Washington seemed to have reached a tipping point last week in the surveillance reform debate. Reformers are taking heart from the receptivity of the Trump Administration and its nominees to surveillance reform, while defenders of the surveillance status quo are doubling down on the untenable position of opposing all reform. Those defenders likely agree with The Wall Street Journal, whose editorial board found the removal of Rep. Mike Turner, Chairman of the House Intelligence Committee, a “bad message about the need for public honesty about threats to U.S. security.” In confirmation hearings of Trump nominees several senators created a false dichotomy when describing the fate of Section 702 – the Foreign Intelligence Surveillance Act authority that allows federal agencies to spy on foreign threats on foreign soil, but abused to spy on many Americans in domestic cases. The choice these champions of the intelligence community offered was between two extremes. One would be to let Section 702’s authority lapse when it comes up for renewal in 2026. The other would be to leave it in place, unchanged. In other words, they are saying our only choice is to either expose the American homeland to terrorists or loyally affirm the surveillance status quo. But something else happened last week as well. Nuance and more openness to debate seemed to be breaking through the noise, and not a minute too soon. While the new House Intelligence Chairman Rick Crawford (R-AR) is not known as a surveillance reformer, civil liberties groups are hopeful he will allow a balanced debate to take place. We look forward to Chairman Crawford listening to our objections about the government’s abuses of Section 702 and the separate expansion of “electronic communications service providers” with a legal duty to engage in domestic spying. Chairman Crawford surely knows that many on the Hill are still smarting from the way some colleagues strong-armed them into blocking a promised fix to a law mandating that virtually every business, organization and house of worship with free Wi-Fi be obligated to spy on their customers for the NSA. Chairman Crawford will also be told that reformers are pushing back on Section 702, not because we want to protect foreigners – who have no Fourth Amendment rights – but because we want to protect American citizens from warrantless FBI surveillance in ordinary domestic investigations. Consider that as recently as 2022, the FBI had accessed the communications of Americans garnered via Section 702 more than 200,000 times. President Trump, having been victimized himself through another FISA authority during the Carter Page affair, seems to be nominating Cabinet officers who agree that the FBI has been out-of-control. Sen. Mike Lee (R-UT) made this clear when he was interviewed by Laura Ingraham on Fox News to discuss the confirmation testimony of Pam Bondi, President Trump’s AG nominee. Sen. Lee said of Bondi: “She understands the Fourth Amendment. She understands that the U.S. government can’t go after your personal effects, your papers, your private communications, without a warrant … backdoor warrantless searches under FISA 702 have become a problem. “We’re told over and over again by FBI Directors and attorneys general, ‘Don’t worry about it. These aren’t the [violations] you’re looking for. We have procedures to handle this.’ And they’re lying. Pam Bondi went on record today, saying ‘We shouldn’t do that.’ And I am thrilled that she did.” The dust is still settling from an earthquake election, the replacement of a House Intelligence Committee chairman, and a likely attorney general affirming that the backdoor search loophole of Section 702 must be addressed. Perhaps now we can have a mature discussion about surveillance reform. If we do, Congress can add guardrails to Section 702 to end the FBI’s warrantless surveillance of Americans while keeping a strong national security tool that protects the American homeland. Perhaps the stars are lining up for a deal. Endorses “Appropriate Safeguards” for Section 702 John Ratcliffe slid though his confirmation hearing for his nomination as Director of the Central Intelligence Agency on a greased toboggan. Along the way, he offered encouraging glimpses into his thinking about surveillance reform. Sen. James Lankford (R-OK) spoke up for Section 702, the Foreign Intelligence Surveillance Act authority that allows federal agencies to surveil foreign threats on foreign soil. John Ratcliffe said that Section 702 is “an indispensable national security tool” and noted that information gleaned from programs authorized by that law often comprises half of the president’s daily intelligence briefing. But Ratcliffe also acknowledged that Section 702 “can be abused and that we must do everything we can to make sure it has appropriate safeguards.” Ratcliffe told the Senate Select Committee on Intelligence that surveillance “can’t come at the expense of Americans’ civil liberties.” Sen. John Cornyn (R-TX) said that Ratcliffe in a private conversation had observed that surveillance authorities are somewhat like steak knives in the kitchen, useful but dangerous in the wrong hands. The problem in the past, the senator from Texas said, was a “lack of trust in people who’ve had access to those tools.” That seemed to be a reference to the FBI, which in the past had used Section 702 powers to vacuum up the communications of more than 3.4 million Americans. There were also some irritating moments for surveillance reformers in the hearing. Several senators alluded to all critics of Section 702 as wanting to repeal that authority and expose Americans to terrorists and spies. They did so without acknowledging that it is possible to criticize and reform that law without ending it. Under questioning from Sen. Michael Bennet (D-CO), John Ratcliffe spoke of his unique experience as a former House Member who sat on the Judiciary Committee and later the House Intelligence Committee and then served in the executive branch as Director of National Intelligence (DNI). Ratcliffe said that he was surprised that despite having served in the legislative branch on an oversight committee of the intelligence community “there was so much intelligence I learned for the first time as a DNI that I knew no Member of Congress was aware of. And I think that sort of speaks to my approach and understanding that I take seriously the obligation that I will have to keep this committee fully informed on intelligence issues.” John Ratcliffe told the oversight committee point blank that there is much it does not know but should. Perhaps that admission will spur senators to dig deeper and conduct stronger supervision of the intelligence community. A jury in London’s Old Bailey criminal court heard prosecutors last week make a case against a Bulgarian man who had stored enough spy equipment in rented rooms in England to fill the Washington, D.C., Spy Museum. The rooms also contained two devices that should be of interest to any American interested in protecting privacy. Among the thousands of paper and digital exhibits shown to the jury were pendant necklaces, soda bottles, water bottles, and a cap with cameras inside, as well as a device to clone car keys. These surveillance tech devices were allegedly held by 46-year-old Orlin Roussev in a guesthouse at a resort on the east coast of England. Roussev is charged with being part of a Russian plot to employ two devices commonly used by the FBI and state and local law enforcement in domestic cases. Among the items prosecutors say were found were two international mobile subscriber identity, or IMSI, devices worth £160,000. These devices, popularly known as “stingrays” are, in essence, fake cell towers that can pull data out of a nearby cellphone and use it to track its owner’s location. Roussev and several others are accused by British prosecutors of planning to go to Stuttgart, Germany, where Ukrainian soldiers are being trained to operate Patriot missile-defense batteries and to use stingrays to link to their personal phones. The British government says these devices were to then be used to follow the Ukrainian soldiers back to Ukraine, locate them in the battlefield with their Patriot missiles, and target them for annihilation. In a domestic context, stingrays can vacuum up the data and locations of a large number of civilian cellphones in a geofenced area. PPSA has learned that local governments signed an agreement with the FBI that severely restricts what local police and prosecutors can reveal about the use of stingrays in a trial. The agreement’s boilerplate stipulates that if the agency “learns that a District Attorney, prosecutor, or a court” is considering releasing such information, the customer agency must “immediately notify the FBI in order to allow sufficient time for the FBI to intervene …” Once the FBI gains warrantless access to your location and movements, it won’t act like the Russians do and fire an Oreshnik missile at you. But it can follow you everywhere you go, make a case against you in court, and no jury will ever know how this evidence