Expansive Spy Law Even Targets Churches Breitbart News broke a story over the weekend that a few recalcitrant House Members are holding up a promised fix to what many referred to as the “Make Everyone a Spy” law. The fix regards an amendment to the reauthorization of FISA Section 702, passed in April, in which pro-surveillance advocates added a requirement that U.S. business owners who offer customers the use of their Wi-Fi and routing equipment be covered as “electronic communication service providers” under the law. This means that any business – your neighborhood fitness center, an office complex that houses journalists, political campaigns, or even a church or other house of worship, as well as a host of other establishments – would face the same requirement as large telecoms to turn over the communications of their customers, no warrant required. This was not meant to happen. As the Senate voted in April to reauthorize FISA Section 702, bipartisan furor erupted over this provision, including leading conservatives in both chambers. Sen. Mark Warner (D-VA), Chairman of the Senate Intelligence Committee, promised his colleagues that the amendment that included this expansive authority would be narrowed to include only one category of business. That category is classified but is widely believed to be data centers that provide cloud computing and storage. With this promise in hand, the Senate voted down an amendment to remove the flawed provision, and immediately passed the reauthorization of Section 702 – all in the belief that the expansive new spy power would soon be curbed. Sen. Warner was true to his word, inserting language into the Senate intelligence bill that narrows the scope of the new measure. Now, in a baffling turn of events, it is the House that is refusing to include the fix in its version of the intelligence bill. Why are some House Members insisting on keeping an authority that allows spying on churchgoers, shoppers, and office workers? Bob Goodlatte, the former chairman of the House Judiciary Committee and PPSA senior policy advisor, told Breitbart News: “This measure passed because of assurances that this insanely broad authority would be narrowed. The promise of a fix was made and accepted in good faith, but that promise is being trashed by advocates for greater surveillance of our citizens. Unless Congress reverses course, Americans’ data that runs through the Wi-Fi and servers of millions of small businesses, ranging from fitness centers to department stores, small office complexes, as well as churches and other houses of worship, will be fair game for warrantless review. This would truly transform our country into a thorough surveillance state. I can’t imagine the next Congress and new Administration would welcome that.” Surely, giving the deep state free rein to spy on Americans is not in keeping with the philosophy of the incoming Trump administration, the new Republican majority in Congress, or most Democrats. Contact your House Member and say: “Please don’t let this legislative year end without narrowing the Electronic Communication Service Provider standard. Congress must keep its promise to fix the Make Everyone a Spy Law.” Investigative journalist Ronan Farrow delves into the Pandora’s box that is Israel’s NSO Group, a company (now on a U.S. Commerce Department blacklist) that unleashes technologies that allow regimes and cartels to transform any smartphone into a comprehensive spying device. One NSO brainchild is Pegasus, the software that reports every email, text, and search performed on smartphones, while turning their cameras and microphones into 24-hour surveillance devices. It’s enough to give Orwell’s Big Brother feelings of inadequacy. Farrow covers well-tread stories he has long followed in The New Yorker, also reported by many U.S. and British journalists, and well explored in this blog. Farrow recounts the litany of crimes in which Pegasus and NSO are implicated. These include Saudi Arabia’s murder of Jamal Khashoggi, the murder of Mexican journalists by the cartels, and the surveillance of pro-independence politicians in Catalonia and their extended families by Spanish intelligence. In the latter case, Farrow turns to Toronto-based Citizen Lab to confirm that one Catalonian politician’s sister and parents were comprehensively surveilled. The parents were physicians, so Spanish intelligence also swept up the confidential information of their patients as well. While the reality portrayed by Surveilled is a familiar one to readers of this blog, it drives home the horror of NSO technology as only a documentary with high production values can do. Still, this documentary could have been better. The show is marred by too many reaction shots of Farrow, who frequently mugs for the camera. It also left unasked follow-up questions of Rep. Jim Himes (D-CT), Ranking Member of the House Intelligence Committee. In his sit-down with Farrow, Himes made the case that U.S. agencies need to have copies of Pegasus and similar technologies, if only to understand the capabilities of bad actors like Russia and North Korea. Fair point. But Rep. Himes seems oblivious to the dangers of such a comprehensive spyware in domestic surveillance. Rep. Himes says he is not aware of Pegasus being used domestically. It was deployed by Rwandan spies to surveil the phone of U.S. resident Carine Kanimba in her meetings with the U.S. State Department. Kanimba was looking for ways to liberate her father, settled in San Antonio, who was lured onto a plane while abroad and kidnapped by Rwandan authorities. Rep. Himes says he would want the FBI to have Pegasus at its fingertips in case one of his own daughters were kidnapped. Even civil libertarians agree there should be exceptions for such “exigent” and emergency circumstances in which even a warrant requirement should not slow down investigators. The FBI can already track cellphones and the movements of their owners. If the FBI were to deploy Pegasus, however, it would give the bureau redundant and immense power to video record Americans in their private moments, as well as to record audio of their conversations. Rep. Himes is unfazed. When Farrow asks how Pegasus should be used domestically, Rep. Himes replies that we should “do the hard work of assessing that law enforcement uses it consistent with our civil liberties.” He also spoke of “guardrails” that might be needed for such technology. Such a guardrail, however, already exists. It is called the Fourth Amendment of the Constitution, which mandates the use of probable cause warrants before the government can surveil the American people. But even with probable cause, Pegasus is too robust a spy tool to trust the FBI to use domestically. The whole NSO-Pegasus saga is just one part of much bigger story in which privacy has been eroded. Federal agencies, ranging from the FBI to IRS and Homeland Security, purchase the most intimate and personal digital data of Americans from third-party data brokers, and review it without warrants. Congress is even poised to renege on a deal to narrow the definition of an “electronic communications service provider,” making any office complex, fitness facility, or house of worship that offers Wi-Fi connections to be obligated to secretly turn over Americans’ communications without a warrant. The sad reality is that Surveilled only touches on one of many crises in the destruction of Americans’ privacy. Perhaps HBO should consider making this a series. They would never run out of material. A public report from the secret Foreign Intelligence Surveillance Court (FISC) gives the intelligence community a mixed review, noting progress in meeting its own internal quality standards while revealing violations and abuses as well. The court reviewed compliance by the FBI, NSA, and CIA with “minimization” and “querying” procedures under Section 702 of the Foreign Intelligence Surveillance Act (FISA), which authorizes spying on foreign targets located on foreign soil. In plain English, minimization means restricting access to the private data or communications of Americans that are caught up in the NSA’s global trawl, which frequently collects non-pertinent conversations that lack intelligence or evidentiary value. Querying standards direct agents to use precise search terms in an effort to avoid capturing Americans’ communications. Throughout, the government purports to earnestly verify the “foreign-ness” of a target.
Given that the court previously revealed that past queries violated the privacy of a U.S. Senator, a U.S. House Member, 19,000 donors to a federal candidate, a state senator, and a state judge, even small numbers could be hiding a lot. However tight the querying standard, warrantless searches can also still be used by the FBI to develop evidence for purely domestic cases, a source that might not be disclosed in open court.
As one moves through this report into NSA and CIA activities, the redactions often fill half a page.
