​If you’ve read Rick Atkinson’s prize-winning books on the American Revolution or watched Ken Burns’ documentaries on that founding event, you know how deeply Americans have always valued privacy. The Revolution itself was sparked, in part, by outrage over the British Crown’s use of “general warrants” – sweeping authorities that allowed the King’s agents to ransack homes, warehouses, offices, and ships at dock in search of anything they deemed suspicious.

Now, nearly 250 years after the Declaration of Independence, London is at it again.

This time, the British government is executing a plan to override the security and encryption protections built into U.S. technology products – exposing the private data of Americans, and potentially users around the world, beginning with Apple devices.

The CLOUD Act — and a Deal Gone Wrong

PPSA Senior Policy Advisor Bob Goodlatte knows this territory well. A former congressman from Virginia and Chairman of the House Judiciary Committee, Goodlatte helped lead passage in 2018 of the Clarifying Lawful Overseas Use of Data Act, better known as the CLOUD Act.

The CLOUD Act allows the United States and trusted foreign partners to enter into data-sharing agreements, enabling law enforcement to seek data through warrants or subpoenas regardless of where that data is stored. But Congress paired this authority with firm guardrails to protect privacy, civil liberties, and the rule of law.

One of those agreements – the U.S.–UK Data Access Agreement (DAA) – has now veered sharply off course.

“I am deeply troubled by how the United Kingdom has taken advantage of our goodwill,” Goodlatte wrote in a letter sent late last week to Attorney General Pam Bondi.

Britain’s Abuse of Surveillance Powers

At issue is the UK’s use of so-called Technical Capabilities Notices, or TCNs, issued under the UK Investigatory Powers Act. These secret orders can compel U.S. technology companies to weaken, delay, or suspend the deployment of essential security features, including end-to-end encryption.

“The threat to Americans’ privacy from these measures is real,” Goodlatte warned, whether the UK’s actions affect U.S. companies’ global products or are limited to services offered in Britain. Even in the latter case, he explained, the consequences are profound: increased risk of global surveillance, compromised digital infrastructure, and a direct assault on the protections Congress demanded when it approved the agreement.

Approval Rights and Gag Orders on U.S. Companies

Goodlatte also pointed to a particularly alarming requirement: U.S. companies must notify the British government before rolling out security upgrades – precisely the kind of foreign leverage Congress explicitly sought to prevent.

The CLOUD Act’s promise of streamlined cross-border cooperation, he wrote, “was never intended by Congress to be leveraged by a foreign partner to compel any form of ‘backdoor’ access or other types of decryption assistance.”

Even worse, UK policy reportedly imposes gag orders that prevent U.S. companies, starting with Apple, from disclosing this interference even to the U.S. government itself.

The Only Remedy: Suspend the Agreement

The CLOUD Act anticipated this scenario. Under the DAA, the United States may suspend or terminate the agreement when a partner government’s laws or practices materially undermine its privacy and civil liberties commitments.

“Accordingly,” Goodlatte wrote, “I urge the Department of Justice to invoke Article 12.3 and suspend the Agreement unless and until the UK withdraws its use of TCNs.”

During passage of the CLOUD Act, Goodlatte insisted on strong congressional oversight of the law’s implementation. Now, he is calling on the Justice Department to enforce the deal’s terms – and protect Americans from a digital revival of the general warrants our founders fought to abolish.
​
Expect sitting Members of Congress to take up that call as well.

​Almost every day, we learn of new capabilities in China’s ever-expanding surveillance and intimidation operations. Xi Jinping’s regime is perfecting its ability to track enemies, even as far from Beijing as West Texas.

Consider the story of Li Chuanliang, a retired Communist Party official who fled China and was granted asylum in the United States. Now in Midland, Texas, Li told the Associated Press:

“They track you 24 hours a day. All your electronics, your phone – they’ll use every method to find you, your relatives, your friends, where you live: No matter where you are, you’re under their control.”

What’s even more disturbing may be the source of China’s capabilities. Technology first deployed to track and persecute China’s Muslim Uyghur minority now helps power the country’s worldwide surveillance network,  supported by technology developed in the United States.

When the AP asked U.S. companies about their role in such potentially deadly technology transfer, most deflected: “IBM said in a statement that it sold its division making the i2 program in 2022, and has ‘robust processes’ to ensure its technology is used responsibly. Oracle declined comment, and Microsoft did not respond.”

But for China, it’s all been a golden opportunity – literally. The regime named the U.S.-derived lynchpins of its surveillance network “Golden Tax,” “Golden Finance,” and “Golden Audit.” (See also China’s notorious Golden Shield program, which American cyber-giant Cisco helped to build.)

The Chinese Communist Party hunts for its perceived enemies in-person as well as online. It involves attempts to recruit American citizens to the cause, according to court filings against two Chinese organizations. The schemes included the use of fake social media accounts to intimidate Chinese dissidents residing abroad.

And, it seems, they occasionally have help from U.S. citizens such as an ex-New York cop convicted of hunting dissidents for the PRC. It’s a sordid tale and, sadly, far from an isolated incident. Nor is the tale of such transnational aggression limited to state actors like China alone.

In addition to matters of statecraft, the human toll exacted by such global Big Brother programs is immeasurable, as seen in the mental health effects of state surveillance on Chinese students who are merely studying in the United States. Some have cut all ties to family and friends back home to protect their loved ones from the suspicion that comes from simply being in America.

We should remember these souls during this season of light. If you know a Chinese student or resident who doesn’t seem to have many friends here, it might not be by choice. Consider reaching out to them in person and offering your support. Just be careful about using your cellphone (or theirs) to make plans. Consider getting your church involved too, like congregants in Midland did for Li and others.
​
Speaking of which, check out the AP’s poignant photo essay chronicling Li’s attempts to build a new life in Midland, together with other Chinese expatriates.

​The Bill of Rights was ratified on this day in 1791 — guaranteeing that in addition to free speech, freedom of religious exercise, the right to due process, and other natural rights — that the government must obtain a probable cause warrant from a judge before it can search our persons, houses, papers, and effects. It established what the Founders hoped would be a bright line against unreasonable searches and seizures.
 
Unfortunately, with the rise of surveillance technology, the Fourth Amendment is often observed today in the breach. But it is still a shield against police entry into Americans' home and unreasonable physical searches. Let this birthday remind us of the need to jealously guard our freedoms — and extend them to the digital world, as well as the physical. 

VICE recently interviewed privacy expert Jason Bassler about the many ways that surveillance has crept into our daily lives and become more or less normalized. Jason is the co-founder of the Free Thought Project, whose site you might not want to visit if you’re already paranoid about being watched.

Among the observations that Jason offered VICE were the following. Think of them as a “State of Our Privacy” report:

Smartphones are the well-connected spies in our hand:

“Today’s mobile tech goes far beyond anything we saw even five years ago. Our phones constantly ping GPS satellites, Wi-Fi networks, and cell towers to triangulate our location, whether or not you’re using a map app. Apps quietly harvest this data and sell it to data brokers, who in turn sell it to agencies like ICE, the FBI, and even the U.S. military.”