was obtained. Perhaps spies accused of acting for Russia might receive more respect for due process in London than an American targeted by a stingray in your hometown. As much as we oppose warrantless surveillance by the FBI, we acknowledge there is much to fear from foreign threats as well. Outgoing FBI Director Christopher Wray’s interview with Scott Pelley on CBS’s 60 Minutes covered a lot of hot political territory, including Wray’s contentious relationship with President-elect Donald Trump. Regardless of your political leanings, however, you should be alarmed by what Director Wray said about China’s use of surveillance and malware to threaten the people of the United States. Pelley reported that CBS has confirmed that China has been listening to the conversations of the two recent presidential candidates, President-elect Trump and Vice President Kamala Harris. Without naming names, Wray said that the FBI believes that the People’s Republic of China has “collected their content, the actual communications of those people.” Wray doubled down on prior statements that China has stolen trillions of dollars’ worth of intellectual property from the United States over the years. China, he said, “has stolen more of American’s personal and corporate data than that of every nation, big or small.” Wray’s words about Chinese malware were the most chilling. He said the greatest danger is the “Chinese government’s pre-positioning [malware] on American civilian critical infrastructure. To lie in wait on those networks to be in a position to wreak havoc and can inflict real-world harm at a time and place of their choosing.” What areas are China targeting? Wray said: “Things like water treatment plants. We’re talking about transportation systems. We’re talking about targeting of our energy sector, the electric grid, natural gas pipelines. And recently we’ve seen targeting of our telecommunications systems.” The latter appeared to be a reference to reports in October that China gained access to AT&T, Lumen, and Verizon systems that the FBI uses for domestic wiretapping investigations. So China appears to be using the FBI itself for outsourcing its spying on Americans. What would an all-out Chinese malware attack on the United States look like? It would look like the Middle Ages, at least for a while. No air travel. No water at the tap. No electricity, which would shut down gas pumps, which would eventually stop vehicular transportation. After the food trucks stop rolling, the squirrels in your backyard might start to look appealing. There is a growing sense among foreign policy experts that a hybrid-war between the United States and China could occur this year, or within the next few years. It is for this reason that PPSA – which has never donned a tin foil hat – soberly advises you to go online or to a big box retail store and purchase several months’ worth of long-term emergency food supplies. You might also want to store water in clean, BPA-free plastic containers, refreshing them every six months. With any luck, these items will just gather dust in your attic, but they will be providing insurance every minute of the day. The proliferation of automated license plate recognition systems (ALPRs) is a boon for safer roadways. These networked cameras can help police spot a stolen car or track fleeing bank robbers with just a few clicks. These systems are growing in capability as the sheer numbers of these watchers, generating data networked and analyzed by artificial intelligence, seamlessly track anyone who drives or rides in a car. Now a privacy advocate has demonstrated that ALPRs systems are leaky, easily accessed on private networks without authentication – and even prone to allow a stalker to stream someone’s travels online. Jason Koebler of 404 Media reports that privacy advocate Matt Brown of Brown Fine Security easily turned license plate readers into streaming video. Without any logins or credentials, Brown was able to join the private networks collecting the video and data these cameras collect. Worse, he found that many of these cameras are misconfigured in a way that an Internet of Things (IoT) search engine can access them for online streaming – a dream-come-true for stalkers, creeps, corporate espionage artists, and perhaps government agencies. Will Freeman, who created an open-source map of U.S. ALPRs, told Koebler that he can write a script to map vehicles to set times and precise locations. “So when a police department says there’s nothing to worry about unless you’re a criminal, there is,” Freeman told 404 Media. Koebler reports that Motorola, the camera’s manufacturer, promised a fix when informed of these vulnerabilities. Given the liability risk, it is likely this particular technological vulnerability will soon be patched. The longer-term threat pertains to the ubiquity of ALPRs systems, which brings to mind Jospeh Stalin’s famous quip about his tanks – “quantity has a quality all its own.” The same is true with camera surveillance. The first few cameras allowed police to catch scofflaws who ran red lights. Many cameras can be used to track people as they drive to political, religious, romantic, or journalistic encounters. Add AI into the mix, and you take the labor out of following journalist Alice on her way to meet with government insider and whistleblower Bob, or to determine which political donor is meeting with which advocacy group, or which public figure is providing the watcher with kompromat. This capability will only grow more robust, reports Paige Gross of the Florida Phoenix, as IoT technologies create “smart cities” with interconnected webs to make roadways and sidewalks safer and the flow of vehicles and people more efficient. We may feel like we’re in a zone of privacy when we’re in our cars. But the Internet of Things is also transforming cities into places where anonymity and privacy are evaporating. “As the technology becomes increasingly denser in our communities, and at a certain point you have like three of them on every block, it becomes the equivalent to tracking everybody by using GPS,” Jay Stanley of the ACLU told Gross. “That raises not only policy issues, but also constitutional issues.” License plate readers are just one element of a surveillance state being knitted together, day by day. From purchases of our digital data by government agencies and corporations, to the self-reporting we make of our movements by carrying our cellphones, to our cars – which themselves are GPS devices – there is a growing integration of a network of networks to follow our movements, posts, and communications … in the land of the free and the thoroughly surveilled. The need for lawmakers in Congress and the state capitals to set guardrails on these integrating technologies is growing more urgent by the day. Perhaps the best solution to many of these 21st century problems is to be found in a bit of 18th century software – the founders’ warrant requirement in the Fourth Amendment to the Constitution. Christian Parenti, John Jay College professor of economics, has penned an intriguing, if somewhat mischievous piece in Compact that makes “The Left Case for Kash Patel.” Parenti builds his appeal for liberal support of Patel, President-elect Trump’s nominee to head the FBI, by drawing on the long-time skepticism of the FBI by the left. This tradition harks back to Sen. Frank Church and his eponymous committee that revealed domestic spying by the federal government and the FBI’s scrutiny, sometimes bordering on persecution, of left-wing and liberal activists. Most notoriously, the FBI tried to provoke The Rev. Martin Luther King Jr. into committing suicide, and was involved in the Cook County police raid that is now largely seen as an assassination of radical activist Fred Hampton. “But these days,” Parenti writes, “many leftists in good standing scoff at the very idea of a ‘deep state’ with the intelligence agencies at its heart.” Parenti goes on to recount for his left-leaning readers conservative complaints about the FBI’s interference in the political process, beginning with the FBI’s use of political opposition research smears to persuade the Foreign Intelligence Surveillance Court (FISC) to issue four surveillance orders of Trump campaign aide Carter Page in 2016, and through him a presidential campaign. Parenti writes that the FBI “proceeded to launder accusations derived from” the Steele Report, which it knew was discredited, “through the press and the DC rumor mill and then treated the resulting rumors as if they were real intelligence.” Parenti makes it clear that the FBI also worked for the better part of a year holding 30 meetings with social media companies to “prebunk” the Hunter Biden laptop story, even though the FBI had authenticated the laptop on Hunter Biden’s iCloud storage account. By connecting the FBI’s misconduct against the left and the right, Parenti argues for a few Patel reform proposals that liberals should get behind. Here are two of them: Move the FBI out of Washington: Parenti writes that “Patel suggests most DC-based FBI staff can be sent to