would go to jail, if we would lose our house, and if we would lose our family savings to protect my reporting source.” Herridge later said that CBS News’ seizure of her journalistic notes after laying her off felt like a form of “journalistic rape.” Witnesses and most members of the House Judiciary subcommittee on the Constitution and Limited Government agreed that the Senate needs to act on the recent passage of the bipartisan Protect Reporters from Exploitative State Spying (PRESS) Act. This bill would prevent federal prosecutors from forcing journalists to burn their sources, as well to bar officials from surveilling phone and email providers to find out who is talking to journalists. Sharyl Attkisson, like Herridge a former CBS News investigative reporter, brought a dose of reality to the proceeding, noting that passing the PRESS Act is just the start of what is needed to protect a free press. “Our intelligence agencies have been working hand in hand with the telecommunications firms for decades, with billions of dollars in dark contracts and secretive arrangements,” Attkisson said. “They don’t need to ask the telecommunications firms for permission to access journalists’ records, or those of Congress or regular citizens.” Attkisson recounted that 11 years ago CBS News officially announced that Attkisson’s work computer had been targeted by an unauthorized intrusion. “Subsequent forensics unearthed government-controlled IP addresses used in the intrusions, and proved that not only did the guilty parties monitor my work in real time, they also accessed my Fast and Furious files, got into the larger CBS system, planted classified documents deep in my operating system, and were able to listen in on conversations by activating Skype audio,” Attkisson said. If true, why would the federal government plant classified documents in the operating system of a news organization unless it planned to frame journalists for a crime? Attkisson went to court, but a journalist – or any citizen – has a high hill to climb to pursue an action against the federal government. Attkisson spoke of the many challenges in pursuing a lawsuit against the Department of Justice. “I’ve learned that wrongdoers in the federal government have their own shield laws that protect them from accountability,” Attkisson said. “Government officials have broad immunity from lawsuits like mine under a law that I don’t believe was intended to protect criminal acts and wrongdoing but has been twisted into that very purpose. “The forensic proof and admission of the government’s involvement isn’t enough,” she said. “The courts require the person who was spied on to somehow produce all the evidence of who did what – prior to getting discovery. But discovery is needed to get more evidence. It’s a vicious loop that ensures many plaintiffs can’t progress their case even with solid proof of the offense.” Worse, Attkisson testified that a journalist “who was spied on has to get permission from the government agencies involved in order to question the guilty agents or those with information, or to access documents. It’s like telling an assault victim that he has to somehow get the attacker’s permission in order to obtain evidence. Obviously, the attacker simply says no. So does the government.” This hearing demonstrated how important Fourth Amendment protections against unreasonable searches and seizures are to the First Amendment’s guarantee of freedom of the press. If Attkisson’s claims are true, the government explicitly violated a number of laws, not the least of which is mishandling classified documents and various cybercrimes. And it relies on specious immunities and privileges to avoid any accountability for its apparent crimes. Two proposed laws are a good way to start reining in such government misconduct. The first is the PRESS Act, which would protect journalists’ sources against being pressured by prosecutors in federal court to reveal their sources. The second proposed law is the Fourth Amendment Is Not For Sale Act, which passed the House last week. This bill would require the government to get a warrant before it can inspect our personal, digital information sold by data brokers. And, of course, these and other laws limiting government misconduct need genuine remedies and consequences for misconduct, not the mirage of remedies enfeebled by improper immunities. |
Categories
All
|