In sum, the FISC report signed by federal judge Anthony J. Trenga gives us a glimpse of a federal intelligence bureaucracy struggling to comply with the law and its own standards, while still suffering from lapses too serious to paper over. An extreme measure that would give future U.S. Treasury Secretaries unprecedented authority to shut down non-profit, advocacy organizations remains a live option in Congress. The “Stop Terror-Financing and Tax Penalties on American Hostages Act,” HR 9495, failed to pass the House last week. But it maintains momentum due to a little sweetener that is widely popular – a commendable side measure to offer tax relief to Americans held hostage in foreign countries. The main part of the bill would grant future U.S. Treasury Secretaries power to use secret surveillance to declare a tax-exempt, non-profit advocacy organization a supporter of foreign terrorism, and shut it down. This provision, in essence, does one thing – it removes due process from existing law that allows the government to crack down on supporters of terrorist organizations. CRS reports that the IRS is already empowered to revoke the tax-exempt status of charitable organizations that provide material support to terrorist organizations, a power it has used. But current law also requires IRS to conduct a painstaking examination of the charge before issuing a revocation. It gives groups the ability to answer charges and to appeal decisions. But the “Stop Terror-Financing” bill would give targeted organizations a 90-day window to challenge the designation, while giving them no access to the underlying evidence behind the determination. An organization could challenge the designation in court but might not be able to access the charges against it due to the state secrets doctrine. In the meantime, being designated a terrorist-affiliate would be a death penalty for any organization and its ability to attract donors. “The entire process is run at the sole discretion of the Secretary of the Treasury,” Kia Hamadanchy of the American Civil Liberties Union told the media. “So you could have your nonprofit status revoked before you ever have a chance to have a hearing.” The latest attempt to pass this measure failed to reach a two-thirds majority needed to pass, with 144 Democrats and one Republican voting against it. Democrats were buoyed by a Who’s Who of liberal organizations, ranging from the ACLU to Planned Parenthood and the Brennan Center for Justice, that denounced the bill. Not surprisingly, pro-Palestinian groups were united in opposition as well. But Republicans and conservatives would be well advised to consider the principled opposition to the bill by Rep. Thomas Massie (R-Ky). He surely appreciates that this power, once created, could be used by future administrations against nonprofits of all sorts. Could a conservative organization be targeted as a supporter of terrorism for advocating, for example, a settlement with Russia (certainly a state sponsor of terror) in its war against Ukraine? Conservative principles and an adherence to the Constitution should begin with the notion that the government should not have the unilateral right to shut down the speech of advocacy organizations on the basis of secret evidence from surveillance, even if you despise what they advocate. Conservatives would also be well-advised to consider not how this law would be used in the near future, but by future administrations. Have they forgotten Lois Lerner and the attempt to use tax law to shut down conservative advocacy groups? “We don’t need to worry about alien terrorists,” Lerner wrote in an email justifying her actions against right-leaning organizations. “It’s our own crazies that will take us down.” Conservatives should be wary. This bill creates a weapon that can be aimed in any direction. The nomination of Tulsi Gabbard to serve as Director of National Intelligence promises to be contentious. One thing cannot be disputed: The former Congresswoman from Hawaii and lieutenant-colonel in the U.S. Army Reserve, with experience in Iraq and other dangerous countries, would bring a combination of responsible handling of secrets along with a solid record of surveillance reform. Gabbard voted for the USA RIGHTS Act and other measures that would require warrants for the government to access Americans’ data and to protect personal use of encrypted apps. Rep. Gabbard also filed an amendment to the National Defense Authorization Act in 2019 to prohibit government purchases of body cameras equipped with facial recognition and other biometric devices. In these and many other ways, Gabbard has compiled the record of a surveillance-reform leader. While in Congress, Gabbard served on the Homeland Security, Armed Services, and Foreign Relations Committees. A former Vice-Chair of the DNC, Gabbard made a long journey from being a staunch Democrat to supporting Donald Trump’s presidential campaign. As a private citizen, Gabbard is arguably a victim of surveillance abuse herself. Her record on surveillance reform is enough to send shivers down the backs of officials in the FBI and other intelligence organizations long used to warrantless access to Americans personal information. Not surprisingly, Gabbard is now being attacked in a whisper campaign by nameless sources for being a flake who has taken pro-Russian and pro-Syria positions. Gabbard is articulate in responding to these charges, portraying herself as foreign-policy realist. We hope the Senate will keep an open mind and listen to Tulsi Gabbard’s defense. Above all, we hope the Senate will consider the need to bring balance back to the intelligence community, which often helps itself to the purchased personal data of American citizens without bothering to seek a warrant. As a candidate, Donald Trump promised to reform FISA. Appointing Tulsi Gabbard to lead the intelligence community shows he’s serious about that. The next Director of National Intelligence should be someone who can restore a balance between the need to respect the constitutional rights of Americans and the need to keep America safe. The election may have shaken Washington, D.C., like a snow globe in the grip of a paint mixer, but the current Congress still has important business for the lame duck session. For anyone who cares about privacy in this age of surveillance, issue one has to be whether or not Congress will retain the promised fix to what so many call the “make everyone a spy” provision in the National Defense Authorization Act (NDAA). This story goes back to April, when the House Permanent Select Committee on Intelligence slipped into the reauthorization of FISA Section 702 (which authorizes foreign intelligence) a measure to allow the government to secretly enlist almost every kind of U.S. business to spy on their customers. In response to the outcry, carveouts were made that exempted coffee shops, hotels, and a few other business categories. But most businesses – ranging from gyms to dentists’ offices, to commercial landlords with tenants that could include political campaigns or journalists – are required to turn over their customers’ communications that run on ordinary Wi-Fi systems. It is widely believed that this legislation was aimed at cloud computing facilities, which were not previously covered by the relevant law. When the Senate took up reauthorization of Section 702, Intelligence Committee Chairman Mark Warner (D-VA) admitted to his colleagues that the new measure was overbroad, and that he would craft new legislation to fix it. Sen. Warner kept his word and crafted legislation to narrow the provision. Although the nature of this fix is classified, it is widely believed to limit this new surveillance power to cloud computing facilities. The House Intelligence Committee, however, did not adopt that fix. We hear that behind-the-scenes negotiations are taking place, but we cannot report exactly who might be blocking it or why. Suffice it to say that it is far from clear that Congress will ultimately adopt Sen. Warner’s fix. PPSA calls on Speaker Mike Johnson and Senate Minority Leader Mitch McConnell to make it clear that the NDAA will include a provision to narrow the scope of this extreme provision. We must not give the FBI and other government agencies warrantless access to practically all communications that run through any kind of equipment operated by almost any kind of business. Allowing the current law to remain unfixed and unreformed would be a terrible punch in the gut to the American people and the new Congress. The 119th Congress has many surveillance debates scheduled, including one over the reauthorization of Section 702 itself in 2026 – which passed the House with the breaking of a tie vote. It would be a mistake to saddle the new Republican majority and the incoming Trump administration with a broken promise. A character in the masterful 2006 German film, The Lives of Others, follows the impact of the East German