For the second time, PPSA has been forced to go to court to oppose the delaying tactics of the National Security Agency, the CIA, the FBI, and the Office of the Director of National Intelligence in complying with its obligations under Freedom of Information Act (FOIA).
PPSA’s FOIA request, now years old, asks these agencies to produce documents concerning their acquisition and use of commercially available information regarding 145 current and former Members of Congress. These Members have served on committees with oversight responsibilities of the intelligence community. Earlier this year, federal Judge Rudolph Contreras rejected the agencies’ insistence that the Glomar doctrine – which allows agencies to neither confirm nor deny the existence of certain records – relieves them of their statutory obligations to search for responsive records. Judge Contreras had narrowed PPSA’s request to exclude operational documents, ordering agencies to search for only policy documents. He cited agencies correspondence with Members of Congress as an example of a policy document. Judge Contreras wrote, “it is difficult to see how a document such as this would reveal sensitive information about Defendants’ intelligence activities, sources or methods.” Yet the intelligence community is defying its legal obligations for a second time. The agencies’ new strategy rests on a nonsensical linkage to an entirely different PPSA case, currently before the D.C. Circuit, that happens to also use the term “policy documents.” By conflating separate cases, the agencies suggest that they meant to challenge Judge Contreras’ order to search only for “policy documents.” But the agencies have not done so, and this is clearly just the latest delay tactic used to ignore FOIA’s clear search requirement, which Judge Contreras reinforced earlier this year. As a result of this new attempt at delay and obfuscation, agencies are now asking the Court to significantly expand Defendants’ delays by staying this case into 2025. PPSA is hopeful that these agencies will eventually comply with a direct and unambiguous order from a federal judge. In the early 1920s revenue agents staked out a South Carolina home the agents suspected was being used as a distribution center for moonshine whiskey. The revenue agents were in luck. They saw a visitor arrive to receive a bottle from someone inside the house. The agents moved in. The son of the home’s owner, a man named Hester, realized that he was about to be arrested and sprinted with the bottle to a nearby car, picked up a gallon jug, and ran into an open field.
One of the agents fired a shot into the air, prompting Hester to toss the jug, which shattered. Hester then threw the bottle in the open field. Officers found a large fragment of the broken jug and the discarded bottle both contained moonshine whiskey. This was solid proof that moonshine was being sold. But was it admissible as evidence? After all, the revenue agents did not have a warrant. This case eventually wound its way to the Supreme Court. In 1924, a unanimous Court, presided over by Chief Justice (and former U.S. President) William Howard Taft, held that the Fourth Amendment did not apply to this evidence. Justice Oliver Wendell Holmes, writing the Court’s opinion, declared that “the special protection accorded by the Fourth Amendment to the people in their ‘persons, houses, papers and effects,’ is not extended to the open field.” This principle was later extended to exclude any garbage that a person throws away from Fourth Amendment protections. As strange as it may seem, this case about broken jugs and moonshine from the 1920s, Hester v. United States, provides the principle by which law enforcement officers freely help themselves to the information inside a discarded or lost cellphone – text messages, emails, bank records, phone calls, and images. We reported a case in 2022 in which a Virginia man was convicted of crimes based on police inspection of a cellphone he had left behind in a restaurant. That man’s attorney, Brandon Boxler, told the Daily Press of Newport News that “cellphones are different. They have massive storage capabilities. A search of a cellphone involves a much deeper invasion of privacy. The depth and breadth of personal and private information they contain was unimaginable in 1924.” In Riley v. California, the Supreme Court in 2018 upheld that a warrant was required to inspect the contents of a suspect’s cellphone. But the Hester rule still applies to discarded and lost phones. They are still subject to what Justice Holmes called the rules of the open field. The American Civil Liberties Union, ACLU Oregon, the Electronic Privacy Information Center, and other civil liberties organizations are challenging this doctrine before the Ninth Circuit in Hunt v. United States. They told the court that it should not use the same reasoning that has historically applied to garbage left out for collection and items discarded in a hotel wastepaper basket. “Our cell phones provide access to information comparable in quantity and breadth to what police might glean from a thorough search of a house,” ACLU said in a posted statement. “Unlike a house, though, a cell phone is relatively easy to lose. You carry it with you almost all the time. It can fall between seat cushions or slip out of a loose pocket. You might leave it at the check-out desk after making a purchase or forget it on the bus as you hasten to make your stop … It would be absurd to suggest that a person intends to open up their house for unrestrained searches by police whenever they drop their house key.” Yet that is the government position on lost and discarded cellphones. PPSA applauds and supports the ACLU and its partners for taking a strong stand on cellphone privacy. The logic of extending special protections to cellphones, which the Supreme Court has held contain the “privacies of life,” is obvious. It is the government’s position that tastes like something cooked up in a still. If you write legislation but refuse to tell the public what is in it, can it still be considered a law if enacted? Can public laws be redacted, with big black heavy marks through their central provisions?
The Senate Intelligence Committee thinks so. These questions arise from a development that forces civil libertarians to look a gift horse in the mouth. Here’s the background: When Congress passed the reauthorization of Section 702 in April, it included an amendment from the House Intelligence Committee that would force “any provider” of a business service to warrantlessly hand over customer information from any electronic device that transmits data, such as routers or free WiFi. Any businessperson could be dragooned into this service and gagged for life to never reveal it. The public outcry about turning your neighborhood Starbucks into a spying operation prompted legislators to exclude coffee shops, hotels, and community centers. But the amendment, adopted by the Senate, was still expansive enough to define gyms, office complexes, dentists, you name it, as “electronic service providers” covered by this law. Many civil libertarians worried that custodial services would be required to swipe data from servers at night. That may sound paranoid, but the law was expansive enough to allow that – and we’ve seen time and again, give the intelligence community an inch and they will take a continent. That’s why this law was quickly labeled the “Make Everyone a Spy” program. Senate Intelligence Chairman Mark Warner won passage of this amendment only by pledging to his colleagues that his committee would narrow the scope of this provision to one intended sector that was the subject of secret opinions from the Foreign Intelligence Surveillance Court. Sen. Warner deserves great credit for keeping his word and acting on it with alacrity. It is widely believed on Capitol Hill that the legislation is aimed at data centers, not everyday businesses. But we cannot be sure because the new amendment’s new, narrowed definition of a category of covered electronic service provider is classified. So, the good news: The Make Everyone a Spy law is being narrowed to a single category. The bad news: We don’t know what that means. Such secret law is a dangerous practice that will lead to pernicious outcomes. If unchallenged, this precedent will be used by the champions of the intelligence community on Capitol Hill to insert a host of secret provisions. Combine secret law with secret opinions from the secret FISA court, and voilà, you have a complete Star Chamber legal system adjacent to the public one. If this still seems hyperbolic, imagine what it would be like to be on the receiving end of a government request to produce customer information, without being presented with a warrant. Your lawyer can ask: Are we a covered entity within the government’s definition? Or is the government overreaching? There would be no answers to these questions because secret law short circuits due process. If this provision is aimed at data centers, as surely the Russians, Chinese, Iranians, and North Koreans know from reading American media, why not reveal that fact? The best outcome would be for the Senate to strip out the secrecy and let us know who is and who is not covered by this law. When President Biden signed the “Reforming Intelligence and Securing America Act,” he couldn’t help but sign into law a measure that enhances oversight of the intelligence community.