If it’s a border, it’s biometric:

“TSA is expanding biometric surveillance across nearly all U.S. airports as part of a $5.5 billion modernization push. Airports nationwide will be utilizing facial recognition software, and over 250 airports will be accepting digital ID verification. It’s a similar situation with the U.S. Customs and Border Protection. Biometric data collected at borders is often retained indefinitely, and it’s increasingly shared with law enforcement and intelligence agencies, raising concerns about lack of oversight. Border control isn’t just about fences anymore. It’s about fingerprints, facial scans, and AI predictions.”

License plate readers are nearly ubiquitous:

“They’re designed to capture, analyze, and store vehicle data in real time. Think of them as a cop on the corner of your street, taking notes about every car that passes – its color, its make, its year, where it’s going, how often it goes there, how long it stays, and much more. Now, imagine an army of cops on every corner of your city doing that. This is what Flock [Safety brand] cameras are, except they are mounted on poles and traffic lights.”

Bassler also recommends the following ways to fight back against what he calls the growing “ecosystem” of surveillance and its normalizing influence:

• “Obscure your biometrics, especially if you’re at a protest or political event.

​

• Opt for strong passwords and turn off biometric unlocking features on your phone and devices.

 

• Disable GPS or Bluetooth when not in use, and avoid apps that demand location access.

 

• Use privacy-first tools and tech. Encrypted messaging apps like Signal help; VPNs and privacy browsers like Brave all help move in a better direction.

 

• Minimize your data trail – don’t overshare on social media, avoid posting real-time location or personal identifiers. Also, always opt out when possible. Decline facial scans at airports, stores, and events.”

Finally, Bassler reminds us to push back politically and let our voices be heard. One way to do that is to remind Congress to finish passing the Fourth Amendment Is Not For Sale Act and send it to the president’s desk.
​
For Vice’s interview with Bassler go here.

​Now more than ever, be careful about choosing collaboration partners. That’s the lesson Strategy Risks and the Human Rights Foundation are drawing in a new report. Their findings are a jaw-dropping wake-up call about China manipulating Western institutions into giving up cutting-edge AI knowledge to serve its dictatorship.

Here’s the play-by-play:
​

1. Beginning in 2000, the U.S. and UK governments, along with other Western sources, funded numerous research projects at various academic institutions, including at MIT, Stanford, and Oxford.  
   
   
2. Using that money, the researchers partnered with two state-backed Chinese AI labs (this is where you should say, “Uh-oh!”) and co-authored roughly 3,000 papers.
   
   
3. This was applied research, a branch of academia that over the past 20 years has come to dominate high-dollar research grants, especially in the areas of security and technology. These papers were tasked with finding answers to real-world questions.
   
   
4. And while such pragmatic endeavors are not problematic in principle, these particular real-world questions weren’t about polar ice cap tenacity or the migration patterns of Central American bees. Instead, they’re straight out of Voldemort’s dark-arts agenda: How to track multiple “objects” (e.g., people) simultaneously. How to recognize the gait patterns of individuals (it turns out such patterns can be as unique as fingerprints), and how to see in the dark (because who doesn’t want to be able to do that?).
   
   
5. Why on earth would the Chinese be interested in obtaining the answers to such curious questions? The Chinese Communist Party’s technocratic authoritarian superstate requires certain capabilities: Mass surveillance, gathering intel on Western corporations, and exploring the intersections of AI, mathematics, and physics.

It gets worse. U.S. Department of Defense agencies were also involved in the funding process, and their specialized involvement helped drive research into national security questions: Optical-phase-shifting tech and biometric monitoring, to cite two examples. The Chinese military is keen on tracking people using drones and facial recognition algorithms. Or more to the point: it is keen on surveilling, detaining, and persecuting more than one million Uyghur Muslims. 

The report found that ethics watchdogs on the Western side lost their bark. Only two bothered to call out the troubling connection between Western institutions and their Chinese collaborators in the five years since 2020. “A staggering lack of interest,” is how the Human Rights Foundation characterized it to Fox News Digital. Still, in defense of what may have simply been an appalling level of naiveté on the part of Western researchers, the report concludes:

“Chinese laboratories are rarely listed as direct grant recipients, allowing them to bypass due-diligence checks while benefiting directly through co-authorship and knowledge transfer. Taxpayer resources generate knowledge that flows into institutions embedded in China’s apparatus of repression.”

The report then calls for the following guardrails: Mandatory due diligence on human rights, full disclosure of international partnerships, and expanded ethics mandates for AI institutes. It’s a lesson the FBI itself still needs to learn. We would add that this revelation cries out for congressional oversight and hearings – and if the facts warrant it – threats to cut off federal funding.

Of course, those guardrails will have no effect on China’s institutions, where security and technology firms are required to share their findings with the Chinese Communist Party.
​
But at least such reforms will give us a fighting chance to stymie these covert spycraft efforts, as well as to disabuse ourselves of the Faustian illusion that such collaborations were ever, or will ever be, business as usual.

​PPSA General Counsel Gene Schaerr told the House Judiciary Committee on Thursday morning that Congress faces four critical opportunities to restore Americans’ privacy as Section 702 of the Foreign Intelligence Surveillance Act (FISA) comes up for reauthorization in April.

Schaerr praised the committee for holding a timely oversight hearing as the nation approaches the 250th anniversary of the Declaration of Independence. “But with every passing year,” he said, “it is harder to square our emerging surveillance state with the ‘consent of the governed’ articulated in the Declaration.”

One driver of the surveillance state is FISA Section 702, originally enacted to target foreign threats on foreign soil, but which has instead become a tool the federal government uses to warrantlessly spy on Americans at home, he told the committee.

Schaerr then outlined four reforms Congress can enact in the coming months:

1. Add a probable-cause warrant requirement for “queries” – or searches – of Americans' communications caught up in Section 702 surveillance.

Under current rules, government personnel can conduct “backdoor searches” of Americans’ emails, messages, and other communications collected under Section 702 without court approval. A warrant requirement would close this loophole.

2. Require warrants when federal agencies, from the FBI to the IRS, purchase Americans’ sensitive digital information from data brokers.

This commercially available data includes Americans’ browsing histories, transaction and purchase records, online searches, and other revealing information about their private beliefs and associations. It is far more intimate than anything gleaned from diaries or public records.

3. Narrow the 2024 “make everyone a spy” provision.

Added in the final hours of the last surveillance debate, this law obligates providers of free Wi-Fi to comply with secret NSA demands for private communications. It allows the government to conscript office-space providers – including those who rent space to media organizations, law firms, and political campaigns – into enabling warrantless surveillance of people using their buildings’ internet networks. Even churches and other houses of worship could be targeted.

