The Fourth Amendment of the U.S. Constitution protects Americans against “unreasonable” searches and seizures. But what is unreasonable? Is a low-flying drone taking photos of you and your property behind a privacy fence reasonable?
 
In October, the Michigan Supreme Court will hear oral arguments in what could well become a landmark privacy case. The outcome may help determine the national limits of drone surveillance – and perhaps influence the limits of government surveillance – for all Americans.
 
The facts are pretty simple. Todd and Heather Maxon of Long Lake Township in Michigan live on a five-acre estate, where Todd likes to repair old cars.
 
In 2008, the Township government charged the Maxons with operating an illegal junkyard. The couple and the Township reached a settlement. In 2018, the Township received tips that the Maxons had violated their settlement by bringing more cars onto their property, even though such vehicles were not visible from the street. So the Township hired a private drone operator to fly a high-resolution camera over the Maxon property to take images.
 
The Maxons sued, claiming that their Fourth Amendment rights were violated. A lower court agreed with the government but was overturned in 2021 by the Michigan Court of Appeals. That court ordered that the drone photos be suppressed.
 
At the heart of this case is the “reasonable expectation of privacy” articulated by Supreme Court Justice John Marshall Harlan II in Katz v. United States (1967). But technology keeps testing what is a reasonable expectation of privacy. The Supreme Court has zigged and zagged along the way, once upholding a wiretap to be permissible because it occurred at the telephone pole and did not require a physical intrusion into the home.
​
Katz overturned that standard, invalidating an FBI wiretap of a public payphone, where the caller (a sports bookie) had a reasonable expectation that he would not be overheard. “The Fourth Amendment protects people, not places,” Justice Potter Steward declared in the Court’s majority opinion. But the Court returned somewhat to the physical intrusion standard – invalidating thermal imaging by police from the street that penetrated inside a target’s home in Kyllo v. United States (2001).
 
The Cato Institute and Rutherford Institute, in an amicus brief, noted the problem with the physical intrusion standard: “At present, police are free to go through people’s garbage, look into their barn with a flashlight, and read through their bank records without going through the hassle of first securing a warrant.” We now live in an age of ubiquitous digital intrusion with government purchases of our private data, as well as optical intrusion from drones and other aerial surveillance.
 
In other words, the current privacy standard is a jumbled mess. That is why the Maxon case is potentially so important. At its simplest, it will determine if drones – an increasingly ubiquitous reality in American life – will be freely used to spy on Americans in their backyards (as the New York City Police recently did over backyard barbecues during Labor Day).
 
But we think the Maxon case may prove to be pivotal in defining – perhaps, eventually, by the U.S. Supreme Court – what privacy and reasonableness mean in an era of drones, facial recognition software, and artificial intelligence.

​For years PPSA has documented the increasing disposition of federal intelligence and law enforcement agencies to use the ever-expanding Glomar response – a “cannot confirm or deny” answer once reserved for the nation’s most closely guarded secrets – as a blanket response to any meddlesome Freedom of Information Act (FOIA) requests.
 
We should not overlook, however, another handy tool for FOIA avoidance, and that is to release the requested document but redact many or all of its meaningful parts. Now the Department of Justice Office of the General Counsel has perfected this technique, taking it to its logical end.
 
It began in 2020 when PPSA joined with Demand Progress to file a FOIA request. Our request concerned surveillance that may be taking place under no statute, but instead under a self-professed authority of the executive branch known as Executive Order 12333. The reply from the FBI is, in its own way, telling.
 
In the DOJ response, a certain Mr. or Ms. BLANK who holds the title of BLANK in the Office of the General Counsel returned with 40 pages of responsive documents. Thirty-nine pages are redacted in their entirety, as is the 40th page, with the redacted name of the signator and his/her redacted title, but with one, unredacted statement:
 
Hope that’s helpful.
 
There’s honestly no other way to take this than the Department of Justice shooting a middle finger at the very idea of a FOIA request, an exercise of the Freedom of Information Act, passed by Congress and signed into law by President Lyndon Johnson. This is a shame because the subject of this request is an important one.
 
Demand Progress and PPSA based our FOIA request on a July 2020 letter from now-retired Sen. Patrick Leahy (D-VT) and current Sen. Mike Lee (R-UT) to then-Attorney General William Barr and then-Director of National Intelligence John Ratcliffe. The two senators noted the expiration of Section 215 of the Foreign Intelligence Surveillance Act (FISA), commonly known as the “business records” provision of FISA. The intelligence community had vociferously lobbied for the renewal of Section 215 with predictions that allowing its expiration would lead to something akin to the city-destroying scenes in the 1996 movie Independence Day.
 
Then the Trump Administration called their bluff and allowed this authority to expire. The response from the intelligence community? Crickets.
 
The sudden complacency of the intelligence community struck many as suspicious. Were federal intelligence and law enforcement agencies shifting their surveillance to another authority? Sens. Leahy and Lee seemed to think so. They wrote:
 
“At times the executive branch has tenuously relied on Executive Order 12333, issued in 1981, to conduct surveillance operations wholly independent of any statutory authorization … This would constitute a system of surveillance with no congressional oversight potentially resulting in programmatic Fourth Amendment violations at tremendous scale … We strongly believe that such reliance on Executive Order 12333 would be plainly illegal.”
 
This July 2020 letter, with a detailed series of penetrating questions about the practice and scope of 12333 surveillance, was issued by two powerful and respected members of the United States Senate … And it hit the walls of the Department of Justice and the Office of the Director of National Intelligence with all the full force of wet spaghetti. As with so many other congressional requests, this letter was not answered in any substantive way.
 
So Demand Progress joined with PPSA in October 2020, in an effort to use the law to compel an answer, this time as a formal FOIA request. We leveraged that law to request responsive documents that would reveal how the agencies might be repurposing EO 12333 to pick up the slack from the expired 215 authority, in order to spy on persons inside the United States.
 
And this is the answer we get. It can only be taken, in a general way, as confirmation that Executive Order 12333 is, in fact, being relied upon for the surveillance of people in the United States. This is one more reason why Congress should use the reauthorization of Section 702 to seek broad surveillance reform, including significant guardrails on Executive Order 12333. With mounting evidence of abuses of Americans’ civil rights, a powerful coalition of leading conservatives and liberals in Congress is building steam to do just that.
 
Hope that’s helpful.

The output of former NSA officials in pushing for a “clean,” or unamended, reauthorization of Section 702 of the Foreign Intelligence Surveillance Act has been prolific. Several such pieces have recently run in the op-ed pages of The Hill newspaper alone.
 
The latest op-ed, by former senior NSA and Department of Homeland Security officials Jon Darby and Thomas Warrick, is a masterpiece of misdirection.
 
It begins with the oft-told tale of Secretary of State Henry Stimson in 1929 closing down the “Black Chamber,” a New York City office in which government cryptographers broke the codes of Japanese and other foreign diplomats. “Gentlemen,” Stimson famously said, “do not read each other’s mail.” Stimson reversed his elevated sense of etiquette when he became Secretary of War during World War Two – and the ability to break Japanese codes became central to Allied victory.
 
The implication here is that civil libertarians today who complain about Section 702 are sniffy idealists who would expose us to great danger. To buttress this point, Darby and Warrick cite several intelligence successes, including the breaking of the plot to bomb New York City’s subway in 2009. With Russia and China turning increasingly hostile, Darby and Warrick say that we need robust means to intercept those who threaten the safety of the American homeland.
 
