​The drafters of the U.S. Constitution could not have imagined Google, Apple, and cell-site technologies that can vacuum up the recorded movements of thousands of people. Still smarting from the British colonial practice of ransacking rows of homes and warehouses with “general warrants,” the founders wrote the Fourth Amendment to require that warrants must “particularly” describe “the place to be searched, and the persons or things to be seized.”
 
Courts are still grappling with this issue of “particularity” in geofence warrants – technology that analyzes mass data to winnow out suspects. Now a federal court in Mississippi has come down decisively against non-particular searches in location-and-time based cell tower data.
 
To reach this conclusion, Judge Andrew S. Harris had to grapple with a Grand Canyon of circuit splits on this question. His opinion is a concise and clear dissection of divergent precedents from two higher circuit courts.
 
Harris begins with the Fourth Circuit Court of Appeals in Virginia in United States v. Chatrie (2024), which held that because people know that tech companies collect and store location information, that a defendant has no reasonable expectation of privacy.” The Fourth Circuit reached its decision, in part, because Google users must “opt in to Location History” to enable Google to track their locations.
 
The Fifth Circuit Court of Appeals in New Orleans took the Fourth Circuit’s reasoning and chopped it up for jambalaya. The Fifth drew heavily on the U.S. Supreme Court’s 2018 United States v. Carpenter opinion – which held that the government’s request for seven days’ worth of location tracking from a man’s wireless carrier constituted an unconstitutional search.
 
This data, the Supreme Court reasoned, deserves protection because it provides an intimate window into a person’s life, revealing not only his particular movements, but through them his “familial, political, professional, religious, and sexual associations.”’ Despite a long string of cases holding that people have no legitimate expectation of privacy when they voluntarily turn over personal information to third parties, the U.S. Supreme Court held that a warrant was needed in this case.
 
The Fifth followed up on Carpenter’s logic with a fine distinction in United States v. Smith (2024): “As anyone with a smartphone can attest, electronic opt-in processes are hardly informed and, in many instances, may not even be voluntary.” That court concluded that the government’s acquisition of Google data must conform to the Fourth Amendment.
 
The Fifth thus declared that geofence warrants are modern-day versions of general warrants and are therefore inherently unconstitutional. That finding surely rattled windows in every FBI, DEA, and local law enforcement agency in the United States.
 
Judge Harris worked from these precedents when he was asked to review four search-warrant applications for location information from a data dump from a cell tower. The purpose of the request was not trivial. An FBI Special Agent wanted to see if he could track members of a violent street gang implicated in a number of violent crimes, including homicide. The government wanted the court to order four cell-service provides to produce data for 14 hours for every targeted device.   
 
Judge Harris wrote that the government “is essentially asking the Court to allow it access to an entire haystack because it may contain a needle. But the Government lacks probable cause both as to the needle’s identifying characteristics and as to the many other flakes of hay in the stack … the haystack here could involve the location data of thousands of cell phone users in various urban and suburban areas.”
 
So Judge Harris denied the warrant applications.
 
Another court in another circuit may have well come to the opposite conclusion. Such a deep split on a core constitutional issue is going to continue to deliver contradictory rulings until it is resolved by the U.S. Supreme Court. In the meantime, Judge Harris – a graduate of the University of Mississippi Law School – brings to mind the words of another Mississippian, William Faulkner: “We must be free not because we claim freedom, but because we practice it.”

​If you are walking the streets of Laredo, Texas, and you withdraw $200 from your account at an ATM, under a new rule your personal identifying information will soon be dispatched to the Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department.
 
The same would happen if you withdrew $200 in 30 zip codes in El Paso, or in Cameron, Hildalgo, Maverick, or Webb counties in Texas, or San Diego and Imperial counties in California.
 
In all, this new regulation announced by the U.S. Treasury Department will require banks to report Americans for the supremely suspicious act of withdrawing $200. These consumers will then become the targets of Currency Transaction Reports along the U.S.-Mexican border.
 
The impetus, says the agency, is “deep concern with the significant risk to the U.S. financial system of the cartels, drug traffickers, and other criminal actors along the Southwest border.” But $200 sounds like a measly threshold for coyotes who charge illegal immigrants thousands to cross the border, and drug cartels that often make deals with barrels of cash. A $200 withdrawal certainly doesn’t sound like a risk to the U.S. financial system – or a likely indication of criminal activity.
 
But it is no surprise that the bureaucracy is taking advantage of President Trump’s reasonable designation of international drug cartels as terrorist organizations. FinCEN has long been at the center of efforts to make financial surveillance of Americans comprehensive.
 
This is the same agency that worked with the FBI to encourage financial institutions across the country to scour their data and file Suspicious Activity Reports without any clear criminal nexus. Suspicious activities that could have made an American a surveillance target under that now-discontinued program included merely shopping at certain stores, like Dick’s Sporting Good or a Bass Pro Shop. Perhaps the feds also included as a basis for surveillance laughing at Jeff Foxworthy jokes – on the theory that if you are buying Dick’s camo shorts, you just might be a redneck.
 
But this is not a joke. More than one million Americans will soon be unable to withdraw a very modest sum of money without being subjected to the same reporting requirements and surveillance risk under the Bank Secrecy Act as those who make $10,000 cash withdrawals in the rest of the country. The larger issue is why any American should be subjected to warrantless surveillance based on withdrawing a dime of his or her own hard-earned money. The basic concept is hard to square with the Fourth Amendment.
 
This is a dispiriting sign that the financial surveillance of the American people continues and even increases unabated. Nicholas Anthony of CATO, who broke this story, noted that Americans were upset when the previous administration lobbied Congress for the authority to surveil bank accounts with just $600 in activity. While that law never passed, Treasury’s new rule now subjects one million Americans living in a wide swath of the country to surveillance at just a third of that amount.
 
Perhaps the best withdrawal would be a revocation of this new rule.

​Here's a philosophical question for you: If no one searches for the information stored in a database, does that mean the information doesn't exist? It may be right there – where Column 32 meets Row 743 – but if no one has executed a search, has it been “found” or “seen” yet? Does it even exist? Now hang on to that curious idea for a moment and we’ll circle back.
 
Recall that we recently commended the nonprofit periodical Cardinal News for publishing an investigative series on the growing use of surveillance technology by local police in Southwestern and South Central Virginia.
 
As part of their investigation, Cardinal News drove through nearly 20 cities, towns, and counties, then used Virginia’s Freedom of Information Act (FOIA) to request the video surveillance data of their vehicle. And what was the result of these FOIA requests?
​

• Three entities complied in a timely manner.
• Two declined the requests.
• Several asked for more time (as the law allows).
• And two are taking them to court.

The city of Roanoke and the Botetourt County Sheriff want the City Circuit Court to rule whether they “really have to” provide the data Cardinal News requested. In their complaint, Roanoke and the Botetourt Sheriff make three less-than-compelling arguments:

1. Virginia’s FOIA statute says that new records do not have to be created in order to comply with a request. The plaintiffs claim that executing a search to find the requested information equates to creating a new record – and therefore they don’t have to do it. As we said at the beginning, what a curious idea. It seems to us that a search doth not a record make. Like the sound of the proverbial falling tree in the forest, the record in the spreadsheet already exists whether or not it’s looked at. One hopes, of course, the City Circuit Court will recognize this fallacy for what it is when it takes up the case this month.
   
   
2. The government plaintiffs define all license plate data as “investigative” – by default. Conveniently, they claim their contract with Flock Safety (who owns the cameras and stores the data) prohibits them from performing non-investigative searches. It may be that Roanoke and the county sheriff are anticipating a law that does not go in effect until next year. The recent Virginia statute that allows the use of these camera systems expressly exempts such data from being subject to FOIA requests: “System data and audit trail data shall not be subject to disclosure under the Virginia Freedom of Information Act.” But that’s next year, and this is now.
   
   
3. The government plaintiffs are also arguing that fulfilling FOIA requests (at least in Virginia) is a felony under state law – at least when a computer and any personally identifiable information is involved. This approach strikes us as a dubious read of the actual statute, which applies only when someone uses a computer to effect “material artifice, trickery or deception” (Virginia Code § 18.2-152.5:1). Giving the sheriff your license plate number and asking to see when and where you were being recorded is not going to send the responding official to prison.