4. Strengthen the role of cleared civil-liberties experts (amici) in the FISA Courts.

Schaerr urged Congress to require courts to rely on amici for politically sensitive FISA cases by finally enacting the “Lee-Leahy Amendment” that passed the Senate in 2020 with 77 votes.
“Nearly a decade after the Trump campaign and transition were illegally surveilled, this key reform – which would have prevented many of the abuses that occurred in 2016 – is still not in place,” Schaerr said. He also urged the loosening of restrictions that prevent existing amici from accessing key materials and proceedings, needed for meaningful oversight inside the secret courts.

Schaerr concluded by praising the committee for taking the lead on congressional surveillance reform.

“With the bipartisan focus that has come to define this Committee’s work in this important area, I am confident that you can right this ship,” Schaerr said.

Gene Schaerr’s full written testimony can be read here.

​On Thursday, December 11 at 9 a.m. (ET), Gene Schaerr, PPSA’s General Counsel, will testify before the House Judiciary Committee – examining the growth of the surveillance state and how Congress can rein it in.

​You will hear:
 

• How the government continues to use Section 702 – a legal authority designed by Congress to surveil foreign threats on foreign soil – to conduct “backdoor searches” of Americans on American soil.

 

• How federal agencies routinely purchase Americans’ sensitive personal digital information, giving the government warrantless access to electronic records, web-browsing activities, transaction and purchase records, online searches, and other data that can be more personal and intimate than a diary.

 

• How a new authority obligates providers of office space for media outlets, law firms, and political campaigns to facilitate warrantless surveillance of their tenants. Even houses of worship are vulnerable to being asked to spy on their congregants.

 

• How the secret surveillance court continues to grant some requests to monitor Americans without meaningful review by experts in civil liberties.

 
Other witnesses will include:
 

• Brett Tolman, Former U.S. Attorney, District of Utah; Executive Director, Right on Crime

 

• James Czerniawski, Head of Emerging Technology Policy, Consumer Choice Center

 

• Liza Goitein, Senior Director, Liberty & National Security, Brennan Center for Justice

 
Again, watch it live at 9 a.m. (ET) on Thursday, Dec. 11, or catch the replay at your convenience.

Axios contributors Christine Clarridge and Russell Contreras recently assessed the increasingly ominous role artificial intelligence is playing in cybercrime. Deepfakes, ransomware, identity hijacks, and infrastructure hacks are all newly elevated threats – widely varied acts that previously required specialized expertise and massive organizations.
But not anymore. Now, they write:

“Off-the-shelf AI lowers the skill level and cost of carrying out attacks, enabling small crews to execute schemes that previously required nation-state resources.”

Here's what else their snapshot revealed:

• Financial systems seem especially vulnerable, but the threat isn’t limited to banks. It potentially affects any entity with customer accounts, from hospitals to water plants to retailers.

• “Crimes can now hit millions at once with voice clones and account takeovers, while local agencies are trained and funded to chase one case at a time.”

• AI can commit crimes humans aren’t capable of: “AI can create automations to ‘lock pick’ into a system millions of times per second, something humans can't do.”

• Almost anything can be disabled in such attacks: a Port of Seattle attack “disabled airport kiosks, baggage systems and Wi-Fi, while exposing data for roughly 90,000 people.” Speaking of Seattle, the Seattle Public Library “suffered a ransomware attack that wiped out its catalog, computers, Wi-Fi and e-books.” It cost Seattle a million dollars and three months to fully recover.

• The Chinese government is all-in: “State-backed hackers used AI tools from Anthropic to automate breaches of major companies and foreign governments during a September cyber campaign.” That attack marks a particularly dark turn, since the level of human involvement required was minimal thanks to AI’s assistance.

• More crimes are happening: “Generative AI has increased the speed and scale of synthetic-identity fraud,” especially where real-time payment systems are involved.

​

• And they are happening faster: “A deepfake attack occurred every five minutes globally in 2024, while digital-document forgeries jumped 244% year-over-year.”

When it comes to cybercrime, these stats suggest that it pays to be more than a little paranoid.

​Security consulting firm Koi recently published an exposé about a new online privacy threat, one with the unforgettable name of “ShadyPanda.” The scheme allowed browser extensions to infect 4.3 million Chrome and Edge users. In this case, “infect” means sit there quietly, take control whenever it wants, then pretty much do whatever it pleases, including:
​

• Stealing anything stored in browsers (search history, passwords, credit card numbers)

 

• Intercepting what’s being typed and captured in screenshots

 

• Hijacking web traffic, redirecting you to fake logins

 

• Injecting malicious software/scripts (to add even more capabilities to spy on you and rip you off)

 

• Impersonating users (stolen cookies and passwords for theft)

ShadyPanda’s extensions often worked legitimately for years before being activated and turned into full-blown spyware – making it an especially effective tool for keeping tabs on businesses.

Some of the extensions were simple wallpaper galleries or productivity tools, and many had been marked as “trusted” or “verified” by the marketplaces that hosted them.

One of the key vulnerabilities this research exposed was the whole “trust and verify” approach. Once approved by various marketplaces, extensions were never re-verified. And because most users opt for “auto-updating,” the extensions could continue to build up a large user base and then be activated as spy tools when needed. Koi reports:

“Chrome and Edge's trusted update pipeline silently delivered malware to users. No phishing. No social engineering. Just trusted extensions with quiet version bumps that turned productivity tools into surveillance platforms.”

And where is all that collected data going? To surveillance-obsessed China, of course.

Worried that you might be infected? Check out The Hacker News’ partial list of the culprits. Infosecurity Magazine recommends you also check your browser extensions and remove anything you don’t recognize or no longer use.

And turn off auto-updating while you’re at it.
​
It is a dispiriting truth of modern life that we are – and likely always will be – in a footrace against hackers and thieves, whose tools will grow even more dangerous as AI evolves. But we don’t have to be helpless. At least we can take satisfaction in knowing that by embracing best practices, we can at least be a step ahead and leave the ShadyPandas of the world empty-handed.

​Several years ago, Michael Horowitz, Inspector General of the Department of Justice, issued a scathing report detailing the errors of omission and commission in the FBI’s secret surveillance of then-presidential candidate Donald Trump in 2016. Since then, the FBI has been caught collecting the metadata of U.S. Senators’ phones, as well as warrantlessly extracting data on political donors, Members of Congress, and a state judge – targets in both parties.

The FBI’s political surveillance was so out of control that by 2023 the chair of the House Progressive Caucus and the former chair of the House Freedom Caucus teamed up to publicly warn of the chilling effect of FBI spying on the political process.

On Wednesday, Rep. Elise Stefanik (R-NY) secured the inclusion of a provision reining in the FBI in the annual National Defense Authorization Act (NDAA). It is a measure, in her words, that would require “Congressional disclosure when the FBI opens counterintelligence investigations into presidential and federal candidates seeking office.”
​
Given the lack of trust that now exists between the parties, Stefanik’s provision should attract support from both sides of the aisle in the Senate and when the NDAA goes to a conference committee. Even the FBI should welcome it, ensuring that any investigations of candidates are above board and discreetly disclosed to congressional overseers.

