​PPSA recently reported that the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), in a response to our Freedom of Information Act (FOIA) request, downplayed its use of stingrays, as cell-site simulators are commonly called. Yet one agency document revealed that stingrays are “used on almost a daily basis in the field.”
 
This was a critical insight into real-world practice. These cell-site simulators impersonate cell towers to track mobile device users. Stingray technology allows government agencies to collect huge volumes of personal information from many cellphones within a geofenced area.
 
We now have more to report with newly-released documents that, as before, include material for internal training of ATF agents. One of the most interesting findings is not what we can see, but what we can’t see – the parts of documents ATF takes pains to hide. The black ink covers a slide about the parts of the U.S. radio spectrum. Since this is a response to a FOIA request about stingrays, it is likely that the spectrum discussed concerns the frequencies telecom providers use for their cell towers. What appears to be a quotidian training course for agents on electronic communications has the title of the course redacted.
 
If that is so, was there something revealing about the course title that we are not allowed to see? Could it be “Stingrays for Dummies?”
 
The redactions also completely cover eleven pages about pre-mission planning. Do these pages reveal how ATF manages its legal obligations before using stingrays?
​
This course presentation ends somewhat tastelessly, a slide with a picture of a compromised cell-tower disguised as a palm tree. 
 
In the release of another tranche of ATF documents, forty-five pages are blacked out. It appears from the preceding email chain that these pages included subpoenas for a warrant executed with the New York Police Department. The document assigns any one of a pool of agents to “swear out” a premade affidavit to support the subpoena.
 
The ATF reveals it uses stingrays on aircraft, which requires a high level of administrative approval. It seems, however, from an ATF PowerPoint presentation that this is a policy change, which suggests that prior approvals were lax. Was this a reaction to the 2015 Department of Justice’s policy on cell-site simulators? If aerial surveillance now requires a search warrant, what was previously required – and how was such surveillance used? Was it used against whole groups of protestors?
 
Finally, the documents reveal that the ATF has had cell-site simulators in use in field divisions in major cities, including Chicago, Denver, Detroit, Houston, Kansas City, Los Angeles, Phoenix, and Tampa, as well as other cities.
 
PPSA will report more on ATF’s ongoing document dumps as they come in.

​The training manual of the Bureau of Alcohol, Tobacco, Firearms and Explosives states that cell-site simulators “do not function as a GPS locator, as they do not obtain or download any location information from the device or its applications.” This claim is disingenuous. It is true that exact latitude and longitude data are not taken. But by tricking a target’s phone into connecting and sending strength of signal data to a cell tower, the cell-site simulator allows the ATF to locate the cellphone user to within a very small area. If a target uses multiple cell-site simulators, agents can deduce his or her movements throughout the day.
 
Below is an example from a Drug Enforcement Agency document that shows how this technology can be used to locate a target (seen within the black cone) in a small area.

​In March, PPSA reported on the existence of a unit of the Department of Homeland Security that accessed bulk data on Americans’ money wire transfers above $500. This data was collected by a non-profit, private-sector organization, the Transaction Record Analysis Center (TRAC), that relied on what the ACLU calls “overbroad and illegal subpoenas” issued by the State of Arizona.
 
At the time, PPSA asked how many federal, state, and local agencies accessed this data from TRAC. Now we know, thanks to an investigation by Sen. Ron Wyden (D-OR) and the ACLU, which released startling results today. Surveying more than 200 documents, they report:

• The database of money transfers grew from 75 million records from 14 service businesses in 2017 to 145 million records from 28 companies in 2021.

 

• More than 600 law enforcement agencies have access to this information, ranging from a sheriff’s office in a small Idaho county to the FBI and the Drug Enforcement Administration, no probable cause warrant needed.

 

• More than 150 million money transfers between people in the United States and more than 20 countries have been accessed without judicial oversight.

 
Under the law, a bank must receive a subpoena for bank records and notify customers that their records have been examined. No such protections exist for money transfer companies subpoenaed to provide bulk information to the TRAC program.
 
As we reported last year, domestic wire transfers within the United States between American citizens are also being pulled by TRAC.
 
Arizona had set up TRAC with settlement money from Western Union. With that money now exhausted, Sen. Wyden believes that TRAC is now federally funded. Sen. Wyden told The Wall Street Journal that TRAC lets the government “serve itself an all-you-can-eat buffet of Americans’ personal financial data while bypassing the normal protections for Americans’ privacy.”
 
Gene Schaerr, PPSA general counsel, said:
 
“This purely illegal program treats the Fourth Amendment as a dish rag. We commend Sen. Wyden and ACLU for giving us a better understanding of the scale of this program, as well as the likelihood that taxpayers’ dollars are being used to spy on us. This warrantless intrusion into the financial privacy of millions of Americans suspected of no crime ought to excite the bipartisan interest of the newly elected House majority as well as Sen. Wyden and his colleagues.”

Listen to a discussion about the ways our government spies on us and what we can do about it this year. This is a talk between Bob Goodlatte, former Chairman of the House Judiciary Committee and PPSA Senior Policy Advisor, and Sean Vitka, Senior Policy Counsel for Demand Progress.

The Privacy and Civil Liberties Oversight Board (PCLOB) has posted a rich discussion among its board members, civil libertarians, and representatives of the intelligence community.
 
General Paul Nakasone, who heads the U.S. Cyber Command, gave the group a keynote address that is a likely harbinger of how the intelligence community will approach Congress when it seeks reauthorization of Section 702, an amendment to the Foreign Intelligence Surveillance Act that authorizes the government to surveil foreigners, with a specific prohibition against the targeting of Americans, but also allows “incidental” surveillance of Americans.
 
Gen. Nakasone detailed cases in which would-be subway bombers and ISIS planners were disrupted because of skillful use of 702 surveillance. Mike Harrington of the FBI doubled down with a description of thwarted attacks and looming threats. April Doss, general counsel of the National Security Agency, emphasized how each request from an analyst for surveillance must be reviewed by two supervisors.
 
Civil liberties scholar Julian Sanchez reached back to the formation of the U.S. Constitution to compare today’s use of Section 702 authority to the thinking behind the Fourth Amendment. He asked if a program that mixes the private data of Americans with surveilled foreigners could possibly clear the Founders’ objection to general warrants. (31:50)
 
Jeramie Scott (40:25) of the Electronic Privacy Information Center, who argued for greater transparency in 702 collection, questioned whether “about” collection truly ended with downstream collection (i.e., information taken directly from Google, Facebook, and other social media companies). The NSA declared in 2017 it had ended the practice of such “about” collection, which moves beyond an intelligence target to email chains and people mentioned in a thread. Could such collection still be occurring in downstream surveillance?
 
Travis LeBlanc, a board member who had previously criticized a milquetoast report from PCLOB for a lack of analysis of key programs, seemed liberated by the board’s new chair, Sharon Bradford Franklin. (Chair Franklin also brings a critical eye of surveillance programs, reflecting her views at the Center for Democracy and Technology.) LeBlanc asked Julian Sanchez if the Constitution requires warrants when an individual’s data is searched under Section 702. Sanchez said that delegating such an authority under the honor system has led to FBI’s behaving as if compliance were a game of “whack-a-mole.” (57:15)
 
Cindy Cohn of the Electronic Frontier Foundation suggested PCLOB examine Section 702’s tendency to be subject to “mission creep,” such as the recent practice of using Section 702 to justify surveillance for “strategic competition” as well as the statutory purpose of anti-terrorism. Cohn said she was not aware of any defendant in a criminal trial ever getting access to Section 702 evidence. (128:45)
 
Cohn concluded:
 
“I think we have to be honest at this point that the U.S. has de facto created a national security exception to the U.S. Constitution.”
 