To which PPSA and many other civil libertarians say, “hurrah!”
 
We take issue, however, with the central metaphor of their piece – Henry Stimson’s ending of foreign surveillance. No foreigner enjoys the protections of the Fourth Amendment of the Constitution. When it comes to foreign terrorists and spies, we say surveil away. Our concern arises when the communications of millions of Americans are folded into Section 702 surveillance.

Whenever an American becomes a target of a government investigation, a probable cause warrant is required by the Fourth Amendment of the Constitution to examine their communications. Take the case cited by Darby and Warrick – the planned New York City bombing involving an Afghan-American who was in communication with Al-Qaeda in Pakistan and traveled to meet them. That alone should have been enough to obtain a probable cause warrant to inspect the target’s communications.
 
Darby and Warrick acknowledge that “for a time, the FBI routinely searched databases with information collected under Section 702’s authority even in non-national security investigations.” Victims of such improper government surveillance included a Member of the U.S. House, a U.S. senator, a state senator, a judge, a local political party, and 19,000 donors to a congressional campaign, among many others. Darby and Warrick assure us that these abuses were “corrected” when “additional safeguards” were put in place.
 
Despite large reductions in the numbers of Americans who have their data hoovered up, however, more than 200,000 warrantless searches are still taking place every year. As Sen. Mike Lee of Utah notes, the correct number for violations of the Constitution is zero. If Congress misses this rare opportunity to impose a warrant requirement, expect the FBI and other agencies to quickly revert to old ways.
 
A final point: There is an air of unreality surrounding the debate over the Section 702 database. It is, after all, likely small compared to the database of warrantlessly obtained and inspected personal information of Americans that is commercially acquired by our government.
 
About a dozen federal agencies, from NSA, to DoD, to IRS, to the FBI, to DHS, purchase our personal data scraped from apps and sold by third-party data brokers. Government lawyers blandly assert they are not violating the constitution’s prohibition against seizing our data. They are, after all, merely buying it.
 
That strikes most Members of Congress and their constituents as sophistry. Our digital actions – whom we communicate with, where we go, what we search online for – can be our most personal information, revealing our romantic lives, our health issues, our religious beliefs and worship, and our political activities. Yet the government – including the agencies that Darby and Warrick served – routinely ransack what essentially are our personal diaries without a warrant or oversight of any sort.
 
The coming debate over the reauthorization of Section 702 will be our best opportunity in a generation to curb the government’s appetite for all our information. We should not let this rare chance pass us by.

​Rep. Matt Gaetz (R-FL) recently introduced the USPIS Surveillance Protection Act, legislation that would defund the Internet Covert Operations Program (iCOP), an initiative of the United States Postal Inspection Service (USPS) that, among other things, gathers intelligence from U.S. citizens' social media posts. Under this program, yet another federal agency is assuming the disturbing power to surveil broad swaths of Americans’ digital communications.
 
Documents reveal that the USPS used the iCOP program to monitor social media content that revealed the when and where of planned protests and other posts it found “inflammatory.” The program was also used to monitor conservative-leaning social media sites for potential violent activity by groups like the Proud Boys. You don’t have to defend the extreme views of some of these groups to feel the tug of the slippery slope.
 
Rep. Gaetz called the program a “clandestine domestic surveillance program,” saying, “The USP Inspection Service is operating outside of its USPS jurisdiction when it monitors internet users’ sharing of information.”
 
The government is no stranger to using the mail service to spy on American citizens. In May, PPSA wrote that agencies often obtain so-called “mail covers,” photo images of mail envelopes. Such analog-style “metadata” can give any interested party information about whom you are writing to and who is writing back. Between 2010 to 2014, postal inspectors and law enforcement agencies requested more than 135,000 mail covers. Among the top agencies requesting mail covers were the IRS, the FBI, and the Department of Homeland Security.
 
PPSA is pleased to see Rep. Gaetz’ bill begin to address the widespread practice of federal monitoring of Americans’ internet posts. In the era of digital communications, it is worrying to see the USPS transition from a postal to a surveillance agency. Congress must take steps to reign in this covert and lesser-known form of government spying now.

​Sen. Rick Scott (R-FL) recently fired off a letter to FBI Director Christopher Wray holding the Bureau to account for its abuses of Section 702 of the Foreign Intelligence Surveillance Act to spy on American citizens through improper, warrantless searches. The senator points to the “growing list of abuses that have come to light committed by the employees of your agency and the apparent lack of public accountability.”

Sen. Scott’s letter comes on the heels of a tidal wave of reports detailing rampant misbehavior in the FBI. To cite a recent example, PPSA reported on a Foreign Intelligence Surveillance Court opinion that revealed the FBI has spied on high-level U.S. officials, including a U.S. senator, a state senator, and a judge. (The FBI had previously been caught examining the communications of Rep. Darin LaHood, Republican from Illinois). Sen. Scott wrote: “The most recent revelations of frequent and repeated abuses … by the FBI raise concerns for the American public that there are no limits—legal or otherwise—on your investigative powers even when it comes to spying on American citizens.”
 
Sen. Scott’s letter was as substantive as it was critical, requesting the FBI to “explain the accountability for those rogue agents who conducted those illegal queries,” as well as a copy of the range of “‘possible’ disciplinary actions that could be implemented through ‘a new policy of escalating consequences.’”
 
Sen. Scott put it best when he concludes, “the American people and their elected representatives in Congress want to believe in their government and deserve nothing short of full transparency and accountability from the FBI.”
 
PPSA hopes the FBI will respond to this letter with more humility than the mixture of hubris and defensiveness that characterize the communications of Director Wray.

​State legislatures are passing age-verification laws that require users to upload driver’s licenses or passports to view pornographic material. This is well-meaning – and arguably necessary – legislation to protect children from viewing hardcore pornography online. Such a solution, however, has a drawback that needs to be addressed in legislative language. It leaves the door open for potentially catastrophic data privacy breaches – not to mention granting the FBI and other government agencies immense power, in the words of a declassified government report, to “facilitate blackmail, stalking, harassment, and public shaming.” 
 
In 2022, Louisiana passed HB 142, holding porn sites liable for failing to “perform reasonable age verification methods.” The bill sailed through the legislature with bipartisan support. Since then, six states have passed similar laws. Sixteen others have introduced them. Pornhub responded with suits against Louisiana and Utah, and has ceased doing business altogether in Arkansas, Mississippi, Utah, and Virginia. Today, if you visit Pornhub from an IP address in one of those states, the only thing you’ll see is a video message from porn star Cherie DeVille explaining why you can’t see her with her clothes off.
 
DeVille’s message is a simplified version of arguments made by the Free Speech Coalition, a porn industry advocacy and trade group. One of the solutions offered by that group is to verify age by device. It would be child’s play, however, for hackers and government(s) to deanonymize IP addresses. 
 
Whether we adopt either age-verification solution – those of the legislators or those of the porn industry – a risk is created that hackers and the FBI can exploit adult’s private browsing histories.
 
It’s not like there’s no appetite for government to use personal information. Documents obtained through a Freedom of Information Act request show that the Defense Intelligence Agency uses commercially available data for “cover operations.” The FBI has a team dedicated to parsing cell tower data. A multitude of federal, state, and local law enforcement – as well as intelligence agencies – regularly purchase vast troves of personal information from data brokers, and then warrantlessly search that data in flagrant violation of the Fourth Amendment. You’ll forgive us for not expecting government restraint when it is presented with an Aladdin’s Cave of mortifying search histories.
 
