What NPD’s Enormous Hack Tells Us About the Reckless Collection of Our Data by Federal Agencies8/23/2024
How to See if Your Social Security Number Was Stolen Was your Social Security number and other personal identifying information among the 2.9 billion records that hackers stole from National Public Data?
Hackers can seize our Social Security numbers and much more, not only from large commercial sites like National Public Data, but also from government sites and the data brokers who sell our personal information to federal agencies. Such correlated data can be used to impersonate you with the financial services industry, from credit card providers to bank loan officers. And once your Social Security number is stolen, it is stolen for life. To find out if your Social Security number and other personal information was among those taken in the National Public Data hack, go to npd.pentester.com. It has been obvious for more than a decade now that the Social Security number is a flawed approach to identification. It is a simple nine-digit number. A fraudster who knows the last few digits of your Social Security number, what year you were born, and where, can likely calculate your number. Because your Social Security number is so often used by dozens of institutions, it is bound to be hacked and sold on the dark web at some point in your life. Yet this insecure form of identification, taken in Is there a better way? Sophie Bushwick asked this question in a 2021 Scientific American article. She reported that one proposed solution is a cryptographic key, those long strings of numbers and symbols that we all hate to use. Or a USB could be plugged into your computer to authenticate you as its owner. Scans of your fingerprints, or face, could also authenticate your identity. The problem is that any one of these methods can also be hacked. Even biometrics is vulnerable since this technology reduces your face to an algorithm. Once the algorithm for your face or fingerprint (or even worse, your iris, which is the most complex and unique biometric identifier of them all) is stolen, your own body can be used against you. There are no perfect solutions, but multifactor identification comes the closest. This technique might combine a text of a one-time passcode to your phone, require a biometric identifier like a fingerprint, and a complex password. Finding and assembling all these elements, while possible, would be a prohibitively difficult chore for many if not most hackers. Strengthening consumer identification, however, is only one part of the problem. Our personal information is insecure in other ways. A dozen federal agencies, including the FBI, IRS, Department of Homeland Security and Department of Defense, routinely purchase Americans’ personal data. These purchases include not just our identifying information, but also our communications, social media posts, and our daily movements – scraped from our apps and sold by data brokers. How secure is all the data held by those third-party brokers? How secure is the government’s database of this vast trove of personal data, which contains the most intimate details of our lives? These are urgent questions for Congress to ask. Congress should also resist the persistent requests from the Department of Justice to compel backdoors for commercial encryption, beginning with Apple’s iPhone. The National Public Data hack reveals that the forced creation of backdoors for encryption would create new pathways for even more hacks, as well as warrantless government snooping. Finally, the Senate should follow up on the House passage of the Fourth Amendment Is Not For Sale Act, which would prohibit government collection of our personal information without a warrant. Protect your data by calling or emailing your senators: Tell them to pass the Fourth Amendment Is Not For Sale Act. Our data will only become more secure if we, as consumers and citizens, demand it. Imagine this scenario: It’s early evening, and you and your special someone are on the couch preparing to binge-watch your favorite streaming show.
Ding-dong. You answer the door and, as you hoped, it is the dinner delivery person. He hands you your prepaid, pre-tipped meal and you start to shut the door when the delivery worker puts his foot down, blocking you. He snaps a picture over your shoulder and asks: “Why is the wall over your couch bare? It should have a picture of the Dear Leader. I now have no choice but to report you.” This fantastical scenario of a police state enlisting food delivery workers as auxiliary police is taking place, for real, in the People’s Republic of China, according to disturbing reports from Radio Free Asia. Beijing recently posted a directive: “We will hire a group of online delivery personnel with a strong sense of responsibility to serve as part-time social supervisors and encourage them to take part in grassroots governance through snapshots and snap reports …” Radio Free Asia reports that this program is being expanded in China’s annexed territory of Tibet, where food delivery workers are being recruited to perform “voluntary patrol and prevention work.” In addition, Chinese police are requiring Tibetans to revise their personal passwords on their social media accounts, link them to their personal cellphones and identity cards, and make it all accessible to the government. Police are also stopping Tibetans in Lhasa to check their cellphones for virtual private networks, or VPNs, that allow users to get around the “Great Firewall of China,” the government’s restrictive controls on the internet. We can shake our heads and laugh. But the fundamental principle of coopting private-sector industries for internal surveillance is one that is gaining purchase in our own country. The federal government isn’t so crude as to turn the Domino’s pizza delivery guy into a spy. But federal agencies can extract Americans’ personal data from FISA Section 702, even though this program was enacted by Congress not to spy on Americans, but to surveil foreign threats on foreign soil. Prosecutors in the United States can extract information about witnesses and criminal defendants from telecoms and service providers of emails, cloud computing, and online searches, then gag those same companies with a non-disclosure order, which keeps them from ever informing their customers they were surveilled. The good news is that more and more Members of Congress are awakening to the threat of a home-grown American surveillance state. The recent reauthorization of Section 702 sets up a debate over the reach of this program in early 2026. The House passed a measure called the NDO Fairness Act, which would limit non-disclosure orders, putting the onus on the Senate to follow suit. The field of surveillance is one area in which public-private partnerships can go very wrong. Unlike China, however, America is still a democracy with a Congress that can counter expansive government threats to our privacy. The U.S. Supreme Court will almost certainly take up and resolve two furthest – some would say extreme – rulings by the Fourth and Fifth Circuit Courts of Appeals on the Fourth Amendment implications of geofence searches.