existing field offices, and that the top leadership might need to operate by traveling a circuit of regional offices … An FBI located at the center of DC influence-peddling is necessarily different from one that is scattered across America and tasked with fighting interstate fraud and white-collar crime.” Reform the FBI’s interactions with the secret FISA Court: Patel would do this by “introducing some due-process requirements, including written transcripts of its deliberations and a stable of defense attorneys to attack every warrant request.” This is the essence of the Lee-Leahy Amendment, a proposal to inject civil liberties experts to advise the FISA Court whenever a case implicates sensitive rights involving politics, religion, or journalism. That proposal received 77 votes in the Senate in 2020, with strong support from liberal senators. Parenti concludes that Patel’s agenda to radically reform a Bureau that has “a sordid history of targeting trade unions, peace activists, campus radicals, and Black politicians” deserves the support of the left. But he is skeptical that this will happen in today’s polarized Washington. We ask: Why not welcome the chance to bring guardrails to federal surveillance and reforms to end the Bureau’s political interference? Anyone on either side of the aisle concerned with surveillance abuse should hope for – and encourage Patel – to make good on his goals. A solemn promise was made on the floor of the U.S. Senate – and by the Congress to the American people – that has been broken. As a result, most businesses and organizations in the United States that offer free Wi-Fi service now have a legal obligation to spy on their tenants and customers for the National Security Agency and keep that spying secret from them forever. In April the U.S. Senate reauthorized FISA Section 702, an authority that allows federal agencies to spy on foreign targets on foreign soil. Facing an eleventh-hour vote, the Senate took Senate Intelligence Committee Chairman Mark Warner (D-VA) at his word that a flaw in the bill would soon be corrected. Accepting that promise, the Senate reauthorized Section 702. That flaw concerns a provision added to the reauthorization that allows the NSA to force businesses that offer internet communications – from the landlords of office complexes that house journalists and political campaigns, to fitness centers, to houses of worship – to make the communications of their customers secretly available. Janitors and cleaning services with access to equipment and thumb-drives in their pockets can now be legally enlisted to spy for the NSA. All this can be done without bothering with niceties like the U.S. Constitution’s Fourth Amendment and its warrant requirement. Sen. Warner acknowledged that this language defining an “electronic communications service provider” was overbroad and promised a fix to narrow it. Though the target category is classified, that fix is widely believed to be narrowing the provision to providers of cloud communications. To be fair to Sen. Warner, it was a few House Republicans who rejected adding the fix to the Intelligence Authorization Act. And it was some Republicans who fought to reject any narrowing of this vast expansion of the American surveillance state, dubbed by many to be the “Make Everyone a Spy” provision. We still remain dismayed and disappointed that the Chairman of the Senate Intelligence Committee could make such a promise and not see to it that it is kept. But Congress can still redeem itself. Surely Members will not want to disappoint constituents as word spreads about the extent and magnitude of this new, limitless domestic surveillance program. Surely they will also want to live up to a solemn promise made to colleagues. This fix can be enacted next year. In the meantime, PPSA will be working with our surveillance reform allies, left and right, to narrow the “Make Everyone a Spy” provision. If Congress chooses not to keep its word, however, the American people will surely grow alarmed and upset over this expansive surveillance. Keep in mind that the House came within one tie-breaking vote of adding a warrant requirement in the reauthorization of Section 702 this year. The Make Everyone a Spy law will now be Exhibit A in making our case for warrants and against the surveillance state. The Horror … the Horror … of Federal Financial Surveillance Revealed by U.S. House ReportIn a previous blog, we reported on the use of “Suspicious Activity Reports” mandated by the Bank Secrecy Act to spy on politically disfavored groups. We also reported that the government uses these reports to force banks to close the accounts of groups ranging from a trade association to pawn shops, firearms dealers, and a former First Lady. Debanking is an easy way to silence or intimidate people and organizations. Now, thanks to a recent report from the House Judiciary Committee and its Select Subcommittee on the Weaponization of the Federal Government, it is clear that this misuse of this law is even more expansive and worse than we suspected. Congress enacted the Bank Secrecy Act (BSA) to require banks to report to the government suspicious transactions by customers that might indicate that they are linked to terrorism, human trafficking, or drug dealing. The House report reveals that the FBI “has turned this framework on its head” by issuing “requests” – authorized by no law – to demand banks spy on targeted people or organizations. In 48,000 pages of documents, House investigators could confirm only one financial institution requested legal process from the FBI for the information it was seeking. “All too often,” House investigators wrote, “the FBI appeared to receive no pushback.” They concluded: “In sum, the FBI has turned this framework on its head and contravened the Fourth Amendment’s requirement of particularity and probable cause.” While the FBI had an obligation to seek out those who beat police officers and smashed the doors and windows of the Capitol on Jan. 6, it coordinated with the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to encourage financial institutions across the country to scour their data and file Suspicious Activity Reports on Americans without any clear criminal nexus. As we reported before, Americans were targeted for going to certain stores, like Dick’s Sporting Goods or a Bass Pro Shop. A Bank Secrecy Act Advisory Group, meant to serve as an advisory body to the Treasury Department, has become a secret service unto itself. House investigators report that this advisory group “is also a tool for federal law enforcement and financial institutions to monitor the private, financial data of American citizens.” The scale of warrantless surveillance under this authority is immense. In 2023, some 25,000 federal, state, and local officials had warrantless access to data acquired under this law. In 2023, government officials ran more than 3.3 million searches of a FinCEN Query program of these reports. FinCEN reports that “472 federal, state, and local law enforcement, regulatory, and national security agencies have access to BSA reports …” And this is just one federal program monitoring Americans financial lives, which is a way of monitoring our personal, romantic, political, and religious lives as well. Reforming the Bank Secrecy Act should be at the top of the agenda for the incoming Trump Administration and the 119th Congress. Allysia Finley in The Wall Street Journal covers the widespread and growing practice of federal agencies’ using the Bank Secrecy Act to surveil and punish politically disfavored groups through “debanking.” Banks face penalties that can go into the billions of dollars if they fail to close an account for a customer who is the target of numerous “Suspicious Activity Reports” (SARs), which flag them as “high risk.” Last year, banks filed 4.6 million SARS, leading to an unknown number of customers losing their accounts. Victims include former First Lady Melania Trump, and groups targeted by some in government such as firearms dealers, payday lenders, and pawn shops. Now the provision has blocked the Blockchain Association, a trade group for the cryptocurrency industry. Barney Frank, a former Chair of the House Financial Services Committee, says that the FDIC seizes banks “to send a message to get people away from crypto.” Finley writes: “The overbreadth in bank reporting is a plus for the government, since it gives the Federal Bureau of Investigation a trove of reports to scour without a warrant. The more info it has on more bank customers, the better, even if most haven’t committed a crime. Regulators prohibit banks from notifying customers if they have filed a SAR.” Unraveling the use of the Bank Secrecy Act to compile voluminous records of Americans’ private financial activities should be high on the list for reform by the incoming Trump administration and the next Congress. Paul Atkins, Donald Trump’s nominee to head the Securities Exchange Commission, will have a chance to roll back big expansions of the federal surveillance state within his first few days on the job. Atkins