A revealing insight came from Jeff Kosseth, cybersecurity professor at the U.S. Naval Academy. He pointed to a paper he wrote with colleague Chris Inglis that concluded that Section 702 is “constitutional” and “absolutely essential for national security.” (See 143:40) That opinion, Kosseth added, is something he has “reconsidered” over “deep concern about the FBI’s access” to 702 data, especially concerning U.S. persons.
 
Kosseth said:
 
“At a certain point, we must stop giving the nation’s largest law enforcement agency every benefit of the doubt. The FBI cannot play fast and loose with Americans’ most private information. This has to stop now. And if the FBI cannot stop itself, the Congress has to step in.”
 
Congress needs to “step in” regardless: surveillance of Americans should never occur without express authority in a statute passed by the people’s representatives.

In response to a Freedom of Information Act request filed by PPSA, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) responded with a batch of documents, including internal training material. In those documents, the ATF confirmed that it uses cell site simulators, commonly known as “stingrays,” to track Americans.
 
Stingrays impersonate cell towers to track mobile device users. These devices give the government the ability to conduct sweeping dragnets of the metadata, location, text messages, and other data stored by the cell phones of people within a geofenced area. Through stingrays, the government can obtain a disturbing amount of information.
 
The ATF has gone to great lengths to obfuscate their usage of stingrays, despite one official document claiming stingrays are “used on almost a daily basis in the field.”
 
The ATF stressed that stingrays are not precise location trackers like GPS, despite the plethora of information stingrays can still provide. Answers to questions from the Senate Appropriations Committee about the ATF’s usage of stingrays and license plate reader technology are entirely blacked out in the ATF documents we received. An ATF policy conceals the use of these devices from their targets, even when relevant to their legal defense. Example: When an ATF agent interviewed by a defense attorney revealed the use of the equipment, a large group email was sent out saying: "This was obviously a mistake and is being handled."
 
The information released by the ATF confirms the agency is indeed utilizing stingray technology. Although the agency attempted to minimize usage the usage of stingrays, it is clear they are being widely used against Americans.
 
PPSA will continue to track stingray usage and report forthcoming responses to pending Freedom of Information Act requests with federal agencies.

​In the course of the 2020 presidential election, the FBI approached and pressured Twitter to grant the agency access to private user data. This information has come to light as part of the “Twitter Files” expose, a sprawling series of reports based on internal documents made available through Elon Musk’s ownership of the site.
 
In January of 2020, Yoel Roth, former Twitter Trust and Safety head, was pressured by the FBI to provide access to data ordinarily obtained through a search warrant. Roth had been previously approached by the FBI’s national security cyber wing in 2019 and had been asked to revise Twitter’s terms of service to grant access to the site’s data feed to a company contracted by the Bureau.
 
Roth drafted a response to the FBI, reiterating the site’s “long-standing policy prohibiting the use of our data products and APIs for surveillance and intelligence-gathering purposes, which we would not deviate from.” While Twitter would continue to be a partner to the government to combat shared threats, the company reiterated that the government must continue to “request information about Twitter users or their content […] in accordance with [the] valid legal process.”
 
Twitter and other social media platforms have been aware of increasing FBI encroachment for some time. In January of 2020, Carlos Monje Jr., former Director of Public Policy and Philanthropy at Twitter, wrote to Roth, saying “we have seen a sustained (if uncoordinated) effort by the IC [intelligence community] to push us to share more info & change our API policies. They are probing & pushing everywhere they can (including by whispering to congressional staff)...” Accordingly, from January 2020 and November 2022, over 150 emails were sent between the FBI and Roth.
 
Not only is the FBI trying to gain a backdoor into Twitter’s data stream, in several cases, the Bureau has pressured Twitter to pre-emptively censor content, opinions, and people. For example, the agency allegedly demanded that Twitter tackle election misinformation by flagging specific accounts. The FBI pointed to six accounts, four of which were ultimately terminated. One of those profiles was a notorious satire account, which calls into question the FBI’s ability to spot fakes. In November, the FBI handed Twitter a list of an additional twenty-five accounts that “may warrant additional action.” And, of course, there is the story about Hunter Biden’s laptop. According to the “Twitter Files,” the FBI pressured Twitter to censor the story as a possible Russian misinformation attack. This was a major story mere days before a presidential election, which the FBI worked to suppress.
 
Expanding efforts by the FBI to gain a backdoor into private social media information is a grave concern, as is the Bureau’s efforts to suppress information. That the agency continues to pursue such options even after being advised that those options violate normal legal procedures is yet another example of how the agency has become increasingly politicized, to the extent that a House Judiciary Committee report described the Bureau’s hierarchy as “rotted at its core” and embracing a “systemic culture of unaccountability.” This is a serious cause for concern given the widespread effects that the agency’s use and potential misuse of its authorities can have on the country as a whole.

​In February, we quoted CATO Institute senior fellow Julian Sanchez that the evidence presented by special counsel John Durham against lawyer Michael Sussman shows an interesting trail that leads from academic researchers, to private cybersecurity companies and security experts, to government snoopers.
 
Sanchez said: “A question worth asking is: Who has access to large pools of telecommunications metadata, such as DNS records, and under what circumstances can those be shared with the government?”
 
Sanchez’s prescient questions received partial answers today from Sen. Ron Wyden. The Oregon senator released a letter he sent to the Federal Trade Commission asking the agency to investigate Neustar, a company that links Domain Name System (DNS) services of websites to specific IP addresses and the people who use them.
 
Such companies, Sen. Wyden wrote, “receive extremely sensitive information from their users, which many Americans would want to remain private from third parties, including government agencies acting without a court order.” Some websites cited by the senator that consumers may visit but would not want known are the National Suicide Prevention Hotline, the National Domestic Violence Lifeline, and the Abortion Finder service.
 
Sen. Wyden wrote that Neustar, under former executive Rodney Joffe, sold data for millions of dollars to Georgia Tech, but not for purely academic research. Emails obtained by Sen. Wyden purportedly show that the FBI and DOJ “asked the researchers to run specific queries and that the researchers wrote affidavits and reports for the government describing their findings.”
 
Because Neustar obtained data from an acquired company – and that company explicitly promised to never sell users data to third-parties – Neustar violated that promise. Sen. Wyden says it is FTC policy that privacy promises to consumers must be honored when a company and its data change ownership.
 
“Senator Wyden provides sufficient reason for the FTC to open an investigation,” said Gene Schaerr, general counsel of Project for Privacy & Surveillance Accountability (PPSA). “But there is more reason for the judiciary committees of both houses of Congress to hold in-depth hearings. There are abundant signs that this story is just one example of a much bigger privacy crisis.”
 
Schaerr noted that intelligence and law enforcement agencies, from the Internal Revenue Service to the Drug Enforcement Administration, Customs and Border Protection, as well as the FBI, assert they can lawfully avoid the constitutional requirement for probable cause warrants by simply buying Americans’ personal information from commercial data brokers.
 
“Data from apps most Americans routinely use are open to warrantless examination by the government,” Schaerr said. “The Founders did not write the warrant requirement of the Fourth Amendment with a sub-clause, ‘unless you open your wallet.’ These practices are explicitly against the spirit and letter of the U.S. Constitution. Americans deserve to know how many agencies are buying data, how many companies are selling it, and what is being done with it.”

