How the Post Office Spies on Your Mail
A bipartisan letter from eight U.S. senators to the Chief Postal Inspector brings to light the extent to which the U.S. government is spying on us through our mail. Digital scanning, and no doubt AI, have revived the relevance of pen and paper privacy concerns that led the Founders to craft the Fourth Amendment.
This surveillance involves “metadata,” a record of communications that typically refers to digital communications in the form of emails, instant messaging, and phone calls. Without delving into the content of a message, metadata can yield a surprisingly robust portrait of a target’s most sensitive and personal information. A Stanford University study of the phone records of 800 volunteers revealed who had an abortion, who was diagnosed with a neurological ailment, and who had purchased a firearm.
Courts recognize this power of metadata in the digital realm, requiring a judicial order before a government agency can monitor Americans’ metadata (although, like many such rules, it is sometimes more honored in the breach). But no such rules restrict the government from taking vast numbers of images of mail envelopes.
Such images are called “mail covers.” No court order is required for a federal agent to obtain your mail covers, just a request in writing to the U.S. Postal Inspection Service. Postal inspectors and law enforcement agencies had requested more than 135,000 mail covers between 2010-2014. There is no telling how many they request today.
Government audits reveal that the top agencies asking for mail covers were the IRS, the FBI, the Drug Enforcement Administration, and the Department of Homeland Security. This is a well-worn path. As the senators note, Thomas Jefferson, worried about “the infidelities of the post office,” had worked out early encryption technology for his correspondence with James Madison. The senators added: “While encryption technology has come a long way since then, and is now built into widely used mobile messaging apps, postal communications remain just as vulnerable to warrantless surveillance as they were in the 1700s.”
There are more modern examples of mass abuse of postal privacy. The Senate’s Church Committee revealed in 1976 that the CIA had photographed the exteriors of over two million pieces of mail and opened hundreds of thousands of letters. The FBI’s mass surveillance of the mail goes back to the 1940s.
PPSA supports the demand of these senators to harmonize the rules that govern postal metadata with those that govern digital metadata. We support their call to postal authorities that they “should, except in emergencies, only conduct mail covers when a federal judge has approved this surveillance.”
Meanwhile, be careful what you scribble on the back of an envelope.
COURT BOMBSHELL: FBI Improperly Used Section 702 Against Left, Right and 19,000 Political Donors
Total of 278,000 Searches of Americans
The FBI just completed one of the worst weeks in its history.
On Monday, Special Counsel John Durham came out with a detailed and scathing report that showed unmistakable bias by the FBI in using discredited allegations, paid for by a political campaign, to hoodwink the secret Foreign Intelligence Surveillance Court into allowing the agency to investigate presidential candidate Donald Trump. While the Durham report has been generally dismissed by major media and most on the left (with some notable exceptions), Republicans are hopping mad.
Now an unsealed court document shows that the FBI illicitly used Section 702 of FISA more than 278,000 times to delve into data meant to authorize the surveillance of foreigners on foreign soil – and Americans who “incidentally” get caught up in communications with those targeted foreigners.
Who were the FBI’s targets? They included activists arrested protesting the police killing of George Floyd. The FBI freely dipped into Section 702 to search the communications and digital trails of 133 people – presumably all Americans – for George Floyd-related demonstrations. Redactions make it unclear what, if any, nexus to foreign influence the FBI was looking for.
But wait, as they say in the ShamWow commercial, there’s more!
This same authority was used to run queries on 23,132 Americans to see if their presence at the Jan. 6, 2021, U.S. Capitol riot had any connection to foreign influence. The release from FISA Court Judge Rudolph Contreras stated that there was no reason to believe foreign powers were involved.
The FBI conducted 656 queries of FISA information to do background checks on informants. Between 2016 and 2020, the FBI also used this foreign intelligence authority to conduct background searches on “police homicide reports, including victims, next-of-kin, witnesses, and suspects.”
Remember, this is an authority designed by Congress to catch foreign terrorists and spies.
Finally, the FBI conducted a batch query of 19,000 donors to a congressional campaign believed to be a target of foreign influence. Only eight identifiers had sufficient ties to “foreign influence activities” to meet FISA standards.
While expressing relief at recent procedural changes at the FBI, Judge Contreras wrote: “Nonetheless, compliance problems with querying of Section 702 information have proven to be persistent and widespread. If they are not substantially mitigated by these recent measures, it may become necessary to consider other responses, such as substantially limiting the number of FBI personnel with access to unminimized Section 702 information.”
Or Congress could just reform Section 702 to require warrants whenever the communications of Americans are searched. Alienated conservatives, progressives and civil libertarians, and their champions on the Hill now have more than enough reason to make it happen.
Jim Jordan (R-OH), Chairman of the House Judiciary Committee, tweeted in response to this Friday afternoon revelation: “Chris Wray told us we can sleep well at night because of the FBI’s so-called FISA reforms. But it just keeps getting worse.”
Ranking Member Rep. Jerry Nadler (D-NY) put out a statement: “The FBI says that they have instituted new procedures to make this kind of abuse impossible. They have made that promise before. Without significant changes to the law to prevent this abuse, I will oppose the reauthorization of this authority.”
It looks like the stars are aligning for Section 702 reform this year.
Credit to the Department of Justice for a voluminous response to our Freedom of Information Act (FOIA) request. Our request concerned the use of stingrays, or cell-site simulators, by that department and its agencies. Out of more than 1,000 pages in DOJ’s response, we’ve found a few gems. Perhaps you can find your own.
Review our digest of this document here, and the source document here.
The original FOIA request concerned DOJ policies on cell-site simulators, commonly known by the commercial brand name “stingrays.” These devices mimic cell towers to extract location and other highly personal information from your smartphone.
The DOJ FOIA response shows that the FBI in 2021 invested $16.1 million in these cell-site simulators (p. 209) in part to ensure they “are capable of operating against evolving wireless communications.” The bureau also asked for $13 million for “communications intercept resources.” This includes support for the Sensitive Investigations Unit’s work in El Salvador (p. 111).
On the policy side, we’ve reported that some federal agencies, such as the Bureau of Alcohol, Tobacco, Firearms and Explosives, maintain that stingrays are not GPS location identifiers for people with cellphones. This is technically true. Stingrays do not download location data or function as GPS locators. But this is too clever by half. Included in this release is an Obama-era statement by former Department of Justice official Sally Yates that undermines this federal claim by stating: “Law enforcement agents can use cell-site simulators to help locate cellular devices whose unique identifiers are known …” (p. 17)
This release gives an idea of how versatile stingrays have become. The U.S. Marshals Service (p. 977) reveals that it operates cell-site simulators and passive wireless collection sensors to specifically locate devices inside multi-dwelling buildings.
Other details sprinkled throughout this release concern other, more exotic forms of domestic surveillance.
For example, the U.S. Marshals Service Service has access to seven aircraft located around the country armed with “a unique combination of USMS ELSUR suite, high resolution video surveillance capability … proven to be the most successful law enforcement package” (p.881-883).
A surveillance software, “Dark HunTor,” exposes user data from Tor, the browser meant to make searches anonymous, as well as from dark web searches for information. (p. 105) In addition, the U.S. Marshals Service Service “has created the Open-Source Intelligence Unit (OSINT) to proactively review and research social media content. OSINT identifies threats and situations of concern that may be currently undetected through traditional investigative methods. Analyzing public discourse on social media, its spread (‘likes,’ comments, and shares), and the target audience, the USMS can effectively manage its resources appropriate to the identified threats.” (p. 931)
The DOJ release also includes details on biometric devices, from facial recognition software to other biometric identifiers, (p.353), as well as more than $10 million for “DNA Capability Expansion” (p.365).
Is that all? Feel free to look for yourself.