​If you’re making a holiday shopping list for the kids, be grateful that Kumma “talking toy bears” will no longer be on store shelves. It is creepy enough that AI-enabled toys allow companies to track what your children (and any family members in the vicinity) say. How long such data is kept – and how it might be used when children become adults – is anyone’s guess.

Worse, an advocacy group found that FoloToy’s Kumma bear had no problem recommending kinky sex as a way to spice up relationships. (It offered, among other things, tips on how to tie knots). Completely unrelated and of no concern at all is the news that OpenAI announced a partnership with Mattel in June of this year.

Now back to the bear: Not only did Kumma discuss very adult sexual topics, but it also introduced new ideas the evaluators hadn’t even mentioned – “most of which are not fit to print.” They also found AI-powered children’s toys (including Kumma) that variously:

• Offered advice on where to find matches, knives, and pills

 

• Provided tips on how to be a good kisser

 

• Asked follow up questions about sexual preferences

 

• Seemed dismayed when users said they had to leave

 

• Found ways to actively discourage users from leaving

 

• Listened continuously and joined a nearby conversation

And as that last bullet suggests, don’t even think about privacy:

“These toys can record a child’s voice and collect other sensitive data, by methods such as facial recognition scans,” warn the researchers. It’s unclear what the (mostly Chinese) companies pushing these products will do with all the data they mine from these toys, but deleting it seems highly unlikely. To date, such AI systems remain eminently hackable.

Earlier talking toys like Hello Barbie relied on machine learning and could only follow predetermined scripts. But the rise of generative AI has introduced true conversationality into the mix – and with it, massive unpredictability (randomness, after all, is baked into generative AI models). The responses are often completely novel – and may be entirely inappropriate for younger audiences (or, as adults have discovered, just plain wacko).

Parents need to understand that children might be having detailed, potentially formative conversations on all kinds of important topics – without their knowledge or involvement. And many of the toys in question use gamification techniques and other strategies (as in the list above) to keep children engaged and continuously coming back for more.

Of course, it’s now a given that every AI toy tested framed itself as one’s buddy or even best friend. The stakes could hardly be higher: For the youngest children, the presence of AI-based toys introduces a massive unknown into a critical window for development.

For now at least, Kumma the bear is off the market in the wake of the revelations about its kinky side and tell-all personality.
​
Being a parent or caregiver was already hard enough. Now thanks to generative AI and the mad rush to reinvigorate a market (children’s toys) that had long been stagnant, gift-giving is turning out to be almost as fraught as parenting itself.

​Sometimes the best defense against privacy violations is as simple as choosing a good password.

Such was the case in South Korea, where officials recently arrested multiple suspects accused of hacking into private surveillance cameras and capturing footage as pornography for voyeurs. The 120,000 cameras were inherently hackable because they are, after all, internet devices. But users made it all the easier by choosing exceptionally weak passwords.

It's uncertain just how explicit the footage was (sourced from homes, Pilates studios, and even a women’s health clinic). Some of it was sold on overseas platforms that appear to cater to sexually exploitative content.

Pro tip: “11111” and “12345” are terrible passwords, as are any other repeating or sequential numbers. And this maxim is especially relevant when dealing with devices that are internet-connected. Yet from Zoomers to octogenarians, the password problem remains, as The Register’s Connor Jones reports, as “prevalent and dangerous as ever.”

Case in point: the recent news that the password for the ransacked Louvre’s CCTV system was “Louvre.”

So clearly the vulnerability of camera systems is a problem that goes beyond South Korea and this particular (ab)use case. In June, security researchers found that they could access tens of thousands of internet-connected cameras worldwide (35 percent of which were in the United States). Vulnerable systems were everywhere in addition to homes: retail sites, construction zones, hotels – you name it. By studying the feeds, researchers noted, bad actors can find a treasure trove of useful information – from poorly lit spots to unguarded doors to times when no one’s around.

Somewhere out there is a black market for anything a “security” camera might capture. So think twice about even having Internet-connected cameras (CCTVs that record directly to local devices are a better alternative). If you must be connected, however, then at least up your password game.
​
Finally, if you’ve installed connected cameras, try not to forget where they are five years hence on some enchanted evening.

​San Jose, California, has 474 cameras tracking license plates – more than enough to create a network whose primary use seems to be mass invasions of privacy rather than criminal investigations. A new lawsuit against the city reveals that from June 2024 to June 2025, the police department conducted more than 250,000 warrantless searches of its license plate database.

City officials say the plate readers help solve serious crimes, including homicides, a claim the lawsuit does not dispute. But there aren't anywhere near 250,000 felonies in San Jose each year – which means those warrantless searches are being used for something else. The plaintiffs see two possibilities:

1) dragnet surveillance or

2) an outright tracking system.

If it is a tracking system that San Jose wants, it has the makings of one that is truly Orwellian. The city’s cameras apparently capture data points that include “vehicle, bumper stickers with political or other messages, make, model, color, and other details, depending on the camera's position, as well as GPS coordinates and date and time information.”

Even in camera-crazy, data-obsessed California, that’s pushing the envelope. What’s more, San Jose retains the data for a year, while the typical retention period in the state is 30 days. Few other jurisdictions use as many cameras, either per capita or in total.

Beyond the sheer scale, it’s the level of intimacy this data represents that rankles privacy advocates. Did you go to the gym last Tuesday morning before work? Did you go out on a date Friday night – and with whom? Did you go to a worship service or political rally? Or something else?
​
Who knows what peccadilloes lurk in the hearts of citizens? San Jose knows.

​When your identity is confirmed by a string of numbers in a computer, are you still yourself if the algorithm determines you (the person) are not you (the digital ID)?

One state, Utah, is leading the nation in answering this question with policies that safeguard humans, while Washington, D.C. is heading down the path of reducing humans to algorithms.
Consider ACLU’s Jay Stanley, who praised Utah for its “State-Endorsed Digital Identity” (SEDI), the state’s new framework for digital ID systems. In an approach that should be the norm rather than the notable exception, the Beehive State puts privacy first.

Utah begins with the conviction that identity “is not something bestowed by the state, but that inherently belongs to the individual; the state merely ‘endorses’ a person’s ID.” In other words, our identities belong to us. We are born with them. We own them. With that realization comes new-found respect for privacy and other forms of personal freedom. 

This view of identity stands in sharp contrast to the definition Stanley found in the data-driven world of federal law enforcement. With the feds, identity is becoming something only the state can grant, defaulting to incomplete or faulty digital verification of citizenship.

To be clear, both Utah’s SEDI platform and the federal approach utilize digital ID systems, but one is a case study in digital due diligence while the other illustrates the dangers of slapdash digital recklessness. The federal system is based on incomplete databases, poorly designed architecture, evolving (meaning, far from perfect) technology, and an utter disregard for the constitutional rights of individuals.