Imagine, for example, a bystander in a white-collar crime investigation who gets a visit from an FBI agent seeking his cooperation as a wire-wearing, confidential informant. “By the way,” the agent says in passing, “this is neither here nor there, but I happened to notice that you frequent a website that makes creative uses of My Little Pony. Wouldn’t want that to get out, now would we?”
 
It is likely that more legislators in more states will act out of the belief that hardcore porn seen by children is a crisis that needs to be addressed. Lawmakers should keep in mind, however, the need to include privacy measures in such legislation. One place to start would be a blanket restriction of any sale of browsing data, or warrantless access to it by government agencies. Or perhaps the sites could delete the data once approval is granted. We’re not sure what the best solution would look like, but we’ll know it when we see it.

​The Heritage Foundation recently published a sweeping take on FBI reform by Distinguished Fellow Steven Bradbury that amounts to ripping up the current structure of the Bureau and starting over. There is much to appreciate in this iconoclastic report, with far-reaching changes that warrant careful review on Capitol Hill.
 
Here are some of Bradbury’s more intriguing proposals to “reimagine the FBI from the ground up”:

• Both a “complete makeover” of the existing agency or the establishment of an entirely new agency that would absorb the FBI’s intelligence functions are presented. With the latter, reformers could separate the FBI’s intelligence function from law enforcement, creating a new agency, perhaps akin to Britain’s MI6. This makes sense given that in FISA’s Section 702, for example, we see foreign intelligence and national security used as justifications for domestic snooping. Separation would focus the FBI on its principal purview of domestic crimes, although care would have to be taken not to erect silos that could lead to another 9/11.

 

• The report calls on Congress to limit the tools of investigation used by the Bureau and prohibit efforts to suppress free speech, religious liberty, and other constitutional rights. Under the plan, Congress could restrict the FBI’s authority to conduct assessments of Americans without any evident connection to a possible crime. Congress could restrict the FBI’s ability to stimulate or induce Americans into engaging in criminal activity, a sensible reform given the FBI’s history of entrapment and sometimes becoming itself entrapped.

 

• Bradbury suggests Congress should rebalance the FBI’s operational staff away from its D.C. headquarters and towards the field offices. Such moves would both structure the FBI so as to force the agency to focus on domestic law enforcement, as well as help remove it from the Beltway’s political ecosystem. The latter reform may go some way towards depoliticizing the agency and help restore Americans’ trust that the agency stands apart from “the swamp.”

 

• One suggestion should make privacy advocates everywhere cheer – it calls on the Attorney General to isolate and purge all information improperly collected on Americans by the FBI or other components of the Department of Justice. While this reform would go a long way towards preventing further violations of Americans’ privacy rights, it would first rely on another of the Heritage report’s more questionable suggestions – that the FBI should be placed within the DOJ’s chain of command for more effective management and control. On one hand, the FBI is in sore need of oversight and accountability. On the other hand, bringing the FBI into the DOJ’s chain of command could risk further politicization.

 
In addition to these structural changes, the report proposes a minimum set of actions required to end the FBI’s abuses of its authority. Worthy and sensible recommendations include reforms to insulate the FBI from the Section 702 program, to require the FISA Court to appoint an amicus in all politically sensitive cases involving U.S. persons, and to improve oversight of politically sensitive FBI investigations.
 
PPSA commends Heritage for thinking outside of the Beltway box; however, countering FBI abuses is just one Washington element in need of reform. We are hopeful Congress will also focus on reforming Section 702, end warrantless data purchases, and address other abuses of Americans’ civil liberties.

Americans who rely on WhatsApp, Signal, Telegram, and other encrypted messaging services for private conversations may soon have this option taken away from us – by the British House of Lords.
 
The UK Parliament is close to passing the Online Safety Bill, which will give the UK government the power to scan every message online. The stated purpose is to catch child abusers and terrorists. A blog posted by Element, the UK’s popular encrypted app, says the bill will be “the online equivalent of installing a CCTV camera into everyone’s bedroom, hooked up to an artificial intelligence classifier which sends footage back to the authorities whenever it thinks it sees something illegal happening.”
 
The Element blog says that Apple (which has joined the coalition in opposition to this bill) has built-in scanning technology that has trouble distinguishing a cow from a horse. “The privacy implications are catastrophic.”
 
Worst of all, the bill would likely defeat its own noble purpose. Once backdoors are introduced into encrypted services, tyrannical governments, terrorists, cartels, and abusers of women and children will eventually get their hands on it. The likely victims will be journalists and whistleblowers, dissidents, and women and their children hiding in shelters from their persecutors.
 
“It means that healthcare information, financial details, conversations regarding air-traffic control, electricity grids, nuclear power plants, military maneuvers … none of it would be protected by end-to-end encryption,” blogger Matthew Hodgson writes on the Element blog. “Bad actors don’t play by the rules.”
 
Such a capability would also give governments the means to deepen the censorship of the internet. If anyone doubts official determination to do so, the UK government recently added an amendment to this bill that “posting videos of people crossing the Channel that show that activity in a positive light” should be considered “priority illegal content.” Imagine if such tools of censorship were to be applied by either U.S. political party to the controversies surrounding the southern border of the United States, or any other contentious issue.
 
Worse, the UK bill would hammer home the power of censorship, at least in the UK, with a threat of criminal sanctions for individual senior managers of online platforms. Hearing the tinkling of the jailer’s key, every executive would become a willing censor.
 
If the UK presses forward with this bill, it will break end-to-end encryption, “opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves.” And that train of bad consequences will happen everywhere, including here in the USA.
 
Any decent person wants to combat child abuse and terrorists. But it should not come about by involving millions of innocent people as collateral casualties, while arguably undermining the very noble goals of this legislation. The recently departed novelist, Milan Kundera, wrote that “a man who loses his privacy loses everything.”
 
The Electronic Frontier Foundation is organizing a worldwide response. Americans can register our protest directly to Parliament here.

​PPSA is asking a DC federal court to compel the top federal intelligence and law enforcement agencies to search for records related to how they acquire and use the private, personal information of 110 Members of Congress purchased from third-party data brokers.
 
In a Freedom of Information Act (FOIA) request filed in July, 2021, PPSA had asked the Office of the Director of National Intelligence, the National Security Agency, the Department of Justice and the FBI, and the CIA for records related to the possible purchase and use of commercially available information on current and former members of the House and Senate Judiciary Committees.
 
The request covered such leading Members of Congress as House Judiciary Chairman Jim Jordan, Ranking Member Jerry Nadler, Senate Judiciary Committee Chairman Dick Durbin, Ranking Member Chuck Grassley, and former Members that included Vice President Kamala Harris and Florida Governor Ron DeSantis.
 
PPSA’s motion for summary judgment filed before the U.S. District Court for the District of Columbia confronts the assertion by these multiple agencies that to even search for responsive documents would harm national security.
 
PPSA’s motion notes that under FOIA, “agencies must acknowledge the existence of information responsive to a FOIA request and provide specific, non-conclusory justifications for withholding that information.” The agencies instead stonewalled this FOIA request by invoking the judge-created Glomar response, meant to be a rare exception to the general rule of disclosure, which allows the government to neither confirm nor deny the existence of such records.
 
“Requiring Defendants here to perform FOIA searches within the secrecy of their own silos does not, by itself, compel the automatic disclosure of any information whatsoever," PPSA declares in its motion. “[B]ecause the initial step of conducting an inter-agency search makes no such disclosure, their arguments are neither logical nor plausible justifications for shirking their duty to perform an internal search.”
 
