​Fresh on the heels of the Bill of Rights’ 234th birthday comes a salient reminder of just how difficult it is for those in power to resist abusing their authority, and why the Fourth Amendment in particular is every bit as relevant today as it was in 1791.

Wilmer Chavarria is suing the U.S. Department of Homeland Security (DHS) for an incident in Houston in July. According to his lawsuit, U.S. Customs and Border Patrol (CBP) agents detained him, demanded his passwords, then searched the contents of his devices as he tried to enter the country at George Bush Intercontinental.

Actually, make that returning home rather than trying to enter – Wilmer Chavarria is as American as tarta de manzana. He’s a school superintendent in Vermont, where apples are the state fruit and apple pie is literally the state pie (either à la mode or with cheddar). Born in Nicaragua, Chavarria became a citizen of the United States in 2018 after coming here a full decade earlier to do that most American of things – get an education. That day in July, this American citizen was returning home after visiting his mother and family in Nicaragua.

CBP separated him from his husband, then interrogated Chavarria for several hours before releasing him without explanation. Along the way, he was informed that he had no Fourth Amendment right to resist. The primary problem with that argument is, of course, that the Fourth Amendment applies to all American citizens. It clearly states that no one living under the authority of the Constitution must endure unreasonable search and seizure, and that a warrant, based on probable cause, must be obtained by authorities whenever one’s personal effects are to be searched.

To be clear, these protections do not apply to noncitizens seeking to enter the country. Chavarria was utterly and completely covered the moment he finished swearing “so help me God,” on the day of his naturalization. 

Another potential problem with the DHS/CBP argument is a landmark 2014 decision in which the U.S. Supreme Court declared that digital devices like cellphones are covered by the amendment’s original language of “persons, houses, papers, and effects.” But the ruling left the notorious “border exception” intact, which may explain CBP’s inclination to take a constitutional mile with the mere inch the parchment actually gives them. With any luck, Chavarria’s case may breathe renewed life into the space that United States v. Smith clawed back from the border exception in 2023.

Despite such rulings, border agents seem not only unfazed but also emboldened. According to research by the Pacific Legal Foundation, warrantless searches of electronic devices have quadrupled in the decade since the high court’s original 2014 ruling.

When asked about cases like Chavarria’s, CBP demurs. These tactics are “rare” and “highly regulated” according to the agency’s assistant commissioner Hilton Beckham. She also insisted to the Houston Chronicle that such searches are only used to combat serious crimes. “Lawful travelers,” she says, need not fear.

By such logic, Chavarria must have somehow represented a danger to national security. Perhaps New England schoolchildren, gay marriage, and naturalized Nicaraguans are a greater existential threat to the future of the republic than anyone previously realized.

Or it could be good old fashioned political targeting. In April, mere months before his trip, Chavarria refused to sign his state’s request to certify to the U.S. Department of Education that Vermont was not using “illegal DEI practices.” And he did so on the record, noting that his district is the most diverse in the state. The federal request was one that some 19 states, eventually including Vermont, simply refused to comply with. Agree or disagree with that position, it should be a matter of serious concern for people of all political stripes if the government applied a political standard to its warrantless intrusion into an American’s digital devices.

It is perhaps no coincidence, then, that before he even boarded his domestic flight back to Vermont that day, Chavarria received an email. In it, CBP announced that his longtime TSA Global Entry status had been revoked because he suddenly “did not meet program eligibility requirements.”
​
So it’s come to this: If you’re traveling abroad, consider using burner phones and leaving your personal and work devices at home.

​If you’ve read Rick Atkinson’s prize-winning books on the American Revolution or watched Ken Burns’ documentaries on that founding event, you know how deeply Americans have always valued privacy. The Revolution itself was sparked, in part, by outrage over the British Crown’s use of “general warrants” – sweeping authorities that allowed the King’s agents to ransack homes, warehouses, offices, and ships at dock in search of anything they deemed suspicious.

Now, nearly 250 years after the Declaration of Independence, London is at it again.

This time, the British government is executing a plan to override the security and encryption protections built into U.S. technology products – exposing the private data of Americans, and potentially users around the world, beginning with Apple devices.

The CLOUD Act — and a Deal Gone Wrong

PPSA Senior Policy Advisor Bob Goodlatte knows this territory well. A former congressman from Virginia and Chairman of the House Judiciary Committee, Goodlatte helped lead passage in 2018 of the Clarifying Lawful Overseas Use of Data Act, better known as the CLOUD Act.

The CLOUD Act allows the United States and trusted foreign partners to enter into data-sharing agreements, enabling law enforcement to seek data through warrants or subpoenas regardless of where that data is stored. But Congress paired this authority with firm guardrails to protect privacy, civil liberties, and the rule of law.

One of those agreements – the U.S.–UK Data Access Agreement (DAA) – has now veered sharply off course.

“I am deeply troubled by how the United Kingdom has taken advantage of our goodwill,” Goodlatte wrote in a letter sent late last week to Attorney General Pam Bondi.

Britain’s Abuse of Surveillance Powers

At issue is the UK’s use of so-called Technical Capabilities Notices, or TCNs, issued under the UK Investigatory Powers Act. These secret orders can compel U.S. technology companies to weaken, delay, or suspend the deployment of essential security features, including end-to-end encryption.

“The threat to Americans’ privacy from these measures is real,” Goodlatte warned, whether the UK’s actions affect U.S. companies’ global products or are limited to services offered in Britain. Even in the latter case, he explained, the consequences are profound: increased risk of global surveillance, compromised digital infrastructure, and a direct assault on the protections Congress demanded when it approved the agreement.

Approval Rights and Gag Orders on U.S. Companies

Goodlatte also pointed to a particularly alarming requirement: U.S. companies must notify the British government before rolling out security upgrades – precisely the kind of foreign leverage Congress explicitly sought to prevent.

The CLOUD Act’s promise of streamlined cross-border cooperation, he wrote, “was never intended by Congress to be leveraged by a foreign partner to compel any form of ‘backdoor’ access or other types of decryption assistance.”

Even worse, UK policy reportedly imposes gag orders that prevent U.S. companies, starting with Apple, from disclosing this interference even to the U.S. government itself.

The Only Remedy: Suspend the Agreement

The CLOUD Act anticipated this scenario. Under the DAA, the United States may suspend or terminate the agreement when a partner government’s laws or practices materially undermine its privacy and civil liberties commitments.

“Accordingly,” Goodlatte wrote, “I urge the Department of Justice to invoke Article 12.3 and suspend the Agreement unless and until the UK withdraws its use of TCNs.”

During passage of the CLOUD Act, Goodlatte insisted on strong congressional oversight of the law’s implementation. Now, he is calling on the Justice Department to enforce the deal’s terms – and protect Americans from a digital revival of the general warrants our founders fought to abolish.
​
Expect sitting Members of Congress to take up that call as well.

​Imagine a dish called Surveillance Stew. It’s served anytime multiple privacy-threatening technologies come together, rather like a witch’s brew of bad ideas. It's best served cold.

The latest Surveillance Stew recipe includes location data, social media, and facial recognition. Nicole Bennett, who studies such things, writes in The Conversation that this particular concoction represents a turning point: borders are no longer physical but digital. The government has long held that the border is a special zone where the Fourth Amendment has little traction. Now the government is expanding border rules to the rest of America.

Immigration and Customs Enforcement (ICE) has put out a call to purchase a comprehensive social media monitoring system. At first glance, Bennett notes, it seems merely an expansion of monitoring programs that already exist. But it’s the structure of what’s being proposed that she finds new, expansive, and deeply concerning. “ICE,” she writes, “is building a public-private surveillance loop that transforms everyday online activity into potential evidence.”

The base stock of Surveillance Stew came with Palantir’s development of a national database that could easily be repurposed into a federal surveillance system. Add ICE’s social media monitoring function and the already-thoroughgoing Palantir system becomes “a growing web of license plate scans, utility records, property data and biometrics,” says Bennett, “creating what is effectively a searchable portrait of a person’s life.”