An amendment to that bill, sponsored by Texas Republican Rep. Chip Roy, tasks the FBI with enhanced reporting requirements of its use of Americans’ communications caught up in FISA Section 702. Rep. Roy’s addition to the law also stipulates that the chairs and ranking Members of the House and Senate Judiciary Committees, as well as the leaders of the House and Senate, are able to attend the hearings of FISA’s secret courts – the Foreign Intelligence Surveillance Court and the Foreign Intelligence Surveillance Court of Review. It is in these secret chambers that the FBI petitions for approval to secretly surveil Americans suspected of being national security threats. It is before the FISC that the FBI won approval four times to spy on Trump campaign aide Carter Page as a possible Russian agent, misleading the court about the validity of its evidence and submitting a forged document. Now Jim Jordan, Chairman of the House Judiciary Committee, and Jerry Nadler, former Chairman and Ranking Member of that same committee, have fired off a letter to Avril Haines, Director of National Intelligence, giving her until close of business on June 11 to brief their offices on procedures for attending the proceedings of these two courts. Rep. Roy, who offered this measure as an amendment and helped it become law, tweets that “committees are more empowered to keep tabs on how the federal gov is conducting surveillance. This is a tremendous step forward for Americans’ 4th Amendment rights!” He’s right. The leaders of the primary House oversight committee of the intelligence community are knocking on the doors of the secret courts to hear for themselves how Americans’ rights are handled in these secret hearings. Oversight doesn’t get more direct than that. State of Alaska v. McKelveyWe recently reported that the Michigan Supreme Court punted on the Fourth Amendment implications in a case involving local government’s warrantless surveillance of a couple’s property with drone cameras. This was a disappointing outcome, one in which we had filed an amicus brief on behalf of the couple.
But other states are taking a harder look at privacy and aerial surveillance. In another recent case, the Alaska Supreme Court in State v. McKelvey upheld an appeals court ruling that the police needed to obtain a warrant before using an aircraft with officers armed with telephoto lenses to see if a man was cultivating marijuana in his backyard at his home near Fairbanks. In a well-reasoned opinion, Alaska’s top court found that this practice was “corrosive to Alaskans’ sense of security.” The state government had argued that the observations did not violate any reasonable expectation of privacy because they were made with commercially available, commonly used equipment. “This point is not persuasive,” the Alaska justices responded. “The commercial availability of a piece of technology is not an appropriate measure of whether the technology’s use by the government to surveil violates a reasonable expectation of privacy.” The court’s reasoning is profound and of national significance: “If it is not a search when the police make observations using technology that is commercially available, then the constitutional protection against unreasonable searches will shrink as technology advances … As the Seventh Circuit recently observed, that approach creates a ‘precarious circularity.’ Adoption of new technologies means ‘society’s expectations of privacy will change as citizens increasingly rely on and expect these new technologies.’” That is as succinct a description of the current state of privacy as any we’ve heard. The court found that “few of us anticipated, when we began shopping for things online, that we would receive advertisements for car seats and burp cloths before telling anyone there was a baby on the way.” We would add that virtually no one in the early era of social media anticipated that federal agencies would use it to purchase our most intimate and sensitive information from data brokers without warrants. The Alaska Supreme Court sees the danger of technology expansion with drones, which it held is corrosive to Alaskans’ sense of privacy. As we warned, drones are becoming ever cheaper, sold with combined sensor packages that can be not only deeply intrusive across a property, but actually able to penetrate into the interior of a home. The Alaska opinion is an eloquent warning that when it comes to the loss of privacy, we’ve become the proverbial frog, allowing ourselves to become comfortable with being boiled by degrees. This opinion deserves to be nationally recognized as a bold declaration against the trend of ever-more expanding technology and ever-more shrinking zones of privacy. Katie King in the Virginian-Pilot reports an in-depth account about the growing dependency of local law enforcement agencies on Flock Safety cameras, mounted on roads and intersections to catch drivers suspected of crimes. With more than 5,000 police agencies across the nation using these devices, the privacy implications are enormous.
Surveillance cameras have been in the news at lot lately, often in a positive light. Local news is consumed by murder suspects and porch pirates alike captured on video. The recently released video of a physical attack by rapper Sean “Diddy” Combs on a girlfriend several years ago has saturated media, reminding us that surveillance can protect the vulnerable. The crime-solving potential of license plate readers is huge. Flock’s software runs license plate numbers through law enforcement databases, allowing police to quickly track a stolen car, locate suspects fleeing a crime, or find a missing person. With such technologies, Silver and Amber alerts might one day become obsolete. As with facial recognition technology, however, license plate readers can produce false positives, ensnaring innocent people in the criminal justice system. King recounts the ordeal of an Ohio man who was arrested by police with drawn guns and a snarling dog. Flock’s license plate reader had falsely flagged his vehicle as having stolen tags. The good news is that Flock insists it is not even considering combining its network with facial recognition technology – reducing the possibility of both technologies flagging someone as dangerous. As with so many surveillance technologies, the greater issue in license-plate readers is not the technology itself, but how it might be used in a network. “There’s a simple principle that we’ve always had in this country, which is that the government doesn’t get to watch everybody all the time just in case somebody commits a crime – the United States is not China,” Jay Stanley, a senior analyst with the American Civil Liberties Union, told King. “But these cameras are being deployed with such density that it’s like GPS-tracking everyone.” License plate readers could, conceivably, be networked to track everywhere that everyone goes – from trips to mental health clinics, to gun stores, to houses of worship, and protests. With so many federal agencies already purchasing Americans’ sensitive data from data brokers, creating a national network of drivers’ whereabouts is just one more addition to what is already becoming a national surveillance system. With apologies to Jay Stanley, we are in serious danger of becoming China. As massive databases compile facial recognition, location data, and now driving routes, we need more than ever to head off the combination of all these measures. A good place to start would be for the U.S. Senate follow the example of the House by passing the Fourth Amendment Is Not For Sale Act. The City of Denver is reversing its previous stance against the use of police drones. The city is now buying drones to explore the effectiveness of replacing many police calls with remote aerial responses. A Denver police spokesman said that on many calls the police department will send drones first, officers second. When operators of drones see that a call was a false alarm, or that a traffic issue has been resolved, the police department will be free to devote scarce resources to more urgent priorities.
Nearby Arapahoe County already has a fleet of 20 such drones operated by 14 pilots. Arapahoe has successfully used drones to follow suspects fleeing a crime, provide live-streamed video and mapping of a tense situation before law enforcement arrives, and to look for missing people. In Loveland, Colorado, a drone was used to deliver a defibrillator to a patient before paramedics were able to get to the scene. The use of drones by local law enforcement as supplements to patrol officers is likely to grow. And why not? It makes sense for a drone to scout out a traffic accident or a crime scene for police. But as law enforcement builds more robust fleets of drones, they could be used not just to assess the seriousness of a 911 call, but to provide the basis for around-the-clock surveillance. Modern drones can deliver intimate surveillance that is more invasive than traditional searches. They can be packed with cell-simulator devices to extract location and other data from cellphones in a given area. They can loiter over a home or peek in someone’s window. They can see in the dark. They can track people and their activities through walls by their heat signatures. Two or more cameras combined can work in stereo to create 3D maps inside homes. Sensor fusion between high definition, fully maneuverable cameras can put all these together to essentially give police an inside look at a target’s life. Drones with such high-tech surveillance packages can be had on the market for around $6,000. As with so many other forms of surveillance, the modest use of this technology sounds sensible, until one considers how many other ways they can be used. Local leaders at the very least need to enact policies that put guardrails on these practices before we learn, the hard way, how drones and the data they generate can be misused. A report by The New York Time’s Vivian Wang in Beijing and one by Tech Policy’s Marwa Sayed in New York describes the twin strategies for surveilling a nation’s population, in the United States as well as in China.