The issue of government spying into the private, personal information of Members of Congress, tasked with oversight of these agencies, involve the serious potential for executive intimidation of the legislative branch. The ODNI recently declassified an internal document noting that commercially available information can be used to “facilitate blackmail, stalking, harassment, and public shaming.”
 
“The government doesn’t even want to entertain our question,” said Gene Schaerr, PPSA general counsel. “What do they have to hide?”

With perfect timing, Judge Christopher Cooper of the U.S. District Court in DC provided the U.S. Senate today with ample to reason to follow the example of the House and pass the PRESS Act. The judge seeks to compel CBS News senior correspondent Catherine Herridge to reveal her confidential source or sources for a news series she published when she was a journalist at Fox News.
 
Confidentiality is the lifeblood of a free press. From Watergate to Harvey Weinstein, confidential sources have helped journalists bring to light malfeasance and hidden crimes that otherwise would have continued. And a strong reporting culture is a counter to the growing surveillance state enabled by technology. That is why in September 2022, the House unanimously passed the bipartisan Protect Reporters from Exploitive State Spying, or PRESS Act – and why the House Judiciary Committee unanimously approved it again on July 19 of this year.
 
This measure would bring the federal government up to speed with 49 states by shielding reporters from choosing between jail or ratting out whistleblowers and sources as ordered by a federal judge or prosecutor. The PRESS Act is reasonable legislation, allowing for exceptions in extreme cases.
 
PPSA has long admired Catherine Herridge’s impartial and fearless reporting. We support her and all journalists who face these dilemmas. This is all the more reason why the House should again pass this bill and the U.S. Senate should take up the PRESS Act when Congress returns after August recess.

​Does the Fifth Amendment privilege against self-incrimination prevent the government from forcing a defendant to unlock their cellphone? That’s the question at issue in People v. Sneed, a recent case brought before the Illinois Supreme Court, which found in favor of the state. 
 
This ruling is a blow to Fifth Amendment protections in the digital age and an interpretation that cannot be sustained if we are to properly extend constitutional protections to ever-evolving technology.
 
In an amicus brief before the court, the American Civil Liberties Union aptly laid out the arguments against compelling passwords from the accused. Fifth Amendment protections against self-incrimination, they point out, derive from the founders’ fears of an American “Star Chamber,” the English judicial body that became synonymous with oppressive interrogation tactics and a lack of due process. 
 
Drawing on this foundation, the American legal system has largely supported the notion that “the State cannot compel a suspect to assist in his own prosecution through recall and use of information that exists only in his mind.” To do so would impose a “cruel trilemma” on a defendant who would face an impossible choice: perjury, self-incrimination, or contempt of court. 
 
As the ACLU points out, numerous high courts (including Indiana and Pennsylvania) have found that password disclosure constitutes testimony because it draws from “the contents of one’s mind.” Yet courts in New Jersey and Massachusetts have sided with Illinois, presenting a significant conflict of law in the ongoing effort to adapt constitutional precepts to our changing society.  
 
In finding for the state and forcing the defendant, Sneed, to unlock his cellphone, the Illinois Supreme Court drew on a somewhat obscure legal exception to the Fifth Amendment right against self-incriminating testimony known as the “foregone conclusion” doctrine. That exception, which the Supreme Court of the United States has applied only once before, holds that producing a password is not testimonial when the government can show, with reasonable particularity, that it already has knowledge of the evidence it seeks, that the evidence was under control of the defendant, and that the evidence is authentic. The idea is that the act of producing a password has little testimonial value in and of itself.  
 
The court misapplied that doctrine here, placing the focus on the password rather than the contents of Sneed’s cellphone. 
 
The court drew on precedents that probable cause justifies the intrusion: “Any information that may be found on the phone after it is unlocked is irrelevant, and we conclude that the proper focus is on the passcode.”
​
But probable cause does not constitute evidentiary certainty. And, in applying its analysis to passcodes rather than the contents of a safe or lockbox or cellphone, the court ignores that the Supreme Court of the United States’ use of this exception in Fisher v. United States (1976) depended on a specific, narrow set of facts. There, the analysis focused on the production of business documents already proven to exist – not on a passcode. 
 
Allowing the “foregone conclusion” exception to apply to testimonial production of cellphone passwords opens the door to forcible government snooping across the vast scope of our digital lives. Gaining access to someone’s cellphone can reveal anything and everything about that person – including the most intimate details of a life. 
 
As the ACLU put it: 
 
“Locked phones and laptops may impose obstacles to law enforcement in particular cases. So do window shades. It is sometimes true that constitutional protections interfere with law enforcement investigations.” 
 
Until the Supreme Court of the United States resolves this issue, our Fifth Amendment rights in the digital age remain in doubt. 

On Friday, the ACLU fired a full salvo at the FBI after the Office of the Director of National Intelligence released two court opinions that detail blatant violations of Americans’ privacy, including a sitting state court judge. The opinions come from the Foreign Intelligence Surveillance Court and describe how the entire national intelligence community, not just the FBI, performed numerous violations of legal requirements and court-ordered rules intended to protect Americans’ privacy. 
 
The FISC writes that the FBI repeatedly engaged in prohibited searches of Section 702 databases for information pertaining to unsuspected targets. The opinions also demonstrate the evolving uses of Section 702: the NSA is reportedly using its Section 702 powers “to conduct routine, suspicionless searches of people overseas who are applying for immigration benefits or seeking to travel to the United States.” The FISC notes the unprecedented nature of this kind of use for Section 702. The data of millions of Americans who are in contact with people seeking to come to the United States will surely be swept up by this new trend.
 
Patrick Toomey, former U.S. Senator and Deputy Director of the American Civil Liberties Union’s National Security Project, said that “These disturbing new revelations show how Section 702 surveillance, a spy program the government claims is focused on foreign adversaries, is routinely used against Americans, immigrants, and people who are not accused of any wrongdoing.” 
 
PPSA is astonished by the revelations disclosed by these two FISC opinions. The latitude for abuse of surveillance powers has only grown. Meanwhile, more and more Americans are being caught in the crossfire. Congress must act now to secure the privacy rights of Americans everywhere.

​On Friday, the Office of the Director of National Intelligence released a Foreign Intelligence Surveillance Court opinion that details blatant violations of Americans’ privacy. Most distressingly, high-profile American political leaders were among the targets surveilled by the FBI. The heavily redacted opinion released on Friday reveals that the FBI attempted improper searches of the communications of a United States Senator, a state senator, and a judge who complained about civil rights violations by local police. 

If that sounds beyond the pale, the National Security Division (NSD) of the United States Department of Justice thought so, too. 

In the former case, the NSD determined that the “querying standard” used by the FBI to obtain foreign intelligence information was not met. In the latter case, it’s a little more opaque. Last October, the FBI used the anonymous Judge’s social security number to search the Section 702 database. The Judge "had complained to FBI about alleged civil rights violations perpetrated by a municipal chief of police.” The National Security Division’s review stated that this search was also illicit. 

While the U.S. Senator has been notified about the improper search, the state Senator and the state Judge have not. It is clear is that a continued pattern of government abuse persists when it comes to Section 702 of the Foreign Intelligence Surveillance Act. 