In Christopher Nolan’s magnificent movie The Dark Knight, Bruce Wayne presents his chief scientist, Lucius Fox, with a sonar technology that transforms millions of cellphones into microphones and cameras. Fox surveys a bank of screens showing the private actions of people around the city.
 
The character, played by Morgan Freeman, takes it all in and then declares the surveillance to be “beautiful, unethical, dangerous … This is wrong.”
 
What was fiction in 2008 became reality a few years later with Pegasus: zero-click spyware that allows hackers to infiltrate cellphones and turn them into comprehensive spying devices, no sonar needed. A victim need not succumb to phishing. Possessing a cellphone is enough for the victim to be tracked and recorded by sound and video, as well as to expose the victim’s location history, texts, emails, images, and other communications.
 
This spyware created by the Israeli NSO Group might have originally been developed, as most of these surveillance technologies are, to catch terrorists. It has since been used by various dictatorships and cartels to hunt down dissidents, activists, and journalists, sometimes marking them for death – as it did in the cases of Jamal Khashoggi and Mexican journalist Cecilio Pineda Birto.
 
PPSA reported earlier this year that the FBI had purchased a license for Pegasus but has been keeping it locked away in a secure office in New Jersey. FBI Director Christopher Wray has assured Congress that the FBI was keeping the technology for research purposes. Now, Mark Mazzetti and Ronen Bergman of The New York Times have updated their deep dive into FBI documents and court records about Pegasus produced by a Freedom of Information Act request.
 
PPSA waded through these now-declassified documents, half of each page blanked out by censors. What we could see was alarming.
 
One document, dated Dec. 4, 2018, pledged that the U.S. government would not sell, deliver, or transfer Pegasus without written approval from the Israeli government. The letter certified that “the sole purpose of end use is for the collection of data from mobile devices for the prevention and investigation of crimes and terrorism, in compliance with privacy and national security laws.”
 
Since many in the national security arena and their allies assert that executive order EO 12333 gives intelligence agencies unlimited authority, the restraining influence of privacy and national security laws is questionable. And true to form, the FBI documents show that the agency did, in fact, give serious consideration to using Pegasus for U.S. criminal cases.
 

• After testing Pegasus, FBI officials put together presentations that highlighted the risks and advantages of the spyware, along with the procedural and technological steps needed to operationalize it. The FBI’s Criminal Investigative Division (CID) issued a lengthy memorandum in March 2021 that advocated the use of Pegasus “under certain specific conditions.” The CID later issued proposed guidelines for prosecutors in using the spyware to prepare prosecutions.
  ​
• On July 22, 2021, a senior official in the FBI Science and Technology Branch informed the Operational Technology Division to “cease all efforts regarding the potential use of the NSO project.” One such memo had the subject line: “FULL STOP on potential [Pegasus] use.”

 
Why the turnaround? It was at time that a critical mass of Pegasus stories – with no lack of murders, imprisonments, and political scandals – emerged in the world press. That is surely why the FBI left this hot potato in the microwave. One wonders, however, what to make of the attempt of a U.S. military contractor, L3Harris, to purchase NSO earlier this year? If the FBI was out of the picture, was this aborted acquisition an effort by the CIA to lock down NSO and its spyware menagerie? And if the CIA has found some other route to possess this technology – and to be frank, they’d be guilty of malfeasance if they didn’t – is the agency staying within its no-domestic-spying guardrails in deploying this invasive technology? Recent revelations of bulk surveillance by the CIA does not inspire confidence.
 
Nor can we discount what the FBI might do in the future. Despite the FBI’s decision to avoid using the technology, Mazzetti and Bergman report that an FBI legal brief filed in October stated: “Just because the FBI ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals.”
 
No doubt, targeted use of such technologies would catch many fentanyl dealers, human traffickers, and spies. But as Lucius Fox asks, “at what cost?”

“The First Amendment bars the government from deciding for us what is true or false, online or anywhere,” the ACLU recently tweeted. “Our government can’t use private pressure to get around our constitutional rights.”
 
The ACLU responded to a report from Ken Klippenstein and Lee Fang of The Intercept news organization that the federal government works in secret to suggest content that social media organizations should suppress. The Intercept claims that years of internal DHS memos, emails, and documents, as well as a confidential source within the FBI, reveal the extent to which the government works secretly with social media executives in squashing content.
 
After a few days of cool appraisal of this story, we have to say we have more questions than answers. It is fair to note that The Intercept has had its share of journalistic controversies with questions raised regarding the validity of its reporting. It also appears that this report is significantly sourced on a lawsuit filed by the Missouri Attorney General, a Republican candidate for the U.S. Senate. We’ve also sounded out experts in this space who speculate that much of the content government is flagging is probably illegal content, such as Child Sexual Abuse Materials.
 
There is also reason for the government to track and report to websites state-sponsored propaganda, malicious disinformation, or use of a platform by individuals or groups that may be planning violent acts. If Russian hackers promote a fiction about Ukrainians committing atrocities with U.S. weapons – or if a geofenced alert is posted that due to the threat of inclement weather, an election has been postponed – there is good reason for officials to act.
 
The government is in possession of information derived from its domestic or foreign information-gathering that websites don't have, and the timely provision of that information to websites could be helpful in removing content that poses a threat to public safety, endangers children, or is otherwise inappropriate for social media sharing. It would certainly be interesting to know whether the social media companies find the government’s information-sharing efforts to be helpful or whether they feel pressured.
 
The undeniable problem here is the secret nature of this program. Why did we have to find out about it from an investigative report? The insidious potential of this program is that we will never know when information has been suppressed, much less if the reason for the government’s concern was valid.
 
The Intercept reports that the meeting minutes appended to Missouri Attorney General Eric Schmitt’s lawsuit includes discussions that have “ranged from the scale and scope of government intervention in online discourse to the mechanics of streamlining takedown requests for false or intentionally misleading information.”
 
In a meeting in March, one FBI official reportedly told senior executives from Twitter and JPMorgan Chase “we need a media infrastructure that is held accountable.” Does she mean a media secretly accountable to the government? Klippenstein and Fang report a formalized process for government officials to directly flag content on Facebook or Instagram and request that it be suppressed. The Intercept included the link to Facebook’s “content request system” that visitors with law enforcement or government email addresses can access.
 
The Intercept reports that the purpose of this program is to remove misinformation (false information spread unintentionally), disinformation (false information spread intentionally), and malinformation (factual information shared, typically out of context, with harmful intent). According to The Intercept, the department plans to target “inaccurate information” on a wide range of topics, including “the origins of the COVID-19 pandemic and the efficacy of COVID-19 vaccines, racial justice, U.S. withdrawal from Afghanistan, and the nature of U.S. support to Ukraine.”
 
The Intercept also reports that “disinformation” is not clearly defined in these government documents. Such a secret government program may include information gathered from activities that violate the Fourth Amendment prohibition on accessing personal information without a warrant. It would also be, to amplify the spirited words of the ACLU, a Mack Truck-sized flattening of the First Amendment.
 
One cannot ignore the potential that the government is doing more than helpfully sharing information with websites along with a suggestion that it be taken down. Is the information-sharing accompanied by pressure exerted by the government on the website? From the information now available, we simply don't know.
 
Bottom line: if these allegations are true, the U.S. government in some cases may be secretly determining what is and what is not truth, and on that basis may be quietly working with large social media companies behind the scenes to effect the removal of content. So, the possible origin of COVID-19 in a Chinese laboratory was deemed suppressible, until U.S. intelligence agencies reversed course and determined that a man-made origin of the virus is, in fact, a possibility. And the U.S. withdrawal from Afghanistan? Is our government suppressing content that suggests that it was somehow a less-than-stellar example of American power in action?
 