A final note: As Cardinal News points out, Virginia law says computers can’t be used to gather identifying information – i.e., account numbers, credit card numbers, biometric data, fingerprints, passwords, or other truly private information. “That’s what the statute is protecting,” the newspaper argues. In other words, the law is not meant to protect you from your own license plate number.
 
Where does such chutzpah come from? This FOIA response perhaps shows that local government is learning from the mental gymnastics and rhetorical sleights-of-hand that federal agencies have mastered in fobbing off lawful requests.
 
We look forward to seeing how these too-clever-by-half arguments will fly in front of a Virginia judge. Stay tuned.

​It seems that China is excelling of late in the artificial intelligence arena, and we’ll cover two such instances today.
 
The first is the launch of the game-changing large language model DeepSeek, which turned its Western competitors on their ears. Faster, less expensive, and more customizable than the rest, it is also brazenly forthright about its lack of privacy protections. As Zak Doffman of Forbes points out in his cybersecurity analysis of DeepSeek, buried deep within the product’s Privacy Policy are declarations like this: “The personal information we collect from you may be stored on a server located outside of the country where you live. We store the information we collect in secure servers located in the People's Republic of China.”
 
As for what they collect, specifically, Doffman says they are unambiguous: everything. See for yourself in detail.
 
And to think we worried about TikTok. “Just ask what a powerful AI engine in state hands could do with all that personally identifiable information,” Doffman muses. “This is strategic in a way TikTok never was.”
 
The second instance of this “you can’t spell CHINA without an ‘A’ and an ‘I’” moment is an update on a phenomenon about which Kay Firth-Butterfield, CEO of Good Tech Advisory, recently reminded us: China is building the AI that powers your children’s toys.
 
From robotic pets to interactive storytelling dolls to remote-control vehicles, as a market segment, AI toys are on target to grow to $40 billion in the next seven years. Laurent Belsie of The Christian Science Monitor found himself casting a wary eye on the whole scene as Christmas approached last year. Some of the growth will be obvious – last year it was Poe the AI Story Bear – but Belsie reports that within two years many makers will have stealthily added AI capabilities to their existing toys.
 
What does all of this have to do with China? Upwards of 80 percent of the world’s toys and their components are currently manufactured there. So when AI comes for (er, to) your children’s toys, it’s likely to be of Chinese design as well. And all that data generated by interactive, conversational – even potentially camera-based – AI toys have to be stored somewhere, as experts like Firth-Butterfield and others remind us. Where, exactly, is increasingly coming into focus.
 
It’s one thing if adults are profligate with their own data (downloading DeepSeek so quickly that it became the top free app on iTunes within a week of its release, for example). It is another when it comes to privacy of children.

​We’ve long followed reliance on stingrays by federal, state, and local law enforcement. These are devices that simulate cell phone service towers to fool nearby devices into connecting and giving up everything – texts, calls, emails, and more, along with the location of the cellphone and information about the user/owner.
 
Law enforcement uses stingrays to target specific criminals, but the problem is – as is so often the case with surveillance technologies – the data of everyone in the vicinity gets swept up, including that of peaceful protesters. These sweeps pose a direct threat to the most precious rights Americans have – the First Amendment rights to free speech and to petition the government for a redress of grievances. Protests are not some Sixties-style fad that never went away. The right to protest is as home-grown as the Boston Tea Party, the Million Mom March, and the March for Life.
 
Yet there are numerous reports of stingrays and similar technologies being used by authorities to clandestinely spy on large-scale public protests. Most disturbing is the insistence by the FBI to keep any use of a stingray in specific cases a state secret. Based on documents obtained through PPSA Freedom of Information Act requests, we know that the FBI has used nondisclosure agreements to force local jurisdictions to hide the fact whenever stingrays are used, even in open court.
 
Now, thankfully, the Electronic Frontier Foundation has gone beyond protesting and filing court briefs to work with technologists willing to roll up their sleeves and get out the soldering iron. EFF is presenting an open-source tool to help detect stingray use. The aptly named Rayhunter will set you back only about $30, which is the cost of the hardware, the Orbic RC400L hotspot you’ll need (check Amazon, eBay, or any of your geeky uncles). Once in hand, simply follow the instructions on EFF’s open-source Rayhunter website.
 
As the Rayhunter gets out into the market, protesters of all stripes will be able to know if their First Amendment-protected activities are being surveilled – and to livestream the results.
 
Other steps should be taken by FBI Director Kash Patel or by Congress. Director Patel or Congress should mandate full disclosure about the origin of all evidence collected by a stingray and presented in court against a criminal defendant. Every American has the right to face his or her accuser and be confronted with the evidence against them, even when that evidence is digital and the result of proprietary technology.
 
For now, let us applaud the Electronic Frontier Foundation for giving Americans the all-too-rare chance to answer the question, “Am I being surveilled?” At the very least, Americans engaging in their First Amendment-protected right to protest can know if the government is turning their own phones against them.

​As we’ve reported, the Corporate Transparency Act (CTA) requires owners of America’s 33 million small businesses to report detailed personal data on anyone with at least a 25 percent stake in their company. This law represents that most dangerous of all mixtures – overreach and nonsense.
 
The stated purpose of this law is to catch crooks. So the ownership disclosure requirement in effect says:
 
“Dear Terrorist (or Cartel Member or Money Launderer), would you kindly tell us who owns at least 25 percent of your company? Having this information would make building a case against you so much easier.
So please check this box if you’re a criminal – Sincerely, the Feds.”
 
Such unassailable logic reminds us of the old standup routine that advises people to check their closets before bedtime for a possible axe murderer while he’s still hiding. Do that and you will be safe... somehow.
 
Fortunately, CTA’s days may be numbered. Rep. Warren Davidson (R-OH) has re-introduced what he calls the “Repealing Big Brother Overreach Act.” (A better name might be “Repealing the ‘Do You Think Criminals Are That Stupid Act’?”)
 
Not only does the Corporate Transparency Act fail to accomplish what it sets out to do (catch criminals), it also targets a completely irrelevant group in the process – the average American small business owner, forcing him or her to register with a massive federal database that can be accessed without a warrant. Your local barbershop, accountant’s service, and gym are the targets. Big businesses, financial entities, and more are exempt from CTA’s provisions, which only threatens small business owners with large fines and two years in prison if they don’t comply.
 
It doesn’t make sense that you can stop terrorists, drug dealers, and money launderers by going after honest small businesses. If this “beneficial ownership” provision ever went into effect, it is highly likely that the first fines and prosecutions would be against honest business owners who missed the filing deadline rather than a terrorist or money launderer.
 
PPSA believes that the government’s insatiable hunger to track ordinary Americans is the real intent behind this law. This is all in keeping with the recent extension of surveillance over Americans’ financial transactions. In the meantime, and thanks to a flurry of back-and-forth court rulings (see our filing before the 11th Circuit Court of Appeals) as well as new guidance from the Treasury Department, reporting beneficial ownership information is currently voluntary. As of today, no penalties will be associated with failing to report.
 
Treasury is also recommending a rule revision that limits the reporting requirements to foreign entities only. The stars seem to be aligning in favor of Rep. Davidson’s bill, with Alabama Republican Tommy Tuberville sponsoring it in the Senate. If this bill makes it to the Resolute Desk, President Trump is all but certain to sign it.
 
But now is the time to keep the pressure on. Let your representatives in the House and Senate know that you support the “Repealing Big Brother Overreach Act.”

​Americans value privacy in the marketplace when we vote with our dollars no less than when we go behind the curtains of a polling booth.
 
Now imagine if every dollar in our possession came with an RFID chip, like those used for highway toll tags or employee identification, telling the government who had that dollar in their hands, how that consumer spent it, and who acquired it next.
 
That would be the practical consequence of a policy proposal being promoted now in Washington, D.C., to enact a Central Bank Digital Currency (CBDC). Some have recently asked Congress to attach such a currency to the Bank Secrecy Act, to enable surveillance of every transaction in America.
 
Such a measure would end all financial privacy, whether a donation to a cause, or money to a friend. “If not designed to be open, permissionless, and private – resembling cash – a government-issued CBDC is nothing more than an Orwellian surveillance tool that would be used to erode the American way of life,” said Rep. Tom Emmer (R-MN).
 
