United States v. Hasbajrami As we reported earlier this year, Judge LaShann DeArchy Hall of the U.S. District Court for the Eastern District of New York ruled that when the government searches for the communications of U.S. persons in data collected under FISA Section 702 authority, such searches are subject to the Fourth Amendment. Such searches must either be conducted after the issuance of a warrant, or meet stringent exceptions to the warrant requirement. Here is a declassified version of Judge Hall’s ruling. In a recent piece in Just Security, David Aaron, Noah Chauvin, and Courtney Otto explore the implications of this ruling for the Second Circuit and the FISA Court. They also explore the impact Judge Hall’s ruling is likely to have in Washington, D.C. “The opinion will likely also be viewed as significant in the halls of Congress, which must decide by April 2026 whether and in what form to reauthorize Section 702. During the last round of reauthorization, an amendment requiring a warrant for U.S. person queries failed in the House by a tie vote (A modified version of the amendment was voted down in the Senate by a wider margin). A key theme in the resistance to the warrant requirement, both inside and outside of Congress, was that no court to reach the merits of the issue had ever ruled that warrantless U.S. person queries violated the Fourth Amendment. Now that is no longer the case, members will face more pressure to impose a warrant requirement by statute.” Let us hope that many Members of Congress will look to Judge Hall’s bold declaration in favor of the Constitution to take a bold step of their own – to require warrants before Section 702 data can be used to spy on Americans. A letter released earlier this week from dozens of former high-ranking intelligence officials, including former National Security Advisor Robert C. O’Brien and acting Director of National Intelligence (DNI) Richard Grennell, made the case for Senate confirmation of Tulsi Gabbard to be the next DNI. They wrote: “Her service as DNI will begin undoing the gross politicization that has come to characterize intelligence bureaucracies, which has been to the great detriment of the freedom and security of the United States and its citizens. “Lt. Col. Gabbard’s experience more than qualifies her for this important position. A military officer with more than 20 years of honorable service, she undertook multiple combat deployments and risked her life in defense of the United States. In Congress, she served on numerous national security committees and was an outspoken champion for America’s warriors and for our cherished constitutional freedoms. In both these roles, she experienced first-hand how intelligence, when used as intended, provides critical support to America’s military and political leaders.” They concluded that Tulsi Gabbard has “the integrity, and moral courage, to restore objectivity and professionalism to the nation’s intelligence agencies.” Gene Schaerr, PPSA general counsel, details in The Washington Examiner how the National Security Agency is stonewalling our Freedom of Information Act (FOIA) request for records showing how much money that agency spent to acquire Americans’ digital data, the size of the datasets purchased, and the sources of this data. PPSA is now suing because the NSA issued a Glomar response, a rule that allows the government to refuse to disclose “the existence or non-existence of the requested information.” Schaerr writes: “This is a judicially created doctrine first issued when a Los Angeles Times reporter broke a story in the mid-1970s that the CIA had retrieved chunks of a sunken Soviet nuclear submarine using a bespoke crane ship, the Glomar Explorer … our filing doesn’t concern a secret CIA program to recover a Soviet submarine with cryptographic machines and nuclear-tipped torpedoes. We seek topline facts the American people and Congress should know – how much is NSA spending on collecting Americans personal information, and who is selling it to them?” Americans deserve to know the basics of the government’s collection and warrantless inspection of our most personal and intimate data. PPSA urges the 119th Congress to hold hearings to examine how the unrestrained use of the judge-created Glomar doctrine is killing a law, the Freedom of Information Act, meant to shed light on government operations. A suspicious husband or wife can now examine the route history of a family car or the location data of a smartphone to track a spouse’s movements. We tend to think of location history surveillance as a uniquely 21st century form of snooping. In an amusing article in the MIT Press Reader, Dartmouth scholar Jacqueline D. Wernimont writes that such surveillance is older than we think. For example, The Hartford Daily Courant in 1879 reported: “A Boston wife softly attached a pedometer to her husband when, after supper, he started to ‘go down to the office and balance the books.’ On his return, fifteen miles of walking were recorded. He had been stepping around a billiard table all evening.” In a twist worthy of today’s spy agencies, Wernimont also reports that a U.S. admiral in 1895 gave junior watch officers common pocket watches with pedometers hidden inside. The results showed that the ensigns had been asleep or resting most of the night. A night watchman at a railroad yard was given a pedometer to track his movements. It was later discovered that the night watchman evaded his responsibilities by sleeping while the pedometer was attached to a moving piston rod. The use of pedometers was an early precursor of surveillance tools used today by employers to track the movements, browsing, communications, and daily routines of their workers. Wernimont writes: “As the pedometer became a vector for surveillance by those in power, people who were able quickly developed hacks designed to frustrate such efforts.” The problem with modern technology is that it is much harder to thwart, or even anticipate when and how one is being watched. No piston rod will save us. Ever have the uncanny feeling that as soon as you voice an interest in a consumer item – a vacation destination, a tie or a scarf, an exotic coffee – an ad for that very item appears in your social media feed? Are our phones listening to us and reporting what we say in private conversations to advertisers? The Electronic Frontier Foundation explores this question