If these allegations are true, Jonathan Turley, George Washington University professor of law, is correct in calling this “censorship by surrogate.”
 
This program, which Klippenstein and Fang report is becoming ever more central to the mission of DHS and other agencies, is not without its wins. “A 2021 report by the Election Integrity Partnership at Stanford University found that of nearly 4,800 flagged items, technology platforms took action on 35 percent – either removing, labeling, or soft-blocking speech, meaning the users were only able to view content after bypassing a warning screen.” On the other hand, the Stanford research shows that in 65 percent of the cases websites exercised independent judgment to maintain the content unmoderated notwithstanding the government's suggestion.
 
After mulling this over for a few days, we propose the following:
 

• Congressional hearings into the nature of these programs and what kinds of content has been flagged. It would be helpful if the likely new Republican majority makes this a deep dive into all the parameters of this government program, one that Democrats should be invited to join.

 

• Congressional hearings should elicit detailed answers from social media executives about how they respond to government takedown requests. And do these companies, most of which have large government contracts, feel pressure when offered “suggestions” by the government or do they believe that the government program is helpful to their content moderation efforts?

 

• If the hearings validate the story, we propose that when government flags content, it should be publicly labeled with a stated reason why it is being flagged. Social media companies can then remove or flag that information in response to a publicly posted request. And the decision to flag a post should be contestable by an identifiable person.

 
There is no reason why the government cannot stand behind its finding that a given post is the product of, say, Russian or Chinese disinformation, or a call to violence, or some other explicit danger to public safety. But we need to know if the most powerful media in existence is subject to editorial influence from the secret preferences of bureaucrats and politicians. If so, this secret content moderation must end immediately or be radically overhauled.

Evan Greer and Anna Bonesteel of Fight for the Future have an impassioned piece on NBC’s News Think on the effects of near-ubiquitous doorbell cameras like Amazon’s Ring, Google’s Nest, and Wyze. Reading their piece feels being the proverbial frog that finally understands it is already in boiling hot water.
 
Greer and Bonesteel write:
 
“Devices like Ring and the apps associated with them are made to keep us on constant alert. They ping us with notifications, demanding our attention, and offer ‘infinite scroll’ like Facebook and Instagram, but for neighborhood crime. These devices make watching one another constantly feel acceptable, expected and even addicting.”
 
As we’ve reported, Amazon encourages customers to share images with about 2,000 police and fire departments. Greer and Bonesteel write that Amazon is “effectively giving police an easy push-button portal to request video from Ring camera owners in exchange for officers’ help in marketing Amazon products.”
 
They add that “Ring’s lax security practices in the past have allowed stalkers and hackers to break into people’s cameras … This dystopian vision of a private police camera on every home would have been unthinkable a generation ago.” We would add to that observation the disturbing fact that general counsels of federal law enforcement and intelligence agencies assert a right to purchase Americans’ personal data from digital data brokers without a warrant.
 
In China, the erection of universal surveillance is the result of a deliberate campaign by the Chinese Communist Party to watch and listen in on everyone. In the United States, a similar Panopticon is being erected, piece by piece, out of desire to gain market share for doorbell cameras, lawn furniture, and home fitness equipment sold online. But the destination is beginning to look the same.

Carolyn Iodice of Clause 40 Foundation has penned a brilliant analysis and history of the Foreign Intelligence Surveillance Act (FISA), a worldly examination of how that law operates in practice. Briefly put, FISA is a statute that is often treated by the government not as law that must be obeyed, but as a potpourri to mask the stench of illicit surveillance.
 
Iodice begins her paper with a report issued earlier this year by Sens. Ron Wyden and Martin Heinrich that the CIA has secretly gathered Americans’ records as part of a warrantless bulk data collection program. This program, the senators noted, works “entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional, or even executive branch oversight that comes with FISA collection.”
 
To enter the world of FISA is to enter Alice’s Wonderland where agency general counsels talk backwards and agency chiefs assert six impossible things before breakfast. Iodice makes a bold statement in the beginning that the rest of her paper validates:
 
“In the context of FISA, the government has succeeded in violating the law by using implausible interpretations of statutory language and even by evading the statute entirely. Of course, it’s not uncommon for the executive branch to overstep its statutory authorities, but if FISA is understood to be legally binding on the government’s surveillance activities in the same way that, for instance, the EPA’s authority to set national air quality standards is granted and defined by the Clean Air Act, then the flagrancy and frequency of the government’s unlawful surveillance activities is puzzling. If FISA—a law duly passed by Congress and signed by the president—sets legal rules for surveillance programs, why does the government keep flouting them?”
 
Unlike with the Clean Air Act, she explains, with FISA there is no agreement where the lines exist between legislative, judicial, and executive authority. Worse still, there is a lack of agreement how far executive authority can be extended when national security is invoked. The need for the Fourth Amendment’s requirement for a probable cause warrant in criminal cases is clear, even if that principle is often now observed in the breach. But the Supreme Court has not supplied much guidance on how the Fourth Amendment applies to operations within the United States that are for intelligence purposes.
 
The rest of Iodice’s paper tracks the steady weakening of FISA in the post-9/11 world.
 
This paper is a timely primer for what promises to be a key surveillance debate: By the end of next year, FISA’s Section 702 must be reauthorized or expire. Section 702 grants the intelligence community the authority to surveil foreign intelligence targets. While Fourth Amendment protections prevent Americans from being targeted, the law allows the communications of Americans to get swept up in “incidental” collection. This loophole has been extended to whatever width or shape the government needs to do whatever it wants.
 
Iodice concludes that if Congress reasserted its authority, or the courts resolved the Fourth Amendment and separation-of-powers issues in FISA, then FISA would operate more like a statute should. In the meantime, civil liberties champions in Congress need to be deadly serious about holding up reauthorization of Section 702 if demands for serious FISA reforms are not met.

​Last year, we reported on Apple’s plan to open a digital backdoor on CSAM, or Child Sexual Abuse Material. We reported that a content-flagging system was not just invasive of people’s privacy, but it could open a backdoor for China to use the technology to persecute dissidents and spy on Americans.
 
Throughout the privacy discussion, the European Union has generally led the world in pushing for higher standards for digital privacy, often challenging the United States to follow its lead.
 
Now, in the necessary drive to detect and prosecute those who abuse children, the EU Commission is driving a proposal that could result in the scanning of every private message, photo, and video to detect CSAM. It is also proposing using software to seek out adults engaged in “grooming” children to be victimized.
 
Every decent person agrees that we need to be aggressive in rooting out and prosecuting adults who exploit children. What could go wrong with the EU proposal?
 
Joe Mullin of the Electronic Frontier Foundation reports that the Commission “wants to open the intimate data of our digital lives up to review by government-approved scanning software, and then checked against databases that maintain image of child abuse.” Private digital conversations, even for Americans, will no longer be truly private.
 
Problem: The detection software produces far more false positives than catches.
 
Mullin writes: “Once the EU votes to start running the software on billions more messages, it will lead to millions of more false accusations. These false accusations get forwarded on to law enforcement agencies. At best, they’re wasteful; they also have potential to produce real-world suffering … That is why we shouldn’t waste efforts on actions that are ineffectual and even harmful.”
 
We would add that PPSA is concerned that technology developed for an admirable purpose is technology that will soon be used for any purpose.