Although the FISC states that, “there is reason to believe that the FBI has been doing a better job in applying the querying standard,” the anonymous judge also admits that “[t]he prevalence of non-compliant queries conducted by the FBI, and particularly of broad queries that were not reasonably likely to return foreign intelligence information or evidence of crime, has been a major focus of concern….”

Indeed it has been. In fact, the same court found in 2018 that there was a “deficiency in the FBI’s querying and minimization procedures” based on “large-scale, suspicionless queries….”

The Court found that the FBI’s implementation of remedial measures has improved the Bureau’s compliance with Section 702’s specificity requirements. But they make sure to soften that finding with a disclaimer: “NSD devotes substantial resources to its oversight efforts, but still can examine only a fraction of total FBI queries. It is therefore possible that serious violations of the querying standard have so far gone undetected.” 

The FBI has a long track record of repeatedly misusing the Section 702 database, but to poll information on high-profile elected officials is a new level of abuse. These revelations come amid a push by the Biden administration to reauthorize Section 702 mere months before it expires at the end of this year. When federal authorities inappropriately attempt to spy on legislators – and even judges – we truly find ourselves with one foot off the merry-go-round. Congress must take this into account in the coming months. 

​In late 2022, pursuant to its internal policy, Google informed two customers about law enforcement action taken against them by the Department of Justice five years prior. The customers in question: Republican staffers working for then-House Intelligence Committee Chairman Devin Nunes. According to contemporaneous reports, authorities subpoenaed addresses, screen names, telephone and payment records, and “all customer and subscriber account information” related to the two staffers. What’s more, as the Wall Street Journal editorial board recently pointed out, this was apparently done without informing Congress, as is typical practice. 

One of the targeted staffers was Kash Patel, who at the time served as senior counsel to the House Intel Committee. Given the Committee’s focus at the time – looking into the origins of the FBI’s investigation of alleged collusion between the Trump campaign and Russia – some dot-connecting might well be warranted. 

What truly shocks the conscience, however, is that Justice would clandestinely spy on Congress in the first place. As the Wall Street Journal wrote, “If DOJ used its law enforcement tools to snoop on Mr. Nunes, that would be an abuse of power.” 

Now, House Judiciary Chairman Jim Jordan has issued a letter to FBI Director Christopher Wray demanding answers. All who care about data privacy – and the integrity of congressional authority – deserve them.

​Gene Schaerr, PPSA general counsel, in testimony before a House subcommittee on Friday, urged Congress to assert its prerogative to interpret Americans’ privacy and Fourth Amendment rights against the federal government’s lawless surveillance.
 
Schaerr said the reauthorization of a major surveillance law this year is a priceless opportunity for Congress to enact many long-needed surveillance reforms. There is, Schaerr told the Members of the House Judiciary Subcommittee on Crime and Government Surveillance, no reason for Congress to defer on such a vital, national concern to the judiciary.
 
Congress also needs to assert its authority with executive branch agencies, he said. For decades, when Congress reforms a surveillance law, federal agencies simply move on to other legal authorities or theories to develop new ways to violate Americans’ privacy in “a game of surveillance whack-a-mole.”
 
Schaerr said:
 
“As the People’s agents, you can stop this game of surveillance whack-a-mole. You can do that by asserting your constitutional authority against an executive branch that, under both parties, is too often overbearing – and against a judicial branch that too often gives the executive an undeserved benefit of the doubt. Please don’t let this once-in-a-generation opportunity slip away.”   
 
Schaerr was joined by other civil liberties experts who described the breadth of surveillance abuse by the federal government.
 
Liza Goitein of the Brennan Center for Justice at NYU Law School said that FISA’s Section 702 – crafted by Congress to enable foreign surveillance – has instead become a “rich source of warrantless access to Americans’ communications.”
 
She described a strange loophole in the law that allows our most sensitive and personal information to be sold to the government. The law prevents social media companies from selling Americans’ personal data to the government, but it does not preclude those same companies from selling Americans’ data to third-party data brokers – who in turn sell this personal information to the government.
 
Federal agencies assert that no warrant is required when they freely delve into such purchased digital communications, location histories, and browsing records. Goitein called this nothing less than the “laundering” of Americans’ personal information by federal agencies looking to get around the law. 
 
“We’re a nation of chumps,” said famed legal scholar and commentator Jonathan Turley of the George Washington University Law School, for accepting “massive violations” of our privacy rights. He dismissed the FBI’s recent boasts that it had reduced the number of improper queries into Americans’ private information, likening that boast to “a bank robber saying we’re hitting smaller banks.” 
 
Many members on both sides of the aisle echoed the concerns raised by Schaerr and other witnesses during the testimony. Commentary from the committee indicates that Congress is receptive to privacy-oriented reforms.
 
Gene Schaerr cautioned that Congress should pursue such a strategy of inserting strong reforms and guardrails into Section 702, rather than simply allowing this authority to lapse when it expires in December. Drawing on his experience as a White House counsel, Schaerr said the “executive branch loves a vacuum.” Without the statutory limits and reporting requirements of Section 702, the FBI and other government agencies would turn to other programs, such as purchased data and an executive order known as 12333, that operate in the shadows.
 
Despite this parade of horribles, the hearing had a cheerful moment when it was interrupted by the announcement of a major reform coalition victory. The Davidson-Jacobs Amendment passed the House by a voice vote during a recess in the hearing, an announcement that drew cheers from witnesses and House Members alike. This measure would require agencies within the Department of Defense to get a probable cause warrant, court order, or subpoena to purchase personal information that in other circumstances would require such a warrant.
 
Schaerr was optimistic that further reforms will come. He said:
 
“Revulsion at unwarranted government surveillance runs deep in our DNA as a nation; indeed, it was one of the main factors that led to our revolt against British rule and, later, to our Bill of Rights. And today, based on a host of discussions with many civil liberties and other advocacy groups, I’m confident you will find wide support across the ideological spectrum for a broad surveillance reform bill that goes well beyond Section 702.”

​Last month, we wrote about a surprisingly frank report from the Office of the Director of National Intelligence admitting the government’s increasing role in utilizing Commercially Available Information about United States citizens for investigative purposes. Despite the Supreme Court’s ruling in Carpenter v. United States, which held that a warrant is required before the government can seize location history from cell-site records, the report candidly reveals that the bulk collection of Americans’ private data continues unabated. Now, the Commonwealth of Massachusetts is taking steps to ban the purchase and sale of location data altogether. It’s a blunt solution to a complex issue, and a bellwether for where this debate might be headed. 

“Location data” refers to information about the geographic locations of mobile devices like smartphones or tablets. When collected, this data can be used for relatively benign purposes like marketing – but also to identify the movements of  individuals and discern their identities (a 2013 study found that only four spatio-temporal data points are required to identify someone in most circumstances).

A host of companies collect this information, package it, and sell it to private actors like advertisers – and, increasingly, law enforcement agencies. The government can learn a lot about you based on your movements – and they know it. For example, the FBI has its own team dedicated to analyzing cell tower data. 

A growing number of states are now taking action to protect the digital privacy of their residents. Laws passed in California and Virginia require the affirmative consent of consumers before geolocation data can be used for specified purposes. The European Union has gone further, prohibiting the use of sensitive data by default unless a company can demonstrate that its use falls under a specifically enumerated exemption.

In the United States, Massachusetts’ Location Shield Act (H.357|S.148) is by far the most comprehensive effort yet to protect our data from unwarranted (or warrantless) snooping. The bill’s drafters couch it within a social policy framework; it’s described as “An Act protecting reproductive health access, LGBTQ lives, religious liberty, and freedom of movement by banning the sale of cell phone location information.” 