Such a technology gumbo seems less a method for investigating individual criminal cases than a sweeping supposition that any person anywhere in the United States could, at any moment, be a “criminal.” It’s a dragnet, says Wired’s Andrew Couts, noting that 65 percent of ICE detainees had no criminal convictions. Dragnets are inimical to privacy and corrosive to the spirit of the Constitution.

Traditional, law-based approaches to enforcement are one thing – and enforcement, of course, is ICE’s necessary job. The problem now, warns Bennett, is that “enforcement increasingly happens through data correlations” rather than the gathering of hard evidence.

We agree with Bennett's conclusion that these sorts of “guilt by digitization” approaches fly in the face of constitutional guardrails like due process and protection from warrantless searches. To quote Wired’s Couts again, “It might be ICE using it today, but you can imagine a situation where a police officer is standing on a corner and just pointing his phone at everybody, trying to catch a criminal.”

The existence of Palantir’s hub makes it inevitable that ICE’s expanded monitoring capability will migrate to other agencies – from the FBI to the IRS. And when that happens, what ICE does to illegal immigrants can just as easily be done to American citizens – by any government entity, for any reason.
​
When our daily lives are converted into zeroes and ones, the authorities can draw “borders” wherever they want.

​Outrage, the currency of our times, is being minted at a furious rate over Special Counsel Jack Smith’s use of grand jury subpoenas to spy on the telephone metadata records of eight senators and one congressman around the time of the Jan. 6th 2021 assault on the U.S. Capitol.

One statement of majestic and appropriate outrage – the gold standard, if you will – came from Sen. Rand Paul (who was not among those surveilled). He wrote in Breitbart:

“Our Founding Fathers objected to general warrants that allowed soldiers to go from house to house searching homes of American colonists, [and] I think they would be equally horrified by a government that goes from phone to phone collecting data on all Americans.”

Then there is Sen. Lindsey Graham, one of the targets of Smith’s surveillance, who shouted (rhetorically, starting at 2:35) at Attorney General Pam Bondi, “Can you tell me why my phone records, when I’m the Chairman of the Judiciary Committee, were sought by the Jack Smith agents, why did they ask to know who I called and what I was doing from January 4th to the 7th, can you tell me that?”

It's a good question.

David Corn, writing in the progressive Mother Jones, had his own angle of outrage – that President Trump “incited a violent assault on the Capitol, and for hours – as cops were being beaten and Democratic and Republican legislators were being threatened – did nothing in the hope this domestic terrorism would benefit him and allow him to stay in power …

“Should that not have been thoroughly investigated?”

Another good question.

Here’s our take. Yes, after the trashing of the U.S. Capitol, savage beatings of Capitol police, and the erection of a gallows to “hang Mike Pence,” it would have been astonishing for the government not to investigate. But when the executive branch spies on the metadata of Members of Congress – data that can yield a wealth of private information – you would expect a special prosecutor, appointed by one president to investigate his predecessor and likely future opponent, to dot all “i’s” and cross all “t’s.”

Instead of adhering to a strict constitutional standard, Jack Smith predicated his surveillance of U.S. senators and a representative on a subpoena issued by a grand jury. Such a panel, as New York Chief Judge Sol Wachtler famously said, would gladly indict a ham sandwich if that was what the prosecution wanted.

In his Breitbart piece, Sen. Paul quotes Chief Justice John Roberts when the Supreme Court held in Carpenter v. United States (2018) that geolocation from cellphone metadata was a privacy interest protected by the Fourth Amendment. Justice Roberts, for the majority, wrote, “this Court has never held that the Government may subpoena third parties for records in which the subject has a reasonable expectation of privacy.”

Senators, like everyone else, deserve a reasonable expectation that their phone records are private. Of course, senators – also, like everyone else – are not exempt from lawful investigations. But when one branch investigates another – when one political party investigates its opponents – is it too much to ask that the government respect the Fourth Amendment? If Jack Smith had a good reason to surveil nine Members of Congress, he should have made his case for probable cause before a neutral magistrate and obtained a warrant – as the Constitution requires.
​
That Smith instead chose to slather two pieces of bread with mustard and add a slice of ham indicates (mixed metaphor alert) that he was on nothing more than a fishing expedition. When politics intersect with criminal law, prosecutors must adhere to the most rigorous standards. That is in keeping with the character of an exceptional nation. We must not lose it.

“Just because you’re paranoid doesn’t mean they aren’t after you,” says Yossarian, Joseph Heller’s terrified bomber pilot in Catch-22. The same could now be said by eight U.S. Senators and one U.S. House Member – all Republicans – who were secretly spied upon by the FBI during the Biden administration.
​
For five years now, the Project for Privacy and Surveillance Accountability has filed Freedom of Information Act (FOIA) requests demanding records from the FBI and other intelligence agencies about the possible surveillance of Members of Congress. We used every legal avenue – from FOIA requests to lawsuits – to compel the FBI, the Department of Justice, the Office of the Director of National Intelligence (ODNI), the National Security Agency, and the Department of State to disclose documents about the possible surveillance of Members of Congress with oversight responsibility over this intelligence community.

In short, we wanted to know if the FBI and other agencies were “overseeing” their ostensible overseers in Congress.

The government’s only response was the flippant use of the “Glomar response,” a court-created doctrine in which an agency can issue a “neither confirm nor deny” answer. In one instance, a response from ODNI came back within four business days, unprecedented speed for the bureaucracy. The Glomar response was originally created to protect a super-secret CIA project to retrieve a sunken Soviet nuclear submarine. Now it is being used to hide domestic spying.

At the time, Gene Schaerr, PPSA general counsel, responded: “The government doesn’t want to even entertain our question. What do they have to hide?”

Now we know at least part of what the government has to hide.

The FBI in 2023 analyzed the phone records of Sen. Lindsey Graham (R-SC), Sen. Bill Hagerty (R-TN), Sen. Josh Hawley (R-MO), Sen. Dan Sullivan (R-AK), Sen. Tommy Tuberville (R-AL), Sen. Ron Johnson (R-WI), Sen. Cynthia Lummis (R-WY), Sen. Marsha Blackburn (R-TN), and Rep. Mike Kelly (R-PA).

Among them we count three sitting members of the Senate Judiciary Committee, charged with oversight of the FBI, as being targeted by Bureau surveillance.

What was the FBI up to? The FBI document states it “conducted preliminary toll analysis on limited toll records,” meaning it secured and analyzed calls made by these Members in relation to their votes on whether to certify the 2020 presidential election results. The FBI’s analyses were based on metadata – who called whom and when. As research from Stanford University has shown, such seemingly innocuous records can yield “surprisingly sensitive personal information” about the likely contents of those calls.

That is one reason why Sen. Chuck Grassley, Chairman of the Senate Judiciary Committee, called this a “weaponization by federal law enforcement under Biden” that was “arguably worse than Watergate.”

We predict this is just the tip of the iceberg. The ease with which the FBI surveilled prominent Members of Congress hints at the underlying reasons for which PPSA’s queries have been batted away so consistently by the intelligence community. We believe that time will reveal that there is more – much more – evidence of the intelligence community accessing the private communications of Congress.

Next year Congress will hold a debate over the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act. It should be clear to all Members that the FBI can’t be trusted. We need reforms across the board, from ending the abuse of Section 702 as a source of warrantless domestic surveillance, to ending government data purchases.

​That shouldn’t merit a headline, but it does. We’ve often reported on the Department of Justice’s responses to our Freedom of Information Act (FOIA) requests for internal policies concerning the use of cell-site simulators, commonly known as stingrays.

In the past, we’ve received non-response responses to our FOIA request, including one in which DOJ sent us 40 redacted pages from MISTER BLANK in the office of BLANK, with only this statement: “Hope that’s helpful.” We noted at the time that this could only be taken as a middle-finger salute to FOIA itself.