​Charles C.W. Cooke in National Review recently penned a provocative essay that says what some conservative Republicans and progressive Democrats are thinking – dismantle the FBI!
 
Cooke makes a case that ever since J. Edgar Hoover took over the Bureau of Investigation, the FBI has been “a violent, expansionist, self-aggrandizing, and careless outfit that sits awkwardly within the American constitutional order.”
 
Cooke presents the FBI’s parade of horribles: J. Edgar Hoover presented President Truman with a plan to suspend habeas corpus and put 12,000 Americans into military facilities and prisons at the outbreak of the Korean War. The FBI under Hoover’s leadership tried to convince Dr. Martin Luther King Jr. to commit suicide. It helped presidents destroy their enemies and used blackmail to intimidate the FBI’s critics (paranoia fueled from the likely fact that Hoover himself was eminently blackmailable). It doubled down on a macho confrontation with David Koresh, clearly a psychopath, leading to the deaths of 75 people, 17 of them children. We would add to that list a bureau headquarters that actively blocked investigations from the field that could have stopped 9/11.
 
Many have more recent reasons to suspect the FBI is rigging its investigations. In recent years, an FBI lawyer was caught and convicted of presenting altered evidence and lying to the Foreign Intelligence Surveillance Court in an effort to hide Carter Page’s service to the CIA. The FBI today has excellent justification to pursue those who invaded and trashed the U.S. Capitol on Jan. 6, and perhaps reason to pursue an investigation of former President Donald Trump’s handling of classified material – but these investigations will always be suspect to millions of Americans because of the FBI’s involvement in partisan forgery and in peddling the Steele Report, which the FBI knew at the time was unreliable. On the other side of the ideological fence, the FBI has employed invasive surveillance techniques to spy on Americans who exercised their First Amendment rights by protesting police misconduct.
 
So Cooke’s cry to dismantle the FBI, once a fringe opinion, is sure to have resonance with many on the right and left.
 
As outrageous as the FBI has been at times, however, we counsel critics remember its value in keeping us safe from terrorists, human traffickers, cyber-criminals and foreign intelligence agents from Russia and China. And make no mistake, Russian and Chinese agents and their subordinated or blackmailed helpers are in America in force and doing great harm to our country. Fighting these threats are some of the most capable and patriotic men and women we’ve ever met.
 
So what to do?
 
Cooke offers a list of potential reforms he had toyed with before deciding to argue for the wholesale dismantlement of the FBI. Cooke’s list is well thought-out and worthy of a second look and of being quoted at length:

• Mandate that no “process” crimes can result from an investigation if no underlying crime is discovered by the FBI during the course of an investigation, unless those process crimes are a lie to a grand jury or a lie that prevents the exoneration of an innocent person;

 

• Mandate that because it is expected to investigate crimes, rather than people, the FBI explain in detail at the outset of any investigation the specific cause it has to begin its work;

 

• Mandate that the FBI, as an agency of the federal government, explain in detail at the outset of any investigation why it, rather than a state or local police force, is getting involved in the case;

 

• Mandate that the FBI is forbidden from publicly announcing it is conducting an investigation until charges are brought;

 

• Mandate that if an investigation is announced in error, or leaked, the FBI publicly announce the closure of the case – if and when that closure comes – and that the FBI refrain from implying in public that the subject of their closed investigation is guilty.

 
We endorse Cooke’s strong list of reforms, to which we propose two of our own.

• Mandate that the FBI may not review any Americans metadata or electronic records without a warrant. In other words, make the FBI comply with the Fourth Amendment.

 

• Trim the sails of headquarters by enacting a more balanced distribution of resources between HQ and the field offices.

 
In looking at the history of the FBI, strong leadership has often come from its field offices. But leadership in the top tiers of the J. Edgar Hoover Building has shown itself to be entrenched with Washington power-seeking and socially enmeshed with media and political circles.
 
If one wants to bring about change, perhaps a good place to start would be to divert resources taken up by HQ and spread them out of Washington and into the field offices.
 
Andrew McCarthy, in a reply to Cooke in National Review, promotes the idea of separating the intelligence function of the FBI from its law enforcement function. This would return the FBI to being an agency dedicated solely to law enforcement. It would create an American version of the UK’s MI-5 for the purpose of counterintelligence. Like MI-5, the new agency would have no police powers (though the creation of a 19th intelligence agency in the U.S. government would undoubtedly bring fresh concerns about surveillance and privacy).
 
Another needed change would be to instill into the culture of headquarters something similar to that of the senior ranks of the U.S. military, which eschews any sign of partisanship. Many generals and admirals will not discuss their political views. Some make it a point of pride not to vote. This may be asking too much of civilian officials, but if an agent is assigned to a team that deals with political crimes, with First Amendment implications that resonate nationally, being an outspoken partisan should be reason enough for an immediate transfer to some other important line of duty.

​Eight years ago, the U.S. Supreme Court held in Riley v. California that because cellphones hold “the privacies of life” – in the form of texts, images, emails, calls and more – that police (barring extreme circumstances) need a warrant to search it.
 
The application of a new legal standard, however, is never so simply adopted. Ever since, federal and state courts have applied Riley in contradictory ways.
 
To cite just one example, the Montana Supreme Court recently came down hard on the side of digital privacy. As we reported in February, parolee Bradley Mefford was challenged for leaving his apartment by parole officer Jake Miller. Mefford told his parole officer that he merely went into the parking lot to get reception to engage a Facebook Messenger conversation with his daughter. He gave the officer permission to read his Messenger thread to prove he was communicating with his daughter. The officer took the phone and surveilled all its contents, including images. Beyond Messenger, Miller found evidence of a serious crime.
 
The ACLU vigorously defended Mefford’s cellphone privacy rights. Montana’s high court agreed, vacating the charges stemming from that officer’s sweeping, generalized surveillance.
 
The court found: “It was no more reasonable for Miller to believe he had permission to search Mefford’s photos to corroborate the identify of his daughter than it would have been for him to search through a photo album in Mefford’s bedroom or a rolodex on Mefford’s office desk for information regarding Mefford’s daughter.”
 
Other courts have come down on opposing sides. EFF’s Jennifer Lynch and Allie Schiele offer a sweeping look at recent rulings. They write that “some courts have constrained police searches to certain types of data on the phone, specific time periods, or limited the use of data, other courts have authorized warrants that allow the police to search the entire phone.”
 
In United States v. Morton, the Fifth Circuit sitting en banc overturned a panel opinion that had overturned a broadly executed warrant. The court upheld a “good faith exception” that “evidence should not be suppressed when law enforcement obtained it in good-faith reliance on a warrant.” Dissenting judges wrote: “Searching a cellphone is much more invasive than a self-contained search of a pocket compartment or a bag.”
 
The dissenters also complained that the affidavit was supported by “sweeping generalizations,” a precedent that allows officers to hide behind the good-faith exception – which is “unjust, unfair, and unconstitutional.”
 
In Richardson v. State, the Maryland Court of Appeals found that “the privacy concerns implicated by cellphone storage capacity and the pervasiveness of cellphones in daily life do not fade away when police obtain warrants to search cellphones.” Maryland’s highest court held that there is no “one size fits all” solution for cellphone searches. Some might search within a specific timeframe or confine the search to an app or set of apps, or other restricted search protocols.
 
Ultimately, the Maryland high court found, “a search warrant for a cellphone must be specific enough so that officers will only search for the items that are related to the probable cause that justifies the search in the first place.”
 