can do this because outgoing SEC Chair Gary Gensler has pioneered new territory by using his agency to expand the financial surveillance of the American people without clear statutory authorization. The SEC under Gensler has made use of a program called the Consolidated Audit Trail, a database that collects not just investors’ trades, but also the personally identifiable information of 100 million U.S investors in a database run by an agency with a record of vulnerability to hackers. This surveillance is based not on a law, but on SEC’s Rule 613, which was originally meant to respond to the 2010 “flash crash.” Never one to let a crisis go to waste, Gensler expanded what was meant to be a fix to a technical glitch and instead turned it into a national surveillance program. SEC’s Rule 613 now requires self-regulatory organizations, like private stock exchanges, to collect details about private trades on a U.S. exchange. Consequently, some 3,000 federal employees have access to the confidential data of America’s private investors. The SEC under Gensler has also fined 26 financial firms almost $400 million for failing to track the private communications of their employees on their personal phones. Most financial firms already enforce policies that prohibit their employees from using their personal devices and messaging apps like WhatsApp for business. But until now, it was not the business of an employer to force employees to hand over their personal phones for inspection. Perhaps Paul Adkins, as the new SEC Chair, will work to quickly undo Gensler’s handiwork and return a modicum of financial privacy to the American people. President-elect Trump’s nominee as Treasury Secretary, Scott Bessent, has a similar chance to undo bureaucratically conjured surveillance. He can do this by ending the department’s Financial Crimes Enforcement Network’s “beneficial ownership” form, which threatens Americans with prison time and a $10,000 fine if they fail to file this form listing all the owners of their small businesses. There is a lot of warrantless surveillance conducted by the federal government that can only be changed by law, from the purchasing of Americans’ personal data by the IRS, FBI, and many other federal agencies, to the expansion of the “Make Everyone a Spy” law to enable the NSA to force millions of small businesses that provide Wi-Fi to customers to turn over the communications of their customers. Those are heavy lifts that will take considerable effort by Congressional reformers to change. But the SEC and FinCen items are low-hanging fruit. Scott Bessent and Paul Adkins should pick them as soon as possible. DOJ Hid from FISA Court that Surveillance Targets Were Members of Congress and Key Oversight Staff12/17/2024
The first reactions to a report issued last week by Department of Justice Inspector General Michael Horowitz centered on the man-bites-dog irony of the Justice Department having spied on the nominee to head the FBI, Kash Patel. The underlying story is far bigger and as significant as any other of recent surveillance scandals – Horowitz revealed that the government’s lawyers failed to inform a judge in the secret FISA Court that their applications for surveillance were to spy on Members of Congress and senior congressional aides on committees that oversee the Department of Justice. It’s as if you asked a friend if you could borrow her car to go to the store but forget to tell her that the store is in Mexico. Justice Department prosecutors showed just about that level of mendacity in 2017 when they sought communications of Members of Congress, including then-House Intelligence Committee Chairman, Rep. Adam Schiff (D-CA), and Rep. Erik Swalwell (D-CA), 20 Democratic staffers, as well as Patel and 19 other Republican staffers. The intent of the request was to reveal if there was cause-and-effect between their emails and journalists at The Washington Post, The New York Times, and CNN, who wrote stories in those outlets based on a classified leak of “Top Secret/Sensitive Compartmentalized” documents. As it turned out, no crimes or leaks were discovered. Horowitz reveals that DOJ obtained 40 Non-Disclosure Orders forcing communications providers to secretly provide the records of Members of Congress and staffers, with some of the search orders extended up to four years – even though the request involved leaks around the same time frame in 2017. Horowitz concludes:
The Justice Department’s policy did not, at that time, have an internal policy governing the compelled acquisition of congressional communication records from third-parties. Perhaps feeling the heat from outraged Members of Congress, Justice established the requirement in future applications to inform the Justice Department’s Public Integrity Section and a U.S. attorney before surveilling Members of Congress and their staffers in this way. Horowitz found that process insufficient, calling on a new policy that requires the informing of the Attorney General or the Deputy Attorney General. Concerning the surveillance of journalists, Horowitz found that the Justice Department did not comply with all of its internal provisions. For example, a committee dedicated to applications for media surveillance was not convened, as required by Justice Department policy. That policy also required informing the Director of National Intelligence, which the Justice Department did not do in at least one instance. PPSA believes the intelligence agencies are surveilling Congress in many other ways. That is why we have sued not just the Department of Justice, but also the NSA, the FBI, the CIA, and the State Department to learn if these agencies are surveilling current and former Members of Congress with oversight responsibilities over those very agencies. If the intelligence community is surveilling Members of Congress on the Intelligence and Judiciary Committees, then it is a case of the overseen overseeing the overseers. This danger is made much worse by House policies, where relatively few House staffers have security clearances that would allow them to help their bosses keep the intelligence agencies in check. We hope at a minimum that the House will widen staffer clearances, as the Senate has done, to assist in greater oversight of these agencies. We especially hope that incoming President Trump will have his people dig into the practice of surveilling Members of Congress and bring it to light. The Eyes of Luigi Mangione and a McDonald’s Employee Shortly after the vicious public murder of Brian Thompson, CEO of United Healthcare, Juliette Kayyem of Atlantic wrote a perceptive piece about the tech-savviness of the gunman, who mostly succeeded in hiding his face behind a mask and a hood. “The killer is a master of the modern surveillance environment; he understands the camera,” Kayyem wrote. “Thompson’s killer seems to accept technology as a given. Electronic surveillance didn’t deter him from committing murder in public, and he seems to have carefully considered how others might respond to his action.” At this writing, police in Pennsylvania are holding Ivy League grad Luigi Mangione as a “person of interest” in relation to the murder. Despite many media reports of incriminating details, Mangione is, of course, entitled to a presumption of innocence. But enough of the killer’s face had been shown in social media for a McDonald’s employee to call the police after seeming to recognize Mangione in those images. Whoever killed Thompson, he made a mistake – as Kayyem noted – in showing his smile while flirting with someone. This allowed a significant slice of his profile to be captured. But even when the killer was careful, his eyes and upper face were captured by a camera in a taxicab. The lesson seems to be that a professional criminal cannot fully evade what Kayyem calls a “surveillance state” made up of ubiquitous cameras. We applaud the use of this technology to track down stone-cold killers and other violent criminals. Another example: CCTV technology was put to good use in the UK in 2018 when Russian agents who tried to kill two Russian defectors with the nerve agent Novichok were identified on video. The defectors survived, but a woman who came across a perfume bottle containing the toxin sprayed it on her wrist and died. When the images of the Russian operatives surfaced, they claimed they were tourists who traveled to Salisbury, England, to see its medieval cathedral. These are, of course, excellent uses of cameras and facial recognition technology. Danger to a civil society arises when such technology is used routinely to track law-abiding civilians going about their daily tasks or engaged in peaceful protests, religious services, the practice of journalism, or some other form of ordinary business or free speech. This is why a search warrant should be required to access the saved product of such surveillance to ensure it is used for legitimate purposes – catching killers, for example – and not to spy on ordinary citizens. Far from showing that the urban networks of comprehensive surveillance are riddled with holes, recent events show