in this short video along with a factsheet. While EFF says our phones are probably not listening to us, the mechanisms behind this phenomena of coincidental ads are no less disturbing: As EFF observes, it isn’t just advertisers that are buying our digital lives from data brokers. The federal government is also buying this same intrusive data gleaned from our social media interests and apps. This is the worst violation of our privacy, one that comes from a federal government that has the power to raid our homes and charge us with crimes on the basis of personal information acquired without a warrant. All the more reason to urge your U.S. Senators to follow the example of the U.S. House of Representatives and pass The Fourth Amendment Is Not For Sale Act, which would require federal intelligence and law enforcement agencies to obtain probable cause warrants – as required by the U.S. Constitution – before examining our purchased data. Supreme Court Justice Oliver Wendell Holmes observed that anyone “who respects the spirit as well as the letter of the Fourth Amendment would be loath to believe that Congress intended to authorize one of its subordinate agencies to sweep all our traditions into the fire to direct fishing expeditions into private papers on the possibility that they may disclose evidence of crime.” A century after Justice Holmes delivered that warning, the U.S. Securities and Exchange Commission is doing just that. This agency is methodically sweeping all our traditions into the fire to direct fishing expeditions that treat every investor as a criminal suspect. The good news is that the constitutionality of the SEC’s program is on trial in a case now before a federal judge in Waco, Texas. Here’s the background: Historically, when the SEC has suspected someone of insider trading, it had to issue an investigative subpoena. Then in 2010, the market suffered the “flash crash” – a trillion-dollar decline caused by technical glitches that lasted for 36 minutes. The SEC responded to this technical glitch by proposing Rule 613, which established the Consolidated Audit Trail (CAT), a database that collects not just investors’ trades, but also their privately identifiable information. This “solution” had nothing to do with the crash, but it perfectly illustrates former Chicago Mayor Rahm Emmanuel’s dictum that “you never want a serious crisis to go to waste.” Rule 613 requires self-regulatory organizations, like private stock exchanges, to collect every detail about trades in securities on a U.S. exchange. It also includes confidential data on more than 100 million private investors, making it the largest database outside of the National Security Agency. This database includes investors’ names, dates of birth, taxpayer identification numbers, Social Security numbers, and more. Now two Texas investors, in affiliation with the National Center for Public Policy Research, are suing the SEC for this massive violation of privacy. Their lawsuit, represented by the New Civil Liberties Alliance, could be required reading for law students seeking to understand the application of our constitutional rights, beginning with the Fourth Amendment. This lawsuit makes the case:
The lawsuit makes a convincing case that the U.S. Supreme Court’s 2018 Carpenter decision – which held that the government violates the Fourth Amendment whenever it seeks a suspect’s cellphone location history without a warrant – should make this case against CAT a slam-dunk. After all, the plaintiffs assert that unlike the issue in Carpenter, “with Rule 613 SEC does not need an investigative predicate, much less a court order, to obtain and analyze private information, nor is the information limited to any particular person or time frame.” Even if a federal judge declares CAT to be unconstitutional, however, it will only strike down one of many intrusive violations of Americans’ financial privacy by federal agencies. These include a new requirement of all business owners to file “beneficial ownership” forms, for which any American business owner can face two years in prison for a clerical mistake, and the U.S. Treasury’s Financial Crimes Enforcement Networks snooping into Americans’ financial transactions with the coerced cooperation of 650 private financial institutions. Once the election is over, Congress should pass the “Protecting Investors' Personally Identifiable Information Act,” introduced by Sen. John Kennedy, (R-LA), and Rep. Barry Loudermilk, (R-Ga.), which would allow the SEC to obtain personally identifiable information only by requesting it on a case-by-case basis. As the risks of the SEC’s reckless program become clearer, more Members of Congress should embrace another Holmes dictum: “State interference is an evil, where it cannot be shown to be a good.” The Securities and Exchange Commission is tracking the 61 percent of Americans who buy and sell stocks, from the trades they make to their personal identifying information. Some 3,000 SEC bureaucrats now have ready access to this database containing every single stock in the United States in a database called the Consolidated Audit Trail. Marc Wheat of Advancing American Freedom in The Washington Examiner writes: “The database is a disaster for the privacy of millions of people. In terms of the amount of information collected, only the National Security Agency’s data-collection program is larger, and that database is not focused on people. What is worse, these types of databases are not secure. In 2016, hackers made off with over $4 million by trading on at least 157 nonpublic earnings releases from the SEC’s very own Electronic Data Gathering, Analysis, and Retrieval system. “A commission that cannot protect a filing system that processes 1.7 million filings every year cannot be trusted to maintain the security of what will likely become a 100 million data point database. It is only a matter of time before it is breached, leaking people’s personal information to nefarious actors.” Larry Ellison, the founder of Oracle, said thanks to AI-enabled public surveillance, “citizens will be on their best behavior because we are constantly recording and reporting everything that’s going on.” Matthew Guariglia and Lisa Femia of the Electronic Frontier Foundation push back on the common sentiment from surveillance advocates that you are wrong to have an expectation of privacy when you go about in public.