The Fourth Circuit ruled that geofence warrants – which search the mobile devices of many people in designated areas – contain no Fourth Amendment implications. The Fifth Circuit ruled that geofence warrants are inherently unconstitutional. This is the Grand Canyon of circuit splits. At stake are not just geofence warrants, but conceivably almost every kind of automated digital search conducted by the government. At stake, too, is the very meaning and viability of the Fourth Amendment in the 21st century. We had previously reported on the gobsmacking ruling of the Fourth Circuit in July that held that a geofence warrant to identify a bank robber within a 17.5-acre area – including thousands of innocent people living in apartments, at a nursing home, eating in restaurants, and passing by – did not implicate the privacy rights of all who were searched. In United States v. Chatrie, the court held in a split opinion that this mass geofence warrant had no Fourth Amendment implications whatsoever. In doing so, the Fourth reversed a well-reasoned opinion by federal Judge Mary Hannah Lauck, who wrote that citizens are almost all unaware that Google logs their location 240 times a day. Judge Lauck wrote: “It is difficult to overstate the breadth of this warrant.” The same overbreadth can be seen, in a very different context, in the Fourth Circuit’s jettisoning of the Fourth Amendment in its reversal. Now the Fifth Circuit Court of Appeals has weighed in on a similar case, United States v. Jamarr Smith. The Fifth came to the opposite conclusion – that geofence warrants cannot be reconciled to the Fourth Amendment. Orin Kerr of the UC Berkeley School of Law argues that the Fifth’s ruling conflicts with Supreme Court precedent, including Carpenter v. United States, in which the Court held that the government needs a warrant to extract cellphone location data. Kerr also asserts that the lack of particularity in which a suspect’s identity is not known at the beginning of a search (indeed, that’s the reason for these kind of searches) is a well-established practice recognized by the Supreme Court. Jennifer Granick and Brett Max Kaufman of the American Civil Liberties Union push back at Kerr, finding the digital inspection of the data of large numbers of people to identify a needle-in-a-haystack suspect is, indeed, a “general warrant” forbidden by the Constitution. They write: “Considering the analog equivalents of this kind of dragnet helps explain why: For example, police might know that some bank customers store stolen jewelry in safe deposit boxes. If they have probable cause, police can get a warrant to look in a particular suspect’s box. But they cannot get a warrant to look in all the boxes – that would be a grossly overbroad search, implicating the privacy rights of many people as to whom there is no probable cause.” The implications of this circuit split are staggering. If the Fourth Circuit ruling prevails, it will be anything goes in digital search. If the Fifth Circuit’s ruling prevails, almost any kind of digital search will require a probable cause warrant that has the particularity the Constitution clearly requires. There will be no way for the U.S. Supreme Court to reconcile these opposite takes on digital warrants. It will be up for the Court to set a governing doctrine, one that examines at its root what constitutes a “search” in the context of 21st century digital technology. Let us hope that when it does so, the Supreme Court will lean toward privacy and the Fourth Amendment. Judges and District Attorneys Must Hide the Use of Stingrays, or Face the Wrath of the FBI8/20/2024
Cell-site simulators, often known by the trade name “stingrays,” are used by law enforcement to mimic cell towers, spoofing mobile devices into giving up their owners’ location and other personal data. Thousands of stingrays have been deployed around the country, fueled by federal grants to state and local police.
PPSA has long reported that the FBI severely restricts what local police and prosecutors can reveal about the use of stingrays in trials. Now we can report that these practices are continuing and interfere with prosecutors’ duty to participate in discovery and turn over potentially exculpatory evidence. The government’s response to a PPSA FOIA request reveals a standard non-disclosure agreement between the federal government and state and local police departments. This template includes a directive that the locals “shall not, in any civil or criminal proceeding, use or provide any information concerning the [redacted] wireless collection equipment/technology.” This includes any documents and “evidentiary results obtained through the use of the equipment.” The agreement also states that if the agency “learns that a District Attorney, prosecutor, or a court” is considering releasing such information, the customer agency must “immediately notify the FBI in order to allow sufficient time for the FBI to intervene …” Most likely the squeeze will come with a threat to end the provision of stingrays to the state or local police, but other forms of intimidation cannot be ruled out. Got that, judges and district attorneys? Any attempt to fully disclose how evidence was obtained, even if it would serve to clear a defendant, must be withheld from the public and defense attorneys or the FBI will want a word with you. “Quiet Skies” is a federal aviation security program that includes singling out flyers for close inspection by giving them an “SSSS” or “Secondary Security Screening Selection” designation on their boarding pass. In the case of Tulsi Gabbard, it is alleged she was also put on a “terror threat list” that requires that she receive intense surveillance as well.
You probably know Gabbard as an outspoken and iconoclastic former U.S. Representative from Hawaii who ran for president. During a slew of domestic flights after returning from a recent trip to Rome, Gabbard and husband Abraham Williams were allegedly designated as security threats requiring enhanced observation. A war veteran of Iraq who signed up after 9/11, Gabbard told Matt Taibbi of The Racket that she and her husband are getting third-degree inspections every time they go to the airport. Every inch of her clothes is squeezed. The lining of the roller board of her suitcase is patted down. Gabbard has to take out every personal electronic and turn on each one, including her military-issue phone and computer. This process can take up to 45 minutes. What may be happening in the air is far more worrisome. Sonya LaBosco, executive director of the advocacy group Air Marshals National Council, is the source that told Taibbi that Gabbard is on the TSA’s domestic terror watch list. Every time someone on that list travels, LaBosco said, that passenger gets assigned two Explosive Canine Teams, one Transportation Security Specialist in explosives, and one plainclothes TSA Supervisor. Such passengers are assigned three Federal Air Marshals to travel with them on every flight. LaBosco says that Gabbard’s recent three-flight tour would have required no fewer than nine Air Marshals to tail her and her husband. Taibbi writes that an Inspector General’s report in 2019 revealed one-half of the Air Marshal’s budget is wasted, and that much of $394 million in funds for air security are put to questionable use. In our personal experience, the “SSSS” designation can be randomly assigned. Judging from publicly available sources, that designation can also be algorithmically triggered by a host of activities deemed suspicious, such as flying out of Turkey, paying cash for plane tickets, and buying one-way tickets. (We can only imagine what would happen to the brave or foolhardy person who bought a one-way ticket out of Istanbul with cash.) To be fair, many complaints about the TSA that seem absurd have a basis in hard experience. That experience goes back to 1986, when an extra close inspection by El Al security officers of a pregnant Irish nurse flying to meet her boyfriend in Jordan revealed that he had betrayed her by secreting a bomb in her bag. TSA has to contend with the fact that anyone – a decorated war hero, a handicapped grandmother, a toddler – could be the unknowing carrier of a threat. But the treatment of Gabbard raises the unavoidable question if this outspoken political figure was put on the SSSS list out of political pique. Gabbard has certainly irritated a lot of powerful people and agencies. In Congress, she advocated for dropping charges against Edward Snowden. As vice chair of the Democratic National Committee in 2016, she publicly criticized the party’s reliance on superdelegates and endorsed Bernie Sanders over Hillary Clinton. She later left the Democratic Party and was recently on the list of Donald Trump’s possible vice-presidential candidates. She has been a consistent critic of “elites” who want “nation-building wars.” Gabbard found herself on the threat list just after she left Rome where she had called Vice President Kamala Harris “the new figurehead for the deep state.” You might find Gabbard insightful or a flittering gadfly, but no one should be targeted for surveillance for merely expressing controversial views. And if Gabbard did somehow inadvertently trigger a threat algorithm, one has to wonder if anyone is in charge with the ability to apply common sense – if, in fact, such vast resources are being deployed to follow her. If that is true, even the most benign explanation reveals a diversion of manpower (and dogpower) that could be used to deter real threats. A Congressional investigation – perhaps by the Weaponization of the Federal Government subcommittee – is warranted to discover if the facts reported by Taibbi are correct and, more importantly, if Gabbard has been targeted for enhanced surveillance and harassment for her speech. After all, crazier things have happened, like Matt Taibbi finding himself targeted with a rare home visit from the IRS on the same day the journalist testified before Congress about federal meddling in social media curation. Police have access to more than 71,000 surveillance cameras in New York City, and to more than 40,000 cameras in Los Angeles.