Wang chronicles the move by China’s dictator, Xi Jinping, to round out the pervasive social media and facial recognition surveillance capability of the state by bringing back Mao-era human snitching. Wang writes that Xi wants local surveillance that is “more visible, more invasive, always on the lookout for real or perceived threats. Officers patrol apartment buildings listening for feuding neighbors. Officials recruit retirees playing chess outdoors as extra eyes and ears. In the workplace, employers are required to appoint ‘safety consultants’ who report regularly to the police.” Xi, Wang reports, explicitly links this new emphasis on human domestic surveillance to the era when “the party encouraged residents to ‘re-educate’ purported political enemies, through so-called struggle sessions where people were publicly insulted and humiliated …” Creating a society of snitches supports the vast network of social media surveillance, in which every “improper” message or text can be reviewed and flagged by AI. Chinese citizens are already followed everywhere by location beacons and a national network of surveillance cameras and facial recognition technology. Marwa Sayed writes about the strategy of technology surveillance contained in several bills in New York State. One bill in the state legislature would force the owners of driver-for-hire vehicles to install rear-facing cameras in their cars, presumably capturing private conversations by passengers. Another state bill would mandate surveillance cameras at racetracks to monitor human and equine traffic, watching over people in their leisure time. “Legislators seem to have decided that the cure to what ails us is a veritable panopticon of cameras that spares no one and reaches further and further into our private lives,” Sayed writes. She notes another measure before the New York City Council that would require the Department of Sanitation to install surveillance cameras to counter the insidious threat of people putting household trash into public litter baskets. Sayed writes: “As the ubiquity of cameras grows, so do the harms. Research shows that surveillance and the feeling it creates of constantly being watched leads to anxiety and paranoia. People may start to feel there is no point to personal privacy because you’ll be watched wherever you go. It makes us wary about taking risks and dampens our ability to interact with one another as social creatures.” Without quite meaning to, federal, state, and local authorities are merging the elements of a national surveillance system. This system draws on agencies’ purchases of our sensitive, personal information from data brokers, as well as increasingly integrated camera, facial recognition, and other surveillance networks. And don’t think that organized human snitching can’t come to these shores either. During World War One, the federal government authorized approved citizens to join neighborhood watch groups with badges inscribed with the words, “American Protection League – Secret Service.” At a time when Americans were sent to prison for opposing the war, the American Protection League kept tabs on neighbors, always on the watch out for anyone who seemed insufficiently enthusiastic about the war. Americans could be reported to the Department of Justice for listening to Beethoven on their phonographs or checking out books about German culture from the library. Today, large numbers of FBI and other government employees secretly “suggest” that social media companies remove posts that contain “disinformation.” They monitor social media to track posts of people, whether targeted by the FBI as traditional Catholics or observant Muslims, for signs of extremism. As world tension grows between the United States and China, Russia, Iran and North Korea, something like the American Protection League might be resurrected soon in response to a foreign policy crisis. Its digital ghost is already watching us. The House of Representatives on Thursday passed the CBDC Anti-Surveillance State Act, 216-192, a measure sponsored by House Majority Whip Tom Emmer (R-MN) that would prohibit the Federal Reserve from issuing a central bank digital currency (CBDC) that would give the federal government the ability to monitor and control individual Americans’ spending habits.
“A digital dollar could give the FBI and other federal agencies instant, warrantless access to every transaction of any size made between Americans,” said Bob Goodlatte, former congressman and PPSA Senior Policy Advisor. “This would be an alarming and unacceptable invasion of our Fourth Amendment right to privacy. The CBDC Anti-Surveillance State Act takes a critical step to prevent this from happening. We applaud Rep. Emmer for his leadership in protecting Americans against pervasive government surveillance of our financial data.” Perhaps next the House will consider measures to rein in financial surveillance by the U.S. Treasury and the Financial Crimes Enforcement Network (FinCEN). Passage by the House of the CBDC Anti-Surveillance State Act is an encouraging sign that more Members and their constituents are learning about the government’s financial surveillance and are ready to push back. The surveillance state is hitting small businesses hard lately. If the “Make Everyone a Spy” provision weren’t enough, the Corporate Transparency Act (CTA) imposes sweeping disclosure requirements on “beneficial owners” of small businesses, with harsh punishments for mistakes on an official form.
After the National Small Business Association sued the Treasury Department, a federal court declared the CTA unconstitutional. It issued a scholarly opinion that explored the nuances of Congress’s power to regulate interstate commerce. Treasury appealed to the Eleventh Circuit. In our amicus brief, PPSA tells the Eleventh Circuit that the lower court got it right, but that there’s an easier way to resolve this case. We inform the court that the Fourth Amendment provides the “straightforward and resounding answer” that the CTA is unconstitutional. PPSA warns that the CTA’s database provisions pose an unprecedented threat to Americans’ privacy that are “even more disturbing” than the new rule’s disclosure requirements. We explain that the information collected from tens of millions of beneficial owners will be stored in what the government calls an “accurate, complete, and highly useful database” that can be searched by multiple federal agencies, no warrant required. And while the government claims this data will be used to catch tax cheats, the CTA says it will be used in conjunction with state and tribal authorities, who have no power to enforce federal tax laws. Creating such a database for warrantless inspection by the FBI, IRS, DEA, and Department of Homeland Security is obviously ripe for abuse. Our brief explains how this database could be used to identify owners of businesses with an ideological character – like political booksellers – and single out their investors for retaliation. This is not a far-fetched hypothetical. Many agencies, including the Treasury Department, have engaged in politically motivated financial investigations, documented in detail by the House Judiciary Committee. Our brief notes that the database will be so sophisticated that it should be evaluated under a U.S. Supreme Court precedent addressing high-tech surveillance, just as the Fourth Circuit did for Baltimore’s database-driven aerial surveillance program. And that precedent explains that surveillance tools can’t be used to undermine the sort of privacy that existed when the Fourth Amendment was adopted. We told the court: “This database thus has the sort of ‘depth, breadth, and comprehensive reach,’ that is simply incompatible with ‘preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.’” As pernicious as the database itself is, recent advances in technology make it even worse. With modern machine learning, seemingly innocuous personal details can be linked up in disturbing ways. For instance, researchers have known how to identify authors based on a collection of anonymous posts since 2022. PPSA points out that the government could identify authors with views it dislikes, see if they pop up in the beneficial owner database, and have multiple agencies launch pretextual investigations. Next, we address how advancing AI technology could make such surveillance even more potent, then urged the court not to “leave the public at the mercy of advancing technology,” but to preserve Founding-era levels of privacy despite the march of technology. Readers might notice a pattern of AI exacerbating existing privacy invasions, from mass facial recognition to drone surveillance to a proliferating body of databases. So far, the government has relied on the “special needs” exception. This rule allows the government to keep its own house in order, with the warrantless drug testing of schoolteachers and top-secret national security employees. But this authority is often abused, as we’ve noted previously. Our brief explains that this exception doesn’t even apply to information collected to identify crimes – which is exactly what the government claims the CTA is supposed to help with. But the struggle for constitutional rights and privacy remains multilayered. If the CTA remains struck down, the government will still be purchasing vast amounts of Americans’ personal information from shady “data brokers.” That’s why we applauded the House recently for passing the Fourth Amendment Is Not For Sale Act, and urge the Senate to do so as well. Now it is up to the Eleventh Circuit to protect the American people from an overbearing government, hungry to track our every move. “You are being watched, and though we are on the other side of the planet, we can still reach you." Amnesty International released a report based on interviews with 32 Chinese students, including 12 from Hong Kong, studying in universities in eight countries – from the United States to Belgium, Canada, France, Germany, the Netherlands, Switzerland, and the United Kingdom.