Stasi’s secret surveillance of a playwright and his actress girlfriend. At one point, the playwright declares: “The state office for statistics on Hans-Beimler street counts everything; knows everything: how many pairs of shoes I buy a year: 2.3, how many books I read a year: 3.2 and how many students graduate with perfect marks: 6,347. But there's one statistic that isn't collected there, perhaps because such numbers cause even paper-pushers pain: and that is the suicide rate.” From Fyodor Dostoevsky to George Orwell, Aleksandr Solzhenitsyn, Ray Bradbury, Margaret Atwood, and The Lives of Others director and screenwriter Florian Henckel, great writers have portrayed the heroic (and sometimes not) struggles of ordinary people against total surveillance. Now the dehumanizing impact of surveillance is on display in the visual arts in a year-long new exhibition at the Wende Museum in Culver City. One piece is from German artist Verena Kyselka’s 2007 “Pigs Like Pigments,” which incorporates printouts of Stasi files overlaid in red with personal details about the artist’s uneventful daily life under the regime. Mixed-media prints by Sadie Barnette adds floral decorations to the 500-page file the FBI kept on her father in a work entitled “Mug Shot.” Another display is of “smelling jars” in which the Stasi, after breaking into homes and stealing small items of clothing, kept the scents of their surveillance victims in case the state needed to pursue them with dogs. A Wende Museum blog says: “The exhibition feels particularly important today, in a time of hyper-surveillance, from programmatic digital ads that follow our every move online, to voice detection in our phones that feed us more ads, to geo-location devices in our cars, to CCTV cameras on our sidewalks, to dark web sites that sell our personal information, to hackers breaching another database compromising our passwords and leading to possible identity theft, to Artificial Intelligence technology that can mimic our voices and plant our faces on someone else’s body.” This exhibition, which mixes archival artifacts and surveillance devices with contemporary artworks, will be at the Wende Museum for one year. The Wende Museum also offers online a digital book on the Counter/Surveillance exhibit, the artists, and the human costs of a surveillance state. Vice presidential candidate J.D. Vance (R-OH) told Joe Rogan over the weekend that backdoor access to U.S. telecoms likely allowed the Chinese to hack American broadband networks, compromising the data and privacy of millions of Americans and businesses. “The way that they hacked into our phones is they used the backdoor telecom infrastructure that had been developed in the wake of the Patriot Act,” Sen. Vance told Rogan on his podcast last weekend. That law gave U.S. law enforcement and intelligence agencies access to the data and operations of telecoms that manage the backbone of the internet. Chris Jaikaran, a specialist in cybersecurity policy, added in a recently released Congressional Research Service report about a cyberattack from a group known as Salt Typhoon: “Public reporting suggests that the hackers may have targeted the systems used to provide court-approved access to communication systems used for investigations by law enforcement and intelligence agencies. PRC actors may have sought access to these systems and companies to gain access to presidential candidate communications. With that access, they could potentially retrieve unencrypted communication (e.g., voice calls and text messages).” Thus, the Chinese were able to use algorithms developed for U.S. law enforcement and intelligence agencies to see to any U.S. national security order and presumably any government extraction of the intercepted communications of Americans and foreign targets under FISA Section 702. China doesn’t need a double agent in the style of Kim Philby. Our own Patriot Act mandates that we make it easier for hostile regimes to find the keys to all of our digital kingdoms – including the private conversations of Vice President Kamala Harris and former President Donald Trump. As alarming as that is, it is hard to fully appreciate the dangers of such a penetration. The Chinese have chosen not to use their presence deep in U.S. systems to “go kinetic” by sabotaging our electrical grid and other primary systems. The possible consequences of such deep hacking are highlighted in a joint U.S.-Israel advisory that details the actions against Israel that were enabled when an Iranian group, ASA, wormed its way into foreign hosting providers. ASA hackers allowed the manipulation of a dynamic, digital display in Paris for the 2024 Summer Olympics to denounce Israel and the participation of Israeli athletes on the eve of the Games. ASA infiltrated surveillance cameras in Israel and Gaza, searching for weak spots in Israeli defenses. Worst of all, the hack enabled Hamas to contact the families of Israeli hostages in order to “cause additional psychological effects and inflict further trauma.” The lesson is that when our own government orders companies to develop backdoors into Americans’ communications, those doors can be swung open by malevolent state actors as well. Sen. Vance’s comments indicate that there is a growing awareness of the dangers of government surveillance – an insight that we hope increases Congressional support for surveillance reform when FISA Section 702 comes up for renewal in 2026. Why Signal Refuses to Give Government Backdoor Access to Americans’ Encrypted Communications11/4/2024
Signal is an instant messenger app operated by a non-profit to enable private conversations between users protected by end-to-end encryption. Governments hate that. From Australia, to Canada, to the EU, to the United States, democratic governments are exerting ever-greater pressure on companies like Telegram and Signal to give them backdoor entry into the private communications of their users. So far, these instant messaging companies don’t have access to users’ messages, chat lists, groups, contacts, stickers, profile names or avatars. If served with a probable cause warrant, these tech companies couldn’t respond if they wanted to. The Department of Justice under both Republican and Democratic administrations continue to press for backdoors to breach the privacy of these communications, citing the threat of terrorism and human trafficking as the reason. What could be wrong with that? In 2020, Martin Kaste of NPR told listeners that “as most computer scientists will tell you, when you build a secret way into an encrypted system for the good guys, it ends up getting hacked by the bad guys.” Kaste’s statement turned out to be prescient. AT&T, Verizon and other communications carriers complied with U.S. government requests and placed backdoors on their services. As a result, a Chinese hacking group with the moniker Salt Typhoon found a way to exploit these points of entry into America’s broadband networks. In September, U.S. intelligence revealed that China gained access through these backdoors to enact surveillance on American internet traffic and data of millions of Americans and U.S. businesses of all sizes. The consequences of this attack are still being evaluated, but they are already regarded as among of the most catastrophic breaches in U.S. history. There are more than just purely practical reasons for supporting encryption. Meredith Whittaker, president of Signal, delves into the deeper philosophical issues of what society would be like if there were no private communications at all in a talk with Robert Safian, former editor-in-chief of Fast Company. “For hundreds of thousands of years of human history, the norm for communicating with each other, with the people we loved, with the people we dealt with, with our world, was privacy,” Whittaker told Safian in a podcast. “We walk down the street, we’re having a conversation. We don’t assume that’s going into some database owned by a company in Mountain View.” Today, moreover, the company in Mountain View transfers the data to a data broker, who then sells it – including your search history, communications and other private information – to about a dozen federal agencies that can hold and access your information without a warrant. When it comes to our expectations of privacy, we are like the proverbial frogs being boiled by degrees. Whittaker says that this is a “trend that really has crept up in the last 20, 30 years without, I believe, clear social consent that a handful of private companies somehow have access to more intimate data and dossiers about all of us than has ever existed in human history.” Whittaker says that Signal is “rebuilding the stack to show” that the internet doesn’t have to operate this way. She concludes we don’t have to “demonize private activity while valorizing centralized surveillance in a way that’s often not critical.” We’re glad that a few stalwart tech companies, from Apple and its