Utah’s approach differs from the federal approach in very important ways:
​

1. Being “user-centric” to ensure that government identification systems are used to empower individuals, not control them.
2. Being free from surveillance, visibility, tracking, or monitoring by any entity – including private companies and unauthorized government agencies and staff – other than the party that is solely authorized to check the ID.  
3. Making factors like security, completeness, and accuracy a top priority, in contrast to the unreliability of the facial recognition technology that underlies many of today’s digital verification systems.
4. Enforcing a user’s “right to paper” (or plastic), including continued and unfettered access to essential government services, even when using only non-digital, physical ID methods.  
5. Adhering strictly to constitutional rights, particularly Fourth Amendment protections against warrantless searches and dragnet-style fishing expeditions conducted without probable cause.

Stanley goes on to quote the Ranking Member of the House Homeland Security Committee, who reports that an app (called Mobile Fortify) used by Immigration and Customs Enforcement (ICE) now constitutes “definitive” determination of a person’s status “and that an ICE officer may ignore evidence of American citizenship – including a birth certificate.”

That’s bad enough on its own of course, but along the way, the government now sweeps up Americans’ biometric identifiers en masse. The databases Mobile Fortify accesses contain not only our photographs but enough records to constitute a permanent digital dossier.

Congress did not get to review, much less approve, any of this. The American people never voted on it. In fact, the whole thing leaves us wondering what happened to the Privacy Act, signed into law by President Ford in 1974. It has been described as “the American Bill of Rights on data.”  

By declaring that identity is solely digital, determined by stealthy algorithms and policies, and deniable to those whose data is non-existent, incomplete or inaccurate, the federal standard – in sharp contrast to Utah’s – subverts 250 years of traditional, constitutional practice. Remember: Our founders built the world’s most vibrant democracy on pieces of parchment copied by hand.

In any truly free society, identities are personal possessions (to help secure individual rights and facilitate their voluntary participation in society). Identities bestowed by the state ultimately serve only the state.

That we even need to ponder the nature of identity reveals the absurdity of these abuses our personhood and privacy. Nevertheless, here we are. Without transparent conversations and healthy debate, we face a future in which we are whomever the state says we are, made of malleable 0s and 1s, with nothing grounded in the physical world.
​
It's a discussion that, as of now, Utah alone seems committed to having.

​Those who live by surveillance cry by surveillance.
 
We wonder how many times politicians on both sides of the aisle will have to get slammed by the very government spying practices they’ve supported before this lesson sinks in.
 
Case in point: Rep. Eric Swalwell (D-CA). Last week, he filed a lawsuit against Bill Pulte, President Trump’s director of the Federal Housing Finance Agency, for accessing and leaking private mortgage records in retaliation for political speech.
 
Pulte has issued criminal referrals to the Department of Justice (DOJ) against Swalwell, New York Attorney General Letitia James, Sen. Adam Schiff (D-CA), and Federal Reserve Governor Lisa Cook on the basis of alleged mortgage fraud. A federal judge dismissed the charges against James, while President Trump used the allegation against Cook to fire her from the Federal Reserve Board (she remains in her job while the Supreme Court reviews the case).
 
Rep. Swalwell’s lawsuit makes an important point:
 
“Pulte’s brazen practice of obtaining confidential mortgage records from Fannie Mae and/or Freddie Mac and then using them as a basis for referring individual homeowners to DOJ for prosecution is unprecedented and unlawful.”
 
We cannot think of any prior use of private mortgage applications to harass political opponents (at least one of them, James, is arguably guilty of using lawfare herself to harass Donald Trump).
 
Pulte’s actions appear to be a flagrant violation of the Privacy Act of 1974, which governs how the government can and cannot handle Americans’ private information. The law, as Swalwell notes, “explicitly forbids federal agencies from disclosing – or even transmitting to other agencies – sensitive information about any individual for any purpose not explicitly authorized by law.”
 
Congress passed the Privacy Act to prevent the creation of a federal database that would create comprehensive dossiers on every American, something we’ve warned is now being attempted. The law specifically forbids agencies from freely sharing Americans’ confidential data gathered for one purpose (such as IRS tax collection), for another purpose (an FBI investigation). Agencies must issue written request justifying any such information sharing.
 
Pulte is anything but transparent.
 
“I’m not going to explain our sources and methods, where we get tips from, who are whistleblowers,” Pulte told the media. This mindset is in keeping with the corrupting spread of the best practices of the intelligence-surveillance state playbook. Today, it is the federal housing agency. We shouldn’t be surprised if tomorrow such “sources and methods” thinking trickles down to federal poultry inspections.
 
Meanwhile, we remain dry-eyed over Rep. Swalwell’s plight.
 
As a member of the House Judiciary Committee, Swalwell argued against – and voted against – the Protect Liberty and End Warrantless Surveillance Act. This bill would have reformed Section 702 of the Foreign Intelligence Surveillance Act by requiring a warrant before the government could access U.S. citizens’ data collected through programs enacted to surveil foreign threats on foreign soil.
 
The Protect Liberty Act would have ended the government practice of using a foreign database to conduct “backdoor searches” on Americans… not unlike, say, a regulatory agency pulling a political opponent’s private mortgage application. The principle of mutually assured payback is something to keep in mind when lawmakers again debate the provisions of Section 702 in April.

Imagine being targeted for surveillance because of your race – not with facial recognition or government inspection of your personal digital data, but through your electric meter. If you lived in parts of Sacramento, this is exactly what happened, as a decade-long scheme quietly bled Americans’ privacy one kilowatt hour at a time.

Sacramento’s Municipal Utility District (SMUD) and local police zeroed in on Asian-American customers, flagging those deemed to be using “too much” electricity. Many were assumed to be growing marijuana illegally – and police eagerly requested bulk data on entire ZIP codes to feed their suspicions.

The Electronic Frontier Foundation in July joined the Asian American Liberation Network to ask the Sacramento County Superior Court to end the local utility district’s illegal dragnet surveillance program. Last week, the court agreed, finding that routine, ZIP-code-wide data dumps had nothing to do with “an ongoing investigation.”

The court wrote:

“The process of making regular requests for all customer information in numerous city ZIP codes, in the hopes of identifying evidence that could possibly be evidence of illegal activity, without any report or other evidence to suggest that such a crime may have occurred, is not an ongoing investigation.”

The response from EFF was even sharper:

“Investigations happen when police try to solve particular crimes and identify particular suspects. The dragnet that turned all 650,000 SMUD customers into suspects was not an investigation.”

The court recognized the obvious danger – dragnets turn vast numbers of innocent citizens and entire communities into suspects.