EFF’s Lynch and Schiele conclude that Maryland sets the right precedent, writing that courts should “require cellphone warrants that are narrowly tailored to the crime under investigation.”
 
PPSA agrees. We also acknowledge, however, that such restrictions sometimes impose a cost at the expense of justice. In the Mefford case the underlying charges vacated by the Montana court arose from child pornography discovered on the parolee’s phone. In the Maryland case, a search of multiple phones of a high school student who had carried a gun to school showed evidence that he was planning a robbery (though in that case, the court did not vacate the evidence).
 
Painful tradeoffs arise when weighing privacy against policing, sometimes hard to stomach. We must remember, however, that such limits on cellphone searches are needed to prevent the United States from becoming a surveillance state.

​Judge Rudolph Contreras, of the U.S. District Court for the District of Columbia, gave PPSA a victory in our quest to compel the FBI to search and possibly produce correspondence between Members of Congress and agencies about their “unmasking.”
 
More than one year ago, PPSA filed suit to follow up on a Freedom of Information Act (FOIA) request asking the FBI to produce documents about the potential unmasking or identification of individual members of Congress whose messages are caught up in intercepts of foreign communications. We specifically asked for correspondence between House Members and Senators with federal agencies regarding unmasking. We also asserted that since the Gates Procedures – the method by which congressional identities are handled and can be deanonymized – are in the public domain, the FBI cannot issue a Glomar response, which neither confirms nor denies the existence of such records.
 
Judge Contreras denied this broader motion, saying it wasn’t relevant to the core request about acquiring correspondence. But he found merit with the other request about correspondence.
 
The judge wrote: “But there exists a separate category of documents: communications between the FBI and Congress that are a degree removed from FISA-derived documents and which discuss congressional unmasking as a matter of legislative interest, policy, or oversight … The FBI must conduct a search for any ‘policy documents’ in its possession.”
 
FBI attorneys had argued that the core of our request was for “operational documents” concerning congressional unmasking. Judge Contreras rejected that contention, noting there are not necessarily any law enforcement procedures, techniques, or guidelines “that would risk circumvention of the law … because acknowledging the existence of congressional inquiries would not necessarily reveal anything about the FBI’s operations.” Such policy documents are “well within the four corners of the FOIA request.”
 
If the FBI follows it traditional path and issues a Glomar response anyway, PPSA will be there to press further litigation. And we will report any findings with alacrity.

Samantha Murphy Kelly of CNN Business news has a snappy take on Amazon’s recent product press event. The company, she wrote, “knows when you’re in and out of the room. A gadget that monitors your breathing pattern while you sleep. An enhanced voice assistant that highlights just how much it knows about your everyday life.”
 
She notes another event where Amazon introduced drones and Astro, a dog-like robot that can patrol the home when you’re gone.

Will consumers be deterred by the creep factor of giving so much of our personal information taken from the intimacy of our homes? Kelly quotes a consumer analyst who said that “negative consumer attitudes” about data collection is lessened by the service, price, and convenience of these products.
 
It is easy to see why consumers are sanguine about sharing data with a company that sells products and services they like. All Amazon wants to do is to sell us even more products. Dangers emerge, however, when consumer data migrates beyond the company you’re doing business with. Amazon, for its part, says that “information about our customers is an important part of our business, and we are not in the business of selling our customers’ personal information to others.”
 
The company does share information with third parties, such as vendors whose goods are sold through Amazon. A recent FTC filing against the data broker Kochava shows that Amazon Web Services Marketplace allows companies to buy consumers’ IP addresses and precise geolocation histories. Amazon also encourages its Ring customers to share their data with police agencies across the country – creating a national surveillance network stitched together from more than three million cameras.
 
Whatever the limits of Amazon’s privacy policies, most of the other major social media platforms freely sell consumer data to brokers. Among the major customers of this data, as PPSA has endlessly reported, are the intelligence and law enforcement agencies of the U.S. government – reason why PPSA has joined with almost fifty other civil liberties organizations to call for the passage of the Fourth Amendment Is Not for Sale Act.
 
Your dog may follow you around the house, but she will never judge you. Not so with the many devices that are infiltrating into our lives.

Facial recognition software is a problem when it doesn’t work. It can conflate the innocent with the guilty if the two have only a passing resemblance. In one test, it identified 27 Members of Congress as arrested criminals. It is also apt to work less well on people of color, leading to false arrests.
 
But facial recognition is also problem when it does work. One company, Vintra, has software that follows a person camera by camera to track any person he or she may interact with along the way. Another company, Clearview AI, identifies a person and creates an instant digital dossier on him or her with data scrapped from social media platforms.
 
Thus, facial recognition software does more than locate and identify a person. It has the power to map relationships and networks that could be personal, religious, activist, or political. Major Neill Franklin (Ret.) Maryland State Police and Baltimore Police Department, writes that facial recognition software has been used to violate “the constitutionally protected rights of citizens during lawful protest.”
 
False arrests and crackdowns on dissenters and protestors are bound to result when such robust technology is employed by state and local law enforcement agencies with no oversight or governing law. The spread of this technology takes us inch by inch closer to the kind of surveillance state perfected by the People’s Republic of China.
 
It is for all these reasons that PPSA is heartened to see Rep. Ted Lieu join with Reps. Shelia Jackson Lee, Yvette Clark and Jimmy Gomez on Thursday to introduce the Facial Recognition Act of 2022. This bill would place strong limits and prohibitions on the use of facial recognition technology (FRT) in law enforcement. Some of the provisions of this bill would:
 

• Limit law enforcement use of FRT to situations in which a warrant is obtained that shows probable cause that an individual committed a serious violent felony.

 

• Prohibit law enforcement from using FRT to create a record documenting how an individual expresses rights guaranteed by the Constitution, such as lawful protests.

 

• Prohibit a FRT match from being the sole basis upon which probable cause can be established for a search, arrest, or other law enforcement action.

 

• Ban the use of FRT in conjunction with databases that contain illegitimately obtained information.

 

• Ban the use of FRT to track individuals with live or stored video footage.

 

• Require law enforcement to provide notice to individuals who are subjects of an FRT search and copy of the court order and/or other key data points.

 
The introduction of this bill is the result of more than a year of hard work and fine tuning by Rep. Lieu. This bill deserves widespread recognition and bipartisan support.

The first responsive information from the Office of the Director of National Intelligence to a Freedom of Information Act (FOIA) lawsuit for records concerning U.S. intelligence purchases of the private data of American citizens is trickling in. As often happens, cursory information allows us to catch a glimpse of secret practices, if only through a glass darkly.
 
The ears of civil libertarians perked up when Director of National Intelligence Avril Haines (1:17:05 mark) in her Senate confirmation hearings in early 2021 was asked about purchases of Americans’ data by Sen. Ron Wyden, (D-OR). She responded:
 
“I would seek to try to publicize, essentially, a framework that helps people understand the circumstances under which we do that and the legal basis that we do that under.”
 
Haines further promised to provide transparency “so people have an understanding of the guidelines under which the intelligence community operates.”
 
On May 17, 2021, PPSA requested records related to statements by Director Haines concerning the promise to publicize the circumstances under which the U.S. intelligence community purchases Americans’ private data, and its legal basis for doing so. After one year of awaiting a response – long past the statutory deadline – PPSA filed a lawsuit in July 2022 to press ODNI to respond to the request.
 
PPSA announces today that it received a reply that ODNI conducted a search and found approximately 1,000 emails potentially responsive to our request.
 