iPhone to Signal, refuse to cave on encryption. And we hope there are more, not fewer, such companies in the near future that refuse to expose their customers to hackers and government snooping. “We don’t want to be a single pine tree in the desert,” Whittaker says, adding she wants to “rewild that desert so a lot of pine trees can grow.” We’re all resigned to the need to go through security at high-profile sporting and cultural events, just as we do at the airport. The American Civil Liberties Union is raising the question – will that level of scrutiny be the new normal at the mall, at open-air tourist attractions, outdoor concerts, and just plain walking around town? The Department of Homeland Security (DHS) is investing in research and development to “assess soft targets and address security gaps” with new technology to track people in public places. It is funding SENTRY, the Soft Target Engineering to Neutralize the Threat Reality. SENTRY will combine artificial intelligence from the “integration of data from multiple sources,” which no doubt will include facial recognition scans of everyone in a given area to give them a “threat assessment.” We do not dismiss DHS’s concern. The world has no lack of violent people and our country is full of soft targets. Just hark back to the deranged shooter in 2017 who turned the Route 91 Harvest music festival in Las Vegas into a shooting gallery. He killed 60 people and wounded more than 400. A similar act by a terrorist backed by a malevolent state could inflict even greater casualties. But we agree with ACLU’s concern that such intense inspection of Americans going about their daily business could lead to the “airportization” of America, in which we are always in a high-security zone whenever we gather. ACLU writes that “security technology does not operate itself; people will be subject to the petty authority of some martinet guards who are constantly stopping them based on some AI-generated flag of suspicion.” We would add another concern. Could SENTRY be misused, just as FISA Section 702 and other surveillance authorities have been misused? What is to keep the government from accessing SENTRY data for warrantless political surveillance, whether against protestors or disfavored groups targeted by biased FBI agents? If this technology is to be deployed, guardrails are needed. PPSA seconds ACLU’s comment to the watchdog agency, the Privacy and Civil Liberties Oversight Board (PCLOB), that asks it to investigate AI-based programs as they develop. Congress should watch the results of PCLOB’s efforts and follow up with legal guardrails to prevent the misuse of SENTRY and similar technologies. Supreme Court Justice Oliver Wendell Holmes observed that anyone “who respects the spirit as well as the letter of the Fourth Amendment would be loath to believe that Congress intended to authorize one of its subordinate agencies to sweep all our traditions into the fire to direct fishing expeditions into private papers on the possibility that they may disclose evidence of crime.” A century after Justice Holmes delivered that warning, the U.S. Securities and Exchange Commission is doing just that. This agency is methodically sweeping all our traditions into the fire to direct fishing expeditions that treat every investor as a criminal suspect. The good news is that the constitutionality of the SEC’s program is on trial in a case now before a federal judge in Waco, Texas. Here’s the background: Historically, when the SEC has suspected someone of insider trading, it had to issue an investigative subpoena. Then in 2010, the market suffered the “flash crash” – a trillion-dollar decline caused by technical glitches that lasted for 36 minutes. The SEC responded to this technical glitch by proposing Rule 613, which established the Consolidated Audit Trail (CAT), a database that collects not just investors’ trades, but also their privately identifiable information. This “solution” had nothing to do with the crash, but it perfectly illustrates former Chicago Mayor Rahm Emmanuel’s dictum that “you never want a serious crisis to go to waste.” Rule 613 requires self-regulatory organizations, like private stock exchanges, to collect every detail about trades in securities on a U.S. exchange. It also includes confidential data on more than 100 million private investors, making it the largest database outside of the National Security Agency. This database includes investors’ names, dates of birth, taxpayer identification numbers, Social Security numbers, and more. Now two Texas investors, in affiliation with the National Center for Public Policy Research, are suing the SEC for this massive violation of privacy. Their lawsuit, represented by the New Civil Liberties Alliance, could be required reading for law students seeking to understand the application of our constitutional rights, beginning with the Fourth Amendment. This lawsuit makes the case:
The lawsuit makes a convincing case that the U.S. Supreme Court’s 2018 Carpenter decision – which held that the government violates the Fourth Amendment whenever it seeks a suspect’s cellphone location history without a warrant – should make this case against CAT a slam-dunk. After all, the plaintiffs assert that unlike the issue in Carpenter, “with Rule 613 SEC does not need an investigative predicate, much less a court order, to obtain and analyze private information, nor is the information limited to any particular person or time frame.” Even if a federal judge declares CAT to be unconstitutional, however, it will only strike down one of many intrusive violations of Americans’ financial privacy by federal agencies. These include a new requirement of all business owners to file “beneficial ownership” forms, for which any American business owner can face two years in prison for a clerical mistake, and the U.S. Treasury’s Financial Crimes Enforcement Networks snooping into Americans’ financial transactions with the coerced cooperation of 650 private financial institutions. Once the election is over, Congress should pass the “Protecting Investors' Personally Identifiable Information Act,” introduced by Sen. John Kennedy, (R-LA), and Rep. Barry Loudermilk, (R-Ga.), which would allow the SEC to obtain personally identifiable information only by requesting it on a case-by-case basis. As the risks of the SEC’s reckless program become clearer, more Members of Congress should embrace another Holmes dictum: “State interference is an evil, where it cannot be shown to be a good.” Police Chief: “A Nice Curtain of Technology”We’ve long followed the threat to privacy from the proliferation of automated license plate readers (ALPRs). Now the Institute for Justice has filed a lawsuit against the Norfolk, Virginia, police department for its use of this Orwellian technology. More than 5,000 communities across the country have installed the most popular ALPR brand, Flock, which records and keeps the daily movements of American citizens driving in their cars. Norfolk is an enthusiastic adopter of Flock technology, with a network of 172 advanced cameras that make it impossible for citizens to go anywhere in their city without being followed and recorded. Flock applies artificial intelligence software to its national database of billions of images, adding advanced search and intelligence functions. “This sort of tracking that would have taken days of effort, multiple officers, and significant resources just a decade ago now takes just a few mouse clicks,” the Institute for Justice tells a federal court in its lawsuit. “City officers can output a list of locations a car has been seen, create lists of cars that visited specific locations, and even track cars that are often seen together.” No wonder the Norfolk police chief calls Flock’s network “a nice curtain of technology.” The Institute for Justice has a different characterization, calling this network “172 unblinking eyes.” Americans are used to the idea of being occasionally spotted by a friend or neighbor while on the road, but no one expects to have every mile of one’s daily movements imaged and recorded. The nefarious nature of this technology is revealed in the concerns of the two Norfolk-area plaintiffs named in the lawsuit.
“If the Flock cameras record Lee going straight through the intersection outside his neighborhood, for example, the NPD (Norfolk Police Department) can infer that he is going to his daughter’s school. If the cameras capture him turning right, the NPD can infer that he is going to the shooting range. If the cameras capture him turning left, the NPD can infer that he is going to the grocery store […] “Lee finds all of this deeply intrusive. Even if ordinary people see him out and about from time to time, Lee does not expect and does not want people – much less government officials – tracking his every movement over 30 days or more and analyzing that data the way the Flock cameras allow the NPD and other Flock users to do.”