Such concerns are not unfounded. As the ACLU writes, “In the aftermath of the Supreme Court’s Dobbs decision…journalists found that data brokers have continued to buy, repackage and sell the location information of people visiting sensitive locations including abortion clinics. This puts people who seek or provide care in our state at risk of prosecution and harassment, creating a vulnerability in our state’s post-Roe protections.” 

Beyond addressing those concerns, however, the bill does a lot to broadly reinforce our Fourth Amendment rights against unreasonable searches and seizures, implementing a warrant requirement for any law enforcement access to location data. Such restrictions would clear away some of the murk surrounding this issue in the wake of the Carpenter case, which required a warrant when accessing location data from phone companies, but which holds limited relevance when such data are readily available for commercial purchase. (Obviously, the same legal reasoning should apply.) 

Americans are waking up to the dangers of the $16 billion data brokerage industry. In Massachusetts, 92% of survey respondents said the government should enshrine stronger protections for consumer data – all the way back in 2017. Whether this bill makes it over the finish line or not, it’s a clear sign that Americans want comprehensive data privacy reform. 
And Massachusetts’ solution is one we’ll readily share. 

In today’s House Committee Judiciary hearing with FBI Director Christopher Wray, Rep. Pramila Jayapal (D-WA) expertly revealed the extent to which the FBI is unwilling to publicly discuss its use of commercially available information (go to 1:10:50 mark).
 
Rep. Jayapal asked the director about his claim before the Senate Intelligence Committee in March that the FBI had previously purchased Americans’ location data information from internet advertisers but had stopped the practice. Why, then, Jayapal asked, did a report from the Office of the Director of National Intelligence (ODNI) reveal that the government continues to purchase Americans’ personal data scraped from apps and sold to the government by third-party data brokers?
 
The report was surprising for its frankness. An ODNI panel admitted that such data can be used to “facilitate blackmail, stalking, harassment, and public shaming.”
 
Rep. Jayapal asked how the FBI uses such data. Director Wray responded that this is too complex to cover in a short exchange. He said there are so many precise definitions that he had best send “subject matter experts” from the FBI to give Rep. Jayapal a briefing, presumably behind closed doors and under classified rules that would prevent public discussion.
 
Rep. Jayapal then went on to note that more than historic location data is at stake. Purchased data, she said, include biometric data, medical and mental health records, personal communications, and internet search histories and activities. She asked Director Wray: Does the FBI have a written policy on how it uses such commercially available information?
 
Director Wray did not seem sure. He replied that he would be happy to provide a private briefing.
 
Rep. Jayapal next asked if there is an FBI policy for using purchased information against Americans in criminal cases.
 
Once again, Director Wray punted.
 
After Rep. Jayapal was finished, House Judiciary Chair Jim Jordan (R-OH), said that her remarks were “well said,” and promised a bipartisan approach on the issue. Speaking for Republicans, Chairman Jordan told Rep. Jayapal, chair of the progressive caucus, “you have friends over here who want to help you with that.”
 
We suggest that a bipartisan next step could be an open hearing with the FBI’s experts on how much purchased information is obtained and how it is used.

​ACLU is celebrating the 15th anniversary of the Foreign Intelligence Surveillance Act (FISA) amendments by highlighting a floor statement President Joe Biden made as a U.S. Senator in 2008.
 
In his Congressional Record submission, Sen. Biden declared the measure that we would come to know as Section 702 as “constitutionally infirm.” He voted against it. Sen. Biden’s words would be a better guide to President Biden’s surveillance policies than those advocated by his appointees and representatives today.
 
For months now, the administration’s representatives on Capitol Hill have argued that Section 702 of FISA should be reauthorized without changes or reforms. FBI Director Christopher Wray and others have, with the backing of the president, made this case even though, by the administration’s own admission, this authority meant by Congress to authorize surveillance of foreigners located abroad has been used in 246,000 targeted searches of Americans’ communications.
 
While we should not uncritically accept the government’s numbers, and the definitions and assurances behind it, let’s take the government’s number as a minimum. The question remains why the government believes 246,000 violations of Americans’ civil liberties is acceptable. That number constitutes millions of civil rights violations in a few years and more violations than there are people in a sizable city, say, Richmond, Virginia.
 
As a U.S. Senator, Joe Biden foresaw problems with Section 702. He complained that the law authorized only weak judicial oversight by the FISA Court, beholden to the good faith of executive branch officials. Sen. Biden said the Attorney General and the Director of National Intelligence would certify after the fact to the FISA court that they had good reason to believe targets were located outside of the United States, “regardless of how many calls to innocent American citizens inside the United States were intercepted in the process.”
 
“This would be a breathtaking and unconstitutional expansion of the President’s powers,” Sen. Biden said. Now those powers are in the hands of President Joe Biden.
 
As senator, Joe Biden set out an overarching principle we’d all be wise to remember:
 
“One of the defining challenges of our age is to combat international terrorism while maintaining our national values and our commitment to the rule of law and individual rights. These two obligations are not mutually exclusive. Indeed, they reinforce each other.”
 
PPSA has been hearing as much from Congressional leaders, from Democrats as well as Republicans.
 
Our point is not to slam Joe Biden for inconsistency, but to sharpen the debate for Members of Congress. The president was right the first time: We can have protection from terrorists and spies without jettisoning our civil rights. We can reform Section 702 so it will work within the guardrails of the Constitution.

​Sens. Ron Wyden and Rand Paul are renewing their push for the Protecting Data at the Border Act, a bill to ensure that government agents, including agents of Customs and Border Protection, obtain a warrant to search the personal data of Americans returning from abroad. The measure would send a resolute message: Americans' digital privacy is guaranteed, even at the border.
 
Until 2014, the federal government claimed it did not need a warrant to search a device if a person had been arrested. In Riley v. California, a landmark Supreme Court case, the Justices unanimously held that the warrantless, deep search of the digital contents of a cell phone during an arrest is unconstitutional under the Fourth Amendment. If this principle pertains to an arrestee, how much more should it pertain to an American citizen who is merely traveling?
 
Yet border zones, whether points of entry to Canada or Mexico, or airports, have become legal twilight zones where the Fourth Amendment is treated as a suggestion. With ever-increasing international traffic, the potential for government misconduct grows as well.
 
PPSA has called attention to constitutional loopholes at the border before. In 2021, we reported that two troubling trends at the border threatened the rights of Americans. One is the rollout of facial recognition technology and other biometric surveillance by Customs and Border Patrol, which is used on citizens and non-citizens who arrive at a U.S. airport. The other – and by far the most intrusive – is the existing practice of accessing the contents of returning citizens’ cellphones, laptops, and other electronic devices.
 
In 2017, a NASA employee was stopped by Customs and Border Patrol agents and told he could not leave until he gave CBP agents his password to his phone, which belonged to NASA and contained sensitive and confidential information. In an ACLU petition filed to the Supreme Court in 2021 (Merchant v. Mayorkas), eleven U.S. citizens sued over having their electronic devices examined at the border without a warrant or reasonable suspicion. Unfortunately, the Court declined to hear the case.
 
PPSA endorses the Protecting Data at the Border Act. This bill will go a long way towards codifying and ensuring that the Fourth Amendment protects American citizens at the border. The bill will also prohibit officials from delaying or denying entry to the U.S. if a person declines to hand over devices and requires law enforcement to have probable cause to seize a device.
 