This technology is rapidly becoming ubiquitous from coast to coast. As it does, civil libertarians are shifting from outright opposition to public surveillance cameras – which increasingly seems futile – to advocating for policy guardrails that protect privacy. That American cities are going the way of London, where police cameras are on every street corner, is undeniable. The Harvard Crimson reports that Cambridge, Massachusetts, is one of the latest cities to debate whether to allow police to deploy a network of surveillance cameras. The Cambridge Police Department was on the verge of installing highly visible cameras that would surveil the city’s major parks and even Harvard Yard when the city council suspended a vote after hearing from a prominent civil rights attorney. Even then, Emiliano Falcon-Morano of the Technology for Liberty Program at the Massachusetts ACLU seemed to bow to the inevitability of cameras. He recommended that this technology not be installed until the “police department addresses several important questions and concerns to ensure that it is deployed in a manner that conforms with civil rights and civil liberties.” In Philadelphia Dana Bazelon, a former criminal defense attorney and frequent critic of police intrusions into privacy, is now advocating the expansion of surveillance cameras. As an advisor to the Philadelphia district attorney, Bazelon sees police cameras as the only way to stem gun violence. This turnabout prompted Reason’s J.D. Tuccille to accuse Bazelon of discarding “concerns about government abuses to endorse a wide-reaching surveillance state.” Tuccille notes how much easier surveillance cameras may make the job of policing. He archly quotes Charlton Heston’s character in Touch of Evil, “A policeman’s job is only easy in a police state.” The argument in favor of public surveillance cameras is that when we step into the public square, we can expect to lose a degree of privacy. After all, no law keeps an officer on patrol from glancing our way. What’s so bad about being seen by that same officer through a lens? The answer, simply, is that camera networks do more than see. They record and transform faces into data. That data, combined with facial recognition software, with cellsite simulators that record our movements by tracking our cellphone location histories, with social media posts that log our political views, religious beliefs, and personal lives, brings us to within spitting distance of a police state. It is out of this concern that the Electronic Frontier Foundation has helpfully provided Americans with the ability to see the surveillance mechanisms unfolding in their communities through its Street Level Surveillance website. Yet, whether we like it or not (and we don’t like it), ubiquitous camera surveillance by the police in almost every city is coming. It is coming because public surveillance is useful in solving so many crimes. As city leaders temporarily shelved the police surveillance proposal in Cambridge, a man in New York City was freed after serving 16 years in prison, exonerated by evidence from old surveillance footage. Arvel Marshall was railroaded in 2016 by a Brooklyn prosecutor who sat on the exonerating tape, which clearly showed someone else committing the murder for which Marshall was convicted. There is no denying that, when the images are clear, surveillance footage can provide irrefutable identification of a criminal (or not, as in Marshall’s case). But the flip side is that the same technology, once it becomes networked and seamlessly integrated by AI, will give the powerful the means to track Americans with little more than a snap of the fingers or a click of the mouse – not just criminals, but protestors, political groups, journalists, and candidates. As this new reality unfolds, questions emerge. How will police surveillance data be stored? How secure will it be from hackers? How long will it be kept? Will it be networked with other forms of tracking, such as our purchased digital data, and combined by AI into total personal surveillance? Will this data be used to follow not just potential terrorists but Americans with criminal records in a predictive effort at “precrime”? Should technology be deployed that anonymizes the faces of everyone on a tape, with deanonymization or unmasking only at the hands of an authorized person? Should a warrant be issued to watch a given crime or to unmask a face? The terms of this new debate are changing as technology evolves at fast forward. But it is not too early to ask these questions and debate new policies, city by city, as well as in Congress. U.S. intelligence agencies justify tens of thousands of warrantless backdoor searches of Americans’ communications by claiming an exception to the Fourth Amendment for “defensive” purposes.
In testimony to Congress, FBI Director Christopher Wray has said that such defensive searches are absolutely necessary to protect Americans in real time who may be potential victims of foreign intelligence agents or cyberattacks. On this basis, the FBI and other agencies every year conduct tens of thousands of warrantless “backdoor” searches of Americans’ communications with data extracted from programs authorized by FISA Section 702 – even though this program was enacted by Congress not to spy on Americans, but to authorize U.S. agencies to surveil foreign spies and terrorists located abroad. Noah Chauvin, Assistant Professor of Law at Widener University School of Law, in a 53-page paper neatly removes every leg of the government’s argument. He begins with the simple observation that there is no “defensive” exception in the Fourth Amendment. Indeed, an analogous claimed exception for “community caretaking” was rejected by the U.S. Supreme Court in the 2021 decision on Caniglia v. Strom, holding that the government could not enter a home without a warrant based on the simple, non-exigent claim that the police needed to check on the homeowner’s well-being. Whether for community caretaking or for surveillance, the “we are doing this for your own good” excuse does not override the Fourth Amendment. In surveillance, the lack of constitutional validity makes the government’s position “a political argument, not a legal one.” Chauvin adds: “It would be perverse to strip crime victims of the Fourth Amendment’s privacy protections – a person should not lose rights because they have been violated.” It is apparently on the basis of such a “defensive search,” for example, that the FBI violated the Fourth Amendment rights of Rep. Darin LaHood (R-Ill). In that case, the FBI was concerned that Rep. LaHood was being unknowingly targeted by a foreign power. If the FBI can secretly violate the rights of a prominent and respected Member of Congress, imagine how blithely it violates your rights. While making these sweeping claims of violating the Fourth Amendment to protect Americans, “the government has provided almost no public information about how these defensive backdoor searches work.” Chauvin adds: “The government has claimed it uses backdoor searches to identify victims of cyberattacks and foreign influence campaigns, but has not explained how it does so, saying only that backdoor searches have ‘contributed to’ or ‘played an important role in’ intelligence services.” Also unexplained is how the government identifies potential American victims, or why it searches for victims instead of potential perpetrators. Nor does it reveal its success rate at identifying potential victims and how that compares to traditional methods of investigation. Finally, Chauvin asks: “Would obtaining permission before querying a victim compromise the investigation?” It is a matter of settled law that any American can give informed consent to waive his or her Fourth Amendment rights. “It seems particularly likely,” Chauvin writes, “that would-be victims will grant the government permission to perform defensive backdoor searches.” One can easily imagine a long list of companies – from hospitals to cloud providers – that would grant such blanket permission. So why not just do that? Finally, Chauvin appeals to Congress not just to remedy this backdoor search loophole for Section 702. He proposes closing this loophole for Americans’ digital data that U.S. intelligence and law enforcement agencies purchase from third-party data brokers, as well as for Executive Order 12333, a non-statutory surveillance authority claimed by the executive branch. At the very least, Congress should demand answers to Chauvin’s questions about how defensive searches are used and how they work. He concludes, “the government’s policy preferences should never override Americans’ constitutional rights.” We are about 160 days away from the next presidential inaugural.