“As a healthcare worker, Crystal is legally and ethically required to protect her clients’ privacy,” the filing states. “She also understands that her clients expect her to maintain their confidentiality … If she failed to live up to those expectations, her business would suffer.” Both plaintiffs are concerned another Flock user, perhaps a commercial entity, might misuse the records of their movements. They are also worried about “the potential that Defendants, Flock users, or third-party hackers could misuse her information.” No warrants or permissions are needed for Norfolk officers to freely access the system. The Institute for Justice was shrewd in its selection of venues. Norfolk is in the jurisdiction of the federal Fourth Circuit Court of Appeals, which in 2021 struck down the use of drone images over the city in a case called Beautiful Struggle v. Baltimore Police Department. “The Beautiful Struggle opinion was about a relatively, comparatively, crude system, just a drone that was flying in the air for 12 hours a day that at most had a couple of pixels that made it hard to identify anyone,” Institute for Justice attorney Robert Frommer told 404 Media. “By contrast, anyone with the Flock cameras has a crystal-clear record of your car, a digital fingerprint that can track anywhere you go. The police chief even said you can’t really go anywhere in Norfolk without being caught by one of these cameras.” The consistent principle from the Fourth Circuit’s precedent should make it clear, in the words of the Institute for Justice, that tracking a driver “to church, to a doctor’s office, to a drug-abuse treatment clinic, to a political protest,” is unconstitutional. The intelligence community’s disregard for solemnly made pledges reminds us of the hit song by the ‘80s new wave band Naked Eyes: “You made me promises promises/ Knowing I'd believe …” Forgive the Boomer reference, but the failure of the intelligence community to live up to its promises is also a golden oldie. For example, in 2017, Dan Coats was asked in a Congressional hearing if he would, if confirmed as Director of National Intelligence, provide public estimates of the number of people inside the United States with communications “incidentally” collected by National Security Agency surveillance. Coats said he would “do everything I can” to work with the head of the NSA “to get you that number.” That pledge was followed up by NSA Deputy Director Richard Ledgett to provide an estimate by the end of that year. This would have been important information for the reauthorization of FISA Section 702 in 2018, as well as congressional debate and reauthorization of this same authority this year. Section 702 allows the NSA to scour global networks in search of the communications of foreign spies and terrorists. Given the interconnected nature of global communications, surveillance technology cannot help but also collect the private communications of Americans at home, potentially violating the Fourth Amendment. Having a ballpark estimate of how many Americans have had their privacy rights implicated by federal surveillance would be very useful guidance for congressional oversight of the intelligence agencies. Yet, Director Coats and the NSA backtracked. Their estimates never came. Their excuse was that separating Americans from this global trawl would be too impractical, somewhat like counting all the krill picked up in a large fishing net. But this argument, to strain a metaphor, doesn’t hold water. The watchdog Privacy and Civil Liberties Board made it clear in 2023 that in order to comply with the Constitution’s Fourth Amendment, as well as directives from the Foreign Intelligence Surveillance Court (FISC), the NSA already filters out domestic communications in its programs. In 2022, Princeton researchers published a methodology for a rough estimate of how many people in the United States have their communications caught up under programs authorized by Section 702. Under such partial proxies, Congress could at least have some idea of how many Americans have their communications captured by their government. Beyond ballpark numbers, Congress needs to know how government agencies – the FBI in particular – might be using Americans’ personal information gleaned from Section 702 programs for warrantless domestic surveillance. Despite solemn promises by the champions of the intelligence community that this never happens, the FISC Court revealed that such surveillance has been used by the FBI in ordinary domestic cases – evidence against American citizens that is never revealed in court. Frustrated by the government’s many broken promises, PPSA joined with Restore The Fourth and 22 other civil liberties organizations across the ideological spectrum – ranging from the American Civil Liberties Union to Americans for Prosperity – to send a letter to the directors of national intelligence and NSA. We demand access to numbers that the government clearly has and pledged to Congress to provide. Director of National Intelligence Avril Haines and NSA Director Gen. Timothy Haugh would be well advised not to toss this one into the round file. The reauthorization of Section 702 passed by one tie-breaking vote in the House this year. If the government once again fails to keep its promise, it will not augur well for the next reauthorization of Section 702 on the legislative calendar for 2026. Government Promises to Protect Personal Data While Collecting and Using Americans’ Personal Data10/21/2024
Digital data, especially when parsed through the analytical lens of AI, can detail almost every element of our personal lives, from our relationships to our location histories, to data about our health, financial stability, religious practices, and political beliefs and activities.
A new blog post from the White House details a Request for Information (RFI) from OMB’s Office of Information and Regulatory Affairs (OIRA) seeking to get its arms around this practice. The RFI seeks public input on “Federal agency collection, processing, maintenance, use, sharing, dissemination, and disposition of commercially available information (CAI) containing personally identifiable information (PII).” In plain language, the government is seeking to understand how agencies – from the FBI to the IRS, the Department of Homeland Security, and the Pentagon – collect and use our personal information scraped from our apps and sold by data brokers to agencies. This request for public input follows last year’s Executive Order 14110, which represented that “the Federal Government will ensure that the collection, use, and retention of data is lawful, is secure, and mitigates privacy and confidentiality risks.” What to make of this? On the one hand, we commend the White House and intelligence agencies for being proactive for once on understanding the privacy risks of the mass purchase of Americans’ data. On the other hand, we can’t shake out of our heads Ronald Reagan’s joke about the most terrifying words in the English language: “I’m from the government and I’m here to help.” The blog, written by OIRA administrator Richard L. Revesz, points out that procuring “CAI containing PII from third parties, such as data brokers, for use with AI and for other purposes, raises privacy concerns stemming from a lack of transparency with respect to the collection and processing of high volumes of potentially sensitive information.” Revesz is correct that AI elevates the privacy risks of data purchases. The government might take “additional steps to apply the framework of privacy law and policy to mitigate the risks exacerbated by new technology.” Until we have clear rules that expressly lay out how CAI is acquired and managed within the executive branch, you’ll forgive us for withholding our applause. This year’s “Policy Framework for Commercially Available Information” released by Director of National Intelligence Avril Haines, ordered all 18 intelligence agencies to devise safeguards “tailored to the sensitivity of the information” and produce an annual report on how each agency uses such data. It is hard to say if Haines’ directive represents a new awareness of the Orwellian potential of these technologies, or if they are political theater to head off legislative efforts at reform. Earlier this year, the U.S. House of Representatives passed the Fourth Amendment Is Not For Sale Act, which would subject purchased data to the same standard as any other personal information – a probable cause warrant. The Senate should do the same. The government’s recognition of the sensitivity of CAI and accompanying PII is certainly a step in the right direction. It is also clear that intelligence agencies have every intention of continuing to utilize this information for their own purposes, despite lofty proclamations and vague policy goals about Americans’ privacy. To quote Ronald Reagan again, when it comes to the promises of the intel community, we should “trust but verify.” The recent approval of the House Intelligence Committee’s annual intelligence policy bill sets up a critical moment for the ongoing debate over surveillance powers, particularly the controversial FISA Section 702. While the bill does not include a provision to narrow the definition of "electronic communication service providers" (ECSP), this issue will soon come to a head in the House-Senate conference. Rep. Jim Himes (D-CT) signaled his acceptance of Senate Intelligence Chair Mark Warner’s "technical fix," which would narrow the scope of the ECSP definition. Himes said the change “would be totally fine with me,” and that “I always believed that the language was overbroad in the initial amendment…” This change would prevent ordinary businesses—like coffee shops or small offices—from being forced to assist in government surveillance. While Himes expressed he would be "totally fine" with Warner’s proposal, the issue has yet to be