Bob Goodlatte, PPSA senior policy advisor and former Chairman of the House Judiciary Committee, said:
 
“There is no excuse for the government to suspend the Fourth Amendment at the border. While it is reasonable for border agents to protect the nation with inspections for pests, contraband, and illegal narcotics, it is an outrageous violation of the Constitution for agents to scan the contents of our digital devices, delving into the sensitive and personal aspects of our domestic lives.
 
“Sens. Ron Wyden and Rand Paul are stepping up to remind the government that we don’t shed our constitutional rights just because we travel.”

​FBI documents acquired through Freedom of Information Act (FOIA) requests by PPSA  and the American Civil Liberties Union show how authorities continue to conceal information about how stingray technology is really being used. The downstream effect of this deception likely results in defendants being denied the ability to know how a case was constructed against them, degrading their right to a fair trial.
 
Dozens of federal and state agencies have benefitted from the generosity of the Department of Justice in sharing with state and local police cell-site simulators, popularly known by the brand name “Stingrays.” These devices trick cellphones into revealing their owners’ locations and other sensitive, personal information.
 
An email from the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), released today by PPSA, one ATF official writes to another:
 
“To remain consistent with our DOJ Partner, in this case, the USMS (U.S. Marshall Service) since they are the largest user of this technology, we respectfully request that this technique not be disclosed in an affidavit.”
 
ACLU’s FOIA shows the same instructions from the federal government imposed in nondisclosure agreements on police departments when they ask for this technology to track suspects. These contracts don’t beat around the bush. They explicitly require police departments to withhold information about stingrays and their usage from defendants and lawyers. The FBI argues that such secrecy is required to prevent revealing information that would enable criminals to “thwart law enforcement efforts.”
 
But what’s the big secret? Despite the clandestine nature of this federal/local partnership program, stingray technology and its capabilities have been an open secret for years now. This technology was depicted under another brand name – “triggerfish” –on season three of HBO’s The Wire. That was in 2004. Could the real secret be that police departments are conspiring with the FBI to conceal the use of privacy-invading technology to give prosecutors an unfair, “backdoor” advantage in their cases?
 
PPSA has often reported the ways in which federal or state agencies routinely circumvent constitutional privacy protections. One well-known method is the parallel construction of evidence, in which prosecutors leverage illicitly gained knowledge to turn up evidence from a source acceptable in court. It is well established legal doctrine that illicit evidence, the “fruit of the poisonous tree,” should not be admissible. But who knows what is poisonous if the tree is hidden?
 
The acquired federal documents actually spell out how parallel construction should work – advising the police to pursue “additional and independent investigative means and methods” to obtain evidence collected through use of a cell-site simulator.
 
The suggestions on how to accomplish such secrecy were redacted by the FBI. The Bureau argues that revealing information about stingrays would have a “significant detrimental impact on the national security of the United States.” The revelation of even minor details is so heavily restricted that police have dropped charges against a suspect rather than unveil information in open court.
 
“The important question posed by privacy advocates is why are police departments and the FBI going to such lengths to conceal information about a technology that is public knowledge?” asked Bob Goodlatte, former chairman of the House Judiciary Committee and PPSA Senior Policy Advisor. “The capabilities of stingrays are well-known, with knowledge of their deployment on popular television almost twenty years ago.
 
“Yet the government still insists that the basics of stingray use is a precious national secret,” Goodlatte said. “Congress should demand to know if there is any basis at all for these non-disclosure agreements – and how common parallel construction really is in practice.”

In 2018, the U.S. Supreme Court held that a warrant is needed before government agencies can seize your location history from cell-site records. That opinion, Carpenter v. United States, often described as a landmark ruling, has actually become little more than a legal watermark thanks to the machinations of government agencies.
 
When a government agency wants to know where you’ve been, or anything about you, all it has to do is consult the trove of sensitive personal information on millions of Americans scraped from apps and purchased from third-party data brokers. No warrants required. As they used to say in internet ads, the government knows all about you with this one weird trick.
 
Two responses to PPSA Freedom of Information Act (FOIA) requests show how freely the FBI and DIA access Americans’ personal information.
 
The FBI has a team dedicated to working with cell tower data. Their specialties include “historical CDR (call detail records) analysis and geospatial mapping,” which enables the tracking of people across multiple towers. The FBI conducts “tower dump analysis,” which seems to be the collection of bulk data from cell towers and “real-time cellular tracking” services. The documents obtained by PPSA show that the FBI regularly lends out these services to state and local governments.
 
The Defense Intelligence Agency documents show that the agency uses commercially available data for “cover operations.” Does this mean DIA is using data to help agents impersonate real people? Or is DIA using our personal information as material from which to create fake, chimeric identities, using a blend of personal information from multiple real people?
 
These are just glimpses into how the government uses our personal information, from our movements to our personal interests, relationships, and beliefs. PPSA will continue to use FOIAs and lawsuits to dig out more details about these practices.

​PPSA today announced the filing of a Freedom of Information Act (FOIA) request with the Department of Justice asking for documents and records showing whether DOJ ensures it has probable cause before issuing administrative subpoenas to seize Americans’ private electronic data. 
 
Civil libertarians have long suspected that the DOJ often uses such administrative subpoenas to circumvent the probable-cause requirement for searching Americans’ records. This is particularly troubling, since such subpoenas, issued without a court order or judicial oversight, are often used to collect bulk data rather than targeting information from an identifiable target.
 
“It may be likened to a fishing expedition, with Americans as the fish,” said Gene Schaerr, PPSA general counsel.
 
PPSA’s FOIA request covers all the components of the Department of Justice, including the Executive Office for United States Attorneys, the FBI, the Drug Enforcement Administration, the DOJ’s Criminal Division, and the Bureau of Alcohol, Tobacco, Firearms and Explosives.
 
PPSA is seeking:

• Records reflecting whether probable cause is required to use administrative subpoenas, and whether there has been any change in how this requirement has been applied.

 

• Records reflecting each instance when an administrative subpoena was used without probable cause.

 

• Records reflecting each instance when an administrative subpoena was requested but not approved due to a lack of probable cause.

 

• Records reflecting policies, procedures, or guidance regarding use of administrative subpoenas rather than court-ordered subpoenas.

 

• Records discussing how to share data or information obtained through administrative subpoenas with other federal agencies, state governments, or state and local law enforcement.

 

• Records reflecting the use of administrative subpoenas not directed at or related to particular identifiable investigations or targets.

 
“We are not asking about sources or methods or anything else that would trigger a Glomar response that would shut off all disclosure,” Schaerr said. “We seek topline information necessary for Congress to conduct oversight and for the American people to understand how our government uses our most personal and sensitive information.”

​For all the focus on digital privacy, traditional Fourth Amendment violations by the government are as common as ever. One area of habitual constitutional overreach is child welfare, as illustrated by a recent, disturbing event in Waltham, Massachusetts.
 
In the early morning hours of July 16, 2022, officials from the Massachusetts Department of Children and Families, flanked by several armed police officers, knocked on the door of Waltham residents Sarah Perkins and Joshua Sabey and demanded the surrender of their children.
 
The officials had no warrant. There were no exigent circumstances. They had no reason to believe the children were in imminent threat of bodily harm. Yet, despite the parents’ reasonable protestations, the officers issued an ultimatum: Give us your children or we’ll break down the door and take them. Ultimately, Sarah and Josh gave in to the inevitable, ushering their sobbing children into the waiting cars of strangers, who whisked them away in the night.