There now seems to be a more responsive spirit at DOJ. A new reply to our FOIA request arrived this month. True, it was still less than fulsome. But it was a response! And what it did reveal was encouraging. It showed a determination to abide by a 2015 DOJ memo requiring probable cause warrants before this technology can be used, except in emergency circumstances.

DOJ personnel were informed:

“The core of this new policy is to require search warrants for use of the devices, except in rare circumstances such as a threat to life and limb. It also requires transparency with the courts in the way that we apply for legal process, and it dictates what should be done with information about cell phones that are not related to the investigation.”

This leaves you wondering why some previous respondents at DOJ chose obfuscation and a rude brushoff instead of showcasing an internal determination to abide by the Fourth Amendment.

Stingrays are devices that mimic cell towers, pinging the phones of people within a geofenced area to reveal their location, movements, and potentially some contents within their phones. This technology can sweep up the personal information of hundreds of people in a given area. This actually happened when the Richmond, Virginia, police searched for a bank robber. Their sweep compromised the Fourth Amendment rights of diners in a Ruby Tuesday restaurant, guests at a Hampton Inn, residents of an apartment complex, and seniors in an assisted living facility.

This incident demonstrates that while the Justice Department has a tight policy regarding the use of stingrays, different rules apply to a dozen other federal agencies and at least 75 state agencies around the country that also use this surveillance technology. The FBI instructs police to use stingrays to develop leads, but use other means to develop “primary evidence.” This sure sounds like a suggestion to construct parallel evidence.

Shouldn’t defendants know if evidence used against them was taken from their phones?
​
Still, we are happy to take good news when we can get. Here’s to encouraging the DOJ to continue to abide by its policy of applying a warrant requirement to stingrays.

- Justice Potter Stewart

​Local police departments are spending billions of dollars on surveillance technology, from cameras, to cell-site simulators, to drones. Customers in blue range from the New York Police Department, which has invested $3 billion in surveillance in recent years, to small-town departments willing to fork out tens of thousands.

With so much money sloshing around, it is reasonable to wonder how careful local officials are in maintaining clear boundaries between customer and vendor. Events in Atlanta suggest that sometimes these boundaries are, at best, blurry.

Marshall Freeman is the Chief Administrative Officer of the Atlanta Police Department (APD) and a former leader at the non-profit Atlanta Police Foundation. Together, the Foundation and the APD devised Connect Atlanta, a camera network that makes Atlanta one of the most surveilled cities per capita in the United States.

The Atlanta Community Press Collective (ACPC) was combing through public records when they noticed Freeman’s name on a Conflict of Interest Disclosure Report. Citing “financial interest” in Axon, a law enforcement tech company, he recused himself from contract-related “matters and dealings” that could impact Axon financially. “I have interest in a company that is currently in talks with Axon around acquisition and investment,” he wrote, without specifics.

ACPC discerned that Freeman’s unnamed stake was in a company called Fusus, whose software fuels the Connect Atlanta surveillance system. Axon acquired it for $240 million barely a week after Freeman filed his disclosure. More red flags followed. Freeman was the only public official quoted in Axon’s press release announcing the acquisition: “I wholeheartedly encourage all agencies to embrace this cutting-edge technology and experience its transformative impact firsthand.”

Using open records requests, ACPC also reports it also found emails indicating that Freeman “boosted Fusus and Axon products to other agencies in Georgia and around the U.S.” on multiple occasions post-disclosure. When the reporting first surfaced, APD responded tersely: “The appropriate ethics filings were submitted.”

A few weeks later, though, the City of Atlanta Ethics Office begged to differ, announcing an investigation into Freeman’s post-recusal behavior. Fifteen months later, the body released an official report totaling 313 pages. The findings suggest that Freeman’s relationship with the camera-pushing Fusus dated back to his days at the Atlanta Police Foundation, a relationship he brought with him to APD and continued to nurture. According to The Guardian, he consulted for Fusus for at least a year after joining APD, “crisscrossing the country in person and by email while repping the company, including conversations with police departments in Florida, Hawaii, California, Arizona and Ohio.”

All told, the Ethics Office found 15 separate matters in which Freeman used his official position as an influencer for Axon and Fusus. For at least part of this time, he served on the board of two Fusus subsidiaries in Virginia and Florida – a fact he did not disclose to ethics investigators. 

Writing in The Intercept, Timothy Pratt and Andrew Free detail how Freeman’s impropriety (the “appearance” of which is the only thing he’s admitted to) is making all of us less free – taking the Great Atlanta Mass Surveillance Experiment and replicating it from sea to monitored sea: Seattle, Sacramento, New York City, Omaha, Birmingham, Springfield, Savannah, and counting.

Freeman may be an exception. But he might be the rule. It doesn’t matter, given the outsized influence even one public official can have when it comes to the proliferation of the police surveillance dragnet in the United States. Then again, by the time robust surveillance systems get to smaller, heartland cities like Lawrence, Kansas, it may already be too late.
​
At the very least, police procurement processes would benefit from tighter rules, like those that govern Pentagon officials when they assess contracts.

Director George A. Romero said of his horror masterpiece, The Night of the Living Dead, that “if it doesn’t scare you, you’re already dead.”
 
Section 215 of the PATRIOT Act – the “business records” provision – should at least concern you. This surveillance authority sunsetted on March 15, 2020, after Congress failed to renew it. And yet, somehow, it continues to roam the landscape. As it does, significant questions about how this oddly enduring authority is being practiced deserve an answer.
 
Section 215 was the legal authority under which federal intelligence agencies obtained secret orders from the Foreign Intelligence Surveillance Court to review personal information from “tangible things.” This broad category could include location data, medical records, travel records, and more, in paper form or from electronic communications relating to any transaction.

The FBI in the past used Section 215 authority to collect phone logs cataloging records of calls and texts, and internet logs revealing the identities of people who visited particular web pages, and other sensitive data. After Congress prohibited bulk acquisition of records in 2015, Section 215 prompted agencies to use a “specific selection term” to narrow the scope of their investigations. The government uses “unique identifiers” like email addresses extracted from data to target individuals within collected data. 
 
Congress chose to let Section 215 expire in 2020, shutting it down entirely and requiring the government to use a more narrowly tailored authority called pen register/trap and trace orders.
 
But five years after Section 215’s expiration, the program continues to operate as a zombie authority.

• The law’s expiration clause allows continued use of this authority for investigations that were ongoing at the time of expiration or to investigate “offenses or potential offenses” that occurred before the sunset. This is a broad standard that grants agencies considerable authority to link any current target to past activities.

 
There is evidence that Section 215 is enjoying a robust afterlife. According to the most recent ODNI Statistical Transparency Report:

• The number of business records orders and the estimated targets of such orders ranged between five and eleven in 2022, 2023 and 2024.
  
  
• Yet, somehow, the estimated number of unique identifiers used to communicate information collected under 215 authority ranged from 55,431 in 2022, to 5,412 in 2023, and 63,260 in 2024.

​The many unanswered questions about Section 215’s afterlife activities cry out for oversight. Congress should require the government to answer:
​

• Why are there so many unique identifiers for such few targets?

 

• Is this disparity because the source of the collection is communications metadata?

 

• Or is it an overly generous interpretation of what constitutes a “contact”?

 

• Or is this number simply skewed because the targets are associated with malicious hacking? 

The answers to these questions may be innocuous. But when a legal authority continues to produce such large and unexplained numbers five years after its expiration, Congress needs to start asking questions.

Farnsworth Intelligence sells highly personal data on the cheap. Its business plan is as revolutionary as it is mercenary and brazen: Positioning itself as a legitimate business but selling data previously brought to market in the twilight corners of the dark web.

The realm in which this company operates is euphemistically known as “open-source intelligence,” or OSINT. Once upon a time, OSINT was primarily composed of publicly available data. But don’t be fooled. To quote PC World writer Michael Crider, “This is information apparently sourced directly from data breaches, stolen from companies and services in ways that just about every country considers a crime.”