Friday’s government report on surveillance from the Office of the Director of National Intelligence (ODNI) shows that the number of times the FBI searched for Americans’ data in the Section 702 database fell by 95 percent from 2021 to 2022.
This proves, the FBI claims, that its “culture of compliance” and reformation of its internal processes are working. Agents must now affirmatively opt-in to Section 702, whereas before, the FBI says, they could bumble into using Section 702 data without fully realizing it.
In terms of raw numbers, the FBI searched the Section 702 database almost 120,000 times last year, down from around 3 million such searches in 2021. And almost all of those 120,000 queries were to seek out connections between Americans’ communications and foreign spies and security threats. Slightly different definitions yield 200,000 as the number of such queries, but still a significant drop from 3 million.
Civil liberties advocates and their champions on the Hill are not impressed.
As Congress faces the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act, Members from both parties continue to insist that statutory reforms be made in Section 702 to compel FBI compliance with the Fourth Amendment requirement for a probable cause warrant.
The FBI has been caught in the past using these surveillance tools for purely domestic crimes, ranging from bribery to health care fraud, that clearly should have required a warrant. FBI agents have delved into Section 702-derived information to do background checks on journalists, community leaders, religious communities, and activists, and at least one Member of Congress, Rep. Darin LaHood (R-Ill).
Perhaps this explains why Rep. LaHood, with House Permanent Select Committee on Intelligence Chairman Rep. Mike Turner (R-OH), issued a cool response to the ODNI report:
“While there was a sharp decline in U.S. person queries from December 2021 to November 2022, it is incumbent upon Congress, not the Executive Branch, to codify reforms to FISA Section 702.”
Translation: FBI, we still don’t trust you – Congress is going to have to enact rules to make you adhere to the Fourth Amendment’s requirement for a probable cause warrant.
It’s easy to see why. If the FBI’s programmatic change to opt-in is what made the difference, then either the great majority of queries before changes were made to the FBI system were unlawful – likely many millions of unlawful searches – or the FBI is willing to forgo a huge number of lawful queries for the sake of compliance. If you buy the FBI’s arguments, they are doing this despite the bureau’s often dire warnings that any pullback would result in massive risks to national security and public safety.
So which is it?
“Is 200,000 warrantless queries better than 3.4 million warrantless queries?” Elizabeth Goitein of the Brennan Center for Justice’s liberty and national security program told The Washington Post. “When you ask the question, you get a sense of how warped the universe we’re in is – that somehow 200,000 warrantless searches a year are an acceptable number.”
We add that it’s as if the residents of cities the size of Montgomery, Alabama, or Tacoma, Washington, were illegally surveilled. Does that sound like something to celebrate?
The FBI responds that many of its searches are conducted to protect victims from cybercrimes. But there is, Goitein says, no “victim exception” to the Fourth Amendment. “They are basically admitting that they’re searching Americans’ communications and most private, personal information without probable cause.”
All of which begs the question – if you think there’s a crime, why not obtain a criminal search warrant?
Worse, Congress and the public are left to look at this latest report through a glass, darkly. The FBI is not transparent in its methodology. It does not give a full accounting of the rules by which it catalogs and lists its searches. If the Drug Enforcement Administration runs a query and shares what it learns about an American citizen with the FBI, is that counted under these rules? How does the FBI count batch queries (multiple queries under a common justification) over one-offs?
Only Congress can dispel the murkiness by demanding answers. And as it does, expect to see even more reasons for statutory reforms as the precondition for the reauthorization of Section 702.
Happy World Press Freedom Day! If you are a journalist heading out to do an interview, please be careful in your movements, your digital security, and the protection of your sources. In some countries, you might want to check under your car before starting the ignition.
But be advised that even these safety measures may not be enough to protect you.
Like many declarations of the United Nations, the 30th anniversary of World Press Freedom Day is observed in the breach in many UN member countries. The UN Secretary General Antonio Guterres said that the number of journalists killed in 2022 was 50 percent higher than the previous year. UNESCO reports that in all, 86 journalists were killed last year.
That’s a reporter killed every four days.
In Mexico, where many journalists have been murdered, the government and the cartels are the most prolific users of Pegasus, surveillance software that can transform any smartphone into a comprehensive 24/7 surveillance device. This spyware reveals one’s texts, emails, images, and calendar, while turning a smartphone’s microphone and camera against its owner. The New York Times reports that Mexico’s federal spy agency has “targeted more cellphones with the spyware than any other government agency in the world.”
And, of course, criminal actors have full use of this technology in much of the world. Cartels used Pegasus to track down journalist Cecilio Pineda Birto hours after he accused the state police force and local politicians of conspiring with violent criminals. He was gunned down while waiting for his car to come out of a carwash. Twenty-six Mexican journalists were targets of interest by a buyer of this technology in recent years.
This is in keeping with Secretary Guterres’ statement that “90 percent of the journalists killed” are “covering local issues, human rights violation, corruption, illegal mining, environment problems.” He added that many of the killers “are not only state actors, they are organized crime, drug lords, environmental criminals.”
In some parts of the world, the line between state actors and thuggery is nonexistent. Witness the ordeal of Evan Gershkovich of The Wall Street Journal, arrested on specious charges of being an American spy by the judicial puppets of the Vladimir Putin regime. Or Jimmy Lai, the Hong Kong publisher who bravely defied the Chinese Communist Party and has disappeared behind bars.
In other parts of the world, journalists are intimidated by online attacks and loose libel laws that keep journalists legally and psychologically intimidated.
Throughout, the marriage of increasingly potent surveillance technology and illiberal regimes is making the practice of journalism more difficult. This is true even in the United States. A Texas journalist was arrested for – get this – “misuse of official information.” A Wall Street Journal reporter in Arizona was arrested for doing man-on-the-street interviews.
The press can often come at the truth with a slant or a sensational angle. The press can just get a story wrong. But the free and open practice of journalism is in the long run the only way for a free society to self-correct and sift out the truth. As the founders insisted, freedom of the press safeguards society against official corruption, malfeasance, and the lawless exercise of power.
Now the free practice of journalism globally, and even at home, can be compromised by powerful spyware. It is also threatened by our government’s possession of our communications and online activity through Section 702 of the Foreign Intelligence Surveillance Act, as well as the bulk purchase of Americans’ digital information from data brokers.
While 49 U.S. states have press shield laws, there is no federal law that protects the notes and sources of a journalist from being seized by a federal prosecutor. All the more reason to celebrate World Press Freedom in America by asking Congress to get behind the PRESS Act, which would extend these basic protections to the federal government.
A House subcommittee hearing today demonstrated widespread, bipartisan recognition of the need to reform Section 702 of the Foreign Intelligence Surveillance Act (FISA).
Both the Chairman and Ranking Member of the full House Judiciary Committee – Rep. Jim Jordan (R-OH) and Rep. Jerry Nadler (D-NY) – called for their committee colleagues to lead bipartisan reforms to prevent further, significant abuses of this authority. Jordan, looking over his shoulder to Rep. Nadler, highlighted “the fact that we can get bipartisan on protecting civil liberties.”
Subcommittee chairman Andy Biggs (R-AZ) had earlier opened the hearing by saying Section 702 reform requires a “rare bipartisan effort.” Rep. Jerry Nadler (D-NY) agreed bipartisan action is needed. He complained about the government “keeping us in the dark” on the numbers of warrantlessly collected data of Americans. The result of this secrecy, he said, is the backdoor surveillance of Americans that “is neither hypothetical nor rare.”
Sharon Bradford Franklin, chair of the independent watchdog of the independent agency that protects civil liberties in government counterterrorism programs, spelled out three specific reforms. Even the title of the hearing, “Fixing FISA: How a Law Designed to Protect Americans Has Been Weaponized Against Them,” was telling. It set the tenor of skeptical and substantive questions from representatives from both parties.
By the end, it was clear that the push for Section 702 reform is strong and accelerating.