If Donald Trump returns to the presidency, he will bring with him an innate skepticism of federal surveillance. This is because his campaign and transition (and by extension himself) were the targets of four surveillance orders issued by the secret FISA Court in 2016 and 2017 that were based on a concocted intelligence report and forged document created by an FBI lawyer (later convicted of a felony). But Trump may not have the surveillance skepticism lane to himself. Despite Vice President Kamala Harris having served in a very pro-surveillance administration, her background also reflects skepticism of federal surveillance. This is especially true of FISA Section 702, an authority enacted by Congress to surveil foreign threats located abroad but has come to be also used as a domestic spying authority. As a senator in 2017, Harris co-sponsored an amendment with her fellow Californian and leading Democrat, the late Sen. Dianne Feinstein, that would have required federal agencies to obtain a probable cause warrant before the FISA Court to review the contents of Americans’ emails. Did service in the Biden Administration, which opposed warrants, change Vice President Harris’ thinking, or would she revert to her Senate position? We cannot be sure what a President Harris or a President Trump would do in a political and geopolitical environment that is much different from the landscape of 2017. But one useful metric for the next administration would be to know how many “U.S. persons” – or people located inside the United States – have had their communications collected under FISA Section 702. Jonathan Mayer, a professor at Princeton University, served as Harris staffer in the Senate. Last year, Politico’s John Sakellariadis reported that Mayer and his research assistant Anunay Kulshrestha used cutting edge cryptographic techniques to estimate how much U.S. person information is collected by under Section 702. Mayer’s math produces only a partial data set. It also doesn’t count data on people inside the United States who communicate or cooperate with foreign spies or terrorists, which would make them legitimate targets of Section 702. But if fully fleshed out, this form of analysis could give a ballpark idea of how extensively Section 702 databases uses spy techniques that result in gathering massive amounts of private information about thousands, if not millions, of average Americans. Of course, the intelligence community could simply tell us. But the intelligence community, in perhaps a too-clever-by-half response, says that separating out who is and isn’t an American in the database would be exactly the kind of privacy intrusion that groups like ours protest. PPSA holds that if such a count were quarantined only for the explicit purpose of making such a count, it would harm no one’s privacy and serve the purpose of illuminating the nature of Section 702 for policymakers when it comes up for reauthorization again in the spring of 2026. “One of the best ways to understand the risk of incidental collection to U.S. persons is to have a sense of data contained through the authority,” says Travis LeBlanc, a Privacy and Civil Liberties Oversight Board member. There are, however, simpler ways to get at the real number. Congress could demand it by the end of this session. Failing that, a President Trump or a President Harris could simply release that number by executive order. When a surveillance authority hoovers up the private data of Americans, at the very least we have a right to know how many Americans have had their privacy compromised. As part of their responses to PPSA’s FOIA requests, the Department of Justice and Department of State recently produced their own derivative classification guides. These protracted documents have hundreds of different classification rules, which might explain part of the prolific growth in derivative classifications that PPSA has previously reported on.
But even among this maze of rules, one item stands out: Government classification rules show that the use of or application for a FISA warrant, in any case, is automatically classified as “secret,” a level of protection supposed to be reserved for when a release can be “expected to cause serious damage to national security" if made public. This means the use of FISA in any case will, at a minimum, remain locked away for 25 years. And worse, these qualify for an exception to automatic declassification, and so the government can extend those blackouts indefinitely. “The use of FISA warrants issued against any American for any reason is secret,” said Gene Schaerr, PPSA general counsel. “And given previous scandals, a multitude of abuses could well be hidden in these blanket classifications.” It is easy to understand why the government would want to classify many FISA warrants. Revealing them could expose ongoing efforts to track Chinese spies, counter Russian saboteurs, and catch possible Iranian assassins. There is also something to the customary government concern about protecting “sources and methods.” But does it make sense for the government to hide every FISA warrant? After all, these guides show that federal agents already make the determination to classify other potentially more important information on a case-by-case basis, including government passwords, safe combinations, and attempted or successful cyberattacks on systems containing national security information. Schaerr said: “As we saw in the Crossfire Hurricane scandal, the rights of all Americans can be implicated when the FISA process is abused. At the very least, this ‘classify first, ask questions later’ approach calls for the House to follow the example of the U.S. Senate and to allow for more House staffers to receive security clearances that enable them to advise House Members on the soundness of the government’s use of FISA warrants. This knowledge gap calls out for more Congressional oversight.” United States v. ChatrieWe reported on the bold opinion of federal district Judge Mary Hannah Lauck of Virginia who ruled in 2022 that the government erred by seeking a warrant for the location histories of every personal digital device within a 17.5-acre area around a bank that had been robbed in Richmond, Virginia, in 2019.
To identify the suspect, Nathaniel Chatrie, law enforcement officials obtained a geofence warrant from Google, requesting location data for all devices within that large area. Swept into this mass surveillance – reminiscent of the “general warrants” of the colonial era – were people in restaurants, in an apartment complex, and an elder care facility, as well as innumerable passersby. Judge Lauck wrote that these consumers were almost all unaware that Google logs their location 240 times a day. She wrote: “It is difficult to overstate the breadth of this warrant” and that every person in the vicinity has “effectively been tailed.” At times it almost seems that no good opinion goes upheld, at least where the Fourth Amendment is concerned. On July 9, the Fourth Circuit Court of Appeals reversed Judge Lauck’s decision in United States v. Chatrie. The court held that a geofence warrant covering a busy area around a bank robbery did not qualify as a Fourth Amendment search at all, a sweeping decision that has serious implications for privacy rights and law enforcement practices across the country. The two-judge majority on the Fourth Circuit Court of Appeals concluded that the geofence warrant did not, after all, constitute a Fourth Amendment search because the collection of location data from such a broad geographic area, even a busy one, did not infringe upon reasonable expectations of privacy. Got that? Judge J. Harvie Wilkinson III, writing for the majority, emphasized that the geofence warrant was a valuable tool for law enforcement in solving serious crimes. He wrote that the use of such warrants is necessary in an era where traditional investigative methods may be insufficient to address modern criminal activities. In a strongly worded dissent (beginning on p. 39), Judge James Andrew Wynn Jr. criticized the majority opinion, highlighting the potential dangers of allowing such broad warrants. Judge Wynn, with solid logic and command of the relevant precedents, demonstrated that the decision undermines the Fourth Amendment’s protections and opens the door for pervasive surveillance. Judge Wynn showed that the geofence warrant lacked the necessary particularity required by the Fourth Amendment. By allowing the collection of data from potentially thousands of innocent people, the warrant was not sufficiently targeted to the suspect. He emphasized that individuals have a reasonable expectation of privacy in their location data, even in public places. The widespread collection of such data without individualized suspicion poses significant privacy concerns. And Judge Wynn warned that the majority's decision sets a dangerous precedent, ignoring the implications of the U.S. Supreme Court’s 2018 Carpenter v. United States opinion in its landmark case on location data. So what, you might ask, is the harm of geofencing in this instance, which caught a suspect in a bank robbery? Answer: Enabling law enforcement to use geofence warrants in such a broad way will almost certainly lead to a variety of novel contexts, such as political protests, that could implicate Americans’ rights to free speech and freedom of assembly. Judge Wynn's dissent highlights the need for a careful balance between effective law enforcement and the preservation of civil liberties. While the majority’s decision underscores the perceived necessity of geofence warrants in modern investigations, Judge Wynn's dissent serves as a poignant reminder of the constitutional protections at stake. The Electronic Frontier Foundation reports that Chatrie’s lawyers are petitioning for an en banc hearing of the entire Fourth Circuit to review the case. PPSA supports that move and we hope that if it happens, there are judges who take the same broad view as Judge Lauck and Judge Wynn. Earlier this year, students in a high school art class were called to a meeting of administrators to defend the contents of their art portfolio.