Sarah Brooks, Amnesty International’s China Director, said that even when Chinese students study thousands of miles from home, many live in fear. “The Chinese authorities’ assault on human rights activism is playing out in the corridors and classrooms of the many universities that host Chinese and Hong Kong students,” she said. A typical story was told by a student who attended a commemoration of the 1989 Tiananmen Square massacre. She was careful not to share her real name with anyone involved in the protest or to post anything online. Yet, a few hours later she heard from her father in China, who had been grilled by security officials. Such surveillance could possibly be performed by a quick study of online images. About one-half of Amnesty’s interviewees said they had been photographed or recorded at events by someone present at the protest. The only conclusion to draw from this is that China has enough spies in the United States and Western countries to show up and shadow protest events. Many students said they censor themselves online – even in the classroom – due to the perceived risk their comments and opinions will be reported. One-third of students said they changed the focus of their studies or dropped out of planned academic careers because of this pressure. “Threats made to family members in mainland China included to revoke their passports, get them fired from their jobs, prevent them from receiving promotions and retirement benefits, or even limiting their physical freedom,” Amnesty reports. In some instances, families have been pressured to cut off financial support for their children. More than one-half of the students interviewed said they suffered mental health issues linked to their fears, ranging from stress and trauma to paranoia and depression. One case led to hospitalization. Western universities have been slow to recognize and counter these threats to students. Some academics have even sided with China against dissident students. Amnesty reports that a student was dropped by a Western university researcher on a project after learning that she had participated in a protest critical of China. “The impact of China’s transnational repression poses a serious threat to the free exchange of ideas that is at the heart of academic freedom, and governments and universities must do more to counter it,” Brooks said. Universities need to be fully aware of the threat of surveillance and retaliation against their students from China. The U.S. government must also take countermeasures to stop Chinese surveillance of students in the United States, even if this means expelling diplomats or tracking others who surveil and harass students exercising their right to free speech. We must also be aware of the dangers of purchased or posted data and videos that expose Chinese students to harm. Amnesty’s report is a reminder that that in the United States, it is not just the U.S. federal government that surveils Americans and visitors to our shores. Suspect: “We Have to Follow the Law. Why Don’t They?" Facial recognition software is useful but fallible. It often leads to wrongful arrests, especially given the software’s tendency to produce false positives for people of color.
We reported in 2023 on the case of Randall Reid, a Black man in Georgia, arrested and held for a week by police for allegedly stealing $10,000 of Chanel and Louis Vuitton handbags in Louisiana. Reid was traveling to a Thanksgiving dinner near Atlanta with his mother when he was arrested. He was three states and seven hours away from the scene of this crime in a state in which he had never set foot. Then there is the case of Portia Woodruff, a 32-year-old Black woman, who was arrested in her driveway for a recent carjacking and robbery. She was eight months pregnant at the time, far from the profile of the carjacker. She suffered great emotional distress and suffered spasms and contractions while in jail. Some jurisdictions have reacted to the spotty nature of facial recognition by requiring every purported “match” to be evaluated by a large team to reduce human bias. Other jurisdictions, from Boston to Austin and San Francisco, responded to the technology’s flaws by banning the use of this technology altogether. The Washington Post’s Douglas MacMillan reports that officers of the Austin Police Department have developed a neat workaround for the ban. Austin police asked law enforcement in the nearby town of Leander to conduct face searches for them at least 13 times since Austin enacted its ban. Tyrell Johnson, a 20-year-old man who is a suspect in a robbery case due to a facial recognition workaround by Austin police told MacMillan, “We have to follow the law. Why don’t they?” Other jurisdictions are accused of working around bans by posting “be on the lookout” flyers in other jurisdictions, which critics say is meant to be picked up and run through facial recognition systems by other police departments or law enforcement agencies. MacMillian’s interviews with defense lawyers, prosecutors, and judges revealed the core problem with the use of this technology – employing facial recognition to generate leads but not evidence. They told him that prosecutors are not required in most jurisdictions to inform criminal defendants they were identified using an algorithm. This highlights the larger problem with high-tech surveillance in all its forms: improperly accessed data, reviewed without a warrant, can allow investigators to work backwards to incriminate a suspect. Many criminal defendants never discover the original “evidence” that led to their prosecution, and thus can never challenge the basis for their case. This “backdoor search loophole” is the greater risk, whether one is dealing with databases of mass internet communications or facial recognition. Thanks to this loophole, Americans can be accused of crimes but left in the dark about how the cases against them were started. Nafees Syed and Kamel El Hilali, fellows at the Information Society Project at Yale Law School, wrote in CNN.com.
“The Reforming Intelligence and Securing America Act (RISAA) passed by Congress last month did anything but reform a system that subjects Americans to unconstitutional government surveillance … “While the law includes exemptions for some public facilities, such as restaurants and community centers, the number of businesses and entities that offer a Wi-Fi connection means that intelligence agencies may compel places such as airports, train stations, transport companies (trains, subways, buses) and shopping malls to convey their customers’ communications data to intelligence agencies upon presentation of a directive requiring them to cooperate. “This provision transforms a law intended to target non-US persons abroad into a domestic surveillance tool.” Now that the House has passed the Fourth Amendment Is Not for Sale Act, senators would do well to review new concessions from the intelligence community on how it treats Americans’ purchased data. This is progress, but it points to how much more needs to be done to protect privacy.