Franklin, Chair of the Private and Civil Liberties Oversight Board (PCLOB), noted that Section 702 – because it aims to collect the data of foreigners presumed to be located abroad – does not need to observe the Fourth Amendment requirement for a probable cause warrant. Nevertheless, Americans’ communications get “incidentally” caught up in this surveillance.
“The term incidental makes it sound like a small amount, but we don’t actually know the scope of this collection,” Franklin said. “The government argues it is not feasible to calculate a meaningful number.”
“They won’t tell us,” Chairman Jordan said sharply. “No idea how many Americans are pulled into incidental collection – the FBI won’t tell us.” He later fired a warning shot, “How about we put the FBI out of this business altogether?”
There was widespread recognition among committee members that the FBI is withholding any suggestion of the magnitude of incidental collection. This was a perfect set-up for Franklin to make the first of her three recommendations.
Franklin then turned to how Section 702 – an authority designed by Congress to permit the surveillance of foreigners – has become a method by which the government can warrantlessly surveil Americans.
“No judge ever reviews analysts’ targeting procedures,” she said, because they target foreigners who do not enjoy U.S. constitutional protections. Thus, she said, there is no judicial review on the front-end of the process. Nor, because the authority is ostensibly about foreigners, is there a warrant “requirement at the backend to establish probable cause or obtain permission from a federal judge,” even when Americans become the target of 702 surveillance.
This is what, Franklin said, privacy advocates mean by Section 702 enabling “backdoor searches.” She noted the FBI has recently released a set of reforms and improvements to its FISA process. These include changing default settings in the FBI’s query system so agents must affirmatively opt in to have their queries run through 702 data and establishing special approvals for sensitive queries such as those involving elected officials, members of the media, academia, and religious leaders.
“These reforms are welcome,” Franklin said, “but I do not believe these changes are sufficient to address the privacy threats posed by these warrantless searches seeking information about specific Americans.”
Third and finally, Franklin addressed the issue of “abouts” information – collecting references from third parties about an American. In 2018, Congress suspended the collection of “abouts” data, but the current law allows the government to restart the practice at will. This is dangerous, she said, because it allows the government to “acquire communications extensively between people about whom the government had no prior suspicion, or even knowledge of their existence, based entirely on what is contained within the contents of their communications.”
Franklin’s testimony was a good summation of the issues at stake in Section 702, as well as her recommendations.
Rep. Laurel Lee (R-FL) noted the call to require amici – legal experts in civil liberties – to advise the secret FISA court whenever it considers surveillance requests from the government that involve Americans’ fundamental freedoms in politics, religion, and journalism.
Department of Justice Inspector General Michael Horowitz seemed to agree. He responded that in the secret hearings, “agents never face a challenge or a cross examination” unlike an ordinary criminal trial. Facing cross-examination by a privacy advocate, Inspector Horowitz said, “focuses the mind.”
The lasting impact of the hearing will likely be Franklin’s three recommendations – to get the government to produce an estimate of incidental collection of Americans communications, to involve FISA court review of the query terms for Americans, and to remove the ability of the government to return to the collection of “abouts” information.
Watch the full hearing:
The spokespersons of the intelligence community promise in hearings, when asked about multiplying reports of lawless surveillance of the American people, that they intend to adhere to a “culture of compliance.”
But compliance with what?
A glimpse into official thinking can be seen in internal documents recently released by the FBI that give guidance to agents searching the vast oceans of data swept up under the authority of the Foreign Intelligence Surveillance Act (FISA). It includes procedures for reviewing Americans’ communications collected without a warrant under Section 702, the authority devised for surveilling foreigners abroad. It details the ways in which agents can, under rules established by the secret FISA Court, search these records for evidence of a crime not relating to national security, even though the primary purpose Congress crafted FISA and Section 702 was to catch foreign terrorists and spies.
This workaround rests on the fact that with the global integration of communications, it is impossible to sweep up large amounts of communications without “incidentally” sweeping up the communications of Americans. The culture of compliance at the FBI is about compliance with its own internal rules. These documents demonstrate the extent to which queries about U.S. persons Section 702 data – performed more than 200,000 times last year alone – have become the FBI’s honeypot for domestic surveillance.
That is why 702 information has been used in investigating purely domestic crimes and investigations, from bribery to health care fraud – hardly matters of national security.
These documents show the extent to which the FBI has elaborate rules in place to sanitize the ways agents access this information to obtain Americans’ communications in a domestic criminal investigation. But you will search this document in vain for mention of the words “privacy,” “warrants,” and “Fourth Amendment.”
How’s that for an idea – a culture of compliance with the U.S. Constitution?
FBI the Odd Man Out on the Hill
The Capitol dome is ringing and reverberating like a bell after being struck by Jordain Carney’s article in Monday’s Politico about the FBI’s lack of credibility on the Hill.
Carney spells out what until now has been whispered – that years of disingenuous claims by the FBI is making it the odd man out in this year’s reform of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
For years, PPSA has been critical of the defensive, often patronizing, tone of FBI Director Christopher Wray who praises the bureau’s “culture of compliance.” He glosses over years of FBI lying about bulk collection of Americans’ data and massive amounts of backdoor searches as if he had accidentally taken a sip from someone else’s water glass over lunch.
Wray has particularly rubbed Republicans the wrong way. After the Justice Department Inspector General detailed the manifold failings of the FBI in its FISA Title I Carter Page investigation – from lying by omission to the secret FISA court (later to be compounded by the submission of a forged document by an FBI lawyer) – Wray had a snappy comeback. He thanked the inspector for his “constructive criticism.”
At the time, Rep. Tom McClintock (R-CA) responded by detailing how much is at stake when the FBI overreaches: “The FBI can be entrusted with the most terrifying powers that we can give our government – the power to ruin people’s lives, the power to invade their privacy, to launch pre-dawn raids on their homes, to bankrupt them with legal costs, to deprive them of their liberty.”
Undaunted, Wray doubled down with his smooth, nothing-to-see here demeanor in recent testimony on the Hill. He revealed that the Section 702 program saw a 93 percent decrease between 2021 and 2022 in the number of FBI searches for U.S. persons – only to have staff reveal to The New York Times that the remaining number is 204,090. That’s still millions of Americans illicitly surveilled outside the Constitution in just a few years.
“The FBI is absolutely the problem child in FISA and 702,” House Intelligence Chairman Mike Turner (R-OH) told Carney. “The abuses are abhorrent. Wray is not a compelling advocate for FISA or 702, because he’s not been a compelling advocate for reform.”
It didn’t help that the lawmaker tasked with spearheading the reauthorization of Section 702, Rep. Darin LaHood (R-IL), turned out to be the very Member of Congress who had his name used in three queries, compromising all his private communications. Rep. LaHood, who is generally supportive of 702 reauthorization, told Wray in a recent hearing that a clean, or unamended, reauthorization of Section 702 was not in the cards.
Now Carney reveals that congressional “negotiators are already signaling that they will likely miss the Dec. 31 deadline to re-up the warrantless surveillance.”
PPSA hopes that in investigating FBI abuses that Congress looks at other agencies – from NSA to DEA – that also promise a “culture of compliance.” They all need to be reined in instead of following the FBI in the wrong direction. Congress needs to act with strong reforms of Section 702 that require probable cause warrants whenever an American is targeted, as the Constitution requires.
The FBI explained to Charlie Savage of The New York Times why it used the name of Rep. Darin LaHood (R-IL) as a search term. The FBI says it was conducting a “defensive” investigation ostensibly to protect the congressman. Along the way, the bureau took no trouble to adhere to rules that would have excluded Rep. LaHood’s personal and irrelevant communications when delving into his data collected under Section 702 of the Foreign Intelligence Surveillance Act (FISA).