fully debated or incorporated into House legislation. We’ve seen efforts at reform falter before, and the final outcome will be determined behind closed doors in the House-Senate conference, where transparency is sorely lacking. As we’ve previously noted, broadening the ECSP definition without clear limitations would create a “Make Everyone a Spy” law, enlisting small businesses into the surveillance apparatus. Moreover, the administration’s reassurance that the law will only be applied to specific providers, based on a classified FISA court decision, is insufficient. History shows that such promises often erode over time, allowing the intelligence community to expand its surveillance reach through legal loopholes. John Wiegmann, the new top lawyer for the Office of the Director of National Intelligence, also supported Warner’s. But as with everything, we want to see the changes in writing in the bill. The closed-room conference between the House and Senate is where these decisions will play out, but the lack of public scrutiny makes it a fraught process. Given past betrayals on surveillance reform, we have ample reason for anxiety. Privacy advocates must remain vigilant and press for real reforms that ensure no further expansion of surveillance powers. The House and Senate need to guarantee that any changes made truly limit the scope of ECSPs and protect Americans from warrantless data collection. PPSA will be monitoring this situation closely as it unfolds. The Project for Privacy and Surveillance Accountability recently submitted a series of FOIA requests to law enforcement and intelligence agencies seeking critical information on how the agencies handle data obtained through the use of cell-site simulators, also known as Stingrays or Dirtboxes, which impersonate cell towers and collect sensitive data from wireless devices. Specifically, PPSA submitted requests to DOJ, CIA, DHS, NSA, and ODNI. These requests focus on what happens after the government collects this data. As PPSA’s requests state, PPSA “seeks information on how, once the agency obtains information or data from a cell-site simulator, the information obtained is used.” We are particularly interested in learning about the agencies’ policies for data retention, usage, and deletion, especially for data collected from individuals who are not the target of surveillance. PPSA has long been concerned with the invasive nature of these surveillance tools, which capture not only targeted individuals' data but also data from anyone nearby. As we previously stated in a 2021 FOIA request, “this technology gives the government the ability to conduct sweeping dragnets of metadata, location, and even text messages from anyone within a geofenced area.” These FOIA requests specifically demand transparency about what happens after the government collects such data. We seek records regarding policies on data retention, use, and destruction, particularly for information unrelated to surveillance targets. As our requests state, “PPSA wishes to know what policies govern such use and what policies, if any, are in place to protect the civil liberties and privacy of those whose data might happen to get swept up in a cell-site simulator’s data collection activities.” As we previously highlighted, Stingrays represent a significant intrusion into personal privacy, and we are committed to holding the government accountable for its use of such tools. By pursuing these requests, we aim to inform the public about the scope and potential risks of the agencies’ surveillance activities, and to push for greater safeguards over Americans’ private information. PPSA will continue to push towards transparency, and we will keep the public informed of our efforts. An important analysis from Real Clear Investigations probes the extent to which censorship abroad threatens the First Amendment here at home. Writer Ben Weingarten asks whether foreign demands that domestic media companies operating abroad comply with those nations’ often far more censorial legal requirements will lead in turn to more censorship here at home. The preponderance of the evidence suggests bad news for fans of the First Amendment. Weingarten points specifically to the European Union’s Digital Services Act, which imposes content moderation standards that far exceed what would be considered constitutional in the United States. For example, companies doing business in the EU must combat “illegal content online,” which includes the disfavored rhetoric like “illegal hate speech.” Writes Weingarten: “Platforms also must take ‘risk-based action,’ including undergoing independent audits to combat ‘disinformation or election manipulation’ – with the expectation those measures should be taken in consultation with ‘independent experts and civil society organisations.’ The Commission says these measures are aimed at mitigating ‘systemic issues such as … hoaxes and manipulation during pandemics, harms to vulnerable groups and other emerging societal harms’ driven by ‘harmful’ but not illegal content.” What’s more, investigations pursuant to the DSA can result in fines of up to 6% of annual global revenue, a potential outcome likely to give companies like X and Facebook pause when considering whether to comply with the invasive oversight of European bureaucrats and NGOs serving as arbiters of the appropriate. Then there’s the question of whether social media companies that agree to the EU’s demands are likely to run parallel services – for example, a DSA compliant version of X and another that is consistent with the requirements of the First Amendment. Elon Musk seemed willing to abandon Brazil after that country banned X for failing to de-platform the account of former president Jair Bolsonaro. (Though Musk’s company is now very much back in business there.) But the EU is a much bigger market with a lot more monetizable users. As Weingarten documents, the punishment of media companies abroad for speech that is well within the bounds of the First Amendment is a growing trend – not just in the EU but also in countries like the UK and Australia. And Weingarten reserves no small amount of criticism for the Biden Administration’s silence – and even capitulation – in the face of such foreign censorship. Bills like the No Censors on our Shores Act, which could “punish foreign individuals and entities that promote or engage in the censorship of American speech,” offer one potential solution to foreign censorship creep. So do articles like Weingarten’s, which provide a much-needed diagnosis of our speech-related ailings and failings. A new study from Washington Post reveals that police routinely use facial recognition software to identify and arrest suspects, yet fail to disclose it to the defendants themselves. This, despite the fact that that the still-new technology has led to numerous documented false arrests. Washington Post spoke with 100 police departments across 15 states, although only 30 of them provided records from cases in which facial recognition was used. In fact, the investigation found that the police often overtly masked their use of the software, recording in reports, for example, that suspects were identified “through investigative means.” There’s reason for that; facial recognition software is notoriously fallible. The article references at least seven cases of wrongful arrests stemming from the use of the technology. Six of those seven were Black Americans. Washington Post reports, “[f]ederal testing of top facial recognition software has found the programs are more likely to misidentify people of color, women and the elderly because their faces tend to appear less frequently in data used to train the algorithm….” Last year, we wrote about the case of Randall Reid, a Black man from Georgia arrested for allegedly stealing handbags in Louisiana. The only problem: Reid had never even been to Louisiana. He was a victim of misidentification. And that was all the police needed to hold him for close to a week in jail. Generally speaking in the criminal context, facial recognition software works by comparing surveillance footage with publicly available photos online. Companies like Clearview AI contract with law enforcement agencies, providing access to billions of photos scraped from Facebook, X, Instagram and other social media platforms. And despite access to so much online material, the results are often faulty. Which is all the more reason that such evidence needs to be disclosed in an investigative context. Per the Post, “Clearview search results produced as evidence in one Cuyahoga County, Ohio, assault case included a photo of basketball legend Michael Jordan and a cartoon of a Black man.” Spoilers: neither image depicted the culprit. The real culprit in this case is a legal system that is decidedly behind the times on reacting and responding to technological shifts. Some are catching up; in 2022, the ACLU won a legal victory against Clearview mandating the company to adhere the Illinois Biometric Information Privacy Act (BIPA). The law requires companies that collect, capture, or obtain a biometric identifier of an Illinois resident to first notify that person and obtain his or her written consent. But we have a long way to go in establishing vigorous protections against the misuse and masking of “iffy” new technologies like facial recognition. Due process requires we do better. Sen. Mike Lee (R-UT) is advancing his new Saving Privacy Act to protect Americans’ personal financial information from warrantless snooping by federal agencies.“The current system erodes the privacy rights of citizens, while doing little to effectively catch true financial criminals,” Sen. Lee said. The bill’s co-sponsor, Sen. Rick Scott (R-FL), added: “Big government has no place in law-abiding Americans’ personal finances. It is a massive overreach of the government and a gross violation of their privacy.”