that they are tighter than ever. That is a good thing, until it is not. Hence the need for safeguards, starting with the Fourth Amendment. Expansive Spy Law Even Targets Churches Breitbart recently broke a story that a few recalcitrant House Members are holding up a promised fix to what many referred to as the “Make Everyone a Spy” law. The fix regards an amendment to the reauthorization of FISA Section 702, passed in April, in which pro-surveillance advocates added a requirement that U.S. business owners who offer customers the use of their Wi-Fi and routing equipment be covered as “electronic communication service providers” under the law. This means that any business – your neighborhood fitness center, an office complex that houses journalists, political campaigns, or even a church or other house of worship, as well as a host of other establishments – would face the same requirement as large telecoms to turn over the communications of their customers, no warrant required. This was not meant to happen. As the Senate voted in April to reauthorize FISA Section 702, bipartisan furor erupted over this provision, including leading conservatives in both chambers. Sen. Mark Warner (D-VA), Chairman of the Senate Intelligence Committee, promised his colleagues that the amendment that included this expansive authority would be narrowed to include only one category of business. That category is classified but is widely believed to be data centers that provide cloud computing and storage. With this promise in hand, the Senate voted down an amendment to remove the flawed provision, and immediately passed the reauthorization of Section 702 – all in the belief that the expansive new spy power would soon be curbed. Sen. Warner was true to his word, inserting language into the Senate intelligence bill that narrows the scope of the new measure. Now, in a baffling turn of events, it is the House that is refusing to include the fix in its version of the intelligence bill. Why are some House Members insisting on keeping an authority that allows spying on churchgoers, shoppers, and office workers? Bob Goodlatte, the former chairman of the House Judiciary Committee and PPSA senior policy advisor, told Breitbart News: “This measure passed because of assurances that this insanely broad authority would be narrowed. The promise of a fix was made and accepted in good faith, but that promise is being trashed by advocates for greater surveillance of our citizens. Unless Congress reverses course, Americans’ data that runs through the Wi-Fi and servers of millions of small businesses, ranging from fitness centers to department stores, small office complexes, as well as churches and other houses of worship, will be fair game for warrantless review. This would truly transform our country into a thorough surveillance state. I can’t imagine the next Congress and new Administration would welcome that.” Surely, giving the deep state free rein to spy on Americans is not in keeping with the philosophy of the incoming Trump administration, the new Republican majority in Congress, or most Democrats. Contact your House Member and say: “Please don’t let this legislative year end without narrowing the Electronic Communication Service Provider standard. Congress must keep its promise to fix the Make Everyone a Spy Law.” Investigative journalist Ronan Farrow delves into the Pandora’s box that is Israel’s NSO Group, a company (now on a U.S. Commerce Department blacklist) that unleashes technologies that allow regimes and cartels to transform any smartphone into a comprehensive spying device. One NSO brainchild is Pegasus, the software that reports every email, text, and search performed on smartphones, while turning their cameras and microphones into 24-hour surveillance devices. It’s enough to give Orwell’s Big Brother feelings of inadequacy. Farrow covers well-tread stories he has long followed in The New Yorker, also reported by many U.S. and British journalists, and well explored in this blog. Farrow recounts the litany of crimes in which Pegasus and NSO are implicated. These include Saudi Arabia’s murder of Jamal Khashoggi, the murder of Mexican journalists by the cartels, and the surveillance of pro-independence politicians in Catalonia and their extended families by Spanish intelligence. In the latter case, Farrow turns to Toronto-based Citizen Lab to confirm that one Catalonian politician’s sister and parents were comprehensively surveilled. The parents were physicians, so Spanish intelligence also swept up the confidential information of their patients as well. While the reality portrayed by Surveilled is a familiar one to readers of this blog, it drives home the horror of NSO technology as only a documentary with high production values can do. Still, this documentary could have been better. The show is marred by too many reaction shots of Farrow, who frequently mugs for the camera. It also left unasked follow-up questions of Rep. Jim Himes (D-CT), Ranking Member of the House Intelligence Committee. In his sit-down with Farrow, Himes made the case that U.S. agencies need to have copies of Pegasus and similar technologies, if only to understand the capabilities of bad actors like Russia and North Korea. Fair point. But Rep. Himes seems oblivious to the dangers of such a comprehensive spyware in domestic surveillance. Rep. Himes says he is not aware of Pegasus being used domestically. It was deployed by Rwandan spies to surveil the phone of U.S. resident Carine Kanimba in her meetings with the U.S. State Department. Kanimba was looking for ways to liberate her father, settled in San Antonio, who was lured onto a plane while abroad and kidnapped by Rwandan authorities. Rep. Himes says he would want the FBI to have Pegasus at its fingertips in case one of his own daughters were kidnapped. Even civil libertarians agree there should be exceptions for such “exigent” and emergency circumstances in which even a warrant requirement should not slow down investigators. The FBI can already track cellphones and the movements of their owners. If the FBI were to deploy Pegasus, however, it would give the bureau redundant and immense power to video record Americans in their private moments, as well as to record audio of their conversations. Rep. Himes is unfazed. When Farrow asks how Pegasus should be used domestically, Rep. Himes replies that we should “do the hard work of assessing that law enforcement uses it consistent with our civil liberties.” He also spoke of “guardrails” that might be needed for such technology. Such a guardrail, however, already exists. It is called the Fourth Amendment of the Constitution, which mandates the use of probable cause warrants before the government can surveil the American people. But even with probable cause, Pegasus is too robust a spy tool to trust the FBI to use domestically. The whole NSO-Pegasus saga is just one part of much bigger story in which privacy has been eroded. Federal agencies, ranging from the FBI to IRS and Homeland Security, purchase the most intimate and personal digital data of Americans from third-party data brokers, and review it without warrants. Congress is even poised to renege on a deal to narrow the definition of an “electronic communications service provider,” making any office complex, fitness facility, or house of worship that offers Wi-Fi connections to be obligated to secretly turn over Americans’ communications without a warrant. The sad reality is that Surveilled only touches on one of many crises in the destruction of Americans’ privacy. Perhaps HBO should consider making this a series. They would never run out of material. A public report from the secret Foreign Intelligence Surveillance Court (FISC) gives the intelligence community a mixed review, noting progress in meeting its own internal quality standards while revealing violations and abuses as well. The court reviewed compliance by the FBI, NSA, and CIA with “minimization” and “querying” procedures under Section 702 of the Foreign Intelligence Surveillance Act (FISA), which authorizes spying on foreign targets located on foreign soil. In plain English, minimization means restricting access to the private data or communications of Americans that are caught up in the NSA’s global trawl, which frequently collects non-pertinent conversations that lack intelligence or evidentiary value. Querying standards direct agents to use precise search terms in an effort to avoid capturing Americans’ communications. Throughout, the government purports to earnestly verify the “foreign-ness” of a target.
Given that the court previously revealed that past queries violated the privacy of a U.S. Senator, a U.S. House Member, 19,000 donors to a federal candidate, a state senator, and a state judge, even small numbers could be hiding a lot. However tight the querying standard, warrantless searches can also still be used by the FBI to develop evidence for purely domestic cases, a source that might not be disclosed in open court.
As one moves through this report into NSA and CIA activities, the redactions often fill half a page.