And it’s all repackaged to sell at various price points. To wit, 404 Media, whose Joseph Cox broke the story, bought a tiny slice of Farnsworth’s data wares for a mere $50. 404 Media reports that is all they needed to eventually mine the addresses of numerous identity theft victims. Perhaps that’s why journalists report the company’s website says customers can find up-to-date addresses for debtors. Need data for your multi-million-dollar divorce case? Farnsworth can do that too.

As for the potential for trade secret violations, corporate espionage law, and the general use of stolen data in courts, EPIC’s Callie Schroeder says stay tuned. There are likely statutes that apply to what Farnsworth is doing, but as with all things digital, judicial rulings have been inconsistent to date.

And don’t even get us started on the surreptitious value government agencies of all stripes will place on this kind of dark web data – it could be a warrantless surveillance extravaganza.

​But there is no denying that shamelessness sells. After the story broke, Farnsworth issued a “404MEDIA” promo code on LinkedIn to celebrate the fact that it “has been getting a lot of attention.”

We share our most personal information with banks, telecoms, online search engines, and social media platforms. They know what we spend our money on, with whom we communicate, what we search for, and what we read and post. What could be more personal than that? So whenever we allow corporations to hold such personal information in digital form, can that be taken as a presumption that we’ve just given away our right to privacy?
 
Advocates for a sweeping interpretation of the “third-party doctrine” believe so. The very act of sharing our data, they hold, automatically relinquishes any right to privacy. The government thus doesn’t need to seek a probable cause warrant to review our private information, as the Constitution requires. This is not a matter of theory. A complex web of federal and state law effectively requires communications companies – through a risk of ruinous fines – to search through the content of their customers’ data, and report suspicious results to law enforcement.
 
This is what happened to a Wisconsin man, Michael Gasper. His data was flagged by Snapchat’s automated scans as child sexual abuse material, and reported to the National Center for Missing and Exploited Children. Based on this tip, a law enforcement officer was the first actor to perform a human review of the flagged file, though he did so without bothering to obtain a probable cause warrant, as the Fourth Amendment requires.
 
Initially, a lower court recognized that Gasper had a reasonable expectation of privacy in data he uploaded to the cloud through Snapchat. But the Wisconsin Court of Appeals held otherwise, reasoning that Snapchat’s Terms of Service – a lengthy contract most users “agree” to by checking a box, without ever reading it – eliminated any expectation of privacy. Now PPSA has filed a brief before the Wisconsin Supreme Court demonstrating that this ruling would undermine the heart of the Fourth Amendment. It would also defy a line of U.S. Supreme Court precedent that has long condemned overbroad interpretations regarding government access to third-party data.
 

• PPSA told the Wisconsin Supreme Court that the Fourth Amendment protects the degree of privacy that existed at the Founding despite advances in technology. This is not a reach. In the 18th century, Americans often entrusted their private property – and with it, their personal information – for limited uses by third parties, such as for custody, repair or transportation. Property owners maintained an expectation of privacy over their property, including their documents, when entrusted to a holder. In the 19th century, the Supreme Court held that letters sent through the mail “can only be opened and examined” under a warrant. Why should the cloud be treated any differently?

 

• Snapchat informed users, through its Terms of Service, that it performed automated searches for illicit material – essentially warning that it complies with the law. The state argues that this means Snapchat users have no expectation of privacy. But we told the Wisconsin high court: “when private reporting is mandated with significant penalties for noncompliance, such reports are state action, not private searches.”

 

• What about the eyeball search conducted by the law enforcement officer? We told the court: “But even if they were private searches, law enforcement cannot use them as a stepping stone to later, more expansive searches without complying with the Fourth Amendment.”

We reminded the Wisconsin Supreme Court that the U.S. Supreme Court in Carpenter v. United States held that the government did not have the right to warrantlessly track a suspect’s location through historic call records.
 
We urge the court to realize that we can protect children from exploitation and abuse while taking the time to obtain a warrant based on probable cause. Otherwise, policy will continue to subject the private data of all Americans to warrantless searches.
 
The ransacking of our cloud-based data is much like the “general warrants” of the colonial era, when agents of the Crown could rifle through anyone’s documents at will. This practice was one of the prime outrages that sparked the American Revolution. We should not tolerate the government’s general warrants today.

The CLOUD Act of 2018 is a framework for working with U.S. tech companies to share digital data with other governments. This law and basis for international agreements was a reasonable concession to allow these companies to do business around the world. But the agreement has gone off the rails because of the United Kingdom’s astonishing attempt to force Apple to break end-to-end encryption so they can access the data of all Apple users stored in the cloud.

Rather than violate the privacy of its users, Apple has stood by its customers and withdrawn encrypted iCloud storage from the UK altogether.

The House Judiciary’s Subcommittee on Crime and Federal Government Surveillance was already skeptical about that agreement, but appalled when the British government used it to secretly order Apple to provide that unfettered, backdoor access to all the cloud content uploaded by every Apple user on the planet. It was an unprecedented request, and an unexpected one from a fellow democracy.

• In the two years the agreement has been in effect, the UK issued more than 20,000 requests to U.S. service providers. The bulk of those requests included wiretapping surveillance.

 

• In comparison, the United States issued a mere 63 requests to British providers, mostly for stored data.

 

• Compare the UK’s 20,000 requests to the 4,507 wiretap orders of U.S. federal and state law enforcement agencies in criminal cases in two years. The United States has five times the population of the U.K., but only issues about one-fourth the number of such orders.

In April, members of the House Judiciary Committee asked Attorney General Pam Bondi to terminate the U.K. agreement. As extreme as that sounds, PPSA supports that proposal as the best way to persuade Britain to back off an unreasonable position. In the worst-case scenario, no agreement would be better than comprehensive violation of Americans’ privacy.
Undeterred, the subcommittee convened a recent hearing entitled “Foreign Influence On Americans’ Data Through The CLOUD Act.” Greg Nojeim from the Center for Democracy & Technology was an invited witness. If one had to name a single theme to his powerful testimony, it would come down to one word: “dangerous.”

Subcommittee Chairman Andy Biggs used the same word, declaring the secretive British demand of Apple “sets a dangerous precedent and if not stopped now could lead to future orders by other countries.” Ranking Judiciary Committee Member Jamie Raskin struck a similar chord: “Forcing companies to circumvent their own encrypted services in the name of security is the beginning of a dangerous, slippery slope.”

In short, the hearing demonstrated that the CLOUD Act has been abused by a foreign government that does not respect privacy and civil liberties or anything remotely like the Fourth Amendment to our Constitution. It needs serious new guardrails, beginning with new rules to address its failure to protect encryption. Expert witness Susan Landau of Tufts University warned the subcommittee that the U.K. appeared to be undermining encryption as a concept. A U.S.-led coalition of international intelligence agencies, she observed, recently called for maximizing the use of encryption to the point of making it a foundational feature of cybersecurity. Yet Britain conspicuously demurred.

• Rep. Biggs said: “Efforts to weaken, or even breaking, encryption makes us all less secure. The U.S.-U.K. relationship must be built on trust. If the U.K. is trying to undermine this foundation of cybersecurity, it is breaching that trust.” Once pried opened, he cautioned, “It's impossible to limit a back door [around encryption] to just the good guys.”

 

• Rep. Raskin warned that issues with the CLOUD Act itself are emblematic of larger privacy issues. “None of these issues exists in a vacuum. All government surveillance curtails all citizens’ liberties.” To which witness Richard Salgado added, “If there's still a real debate about whether security should yield to government surveillance, it doesn't belong behind closed doors in a foreign country … the debate belongs in public before the United States Congress.”