Are these two senators paranoid? Or are they reacting to genuine “massive overreach” from a government that already illicitly spies on Americans’ personal finances? Consider what PPSA has reported in the last three years:
“Traditionally, Americans’ financial holdings are kept between them and their broker, not them, their broker, and a massive government database,” state auditors and treasurers wrote in a recent letter to House Speaker Mike Johnson. “The only exception has been legal investigations with a warrant.”
TRAC sucks in wire transfers within the United States between American citizens, as well as with those sending or receiving money from abroad. Sen. Wyden told The Wall Street Journal that TRAC lets the government “serve itself an all-you-can-eat buffet of Americans’ personal financial data while bypassing the normal protections for Americans’ privacy.”
Could that actually happen? It did across the border, when the Canadian government used emergency powers to debank truckers engaged in a political protest. At home, the tracking of Americans’ spending is a Fourth Amendment violation that inevitably leads to the degradation of the First Amendment.
Sen. Lee’s bill counters this financial surveillance state by repealing many of the reporting requirements of the Bank Secrecy Act. It also repeals the Corporate Transparency Act (which forces small businesses to reveal their ownership), closes the SEC’s database on Americans’ trades, prohibits the creation of a Central Bank Digital Currency, and requires congressional approval before any agency can create a database that collects personally identifiable information of U.S. citizens. Finally, Sen. Lee’s Saving Privacy Act would institute punishments for federal employees who release Americans’ protected financial information, while establishing a private right of action for Americans and financial institutions harmed when their privacy is compromised by the government. The Saving Privacy Act is a landmark bill that deserves to become the basis of debate and action in the next Congress. The Emerging “Silicon Curtain”We’ve long warned that our cars are deceptive. They feel like they offer us private spaces. Yet when we get behind the wheel, we are actually settling inside a comprehensive recording and tracking device. The surveillance modern car is connected to the larger world by Bluetooth and Wi-Fi, satellites and cell service, all fed by a web of sensors that surround us.
As a result, our cars can log where we go, record what we listen to, the calls we make, and even how much our weight fluctuates over time. If cameras and microphones are installed in our cars to check for inebriation, as some propose, the car will fully surpass even the smartphone as an all-round surveillance device. It is for this reason that PPSA applauds the Biden administration and Commerce Secretary Gina Raimondo for issuing a ban on Chinese-developed software from internet-connected cars, trucks, and buses sold in the United States. The Biden administration – in an action sure to be upheld by either Kamala Harris or Donald Trump – is taking a rational step in response to the discovery of Volt Typhoon. This is an organization of Chinese hackers who enacted a covert campaign to embed malicious code throughout U.S. infrastructure. With a few keystrokes, China had installed the means to contaminate U.S. drinking water, cut off oil and gas pipelines, turn off our electricity, close hospitals, and halt rail and civilian aviation. The administration was wise to include Russia in the ban. It also reserves the right to extend the ban to other countries with regimes that express malevolent intentions toward the United States. “This is not about trade or economic advantage,” Secretary Raimondo said. “This is strictly a national security action.” The Commerce Secretary told reporters that connected vehicles could spy on drivers’ movements, where their children go to school, shut down to create traffic jams, or even crash to kill their occupants. The risks of both surveillance and mayhem are too dire for any responsible leader to ignore. China Daily warns the United States of the dangers to global trade if we fail to “shed China paranoia.” But we cannot forget the words of Catch-22 author Joseph Heller: “Just because you’re paranoid doesn’t mean they aren’t after you.” Before last week it might have seemed paranoid to the leaders of Hezbollah that their pagers and walkie-talkies could assassinate them. Suddenly, cars being remotely instructed to drive head-on into each other doesn’t sound so far-fetched. It certainly isn’t paranoid. Former U.S. Rep. Mike Gallagher, in a thoughtful piece in The Wall Street Journal, looks to the larger threat environment, from Chinese surveillance embedded in cranes in ports, to systems that control cargo ships in Europe. Gallagher writes: “Anyone with control over a portion of the technology stack such as semiconductors, cellular modules, or hardware devices, can use it to snoop, incapacitate, or kill.” Gallagher calls for the development of an “interoperable free-world technological industrial base” that would “make the free-world’s technology stack more attractive than the totalitarian alternative, drawing more countries to our side of the emerging Silicon Curtain.” The bifurcation of global trade in technology by a Silicon Curtain is a somber new reality. The results will include endless hassle, higher costs, and reduced innovation. The alternative is worse – knowing that any day you could get inside your car only to find out it is taking you somewhere you don’t want to go. The FBI, which surveilled academics at the University of California, Berkeley, in the 1950s and 1960s, is now reaching out to a think tank on that campus for help in devising ways to break encryption and other privacy measures used by consumers and private social media companies.
In this task, the FBI is seeking advice from the Center for Security in Politics, founded by former Arizona governor and Homeland Security Secretary Janet Napolitano, to devise ways to access the contents of communications from apps and platforms. “We need to work with our private-sector partners to have a lawful-access solution for our garden-variety cases,” one FBI official at the event told ABC News. The FBI’s actions are in keeping with a growing global crackdown on encryption, highlighted by the recent arrest of Telegram founder Pavel Durov in France. We could take days trying to unravel this Gordian knot of ironies. Better to just quote Judge James C. Ho of the Fifth Circuit Court of Appeals, who wrote in a recent landmark opinion on geofence warrants that: “Hamstringing the government is the whole point of our Constitution.” In finding geofencing the data of large numbers of innocent people unconstitutional, Judge Ho noted that “our decision today is not costless. But our rights are priceless.” The FBI has a lot of tools to catch the drug dealer, the pornographer and the sex trafficker. After all, the Bureau has been doing that for decades. The best mission for the partnership between the FBI and the Center for Security in Politics would be to focus on the “lawful-access” part of their quest. With so many smart people in the room, surely they can invent new and effective ways to solve many crimes while honoring the Fourth Amendment. In the 2002 Steven Spielberg movie Minority Report, Tom Cruise plays John Anderton, a fugitive in a dystopian, film-noir future. As Anderton walks through a mall, he is haunted by targeted ads in full-motion video on digital billboards. The boards read Anderton’s retinas and scan his face, identify him, and call out “Hey, John Anderton!” – look at this Lexus, this new Bulgari fragrance, this special offer from Guinness!