In December, 2021, a government report first revealed that a Congressman’s name had been used in such a search without using minimization procedures to protect his privacy. That the subject of this surveillance was Rep. LaHood was dramatically revealed in a March hearing when the Illinois congressman said he believed his name had been used for the Section 702 query. Section 702 is an authority Congress authorized explicitly to surveil foreign actors in foreign settings who pose a threat to national security.
The FBI is generous with itself in how it treats the collection of Americans’ communications that are “incidentally” swept up in 702 data collection. With so much of global communications running through North America – and so many Americans in communication with foreigners – the private messages of American citizens and people on U.S. soil have a degree of exposure far beyond anything Congress imagined when it amended FISA with Section 702 in 2008.
This authority has since become a wide-open back door through which the FBI can surveil someone, then concoct a different predicate to follow up on the evidence it has seized. Years of experience with FBI misbehavior explains why Rep. LaHood, a former counterterrorism prosecutor, struck a newly confrontational tone in a recent hearing with FBI Director Christopher Wray.
“I want to make clear the FBI's inappropriate querying of a duly elected member of Congress is egregious and a violation not only that degrades the trust in FISA but is viewed as a threat to the separation of powers," LaHood said to Director Wray.
Now FBI backgrounders are telling The New York Times that the reason for the query was because the bureau believed Rep. LaHood was a target of a Chinese intelligence operation. FBI surveillance occurred at a time when LaHood, whose district includes soybean farmers and Caterpillar, was caught between President Trump’s tariffs imposed on Chinese goods and the dependence of his constituents on trade with China.
Thus, intelligence community apologists are now using “defensive investigation” as yet another reason why we cannot allow a warrant requirement to gum up the works. Matt Olsen, now an assistant attorney general, argued in Slate a few years ago that entering an American’s email address or phone number into the database “is not the initiation of a new surveillance or search protected by the Fourth Amendment and subject to the warrant requirement. It is the review of information that the agency has already obtained by lawfully targeting others and that now resides in its databases.”
This assertion is that these aren’t general warrants, prohibited by the Constitution, if the government already possesses your data. The founders added the Fourth Amendment to the Constitution to prevent general warrants like those of the British Crown. According to Olsen’s theory, if the king’s agents had thought to lock up every Bostonian’s private papers in a warehouse, it would have amounted to one, big legal search.
A hypothetical situation shows how far afield this is from the Fourth Amendment. Put aside that Rep. LaHood has a reputation for being an honest and decent fellow. Hypothetically, would the FBI have ignored incriminating information of a non-national security crime if it had been found in a congressman’s private messages? Consider that the secret FISA court revealed that Section 702 has already been used in health care fraud, bribery, and other cases having nothing to do with national security.
Now the FBI is peddling to The Times the notion that all is fair game if the purpose of the search is purely defensive. After all, they were merely trying to protect Rep. LaHood, right? But if that’s the case, why didn’t the FBI inform Rep. LaHood he was a target of the Chinese? Why did he have to intuit this from reading classified material years after the fact?
The reason is clear. The government always wants to retain the right to go after the subject of the search. That is why the intelligence community and its apologists want an exception for backdoor searches but have no interest in a consent requirement.
We hope Rep. LaHood keeps this in mind when he works with his colleagues to craft the strong reforms that, he said, must be the price of Section 702 reauthorization in this Congress.
Jim Jordan, Chairman of the House Judiciary Committee, fired off a subpoena to FBI Director Christopher Wray on Monday asking for a full response to a whistleblower’s leaked report that the FBI planned to monitor Catholic organizations dedicated to the Latin mass as breeding grounds for terrorists. He asked for more detail on a plan to insert undercover agents to develop sources within the Church to investigate such “Radical Traditional Catholics,” or in FBI parlance, RTCs.
It all began when former Special Agent Kyle Seraphin revealed a memo showing that the FBI’s Richmond, Virginia office was infiltrating Catholic parishes, acting on agents’ suspicion that those who prefer traditional Latin masses are connected to white supremacy. “The document assesses with ‘high confidence’ the FBI can mitigate the threat of Radical-Traditionalist Catholics by recruiting sources within the Catholic Church,” Seraphin wrote at the time.
Embarrassed by this story, the FBI rescinded the memo and blamed it on bad decision-making in the Richmond field office for the document’s “creation and dissemination.” Members of the House Select Committee on the Weaponization of the Federal Government were not satisfied. How did this idea get started? Who approved it?
The FBI, after trying to ignore these questions, produced an 18-page response in March that Jordan on Monday called “partial” and “substandard.”
Jordan’s subpoena demands responses to his queries without redactions, asking for details on the report that “at least one undercover employee, sought to use local religious organizations as ‘new avenues for tripwire and source development.’”
The FBI has a history of insensitivity to the free exercise of religion and the privacy of religious institutions. The bureau famously targeted worshippers in a mosque in Southern California in 2006-2007 without any probable cause the government is willing to discuss. The FBI paid an informant to infiltrate the mosque and plant listening devices.
No Islamic terrorists were found.
We’ll report on further developments as the FBI is tasked to produce a more forthcoming explanation of its targeting of “RTCs.”
The New York Times broke the story that a front company in New Jersey signed a secret contract with the U.S. government in November 2021 to help it gain access to the powerful surveillance tools of Israel’s NSO Group.
PPSA previously reported that the FBI had acquired NSO’s signature technology, Pegasus, which can infiltrate a smartphone, strip all its data, and transform it into a 24/7 surveillance device. Mark Mazzetti and Ronen Bergman of The Times now report that the FBI in recent years had performed tests on defenses against Pegasus and “to test Pegasus for possible deployment in the bureau’s own operations inside the United States.” An FBI spokesperson told these journalists the FBI’s version of the software is now inactive.
The secret contract also grants the U.S. government access to NSO’s powerful geolocation tool called Landmark. Mazzetti and Ronen report that such NSO technology has been used thousands of time against targets in Mexico – and that Mexico is named as a venue for the use of NSO technology. Two sources told the journalists that the “contract also allows for Landmark to be used against mobile numbers in the United States, although there is no evidence that has happened.”
This story is catching the Biden Administration flat-footed, which had declared this technology a national security threat while placing NSO on a Commerce Department blacklist. In light of these new revelations, Members of Congress should ask the Directors of National Intelligence, the CIA, FBI, and DEA:
This breaking story will likely force the Biden White House to promulgate new rules limiting the use of NSO technology by federal law enforcement and intelligence agencies. As it does, Congress should be involved every step of the way.
This technology is frightening because NSO tools can be installed remotely on smartphones with the most updated security software, and without the user succumbing to phishing or any other obvious form of attack. The need for a detailed policy limiting the use of these tools is urgent. NSO technology is to ordinary surveillance what nuclear weapons are to conventional weapons. Because nuclear weapons are hard to make, Washington, D.C. had time to plan and enact a global non-proliferation regime that delayed their proliferation. In the case of Pegasus and Landmark, however, this technology easily proliferated in the wild before Washington was even fully aware of its existence.
Pegasus has been used by drug cartels to track down and murder journalists. It has been used by an African government to listen in on conversations between the daughter of a kidnapped man and the U.S. State Department. It was famously used to plan the murder of Adnan Khashoggi. Does anyone doubt that Russian and Chinese intelligence have secured their own copies? Now Washington is both racing to catch up with foreign adversaries and limit the use of this technology at the same time.
NSO, through its amoral proliferation of dangerous technology, has made the world a riskier place. As federal agencies seek to get their hands on this technology, Congress should paint a bright red line – DO NOT USE DOMESTICALLY, EVER.
The U.S. State Department last week released a document that offers “Guiding Principles on Government Use of Surveillance Technologies.” This paper gives other countries advice on how to use technical, legal, and transparency rules to keep surveillance technology from destroying democracy and privacy.
But it is fair to ask: How well does Washington, D.C. live up to its own advice?