Avril Haines, Director of National Intelligence (DNI), released a “Policy Framework for Commercially Available Information,” or CAI. In plain English, CAI is all the digital data scraped from our apps and sold to federal agencies, ranging from the FBI to the IRS, Department of Homeland Security, and Department of Defense. From purchased digital data, federal agents can instantly access almost every detail of our personal lives, from our relationships to our location histories, to data about our health, financial stability, religious practices, and politics. Federal purchases of Americans’ data don’t merely violate Americans’ privacy, they kick down any semblance of it. There are signs that the intelligence community itself is coming to realize just how extreme its practices are. Last summer, Director Haines released an unusually frank report from an internal panel about the dangers of CAI. We wrote at the time: “Unlike most government documents, this report is remarkably self-aware and willing to explore the dangers” of data purchases. The panel admitted that this data can be used to “facilitate blackmail, stalking, harassment, and public shaming.” Director Haines’ new policy orders all 18 intelligence agencies to devise safeguards “tailored to the sensitivity of the information” and produce an annual report on how each agency uses such data. The policy also requires agencies:
Details for how each of the intelligence agencies will fulfill these aspirations – and actually handle “sensitive CAI” – is left up to them. Sen. Ron Wyden (D-OR) acknowledged that this new policy marks “an important step forward in starting to bring the intelligence community under a set of principles and polices, and in documenting all the various programs so that they can be overseen.” Journalist and author Byron Tau told Reason that the new policy is a notable change in the government’s stance. Earlier, “government lawyers were saying basically it’s anonymized, so no privacy problem here.” Critics were quick to point out that any of this data could be deanonymized with a few keystrokes. Now, Tau says, the new policy is “sort of a recognition that this data is actually sensitive, which is a bit of change.” Tau has it right – this is a bit of a change, but one with potentially big consequences. One of those consequences is that the public and Congress will have metrics that are at least suggestive of what data the intelligence community is purchasing and how it uses it. In the meantime, Sen. Wyden says, the framework of the new policy has an “absence of clear rules about what commercially available information can and cannot be purchased by the intelligence community.” Sen. Wyden adds that this absence “reinforces the need for Congress to pass legislation protecting the rights of Americans.” In other words, the Senate must pass the Fourth Amendment Is Not For Sale Act, which would subject purchased data to the same standard as any other personal information – a probable cause warrant. That alone would clarify all the rules of the intelligence community. The federal government’s hunger for financial surveillance is boundless. A central bank digital currency (CBDC) would completely satisfy it. Under a CBDC, all transactions would be recorded, giving federal agencies the means to review any Americans’ income and expenditures at a glance. Financial privacy would not be compromised: it would be dead.
Federal Reserve Chairman Jerome Powell says this country is “nowhere near” establishing a digital currency. To be sure, such an undertaking would take years. But Nigeria, Jamaica, and the Bahamas already have digital currencies. China is well along in a pilot program for a digital yuan. The U.S. government is actively exploring this as an option. It is not too early to consider the consequences of a digital dollar. Such a digital currency would create a presumably unbreakable code, or “blocks” linked together by cryptographic algorithms, to connect computers to create a digital ledger to record transactions. Some risks of a CBDC are obvious – from the breaking of “unbreakable” codes by criminals and hostile foreign governments, to the temptation for Washington, D.C., to expand the currency with a few clicks, making it all the easier to inflate the currency. House Majority Whip, Rep. Tom Emmer (R-MN), is especially concerned about the privacy implications of a digital currency. “If not designed to be open, permissionless, and private – emulating cash – a government-issued CBDC is nothing more than a CCP-style (Chinese Communist Party) surveillance tool that would be used to undermine the American way of life,” Rep. Emmer said. He is expected to soon reintroduce a bill that would require any central bank digital currency to require authorizing legislation from Congress before it could be enacted. Emmer’s stand is prescient, not premature. From the new requirement for “beneficial ownership” forms by small businesses, to the revelation from House hearings of warrantless, dragnet surveillance through credit card and ATM transactions, the federal government is inventing new ways to track our every financial move. Rep. Emmer is right to head this one off at the pass. PPSA endorses this bill and urges Emmer’s colleagues to pass it into law. A new fiat currency should have the permission of Congress and the American people. There is a mystery at the heart of the recently enacted law that broadens the definition of an “electronic communications service provider” with a duty to carry out secret surveillance at the request of the government.
Such compelled surveillance requirements were once focused on major companies, like Verizon, AT&T, and Google. But then came a secret case that led the intelligence community to want to expand the law to cover, well, almost everyone in business. This new law, increasingly known by its moniker “Make Everyone a Spy Act,” can now enlist business owners into copying the communications of their customers and handing them over to the FBI or some other government agency. What prompted the intelligence community to want such a dramatic expansion of covered entities? Senate Intelligence Committee Chairman Mark Warner said on the Senate floor in April: “Now, why has this suddenly now become such an issue? Well, one of those communications providers – remember I talked about clouds, data centers, how these networks come together and how network traffic is intertangled at these data centers? One of these entities that controlled one of those new enterprises that didn’t exist in 2008 said: Well, hold it. You can’t compel us to work with the American government because we don’t technically fit the definition of an electronic communications service provider. And the fact was, the company that raised that claim won in court. So what happened was, the FISA Court said to Congress: You guys need to close this loophole; you need to close this and change this definition.” Yet the new law is insanely broad. It covers “any” service provider with access to communications equipment. The government can now enlist custodial services, landlords, owners of small office complexes, gyms, dentist offices, and small businesses of almost every kind, as government spies. And, as with the larger telecoms and tech companies, these small businesses will be held under a gag order, preventing them from alerting their customers that they’ve been spied on. Worse, because few small business owners have the ability to neatly parse exact threads of communications from their equipment, they will likely just turn over the equipment itself – and every customers’ private data it contains – to the NSA. Little wonder that Sen. Ron Wyden (D-OR) described this sweeping provision as “one of the most dramatic and terrifying expansions of government surveillance authority in history.” Sen. Warner admitted that the provision “could have been drafted better.” He promised that if the Senate passed the bill, he would support a redraft of this law’s language in the next Intelligence Authorization Act or the National Defense Authorization Act. The Senate took him at his word and passed the bill. But how can such a redraft be done without some guidance as to the nature of the case that prompted this new law? Without a public disclosure of the type of service provider at the heart of the case Sen. Warner referred to, Congress cannot effectively narrow the language. The administration must declassify the type of provider in the FISC case to guide Congress in making precise refinements in its narrowing of the law. For that reason, PPSA is joining a host of civil liberties peer organizations – ranging from the American Civil Liberties Union and Brennan Center to the Due Process Institute and FreedomWorks – in an open letter to Attorney General Merrick Garland and Director of National Intelligence Avril Haines urging them to declassify the type of service provider at the heart of the FISC case. The administration issued a written commitment to apply the new definition only to the type of provider at issue in the FISC decision. The recent history of American surveillance shows, however, that such commitments won’t bind future administrations. And time and again, we’ve seen one agency or another in the intelligence community resort to legal sophistry to break its word. Given that data centers were named by Sen. Warner on the Senate floor and even in a New York Times article, foreign spies are surely aware of the nature of the broad outlines of the case behind this new law. It is hard to imagine a stronger case for discretionary declassification. Disclosure must happen so Congress can curtail this new warrantless surveillance legislation in the narrowest way possible. The long back-and-forth between Michigan’s Long Lake Township and Todd and Heather Maxon ended with the Michigan Supreme Court punting on the Fourth Amendment implications of drone surveillance over private property.