Still, it wasn’t a clean sweep. The court stopped short of ruling that SMUD’s practice violated the “seizure and search” clause in California’s Constitution.
​
But even a qualified victory is still a victory. We are reminded that privacy wins do happen – one dragged-into-the-sunlight surveillance program at a time. This win is something to be thankful for as we count our blessings this week.

Enraged by The Marion County Record’s reporting on a public document about a restaurateur’s DUI, officers of the Marion, Kansas, police department and the local sheriff’s department raided the newspaper, and seized its computers, servers, and cellphones. Editor Eric Meyer had his home raided while his 98-year-old mother Joan – a former editor – watched the police ransack her home in great distress.
 
Joan Meyer died the next day.
 
Marion County has now agreed to pay a total of $3 million to the victims of this raid in 2023 and to Joan Meyer’s estate. The Marion County Sheriff’s Office, for its part in the raid, issued an apology as well as a check:
 
“This likely would not have happened if established law had been reviewed and applied prior to the execution of the warrants.”

The Freedom of the Press Foundation responded by saying:
 
“The First and Fourth Amendments strongly protect against searches of journalists and newsrooms.
 
“Under the Fourth Amendment, a search warrant must be supported by probable cause, which means a likelihood that contraband or evidence of a crime will be found at a particular place. The government must also specify the place to be searched and the thing to be seized.
 
“When a search warrant targets materials protected by the First Amendment – like notes, recordings, drafts, and materials used or created by journalists – the Fourth Amendment’s requirements must be scrupulously followed, the Supreme Court has said.
 
“This means that judges must be extra strict in applying the Fourth Amendment’s requirements when a search impacts First Amendment rights, which it will any time it involves a journalist or newsroom. What judges should never do is allow overly broad searches where police rifle through journalists’ desks and computer files willy-nilly in the hopes of turning up something ‘incriminating.’”
 
The Freedom of the Press Foundation also noted that Kansas, like most states, has a press shield law that would have required a court hearing before law enforcement could rifle through journalists’ confidential sources. The federal Privacy Protection Act of 1980 requires law enforcement to obtain a subpoena, not just a warrant, thereby giving The Record an additional opportunity to challenge the demand in court.
 
The Freedom of the Press Foundation concluded:
 
“Journalists also have a right to publish information given to them by a source, even if the source obtained it illegally, as long as the journalist didn’t participate in the illegality. That means that if a source gives a journalist a document or recording that the source stole, the journalist can’t be punished for publishing it.
 
“Because these things are not crimes, it also means that accessing publicly available information or publishing information that a source illegally obtained can’t be the basis for a raid on a newsroom or search of a journalist’s materials.
 
“Next time, think before you raid.”

Another in a long line of privacy-busting apps is making headlines. Anthony Kimery of Biometric Update reports that Immigration and Customs Enforcement (ICE) has an app that allows an officer to photograph a license plate, run it through commercial platforms and “instantly retrieve a vehicle’s historical sightings.”

The data that can be called up includes a vehicle’s “travel history, ownership records, and associated personal data.” In other words, portfolio building. In the old days, the feds mostly kept extensive files on criminals, suspects, and witnesses. Now merely driving a vehicle is reason enough to assemble a dossier that includes almost everything there is to know about someone.

The tech is powered by Motorola and Thomson Reuters among others. Privacy advocates have previously called out Motorola for license-plate privacy breaches. A 2022 Georgetown University report identified this firm as a go-to seller for agencies in search of consumer data, including utility records and driver’s license information. In 2019, Vice reported that the company’s contracts with ICE were lucrative, which perhaps is why “The Answer Company” wouldn’t respond with details about those dealings when Privacy International pressed for details in 2018. 

With this latest reporting, Kimery makes clear that ICE has found the perfect partners in its quest to build a national surveillance infrastructure:

“The scale is enormous. With billions of detections stored in Motorola’s network and deep identity datasets flowing from Thomson Reuters, the mobile app gives ICE a level of situational awareness that previously required specialized investigative teams and large analytic centers.”

The newly invigorated shift toward a national scale is an ominous one. Whereas agencies like ICE previously focused on border regions, ABC News notes:

“Border Patrol has built a surveillance system stretching into the country’s interior that can monitor ordinary Americans’ daily actions and connections for anomalies instead of simply targeting wanted suspects. Started about a decade ago to fight illegal border-related activities and the trafficking of both drugs and people, it has expanded over the past five years.”

Thomson Reuters previously got into trouble for selling personal data, a fact that the City of Denver recalled this summer when it put the brakes on an extension of its police contract with the company. Thoughtful objections by municipalities like Denver are admirable. But without robust constitutional guardrails installed by Congress and the states, there's no stopping invasive juggernauts like this one. As we concluded the last time we shared news about Motorola’s involvement in license plate surveillance:

“The need for lawmakers in Congress and the state capitals to set guardrails on these integrating technologies is growing more urgent by the day. Perhaps the best solution to many of these 21st century problems is to be found in a bit of 18th century software – the founders’ warrant requirement in the Fourth Amendment to the Constitution.”

​Today, the House Judiciary Committee did something too rare in Washington – it unanimously passed a meaningful privacy reform. By voice vote, Republicans and Democrats joined together to approve the Non-Disclosure Order (NDO) Fairness Act, a bill that reins in one of the most abused secrecy powers in federal law.

Credit for this privacy victory goes to Rep. Scott Fitzgerald (R-WI) and Rep. Jerry Nadler (D-NY), as well as Chairman Jim Jordan (R-OH) and Ranking Member Jamie Raskin (D-MD). Their leadership moved this bill out of committee. It is now up to the full House to pass this measure and send it to the Senate.

The bill’s reform is sorely needed. Under current law, prosecutors can secretly dig through your phone records, emails, and other data – and then slap your telecom provider with a gag order forbidding it from ever telling you that your privacy has been violated. These nondisclosure orders can last indefinitely, leaving Americans in the dark that someone has sifted through their personal communications.

The NDO Fairness Act changes that.

It puts reasonable limits on gag orders, and forces prosecutors to justify any extension. It also requires courts to explain in writing why continued secrecy is necessary – whether to protect an investigation, safeguard a vulnerable person, or address a real national security concern. The NDO Fairness Act makes sunlight the default, not the exception.

The House has, of course, passed the NDO Fairness Act before, only to watch it stall in the Senate. But the politics are shifting.

Senators are furious after learning that Special Counsel Jack Smith secretly subpoenaed the communications of eight senators. They were justifiably upset, but their response was misguided. The Senate quietly added a provision to the recent short-term funding bill giving senators the exclusive right to sue the federal government for up to $500,000 for privacy violations.

Americans don’t need a special carveout for elected officials. They need a law that protects everyone.

The NDO Fairness Act does exactly that.
​
It closes a major privacy loophole without hindering legitimate investigations, striking a balance between public safety and the Fourth Amendment rights of all Americans. The House and Senate now have a chance to fix this problem the right way – by advancing a bill that protects the people who sent them to Washington, not just themselves.