In sum, the FISC report signed by federal judge Anthony J. Trenga gives us a glimpse of a federal intelligence bureaucracy struggling to comply with the law and its own standards, while still suffering from lapses too serious to paper over. An extreme measure that would give future U.S. Treasury Secretaries unprecedented authority to shut down non-profit, advocacy organizations remains a live option in Congress. The “Stop Terror-Financing and Tax Penalties on American Hostages Act,” HR 9495, failed to pass the House last week. But it maintains momentum due to a little sweetener that is widely popular – a commendable side measure to offer tax relief to Americans held hostage in foreign countries. The main part of the bill would grant future U.S. Treasury Secretaries power to use secret surveillance to declare a tax-exempt, non-profit advocacy organization a supporter of foreign terrorism, and shut it down. This provision, in essence, does one thing – it removes due process from existing law that allows the government to crack down on supporters of terrorist organizations. CRS reports that the IRS is already empowered to revoke the tax-exempt status of charitable organizations that provide material support to terrorist organizations, a power it has used. But current law also requires IRS to conduct a painstaking examination of the charge before issuing a revocation. It gives groups the ability to answer charges and to appeal decisions. But the “Stop Terror-Financing” bill would give targeted organizations a 90-day window to challenge the designation, while giving them no access to the underlying evidence behind the determination. An organization could challenge the designation in court but might not be able to access the charges against it due to the state secrets doctrine. In the meantime, being designated a terrorist-affiliate would be a death penalty for any organization and its ability to attract donors. “The entire process is run at the sole discretion of the Secretary of the Treasury,” Kia Hamadanchy of the American Civil Liberties Union told the media. “So you could have your nonprofit status revoked before you ever have a chance to have a hearing.” The latest attempt to pass this measure failed to reach a two-thirds majority needed to pass, with 144 Democrats and one Republican voting against it. Democrats were buoyed by a Who’s Who of liberal organizations, ranging from the ACLU to Planned Parenthood and the Brennan Center for Justice, that denounced the bill. Not surprisingly, pro-Palestinian groups were united in opposition as well. But Republicans and conservatives would be well advised to consider the principled opposition to the bill by Rep. Thomas Massie (R-Ky). He surely appreciates that this power, once created, could be used by future administrations against nonprofits of all sorts. Could a conservative organization be targeted as a supporter of terrorism for advocating, for example, a settlement with Russia (certainly a state sponsor of terror) in its war against Ukraine? Conservative principles and an adherence to the Constitution should begin with the notion that the government should not have the unilateral right to shut down the speech of advocacy organizations on the basis of secret evidence from surveillance, even if you despise what they advocate. Conservatives would also be well-advised to consider not how this law would be used in the near future, but by future administrations. Have they forgotten Lois Lerner and the attempt to use tax law to shut down conservative advocacy groups? “We don’t need to worry about alien terrorists,” Lerner wrote in an email justifying her actions against right-leaning organizations. “It’s our own crazies that will take us down.” Conservatives should be wary. This bill creates a weapon that can be aimed in any direction. The election may have shaken Washington, D.C., like a snow globe in the grip of a paint mixer, but the current Congress still has important business for the lame duck session. For anyone who cares about privacy in this age of surveillance, issue one has to be whether or not Congress will retain the promised fix to what so many call the “make everyone a spy” provision in the National Defense Authorization Act (NDAA). This story goes back to April, when the House Permanent Select Committee on Intelligence slipped into the reauthorization of FISA Section 702 (which authorizes foreign intelligence) a measure to allow the government to secretly enlist almost every kind of U.S. business to spy on their customers. In response to the outcry, carveouts were made that exempted coffee shops, hotels, and a few other business categories. But most businesses – ranging from gyms to dentists’ offices, to commercial landlords with tenants that could include political campaigns or journalists – are required to turn over their customers’ communications that run on ordinary Wi-Fi systems. It is widely believed that this legislation was aimed at cloud computing facilities, which were not previously covered by the relevant law. When the Senate took up reauthorization of Section 702, Intelligence Committee Chairman Mark Warner (D-VA) admitted to his colleagues that the new measure was overbroad, and that he would craft new legislation to fix it. Sen. Warner kept his word and crafted legislation to narrow the provision. Although the nature of this fix is classified, it is widely believed to limit this new surveillance power to cloud computing facilities. The House Intelligence Committee, however, did not adopt that fix. We hear that behind-the-scenes negotiations are taking place, but we cannot report exactly who might be blocking it or why. Suffice it to say that it is far from clear that Congress will ultimately adopt Sen. Warner’s fix. PPSA calls on Speaker Mike Johnson and Senate Minority Leader Mitch McConnell to make it clear that the NDAA will include a provision to narrow the scope of this extreme provision. We must not give the FBI and other government agencies warrantless access to practically all communications that run through any kind of equipment operated by almost any kind of business. Allowing the current law to remain unfixed and unreformed would be a terrible punch in the gut to the American people and the new Congress. The 119th Congress has many surveillance debates scheduled, including one over the reauthorization of Section 702 itself in 2026 – which passed the House with the breaking of a tie vote. It would be a mistake to saddle the new Republican majority and the incoming Trump administration with a broken promise. If you do not change direction, an ancient Chinese philosopher wrote, you might wind up where you were heading. Where we are heading is a U.S. House of Representatives that is charged by the Constitution with oversight of the executive branch intelligence community (IC), but in fact is a supervisor being overseen by the supervised. Since 2020, PPSA has used every legal avenue from Freedom of Information Act requests to lawsuits to press the IC – the Department of Justice, the FBI, the Office of the Director of National Intelligence, the National Security Agency, and the Department of State – to provide records concerning the possible surveillance of 48 Members of Congress on committees of jurisdiction that oversee the intelligence community. We’ve reported on court revelations of warrantless intrusion into the personal communications or data of Rep. Darin LaHood (R-Ill), an unnamed U.S. senator, a state senator, and a state judge. When faced with queries and exposure, the government resorts to obfuscation and delaying tactics. Even when it is Congress that is doing the overseeing, attempts to understand intelligence operations often amount to howling in the wind. Agencies sometimes don’t answer congressional queries with substantive responses, if they even bother to reply at all. The House of Representatives can address this upside-down oversight scheme with one simple stroke. The House Rules Committee will soon craft the new rules by which that body will deliberate during the 119th Congress. We call on the Rules Committee to adopt a new rule to allow every House Member to choose one staffer to be eligible for a Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance. Oversight falters because only a few Members have staffers with such clearances. Members without cleared staff are unable to ignore their other duties to spend long hours in a secure compartment leafing through hundreds of pages of classified reports. Without making cleared congressional aides eligible for TS/SCI clearances, most Members – even those serving on oversight committees like the House Judiciary Committee – will continue to lack a basic understanding of current intelligence agency practices. Worse, among the staffers who are cleared, some are “detailees” from the very agencies they are helping their Members to oversee. Defenders of the status quo will argue that expanding clearances in the House is a prohibitively dangerous idea. That assertion is laughable. The intelligence community itself extends an estimated 1.2 million top-secret security clearances to federal government employees and consultants. A few hundred more clearances for aides vetted by the FBI and serving Members accountable to the public would be a tiny addition to the current army of Americans with TS/SCI clearance. The Senate shows the House it doesn’t have to accept being supervised by the IC. In 2021, Senate Majority Leader Chuck Schumer took the bold step of allowing one top secret/sensitive clearance to be available for one personal aide per senator. The House can do the same. All that is needed to enhance House oversight is to make wider access to clearances part of the House Rules package for the 119th Congress that begins in January. Go here to call or email and tell your U.S. House Representative – “Please support a new House rule that allows every House Member to have one staffer eligible for TS/SCI security clearance.” Why Signal Refuses to Give Government Backdoor Access to Americans’ Encrypted Communications11/4/2024