This would happen because CBDC is a digital currency, issued on a digital ledger under government control. It would give the government the ability to surveil Americans transactions and, in the words of Rep. Emmer, “choke out politically unpopular activity.”
 
The good news is that President Trump is alert to the dangers posed by a CBDC. One of his first acts in his second term was to issue an executive order forbidding federal agencies from exploring a CBDC.
 
But the hunger for close surveillance of Americans’ daily business by the bureaucracy in Washington, D.C., is near constant. There is no telling what future administrations might do. Rep. Emmer reintroduced his Anti-Surveillance State Act to prevent the Fed from issuing a CBDC, either directly or indirectly through an intermediary. Rep. Emmer’s bill also would prevent the Federal Reserve Board from using any form of CBDC as a tool to implement monetary policy. The bill ensures that the Treasury Department cannot direct the Federal Reserve Bank to design, build, develop, or issue a CBDC.
 
Prospects for this bill are good. Rep. Emmer’s bill passed the House in the previous Congress. It doesn’t hurt that Rep. Emmer is the House Majority Whip and that this bill neatly fits President Trump’s agenda.
 
So there is plenty of reason to be hopeful Americans will be permanently protected from a surveillance currency. But well-crafted legislation alone won’t prevent the federal bureaucracy from expanding financial surveillance, as it has done on many fronts. PPSA urges civil liberties groups and Hill champions of surveillance reform, of all political stripes and both parties, to unite behind this bill.

​We’re not sure which is most disconcerting: that Meta has a division named Global Threat Disruption, that their idea of said global threats includes deepfake celebrity endorsements, or that this has become their excuse to reactivate the controversial facial recognition software they shelved just three years earlier (so much for the “Delete” key).

Meta has relaunched DeepFace to defend against celebrity deepfakes in South Korea, Britain, and even the European Union. “Celeb-baiting,” as it’s known, is where scammers populate their social media posts with images or AI-generated video of public figures. Convinced that they’re real – that Whoopi Goldberg really is endorsing a revolutionary weight loss system, for example – unwitting victims fork over their data and money with just a few clicks. All of which, according to Meta, “is bad for people that use our products.”

Celeb-baiting is a legitimate problem, to be sure. We’re no fans of social media scammers. What’s more, we know full well that “buyer beware” is meaningless in a world where it is increasingly difficult to spot digital fakes. But in reviving their facial recognition software, Meta may be rolling out a cannon to kill a mosquito. The potential for collateral damage inherent in this move is, in a word, staggering. Just ask the Uighurs in Xi’s China.

Meta began tracking the faces of one billion users, beginning in 2015. And initially, it didn’t bother to tell people the technology was active, so users couldn’t opt out. As a result of Meta’s sleight of hand, as well as its own strict privacy laws, the EU cried foul and banned DeepFace from being implemented.

But that was years ago … and how times have changed. The privacy-minded Europeans are now letting Meta test DeepFace to help public figures guard against their likenesses being misused. But can regular users be far behind? Meta could rebuild its billion-face database in no time.

For its part, the U.K. is courting artificial intelligence like never before, declaring that it will help unleash a “decade of national renewal.” Even for a country that never met a facial recognition system it didn’t love, this feels like a bridge too far.

We have written about the dangers, both real and looming, of a world in which facial recognition technology has become ubiquitous. When DeepFace was shelved in 2021, it represented an almost unheard-of reversal, in effect putting the genie (Mark Z, not Jafar) back in the bottle.
​
That incredibly lucky bit of history is unlikely to repeat itself. Genies never go back in their bottles a second time.

​“We are open for business,” declared Beth Williams, the only board member currently serving on the five-seat Privacy and Civil Liberties Oversight Board (PCLOB). “Our work conducting important oversight of the intelligence community has not ended just because we are currently sub-quorum.”
 
A more accurate description for the board would be “solum unum.” One of the first acts of the Trump Administration was to fire the Democratic PCLOB members, leaving Republican Williams by herself.
 
Perhaps anticipating this, PCLOB’s board members shortly before the election adopted new rules that would allow any remaining board members – aided by the body’s professional staff of lawyers, policy analysts, and technologists – to continue to publish its recommendations to the intelligence community, and to share those with Congress and the public.
 
In a recent speech, Beth Williams spelled out commendable goals for ongoing efforts for her PCLOB of one.
 
Censorship: “Tying disfavored speech to counter-terrorism paves the way for censorship under the guise of national security,” Williams said. She complained that the Department of Homeland Security under Secretary Alejandro Mayorkas had been slow in responding to her requests for detailed information about the activities of the department’s Orwellian-sounding “Disinformation Governance Board.” Williams added: “I am hopeful that our renewed efforts with the current Administration will yield more transparency.”
 
Facial Recognition in Airports: Williams promises to weigh the operational benefits of this technology with concerns about privacy and civil liberty concerns.
 
Debanking: As with censorship, Williams says she is concerned about the government conflating “disfavored persons” with terrorism, leading to the “debanking” of people and organizations.
 
The Consolidated Audit Trail: Without any statutory basis, the Securities and Exchange Commission under former Chairman Gary Gensler assembled a database that monitors the identity, transactions, and investment portfolios of everyone who invests in the stock market. “Government surveillance of Americans’ financial activities – especially in the name of counter-terrorism – is ripe for oversight,” Williams said.
 
Section 702: PPSA has long worked to make sure that the Fourth Amendment’s warrant requirement applies to Americans whose communications are incidentally caught up in Section 702 of the Foreign Intelligence Surveillance Act.
 
But Williams and her former colleague Richard DiZinno dissented from PCLOB’s Democratic majority support for a warrant requirement in 2023.
 
Williams has previously called for “structural and cultural reforms” to the way in which the FBI accesses Americans’ information. The FBI has since tightened Section 702 querying procedures, and Congress has enacted reforms increasing the FBI’s reporting requirements to Congress. Williams appears content that these changes are enough to rest easy on Section 702.
 
We disagree. The FBI reviewed Americans’ communications 3.4 million times a few years ago, and more than 200,000 times in the most recent report. The bureau has accessed the personal information of Members of Congress, political donors, and journalists without a warrant.
 
“Is 200,000 warrantless queries better than 3.4 million warrantless queries?” Elizabeth Goitein of the Brennan Center for Justice’s liberty and national security program said to The Washington Post in 2023. “When you ask the question, you get a sense of how warped the universe we’re in is – that somehow 200,000 warrantless searches a year are an acceptable number.”
 
At the very least, we hope Williams will see that this is a valid perspective. PPSA hopes that that Beth Williams – lacking peers as sounding boards – will reach out to the civil liberties community to hear the perspectives and the questions that would have come from her departed peers.
 
Board Member Williams, can we meet?

​Harvard fellow Timothy Massad recently told Congress that policymakers need to “creatively rethink” how to fold in cryptocurrencies into the surveillance of the Bank Secrecy Act and its reporting requirements of customers’ transactions to the government.
 
Nicolas Anthony in a CATO blog notes:
 
“The problem dates back to the 1970s. The Supreme Court dealt a major blow to privacy with what is now commonly called the third-party doctrine. In short, the court held that so long as a third party is involved (e.g., a bank or credit union), customer records are not protected by the Fourth Amendment. However, to the extent third parties are not present, the Fourth Amendment should still apply.
 
“This detail is important because there is no third party involved if a cryptocurrency is decentralized and exchanged with a self-hosted wallet. Given that Supreme Court justices have expressed concern over their original considerations of both the Bank Secrecy Act’s reporting requirements and the third-party doctrine, it’s hard to imagine how surveilling of transactions between two individuals without a warrant does not run afoul of the protections guaranteed by the Fourth Amendment.
 
“It may seem like a fine line, but Congress should keep this distinction in mind. Financial surveillance should be pared back, not extended further. And in the end, that means strengthening financial privacy for both traditional finance and emerging finance, alike.”