This happened after Lawrence High School in Lawrence, Kansas, signed a $162,000 contract with Gaggle safety software to review all student messages and files for issues of concern. Gaggle had flagged the digital files of the students’ art portfolio for containing nudity. The students vehemently protested that there was no nudity at all in their work. But it was a hard case to make considering that the files had already been removed from the students accounts so the student artists themselves couldn’t refer to it. Max McCoy, a writer with the nonprofit news organization The Kansas Reflector, wrote that if you’re a Lawrence High student, “every homework assignment, email, photo, and chat on your school-supplied device is being monitored by artificial intelligence for indicators of drug and alcohol use, anti-social behavior, and suicidal inclinations.” The same is true of many American high schools from coast-to-coast. Gaggle claims to have saved an estimated 5,790 student lives from suicide between 2018 and 2023 by analyzing 28 billion student items and flagging 162 million for reviews. McCoy took a hard look this incredibly specific number of lives saved, finding it hard to validate. Simply put, Gaggle counts each incident of flagged material that meets all safety criteria as a saved life. Still, it is understandable that school administrators would want to use any tool they could to reduce the potential for student suicide (the second-leading cause of death among Americans 15-19), as well as reduce the threat of school violence that has plagued the American psyche for decades now. But is an artificial surveillance regime like Gaggle the way to do it? McCoy likens Gaggle to the science-fictional “precrime” technology in the Philip K. Dick novel and Stephen Spielberg movie Minority Report. But could Gaggle technology in its actual use be more like the utterly dysfunctional totalitarian regime depicted in the classic movie Brazil? McCoy reports that a cry for help from one student to a trusted teacher was intercepted and rerouted to an administrator with whom the student has no relationship. The editors of the Lawrence student paper, The Budget, are concerned about Gaggle’s intrusion into their newsgathering, notes, and other First Amendment-protected activities. McCoy quotes Rand researchers who recently wrote, “we found that AI based monitoring, far from being a solution to the persistent and growing problem of youth suicide, might well give rise to more problems than it seeks to solve.” It is one thing to keep tabs on student attitudes and behavior. Spyware technology over all student messages and content looks pointlessly excessive. Worse, it trains the next generation of Americans to be inured to a total surveillance state. As the 2024 elections loom, legislative progress in Congress will likely come to a crawl before the end of meteorological summer. But some unfinished business deserves our attention, even if it should get pushed out to a lame duck session in late fall or to the agenda of the next Congress.
One is a bipartisan proposal now under review that would forbid federal government agencies from strong-arming technology companies into providing encryption keys to break open the private communications of their customers. “Efforts to give the government back-door access around encryption is no different than the government pressuring every locksmith and lock maker to give it an extra key to every home and apartment,” said Erik Jaffe, President of PPSA. Protecting encryption is one of the most important pro-privacy measures Congress could take up now. Millions of consumers have enjoyed end-to-end encryption, from Apple iPhone data to communications apps like Telegram, Signal, and WhatsApp. This makes their communications relatively invulnerable to being opened by an unauthorized person. The Department of Justice has long demanded that companies, Apple especially, provide the government with an encryption key to catch wrong-doers and terrorists. The reality is that encryption protects people from harm. Any encryption backdoor is bound to get out into the wild. Encryption protects the abused spouse from the abuser. It protects children from malicious misuse of their messages. Abroad, it protects dissidents from tyrants and journalists from murderous cartels. At home, it even protects the communications of law enforcement from criminals. The case for encryption is so strong the European Court of Human Rights rejected a Russian law that would have broken encryption because it would violate the human right to privacy. (Let us hope this ruling puts the breaks on recent measures in the UK and the EU to adopt similarly intrusive measures.) Yet the federal government continues to demand that private companies provide a key to their encryption. The State of Nevada’s attorney general went to court to try to force Meta to stop offering encrypted messages on Facebook Messenger on the theory that it will protect users under 18, despite the evidence that breaking encryption exposes children to threats. PPSA urges the House to draft strong legislation protecting encryption, either as a bill or as an amendment. It is time for the people’s representatives to get ahead of the jawboning demands of the government to coerce honest businesses into giving away their customers’ keys. We’ve long chronicled the downward trajectory of EO 13526, President Barack Obama’s 2009 executive order that boldly sought to stem the tide of excessive government secrecy. President Obama imposed checks on the government by forbidding classification decisions that are made to prevent embarrassment to a person, organization, or agency, and by boosting the ability of the National Archives and Records Administration (NARA) to lead a declassification program.
“My administration is committed to operating with an unprecedented level of openness,” the president declared. At the time President Obama swept his pen over this order, there were 55 million classified documents. And how has that worked out? Today 75 million classified documents have piled up. Some of them date back to the Truman administration. A report released Tuesday by the National Coalition for History makes public the inside grips of NARA in trying to fulfill its mission. The report states that NARA’s flatlined budget leaves its National Declassification Center (NDC) short-staffed and unable to cope with thousands of pending Freedom of Information Act requests. We filed one such FOIA of our own asking a slew of federal agencies in effect if “they’ve done anything to comply with President Obama’s executive order?” Some FOIAs, the History Coalition reports, sit in 12-year queues. But the bigger problems for declassification involve perverse incentives. The History Coalition reports: “Even highly skilled and experienced NDC staffers lack the authority to reverse agency decisions that they disagree with, a dynamic that perpetuates the over-classification problem.” No one ever got fired for refusing to declassify something. No one should be surprised, then, that when you ask the agency that classified a document if it should remain classified, the answer will almost always be “yes.” Another revelation from the History Coalition’s report is that the NDC lacks a secure electronic transmittal system to send classified records for agency referrals. Instead, they are sent on digitized diskettes through regular U.S. mail. You would think that if a document is so sensitive it must remain secret that sending it back with a postage stamp would be a non-starter. That laxity, more than anything, is a sure sign that what is at work isn’t the protection of vital national secrets, but bureaucratic backside covering, the only perpetual motion machine known to physics. What can be done? A good place to start is the History Coalition’s reform proposal to vest the NDC “with the authority to declassify information subject to automatic declassification without having to refer the records back to the originating agency.” Sounds like a good idea to us. From your browsing history to your physical location, every aspect of your digital footprint can be tracked and used to build a comprehensive profile of your private life – including your political, religious, and family activities, as well as the most intimate details of your personal life. This information is invaluable not only to advertisers – which want to place ads in your social media feeds – but also to governments, which often have malevolent intentions.