Nationally, more than three million children come under the care of state child protective services each year. In cases involving home searches, according to a recent study by ProPublica, authorities rarely – if ever – obtain a warrant. In New York, for example, research shows that the Administration for Children’s Services obtained a warrant or entry order in less than 0.2% of instances.
 
The Fourth Amendment plainly states: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” (The founders never thought it was necessary to also add, “and their children!”) That amendment requires a probable cause warrant to examine a home. Constitutional protections extend to the states through the Due Process Clause of the Fourteenth Amendment, yet child welfare agencies largely operate as though exempt from such constitutional strictures, regularly entering homes based on vague determinations of imminent threat to a child.

Let us be clear: such concerns are often well founded, and we support the right of the state to intervene to protect abused or neglected children. But there needs to be a lawful process. The case of Sarah Perkins and Joshua Sabey is an instructive example of what can happen when there are no guardrails on the discretionary exercise of police power.
 
These parents fell under the suspicion of child welfare authorities after taking their three-month-old to the hospital for high fever. When staff members conducted an X-ray, they discovered a healing rib fracture. Concerned about abuse, they called in a social worker who questioned Sarah about the injury.
 
For her part, Sarah had no clue how the injury occurred, though it was later determined that the child’s grandmother may have inadvertently caused it while removing the child from a car seat. For three days, the parents were subjected to a thorough investigation, which included home visits and persistent interference by state authorities, who found neither evidence of abuse nor danger in the home. Everything seemed fine until three days later, when a DCF supervisor made the seemingly arbitrary decision that the children should be taken into custody in the middle of the night.
 
Sarah and Joshua were eventually cleared of any misconduct and re-acquired full custody following several months of legal wrangling. But what about families that lack the resources to engage in such a prolonged fight?
 
The application of the Fourth Amendment to child protective services is an area that requires sharper legal definition. A circuit split exists on the issue and the Supreme Court has not specifically weighed in.
 
Sarah and Josh, meanwhile, have rightly filed suit against individuals at DCF and the Waltham Police Department alleging unreasonable search and seizure and due process violations under the Fourth and Fourteenth Amendment, respectively. They’re also working with members of the Massachusetts legislature on a new law that would require approval by an on-call judge before any after-hours removal. It’s a reasonable constraint on the currently unchecked power of a vast, often adversarial government bureaucracy.
 
There is no question that real and heartbreaking instances of child abuse occur. Child protective services must have the power to remove children from these circumstances. But such power must not be limitless. Of all our constitutional and natural rights, parental rights are the most precious.

For years, PPSA has warned about the vast amounts of sensitive personal information about our private lives that are scraped from our apps and sold by third-party data brokers to government intelligence and law enforcement agencies. Now we have telling details from the inside.
 
On Friday, the Office of the Director of National Intelligence released a declassified report from a senior advisory group that sheds new light on the dangers posed by Commercially Available Information (CAI). Unlike most government documents, this report is remarkably self-aware and willing to explore the dangers of this policy in plain language.
 
This panel details all the many sorts of data that the government collects about us from commercial sources.

• On the financial side, federal agencies collect bankruptcy information, employment history and income, credit histories, consumer purchase histories, and consumer interests.

 

• Agencies acquire records about our ethnicities, possible criminal records, voting registration, travel records, and attorney-client information.

 

• Agencies purchase our medical and mental health information, religious activities, browsing histories and library records, communications with friends, expressions of political views, and groups and individuals with whom we associate. And government also acquires details about Americans’ sex lives.

 
One data broker with the exceptionally creepy name of PeekYou brags that it “collects and combines scattered content from social sites, news sources, homepages, and blog platforms to present comprehensive online identities.”
 
The panel is forthright about how this data can be used to “facilitate blackmail, stalking, harassment, and public shaming.” It is not difficult, the report notes, for deanonymized information (which exposes a person’s identity) sold by data brokers to be combined or used with other data “to reverse engineer identities or deanonymize various forms of information.”
 
The authors of this report recognize how dangerous it is for the intelligence community to have this much commercially available information on its citizenry at its fingertips.
 
“The government would never have been permitted to compel billions of people to carry location tracking devices on their persons at all times, to log and track most of their social interactions, or to keep flawless records of all their reading habits. Yet smartphones, connected cars, web tracking technologies, the Internet of Things, and other innovations have had their effect without government participation. While the IC cannot willingly blind itself to this information, it must appreciate how unfettered access to CAI increases its power in ways that may exceed our constitutional traditions or other societal expectations.”
 
The authors note that “CAI could be used, for example, to identify every person who attended a protest or rally based on their smartphone location or ad-tracking records.” And the danger to the American people is not just from our government: this report warns of “intelligence benefits to our adversaries,” allowing foreign agencies to use open-source intelligence and AI to disinform and influence the public.
 
It cites a chilling factoid from a Duke University report that of the 10 major data brokers, three advertise an ability to provide data to identify U.S. military personnel.
 
The ODNI report quotes the Duke study that foreign actors could use CAI “to bolster their influence campaigns to interfere in U.S. electoral processes. Criminal organizations could use this data to build profiles on and subsequently target prosecutors and judges. Foreign intelligence organizations could acquire this data through a variety of means – including through front companies that could legally purchase the data from U.S. brokers and through simply hacking a data broker and stealing it all – to build profiles on politicians, media figures, diplomats, civil servants, and even suspected or secretly identified intelligence operatives.”
 
The authors recognize a danger for U.S. agencies, that “mission creep” can “subject CAI collected for one purpose to other purposes that might raise risks beyond those originally calculated.” It raises the question of the government’s obligation to respect the Fourth Amendment in accessing technologies that track our movements. It highlights the principles set out in a Supreme Court opinion that requires a warrant for certain kinds of cellsite location data.
 
Yet the report notes that the Defense Intelligence Agency nevertheless provides funding to “another agency” for it to purchase commercially available geolocation data aggregated from smartphones. The author admits it is unclear whether this data is for U.S. locations or foreign ones. The report says that agencies rely on a facial recognition company, Clear, not only to “resolve identities,” but also to locate people.
 
The authors challenge the bland assertions of federal agencies that Commercially Acquired Information, CAI, is the same as Publicly Available Information, PAI.
 
“In our view, profound changes in the scope and sensitivity of CAI have overtaken traditional understandings, at least as a matter of policy. Today’s publicly available CAI is very different in degree and in kind from traditional PAI.”
 
The authors refer to Riley v. California, a Supreme Court case that required a warrant before police could access information in a suspect’s cellphone. The report quotes the Court that asserting that modern CAI is materially indistinguishable from traditional PAI “is like saying a ride on horseback is materially indistinguishable from a flight to the moon.”
 
Having defined the problems, the authors of this report advance possible solutions. They propose internal processes that could minimize the dangers of mass collection of our private information, changes in how information is cataloged, developing standards and procedures, heightening approvals for information in “sensitive” categories, the creation of additional mitigation measures, and developing more “precise sensitivity and privacy-protecting guidance for PAI.”
 
The authors of this report should be commended for their frankness. Their solution, however, would merely replicate the failed approach of the FBI in its repeated attempts to reform the processes used to extract Americans’ personal information from Section 702 of the Foreign Intelligence Surveillance Act.  
 
In both instances, the answer to these dilemmas is the Fourth Amendment’s probable cause warrant, an 18th century solution for these 21st century dilemmas.