That debate will likely become intense between now and next spring when Congress takes up the reauthorization of Section 702 of FISA, the Foreign Intelligence Surveillance Act. Judiciary Chairman Jim Jordan indicated as much when he used his opening remarks to tout the “good work” the Committee has ahead of it in preparing to evaluate and reform Section 702.

Later in the hearing, Chairman Jordan returned to the looming importance of the Section 702 debate, asking each of the witnesses in turn a version of the question, “Should the United States government have to get a warrant before they search the 702 database on an American?”

All agreed without hesitation.

“Wow!” declared Rep. Jordan in response. “This is amazing! We all think we should follow the Constitution and require a warrant if you're going to go search Americans’ data.”
​
Rep. Raskin nodded along. And that’s as bipartisan as it gets.

​During last year’s congressional debate over surveillance, many defenders of the status quo, including then-FBI Director Christopher Wray, argued that a warrant requirement for the inspection of Americans’ personal information would be a security risk because it would be too time-consuming and burdensome.
 
But a recent response to one of our Freedom of Information Act (FOIA) requests filed with the Criminal Division of the Department of Justice shows that filling out warrant applications are routine and close to boilerplate.
 
In recent years, many of our FOIA requests have gone ignored. In one instance, we received a rude response from the Department of Justice in which 39 pages were redacted, and the 40th page only said: “Hope that’s helpful.”
 
Perhaps there has been a recent change of heart at DOJ. When we sought documents about cell-site simulators (which mimic cell towers and trick cellphones into revealing personal information), we received a polite and partial response. Included in the release was a draft affidavit to guide special agents of the FBI in applying to a U.S. district court to obtain a search warrant to identify a particular cellular device.
 
In it, an agent is prompted to:
 

• Provide evidence that the target device is located within a given area.

 

• There is probable cause to believe that the targeted individual is likely carrying the targeted cellular device, and is “necessary to identify the suspect and establish a connection between the suspect and the suspected crime.”

 

• “Once investigators ascertain the identity of the Target Cellular Device, they will cease using the investigative technique.”

The draft warrant application concludes: “A search warrant may not be legally necessary to compel the investigative technique described herein. Nevertheless, I hereby submit this warrant application out of abundance of caution.”
 
The agent then submits this document as sworn testimony.
 
PPSA hopes this response to our FOIA is a sign of a renewed commitment to meet our lawful requests for documents. And we urge surveillance hawks to consider that the routine filing of such applications demonstrates that it is far from excessively burdensome.
 
There, that wasn’t so hard now, was it?

​The U.S. Supreme Court this week granted a petition for review in what will be the first case that the Court has agreed to hear addressing the scope of the Fourth Amendment’s warrant requirement since 2021. The case seeks clarity on whether the so-called “emergency-aid” exception to the Fourth Amendment requires police to have probable cause that an emergency is ongoing.

After police officers learned that William Case of Montana had threatened suicide, they entered his home without a warrant and seized evidence later used to convict him of a felony. Because the officers “were going in to assist him,” they felt unrestrained by the Fourth Amendment’s warrant requirement even though they did not actually believe that he was in any immediate danger since he was attempting to commit suicide at the hands of the police.

This Court had not reaffirmed the sanctity of the home since Caniglia v. Strom (2021), which found that allowing warrantless entry into the home for community caretaking – duties beyond law enforcement or keeping the peace – would have been completely at odds with the privacy expectations and demands of the Framers.

PPSA, which filed the only amicus brief in William Case v. State of Montana, informed the Court that if now upheld, such warrantless intrusion would inevitably lead to warrantless inspection of the very personal information on Americans’ smartphones and other digital devices.

In our brief, PPSA warned the Court of the “diluting effect such a low bar for emergency aid searches” would cause in other contexts – especially regarding digital devices. PPSA told the Court:

“Such devices hold vast amounts of personal information that, historically, would only have been found in the home. Lowering the burden of proof required to justify the warrantless search of the place the Constitution protects most robustly would lead law enforcement and the courts to dilute protections for other, less historically safeguarded areas, such as electronic devices, which would be devastating to the privacy of Americans …

“If the government may enter the home without a warrant based only on a reasonable belief, far short of probable cause, that an emergency exists, the government may treat electronic sources of information the same way, posing an even greater threat to privacy and the ultimate integrity of the Fourth Amendment. The insidious branding almost writes itself: ‘Big Brother’ may be ‘watching you,’ but it’s for your own good!”

PPSA’s brief also made clear the long history of elevated protection of the home in both American law and English common law. By the 17th century it was established law that the agents of the Crown were permitted to intrude on the home only in a narrow set of extreme circumstances, and only when supported by strong evidence of an emergency that corresponds to at least probable cause. PPSA wrote that if the new emergency standard is allowed

“Seemingly benevolent searches would then become an engine for criminal prosecutions even though no warrant was ever obtained, and no probable cause ever existed. The emergency-aid exception would thus become a license for the government to discover criminal activity that – in all other circumstances – would only have been discoverable through a warrant supported by probable cause.”
​
In Caniglia, the Court unanimously restricted the community care exception to the Fourth Amendment. PPSA will report back when the Court holds oral arguments on the emergency-aid exception in Case v. Montana.

​Batman isn’t the only one who needs to worry about “unmasking.” This is the term of art for when federal officials ask that an American’s personal, international communications be deanonymized. “Upstreaming” is the National Security Agency practice of working with companies like Verizon or AT&T to create backdoors into the internet backbone to use targeted keywords to collect the content of Americans’ communications.
 
The practice of unmasking rose from 198 instances in 2013 to 5,000 in 2020. As this increase occurred, the intent of these searches began to look more and more political.
 
In 2017, National Security Advisor Susan Rice issued unmasking orders for identities of transition team members for Donald Trump’s first administration. More troubling, U.N. Ambassador Samantha Power or someone in her office made hundreds of unmasking requests. Nearly 270 of these requests came days or even hours before Power’s service in government ended.
 
Some of these unmasking orders were not supported by any legitimate national security justification by Section 702. Many were not subjected to “minimization” procedures to ensure that private information was performed in as limited a way as possible.
 
PPSA has long sought to learn how unmasking and upstreaming might be used against Members of Congress with oversight responsibility over the intelligence community. So we filed FOIA requests with DOJ to seek answers, including records on potential spying on 48 current and recent Members of Congress, ranging from former Vice President Kamala Harris to now-Secretary of State Marco Rubio, Rep. Jim Jordan to Sen. Ron Wyden.
 
We’ve yet to receive a fulsome answer to our Freedom of Information Act requests (FOIA) seeking records reflecting policies governing the unmasking of Members of Congress. But the Criminal Division of the Department of Justice has now informed us in writing that “no responsive records subject to the FOIA were located.”
 
“In other words, the Criminal Division claims to have no policies on how it might warrantlessly tap into the identity of Members of Congress in international communications, and potentially the content of their communications,” said Gene Schaerr, general counsel of PPSA. “When agencies spy on the very people who are charged with their oversight, you might think that at least some policies would be in place.
 
“And you might also think – given that spying on Congress necessarily involves the civil rights of us all – that there would be some internal guardrails or training material,” Schaerr said. “But you would be wrong.”
 
PPSA will report any further revelations in our ongoing efforts to dig out more information on how the intelligence community might be spying on Congress.

​Perhaps you had other things to do during last week’s House Judiciary hearing, “A Continued Pattern of Government Surveillance of U.S. Citizens.” So here’s a summary: The Judiciary’s Subcommittee on Crime and Federal Government Surveillance brought together witnesses from across the political spectrum (including PPSA’s own Gene Schaerr) to identify potential solutions to the ongoing (and growing) problem of Fourth Amendment abuse by government entities.
 
At the heart of the discussion was the need to import probable cause warrants – the key requirement of the Constitution’s Fourth Amendment – to the practice of federal agencies freely accessing our international communications, as well as our personal, digital data.
 