That pervasive surveillance is going global is indisputable. On the same day the State Department released this paper, two New York Times journalists reported on all the exotic items for sale at a Dubai surveillance conference – facial recognition software that tracks individuals across cities, facial recognition goggles, and miniaturized cameras and recording devices inside fake car key remotes and coffee cups.
Surveillance technology, including the universal smartphone violator Pegasus, are making a Chinese-style surveillance state possible. The State Department document cautions countries against going down this path toward totalitarian surveillance that leaves people no room for privacy.
The State Department warns that surveillance can be used to target journalists, political opposition members, and activists, as well as marginalized minorities. We should take this standard as a marker for our improvement as well. According to the secret Foreign Intelligence Surveillance Court, the FBI has conducted “widespread violations” by conducting warrantless, backdoor searches of communications. It has come to light that the FBI has plumbed FISA data with search terms for: a U.S. Congressman, “a local political party,” “multiple U.S. government officials, journalists, and political commentators,” as well as two “Middle Eastern” men, flagged by a witness because they were loading boxes into a vehicle.
The State Department advises upholding “procedural rights” that protect the offline and online civic space of a country. State also says that “the quantity and nature of information collected through surveillance technology and the timeframe for which that data is retained should be limited to what is relevant or necessary …”
In this light, we should note that U.S. defendants have little ability to know if a backdoor search of their data has been used to target them. In court, defendants have practically no such rights – especially with a “state secrets” privilege that effectively makes discovery of the use of warrantless surveillance impossible.
And what to make of State’s advice concerning limits on the quantity of data? In addition to having access to the National Security Agency’s torrent of global and domestic data, the FBI buys metadata and even content scraped from apps and sold to the government by third-party data brokers.
We point out these contradictions to underscore the need for Congress to use the pending reauthorization vote of FISA’s Section 702 – which ostensibly authorizes surveillance of foreign actors abroad – to perform a deep, investigatory dive into surveillance abuse. That knowledge can guide the drafting of meaningful reforms – including a warrant requirement whenever Americans are the government’s target.
The United States is a world leader when it comes to protecting civil liberties. If we complete the job, we will continue to be the country that others look to emulate.
Never let a moral panic go to waste. A legitimate concern – the likely exposure of 150 million Americans’ data from TikTok to the People’s Republic of China – somehow morphed into the Restrict Act, which never mentions TikTok.
Supported across the ideological spectrum by Sens. Mark Warner, Joe Manchin, Mitt Romney, and Shelley Moore Capito, the Restrict Act would transform a rather innocuous figure, the Secretary of Commerce, into an American Cardinal Richelieu.
The bill would empower the Secretary of Commerce “to review and prohibit certain transactions between persons in the United States and foreign adversaries” regarding virtually all hardware and software communications technology, as well as data storage, machine learning, predictive analytics, and data science providers. The bill also covers software for desktops, mobile applications, gaming, payment, and web-based applications.
The bill labels the People’s Republic of China, as well as Cuba, Iran, Russia, North Korea, and Venezuela as foreign adversaries, which they certainly are. But it would grant the Secretary the power to consult with the Director of National Intelligence to name any country’s technology as a national security threat.
In addition, under the bill the Secretary would have the power to ban “entities” held by hostile foreign labor unions, equity investors, partnerships or of “any participation […] and of any character.” It covers just about every aspect of technology and e-commerce with a potentially foreign connection.
The Secretary of Commerce, usually known for cutting ribbons and handing out awards, would acquire duties commonly associated with the CIA’s Clandestine Service. Commerce Secretary Gina Raimondo would be empowered to “identify, deter, disrupt, prevent, prohibit, investigate, or otherwise mitigate” not just the “information and communications technology products” listed above, but also anything that could be construed to involve “Federal elections” and “national security.” The bill also targets “the digital economy,” presumably meaning the Secretary of Commerce could, with the stroke of a pen and no further debate in Congress, deter, disrupt, or prevent Bitcoin and other cryptocurrencies.
Americans who violate these restrictions would face up to $1 million in fines and 20 years in prison. And violate what, exactly? This bill is as vague as it is repressive. As Elizabeth Nolan Brown of Reason notes, the Restrict Act could easily be interpreted as criminalizing virtual private networks, which enable Americans’ privacy. Thus, teenagers who use VPNs to watch burping contests on TikTok could face a $1 million fine and 20 years in prison.
“We’ve seen many times the way federal laws are sold as attacks on big baddies like terrorists and drug kingpins yet wind up used to attack people engaged in much more minor activities,” Brown wrote. Or, as Cardinal Richelieu said, “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”
As extreme as it is, it would be a mistake to discount the Restrict Act. The White House is strongly backing it. On Capitol Hill, this legislation has momentum, surfing on the cresting wave of indignation after the poorly received testimony of TikTok’s CEO. And if it falls short, it reveals a deep state hunger for power that will surely find expression in smaller, more passable bills.
Which raises the question: If we reject the Restrict Act, what should be done about TikTok?
As civil libertarians, we find ourselves at a point of agony concerning the proposed banning of TikTok’s social media platform in the United States. We don’t like government having the power to pull down a vibrant ecosystem of speech, one with many minority viewpoints, and on which small businesses and influencers depend.
Yet TikTok’s promise to quarantine Americans’ data from ByteDance, its Chinese owner, is risible. ByteDance must comply with a Chinese law that mandates sharing data with Chinese intelligence. As we’ve pointed out, TikTok has repeatedly violated its own standards – most recently by allegedly surveilling American journalists in a likely attempt to catch dissidents or whistleblowers.
Nor would “Project Texas” – TikTok’s proposal to house American data, most likely with Oracle in Austin – be a foolproof way to quarantine Americans’ data from China.
Vigilance about government surveillance must include all governments. As overbearing as Washington can be, nothing compares to the malevolence of the Chinese Communist Party toward the United States and the American people. For that reason, it makes sense to ban TikTok or force a sale under current sanctions law or a narrowly targeted bill.
But the Restrict Act gives overreaction a bad name. It would be a rich irony if Congress protected Americans from the importation of Chinese surveillance by turning the Department of Commerce into the technology police, enforcing vague laws with sweeping investigatory power. The Restrict Act is a blueprint for tyranny.
Realtors will tell you that the price of a home is all about location, location, location. But in surveillance policy, location is not the only thing that matters.
In a recent Senate hearing, Sen. Ron Wyden (D-OR) asked FBI Director Christopher Wray about reports the Bureau was purchasing Americans’ location data. Wray replied that the FBI does not “purchase communications database information that includes location data derived from internet advertisement.”
The FBI, Director Wray explained, did purchase such information at some unspecified time in the past, but that was part of a since-discontinued pilot program. A few days later, Department of Justice Inspector General Michael Horowitz testified on the Hill that warrantlessly purchasing location data, in the wake of the 2018 Supreme Court Carpenter opinion, should be considered off-limits.
So far, so good.
But what about the questions not asked? Our devices generate a lot more information about us than just our location and movements. Data reveal our networks of friends and associates, political beliefs, religious beliefs and worship, sexual lives and preferences, and other deeply sensitive information – the sort of “data” that snoops once had to pick the lock of a diary to learn.
The first of these other questions we’d love to ask Director Wray: Is the Bureau still purchasing other sensitive data on Americans? This question comes to mind after Vice’s Motherboard tech blog revealed a contract showing that in 2017 the FBI paid more than $76,000 through a middleman to purchase “netflow” data from a data broker, Team Cymru, which obtained it from internet service providers.
This purchase for “netflow” data can include which server communicated with another, giving the FBI the ability to track internet traffic through virtual private networks. It can include websites visited and cookies, digital details that can collectively form a portrait of a user.