An appellate court had held that the township’s warrantless use of a drone three times in 2017 to photograph the Todd’s property was an unreasonable, warrantless search, constituting a Fourth Amendment violation. PPSA filed a brief supporting the Maxons before the Michigan Supreme Court, alerting the court to the danger of intimate searches of home and residents by relatively inexpensive drones now on the market. To demonstrate the privacy threat of drones, PPSA informed the court that commercially available drones have thermal cameras that can penetrate beyond what is visible to the naked eye. They can be equipped with animal herd tracking algorithms that can enhance the surveillance of people. Drones can swarm and loiter, providing round-the-clock surveillance. They can carry lightweight cell-site simulators that prompt the mobile phones of people inside the targeted home to give up data that reveals deeply personal information. Furthermore, PPSA’s brief states that drones “can see around walls, see in the dark, track people by heat signatures, and recognize and track specific people by their face.” PPSA agreed that even ordinary photography from a camera hovering over the Maxon’s property violated, in the words of an appellate court, the Maxon’s reasonable expectation of privacy. But in a unanimous decision, Michigan’s top court was having none of this. It concluded that the exclusionary rule – a judicial doctrine in which evidence is excluded or suppressed – is generally applied when law enforcement violates a defendant’s constitutional rights in a criminal case. The justices remanded the case based upon a procedural issue unrelated to the Fourth Amendment question. The Michigan Supreme Court, therefore, declined to address “whether the use of an aerial drone under the circumstances presented here is an unreasonable search in violation of the United States or Michigan Constitutions.” A crestfallen Todd Maxon responded, “Like every American, I have a right to be secure on my property without being watched by a government drone.” The issue between the township and the Maxons was the contention that, behind the shelter of trees, the couple was growing a salvage operation. This violated an earlier settlement agreement the Maxons had made pledging not to keep a junkyard on their five-acre property. Given the potential for drones to use imaging and sensor technology to violate the intimate lives of families, it is all but inevitable that a better – and uglier – test case will come along. If anything, this ruling makes it a virtual certainty. The Federal Government’s “Beneficial Ownership” Snoop Millions of small business owners are about to be hit with a nasty surprise. The Corporate Transparency Act, which passed Congress as part of the must-pass National Defense Authorization Act of 2021, goes into effect this year. Advertised as a way to combat money laundering, this new law now requires small businesses to report their “beneficial owners” to the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN).
This reporting requirement falls on any small business with fewer than 20 employees to reveal its “beneficial owner.” In plain English, this means a small business must give the government the name of anyone who controls or has a 25 percent or greater interest in that business. By Jan. 1, 2025, small businesses must submit the full legal name, date of birth, current residential or business address, and a unique identifier from a government ID of all its beneficial owners. There are significant privacy risks at stake in this seemingly innocuous law, beginning with the widespread access multiple federal agencies will have to this new database. This law, which covers 32 million existing companies and will suck in an additional 5 million new companies every year, threatens anyone who makes a mistake or files an incomplete submission with up to $10,000 in fines and up to two years in prison. “The CTA will potentially make a felon out of any unsuspecting person who is simply trying to make a living in his or her own lawful business or who is trying to start one and makes a simple mistake for violations,” says the National Small Business Association (NSBA). The “beneficial ownership” provision is one more way for the federal government to break down the walls of financial privacy in its quest to comprehensively track Americans’ finances. Consider another big bill, the recent Infrastructure Investment and Jobs Act of 2021, which requires $10,000 or more in cryptocurrency transactions to be reported to the government within 15 days. Incorrect or missing information may result in a $25,000 fine or five years in prison. In addition, the CATO Institute reports that new regulations under consideration would hold financial advisors accountable to “elements of the Bank Secrecy Act, which currently compels banks to turn over certain financial data to the feds.” It is likely that your financial advisor will soon be required to snitch on you. This undermines the whole concept of a fiduciary, someone who is by law supposed to be loyal to your interests. All of these measures are justified by the quest to track the money networks of criminals, terrorists, and drug dealers. But the data these authorities generate will be available, without a warrant, to the IRS, the FBI, the ATF, the Department of Homeland Security, and just about any agency that wants to investigate you for your personal activities or statements that some official deems suspicious. The CTA’s “beneficial ownership” provision represents a new assertion by the federal government over small business. Since before the Constitution, the regulation of small business has been under the purview of the states. Now Washington is assembling a database with which it can heap new regulations on small business regardless of state policies. The NSBA, which is challenging this law in court, estimates that complexities in business ownership will require companies to spend an average of $8,000 a year to comply with this law. NSBA’s lawsuit is moving forward with a named plaintiff, Huntsville business owner Isaac Winkles, in a federal lawsuit. NSBA and Winkles won summary judgment from Judge Liles Burke of the U.S. District Court of the Northern District of Alabama, who held the beneficial owner requirement to be unconstitutional because it exceeds the enumerated powers of Congress. While the government appeals its case to the Eleventh Circuit, FinCEN maintains that it will only exclude small businesses from this requirement if they were members of NSBA on or before March 1. These encroachments are steady and their champions on the Hill are growing bolder in financial surveillance. The good news is that privacy activists have just acquired 32 million new allies. Well, that didn’t take long.
A little more than three weeks ago Congress reauthorized FISA Section 702, a surveillance program enacted to authorize foreign surveillance but which is often used by the FBI to snoop on Americans’ communications caught up in the NSA’s global data trawl. Central to that debate was whether 702 should be made to conform to the Fourth Amendment’s bar against unreasonable searches. The House and Senate fiercely debated late into the night over whether to reauthorize this flawed program. Supporters said it is vital to national security. Critics said that is no excuse for the FBI using Section 702 to surveil large numbers of Americans in recent years, including sitting Members of the House and Senate, journalists, politicians, a state judge, and 19,000 donors to a Congressional campaign. In the House that debate culminated in a 212 to 212 tie vote. That’s how close advocates of privacy and freedom for law-abiding citizens from warrantless government surveillance came to victory. The intelligence establishment and its champions on Capitol Hill won many votes with promises. They included in their bill a codification of a list of new internal FBI procedures that they promised would curb any abuses of Americans’ privacy. FBI Director Christopher Wray promised that agents would be “good stewards” who would protect the homeland “while safeguarding civil rights and liberties.” On April 19, the Senate finalized the reauthorization of Section 702 and sent it to President Biden to be signed into law. On April 20, FBI deputy director Paul Abbate emailed Bureau employees, stating: “To continue to demonstrate why tools like this [Section 702] are essential, we need to use them, while also holding ourselves accountable for doing so properly and in compliance with legal requirements.” He added, “I urge everyone to continue to look for ways to appropriately use US person queries to advance the mission …” Wired, which obtained a copy of the memo, quoted Rep. Zoe Lofgren (D-CA), who said that Deputy Director Abbate’s email directly contradicted earlier assertions from the FBI made during the debate over Section 702’s reauthorization. “The deputy director’s email seems to show that the FBI is actively pushing for more surveillance of Americans, not out of necessity but as a default,” Rep. Lofgren said. The FBI reports it has drawn down the number of such U.S. person queries from about 3 million in 2021 to 57,094 in 2023. As Wired notes, however, the FBI methodology counts multiple accessing of Americans’ personal identifier, such as phone numbers, as just a single search. As Wired reports, the FBI’s proud assertion that its compliance rate of 98 percent with its more stringent rules would still leave it with more than 1,000 violations of its own policies. With the deputy director arrogantly pushing the Bureau to make greater use of Section 702 for the warrantless surveillance of Americans, we can only wonder what the numbers of U.S. person searches will be in the next few years. Whatever happens, the more than 150 civil liberties organizations, including PPSA, will be back when Section 702 is next up for reauthorization in less than two years. The Constitution’s protections of the people cannot be ignored. Today, Laredo – Tomorrow, Los Angeles and Little Rock? When the U.S. military dispatches a drone to strike a target, it often uses a wireless device detection system that can correlate signals from terrorists’ cellphones and other devices emanating from within a target vehicle. Under such circumstances, calls and other signals from terrorists’ devices lead missiles straight into a target’s car.