ODNI, however, explains that it does not have “de-duplication” software that would winnow the body of records to single copies. This is remarkable, since almost every other executive agency has such software, including many under ODNI’s purview. Searches of the documents will have to be done by hand and eye. With personnel changes, ODNI explains, it can only begin releasing records in late November – eighteen months after the submission of the FOIA request and in the middle of the holiday and travel season.
 
PPSA filed a motion asking a federal court to require ODNI to process at least 500 pages of records a month.
 
“What is most interesting about ODNI’s response,” said Gene Schaerr, general counsel of PPSA, “is that it has perhaps a thousand emails about living up to Director Haines’ promise of a degree of transparency without referring to a single document that would actually indicate that the office is transparent.”
 
PPSA will release more information from this legal action as ODNI produces results.

A new report by the United Nations Human Rights Council highlights how much of a global issue spyware has become. The Office of the High Commissioner for Human Rights calls for greater attention to threats to data privacy, to the development of state-sponsored spyware capabilities, and especially to the dangerous software Pegasus, which can remotely infiltrate smartphones and turn them into spying devices. PPSA has reported in the past on the emerging threat Pegasus poses to nations and individuals around the world. It is heartening to see the UN take this data privacy crisis seriously as a human rights issue.
 
The UN report focuses on three core trends relating to the role of member states in safeguarding and promoting the right to privacy:
 

1. The abuse of intrusive hacking tools (“spyware”) by state authorities.
2. The key role of robust encryption methods in protecting human rights online.
3. The impacts of widespread digital monitoring of public spaces, both offline and online.

 
The report draws special attention to Pegasus.
 
“The extent of Pegasus spyware operations and the number of victims are staggering… Reporting in 2021 revealed that at least 189 journalists, 85 human rights defenders, over 600 politicians and government officials, including cabinet ministers, and diplomats were affected as targets.”
 
The report notes that at least 65 governments have acquired commercial spyware surveillance tools. NSO Group, the Israeli company that developed Pegasus, reported that 60 government agencies in 45 countries are among its customers.
 
The UN report states: “While purportedly being deployed for combating terrorism and crime, such spyware tools have often been used for illegitimate reasons, including to clamp down on critical or dissenting views and on those who express them, including journalists, opposition political figures and human rights defenders…”
 
The report also condemned efforts by governments to undermine the security and confidentiality of encrypted communications – a key goal not just of repressive regimes, PPSA would add, but of some in the Department of Justice and FBI.
 
Governments continue to take steps to undermine that privacy, either by legislative fiat or by sophisticated hacking techniques. In some countries, encryption providers have been required to ensure that law enforcement or other government agencies have access to all communications upon request, effectively obliterating any privacy that encryption may have provided.
 
This is a brave report. PPSA is pleased to see the UN Human Rights Council recognize privacy as a human right, contrary to the practice of repressive governments, including China and Russia, which have seats on the UN Security Council. Unfortunately, the UN’s warnings on pervasive surveillance also need to be taken seriously by democratic governments, including some in positions of authority in the United States. 

If you thought being subjected to “random” TSA screenings at airports was dehumanizing, just imagine your most sensitive, personal digital information being secretly reviewed by any one of thousands of government agents operating without a warrant or public oversight.
 
The Customs and Border Protection Commissioner Christopher Magnus revealed to Sen. Ron Wyden (D-OR) that the agency is scooping data from thousands of seized electronic devices every year. (Hat tip to Drew Harwell of The Washington Post for detailing this abuse of privacy.) That data is then added to a CBP database accessible by more than 2,700 CBP agents. That data – which can include call logs, messages, contact lists, and photos – can be kept for up to 15 years.
 
This story is just the latest development in a long-running series of data privacy breaches by federal law enforcement officials. Sen. Wyden criticized the agency for “allowing indiscriminate rifling through Americans’ private records.”
 
CBP conducted more than 37,000 searches of travelers’ devices in the 12 months ending in October 2021. According to The Washington Post, the default configuration for some data searches has been to download and retain all contact lists, call logs and messages. This means potentially millions of calls, contacts, and text messages from thousands of phones could be compromised.
 
It has long been known that CBP makes generous use of the “border search” exception in Fourth Amendment law. Sen. Wyden’s revelation about the scale and the scope of this loophole reveals an egregious new threat to the security of Americans’ data privacy. Congress must act now to bolster protections for data privacy.
 
It is high time for the Supreme Court to review and modify the judicially created border search exception in light of the massive amounts of information being seized from law-abiding citizens and then stored for long periods of time. If the Court does not protect the Fourth Amendment, then Congress should step up.
 
Last year, Sens. Wyden and Rand Paul (R-KY) introduced legislation that would require border officials to get a warrant before searching a traveler’s device. Congress should also pass the Fourth Amendment Is Not for Sale Act to ensure this database doesn’t fall into the hands of data brokers.

Last week, PPSA reported on Fog Reveal, a product from Fog Data Science that sells billions of data points extracted from apps on 250 million mobile devices to local police departments. An unlimited-use, one-year subscription costs a department only $7,500.
 
For this price, Fog Reveal offers a powerful capability, the ability to track hundreds of millions of Americans in their daily movements. It allows police to locate every device in a given geo-fenced area. It also allows police to trace the location history of a single device (and therefore, its user) over months or years.
 
Fog Data Science claims that it is respectful of privacy because it does not reveal the names or addresses of individual users. But a slide show from Fog Data Science prepared for police highlights how this technology can easily be used to track a suspect to his or her “bed-down” over a 180-day period. (Hat tip to the Electronic Frontier Foundation, which helpfully added yellow highlights to significant passages of Fog documents.)
 
It is more than a stretch then to call this data “anonymized” when it follows people to their homes, as well as to their houses of worship, meetings with friends or lovers, trips to health or mental health clinics, journalists meeting with whistleblowers, or other locales that reveal sensitive and personal information.
 
For those in law enforcement who go through the motions of filing a warrant, Fog Data Science offers a template warrant. Such warrants are misbegotten. They can be employed to follow a number of people in the vicinity of a crime or track everyone who attended a political protest. The Fourth Amendment requires “probable cause” in which a warrant describes “the place to be searched, and the persons or things to be seized.” It makes a mockery of the Constitution’s requirement for particularity when the police have at their fingertips a whole ocean of data involving many people. How can such a requirement be fulfilled when Fog technology allows police to go on a fishing expedition in that ocean, with any American potentially being a catch?
 
It is through technologies such as Fog Reveal that our country, device by device, is moving steadily toward becoming a full-fledged surveillance state.
 
Such details should spur Congress to investigate the uses of this technology. It should also inspire Congress to pass the Fourth Amendment Is Not for Sale Act, which would block the auctioning of our private, personal information to all government agencies.

​An elegant essay by Adrian Wooldridge in Bloomberg makes a connection between the Chinese surveillance state – “using the awesome power of data harvesting and artificial intelligence to compile more information on its citizens than any society has ever managed before” – and Western “surveillance capitalists” who are making our country a little more like China day by day.
 
PPSA has long warned that all the elements are falling into place to create an American surveillance state.
 
Here are just a few of the ways in which this is happening: The federal government and local police departments use “stingray” technology to trick Americans’ phones to betray your location and other personal information. Authorities can purchase your location history with Fog Reveal technology and capture all your comings and goings. Or they can just buy your personal information from a private data broker, as many federal agencies do.
 
The growing web of the “internet of things” will only produce more reportable data about you, from the cars we drive, to our refrigerators and other appliances in our home. A surveillance loophole was even recently found in a Chinese-made coffee maker.
 