This purchase was made for the FBI’s Cyber Crime division in 2017. Some more questions for Director Wray:
It was recently revealed that the FBI made 204,090 U.S. person queries from NSA databases – equivalent to a warrantless search of every citizen of Richmond, Virginia. Director Wray should face these questions in his next hearing. A fuller explanation of what kinds of warrantless data the FBI extracts and uses is, after all, minimal for Congressional oversight.
Our government can operate in grey areas of the law because agencies have become adept at exploiting every loophole, exception, or tiny bit of leeway in a statute. PPSA announces today the submission of two Freedom of Information Act requests to the Department of Justice to shed light on practices in two such areas of concern – surveillance of cellphone data by devices that imitate cell towers, and the role of privacy experts in a secret court.
The first FOIA request concerns cell-site simulators that law enforcement agencies use to mimic cell towers, allowing them to snatch location data and other information from the cellphones of people at a given location. These devices, commonly known as “stingrays,” are used to track people by pinging their phones. This digital intrusion is at odds with the spirit of the Supreme Court opinion in Carpenter v. United States, where the Court in 2018 rejected unlimited government access to cellphone location data.
But the high Court did not specifically ban cell-site simulators. So, with this tiny distinction, stingrays are still commonly used by 14 federal agencies and police in cities around the country. In 2015, the Department of Justice did produce a memo requiring a warrant for some uses of this technology. That memo, however, allows federal agencies free use of this technology in “exigent” circumstances.
How dire does a circumstance have to be to be “exigent”? Virtually everyone agrees that if a child is thrown into a stranger’s car, or a terrorist is known to be planting a bomb, law enforcement should be able to get their hands on stingray data in an instant. But given the slipperiness with which the government defines legal terms, what are the actual circumstances in which stingrays have been used?
In this way, PPSA is seeking to discover if federal agencies are playing fair with the “exigent” exception.
PPSA’s second FOIA request concerns the use – or rather, the non-use – of amicus advisors by the FISC. A little history is in order. When Judge James E. Boasberg of the secret court heard requests from the FBI for permission to surveil presidential campaign aide Carter Page, the judge could have sought advice from a privacy lawyer with high-security clearance. Such an amicus could have helped guide the judge through the competing issues in a case fraught with civil liberty concerns, not the least of which were the First Amendment rights of 137.5 million voters.
Judge Boasberg demurred. It appears he did not seek an amicus and missed spotting a circus of misdirection and shocking omissions in the FBI’s requests, including submission by an FBI lawyer of a forged document.
It is with this in mind that we supported the Leahy-Lee measure in the previous Congress that would bring checks and balances into FISC proceedings. This legislation would bring to the one-sided nature of FISC hearings a privacy-oriented advocate to independently verify the FISA application’s material assertions whenever a case touches on the civil rights of sensitive cases involving political campaigns, federal officials, the practice of journalism, religious minorities, or other sensitive areas.
Since this is not the law, PPSA filed this FOIA request.
We would prefer not to have to pull out a legal microscope. But given the disingenuous way our government finds exceptions for lawless acts, we feel they have given us no choice.
PPSA will report on any responses.
Last week, leading civil libertarians – including PPSA’s own Senior Policy Advisor Bob Goodlatte – addressed Members of Congress and staff in a virtual conference detailing the need to add reforms to Section 702 of the Foreign Intelligence Surveillance Act.
Rep. Zoe Lofgren (D-CA) posted a particularly succinct and yet comprehensive description of the principles at stake in this debate. She addresses FBI Director Christopher Wray’s admission that the Bureau had purchased Americans’ location information without a court order. She noted the habit of the government to purchase our most sensitive data, bypassing “the Fourth Amendment simply by writing a check.”
Rep. Lofgren sets out what’s wrong, what needs to change, and the growing bipartisan determination to get real reform this year. She reminds us that “Congress can enact privacy protections for Americans without compromising national security, as it has done many times in the past.”
By the end of 2023, Congress must decide whether to reauthorize Section 702 of the Foreign Intelligence Surveillance Act. Section 702 was intended to provide U.S. agencies with the statutory authority to collect intelligence only from foreigners abroad. Unfortunately, for over a decade, agencies have abused this authority, using loopholes in Section 702 to conduct warrantless surveillance on millions of Americans.
For example, a report published by ODNI in April 2022 disclosed that, in 2021 alone, the FBI conducted as many as 3.4 million searches of Section 702-acquired data for information about Americans and their communications. And in 2018, Foreign Intelligence Surveillance Court (FISC) Judge James Boasberg rebuked the FBI for improper use of 702 databases against Americans. The misuse of this surveillance is “widespread.” The FISC also revealed that the FBI has used warrantless NSA data in a range of cases involving purely domestic issues.
Such a system is worse than broken. It is assembling the elements for a pervasive, unaccountable surveillance state. Congress should not reauthorize Section 702 without making significant reforms to ensure these abuses do not continue under any authority.
Legislation that reauthorizes Section 702 must ensure compliance with key principles:
These principles are critical to Americans’ privacy and civil liberties. In 2023, Congress must end the pervasive abuse of Section 702 and other surveillance authorities.
Fourth Amendment, U.S. Constitution: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
In “A Scanner Darkly,” a 2006 film based on a Philip K. Dick novel, Keanu Reeves plays a government undercover agent who must wear a “scramble suit” – a cloak that constantly alters his appearance and voice to avoid having his cover blown by ubiquitous facial recognition surveillance.
At the time, the phrase “ubiquitous facial recognition surveillance” was still science fiction.
Such surveillance now exists throughout much of the world, from Moscow, to London, to Beijing. Scramble suits do not yet exist, and sunglasses and masks won’t defeat facial recognition software (although “universal perturbation” masks sold on the internet purport to defeat facial tracking).
Now that companies like Clearview AI have reduced human faces to the equivalent of personal ID cards, the proliferation of cameras linked to robust facial recognition software has become a privacy nightmare. A year ago, PPSA reported on a technology industry presentation that showed how stationary cameras could follow a man, track his movements, locate people he knows, and compare all that to other data to map his social networks. Facial recognition doesn’t just show where you went and what you did: it can be a form of “social network analysis,” mapping networks of people associated by friendship, work, romance, politics, and ideology.
Nowhere is this capability more robust than in the People’s Republic of China, where the surveillance state has reached a level of sophistication worthy of the overused sobriquet “Orwellian.” A comprehensive net of data from a person’s devices, posts, searches, movements, and contacts tells the government of China all it needs to know about any one of 1.3 billion individuals.
That is why so many civil libertarians are alarmed by the responses to an ACLU Freedom of Information (FOIA) lawsuit. The Washington Post reports that government documents released in response to that FOIA lawsuit show that “FBI and Defense Department officials worked with academic researchers to refine artificial-intelligence techniques that could help in the identification or tracking of Americans without their awareness or consent.”
The Intelligence Advanced Research Projects agency, a research arm of the intelligence community, aimed in 2019 to increase the power of facial recognition, “scaling to support millions of subjects.” Included in this is the ability to identify faces from oblique angles, even from a half-mile away.
The Washington Post reports that dozens of volunteers were monitored within simulated real-world scenarios – a subway station, a hospital, a school, and an outdoor market. The faces and identities of the volunteers were captured in thousands of surveillance videos and images, some of them captured by drone. The result is an improved facial recognition search tool called Horus, which has since been offered to at least six federal agencies. An audit by the Government Accountability Office found in 2021 that 20 federal agencies, including the U.S. Post Office and the Fish and Wildlife Service, use some form of facial recognition technology.
In short, our government is aggressively researching facial recognition tools that are already used by the Russian and Chinese governments to conduct the mass surveillance of their peoples.
Nathan Wessler, deputy director of the ACLU, said that the regular use of this form of mass surveillance in ordinary scenarios would be a “nightmare scenario” that “could give the government the ability to pervasively track as many people as they want for as long as they want.”