Anderton appears brutalized as he and other passersby walk briskly and look straight ahead to avoid the digital catcalls around them. What was sci-fi in 2002 is reality in 2024. You’ve probably seen a digital billboard with vibrant animation and high production values. What’s not immediately apparent is that they can also be interactive, based on face-scanning and the integration of mobile data exploited by the “out-of-home” advertising business. “Going about the world with the feeling that cameras are not just recording video but analyzing you as a person to shape your reality is an uncomfortable concept,” writes Big Brother Watch, a UK-based civil liberties and privacy organization in a white paper, The Streets Are Watching You. Some examples from Big Brother:
This tracking is enabled by cameras and facial recognition and enhanced by the synthesis of consumers’ movement data, spatial data, and audience data, collected by our apps and reported to advertisers by our smartphones. Audience data is collected by mobile advertising ID (MAIDS), which cross-references behavior on one app to others and matches those insights with tracking software to create a personal profile. While supposedly anonymized, MAIDS can be reverse engineered to work out someone’s actual identity. We have an additional concern about hyper-targeted advertising and advertising surveillance. This sector is raising billions of dollars in capital to build out an infrastructure of surveillance in the UK. If this practice also spreads across the United States, the data generated could easily be accessed by the U.S. federal government to warrantlessly surveil Americans. After all, about a dozen U.S. agencies – ranging from the FBI to the IRS – already purchase Americans’ digital data from third-party data brokers and access it without warrants. Congress can prevent this technology from being unfurled in the United States. The U.S. Senate can also take the next step by passing the Fourth Amendment Is Not For Sale Act, passed by the House, which forbids the warrantless collection of Americans’ most personal and sensitive data. In the meantime, go to p. 35 of Big Brother’s “The Streets Are Watching You” report to see how Apple iPhone and Android users can protect themselves from phone trackers and location harvesting. We wouldn’t want to do what John Anderton did – have a technician pluck out our eyes and replace them with someone else’s. Replacing one’s face would presumably take a lot more work. Does Congress have oversight of the federal intelligence community, or do the spies and intelligence officials have oversight of Congress?
Under our Constitution, the answer should be obvious – the legislative branch oversees executive agencies. Besides, no American should want spies and intelligence officials looking over the shoulders of our elected representatives. That is why the founders established Congress in Article One of the Constitution. And yet, at times, it seems as if the intelligence community regards oversight of Congress as its legitimate business. We learned last year that Jason Foster, the former chief investigative counsel for Sen. Chuck Grassley – Ranking Member of the Senate Judiciary Committee – is among numerous staffers and Congressional lawyers, Democrats and Republicans, who had their personal phone and email records searched by the Department of Justice in 2017. Foster later founded Empower Oversight Whistleblowers & Research, which went to court to press for disclosure of the misuse of Justice’s subpoena power that risked identifying confidential whistleblowers who provided information to Congress about governmental misconduct. Now federal Judge James E. Boasberg has ordered the partial unsealing of a Non-Disclosure Order (NDO) application filed by the Department of Justice to prevent Google from notifying users like Foster that their phone records, email, and other communications were ransacked by the Justice Department. This is a significant victory for transparency. We eagerly await the results of the unsealed NDO for clues about the Justice Department’s intentions in spying on Congressional attorneys with oversight responsibility. In the meantime, PPSA continues to use every legal means to press a Freedom of Information Act request seeking documents on “unmasking” and other forms of surveillance of 48 current and former House and Senate Members on committees that oversee the intelligence agencies. We will alert you about any further revelations from the court. In the meantime, the Senate can do its part by following up on the unanimous passage of the Non-Disclosure Order Fairness Act by the House. This bill restricts the government’s currently unlimited ability to impose gag orders on telecom and digital companies. These gag orders keep these companies’ customers from learning that their sensitive, personal information has been surveilled by the government. As Congress learns about the degree to which its Members are being watched by the executive branch, the NDO Fairness Act should be more popular than ever. The Texas Observer reports that the Texas Department of Public Safety (DPS) signed a 5-year, nearly $5.3 million contract for the Tangles surveillance tool, originally designed by former Israeli military officers to catch terrorists in the Middle East.
In its acquisition plan, DPS references the 2019 murder of 23 people at an El Paso Walmart, as well as shooting sprees in the Texas cities of Midland and Odessa. If Tangles surveillance stops the next mass shooter, that will be reason for all to celebrate. But Tangles can do much more than spot shooters on the verge of an attack (assuming it can actually do that). It uses artificial intelligence to scrape data from the open, deep, and dark web, combining a privacy-piercing profile of anyone it targets. Its WebLoc feature can track mobile devices – and therefore people – across a wide geofenced area. Unclear is how DPS will proceed now that the Fifth Circuit Court of Appeals in United States v. Jamarr Smith ruled that geofence warrants cannot be reconciled with the Fourth Amendment. If DPS does move forward, there will be nothing to keep the state’s warrantless access to personal data from migrating from searches for terrorists and mass shooters, to providing backdoor evidence in ordinary criminal cases, to buttressing cases with political, religious, and speech implications. As the great Texas writer Molly Ivins wrote: “Many a time freedom has been rolled back – and always for the same sorry reason: fear.” The phrase “national security” harks back to the George Washington administration, but it wasn’t until the National Security Act of 1947 that the term was codified into law. This new law created the National Security Council, the Central Intelligence Agency, and much of the apparatus of what we today call the intelligence community. But the term itself – “national security” – was never defined.
What is national security? More importantly, what isn’t national security? Daniel Drezner, a Fletcher School of Law and Diplomacy professor, writes in Foreign Affairs that it was the Bush-era “war on terror” that put the expansion of the national security agenda into overdrive. Since then, he writes, the “national security bucket has grown into a trough.” The term has become a convenient catch-all for politicians to show elevated concern about the issues of the day. Drezner writes: “From climate change to ransomware to personal protective equipment to critical minerals to artificial intelligence, everything is national security now.” He adds to this list the Heritage Foundation’s Project 2025’s designation of big tech as a national security threat, and the 2020 National Security Strategy document, which says the same for “global food insecurity.” We would add to that the call by politicians in both parties to treat fentanyl as a matter of national security. While some of these issues are clearly relevant to national security, Drezner’s concern is the strategic fuzziness that comes about when everything is defined as a national security priority. He criticizes Washington’s tendency to “ratchet up” new issues like fentanyl distribution, without any old issues being removed to keep priorities few and urgent. For our part, PPSA has a related concern – the expansion of the national security agenda has a nasty side effect on Americans’ privacy. When a threat is identified as a matter of national security, it also becomes a justification for the warrantless surveillance of Americans. It is one thing for the intelligence community to use, for example, FISA Section 702 authority for the purpose for which Congress enacted it – the surveillance of foreign threats on foreign soil. For example, if fentanyl is a national security issue, then it is appropriate to surveil the Chinese labs that manufacture the drug and the Mexican cartels that smuggle it. But Section 702 can also be used to warrantlessly inspect the communications of Americans for a crime as a matter of national security. Evidence might also be warrantlessly extracted from the vast database of American communications, online searches, and location histories that federal agencies purchase from data brokers. So the surveillance state can now dig up evidence against Americans for prosecution in drug crimes, without these American defendants ever knowing how this evidence was developed – surely a fact relevant to their defense. As the concept of national security becomes fuzzier, so too do the boundaries of what “crimes” can be targeted by the government with warrantless surveillance. “Trafficking” in critical minerals? Climate change violations? Repeating alleged foreign “disinformation”? When Americans give intelligence and law enforcement agents a probable cause reason to investigate them, a warrant is appropriate. But the ever-expanding national security agenda presents a flexible pretext for the intelligence community to find ever more reason to set aside the Constitution and spy on Americans without a warrant. Drezner writes that “if everything is defined as national security, nothing is a national security priority.” True. And when everything is national security, everyone is subject to warrantless surveillance. |
Categories
All
|