As law and order along the U.S. border breaks down, it is not surprising that two Texas jurisdictions – Webb and Val Verde counties – purchased such military-grade wireless detection systems. NOTUS.org reports that law enforcement along the border can detect in-vehicle wireless signals and merge them with systems that track vehicles’ license plates to isolate a given car. This is yet another sign that the U.S. Supreme Court urgently needs to revisit the limits that federal and local law enforcement agencies are placing on the Court’s 2018 Carpenter opinion, which requires a probable cause warrant before officers can use cell tower GPS data to access a suspect’s location history. Agencies have not internalized the basic principles of that ruling. Instead, they’ve rationalized that if they are not specifically accessing historical cell tower data, they are complying with the law. To be fair, parts of the border are beginning to resemble a war zone, with out-of-control illegal immigration organized by criminal cartels. Given the current lawless state of the U.S.-Mexican border, local governments are using Department of Justice grants to purchase systems similar to those used by the U.S. military and CIA. Captain Federico Calderon of the Sheriff’s office of Webb County, which includes the large border city of Laredo, told NOTUS that the county purchased a “very restricted” version. Capt. Calderon said that Webb County is using this technology as a pilot program to scan for signals coming from the empty quarters of ranches where no one should be. Val Verde County did not respond to NOTUS’s questions. The potential for widespread abuse of this technology rivals that of cell-site simulators and data purchases. NOTUS reports “as people walk around with headphones, fitness wearables and other devices, emitting a cloud of radio frequency signals unique to them, their data can be linked to a car, even after they have ditched the car.” Local law enforcement officials want such technology to identify human traffickers and cartel smugglers. It is doubtful, however, that this technology will remain restricted to such narrow purposes. And as with purchased data and cellsite simulators, the introduction of this new militarized technology compromises the privacy of many more people – friends, family, and bystanders. “We are well beyond the idea that people have no privacy in public,” Jennifer Grannick of the American Civil Liberties Union told NOTUS. “Here, they’re installing this mass surveillance system.” With the spread of often violent political protests across the nation, a high level of terror alert from the FBI, and college campuses convulsed by tent cities, there will be no lack of reasons for law enforcement to add one more capability to what is evolving into a national surveillance state. It is reasonable to use technology to control the border. But it is up to Congress and the courts to keep a close eye on the widespread introduction of military wireless device detection systems to track Americans. Why did the “unmasking” of Americans’ identities in the global data trawl of U.S. intelligence agencies increase by 172 percent, from 11,511 times in 2022 to 31,330 times in 2023?
Government officials briefing the media say that most of this increase was a defensive response to a hostile intelligence agency launching a massive cyberattack on U.S. infrastructure, possibly infiltrating the digital systems of dams, power plants, or the like. What we do know for sure is that this authority has been abused before. Unmasking occurs when American citizens or “U.S. persons” are caught up, incidentally, in warrantless foreign surveillance. When this happens, the identities of these Americans are routinely hidden from government agents, or “masked.” But senior officials can request that the NSA “unmask” those individuals. This should be a relatively rare occurrence. Yet for some reason, over a 12-month period between 2015 and 2016, the Obama Administration unmasked 9,217 persons. Former UN Ambassador Samantha Power, or someone acting in her name, was a prolific unmasker. Power’s name was used to request unmasking of Americans more than 260 times. Large-scale unmasking continued under the Trump administration, with 2018 seeing 16,721 unmaskings, an increase of 7,000 from the year before. In recent years, the number hovered around 10,000. Now it is three times that many. This is a concern if some subset of these unmaskings (which mostly involve an email account or IP address, not a name) were for named individuals for political purposes. Consider that in 2016, at least 16 Obama administration officials, including then-Vice President Joe Biden, requested unmaskings of Donald Trump’s advisors. Outgoing National Security Advisor Susan Rice took a particular interest in unmasking members of President-elect Trump’s transition team. We are left to wonder if all of this rise in unmasking numbers can be explained away by Chinese or Russian hackers, or if some portion of them reflect the use of this authority for political purposes. Were prominent politicians, officeholders, or candidates unmasked? These raw numbers come from the government’s Annual Statistical Transparency report. This report on intelligence community activities from the Office of the Director of National Intelligence offers revealing numbers, but often without detail or explanation that would explain such jumps. All we have to rely on are media briefs that at times seem more forthcoming than the briefings available to Members of Congress, even those tasked with oversight of intelligence agencies in the House and Senate Judiciary Committees. As these numbers rise, the American people deserve more information and a solid assurance that these authorities will never again be used for political purposes by either party. The Drug Enforcement Administration’s response to three PPSA Freedom of Information Act (FOIA) requests shows just how far government respect for that law has fallen. As we’ve seen recently with other government agencies, DEA didn’t even try to pretend it was following that law.
Over the course of a year, PPSA filed three FOIA requests with the DEA seeking documents relating to the use of cell-site simulators, commonly known by the trade name Stingray. Government agencies use these devices to mimic cell towers, pinging consumers’ cellphones in a given geographic area to prompt them to give up private location data, and sometimes the content of communications. PPSA sought records since 2015 that reflect each use of a cell-site simulator by DEA that was conducted without a warrant based on emergency, exceptional, or “exigent” circumstances. We thought it would be a useful guide for public policy to know how often the agency defined something as an emergency, side-stepping the need to obtain a probable cause warrant. On Monday, DEA came back with one combined response to all three FOIAs we had issued over the course of many months. If DEA had followed the law, it would have conformed to a federal precedent, Truitt v. Department of State (1990), which held that it “is elementary that an agency responding to a FOIA request must conduct a search reasonably calculated to uncover all relevant documents, and if challenged, must demonstrate beyond material doubt that the search was reasonable.” Instead, DEA did not even try to pass the laugh test. It waved away all three FOIA requests citing an exemption that covers personnel documents and other Human Relations files. How could PPSA’s request for the use of cell-site simulators for emergency circumstances, in the words of the law, fall under an exemption for subjects that relates “solely to the internal personnel rules and practices of an agency”? In a letter to the Director of Information Policy of the Department of Justice, PPSA general counsel Gene Schaerr responded: “It is almost certain that at least some documents concerning broader surveillance policy or related record-keeping would be responsive. Of course, DEA does not know one way or the other whether this is accurate because it refused to look for responsive records.” How would DEA know that this request only involved personnel records without a responsive search? It is clear that DEA simply wanted to clear this one FOIA request off its desk. We wish this case was an exception. Federal FOIA responses are becoming increasingly farcical. A FOIA response from the Department of Justice included 40 redacted pages with an insulting valediction – “hope that’s helpful.” Expect this lawless attitude toward the Freedom of Information Act to continue until courts step in and start leveling sanctions against those who treat the law as an ignorable suggestion. But Who Will Fine the FBI? The Federal Communications Commission on Monday fined four wireless carriers – Verizon, AT&T, Sprint, and T-Mobile – nearly $200 million for sharing the location data of customers, often in real-time, without their consent.