Wooldridge reports that the Chinese Communist Party is at the cutting edge, “developing a new sort of ‘digital phrenology’ by monitoring people’s facial expression for signs of anger and new forms of racial profiling by creating a world-leading DNA database.” Governments, including our own, exert “relentless pressure for the misuse of information even as the quality and quantity of available information grows exponentially.”
 
The techno-optimists of the 1990s waxed rhapsodic about how the internet was going to liberate the human mind. Wooldridge comes to an opposite conclusion with these chilling words: “The arc of the digital revolution bends toward tyranny.”

​Since the mid-1960s, the Freedom of Information Act (FOIA) has allowed American citizens and civil liberties organizations to obtain unclassified documents from federal agencies, shedding light on official actions and policies. In recent years, however, the government has devised many creative ways to stall, obfuscate, and outright withhold answers to FOIA requests, while seeming to be as responsive as possible. Cato Institute scholar Patrick Eddington calls these tactics “constructive denial.”
 
For over two years, Cato filed FOIA requests to obtain FBI records on militia groups of the left and the right, including the white supremacist Patriot Front. “Groups like the Patriot Front,” Eddington writes in The Hill, “are, in the view of most Americans, a moral and political blight that the country would be far better off without. At the same time, the protection of offensive ideas and speech are at the heart of the purpose of the First Amendment.” Thus, Cato sought records to better understand the threat posed by these groups and the nature of the government’s response.
 
In defiance of FOIA’s requirement that the FBI send the requested documents to the requester himself, the FBI replied to Cato that it would eventually file the documents on an FBI website. “You will be notified when releases are available.”
 
In other words, buzz off.
 
Constructive denial can be seen in another form after PPSA filed suit against the National Security Agency, the CIA, the Department of Justice and FBI, and the Office of the Director of National Intelligence in June to compel the release of records pertaining to the possible purchase of the personal information of more than 100 current and former Members of the House and Senate Judiciary Committees from private data brokers.
 
This is understandably a sensitive question, given that current and former judiciary committee lawmakers include Chairman Jerrold Nadler, Ranking Member Jim Jordan, Chairman Dick Durbin, Ranking Member Chuck Grassley, as well as Vice President Kamala Harris and Florida Gov. Ron DeSantis. Still, it would be a matter of public interest – not to mention to these legislators themselves – if the government were buying up their personal information. Such an act could yield leverage for executive branch agencies to bully leading Members of Congress, subtly undermining democracy.
 
The agencies’ response to PPSA’s FOIA request over summer 2021 was to issue Glomar responses, a judicially invented doctrine that neither confirms nor denies that such records exist.
 
Now that PPSA has sued to enforce its request, these agencies have come back with an answer that doubles down on a government theory that it would be too dangerous to national security for these agencies to even search for such documents. At the same time, government responses strike a tone of wanting to be as cooperative as possible.
 
One choice example: PPSA asserted a “right of prompt access to requested records under the law.” The National Security Agency responded: “To the extent that a response is required, Defendant NSA denies the allegation, including the fact that NSA has wrongfully withheld records.” This is a construction worthy of Joseph Heller’s Catch-22.
 
Gene Schaerr, PPSA general counsel, responds: “The government’s answers disingenuously conflate an internal search for documents with an external response to a question. The government feels free to treat FOIA as polite supplication instead of a law that must be obeyed. PPSA will continue to press on for a serious answer in federal court.”
 
In the meantime, expect the government to come up with many new forms of constructive denial.

​In a hearing over the summer, the House Judiciary Committee took a hard look at the way in which private data brokers freely sell Americans most personal information to a host of government law enforcement and intelligence agencies.
 
Chairman Jerry Nadler said that digital tracking is “so precise that officers can track individuals within specific homes and businesses … tracking your location over time, within inches, without any due process whatsoever.
 
“The end result is that, just by going about your daily life, your data may be swept up in and make you the subject of a criminal investigation … If law enforcement and intelligence agencies remain unrestrained in their ability to purchase this data, our right to privacy will be at best illusory.”
 
Ranking Member Jim Jordan said that the government continues to transform guardrails meant to protect privacy into loopholes to allow the government to do whatever it wants. Jordan said, “this is wrong and it’s un-American.”
 
Representatives of both parties expressed dismay about how freely federal agencies utilize and abuse surveillance powers in defiance of the Fourth Amendment. Rep. Zoe Lofgren detailed the many ways the U.S. Immigration and Customs Enforcement agency tracks Americans’ daily movements and extracts personal information from utility records. Rep. Andy Biggs spoke of the uses to which the government can employ geolocation tracking against Americans.
 
In short, the House Judiciary Committee did an excellent job of teeing up the issue. Now it is time to swing the club for a legislative solution.
 
On Wednesday, PPSA joined with Americans for Prosperity, Demand Progress, the Due Process Institute and Free Press Action to call on the committee to take bipartisan action and mark up the Fourth Amendment Is Not for Sale Act.

A lot has been written about a provision of the upcoming Inflation Reduction Act, which will provide an additional $80 billion in funding to the Internal Revenue Service. Most of this funding will go to bolstering enforcement work, meaning more audits.
 
While this is bad news for millions of taxpayers, and good news for the makers of Tums Antacid Products for Fast Heartburn Relief, the creation of a new army of auditors is bound to significantly warp the already warped privacy landscape in America.
 
Big numbers for new IRS hires have been estimated. A Treasury Department report from May 2021 estimated that the agency would be able to hire roughly 87,000 employees by 2031 with the additional funding, more than doubling the agency’s staff dedicated to enforcing tax laws. But even media defenses of the plan, which have tried to downplay the number, still estimate anywhere between twenty to thirty thousand new employees.
 
At either number, the IRS expansion will undoubtedly expand the capability of the agency to investigate American citizens. Jonah Goldberg put it best recently when he wrote:
 
“Unlike normal law enforcement, the IRS doesn’t require probable cause to investigate you. It can choose people at random or investigate people based on a theory or a hunch—often sanitized by saying it was the algorithm that made the call. Even if you did nothing wrong, the process itself is punishing and often expensive. One of the bedrocks of our constitutional order, most obviously enshrined in the Fourth Amendment, is the idea that citizens should not be subjected to unreasonable searches without probable cause. Stop and frisk was canceled because it was seen as an outrageous and demeaning affront to civil liberties. I’m conflicted on that. But I certainly get the objections, and I would never say, ‘If you did nothing wrong, you have no reason to complain about being frisked.’ Well, an audit is a forensic frisking of virtually everything you did for a year. What did you spend money on? Where did you spend it? How did you get the money? Show us your receipts. Prove you’re not guilty.”
 
Also concerning are the new methods and technologies the IRS could deploy against the whole country. In February, we reported on the bipartisan resistance to the IRS’s plan to implement facial recognition technology. Under this plan, the IRS would require taxpayers to submit to digital facial recognition scans to obtain tax transcripts and other records. The plan was halted amid significant pushback noting the privacy and technological flaws of facial recognition, but not before 7 million Americans surrendered their biometric data to the IRS and a third-party verification company, ID.me.
 
In May, we reported on the Transparency and Accountability in Service Providers Act, a draft bill circulating that would have deputized millions of “financial gatekeepers” into spying on their clients for the federal government. Virtually the entire financial services industry would be required to report any “suspicious” activity to the government. If the Act were to pass, and the 7.6 million employees of the financial services sector were “deputized,” there would be one informer for every 43 Americans.
 
Where there is a will, there is a way. The IRS is already trying to spy on you. With this new funding, the IRS now has a way.