Hostile governments might weaponize your personal digital trail for blackmail or embarrassment. Imagine a CEO or inventor being blackmailed into revealing trade secrets. Or, if you work in the military or in an agency for a contractor involved in national security, your personal data might be used to disrupt your life during the beginning of an international crisis. Imagine a CIA officer receiving what appears to be an urgent message of distress from her daughter or an Air Force officer being told in the voice of his commanding officer to not go to the base but to shelter in place. And then multiply that effect by the millions of Americans in the crosshairs of a cyberattack. Congress and the Biden Administration acted against these possibilities this spring by including in the Israel/Ukraine weapons appropriation measure a provision banning data brokers from exporting Americans' personal data to China, Russia, North Korea, and Iran. However, this ban had notable loopholes. Adversary countries could still purchase data indirectly through middlemen data brokers in third countries or establish front companies to circumvent the ban. To attempt to close these loopholes, Sens. Ron Wyden (D-OR) and Cynthia Lummis (R-WY) have offered an amendment to the National Defense Authorization Act to further tighten the law by restricting data exports to problematic countries identified by the Secretary of Commerce that lack robust privacy laws to protect Americans' data from being sold and exported to adversaries. This measure will help reduce the flow of Americans’ personal data through third-parties and middlemen ultimately to regimes that have nothing but the worst of intentions. PPSA applauds Sens. Wyden and Lummis for working to tighten the pipeline of Americans’ data flowing out into the world. Their proposal is a needed one and deserves the vocal support of every American who cares about privacy. As Congress debated Section 702 – the authority within the Foreign Intelligence Surveillance Act that allows U.S. intelligence agencies to surveil foreign threats located abroad – the FBI solemnly informed lawmakers that the use of Section 702 is essential to allowing the bureau to catch domestic terror plots. In fact, the FBI claimed Section 702 was used to derail a “potentially imminent terrorist attack” against critical U.S. infrastructure.
FBI Director Christopher Wray doubled down on this point in a speech on April 9, saying that “only by querying that U.S. person’s identifiers in our 702 collection did we find important intelligence on the seriousness and urgency of the threat.” FBI officials repeated that claim in an interview with Politico. These are apparent references to Brandon Clint Russell, a neo-Nazi founder of the self-styled “Atomwaffen Division” – charged with conspiring to attack electrical substations across Maryland. Yet, contrary to the agency’s repeated claims that their review of Section 702 data was essential to identifying him and the risk he posed, the FBI’s affidavit filed in the criminal case does not even mention Russell’s alleged communications with foreign targets of Section 702. And the absence of such information indicates that the FBI knew enough about him to seek a warrant without using its Section 702 database as a surveillance tool. “There they go again,” said Gene Schaerr, PPSA general counsel. “It is rank dishonesty to tell Congress one thing and the courts another.” Critics of Section 702 have long criticized the use of this authority as a way for the government to conduct “backdoor searches.” The FBI rejects that term but celebrates the use of Section 702 data to do precisely that, to use the global database as a predicate to develop domestic leads. These queries of Americans’ communications allow the government to develop investigative leads pulled out of global intercepts. It is a backdoor search because defendants often never learn about the origin of their case in court. In this case, however, there seemed to be abundant independent evidence to investigate Russell. “The filing suggests that even if the FBI performed a backdoor search, it was inconsequential,” Schaerr said. “The court filing indicates that the government had enough information to investigate – read the Wikipedia page of Brandon Russell – so why didn’t they just get a warrant as required by the Fourth Amendment?” And more important than the FBI’s failure to seek a warrant in this one case, this episode unfortunately illustrates the FBI’s willingness to lie to Congress – and by extension to the American people – to get the legislation they want. The FBI shouldn’t be surprised that no one in Congress takes their “sky is falling” cries seriously the next time around. PPSA's senior policy advisor, Bob Goodlatte, and general counsel, Gene Schaerr, explain in Just Security on why it’s imperative that intel agencies listen to bipartisan concerns re: surveillance reform. Surveillance abuses degrade and threaten the vital mission these agencies must carry out. Additionally, they explain how the intel agencies' alienation of Americans and congressional representatives is dangerous for both the Constitution and national security.
The Quick Unlocking of Would-Be Trump Assassin’s Phone Reveals Power of Commercial Surveillance7/18/2024
Since 2015, Apple’s refusal to grant the FBI a backdoor to its encrypted software on the iPhone has been a matter of heated debate. When William Barr was the U.S. Attorney General, he accused Apple of failing to provide “substantive assistance” in the aftermath of mass shootings by helping the FBI break into the criminals’ phones.
Then in a case in 2020, the FBI announced it had broken into an Apple phone in just such a case. Barr said: “Thanks to the great work of the FBI – and no thanks to Apple …” Clearly, the FBI had found a workaround, though it took the bureau months to achieve it. Gaby Del Valle in The Verge offers a gripping account of the back-and-forth between law enforcement and technologists resulting, she writes, in the widespread adoption of mobile device extraction tools that now allow police to easily break open mobile phones. It was known that this technology, often using Israeli-made Cellebrite software, was becoming ever-more prolific. Still, observers did a double-take when the FBI announced that its lab in Quantico, Virginia, was able to break into the phone of Thomas Matthew Crooks, who tried to assassinate former President Trump on Saturday, in just two days. More than 2,000 law enforcement agencies in every state had access to such mobile device extraction tools as of 2020. The most effective of these tools cost between $15,000 and $30,000. It is likely, as with cell-site simulators that can spoof cellphones into giving up their data, that these phone-breaking tools are purchased by state and local law enforcement with federal grants. We noticed recently that Tech Dirt reported that for $100,000 you could have purchased a cell-site simulator of your very own on eBay. The model was old, vintage 2004, and is not likely to work well against contemporary phones. No telling what one could buy in a more sophisticated market. The takeaway is that the free market created encryption and privacy for customer safety, privacy, and convenience. The ingenuity of technologists responding to market demand from government agencies is now being used to tear down consumer encryption, one of their greatest achievements. We recently asked why Republican House Intelligence Committee Members excluded a provision in the Intelligence Authorization Act that would narrow the scope of a new law that has become known as “Make Everyone a Spy.” Now a few senators are following up behind closed doors to further protect this law from any reform or changes. This provision became law in April as an amendment in the recent reauthorization of Section 702 of the Foreign Intelligence Surveillance Act. The language in this law defining a covered “electronic communications service provider” is shockingly broad, enlisting most every kind of business and “custodian” of equipment capable of storing and carrying data. This means that virtually any business with Wi-Fi or routers could be asked to turn over Americans’ communications to the government, followed by a lifetime gag order never to reveal it to customers. Sen. Ron Wyden, D-OR, as this measure was on the verge of passage in April, said on the Senate floor: “Now, if you have access to any communications, the government can force you to help it spy. That means anyone with access to a server, a wire, a cable box, a Wi-Fi router, a phone, or a computer. Think about the millions of Americans who work in buildings and offices in which communications are stored or pass through.” Realizing how outlandish this authority is, Sen. Mark Warner, Chairman of the Senate Intelligence Committee, at the time promised his colleagues that if they passed this measure, he would later refine its language to narrow the definition of an electronic communications service provider. Sen. Warner recently offered an amendment to narrow the scope of this law in the Intelligence Authorization Act. Although Warner’s amendment is classified, it is widely believed to limit this new form of warrantless surveillance to data centers. Now two unnamed senators are said to have nixed Sen. Warner’s promise behind closed doors. This would leave in place the most expansive version of the Make Everyone a Spy law.