As we’ve said before, one does not have to infer a malevolent intention by the government to worry about its actions. Many agency officials are desperate to catch bad guys and keep us safe. But they are nevertheless assembling, piece-by-piece, the elements of a comprehensive surveillance state.
Rep. Darin LaHood Reveals that At Least One Member of Congress Was Improperly Surveilled by the FBI – Himself
FBI Director Christopher Wray rankles many Members of Congress and civil libertarians by presenting a smooth, bland, and impenetrable affect when faced with tough questions. He did himself no favors when, responding to criticism about the 17 errors of commission and omission on the Carter Page scandal highlighted by the Department of Justice Inspector General, he said: “Thanks for the constructive criticism.”
Today he brought that poker face to Thursday’s House Permanent Select Committee on Intelligence. When asked about FBI’s use of Section 702 of the Foreign Intelligence Surveillance Act (FISA) by Rep. Darin LaHood (R-IL), Wray said the FBI had made mistakes in the Page affair under Title I of FISA, another authority under a previous director. By implication, this means that 702 must be hunky-dory.
But this overlooks the acknowledgment by a senior FBI official to New York Times journalist Charlie Savage that the FBI had used Section 702 some 204,090 times in warrantless surveillance of Americans in just one year alone.
Rep. LaHood also dug into Wray on the revelation that at least one Member of Congress had his name used as a query term in one 702 search.
“I want to make clear the FBI's inappropriate querying of a duly elected member of Congress is egregious and a violation [that] not only that degrades the trust in FISA but is viewed as a threat to the separation of powers," LaHood said during the hearing.
Then came a development as close to a Perry Mason moment as a Congressional hearing room has experienced since the early Cold War.
“I have had the opportunity to review the classified summary of this violation, and it is my opinion that the member of Congress that was wrongfully queried multiple times solely by his name was in fact me,” Rep. LaHood said.
Toward the end of his questioning, Rep. LaHood underscored that he is heading the Section 702 reauthorization working group for Congress. Expect LaHood to ask if other Members of Congress were treated the same way by the FBI, with constructive criticism – and new limits on the FBI’s authority – to follow.
In today’s public hearing before the U.S Senate Select Committee on Intelligence, Sen. Mike Rounds (R-SD) asked FBI Director Christopher Wray about the need to reauthorize Section 702 authority of the Foreign Intelligence Surveillance Act.
This question was asked in the shadow of a Wall Street Journal story last year reporting that the FBI had conducted up to 3.4 million U.S. person queries in 2021, or warrantless searches of Americans’ personal data from the 702 database.
At the time, the FBI cautioned on background that the number was inflated by the inclusion of Americans’ data in an effort to protect these potential victims from cyberattacks from China, Russia, and other hostile countries. In today’s session, Director Wray said the FBI is “surgical and judicious” in its searches, making big strides in its database systems and training to minimize such intrusions.
Director Wray further asserted that in 2022, the Bureau had achieved a 93 percent reduction in such U.S. person queries. This apparently includes the elimination of those cases that fall in the cyber category. Shortly after, Charlie Savage of The New York Times reported that a senior FBI official clarified that the actual number was shy of 204,090.
In other words, the FBI director today admitted that the Bureau had compromised the Fourth Amendment rights of Americans about 204,000 times in just one year, or about 559 times per day. To put this in comparative terms, Sen. Rounds might want to consider that this number equals the total population of South Dakota’s largest city – Sioux Falls – plus the small city of Aberdeen.
PCLOB Board Member: Section 702 Domestic Searches of Americans of “Minimal to Negligible” Value
Travis LeBlanc, board member of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB), takes his position as a privacy watchdog seriously. Until the appointment of Sharon Bradford Franklin as PCLOB Chair, LeBlanc was the lone voice of public criticism and questioning of the largely secret activities of the intelligence community.
Expectations for PCLOB have long been low. A report on a surveillance authority, Executive Order 12333, was six years in the making. The public-facing version turned out to be a high school-level paper that seemed written out of Wikipedia. In June 2021, LeBlanc went public with his dissatisfaction with PCLOB’s timidity to explore contentious issues, such as 12333 and a program called XKEYSCORE that allows the NSA to sweep the global internet.
PCLOB of late has been showing its colors as an independent agency. It has long examined Section 702 of the Foreign Intelligence Surveillance Act, which allows intelligence agencies to carry out warrantless data collection. In recent years, there has been mounting evidence that the FBI has used Section 702 data as a “backdoor search” tool to warrantlessly locate information about Americans. The Office of the Director of National Intelligence has reported that the FBI has conducted up to 3.4 million searches for U.S. persons in the body of 702 data.
On Monday, LeBlanc appeared at the State of the Net Conference in Washington, reported by cyberscoop.com.
“We have a large number of compliance issues that we’ve seen over the years and the compliance issues particularly around U.S. person queries are quite significant,” LeBlanc said, expressing concern about Congress renewing this authority without serious reforms. He suggested Congress should consider adding a warrant process for searches of Americans.
Most interesting of all, LeBlanc said there are “minimal to negligible examples of the value” of these domestic searches. His statement rebuts the claim in January by Gen. Paul Nakasone, who heads the U.S. Cybercommand, who appeared before PCLOB in a public event to discuss many foreign threats that he said had been detected and neutralized because of Section 702. LeBlanc’s statement adds some missing context to the general’s characterization on the domestic uses of this program. It seems on the domestic side to be all violation and no value, at least from a national security standpoint.
At that same January event, Cindy Cohn of the Electronic Frontier Foundation: “I think we have to be honest at this point that the U.S. has de facto created a national security exception to the U.S. Constitution.” LeBlanc’s statement on Monday seems to add – “and for what?”
Politico: DHS Employees So Worried About Domestic Surveillance They Asked About Legal Liability Insurance
“Run Like a Corrupt Government"
Politico on Monday released the results of an investigation into activities of “virtually unknown” domestic intelligence activities within the Department of Homeland Security.
In documents obtained by Politico, one DHS employee said that the DHS Office of Intelligence and Analysis is “shady” and is “run like a corrupt government.” Some employees were so worried about the thin legal justification for their domestic spying activities that they wanted their employer to cover them with legal liability insurance.
A survey by I&A Field Operations Division, now called the Office of Regional Intelligence, found that one-half of respondents said they had alerted managers that they were concerned their activity was inappropriate or illegal. Many felt senior leadership had an “inability to resist political pressure.”
“In recent years, the office’s political leadership – Democrat and Republican – has pushed I&A to take a more and more expansive view of its mandate, putting officers in the position of surveilling Americans’ views and associations protected by the U.S. Constitution,” said Spencer Reynolds, counsel at the Brennan Center for Justice at New York University Law School, himself a former DHS intelligence and counterintelligence attorney. “There’s a tendency to use the office’s power to paint political opponents – be they left-wing demonstrators or QAnon truthers – as extremists and dangerous. This has had a disastrous impact on morale – most people don’t join the Intelligence Community to monitor their fellow Americans’ political, religious, and social beliefs.”
He added that I&A’s leadership has “sidelined” oversight offices, leaving employees little recourse but to comply.
I&A intelligence agents can also seek voluntary interviews with incarcerated people, including people awaiting trial. They must state that the interview is voluntary and that they have no sway over judges either in criminal or immigration cases. But they also can seek these interviews with inmates and those awaiting trial without alerting their attorneys. In many cases, the interviewees’ lawyers aren’t aware that the conversations are happening.
“While this questioning is purportedly voluntary, DHS’s policy ignores the coercive environment these individuals are held in,” said Patrick Toomey of the American Civil Liberties Union National Security Project. “It fails to ensure that individuals have a lawyer present, and it does nothing to prevent the government from using a person’s word against them in court.”
The civil liberties community owes a big debt of gratitude to Politico for this in-depth piece. Domestic intelligence gathering is pervasive and often without guardrails. Congress has much to investigate.