​From a risk perspective, facial recognition software is a mixed bag of good and bad outcomes. It has helped capture bank robbers, rapists, and murderers. Yet it is disproportionately bad at accurately identifying people of color and women of color in particular, leading police to arrest the wrong people. And above all, it is by definition a broad surveillance tool fundamentally at odds with the concept of individual liberty. Even the Government Accountability Office is worried, issuing two reports to assess risks and make recommendations.
 
In late 2023 GAO wrote:
 
“The use of facial recognition technology for criminal investigations presents unique questions about civil rights and civil liberties. For example, civil liberties advocates have noted that the use of facial recognition at certain events – such as protests – could have a chilling effect on individuals’ exercise of their First Amendment rights.”
 
Americans who care about their Second Amendment rights should be equally worried about this technology. The connection isn’t as obvious as it is with free speech, but the math works. Imagine:
 

1. You attend a rally in support of the Second Amendment.
2. The ATF and state police are there too, in disguise. They secretly work the crowd and pickpocket the wallets of everyone in attendance.
3. They then use the pickpocketed driver’s licenses to identify the attendees.

 
Oh, wait. The ATF and state police can’t pickpocket IDs because that would be a crime. But let’s try a slightly a different formulation:
 

1. You attend a rally in support of the Second Amendment.
2. The ATF and state police use facial recognition technology to identify everyone in attendance.
3. They then cross-reference the list of rally attendees with various gun registries to develop a short list of attendees who own firearms.
4. Worried about being on various lists, you eventually stop going to Second Amendment rallies.
5. If state or federal authorities decide to confiscate civilian weapons, they have a pre-constructed database ready to (ab)use.

 
Two scenarios. Both unconstitutional. Yet one is perfectly legal. The very use of facial recognition software is tantamount to having our wallets and IDs physically stolen. Somehow we have become inured to the difference.
 
“A search engine for faces,” is how Clearview.ai founder Hoan Ton-That cheerily described his company’s software to CNN Business. Clearview’s 50+ billion images, scraped from the Internet without anyone’s permission (do you recall being asked?) has been used by more than 2,000 organizations in 27 countries – including the Marshals Service, FBI, and ATF. Thank God none of those agencies have any interest in guns.
 
Oh, wait.
 
By the way, if you ever visit Clearview’s website, we recommend you decline all cookies.

​Robots employed for law enforcement is an area in which the need for transparency seems obvious. Yet the actual uses of robotic technologies are often withheld by local governments. In New York City, for example, disclosure of public safety tech was supposed to happen routinely following the 2020 passage of the City Council’s Public Oversight of Surveillance Technology (POST) Act.

Yet public advocacy groups still have to rely primarily on freedom of information laws to bring surveillance capabilities to light.

One such group recently won yet another hard-fought freedom-of-information confession. So what has the NYPD been up to lately, surveillance-wise? Robots and more robots. PPSA has written before about the surveillance implications of robotics, which now seems to be an increasingly popular choice among technocrats.

On the surveillance manifest(o) this time:

• an unmanned submersible
• pricey upgrades to an already-pricey robot dog
• a canine-mounted camera system (using actual dogs)
• an autonomous security robot
• more drones than you can shake a roman candle at

If this were Gotham and these were Batman’s toys, that’s a movie we’d all want to see. But it’s not, so it behooves us to pay close attention. Let’s give particular notice to that robot dog for a moment. The previously disclosed “Digidog” robot apparently got $139,000 worth of surreptitious upgrades, including the ability to laser map any room it enters (and to grab things).

That autonomous security robot (named K5 since it clearly is not a dog), was apparently only used to serenely “patrol,” bobby-like, a section of the Times Square subway station. Thank goodness it hasn’t yet intercepted transmissions from its Chinese cousin, RG-T, or it might learn how to scan faces, spray tear gas, and fire grenades. K5 is a mere toddler that needs human handlers. Xi’s Chinese subjects aren’t so lucky. RG-T’s algorithms dish out judgment and justice of their own volition. As we’ve cautioned before, a “military-civilian fusion” of policing hardware is straight out of the Chinese Communist Party’s playbook. Today’s K5 can easily become next year’s RG-T. All it takes is a few undisclosed upgrades.

Want to know more about the use cases for the items listed above?

So would everybody. You can start preparing your FOIA now. According to critics, NYPD’s reporting on such acquisitions is perennially fuzzy at best. Perhaps police-captain-turned-mayor Eric Adams feels he doesn’t need to formally document them since he sometimes touts such technologies at carefully choreographed events in venues like Times Square. Take those drones for instance; their proliferation is ongoing and as enshrouded in mystery as ever.

All of which is why, according to some groups, the POST Act desperately needs reform given that it presently asks for little more than a basic accounting in the name of transparency.

“It’s the floor and not the ceiling,” said City Council sponsor Vanessa Gibson. But as they did with the original, the NYPD is likely to oppose any changes based on some specious version of “compromising security.”

But, we can’t help asking, exactly whose security is at risk of being compromised?

To quote a line from the 1987 classic RoboCop: “A machine does not know what it feels like to be human. It can’t understand the value of human life.”

​A letter from Tulsi Gabbard, the new director of national intelligence, in response to a recent letter from Sen. Ron Wyden (D-OR) and Rep. Andy Biggs (R-AZ), is a good sign that the new boss is not the same as the old boss.
 
What is most remarkable about Director Gabbard’s letter is that it exists and is a prompt response. Many letters from Members of Congress in the past seemed to disappear into interstellar space. Or, when the government did deign to answer them, it was often with the overcautious double-speak that avoids avoid promises and commitments or even judgment.
 
Gabbard’s reply to Sen. Wyden and Rep. Biggs is prompt, direct, and actually responsive to the concerns of these two critics of surveillance abuse. She speaks directly about the secret order issued by the UK Home Secretary instructing Apple to create a back door capability in its iCloud feature that would allow the British government to access the personal data of any customer in the world.
 
Gabbard writes that the UK government did not inform her office of this order, which seems like an astonishing breach of protocol for a “Five Eyes” ally with which the United States shares mutual intelligence. Gabbard refers to the UK’s Investigatory Powers Act of 2016, also known as the “Snoopers’ Charter,” which allowed London to gag Apple from voicing its concerns, even secretly with the U.S. government.
 
As a result of the UK’s pressure on Apple, Gabbard says she has:

• Assigned a senior intelligence community officer to work with the director’s Office of Civil Liberties, Privacy, and Transparency, as well as the office that deals with external partners, to discover all the implications of the UK’s secret surveillance order.

 

• Dispatched government lawyers to investigate the secret order in light of the bilateral CLOUD Act agreement. That agreement, Gabbard writes, forbids the United Kingdom from issuing “demands for data of any U.S. citizens, nationals, or lawful permanent residents (‘U.S. persons’), nor is it authorized to demand the data of persons located inside the United States.”

Gabbard further writes:
 
“Any information sharing between a government – any government – and private companies must be done in a manner that respects and protects the U.S. law and the Constitutional rights of U.S. citizens.”
 
She closes her letter by referring to obligations to protect “both the security of our country and the God-given rights of the American people enshrined in the U.S. Constitution.”
 
Missing from Director Gabbard’s letter is the oblique and lawyerly tone of past administrations. We applaud Gabbard for her responsiveness and encourage her to continue to break with her predecessors in a new spirit of openness and a real concern for Americans’ constitutional rights.

​Credit Rep. Anna Paulina Luna (R-FL) for leading a task force of the House Oversight Committee to declassify federal secrets, including files concerning the assassinations of John F. Kennedy, Robert F. Kennedy, and the Rev. Martin Luther King Jr. The scope of Rep. Luna’s inquiry, approved by committee Chair James Comer (R-KY), will also examine the reach of Jeffrey Epstein’s vile activities, as well as government records on unidentified aerial phenomenon.
 
We urge Chairman Comer, Rep. Luna, and the other members of her task force to consider including in their declassification task force another matter of deep interest to the American people – key facts that reveal the extent of the American surveillance state and, especially, the extent to which it surveils Americans.
 
Digital Data Purchases
 
One area ripe for investigation is the common government practice of purchasing the personal digital data of Americans, scraped from apps and sold by data brokers. The FBI, IRS, Department of Defense, and Department of Homeland Security routinely buy our most sensitive and personal information and examine it without a warrant.
 
We urge Rep. Luna to work to unearth:

• The identity of the data brokers, foreign and domestic, who sell Americans’ information to the government.