​Once upon a time, in Google’s 2004 IPO filing, it aspired to “Don’t Be Evil,” imagining itself a company “that does good things for the world.”

Dateline, November 2025: Various outlets have reported that Google’s app store now includes a version of its Mobile Identify app for Customs and Border Protection. This version is tailored to state and local law enforcement officers who are deputized to work with Immigration and Customs Enforcement (ICE) by using facial recognition to scan people using facial recognition algorithms. If a match is found on federal databases, officials at ICE are notified. And those databases (at least the ones we know of) contain records on more than 270 million people.

Odds are you and your loved ones are in those databases.

The fact that the law enforcement officers who use Mobile Identify are deputized to work alongside ICE is beside the point, as is the fact that ICE has its own, presumably more powerful version of the same app, called Mobile Fortify.

Of far greater concern is that any government agency possesses this ability. It’s easily shared across jurisdictions and Google seems to have no qualms about enabling a tool that could be deployed as a weapon to surveil American citizens at will.

After all, Google’s leaders could’ve just said “no.” But they didn’t, and now an insidious new public-private partnership is afoot. Today, it’s Google and ICE and the issue is immigration enforcement, but don’t expect it to stay that way for long. These kinds of surveillance technologies never stay contained, nor do limitations on who they target. Soon it will be Google and the government – federal, state, county, and local – and the reasons for spying on us could be our religion, political party, ethnicity, affiliation, or – well, you name it.
​
Mobile Identify is just one more reason why Congress must debate how federal agencies are accessing our private information without a warrant. This is something to keep in mind when FISA Section 702, a federal surveillance policy, comes up for reauthorization in April.

​Robert Frommer, a senior attorney with the Institute for Justice, tells the harrowing story of George Retes, a U.S. citizen and Army veteran of the Iraq War, who was stopped in his car during an immigration sweep.

He was on his way to work when he encountered an Immigration and Customs Enforcement (ICE) roadblock. A melee broke out between protesters and ICE agents. Retes’s car was engulfed in tear gas.

The Institute for Justice reports that agents smashed Retes’s car window, dragged him out, and forced him to the ground with knees on his neck and back – even though he was not resisting.

Despite Retes presenting proof of his citizenship, ICE agents detained him for three days without charges, strip-searched him, and forced him to provide DNA samples. He was not allowed to call a lawyer or given a hearing before a judge. Because Reyes was held incommunicado, his family was left to frantically search for him.

Writing in MSN, Frommer explores what happens to the biometric data ICE collected on Reyes.

“In addition to our DNA, the Department of Homeland Security (DHS) has recently and quietly authorized ICE officers to forcibly collect and retain intimate identifiers: our fingerprints and digital images of our faces. Combined with other technologies, the department is creating a general warrant for our persons, the kind of abuse that ignited the American Revolution.

“A DHS document, meant to ensure our privacy, lays out the facts. An app called Mobile Fortify allows ICE and Customs and Border Protection (CBP) officers to photograph and scan anyone they ‘encounter’ in the field, regardless of citizenship or immigration status. If there isn’t a photo match, officers can collect people’s fingerprints, which are then checked against DHS biometric records. Once DHS has that sensitive data, the app feeds it into CBP’s Automated Targeting System – an enormous watch list that merges border records, passport photos and prior ‘encounter’ images. CBP retains every nonmatch photograph for 15 years, meaning that even if you’re an American citizen mistakenly stopped on the street, the government has your biometric records for (almost) a generation.”
​
Congress should investigate and debate this retention of Americans’ biometric records before reauthorizing a single surveillance authority. And PPSA is hopeful that ICE will be forced to explain its unconstitutional detention of George Reyes when it faces his lawsuit under the Federal Torts Claim Act.

​When the narco-dictator of Panama, Manuel Noriega, took refuge in a Vatican diplomatic mission in Panama City after President George H.W. Bush ordered an invasion to topple him in 1989, the U.S. Army hit upon an ingenious, if obnoxious, solution to drive him out the compound and into their arms – Operation Nifty Package. Soldiers blared music at the enclave that included the punk rock interpretation of “I Fought the Law” by the Clash and AC/DC’s percussive “You Shook Me All Night Long.”
 
The songs went on without relief, day and night, until after ten days the sleep-deprived dictator finally turned himself in.
 
Many residents of the Buckhead area of Atlanta can attest to the effectiveness of this form of psychological torture. For two nights, a malfunctioning parking lot security tower at a shuttered Kroger grocery store has been flashing lights, shouting orders and playing music – at decibel levels approaching an air raid siren.
 
That the system is blaring classical music is no comfort. One of its selections is Tchaikovsky’s composition for the ballet, The Sleeping Beauty – an irony not lost on people who haven’t slept in two days.
 
“It’s beautiful when you listen and are looking at a play and it’s on your time,” one man told Atlanta’s 11Alive News. “But when you’re trying to sleep, it’s distracting.”
 
Perhaps you’ve had a taste of this, being startled after emerging from a movie theater late at night when from out of nowhere a flood light turns on. Police lights begin flashing on top of a metal tower. A stentorian voice shouts an order at you: “PLEASE EXIT IMMEDIATELY!”
 
There is a good reason why mobile, parking lot security towers are becoming commonplace in the lots of big box superstores, shopping malls, and grocery stores. These robotic guards keep watch with sensors, fish-eye cameras, see in infrared and regular light, and are equipped with AI to recognize and track human forms. These towers take no bathroom breaks and ask for no pay, but they do watch and record people who might be looking to break into cars, a store, or worse, harm an employee or last-minute shopper as she walks to her car. They can alert a human at a control station, who can call the police.
 
That is a good example of how surveillance can keep us safe. And, on balance, it is a needed public service. But we should also face the music: Surveillance, for good and ill, surrounds us everywhere now. Few people will mourn their lack of privacy in the moment it takes for them to exit a retail outfit to get to their car. But this is also just one more link in the chain of surveillance in which we are being watched inside the store, in the mall, and by license plate readers all the way home.

​When it was recently revealed that Special Counsel Jack Smith used a grand jury subpoena to secretly access the phone records of eight U.S. Senators and one Member of the House, we were outraged.

We quoted Chief Justice John Roberts in Carpenter v. United States (2018) that “this Court has never held that the Government may subpoena third parties for records in which the subject has a reasonable expectation of privacy.”

We’ve also stood fast by the principle that a right is only a right if it has a remedy, which necessarily includes the ability to sue government officials who violate your constitutional rights.

Concerning the spying on Members of Congress, we wrote: “Senators, like everyone else, deserve a reasonable expectation that their phone records are private.”

Why, then, are so many House Republicans and Democrats up in arms about a last-minute provision stuck into the short-term funding bill that President Trump signed on Wednesday night? That provision, now law, allows individual senators to be awarded up to $500,000 in retroactive lawsuits against the government if their data was sought or obtained without them being notified.