“Today’s technology can effortlessly track your location over time, collect sensitive intimate information about you, keep a retrospective record of this data that may be stored for months, years, or indefinitely. This data can be collected for any purpose, or even for none at all. And taken in the aggregate, this data can paint a detailed picture of your daily life – a picture that is more cheaply and easily accessed by the government than ever before. “Because of this, we’re at risk of exposing more information about ourselves in public than we were in decades past. This, in turn, affects how we think about privacy in public. While your expectation of privacy is certainly different in public than it would be in your private home, there is no legal rule that says you lose all expectation of privacy whenever you’re in a public place.” In fact, EFF notes that the 2018 landmark Supreme Court opinion in Carpenter v. United States, the Court wished to preserve “the degree of privacy against government that existed when the Fourth Amendment was adopted.” Neil C. Hughes has a compelling piece in cybernews.com describing an Orwellian reality that, unfortunately, is not a matter of science-fiction. It is already part of our daily lives. Hughes writes:
“The constant tracking from our devices, websites, social media platforms, CCTV, and even your employer might be leaving you feeling like you are trapped inside a personalized version of The Truman Show.” At home, images and data from digital assistants, Ring Doorbell surveillance partnered with police departments, smart appliances, heart rate monitors, and even washing machines produce information that “could be used against you by digital forensics teams should you find yourself accused of a crime.” At work, you are tracked by productivity tools, and on the streets by cameras and facial recognition. Banks monitor our “every transaction to monitor for fraud or money laundering.” Hughes adds: “After you finally return home and collapse in your favorite chair to unwind, you are not necessarily paranoid if you question whether you’re watching your TV or if it’s watching you. Some new smart TVs have cameras typically hidden in a bezel at the top of the TV screen, leaving many to think there is nowhere to hide from the watchful eye of cameras and algorithms.” Are the Charges Against Telegram CEO Pavel Durov Meant to Lead the World to Outlaw Encryption?9/3/2024
For days after the arrest of Telegram CEO Pavel Durov by French authorities at Le Bourget Airport near Paris, the world civil liberties community held back.
The impulse to rush to the defense of a Russian dissident/entrepreneur was almost overwhelming. Durov had refined his skills with the creation of VK, a social media website that allowed dissidents, opposition politicians, and Ukrainian protesters to evade Vladimir Putin’s emerging surveillance state as late as 2014. After Durov fled Russia with his brother Nikolai, they created the encrypted messenger service Telegram, which allows users not only to communicate in secrecy, but to also set their messages to disappear. Across Asia, Africa, Latin America, and our own country, Telegram enables dissidents, journalists, and people in fear of cartels or abusive spouses to communicate without making themselves vulnerable. So civil libertarians were naturally poised to rush to Durov’s defense. But they didn’t. There was the matter of the 12 charges approved by a French judge this week, including “complicity” in crimes such as aiding in the distribution of international narcotics and child sex abuse material. The many devils in this case lurk in its many details, some of which are far from well understood. At this point, however, we can at least pose preliminary questions. Some answers must come from the French government. Some must come from every person who cares about privacy, including the almost 1 billion users of Telegram.
We can already highlight at least one aspect of this case that should concern civil libertarians and free speech advocates around the world. Thanks to an insightful analysis by Kevin Collier and Rob Wile in Slate, we know that two of the 12 charges involve a purported obligation of providers of cryptological services to require their users to register with their real identities. Another count declares it a crime to import such an encrypted service “without prior declaration.” Collier and Wile write that this latter provision, which at first sounds like a matter of bureaucratic form-filling, actually implies that “France sees the use of internationally based, unregulated ‘encryption’ service as a crime all its own.” If so, will France get away with criminalizing private encryption services? And if that happens, might this become EU policy? We are already seeing Europe employ illiberal interpretations of the recently enacted Digital Services Act. The EU’s top digital regulator, Thierry Breton, threatened X with legal action if it ran Elon Musk’s full interview with Donald Trump. While Breton’s threat was later disowned by his boss, EU President Ursula von der Leyen, it was still breathtaking to see in Europe today that a powerful regulator believes the European public would be well served by censoring the words of a major party nominee to lead the United States. It is not a stretch to imagine such people also wanting to stamp out private communications. Is France now using possibly legitimate charges about Telegram’s operation to undermine the very idea of encryption? Everyone who cares about privacy should watch how this case unfolds. After all, thanks to Telegram, we know that there are at least one billion of us. Nafees Syed and Kamel El Hilali, fellows at the Information Society Project at Yale Law School, wrote in CNN.com.
“The Reforming Intelligence and Securing America Act (RISAA) passed by Congress last month did anything but reform a system that subjects Americans to unconstitutional government surveillance … “While the law includes exemptions for some public facilities, such as restaurants and community centers, the number of businesses and entities that offer a Wi-Fi connection means that intelligence agencies may compel places such as airports, train stations, transport companies (trains, subways, buses) and shopping malls to convey their customers’ communications data to intelligence agencies upon presentation of a directive requiring them to cooperate. “This provision transforms a law intended to target non-US persons abroad into a domestic surveillance tool.” |
Categories
All
|