Will the Intelligence Community Remove Warrantless Surveillance of Americans from Section 702?
Letter from Attorney General Garland and Director Haines
Attorney General Merrick Garland and Director of National Intelligence Avril Haines wrote to the leaders of Congress to tell them that they must reauthorize Section 702 of the Foreign Intelligence Surveillance Act – “promptly” – so terrorists and foreign actors won’t attack us.
And to be fair, there are terrorists and state actors who wish to reach into our homeland and do us harm. The attorney general and director inform us that Section 702 data has been used to protect “against national security threats” from China and North Korea. It stopped components for weapons of mass destruction from reaching foreign actors, and disrupted terrorist and cyber threats. To which we say, thank you for your service!
Yet, we wish that were all. This letter ignores important failings of Section 702. They write, “Because Section 702 can only be used to target individual non-U.S. persons located outside the United States, it may not be directed against Americans at home or abroad.”
This is not, however, what happens. It is what is supposed to happen because Congress explicitly crafted Section 702 to protect us against the kinds of national security threats named in the letter from Garland and Haines. It forbids domestic spying and commands agencies to observe the Fourth Amendment.
The secret Foreign Intelligence Surveillance Court revealed in 2020 that the FBI has used Section 702 data in cases that include “health-care fraud,” “public corruption and bribery,” and more serious domestic concerns like extremists and “violent gangs.” The court observed: “None of these queries was related to national security.”
Nor did Garland and Haines address the FBI’s warrantless 3.4 million backdoor searches of Americans’ data in 2021 – a figure published by the agency itself, which has also been revealed as “murky,” suggesting that part of FISA reauthorization should require the FBI to get its own data in order. It is this kind of behavior that prompted the FISA Court to issue several opinions finding “widespread violations” by the FBI in its use of Americans’ communications in backdoor searches. One of them was an unnamed Member of Congress. The failure of the government to report systemic non-compliance prompted the secret court to denounce the National Security Agency for an institutional “lack of candor.” As we’ve noted elsewhere, that’s a choice phrase the FBI uses when it terminates an agent for lying to the Bureau.
The letter does promise that the intelligence community and Department of Justice are committed “to engaging with Congress on potential improvements to the authority that fully preserve its efficacy,” but no substantive reforms are named. Many civil liberties groups see this letter as a very discouraging opening bid given the massive extent of government surveillance of Americans.
The danger for the intelligence community is that if they play a game of chicken with Congress, they might well lose with the expiration of this authority. On the other hand, if they are serious – and are willing to accept an ironclad prohibition of the warrantless surveillance of Americans from Section 702 data – the law should have an excellent chance of being reauthorized before it expires in December.
We can protect both national security and the rights of Americans from warrantless government surveillance. We urge General Garland and Director Haines to listen and be willing to live up to the guarantees of the Fourth Amendment.
Did You Know Your Jeweler and Car Dealer Report You to the Feds?
Federal intelligence and law enforcement agencies and their champions on Capitol Hill are bringing together – often with the best of intentions – all the elements needed to create a Chinese-style comprehensive surveillance state here at home. Rep. John Rose (R-TN), a member of the House Committee on Financial Services, is aiming to curb the government’s thirst for surveillance in at least one domain – our personal financial information.
First, some background. Last year, PPSA reported on the Transparency and Accountability in Service Providers Act that would have enlisted a host of employees of non-bank financial institutions to spy on their customers and report any activity deemed suspicious to the Federal Crimes Enforcement Network (FinCEN).
Among the 7.2 million government informants deputized to spy would have been “financial gatekeepers” ranging from attorneys to trustees, those who wire money, financial services advisors, financial managers, and most of the financial services industry. Thankfully, that proposal did not make it into law in the last Congress.
But existing financial regulations in the current anti-money laundering regime are extensive. Banks continuously scrutinize customers’ accounts and send voluminous reports to FinCEN, recording and reporting your financial life to the government without having to bother with warrants or other niceties required by the Fourth Amendment.
Other “financial institutions” are similarly required to make such reports, including merchants you might never have imagined would be in this category – ranging from pawn shops, to car dealers, to jewelers, to broker-dealers.
At a CATO event Monday, Rep. Rose, himself a former banker with deep experience in trying to comply with the law, spoke of the impossibility of financial institutions in deciphering exactly what regulations require of them in compiling “suspicious activity reports” and “currency transactions reports.”
“Banks have no idea what to report,” Rep. Rose said. As a result, reporting institutions, fearing that an omitted line of data might later be used against them by law enforcement, tend to throw as much of our data – aka, our privacy – as they can at the feds.
“They want as much as they can get,” Rep. Rose said. He added that these regulations largely explain the rising cost of opening a checking account. Similar federal requirements are heaped on ATM systems, raising costs, and creating fewer outlets for low-income and the unbanked or underbanked.
Aaron Kline of the Brookings Institution noted this system’s hunger for ever-more data isn’t even a good one for law enforcement. “They are looking for a needle in a haystack, but they keep pouring in more hay.”
Kline suggested that policymakers from across the spectrum have a common interest in reforming this flatly unconstitutional financial surveillance system. Those on the left want to make it easier and cheaper for the unbanked and low-income bank customers to get access to financial services. Those on the right are concerned that these programs violate civil liberties. And even law enforcement should be interested in reform so it can refine its searches for patterns typical of terrorists, human traffickers, and drug dealers, instead of drinking from a digital firehose.
Perhaps such a coalition will support Rep. Rose’s Bank Privacy Reform Act, which would reform the Bank Secrecy Act of 1970 by repealing requirements for financial institutions to report their customers’ financial information and transaction histories to government agencies without a warrant.
Under Rep. Rose’s bill, financial institutions would still maintain customer records for government to examine… but only after agents present them with a probable cause warrant, as the Founders intended.
We reported last March on the incisive – but curiously incomplete – ruling by Judge Mary Hannah Lauck of the federal district court in Richmond, Virginia, who held that a broad geofence warrant was unconstitutional.
This case began when Richmond police set out to catch a bank robber. They asked Google to sweep seven days’ worth of location data from a geofenced area large enough to track people and their devices in a targeted area, from diners at a Ruby Tuesday restaurant, to any one of the guests at a Hampton Inn, to residents of an apartment complex and a senior living facility.
In this case, United States v. Chatrie, Judge Lauck noted Google logs cellphone users’ location 240 times a day. She wrote that because of this, Google gives the police “an almost unlimited pool from which to seek location data” in a broad area in which everyone in that pool has “effectively been tailed.”
In a detailed ruling, she wrote that Google’s database “appears to be the most sweeping, granular, and comprehensive tool – to a significant degree – when it comes to storing location data.” Despite finding the warrant unconstitutional, however, Judge Lauck did not suppress the evidence because she ruled that the police acted in “good faith.”
The technology in question is both granular and unreliable. It can tell police which floor of a building a person was on. But this same technology can also yield false positives – putting someone at a location she was not at, transforming an innocent person into a suspect.
Now the ACLU and Electronic Frontier Foundation have teamed up to file two amicus briefs in Chatrie and another case yielding similar issues, People v. Meza. In the latter case, police requested data for a geographic area equivalent to about 24 football fields.
In their briefs before appellate courts, ACLU and EFF argued that these “general warrants” do not require the police to show probable cause to believe any one device was linked to a crime under investigation.
Despite Judge Lauck’s well-reasoned and well-researched affirmation of the Fourth Amendment, her decision lacked teeth because the evidence – tainted as it was – was ruled admissible. This is no mere pedantic distinction in a single case involving a bank robber.
Google reports that geofenced warrants now constitute more than one-quarter of the total warrants it receives. PPSA joins our civil liberties colleagues in urging the appellate courts to crack down on these wide-ranging, indiscriminate general warrants for the digital age.