Witnesses effectively rebutted the fearmongering campaign by the intelligence community to convince us that a warrant requirement for federal surveillance of American citizens is too onerous, and too dangerous to entertain. But the most effective remarks came from a Member of the committee.
 
Rep. Brad Knott (R-NC), a former U.S. Attorney for the Eastern District of North Carolina, addressed the issue of warrant requirements with the assurance of a former federal prosecutor. He spoke of what it took for him to get permission to “flip the switch” on some of the most “intrusive” forms of wiretapping American citizens.
 
“So you have to demonstrate necessity,” Rep. Knott said. “You have to demonstrate why other techniques are futile … the rigor we had to exercise was very important … it kept the internal investigators accountable.”
 
Rep. Knott said the warrant process made sure investigations were “open and honest.” Investigators knew “that their actions were going to be subject to pen and paper. They were going to be subject to judicial review … and opposing counsel.”
 
Given the clarity and accountability added by warrants, Rep. Knott added:
 
“It’s amazing to me that there’s so much resistance to the warrant requirement alone.”
 
Throughout the 90-minute hearing, Members and witnesses stressed one thing:
 
The countdown clock is ticking on what may be our last, best chance at meaningful reform – including the adoption of a warrant requirement for U.S. citizens when Section 702 of the Foreign Intelligence Surveillance Act (FISA) comes up for renewal next year (it’s due to sunset in April 2026).
 
Section 702 is the legal authority that allows federal intelligence agencies to spy on foreign targets on foreign soil. But it also “incidentally” picks up the international communications of Americans, which can then be warrantlessly inspected by the FBI and other agencies.
 
Section 702 got a lot of airtime at the hearing and was frequently linked with the words “loophole” and “backdoor.” The Reforming Intelligence and Securing America Act (RISAA) of 2024 attempted to fix Section 702 – and did add some useful reforms – but it also left a loophole in which the FBI and others attempt to justify warrantless backdoor searches on Americans’ private communications.
 
For the FBI in particular, this has become the go-to means to warrantlessly develop domestic leads.
 
“Three million times they did [backdoor searches] in 2021,” lamented Judiciary Chairman Jim Jordan (R-OH). Or, as James Czerniawski of Americans for Progress, put it: “Time and time again we have caught the intelligence community with their hand in the constitutional cookie jar.”
 
Members and witnesses alike also addressed a privacy crisis even greater than Section 702 – the routine purchases made by federal agencies of Americans’ private digital information from data brokers.
 
ACLU’s Kia Hamadanchy reminded the subcommittee that the kind of data that can be bought and sold would be, in the words of a former CIA deputy director, “top secret” sensitive if gathered by traditional intelligence means. It would have to be kept “in a safe,” not in a database.
 
The hearing also got at what many consider the underlying issue driving the new era of surveillance. Namely, the acknowledgment that we increasingly live not in one world, but two – our physical reality and its digital twin. But unlike our world, the laws governing how the Fourth Amendment should be applied in the digital context are largely unwritten. In other words, said Rep. Andy Biggs (R-AZ), it’s the “Wild West.”
 
And Ranking Member Rep. Jamie Raskin (D-MD) added, “New technologies make it a lot harder to reign in government intrusion in the lives of the people.” The unwitting result? “We live in a modern, albeit consensual, surveillance state,” declared Phil Kiko, principal at Williams & Jensen and former Judiciary counsel.
 
With any luck, things might be different a year from now when FISA is up for renewal, thanks to a U.S. District Court ruling in January.
 
“To countenance this practice,” of warrantless surveillance, wrote the court, “would convert Section 702 into … a tool for law enforcement to run ‘backdoor searches’ that circumvent the Fourth Amendment.”
 
That legal precedent didn’t exist when the last Congress debated FISA reforms. Emboldened by this landmark decision, Reps. Jordan and Raskin are pledging to once again work together in a bipartisan spirit to win this fight. Their continuing partnership captures the spirit of the subcommittee’s hearing and should give reformers a renewed sense of hope.

​With the summer travel season imminent, the already hot (and recently explored) topic of warrantless searches at U.S. borders and ports of entry keeps getting hotter by the day. The latest twist comes from ZDNET, where David Berlind asks the age-old question: Biometric vs. Passcode?
 
What, you were expecting “Plastic vs. Paper?”
 
Seriously, it’s come to this: How do American citizens best thwart their own government from its attempts to violate our constitutional rights? Specifically, how do citizens prepare against warrantless searches of their personal devices at border crossings, as Customs and Border Patrol agents seem increasingly determined to carry out?
 
The CliffsNotes version of ZDNET’s advice: The spoken word still matters (for now) relative to the Constitution, as in, “No person … shall be compelled in any criminal case to be a witness against himself.” Speech existed when the Constitution was written; biometric tech (fingerprint scanning, facial recognition, etc.) did not.
 
Put another way, being pressured to verbally recite your passcode could be construed as self-incrimination. So it is easier to refuse a request to speak it than to stand still and have your face open your device. But this much is sure: biometrics aren’t spoken, so that line to the Fifth Amendment is dotted at best. The same goes for Miranda. “The right to remain silent” is predicated on you actually remaining silent.
 
As for the Fourth Amendment itself, the Supreme Court has yet to meaningfully clarify its 1985 declaration that the Fourth’s “balance of reasonableness is qualitatively different at the international border than in the interior.” In practice, this means warrantless searches of your devices coming through customs is allowed. Among the many unanswered questions, what constitutes a “routine” search?
 
Is the biometric vs. passcode distinction a completely absurd technicality straight out of Monty Python? You bet your sweet privacy it is. But it’s also a gray area of unsettled law, so technicalities are currently one of our last defenses against this particular strain of government intrusion.

​If this were a political thriller, “Quiet Skies” might be Russia’s clandestine government surveillance program being used to eliminate enemies of the state by poisoning their tea with polonium every time they take a flight.

In reality, “Quiet Skies” is the Transportation Security Administration’s secret spying program for the Air Marshal Service. First outed by the Boston Globe in 2018, Quiet Skies singles out potentially dangerous flyers for close attention and inspection (“enhanced observation”).

Enhanced observation is a 45-minute process that squeezes every inch of clothing, inspects the lining of suitcases, and requires a live review of every electronic device (meaning take it out, turn it on, and hand it over). Two bomb-sniffing canine teams and a plainclothes TSA supervisor may also be involved and, in the sky, up to three Air Marshals are tasked with watching these suspected passengers’ every move.

“SSSS” is TSA’s boarding pass designation for this treatment, which suggests that no focus groups or historians were consulted beforehand.

Such inspections in many cases are undoubtedly necessary to track bad actors intent on doing harm to the United States. As people who fly often with our family members, we are glad the government is on the lookout for the next potential shoe-bomber. Whistleblowers have indicated that the program, however, is also being abused as a means of targeting political opponents rather than as a $400-million-dollar anti-terrorist safety net.

Just ask Tulsi Gabbard, who was targeted in 2024 after returning from Rome with her husband. By then, of course, the Iraq War veteran and former Democratic representative had become the Biden Administration’s persona non grata du jour after she endorsed and campaigned for Donald Trump.

With Gabbard now the Director of National Intelligence, we hope that Rep. Tim Burchett’s (R-TN) request for answers as to why Gabbard was targeted will now see the light of day. Was she simply unlucky in being randomly chosen for this treatment, which has happened to one of us?
​
If politics is involved in any way, that would be a very serious misuse of security policy. You don’t have to be a fan of Director Gabbard to see how such an authority could be misused by any administration in any direction. Employing such tools to surveil political opponents is how republics fall.

As facial recognition and biometric scanning systems expand to 400 U.S. airports, Sen. Jeff Merkley (D-OR) is asking if this could be the beginning of a U.S. surveillance state.
 
In a video interview with Philip Wegman of RealClearPolitics, Sen. Merkley said:
 
“I'm concerned about the way facial recognition is used to encroach upon freedom and privacy around the world. We see China enslaving a million Uyghurs, and a tool they use is facial recognition software. It's so inexpensive and pervasive; if you put that power in the hands of a government, you can't know where it's going to go.