 

• Estimates of the number of individual Americans whose personal information is purchased.

 

• The categories of purchases made that give the government access to our familial, romantic, professional, religious, and political associations.

What Is the Proposed “Fix” in the “Make Everyone a Spy” Law About?
 
Another area that cries out for transparency was the subject of a measure passed by Congress last April, which is widely called the “Make Everyone a Spy.” This law broadens the definition of an “electronic communications service provider” to practically any business or house of worship that offers free Wi-Fi. Falling under this definition obligates a business to secretly spy on its customers for the National Security Agency.
 
At the time of passage, Congress promised to narrow the scope of this law to types of companies defined in rulings by the Foreign Intelligence Surveillance Act (FISA) Court that were previously excluded from this law. This fix was nixed in the House, leaving the most expansive version of the law imaginable, hence the popular moniker – Make Everyone a Spy.
 
These companies are widely believed – and even hinted at in open debate on the Senate floor – to be providers of cloud storage.
 
We urge Rep. Luna and her colleagues to work to make public the nature of the proposed legislative fix. Such a disclosure would inform future debate in Congress over the scope of this ECSP provision, which has enormous implications for Americans’ privacy.
 
Topline Numbers on FISA Section 702
 
Yet another area that needs greater transparency is the impact of government surveillance under FISA Section 702. This law was enacted by Congress to enable surveillance of foreigners on foreign soil. But in recent years it has been used to search for the communications of millions of Americans “incidentally” caught up in this foreign surveillance program.
​

• We urge Rep. Luna to dig out the number of Americans who have had their communications searched under FISA Section 702 by the FBI.

This information is essential for an informed debate when Congress next considers the reauthorization of Section 702 in early 2026.
 
Spying on Members of Congress
 
There are also clear signs the intelligence agencies have spied on Members of Congress by “unmasking” their identities in foreign communications, and possibly examining their communications by tapping into the “upstream” backbone of the internet.
 
We urge Rep. Luna to:
​

• Work to release records on the “unmasking,” “upstreaming,” or purchasing of personal data by the NSA, CIA, or FBI of 48 current and recent members of committees with oversight responsibilities over the intelligence community, ranging from Marco Rubio to Devin Nunes, and Elise Stefanik.

Years of Freedom of Information Act requests and subsequent lawsuits by our organization and our civil liberties peers have rarely been met with substantive answers. There is no reason why the Congress and the American people do not already know the answers to these questions, none of which would compromise national secrets or intelligence “sources and methods.”
 
Chairman Comer, Rep. Luna, and the other members of the task force have a priceless opportunity to use their deep dive into the government’s sea of secrets to inform Congress and the American people of the nature and extent of federal surveillance of Americans.

​When CNN last week filed a Freedom of Information Act (FOIA) request asking for details about the Department of Government Efficiency (DOGE) and who has been granted access to sensitive or classified government documents, the news organization says it received an anonymous response from an Office of Personnel Management email account.
 
“Good luck with that,” the reply said, “they just got rid of the entire privacy team.”
 
So how outraged are we as a civil liberties organization that often files FOIA requests over the firing of very people who process our requests?
 
Not very. To be candid, PPSA has a higher level of concern over the change of the New York Yankees’ facial-hair policy, although we are split internally between a pro-beard and anti-beard faction.
 
The reason for our insouciance is that while privacy personnel in government offices scrupulously acknowledge receipt of our filings, the follow-up is always a ramshackle mess usually leading to a dead end. Deadlines mandated in statute are routinely ignored. And when the government does deign to answer us, it comes back with something called a “Glomar response.” This is a judicially created doctrine from the 1970s – created in response to reporting on the CIA’s recovery of a sunken Soviet submarine with nuclear-tipped missiles – that allows agencies to issue a non-response response.
 
Glomar responses, once uncommon, are now the boilerplate answer for most of our FOIAs.
 
This happened most recently when PPSA filed a FOIA request asking the National Security Agency to produce records showing how much money it spent buying Americans’ personal digital data, the size of the dataset purchased, and the sources of the data.
 
In July, NSA gave us a classic Glomar response, that it cannot disclose “the existence or non-existence” of the requested information. The government usually shrugs off our lawful requests for information by issuing a Glomar response.
 
When we sought dollar amounts of NSA spending on purchases of Americans’ personal information, and who is selling it to them, the NSA’s Glomar response also included a statement that it had not performed a records search – as required by the FOIA law. Riddle me this: How did the NSA know that these documents merited the hush-hush, top-secret Glomar response, previously reserved for the recovery of Soviet nuclear tipped missiles, if the agency didn’t even search for them?
 
Another one of our FOIA requests: We asked the government to reveal top-line facts about purchases about surveillance of Members of Congress who served on committees with oversight of the intelligence communities?
 
Glomar response.
 
Another one: Can the government reveal how many times it has “unmasked” – or internally identified – Members of Congress caught up in foreign communications?
 
Glomar response.
 
And then there is this middle-finger response from the Department of Justice to another one of our FOIA requests. They sent us 40 completely redacted pages to a FOIA request, with only one line unredacted: “Hope that’s helpful.”
 
We are sorry people in the privacy offices of the government are losing their jobs. We appreciate that they don’t make policy, just execute it, although that responder at Justice – who didn’t have the guts to sign his or her name – should probably find employment elsewhere, preferably a junkyard. We hope the rest of these government employees will be happier in public or private-sector jobs that actually do something for somebody.

Apple just killed its encrypted services enabled by its Advanced Data Protection tool in the United Kingdom rather than allow the British government to use it as a warrantless spy device on customers worldwide.
 
Forced into this action by a draconian government order, Apple’s action will remove a widely used service from the hands of millions of British customers. Encryption allows users to maintain the same level of privacy they would expect in a private conversation. This privacy allows victims to hide from stalkers, women and children to report abuse, dissidents to communicate around tyrants, and people to keep snoopy government out of their lives.
 
The Backstory
Apple designed its Advanced Data Protection with end-to-end encryption so well that the company itself doesn’t have the ability to review a customer’s items stored on iCloud such as their notes, images, text message backups, and web bookmarks. Only customers can decrypt their own data.
 
Two weeks ago, the UK Home Office ordered Apple to build a backdoor to grant the British government access to users’ data under the UK Investigatory Powers Act. Worse, the order demanded that Apple provide a backdoor to global communications, giving British investigators access to the private data of Americans and everyone else. Apple’s action appears to prevent that expansion to global surveillance.
 
PPSA’s Statement
Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee, issued this statement:
 
“It is a shame that the law-abiding citizens of the United Kingdom will lose access to a well-regarded encryption system because the British government does not respect their right to privacy. People who are able to keep their personal and business records and financial transactions protected by using encryption are far safer and prevent far more crime than if anyone, including well-meaning but inevitably careless governments, have so-called back-door keys that eventually always fall into the wrong hands. Thank goodness Americans have a Bill of Rights to protect their freedom. We must never take it for granted.  
 
“The British people should demand nothing less from a disrespectful government.”
​

​Congratulations FBI Director Kash Patel on your confirmation by the U.S. Senate.
 
In your nomination hearing, you brought a refreshing new tone that was notably lacking in the patronizing and reticent responses of your predecessor. You spoke of the more than 200,000 improper queries of American citizens under FISA Section 702 as “255,000 reasons why the American people don’t trust” the FBI.
 
Your willingness to discuss the FBI’s intrusion into Americans’ privacy prompted Sen. Mike Lee (R-UT) to exclaim, “Music to my ears. You are the very first FBI director or FBI director nominee who when asked about this hasn’t said, ‘Oh, don’t worry about it. We’ll handle it okay. We’ve got good people on the inside. We would never breach the trust of the American people.’ Do you know what? They were lying …”
 
Can you please allow your new tone to set a new direction at the FBI?
 
The FBI has routinely used Section 702 as a catch-all for investigating domestic crimes and snooping into the privacy of 19,000 donors to a congressional campaign, the private data of a U.S. Senator and a U.S. House Member, as well as a state judge and a local political party.
 