We ask you to contact your Senators and tell them: Do not allow senators to renege on Sen. Mark Warner’s pledge to narrow the definition of a covered electronic communications service provider in the “Make Everyone a Spy” law. If the promised reform is not included, senators should hold up the Intelligence Authorization Act until it is put back in! We reported earlier this month that Los Angeles police are alarmed at the proliferation of wireless cameras installed in bushes that allow criminals to remotely surveil homes targeted for burglaries.
Now police in Braintree, Massachusetts, have arrested two men and a woman in connection to a series of burglaries enabled by these remote, wireless cameras. One of the suspects, a Colombian man wearing all black and a mask, was arrested and charged with resisting arrest and assault and battery on a police officer, after attempting to flee when he was allegedly caught retrieving a wireless camera in front of a home that had been burgled. The three people arrested are, according to Braintree police, connected to a group known as the South American Theft Group, which uses extensive surveillance, GPS tracking technology, and counter-surveillance measures to analyze the comings and goings of their victims. The commoditization of spyware and the popularization of sophisticated plans for surveillance is driving this revolution in neighborhood crime. What can we do? In addition to the customary precautions of installing locks and alarms, outdoor lights, and installing security cameras, you should avoid posting advance notice of family vacations. Criminals are watching your social media posts as well. PPSA Asks Supreme Court to Hear X Corp.’s Constitutional Case Against Surveillance Gag Orders7/10/2024
PPSA announced today the filing of an amicus brief asking the U.S. Supreme Court to take up a case in which X Corp., formerly Twitter, objects to surveillance and gag orders that violate the First Amendment and pose a threat to the Fourth and Sixth Amendments as well.
When many consumers think of their digital privacy, they think first of what’s on their computers and shared with others by text or email. But the complex, self-regulating network that is the internet is not so simple. Our online searches, texts, images, and emails – including sensitive, personal information about health, mental health, romances, and finances – are backed up on the “cloud,” including data centers like X Corp.’s that distribute storage and computing capacity. Therein lies the greatest vulnerability for government snooping. The growth of data centers is prolific, rising from 2,600 to 5,300 such centers in 2024. And with it, so have government demands for our data. When federal agencies – often without a warrant – seek to access Americans’ personal data, more often than not they go to the companies that store the data in places like these data centers. For years, this power involved large social media and telecom companies. The power of the government to extract data, already robust, increased exponentially with the reauthorization of FISA Section 702 in April, which included what many call the “Make Everyone a Spy Act.” This provision defines an electronic communication service provider as virtually any company that merely has access to equipment, like Wi-Fi and routers, that is used to transmit or store electronic communications. On top of that, the government then slaps the data center or service provider with a Non-Disclosure Order (NDO), a gag order that prevents the company from informing customers that their private information has been reviewed. One such company – X Corp. – has been pressing a constitutional challenge against this practice regarding a government demand for former President Trump’s account data. PPSA has joined in an amicus brief supporting X’s bid for certiorari, asking the Court to consider the constitutional objections to government conscription of companies that host consumers’ data as adjunct spies, while restraining their ability to speak out on this conscription. In the case of X, the government has seized the company’s records on customer communications and then slapped the company with an NDO to force it to shut up about it. The government claims this secrecy is needed to protect the investigation, even though the government itself has already publicized the details of its investigation. Whatever you think of Donald Trump, this is an Orwellian practice. PPSA’s amicus brief informed the Court that the gag order “makes a mockery of the First Amendment’s longstanding precedent governing prior restraints. And it will only become more frequent as third-party cloud storage becomes increasingly common for everything from business records to personal files to communications …” The brief informs the Court: “NDOs can be used to undermine other constitutionally protected rights” beyond the First Amendment. These rights include the short-circuiting of Fourth Amendment rights against warrantless searches and Sixth Amendment rights to a public trial in which a defendant can know the evidence against him. Partial solutions to these short-comings are winding their way through the legislative process. Sen. Mark Warner, Chairman of the Senate Intelligence Committee, introduced legislation to narrow the scope of businesses covered by the new, almost-universal dragooning of businesses large and small as government spies – though House Intelligence Chairman Mike Turner is opposing that reasonable provision. Last year, the House passed the NDO Fairness Act, which requires judicial review and limited disclosures for these restraints on speech and privacy. As partial solutions wend their way through Congress, this case presents a number of well-defined concerns best defined by the Supreme Court. PPSA today announced the filing of a lawsuit to compel the FBI to produce records about the possible use of FISA Section 702 authority – enacted by Congress to enable surveillance of foreign targets on foreign soil – for political surveillance of Americans at home.
Activists on the left and the right have long suspected the FBI uses surreptitious means to spy on lawful protests and speech. Those suspicions were confirmed when a FISA court decision released in 2022 revealed that government investigators had used Section 702 global database to surveil all 19,000 donors to a single Congressional campaign. Acting on this concern, PPSA submitted a FOIA request to the FBI in February seeking all records discussing the use of Section 702 or other FISA authorities to surveil, collect information related to, or otherwise investigate anyone who attended:
The FBI almost immediately responded to PPSA that our FOIA request “is not searchable” in the FBI’s “indices.” The response also informed us that the FBI “administratively closed” our request. The FBI did not dispute that PPSA’s FOIA request reasonably described the requested records. This should have, under the FOIA statute, triggered a search requirement, but the FBI ignored it. The self-serving excuse that limitations to the FBI’s Central Records System overlooks the plentiful databases and search methods at the fingertips of one of the world’s premier investigative organizations. After a fruitless appeal to the Department of Justice’s Office of Information Policy, exhausting any administrative remedy, PPSA is now suing in the U.S. District Court of the District of Columbia to compel the FBI to produce these documents. We’ll keep you informed of any major developments. PPSA has fired off a succession of Freedom of Information Act (FOIA) requests to leading federal law enforcement and intelligence agencies. These FOIAs seek critical details about the government’s purchasing of Americans’ most sensitive and personal data scraped from apps and sold by data brokers.
PPSA’s FOIA requests were sent to the Department of Justice and the FBI, the Department of Homeland Security, the CIA, the Defense Intelligence Agency, the National Security Agency, and the Office of the Director of National Intelligence, asking these agencies to reveal the broad outlines of how they collect highly private information of Americans. These digital traces purchased by the government reveal Americans’ familial, romantic, professional, religious, and political associations. This practice is often called the “data broker loophole” because it allows the government to bypass the usual judicial oversight and Fourth Amendment warrant requirement for obtaining personal information. “Every American should be deeply concerned about the extent to which U.S. law enforcement and intelligence agencies are collecting the details of Americans’ personal lives,” said Gene Schaerr, PPSA general counsel. “This collection happens without individuals’ knowledge, without probable cause, and without significant judicial oversight. The information collected is often detailed, extensive, and easily compiled, posing an immense threat to the personal privacy of every citizen.” To shed light on these practices, PPSA is requesting these agencies produce records concerning:
Shortly after the House passed the Fourth Amendment Is Not For Sale Act, which would require the government to obtain probable cause warrants before collecting Americans’ personal data, Avril Haines, Director of National Intelligence, ordered all 18 intelligence agencies to devise safeguards “tailored to the sensitivity of the information.” She also directed them to produce an annual report on how each agency uses such data. PPSA believes that revealing, in broad categories, the size, scope, sources, and types of data collected by agencies, would be a good first step in Director Haines’ effort to provide more transparency on data purchases. The recent passage of the Fourth Amendment Is Not For Sale Act by the House marks a bold and momentous step toward protecting Americans' privacy from unwarranted government intrusion. This legislation mandates that federal law enforcement and intelligence agencies, such as the FBI and CIA, must obtain a probable cause warrant before purchasing Americans’ personal data from brokers. This requirement closes a loophole that allows agencies to compromise the privacy of Americans and bypass constitutional safeguards.