“This is not the kind of tool you want to give to the government in a free country. You would never know you have the ability to opt out at any airport where they're doing this program."

​The drafters of the U.S. Constitution could not have imagined Google, Apple, and cell-site technologies that can vacuum up the recorded movements of thousands of people. Still smarting from the British colonial practice of ransacking rows of homes and warehouses with “general warrants,” the founders wrote the Fourth Amendment to require that warrants must “particularly” describe “the place to be searched, and the persons or things to be seized.”
 
Courts are still grappling with this issue of “particularity” in geofence warrants – technology that analyzes mass data to winnow out suspects. Now a federal court in Mississippi has come down decisively against non-particular searches in location-and-time based cell tower data.
 
To reach this conclusion, Judge Andrew S. Harris had to grapple with a Grand Canyon of circuit splits on this question. His opinion is a concise and clear dissection of divergent precedents from two higher circuit courts.
 
Harris begins with the Fourth Circuit Court of Appeals in Virginia in United States v. Chatrie (2024), which held that because people know that tech companies collect and store location information, that a defendant has no reasonable expectation of privacy.” The Fourth Circuit reached its decision, in part, because Google users must “opt in to Location History” to enable Google to track their locations.
 
The Fifth Circuit Court of Appeals in New Orleans took the Fourth Circuit’s reasoning and chopped it up for jambalaya. The Fifth drew heavily on the U.S. Supreme Court’s 2018 United States v. Carpenter opinion – which held that the government’s request for seven days’ worth of location tracking from a man’s wireless carrier constituted an unconstitutional search.
 
This data, the Supreme Court reasoned, deserves protection because it provides an intimate window into a person’s life, revealing not only his particular movements, but through them his “familial, political, professional, religious, and sexual associations.”’ Despite a long string of cases holding that people have no legitimate expectation of privacy when they voluntarily turn over personal information to third parties, the U.S. Supreme Court held that a warrant was needed in this case.
 
The Fifth followed up on Carpenter’s logic with a fine distinction in United States v. Smith (2024): “As anyone with a smartphone can attest, electronic opt-in processes are hardly informed and, in many instances, may not even be voluntary.” That court concluded that the government’s acquisition of Google data must conform to the Fourth Amendment.
 
The Fifth thus declared that geofence warrants are modern-day versions of general warrants and are therefore inherently unconstitutional. That finding surely rattled windows in every FBI, DEA, and local law enforcement agency in the United States.
 
Judge Harris worked from these precedents when he was asked to review four search-warrant applications for location information from a data dump from a cell tower. The purpose of the request was not trivial. An FBI Special Agent wanted to see if he could track members of a violent street gang implicated in a number of violent crimes, including homicide. The government wanted the court to order four cell-service provides to produce data for 14 hours for every targeted device.   
 
Judge Harris wrote that the government “is essentially asking the Court to allow it access to an entire haystack because it may contain a needle. But the Government lacks probable cause both as to the needle’s identifying characteristics and as to the many other flakes of hay in the stack … the haystack here could involve the location data of thousands of cell phone users in various urban and suburban areas.”
 
So Judge Harris denied the warrant applications.
 
Another court in another circuit may have well come to the opposite conclusion. Such a deep split on a core constitutional issue is going to continue to deliver contradictory rulings until it is resolved by the U.S. Supreme Court. In the meantime, Judge Harris – a graduate of the University of Mississippi Law School – brings to mind the words of another Mississippian, William Faulkner: “We must be free not because we claim freedom, but because we practice it.”

​From a risk perspective, facial recognition software is a mixed bag of good and bad outcomes. It has helped capture bank robbers, rapists, and murderers. Yet it is disproportionately bad at accurately identifying people of color and women of color in particular, leading police to arrest the wrong people. And above all, it is by definition a broad surveillance tool fundamentally at odds with the concept of individual liberty. Even the Government Accountability Office is worried, issuing two reports to assess risks and make recommendations.
 
In late 2023 GAO wrote:
 
“The use of facial recognition technology for criminal investigations presents unique questions about civil rights and civil liberties. For example, civil liberties advocates have noted that the use of facial recognition at certain events – such as protests – could have a chilling effect on individuals’ exercise of their First Amendment rights.”
 
Americans who care about their Second Amendment rights should be equally worried about this technology. The connection isn’t as obvious as it is with free speech, but the math works. Imagine:
 

1. You attend a rally in support of the Second Amendment.
2. The ATF and state police are there too, in disguise. They secretly work the crowd and pickpocket the wallets of everyone in attendance.
3. They then use the pickpocketed driver’s licenses to identify the attendees.

 
Oh, wait. The ATF and state police can’t pickpocket IDs because that would be a crime. But let’s try a slightly a different formulation:
 

1. You attend a rally in support of the Second Amendment.
2. The ATF and state police use facial recognition technology to identify everyone in attendance.
3. They then cross-reference the list of rally attendees with various gun registries to develop a short list of attendees who own firearms.
4. Worried about being on various lists, you eventually stop going to Second Amendment rallies.
5. If state or federal authorities decide to confiscate civilian weapons, they have a pre-constructed database ready to (ab)use.

 
Two scenarios. Both unconstitutional. Yet one is perfectly legal. The very use of facial recognition software is tantamount to having our wallets and IDs physically stolen. Somehow we have become inured to the difference.
 
“A search engine for faces,” is how Clearview.ai founder Hoan Ton-That cheerily described his company’s software to CNN Business. Clearview’s 50+ billion images, scraped from the Internet without anyone’s permission (do you recall being asked?) has been used by more than 2,000 organizations in 27 countries – including the Marshals Service, FBI, and ATF. Thank God none of those agencies have any interest in guns.
 
Oh, wait.
 
By the way, if you ever visit Clearview’s website, we recommend you decline all cookies.

​Credit Rep. Anna Paulina Luna (R-FL) for leading a task force of the House Oversight Committee to declassify federal secrets, including files concerning the assassinations of John F. Kennedy, Robert F. Kennedy, and the Rev. Martin Luther King Jr. The scope of Rep. Luna’s inquiry, approved by committee Chair James Comer (R-KY), will also examine the reach of Jeffrey Epstein’s vile activities, as well as government records on unidentified aerial phenomenon.
 
We urge Chairman Comer, Rep. Luna, and the other members of her task force to consider including in their declassification task force another matter of deep interest to the American people – key facts that reveal the extent of the American surveillance state and, especially, the extent to which it surveils Americans.
 
Digital Data Purchases
 
One area ripe for investigation is the common government practice of purchasing the personal digital data of Americans, scraped from apps and sold by data brokers. The FBI, IRS, Department of Defense, and Department of Homeland Security routinely buy our most sensitive and personal information and examine it without a warrant.
 
We urge Rep. Luna to work to unearth:

• The identity of the data brokers, foreign and domestic, who sell Americans’ information to the government.

 

• Estimates of the number of individual Americans whose personal information is purchased.

 

• The categories of purchases made that give the government access to our familial, romantic, professional, religious, and political associations.

What Is the Proposed “Fix” in the “Make Everyone a Spy” Law About?
 
Another area that cries out for transparency was the subject of a measure passed by Congress last April, which is widely called the “Make Everyone a Spy.” This law broadens the definition of an “electronic communications service provider” to practically any business or house of worship that offers free Wi-Fi. Falling under this definition obligates a business to secretly spy on its customers for the National Security Agency.
 
At the time of passage, Congress promised to narrow the scope of this law to types of companies defined in rulings by the Foreign Intelligence Surveillance Act (FISA) Court that were previously excluded from this law. This fix was nixed in the House, leaving the most expansive version of the law imaginable, hence the popular moniker – Make Everyone a Spy.
 
These companies are widely believed – and even hinted at in open debate on the Senate floor – to be providers of cloud storage.
 