Now that you are heading for FBI headquarters at 935 Pennsylvania, N.W., we urge you to:
​

• Reveal the annual numbers of U.S. person queries (along with the numbers of any actual probable cause warrants) under Section 702 and tell us how many were for domestic crimes not related to spying and terrorism.

 

• Disclose the amount of dollars the FBI spends on purchasing the digital data of Americans, the data brokers this data is purchased from, and the investigative justification for these data purchases by category.

 

• Pledge to restrict the broader definition of “electronic communications service provider” to providers of a segment widely believed to be companies that store data in the cloud.

 

• Continue, with Attorney General Pam Bondi, a commitment made by the former attorney general in a letter to Senate leaders that the expanded “electronic communications service provider” authority will only be used to close a technical gap to fill a critical intelligence need.

 

• Refrain from extending this secret-surveillance-on-demand for any kind of business that offers free Wi-Fi to its customers.

 

• Declassify the nature of this “technical” gap? (Everyone already knows it is about cloud computing – so can Congress please be allowed to openly discuss this?)

 

• Support Sen. Mark Warner’s pledge that the narrowing of this authority must be included in legislation.

​
We welcome your fresh perspective and critical outlook at the FBI. Waiting for you in your office will be a few tons of baggage left over from prior directors who played word games with Congress and stretched every tiny gap into a loophole, and every loophole into a canyon.
 
If you can change that tradition, you will be setting up the FBI for great things in the future.

​It is always refreshing to thumb through a court opinion that reads like an Elmore Leonard novel. For example, in a recent opinion of the Eleventh Circuit Court of Appeals, one defendant is also known as “a.k.a. Baldhead, a.k.a. Ball Head.” And the opinion contains numerous references to whether “a cup of ice” is code for an ounce of meth, and to extensive evidence presented in court – guns, money, dope, a gold necklace seized from a home – that could provide props from Netflix’s Narcos.
 
Our guess is that the several defendants in this case, whose convictions were mostly upheld by the court, did not earn enough merit badges to become Eagle Scouts. But they are still Americans with constitutional rights. And, for the good of us all, they should get the same protections of the Fourth Amendment as the rest of us.
 
Did they?
 
Here are the facts: The home of one Rolando Williamson in Birmingham, Alabama, was persistently surveilled by pole cameras from October 2018 through August 2019. The cameras warrantlessly recorded the comings and goings of Williamson and his visitors nonstop, including his front and back yards – the area often referred to in Fourth Amendment law as the home’s “curtilage.” 
 
On the basis of this persistent recording of a home, the government performed a sting operation and followed up with warrants to search Williamson’s home. We agreed with three out of six judges on the First Circuit Court in a similar case, Moore v. United States, that a “reasonable expectation of privacy” was violated when the government placed a pole camera in front of a woman’s home for eight months.
 
In this case, the Eleventh Circuit ruled that similarly persistent surveillance did not violate the Fourth Amendment. The court reasoned that, because one of the cameras overlooked the public street in front of Williamson’s home, and the other recorded the exposed and publicly viewable backyard, the cameras “could view only what was visible from the public streets in front of the house and the public alley behind it.”
 
The court rejected the defense’s comparisons to the U.S. Supreme Court’s Carpenter v. United States (2018), which found a Fourth Amendment violation in law enforcement’s seizure of a suspect’s location history from a cellphone tower. The court also asserted that this case did not resemble United States v. Jones (2012), in which the Supreme Court held that attaching a GPS device to a vehicle amounted to a search requiring a warrant.
 
“By contrast, a pole camera does not track movement,” the Eleventh Circuit found. “It does not track location. It is stationary – and therefore does not ‘follow’ a person like a GPS attached to his vehicle.” Moreover, “the Carpenter decision concerned a technology that is meaningfully different than pole cameras. Pole cameras are distinct both in terms of the information they mine and the degree of intrusion necessary to do so.”

We question the court’s conclusion about the narrowness of data mined by a pole camera. A persistent camera does track movement of residents and their visitors in and out of a home. It potentially reveals a target’s political, religious, and romantic interests. Watching the movements for months around the curtilage of a home – which is highly protected in Fourth Amendment law – is in fact very intrusive.
 
These are ripe questions for future cases. As for the Eleventh Circuit, it declared that it is not making a general rule on the constitutionality of pole cameras. State and federal courts remain divided on that question. And it is a question that will not go away. From pole cameras to drones, aerial panoramas from balloons that can loiter for months, and other persistent forms of surveillance, the courts – and likely, the Supreme Court – will need to set a rule on these forms of outside-in surveillance.
 
To see that they do, PPSA will be looking to provide legal support in cases that present the best fact patterns. 

​Texas is already putting its data privacy statute, passed in 2024, to good use. Part of the state’s broader data privacy and security initiative is a recent lawsuit against General Motors that alleges the unlawful collection and sale of drivers’ data, including selling it to insurance companies that used it to raise insurance rates.
 
Texas Attorney General Ken Paxton also sued insurer Allstate and its Arity subsidiary for unlawfully collecting data on Texas drivers through their mobile apps.
 
Arguing that Texas drivers were unwittingly buying into a “comprehensive surveillance system,” General Paxton charges that, beginning in 2015, GM began collecting detailed data every time Texas drivers used their vehicles. According to the lawsuit:
​

• GM hid its data collection practices behind “onboarding” for products like OnStar Smart Driver.
• Coerced buyers to enroll by threatening to deactivate their vehicle safety features if they didn’t.
• Threw all manner of convoluted “disclosures” at customers (50-plus pages, delivered electronically) without clearly informing them of what was really happening.

But wait, there’s more! The lawsuit further alleges that GM:
​

• Sold that information (for princely sums) to companies, requiring them to build “telematics exchanges” to house the data and calculate driving scores.
• Required those data exchanges and driving scores to be licensed to insurance companies, with royalties to be paid to GM.
• Directed that calculated driving scores include “bad” behaviors such as driving late at night, turning sharply, hard braking, sudden acceleration, and driving over 80 mph.
• Fully knew that some insurance companies who were accessing the driving score data used it to increase monthly premiums, deny claims, or drop coverage.

The data GM collected and sold also allegedly included the date and duration of every drive, speed, seatbelt status, and more. What next? Recording our private conversations?
 
Obtaining consent is always a good idea, but burying it inside an interminable user agreement written in legalese appears to be at the heart of General Paxton’s case against GM. Fifty-plus pages of electronic gobbledygook full of dry product descriptions, confusing user terms and misleading “privacy notices” are the opposite of transparency. Imagine patients signing “I Agree” at the doctor’s office to give physicians the right to harvest their kidneys just because it happens to be in the fine print.
 
The reality is that we never read those interminable user agreements. “Direct” consent is what the law requires, and we hope lawsuits like this one will bring common-sense standards to bear on what has become a completely unwieldy, impractical, and utterly unfair business practice.

For almost 70 years, the President’s Intelligence Advisory Board (PIAB) has advised U.S. Commanders-in-Chief on the effectiveness of the country’s intelligence operations. President Donald Trump recently announced his PIAB roster, chaired by his longtime ally, former Congressman and House Intelligence Committee Chairman Devin Nunes.
 
In Nunes, Trump has chosen a super-utility player when it comes to evaluating the efficacy and integrity of the intelligence community. When Nunes was Chair, the Department of Justice surreptitiously collected data on multiple committee staffers – an unlikely coincidence given that Nunes was then investigating the FBI’s suspicious interest in Trump’s 2016 campaign, and clashing with the Justice Department and the FBI. Chairman Nunes was vocal and effective in exposing government surveillance abuses.
 
That experience alone makes Nunes a good choice to chair PIAB, as he understands firsthand the dangers of surveillance overreach in domestic contexts. Yet he’s also strong when it comes to spying on other countries, having vigorously supported the renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA) in 2018.
 
Such balance is needed on this advisory board. When advising the president on intelligence matters, we urge the new PIAB to assess three well-documented misuses and abuses:

1. FISA Section 702: Invaluable for tracking foreign spies, it has long been used for unbridled surveillance of Americans on American soil. The ongoing abuse of Section 702 calls out for substantive reforms to shore up Fourth Amendment rights, including a warrant requirement for searches of Americans’ data.
   