Signal is an instant messenger app operated by a non-profit to enable private conversations between users protected by end-to-end encryption. Governments hate that. From Australia, to Canada, to the EU, to the United States, democratic governments are exerting ever-greater pressure on companies like Telegram and Signal to give them backdoor entry into the private communications of their users. So far, these instant messaging companies don’t have access to users’ messages, chat lists, groups, contacts, stickers, profile names or avatars. If served with a probable cause warrant, these tech companies couldn’t respond if they wanted to. The Department of Justice under both Republican and Democratic administrations continue to press for backdoors to breach the privacy of these communications, citing the threat of terrorism and human trafficking as the reason. What could be wrong with that? In 2020, Martin Kaste of NPR told listeners that “as most computer scientists will tell you, when you build a secret way into an encrypted system for the good guys, it ends up getting hacked by the bad guys.” Kaste’s statement turned out to be prescient. AT&T, Verizon and other communications carriers complied with U.S. government requests and placed backdoors on their services. As a result, a Chinese hacking group with the moniker Salt Typhoon found a way to exploit these points of entry into America’s broadband networks. In September, U.S. intelligence revealed that China gained access through these backdoors to enact surveillance on American internet traffic and data of millions of Americans and U.S. businesses of all sizes. The consequences of this attack are still being evaluated, but they are already regarded as among of the most catastrophic breaches in U.S. history. There are more than just purely practical reasons for supporting encryption. Meredith Whittaker, president of Signal, delves into the deeper philosophical issues of what society would be like if there were no private communications at all in a talk with Robert Safian, former editor-in-chief of Fast Company. “For hundreds of thousands of years of human history, the norm for communicating with each other, with the people we loved, with the people we dealt with, with our world, was privacy,” Whittaker told Safian in a podcast. “We walk down the street, we’re having a conversation. We don’t assume that’s going into some database owned by a company in Mountain View.” Today, moreover, the company in Mountain View transfers the data to a data broker, who then sells it – including your search history, communications and other private information – to about a dozen federal agencies that can hold and access your information without a warrant. When it comes to our expectations of privacy, we are like the proverbial frogs being boiled by degrees. Whittaker says that this is a “trend that really has crept up in the last 20, 30 years without, I believe, clear social consent that a handful of private companies somehow have access to more intimate data and dossiers about all of us than has ever existed in human history.” Whittaker says that Signal is “rebuilding the stack to show” that the internet doesn’t have to operate this way. She concludes we don’t have to “demonize private activity while valorizing centralized surveillance in a way that’s often not critical.” We’re glad that a few stalwart tech companies, from Apple and its iPhone to Signal, refuse to cave on encryption. And we hope there are more, not fewer, such companies in the near future that refuse to expose their customers to hackers and government snooping. “We don’t want to be a single pine tree in the desert,” Whittaker says, adding she wants to “rewild that desert so a lot of pine trees can grow.” The CFPB Curbs Worker Surveillance – Will the Government Live Up to Its Own Privacy Standards?10/31/2024
The Consumer Financial Protection Bureau (CFPB) is warning businesses that use of “black-box AI” or algorithmic scores about workers must be consistent with the rules of the Fair Credit Reporting Act. This means employers must obtain workers’ consent, provide transparency when data is used for an adverse decision, and make sure that workers have a chance to dispute inaccurate reports. That’s a good move for privacy, as far as it goes. The problem is, it doesn’t go nearly far enough because the federal government doesn’t impose these same standards on itself. First, PPSA agrees with the tightening of employers’ use of digital dossiers and AI monitoring. Whenever someone applies for a job, the prospective employer will usually perform a search about them on a common background-check site. It is not surprising that businesses want to know about applicants’ credit histories, to check on their reliability and conscientiousness, and if they have a possible criminal past. But third-party consumer reports offer much more than those obvious background checks. Some sites, for example, are used to predict the likelihood that you might favor union membership. More invasive still are apps that many employers are requiring new employees to install on personal phones to monitor their conduct and assess their performance. The decision to reassign employees, promote or demote them, or fire them are coming from automated systems, decisions made by machines that often lack context or key information. Federal agencies, from the CFPB to the Federal Trade Commission, have not been shy about calling out privacy violations like these of some businesses for years now. Too bad our government cannot live up to its own high standards. The government freely acknowledges that a dozen agencies – ranging from the FBI to the IRS, Department of Homeland Security, and the Pentagon – routinely buy the most intimate and personal data of Americans scraped from our apps and sold by shadowy data brokers. The data the government collects on us is far more extensive than anything a commercial data aggregator could find. The government can track our web browsing, those we communicate with, what we search for online, and our geolocation histories. This is far more invasive and intrusive than anything private businesses are doing in screening applicants and monitoring employees. Worse, the government observes no obligation to reveal how this data might be used to compile evidence against a criminal defendant in a courtroom, or if agencies are using purchased data to create dossiers on Americans to predict their future behavior. There is no equivalent of the Fair Credit Reporting Act when it comes to the government’s use of our data. But there is the Fourth Amendment Is Not For Sale Act, a bill that would require the government to obtain a probable cause warrant – as required by the Constitution – before inspecting our digital lives. The Fourth Amendment Is Not For Sale Act passed the House this year and awaits action in the U.S. Senate. Passing it in the coming lame-duck session would be one way to remove the hypocrisy of the federal government on the digital surveillance of American workers, consumers, and citizens. We’re all resigned to the need to go through security at high-profile sporting and cultural events, just as we do at the airport. The American Civil Liberties Union is raising the question – will that level of scrutiny be the new normal at the mall, at open-air tourist attractions, outdoor concerts, and just plain walking around town? The Department of Homeland Security (DHS) is investing in research and development to “assess soft targets and address security gaps” with new technology to track people in public places. It is funding SENTRY, the Soft Target Engineering to Neutralize the Threat Reality. SENTRY will combine artificial intelligence from the “integration of data from multiple sources,” which no doubt will include facial recognition scans of everyone in a given area to give them a “threat assessment.” We do not dismiss DHS’s concern. The world has no lack of violent people and our country is full of soft targets. Just hark back to the deranged shooter in 2017 who turned the Route 91 Harvest music festival in Las Vegas into a shooting gallery. He killed 60 people and wounded more than 400. A similar act by a terrorist backed by a malevolent state could inflict even greater casualties. But we agree with ACLU’s concern that such intense inspection of Americans going about their daily business could lead to the “airportization” of America, in which we are always in a high-security zone whenever we gather. ACLU writes that “security technology does not operate itself; people will be subject to the petty authority of some martinet guards who are constantly stopping them based on some AI-generated flag of suspicion.” We would add another concern. Could SENTRY be misused, just as FISA Section 702 and other surveillance authorities have been misused? What is to keep the government from accessing SENTRY data for warrantless political surveillance, whether against protestors or disfavored groups targeted by biased FBI agents? If this technology is to be deployed, guardrails are needed. PPSA seconds ACLU’s comment to the watchdog agency, the Privacy and Civil Liberties Oversight Board (PCLOB), that asks it to investigate AI-based programs as they develop. Congress should watch the results of PCLOB’s efforts and follow up with legal guardrails to prevent the misuse of SENTRY and similar technologies. Supreme Court Justice Oliver Wendell Holmes observed that anyone “who respects the spirit as well as the letter of the Fourth Amendment would be loath to believe that Congress intended to authorize one of its subordinate agencies to sweep all our traditions into the fire to direct fishing expeditions into private papers on the possibility that they may disclose evidence of crime.” A century after Justice Holmes delivered that warning, the U.S. Securities and Exchange Commission is doing just that. This agency is methodically sweeping all our traditions into the fire to direct fishing expeditions that treat every investor as a criminal suspect. The good news is that the constitutionality of the SEC’s program is on trial in a case now before a federal judge in Waco, Texas. Here’s the background: Historically, when the SEC has suspected someone of insider trading, it had to issue an investigative subpoena. Then in 2010, the market suffered the “flash crash” – a trillion-dollar decline caused by technical glitches that lasted for 36 minutes. The SEC responded to this technical glitch by proposing Rule 613, which established the Consolidated Audit Trail (CAT), a database that collects not just investors’ trades, but also their privately identifiable information. This “solution” had nothing to do with the crash, but it perfectly illustrates former Chicago Mayor Rahm Emmanuel’s dictum that “you never want a serious crisis to go to waste.” Rule 613 requires self-regulatory organizations, like private stock exchanges, to collect every detail about trades in securities on a U.S. exchange. It also includes confidential data on more than 100 million private investors, making it the largest database outside of the National Security Agency. This database includes investors’ names, dates of birth, taxpayer identification numbers, Social Security numbers, and more. Now two Texas investors, in affiliation with the National Center for Public Policy Research, are suing the SEC for this massive violation of privacy. Their lawsuit, represented by the New Civil Liberties Alliance, could be required reading for law students seeking to understand the application of our constitutional rights, beginning with the Fourth Amendment. This lawsuit makes the case:
The lawsuit makes a convincing case that the U.S. Supreme Court’s 2018 Carpenter decision – which held that the government violates the Fourth Amendment whenever it seeks a suspect’s cellphone location history without a warrant – should make this case against CAT a slam-dunk. After all, the plaintiffs assert that unlike the issue in Carpenter, “with Rule 613 SEC does not need an investigative predicate, much less a court order, to obtain and analyze private information, nor is the information limited to any particular person or time frame.” Even if a federal judge declares CAT to be unconstitutional, however, it will only strike down one of many intrusive violations of Americans’ financial privacy by federal agencies. These include a new requirement of all business owners to file “beneficial ownership” forms, for which any American business owner can face two years in prison for a clerical mistake, and the U.S. Treasury’s Financial Crimes Enforcement Networks snooping into Americans’ financial transactions with the coerced cooperation of 650 private financial institutions. Once the election is over, Congress should pass the “Protecting Investors' Personally Identifiable Information Act,” introduced by Sen. John Kennedy, (R-LA), and Rep. Barry Loudermilk, (R-Ga.), which would allow the SEC to obtain personally identifiable information only by requesting it on a case-by-case basis. As the risks of the SEC’s reckless program become clearer, more Members of Congress should embrace another Holmes dictum: “State interference is an evil, where it cannot be shown to be a good.” The Securities and Exchange Commission is tracking the 61 percent of Americans who buy and sell stocks, from the trades they make to their personal identifying information. Some 3,000 SEC bureaucrats now have ready access to this database containing every single stock in the United States in a database called the Consolidated Audit Trail. Marc Wheat of Advancing American Freedom in The Washington Examiner writes: “The database is a disaster for the privacy of millions of people. In terms of the amount of information collected, only the National Security Agency’s data-collection program is larger, and that database is not focused on people. What is worse, these types of databases are not secure. In 2016, hackers made off with over $4 million by trading on at least 157 nonpublic earnings releases from the SEC’s very own Electronic Data Gathering, Analysis, and Retrieval system. “A commission that cannot protect a filing system that processes 1.7 million filings every year cannot be trusted to maintain the security of what will likely become a 100 million data point database. It is only a matter of time before it is breached, leaking people’s personal information to nefarious actors.” Police Chief: “A Nice Curtain of Technology”We’ve long followed the threat to privacy from the proliferation of automated license plate readers (ALPRs). Now the Institute for Justice has filed a lawsuit against the Norfolk, Virginia, police department for its use of this Orwellian technology. More than 5,000 communities across the country have installed the most popular ALPR brand, Flock, which records and keeps the daily movements of American citizens driving in their cars. Norfolk is an enthusiastic adopter of Flock technology, with a network of 172 advanced cameras that make it impossible for citizens to go anywhere in their city without being followed and recorded. Flock applies artificial intelligence software to its national database of billions of images, adding advanced search and intelligence functions. “This sort of tracking that would have taken days of effort, multiple officers, and significant resources just a decade ago now takes just a few mouse clicks,” the Institute for Justice tells a federal court in its lawsuit. “City officers can output a list of locations a car has been seen, create lists of cars that visited specific locations, and even track cars that are often seen together.” No wonder the Norfolk police chief calls Flock’s network “a nice curtain of technology.” The Institute for Justice has a different characterization, calling this network “172 unblinking eyes.” Americans are used to the idea of being occasionally spotted by a friend or neighbor while on the road, but no one expects to have every mile of one’s daily movements imaged and recorded. The nefarious nature of this technology is revealed in the concerns of the two Norfolk-area plaintiffs named in the lawsuit.
“If the Flock cameras record Lee going straight through the intersection outside his neighborhood, for example, the NPD (Norfolk Police Department) can infer that he is going to his daughter’s school. If the cameras capture him turning right, the NPD can infer that he is going to the shooting range. If the cameras capture him turning left, the NPD can infer that he is going to the grocery store […] “Lee finds all of this deeply intrusive. Even if ordinary people see him out and about from time to time, Lee does not expect and does not want people – much less government officials – tracking his every movement over 30 days or more and analyzing that data the way the Flock cameras allow the NPD and other Flock users to do.”
“As a healthcare worker, Crystal is legally and ethically required to protect her clients’ privacy,” the filing states. “She also understands that her clients expect her to maintain their confidentiality … If she failed to live up to those expectations, her business would suffer.” Both plaintiffs are concerned another Flock user, perhaps a commercial entity, might misuse the records of their movements. They are also worried about “the potential that Defendants, Flock users, or third-party hackers could misuse her information.” No warrants or permissions are needed for Norfolk officers to freely access the system. The Institute for Justice was shrewd in its selection of venues. Norfolk is in the jurisdiction of the federal Fourth Circuit Court of Appeals, which in 2021 struck down the use of drone images over the city in a case called Beautiful Struggle v. Baltimore Police Department. “The Beautiful Struggle opinion was about a relatively, comparatively, crude system, just a drone that was flying in the air for 12 hours a day that at most had a couple of pixels that made it hard to identify anyone,” Institute for Justice attorney Robert Frommer told 404 Media. “By contrast, anyone with the Flock cameras has a crystal-clear record of your car, a digital fingerprint that can track anywhere you go. The police chief even said you can’t really go anywhere in Norfolk without being caught by one of these cameras.” The consistent principle from the Fourth Circuit’s precedent should make it clear, in the words of the Institute for Justice, that tracking a driver “to church, to a doctor’s office, to a drug-abuse treatment clinic, to a political protest,” is unconstitutional. The intelligence community’s disregard for solemnly made pledges reminds us of the hit song by the ‘80s new wave band Naked Eyes: “You made me promises promises/ Knowing I'd believe …” Forgive the Boomer reference, but the failure of the intelligence community to live up to its promises is also a golden oldie. For example, in 2017, Dan Coats was asked in a Congressional hearing if he would, if confirmed as Director of National Intelligence, provide public estimates of the number of people inside the United States with communications “incidentally” collected by National Security Agency surveillance. Coats said he would “do everything I can” to work with the head of the NSA “to get you that number.” That pledge was followed up by NSA Deputy Director Richard Ledgett to provide an estimate by the end of that year. This would have been important information for the reauthorization of FISA Section 702 in 2018, as well as congressional debate and reauthorization of this same authority this year. Section 702 allows the NSA to scour global networks in search of the communications of foreign spies and terrorists. Given the interconnected nature of global communications, surveillance technology cannot help but also collect the private communications of Americans at home, potentially violating the Fourth Amendment. Having a ballpark estimate of how many Americans have had their privacy rights implicated by federal surveillance would be very useful guidance for congressional oversight of the intelligence agencies. Yet, Director Coats and the NSA backtracked. Their estimates never came. Their excuse was that separating Americans from this global trawl would be too impractical, somewhat like counting all the krill picked up in a large fishing net. But this argument, to strain a metaphor, doesn’t hold water. The watchdog Privacy and Civil Liberties Board made it clear in 2023 that in order to comply with the Constitution’s Fourth Amendment, as well as directives from the Foreign Intelligence Surveillance Court (FISC), the NSA already filters out domestic communications in its programs. In 2022, Princeton researchers published a methodology for a rough estimate of how many people in the United States have their communications caught up under programs authorized by Section 702. Under such partial proxies, Congress could at least have some idea of how many Americans have their communications captured by their government. Beyond ballpark numbers, Congress needs to know how government agencies – the FBI in particular – might be using Americans’ personal information gleaned from Section 702 programs for warrantless domestic surveillance. Despite solemn promises by the champions of the intelligence community that this never happens, the FISC Court revealed that such surveillance has been used by the FBI in ordinary domestic cases – evidence against American citizens that is never revealed in court. Frustrated by the government’s many broken promises, PPSA joined with Restore The Fourth and 22 other civil liberties organizations across the ideological spectrum – ranging from the American Civil Liberties Union to Americans for Prosperity – to send a letter to the directors of national intelligence and NSA. We demand access to numbers that the government clearly has and pledged to Congress to provide. Director of National Intelligence Avril Haines and NSA Director Gen. Timothy Haugh would be well advised not to toss this one into the round file. The reauthorization of Section 702 passed by one tie-breaking vote in the House this year. If the government once again fails to keep its promise, it will not augur well for the next reauthorization of Section 702 on the legislative calendar for 2026. |
Categories
All
|