Executive branch surveillance of senators is concerning because it directly impacts the independence of the legislative branch, the functioning of democracy, and thus ultimately the rights of us all. But does this have to mean that the rest of us should be treated as chopped liver?

Think about it:
​

• You cannot sue or in any way impede the dozen federal agencies – ranging from the FBI to the IRS and Department of Homeland Security – for purchasing your most sensitive personal digital data and examining it without a warrant.

 

• You cannot sue if the National Security Agency uses the “Make Everyone a Spy” law to ask your gym, office landlord, or church to hand over records of your communications carried by free Wi-Fi systems.

 

• You cannot sue if a federal prosecutor makes a similar intrusion into your phone logs but keeps it secret with a Non-Disclosure Order (NDO).

Only U.S. senators can sue for being improperly surveilled. And the money they can collect now they can stick right into their bank accounts. The Senate in the last Congress refused to join the House in passing the NDO Fairness Act, which would have restricted the government’s currently unlimited ability to issue gag orders to digital and telecom companies to prevent them from telling you that your records have been accessed.

About this last-minute Senate maneuver, Rep. Chip Roy (R-TX) said, “There’s going to be a lot of people, if they look and understand this, are going to see it as self-serving, self-dealing kind of stuff.”

As we approach next year’s reauthorization of FISA Section 702 – a surveillance authority enacted by Congress for foreign surveillance – Congress will have a golden opportunity to debate a number of reforms that can protect the rights of constituents.
​
Remember us?

The Foreign Intelligence Surveillance Court (FISC) and Foreign Intelligence Surveillance Court of Review (FISCR) are anomalies in American law – secret courts. For decades, they issued secret rulings that created novel interpretations of law that the American people were not allowed to know. They remain to this day one-sided courts in which only the government gets to present its case for why it has a valid intelligence reason to spy on people inside the United States.

Little wonder, then, that 99 percent of the government’s requests to spy on “U.S. persons” are granted by FISC. The one provision that allows FISC judges to bring in outside civil liberties experts, or amici, for advice was not used when the court four times permitted the FBI to spy on a presidential campaign and transition. The Department of Justice also failed to inform the court that a rash of applications for surveillance were actually for Members of Congress and staffers who had oversight responsibility for – you guessed it – the Department of Justice.

To bring oversight to this court and to ensure it is not, in fact, a potted plant, Congress in April 2024 passed the Reforming Intelligence and Securing America Act (RISAA). Among RISAA’s provisions was one that allowed select Members of Congress and designated staff to attend and conduct oversight of FISC proceedings.  

Now Senate Judiciary Committee Chairman Chuck Grassley (R-IA) and Ranking Member Dick Durbin (D-IL) have fired off a letter accusing the Department of Justice (DOJ) of derailing this process and curbing oversight.

They write that in the waning days of the Biden administration, DOJ “implemented a policy that requires Members of Congress and their staff to agree to a series of arbitrary and inappropriate procedures before being allowed to attend FISC proceedings, which the Trump Administration has maintained.”

Some of DOJ’s policies and procedures include:

• Prohibiting Members of Congress from sharing information with other Members of Congress and members of their staff;

 

• Restricting Members of Congress from requesting information or documentation from participants of FISC proceedings;

 

• Allowing DOJ staff to remove congressional observers, including Members of Congress, from FISC proceedings at any time and at the sole discretion of DOJ;
• Allowing only a limited number of congressional observers to attend FISC proceedings at any one time;

 

• Prohibiting designated staff from attending the same FISC proceeding as their specified Member of Congress; and

 

• Prohibiting notetaking during proceedings, despite congressional staff’s ability to maintain classified notebooks.

These restrictive rules are idiotic. The objections write themselves.

If Members of Congress cannot talk to anyone else about what they learn – including their staff members who have clearance – what is the point of observing the court proceedings?

Why can’t a Member of Congress and his or her cleared staffer attend together?

Why is the Department of Justice allowed to remove Members of Congress? Isn’t removing people from a courtroom up to a judge?

Above all, how can oversight be conducted if the overseers must promise forever after to forget what they heard and never mention it again – to anyone?

This is all part of a familiar pattern: Congress passes a bold reform that reins in an intelligence community practice. Then the intelligence community parses words and creates new standards out of thin air that geld the new attempt at oversight.

The good news is that RISAA and its provision for congressional attendance of FISC hearings passed only because of leverage provided by the April 2024 reauthorization debate about FISA Section 702, an authority that governs surveillance of foreign spies on foreign soil. The next Section 702 reauthorization debate is set to occur next April.

Congress should make it clear that the Department of Justice must pull back these onerous provisions as one of many preconditions for Section 702 reauthorization.
​
The easiest path to reform would be if President Trump – himself a target of illicit surveillance rubber-stamped by FISC – ordered the Department of Justice to roll back these severe limits on congressional oversight.

​Customs and Border Protection (CBP) has long asserted a right to inspect the contents of the digital devices of Americans returning from abroad. Now, Wired’s Dell Cameron and Matt Burgess report that the recent increase in these invasive practices at ports of entry has caused the number of international visitors to the United States to plummet. They note that while most of these searches are basic, “where agents manually scroll a person’s phone,” deeper, tool-based sweep-searches do occur.
 
In either scenario, refusing to provide a passcode means subjecting oneself to massive delays or even the seizure of one’s device(s). And while digital inspection at the border is not a new trend, it’s a rapidly increasing one.
 
CBP’s own data shows warrantless digital inspections conducted at the border jumped from 8,503 in 2015 to more than 50,000 this year.
 
This accelerating increase of warrantless scanning of digital devices at the border is attracting attention internationally and concern here at home.
​
Four years ago we noted the need for respect for the Fourth Amendment at U.S. borders and entry zones. Sens. Ron Wyden (D-OR) and Rand Paul (R-KY) introduced the Protecting Data at the Border Act, and then renewed their push to pass this initiative. In between, investigative journalist Jana Winter found that CBP was spying on journalists.
 
By that time, the Inspector General of the Department of Homeland Security (DHS) had issued a scathing report on the privacy violations committed by its various agencies – with agents helping themselves freely to Americans’ location histories and other personal data. This was, the IG found, partly because the DHS Privacy Office “did not follow or enforce its own privacy policies and guidance.”
 
And it appears that the agency is still not adhering to its own internal procedures in collecting and retaining Americans’ personal data. On the heels of the phone search story comes another tale of CBP overreach. Only this time, it isn’t about personal devices. Rather, the agency is looking for contractors to build a massive fleet of AI-powered surveillance trucks.
 
Wired reports: “With a fleet of such vehicles, each would act as a node in a wider surveillance mesh.” This is a technical point, but its chilling philosophical ramifications are what strike us most. 
 
Node by node, our government is building a surveillance net to cover the country. This is all the more reason for Congress to use the upcoming debate over the reauthorization of FISA Section 702 in April to subject every element of this emerging surveillance state to long-delayed scrutiny.