   
2. The dangerous expansion of FISA’s Electronic Communication Service Provider standard – meaning the network/server user data of churches, law offices, gyms, department stores, campaign offices, car dealerships, you name it – can be spied on by the government without restriction. Some in the House blocked a promise made in the Senate’s passage to narrow this overreaching surveillance of Americans. Today, almost every free, business Wi-Fi network Americans use can be repurposed to spy on them. 
   ​
   
3. Commercially Available Information sold to federal agencies. At present, third-party data brokers may sell sensitive personal information (scraped from our apps, for example) to government intelligence and law enforcement agencies – from Americans’ financial and bankruptcy records, health and mental health issues, browsing and location histories. Virtually every aspect of our personal online identities can be acquired by the government, without cause or a warrant.

Other members of the newly-announced board include:

• Scott Glabe, Homeland Security alumnus
• Amaryllis Fox Kennedy, former CIA officer
• Wayne Berman of the Blackstone, Inc.
• Reince Priebus, former White House Chief of Staff
• Robert O’Brien, Former National Security Adviser
• Katie Miller, former Communications Director for Mike Pence

Given the experience of this team, we have high hopes they will bring balance to the board’s investigations and deliberations. Biden’s PIAB sidestepped calls for serious reforms of Section 702, despite being presented with evidence detailing more than 278,000 instances of rules violations by the FBI.
 
With President Trump’s stated goal that PIAB should “restore integrity” to the Intelligence Community, we urge the president’s PIAB appointees – who certainly have their work cut out for them – to do exactly that. They should begin by recommending specific measures to reign in the FBI’s rampant surveillance of Americans.

​At a time when quality journalism is believed to be dead, PPSA is finding incisive local reporting on how city by city, county by county, state by state, the elements of a national surveillance state are being put into place. Journalists are reporting on the alarming growth of surveillance networks, the generous federal and state funds and grants that fuel this growth, the impacts of surveillance on the rights of everyone, and on the privacy of the vulnerable.
 
***
 
One exemplar of local reporting is Cardinal News of Virginia, which is releasing an investigative series on the creeping emergence of comprehensive surveillance throughout the southern portion of that state.
 
The Cardinal article begins by asking: “So if the question is, ‘Who's watching me?’ The answer is: practically everyone.” Its reporters and editors reached out to 100 law enforcement agencies in Southwest and Southside Virginia, from county sheriffs’ offices to big city police departments.
​

• Cardinal found that 81 of 100 police agencies use some form of public surveillance that records and gathers data on citizens with no specific investigatory predicate.
  
  

What is happening in this portion of Virginia is happening everywhere. This is not the result of some nefarious scheme but rather the natural outgrowth of understaffed local law enforcement looking to use surveillance technology to plug the gaps and catch bad guys. These elements – automated license plate readers, facial recognition software, drones and other technologies – can all connect and share data, slowly knitting together a national system of surveillance. Add the power of artificial intelligence, and the means are being put in place to follow people by their movements, their activities, their associations, and their beliefs.

Who is paying for this? “A funny thing happened on the way to defunding the police,” is how the newspaper archly puts it. Cardinal reports the federal American Rescue Plan of 2021, meant to provide a large array of technology and body armor for police, is a major funder of the rollout of local surveillance technology. In addition to state funds, other journalists trace money for surveillance systems to HUD grants and federal funds provided to states meant for covid relief.
 
This federal and state largesse is funding the regional network of automated license-plate readers. With this technology, AI creates “vehicle fingerprints,” unique characteristics that include characteristics such as vehicle color, roof racks, and bumper stickers. This technology can be used to track robbers, abductions, confused elderly drivers, but also everyone else as they come and go from churches, mosques, gun stores, political rallies, and mental health clinics.

***
 
Todd Feathers of Gizmodo walked the streets of Toledo, Ohio, to survey the results of comprehensive surveillance – in this instance, streaming live images of residents of public housing complexes straight to police headquarters.
 
“This kind of surveillance has become the norm in Toledo, where living in subsidized housing now means being watched outside your home day and night by an officer you can’t see or speak to,” Feathers reports. He adds that this is the result of the city’s contract with Fusus, “a company whose controversial technology enables cops to access live streams from private camera networks that opt in to the system.”

• Feathers reports that in the first ten months of 2024, Toledo police spent a cumulative 3,822 hours – the equivalent of 159 days – watching live streams from 23 Fusus-enabled cameras aimed at one public housing complex.

 

• Officers spent 18,751 hours streaming live camera feeds from 275 cameras at 12 apartment complexes. That was twice as much time as they spent watching the other 439 Fusus-enabled cameras spread throughout Toledo combined.

“This data really illustrates the risks associated with this type of surveillance,” said Beryl Lipton, a senior investigative researcher with the Electronic Frontier Foundation, interviewed by Feathers. “The idea that people who are already in a vulnerable space in their housing development are subject to increased levels of surveillance simply because that is where they live really highlights how inequitable and unjust these applications of surveillance can be.”
​

• Only 20 percent of the city’s crime occurred within half a mile – a wide buffer zone – of one of the 12 housing complexes, according to police data on homicides, shootings, aggravated assaults, robberies, thefts from vehicles, and car thefts. But 66 percent of the time a Toledo officer streamed a live feed through Fusus, the camera was at one of the 12 developments.

Feathers concludes that “an important public safety decision – where police should focus their attention – is increasingly determined not by where crime happens, but by which private entities have chosen to pay thousands of dollars to join Fusus’s surveillance network.”
 
Worse, the local ACLU reports that the Toledo police lack a detailed policy of what officers can and can’t use these Fusus-enabled cameras for, set limits on how long footage collected through Fusus can be stored, and state whether anyone outside the Toledo Police Department is allowed to access the camera systems or recorded footage, and under what circumstances.
 
***
 

Gizmodo reported that when the Fusus contract came up for a vote before the Toledo city council, not a single council member asked police a question about how that technology might be used.
 
There are signs, however, that many local and state leaders are beginning to ask deeper questions and show a willingness to halt the expansion of surveillance. We reported earlier that in Virginia, state House Majority Leader Charniele Herring, a Democrat, advanced a bill that would also have enabled a dramatic expansion of cameras on state highway rights-of-way.
 
She argued that her bill would put “guardrails” on the use of surveillance. The bill failed in committee, 9 to 6 against the bill, with both Democrats and Republicans siding for and against Leader Herring’s bill.
 
Leader Herring’s bill did, in fact, include many useful guardrails, such as a 30-day limit on retaining license plate images, requiring reasonable suspicions of a major crime or incident before accessing the data, an audit trail for use, and making misuse of the system a Class I misdemeanor. Yet her bill still failed.
 
Perhaps this vote points to a new skepticism, a willingness by policy makers to slow down and think through the implications of this massive surveillance rollout. As policymakers deliberate, we hope they will continue to be informed by more good reporting like that of Cardinal News and Gizmodo.

​As we reported earlier this year, Judge LaShann DeArchy Hall of the U.S. District Court for the Eastern District of New York ruled that when the government searches for the communications of U.S. persons in data collected under FISA Section 702 authority, such searches are subject to the Fourth Amendment. Such searches must either be conducted after the issuance of a warrant, or meet stringent exceptions to the warrant requirement.
 
Here is a declassified version of Judge Hall’s ruling.
 
In a recent piece in Just Security, David Aaron, Noah Chauvin, and Courtney Otto explore the implications of this ruling for the Second Circuit and the FISA Court. They also explore the impact Judge Hall’s ruling is likely to have in Washington, D.C.
 
“The opinion will likely also be viewed as significant in the halls of Congress, which must decide by April 2026 whether and in what form to reauthorize Section 702. During the last round of reauthorization, an amendment requiring a warrant for U.S. person queries failed in the House by a tie vote (A modified version of the amendment was voted down in the Senate by a wider margin). A key theme in the resistance to the warrant requirement, both inside and outside of Congress, was that no court to reach the merits of the issue had ever ruled that warrantless U.S. person queries violated the Fourth Amendment. Now that is no longer the case, members will face more pressure to impose a warrant requirement by statute.”
 
Let us hope that many Members of Congress will look to Judge Hall’s bold declaration in favor of the Constitution to take a bold step of their own – to require warrants before Section 702 data can be used to spy on Americans.