We urge Rep. Luna and her colleagues to work to make public the nature of the proposed legislative fix. Such a disclosure would inform future debate in Congress over the scope of this ECSP provision, which has enormous implications for Americans’ privacy.
 
Topline Numbers on FISA Section 702
 
Yet another area that needs greater transparency is the impact of government surveillance under FISA Section 702. This law was enacted by Congress to enable surveillance of foreigners on foreign soil. But in recent years it has been used to search for the communications of millions of Americans “incidentally” caught up in this foreign surveillance program.
​

• We urge Rep. Luna to dig out the number of Americans who have had their communications searched under FISA Section 702 by the FBI.

This information is essential for an informed debate when Congress next considers the reauthorization of Section 702 in early 2026.
 
Spying on Members of Congress
 
There are also clear signs the intelligence agencies have spied on Members of Congress by “unmasking” their identities in foreign communications, and possibly examining their communications by tapping into the “upstream” backbone of the internet.
 
We urge Rep. Luna to:
​

• Work to release records on the “unmasking,” “upstreaming,” or purchasing of personal data by the NSA, CIA, or FBI of 48 current and recent members of committees with oversight responsibilities over the intelligence community, ranging from Marco Rubio to Devin Nunes, and Elise Stefanik.

Years of Freedom of Information Act requests and subsequent lawsuits by our organization and our civil liberties peers have rarely been met with substantive answers. There is no reason why the Congress and the American people do not already know the answers to these questions, none of which would compromise national secrets or intelligence “sources and methods.”
 
Chairman Comer, Rep. Luna, and the other members of the task force have a priceless opportunity to use their deep dive into the government’s sea of secrets to inform Congress and the American people of the nature and extent of federal surveillance of Americans.

​It is always refreshing to thumb through a court opinion that reads like an Elmore Leonard novel. For example, in a recent opinion of the Eleventh Circuit Court of Appeals, one defendant is also known as “a.k.a. Baldhead, a.k.a. Ball Head.” And the opinion contains numerous references to whether “a cup of ice” is code for an ounce of meth, and to extensive evidence presented in court – guns, money, dope, a gold necklace seized from a home – that could provide props from Netflix’s Narcos.
 
Our guess is that the several defendants in this case, whose convictions were mostly upheld by the court, did not earn enough merit badges to become Eagle Scouts. But they are still Americans with constitutional rights. And, for the good of us all, they should get the same protections of the Fourth Amendment as the rest of us.
 
Did they?
 
Here are the facts: The home of one Rolando Williamson in Birmingham, Alabama, was persistently surveilled by pole cameras from October 2018 through August 2019. The cameras warrantlessly recorded the comings and goings of Williamson and his visitors nonstop, including his front and back yards – the area often referred to in Fourth Amendment law as the home’s “curtilage.” 
 
On the basis of this persistent recording of a home, the government performed a sting operation and followed up with warrants to search Williamson’s home. We agreed with three out of six judges on the First Circuit Court in a similar case, Moore v. United States, that a “reasonable expectation of privacy” was violated when the government placed a pole camera in front of a woman’s home for eight months.
 
In this case, the Eleventh Circuit ruled that similarly persistent surveillance did not violate the Fourth Amendment. The court reasoned that, because one of the cameras overlooked the public street in front of Williamson’s home, and the other recorded the exposed and publicly viewable backyard, the cameras “could view only what was visible from the public streets in front of the house and the public alley behind it.”
 
The court rejected the defense’s comparisons to the U.S. Supreme Court’s Carpenter v. United States (2018), which found a Fourth Amendment violation in law enforcement’s seizure of a suspect’s location history from a cellphone tower. The court also asserted that this case did not resemble United States v. Jones (2012), in which the Supreme Court held that attaching a GPS device to a vehicle amounted to a search requiring a warrant.
 
“By contrast, a pole camera does not track movement,” the Eleventh Circuit found. “It does not track location. It is stationary – and therefore does not ‘follow’ a person like a GPS attached to his vehicle.” Moreover, “the Carpenter decision concerned a technology that is meaningfully different than pole cameras. Pole cameras are distinct both in terms of the information they mine and the degree of intrusion necessary to do so.”

We question the court’s conclusion about the narrowness of data mined by a pole camera. A persistent camera does track movement of residents and their visitors in and out of a home. It potentially reveals a target’s political, religious, and romantic interests. Watching the movements for months around the curtilage of a home – which is highly protected in Fourth Amendment law – is in fact very intrusive.
 
These are ripe questions for future cases. As for the Eleventh Circuit, it declared that it is not making a general rule on the constitutionality of pole cameras. State and federal courts remain divided on that question. And it is a question that will not go away. From pole cameras to drones, aerial panoramas from balloons that can loiter for months, and other persistent forms of surveillance, the courts – and likely, the Supreme Court – will need to set a rule on these forms of outside-in surveillance.
 
To see that they do, PPSA will be looking to provide legal support in cases that present the best fact patterns. 

For almost 70 years, the President’s Intelligence Advisory Board (PIAB) has advised U.S. Commanders-in-Chief on the effectiveness of the country’s intelligence operations. President Donald Trump recently announced his PIAB roster, chaired by his longtime ally, former Congressman and House Intelligence Committee Chairman Devin Nunes.
 
In Nunes, Trump has chosen a super-utility player when it comes to evaluating the efficacy and integrity of the intelligence community. When Nunes was Chair, the Department of Justice surreptitiously collected data on multiple committee staffers – an unlikely coincidence given that Nunes was then investigating the FBI’s suspicious interest in Trump’s 2016 campaign, and clashing with the Justice Department and the FBI. Chairman Nunes was vocal and effective in exposing government surveillance abuses.
 
That experience alone makes Nunes a good choice to chair PIAB, as he understands firsthand the dangers of surveillance overreach in domestic contexts. Yet he’s also strong when it comes to spying on other countries, having vigorously supported the renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA) in 2018.
 
Such balance is needed on this advisory board. When advising the president on intelligence matters, we urge the new PIAB to assess three well-documented misuses and abuses:

1. FISA Section 702: Invaluable for tracking foreign spies, it has long been used for unbridled surveillance of Americans on American soil. The ongoing abuse of Section 702 calls out for substantive reforms to shore up Fourth Amendment rights, including a warrant requirement for searches of Americans’ data.
   
   
2. The dangerous expansion of FISA’s Electronic Communication Service Provider standard – meaning the network/server user data of churches, law offices, gyms, department stores, campaign offices, car dealerships, you name it – can be spied on by the government without restriction. Some in the House blocked a promise made in the Senate’s passage to narrow this overreaching surveillance of Americans. Today, almost every free, business Wi-Fi network Americans use can be repurposed to spy on them. 
   ​
   
3. Commercially Available Information sold to federal agencies. At present, third-party data brokers may sell sensitive personal information (scraped from our apps, for example) to government intelligence and law enforcement agencies – from Americans’ financial and bankruptcy records, health and mental health issues, browsing and location histories. Virtually every aspect of our personal online identities can be acquired by the government, without cause or a warrant.

Other members of the newly-announced board include:

• Scott Glabe, Homeland Security alumnus
• Amaryllis Fox Kennedy, former CIA officer
• Wayne Berman of the Blackstone, Inc.
• Reince Priebus, former White House Chief of Staff
• Robert O’Brien, Former National Security Adviser
• Katie Miller, former Communications Director for Mike Pence

Given the experience of this team, we have high hopes they will bring balance to the board’s investigations and deliberations. Biden’s PIAB sidestepped calls for serious reforms of Section 702, despite being presented with evidence detailing more than 278,000 instances of rules violations by the FBI.
 
With President Trump’s stated goal that PIAB should “restore integrity” to the Intelligence Community, we urge the president’s PIAB appointees – who certainly have their work cut out for them – to do exactly that. They should begin by recommending specific measures to reign in the FBI’s rampant surveillance of Americans.