The case is an outgrowth of an investigation that began during the Trump Administration following public complaints that customers’ movements were being shared in real time with third-party companies. This is sensitive data. As FCC Chairwoman Jessica Rosenworcel said, consumers’ real-time location data reveals “where they go and who they are.” The carriers, FCC declared, attempted to offload “obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained.” The telecoms complain that the fines are excessive and ignore steps the companies have taken to cut off bad actors and improve customer privacy. But one remark from AT&T seemed to validate FCC’s charge of “offloading.” A spokesman told The Wall Street Journal that AT&T was being held responsible for another’s company’s violations. Verizon spokesman told The Journal that it had cut out a bad actor. These spokesmen are pointing to the role of data aggregators who resell access to consumer location data and other information to a host of commercial services that want to know our daily movements. The spokesmen seem to betray a long-held industry attitude that when it sells data, it also transfers liability, including the need for customer consent. Companies of every sort that sell data, not just telecoms, will now need to study this case closely and determine whether they should tighten control over what happens to customer data after it is sold. But there is one glaring omission in the FCC’s statement. It glides past the government’s own culpability in degrading consumer privacy. A dozen federal law enforcement and intelligence agencies, ranging from the FBI to the ATF, IRS, and Department of Homeland Security, routinely purchase and access Americans’ personal, digital information without bothering to secure a warrant. Concern over this practice is what led the House to recently pass The Fourth Amendment Is Not For Sale Act, which would require government agencies to obtain warrants before buying Americans’ location and other personal data from these same data brokers. It is good to see the FCC looking out for consumers. But who is going to fine the FBI? We needed a little perspective before reporting on the historic showdown on the reauthorization of FISA Section 702 that ended on April 19 with a late-night Senate vote. The bottom line: The surveillance reform coalition finally made it to the legislative equivalent of the Super Bowl. We won’t be taking home any Super Bowl rings, but we made a lot of yardage and racked up impressive touchdowns.
For years, PPSA has coordinated with a wide array of leading civil liberties organizations across the ideological spectrum toward that key moment. We worked hard and enjoyed the support of our followers in flooding Congress with calls and emails supporting privacy and surveillance reform. So what was the result? We failed to get a warrant requirement for Section 702 data but came within one vote of winning it in the House. There was a lot of good news and new reforms that should not be overlooked. And where the news was bad, there are silver linings that gleam.
We come out of this legislative fracas bloodied but energized. We put together a durable left-right coalition in which House Judiciary Committee Chairman Jim Jordan and Ranking Member Jerry Nadler, as well as the heads of the Freedom and Progressive caucuses, who worked side-by-side. For the first time, our surveillance coalition had the intelligence community and their champions on the run. We lost the warrant provision for Section 702 only by a tie vote. Had every House Member who supported our position been in attendance, we would have won. This bodes well for the next time Section 702 reauthorization comes up. We will be ready. Let’s not forget that a recent bipartisan YouGov poll shows that 80 percent of Americans support warrant requirements. We sense a gathering of momentum – and we look forward to preparing for the next big round in April 2026. The risks and benefits of reverse searches are revealed in the capital murder case of Aaron Rayshan Wells. Although a security camera recorded a number of armed men entering a home in Texas where a murder took place, the lower portions of the men’s faces were covered. Wells was identified in this murder investigation by a reverse search enabled by geofencing.
A lower court upheld the geofence in this case as sufficiently narrow. It was near the location of a homicide and was within a precise timeframe on the day of the crime, 2:45-3:10 a.m. But ACLU in a recent amicus brief identifies dangers with this reverse search, even within such strict limits. What are the principles at stake in this practice? Let’s start with the Fourth Amendment, which places hurdles government agents must clear before obtaining a warrant for a search – “no warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” The founders’ tight language was formed by experience. In colonial times, the King’s agents could act on a suspicion of smuggling by ransacking the homes of all the shippers in Boston. Forcing the government to name a place, and a person or thing to be seized and searched, was the founders’ neat solution to outlawing such general warrants altogether. It was an ingenious system, and it worked well until Michael Dimino came along. In 1995, this inventor received a patent for using GPS to locate cellphones. Within a few years, geofencing technology could instantly locate all the people with cellphones within a designated boundary at a specified time. This was a jackpot for law enforcement. If a bank robber was believed to have blended into a crowd, detectives could geofence that area and collect the phone numbers of everyone in that vicinity. Make a request to a telecom service provider, run computer checks on criminals with priors, and voilà, you have your suspect. Thus the technology-enabled practice of conducting a “reverse search” kicked into high gear. Multiple technologies assist in geofenced investigations. One is a “tower dump,” giving law enforcement access to records of all the devices connected to a specified cell tower during a period of time. Wi-Fi is also useful for geofencing. When people connect their smartphones to Wi-Fi networks, they leave an exact log of their physical movements. Our Wi-Fi data also record our online searches, which can detail our health, mental health, and financial issues, as well intimate relationships, and political and religious activities and beliefs. A new avenue for geofencing was created on Monday by President Biden when he signed into a law a new measure that will give the government the ability to tap into data centers. The government can now enlist the secret cooperation of the provider of “any” service with access to communications equipment. This gives the FBI, U.S. intelligence agencies, and potentially local law enforcement a wide, new field with which to conduct reverse searches based on location data. In these ways, modern technology imparts an instant, all-around understanding of hundreds of people in a targeted area, at a level of intimacy that Colonel John André could not have imagined. The only mystery is why criminals persist in carrying their phones with them when they commit crimes. Google was law enforcement’s ultimate go-to in geofencing. Warrants from magistrates authorizing geofence searches allowed the police to obtain personal location data from Google about large numbers of mobile-device users in a given area. Without any further judicial oversight, the breadth of the original warrant was routinely expanded or narrowed in private negotiations between the police and Google. In 2023, Google ended its storage of data that made geofencing possible. Google did this by shifting the storage of location data from its servers to users’ phones. For good measure, Google encrypted this data. But many avenues remain for a reverse search. On one hand, it is amazing that technology can so rapidly identify suspects and potentially solve a crime. On the other, technology also enables dragnet searches that pull in scores of innocent people, and potentially makes their personal lives an open book to investigators. ACLU writes: “As a category, reverse searches are ripe for abuse both because our movements, curiosity, reading, and viewing are central to our autonomy and because the process through which these searches are generally done is flawed … Merely being proximate to criminal activity could make a person the target of a law enforcement investigation – including an intrusive search of their private data – and bring a police officer knocking on their door.” Virginia judge Mary Hannah Lauck in 2022 recognized this danger when she ruled that a geofence in Richmond violated the Fourth Amendment rights of hundreds of people in their apartments, in a senior center, people driving by, and in nearby stores and restaurants. Judge Lauck wrote “it is difficult to overstate the breadth of this warrant” and that an “innocent individual would seemingly have no realistic method to assert his or her privacy rights tangled within the warrant. Geofence warrants thus present the marked potential to implicate a ‘right without a remedy.’” ACLU is correct that reverse searches are obvious violations of the plain meaning of the Fourth Amendment. If courts continue to uphold this practice, however, strict limits need to be placed on the kinds of information collected, especially from the many innocent bystanders routinely caught up in geofencing and reverse searches. And any change in the breadth of a warrant should be determined by a judge, not in a secret deal with a tech company. |
Categories
All
|