​Robert Oppenheimer was famously conflicted about his work on the atomic bomb, as was Alfred Nobel after inventing dynamite. One supposes any rational, non-sociopath would be.
 
But imagine if Alexander Graham Bell had similarly cast aspersions on the widespread use of telephones or Edison on electrification? When Morse transmitted, “What hath God wrought?” as the first official telegraph, it was meant as an expression of wonder, even optimism. We expect weapons of destruction to come with warnings. By contrast, technological revolutions that improved human existence have rarely come with dire predictions, much less from their inventors. So it’s a bit jarring when it happens.
 
And with artificial intelligence, it’s happening.
 
Geoffrey Hinton, the “godfather of AI,” quit Google after warning about its dangers and later told his Nobel Prize audience, “It will be comparable with the Industrial Revolution. But instead of exceeding people in physical strength, it’s going to exceed people in intellectual ability. We have no experience of what it’s like to have things smarter than us.”
 
Now enter Sam Altman, the man whose company, OpenAI, brought artificial intelligence into the mainstream. In a blog post published this week, Altman opened with his own paraphrase of “But this feels different.” Hinton and Altman are both referring to what many consider the inevitable turning point in the coming AI revolution – the advent of artificial general intelligence, or AGI. In short, this will be when almost every computer-based system we encounter is as smart or smarter than us.
 
“We never want to be reckless,” Altman writes in the blog (emphasis added).
 
“We believe that trending more towards individual empowerment is important,” Altman writes, “the other likely path we can see is AI being used by authoritarian governments to control their population through mass surveillance and loss of autonomy.” To be fair, OpenAI was founded with the goal of preventing AGI from getting out of hand, so perhaps his somewhat conflicted good cop/bad cop perspective is to be expected.
 
Yet that hasn’t stopped Altman from taking what might someday be seen as the “self-fulfilling prophecy” step on our road to perpetual surveillance.
 
Altman is partnering with Oracle and others in a joint venture with the U.S. government to build an AI infrastructure system, the Stargate Project. Two weeks after the venture was announced, his blog is acknowledging the need for a “balance between safety and individual empowerment that will require trade-offs.”
 
What to make of all this? Sam Altman is a capitalist writ large. He believes in the American trinity of money, freedom, and individualism. So when he feels compelled to ponder the looming potential of a technocratic authoritarian superstate from his brainchild, he is to be believed.
 
Altman dances ever-so-deftly around the potential dangers of mass surveillance in the hands of an AGI-powered authoritarian state, but it’s there. AI is the glue that makes a surveillance state work. This is already happening in the People’s Republic of China, where AI drinks in the torrent of data from a national facial recognition system and total social media surveillance to follow netizens and any wayward expressions of belief or questioning of orthodoxy. Altman is fundamentally worried that the technology he’s helping to unleash on the world could prove to be the fundamental unraveling of individual liberty, and democracy itself.
 
One last thing worth noting: Sam Altman is an apocalypse-prepper. “I try not to think about it too much,” he told The New Yorker in 2016. “But I have guns, gold, potassium iodide, antibiotics, batteries, water, gas masks from the Israeli Defense Force, and a big patch of land in Big Sur I can fly to.”
 
Just imagine what he isn’t telling us.

​The Senate confirmation of Tulsi Gabbard as DNI puts the former Congresswoman from Hawaii in the cockpit of the U.S. intelligence community. Director Gabbard will have to perceive and define evolving threats in the most hostile global environment in almost a lifetime. She will also have no lack of challenges in coordinating the mission of 18 federal agencies and refining their conclusions as actionable intelligence for the president.
 
PPSA, along with our civil liberties colleagues, hope that as Director Gabbard plunges into the myriad challenges of her new job, she will also stand true to her heritage as a champion of the U.S. Constitution. As a Congresswoman, Tulsi Gabbard stood fast to the conviction that we can have both national security and respect for the Bill of Rights. We urge Director Gabbard in her new role to demonstrate the viability of this principle. We call on her:
 

• To close the backdoor search loophole by enforcing a warrant requirement whenever the FBI singles out American citizens for a query of their personal data, collected pursuant to Section 702.

 

• To also require warrants when the government inspects Americans’ personal, digital data purchased by federal agencies from third-party data brokers.

 

• To release the full number of queries of Section 702 databases made by the FBI and other agencies to inspect the personal communications of U.S. persons, so we can understand how this authority is being used.

 

• To extend the promise made by the previous administration to restrict the authorities of the electronic communications service providers to a technical fix (widely believed to apply to cloud computing), rather than use this authority in its most expansive form, forcing practically any kind of American business to spy on their customers.

 

• To deepen Director Gabbard’s predecessor’s effort, the Policy Framework for Commercially Available Information, to guide federal intelligence agencies into developing procedures and strong guidelines in the uses of purchased data.

 
In each of these efforts, we hope Director Gabbard will demonstrate that we can protect Americans from threats from abroad while also protecting them from the prospect of an emerging surveillance state.
 
“In the military, I learned that ‘leadership’ means raising your hand and volunteering for the tough, important assignments,” Gabbard said. We are fortunate that Gabbard has volunteered for this particularly tough assignment. We urge her to find ways to extend her legacy as a defender of the American homeland and as a defender of our freedoms at home.

​“I have as much privacy as a goldfish in a bowl,” Princess Margaret once said, despairing of the paparazzi. Now, thanks to the Home Secretary of the United Kingdom, you too can feel like royalty.
 
The British government has recently issued a secret order demanding a backdoor to all of Apple’s encrypted communications.
 
From time to time in the United States the Justice Department has demanded that Apple help it jailbreak a suspect’s iPhone. Apple stoutly refuses to bend the knee, knowing that granting one such demand would create a backdoor that would destroy Apple’s privacy promise forever. Since 2022, Apple has allowed users to opt for Advanced Data Protection in which no one but the user can access encrypted messages on iMessages.
 
Now London is not demanding, as the Justice Department did, to force Apple to create backdoors to individual accounts of suspected criminals. Instead, London is demanding backdoor access to all encrypted material – messages, texts, and images – stored on the cloud by all Apple customers around the world, including U.S. citizens.
 
“The British government’s demand is breathtaking by comparison,” said Erik Jaffe, President of PPSA. “It is nothing less than internet imperialism.
 
“We had a revolution, left the British Empire, and adopted the Fourth Amendment in part because of the abusive, unreasonable, and warrantless searches performed by agents of the Crown,” Jaffe said. “We should not tolerate the reimposition of such British high-handedness.”
 
Meredith Whittaker, president of the nonprofit Signal app, told The Washington Post, “If implemented, the directive will create a dangerous cybersecurity vulnerability in the nervous system of our global economy.” Given the breathtaking scope of this order, it is likely only a matter of time before similar orders will be directed at Meta’s encrypted WhatsApp backups. Signal and Telegram services might be next.
 
This is a terrible precedent with terrible consequences. With the UK now demanding a backdoor, expect China and other authoritarian regimes to follow suit.
 
The witless Whitehall nanny-staters overlook the value of encryption in protecting dissidents from tyrants, journalists from homicidal cartels, and even law-enforcement itself from organized criminals and state actors. Once this backdoor gets into the wild – and it will – women and children will have far less protection against stalkers and abusers. Inventors and businesses will also be exposed to industrial espionage by competitors and China. Everyday consumers who simply value their privacy will be betrayed.
 
It is out of concern for the human right to privacy that the European Court of Human Rights rejected a Russian law that would have broken encryption. Now, what Vladimir Putin could not achieve, the British government is happy to do for him.
 
This is just the latest sign that official attitudes toward personal privacy have crossed a threshold into authoritarian thinking. There is nothing shocking or unusual about privacy in communications. It has been the de facto rule for most person-to-person communications for all of human history. Once a government whets its appetite for your personal information, it will almost always seek more.
 
“Efforts to give the government back-door access around encryption is no different than the government pressuring every locksmith and lock maker to give it an extra key to every home and apartment,” Jaffe said.
 
Now the same country that celebrates the declaration of Sir Edward Coke, a 17th century jurist who declared that every person’s home is his “Castle and Fortress,” is busy forging digital keys.
 
PPSA urges the U.S. government to exert its diplomacy and defend Americans’ privacy.