While this act primarily targets law enforcement and intelligence agencies, it is crucial to extend these protections to all federal agencies. Non-law enforcement entities like the Treasury Department, IRS, and Department of Health and Human Services are equally involved in the purchase of Americans' personal data. The growing appetite among these agencies to track citizens' financial data, sensitive medical issues, and personal lives highlights the need for a comprehensive warrant requirement across the federal government. How strong is that appetite? The Financial Crimes Enforcement Network (FinCEN), operating under the Treasury Department, exemplifies the ambitious scope of federal surveillance. Through initiatives like the Corporate Transparency Act, FinCEN now requires small businesses to disclose information about their owners. This data collection is ostensibly for combating money laundering, though it seems unlikely that the cut-outs and money launderers for cocaine dealers and human traffickers will hesitate to lie on an official form. This data collection does pose significant privacy risks by giving multiple federal agencies warrantless access to a vast database of personal information of Americans who have done nothing wrong. The potential consequences of such data collection are severe. The National Small Business Association reports that the Corporate Transparency Act could criminalize small business owners for simple mistakes in reporting, with penalties including fines and up to two years in prison. This overreach underscores the broader issue of federal agencies wielding excessive surveillance powers without adequate checks and balances. Another alarming example is the dragnet financial surveillance revealed by the House Judiciary Committee and its Select Subcommittee on the Weaponization of the Federal Government. The FBI, in collaboration with major financial institutions, conducted sweeping investigations into individuals' financial transactions based on perceptions of their political leanings. This surveillance was conducted without probable cause or warrants, targeting ordinary Americans for exercising their constitutional rights. Without statutory guardrails, such surveillance could be picked up by non-law enforcement agencies like FinCEN, using purchased digital data. These examples demonstrate the appetite of all government agencies for our personal information. Allowing them to also buy our most sensitive and personal information from data brokers, which is happening now, is about an absolute violation of Americans’ privacy as one can imagine. Only listening devices in every home could be more intrusive. Such practices are reminiscent of general warrants of the colonial era, the very abuses the Fourth Amendment was designed to prevent. The indiscriminate collection and scrutiny of personal data without individualized suspicion erode the foundational principles of privacy and due process. The Fourth Amendment Is Not For Sale Act is a powerful and necessary step to end these abuses. Congress should also consider broadening the scope to ensure all federal agencies are held to the same standard. We often report on the disturbing growth of surveillance camera systems in the hands of government, whether it’s through expansion of networks at city intersections, or convincing citizens to hand over video from their Ring and other private camera systems. We’ve reported on police aiming a camera at a home to create a 24-hour stakeout over eight months.
Now a new threat is emerging – criminals are leveraging these same surveillance tools for stakeouts to determine the best time to clean out your house. For years, burglars have scouted out target homes by posing as salesmen or dressing up as repairmen or utility workers. But that required shoe leather and a certain degree of risk. A report by Nathan Solis of The Los Angeles Times uncovers a troubling trend in Southern California going nationwide – criminals are installing hidden cameras in residential yards. Burglars are planting hidden cameras wreathed in plastic leaves and inserted into bushes to stake out unsuspecting homeowners’ yards to monitor the comings and goings of family members in order to plan their crimes with precision. Wi-Fi jammers, illegal to possess but legal to sell, are also often used to disable home security systems when the break-in does occur. In the face of such a threat, what can we do? The Times offers proactive steps you can take to protect against surveillance-enabled burglars. First, if you spot such a device you should alert police immediately, so law enforcement can track the secret trackers. You should have an electrician hardwire your burglary alarm with cables that go direct into your router so it cannot be turned off. Put a padlock on your circuit-breaker to further protect against someone turning off the power to your alarm system. Have lights activated by motion detectors and harden your points of entry. The Times also reports that police recommend placing Apple Air Tags or some other tracker placed inside a few valuables to allow the police to track your items if they should be stolen. In any event, as with the deep infiltration of the phones of police and journalists by cartels with “zero-day” software, we should expect any new surveillance technology in the hands of the government and law enforcement will wind up in the hands of criminals as well. We’ve long recounted the bad news on law enforcement’s use of facial recognition software – how it misidentifies people and labels them as criminals, particularly people of color. But there is good news on this subject for once: the Detroit Police Department has reached a settlement with a man falsely arrested on the basis of a bad match from facial recognition technology (FRT) that includes what many civil libertarians are hailing as a new national standard for police.
The list of injustices from false positives from FRT has grown in recent years. We told the story of Randall Reid, a Black man in Georgia, arrested for the theft of luxury goods in Louisiana. Even though Reid had never been to Louisiana, he was held in jail for a week. We told the story of Porchia Woodruff, a Detroit woman eight months pregnant, who was arrested in her driveway while her children cried. Her purported crime was – get this – a recent carjacking. Woodruff had to be rushed to the hospital after suffering contractions in her holding cell. Detroit had a particularly bad run of such misuses of facial recognition in criminal investigations. One of them was the arrest of Robert Williams in 2020 for the 2018 theft of five watches from a boutique store in which the thief was caught on a surveillance camera. Williams spent 30 hours in jail. Backed by the American Civil Liberties Union, the ACLU of Michigan, and the University of Michigan Civil Rights Litigation Initiative, Williams sued the police for wrongful arrest. In an agreement blessed by a federal court in Michigan, Williams received a generous settlement from the Detroit police. What is most important about this settlement agreement are the new rules Detroit has embraced. From now on:
Another series of reforms impose discipline on the way in which lineups of suspects or their images unfold. When witnesses perform lineup identifications, they may not be told that FRT was used as an investigative lead. Witnesses must report how confident they are about any identification. Officers showing images to a witness must themselves not know who the real suspect is, so they don’t mislead the witness with subtle, non-verbal clues. And photos of suspects must be shown one at a time, instead of showing all the photos at once – potentially leading a witness to select the one image that merely has the closest resemblance to the suspect. Perhaps most importantly, Detroit police officers will be trained on the proper uses of facial recognition and eyewitness identification. “The pipeline of ‘get a picture, slap it in a lineup’ will end,” Phil Mayor, a lawyer for the ACLU of Michigan told The New York Times. “This settlement moves the Detroit Police Department from being the best-documented misuser of facial recognition technology into a national leader in having guardrails in its use.” PPSA applauds the Detroit Police Department and ACLU for crafting standards that deserve to be adopted by police departments across the United States. |
Categories
All
|