The Colorado Supreme Court issued a 5-2 ruling that leaves an urgent privacy question wreathed in a cloud of ambiguity. As a result, Americans must worry that merely being in the same location as someone who might have done an internet search for suspicious material could end up with their own search data being examined by the police.
So-called “reverse warrants” are a powerful new type of search warrant enabled by the collection of Americans’ private data. Reverse warrants allow the police to sift through the search histories of thousands of people. They come in two types: geofence warrants, which allow police to identify people whose devices were in a certain area at a certain time, and reverse keyword warrants, which allow police to identify who searched certain keywords, phrases, or addresses online.
These warrants and their underlying technologies allow police to track any person and search through their data. Instead of developing suspicions about a person based on factual evidence and then applying for a warrant to search that specific person – as required by the Fourth Amendment – reverse warrants involve looking through the search history or location history of many innocent people in the hopes of finding a suspect.
Reverse warrants exist in legal limbo. There is little precedent or written law that govern this new form of data analysis. Accordingly, some courts have treated reverse warrants as they would any standard warrant.
Seymour v. Colorado is the first case to address the constitutionality of reverse warrants. This case springs from a particularly heinous crime – an arson that killed a family of five. Two months later, the Denver Police Department obtained a reverse keyword warrant. As a result of the warrant, Google was forced to hand over the data of eight people, five of whom had Colorado-based IP addresses that had searched for the location of the arson in a two-week period before the crime. Three suspects were eventually charged. One of them, Gavin Seymour, sued to suppress evidence obtained by the warrant on constitutional grounds.
The court held that “Seymour has a constitutionally protected privacy interest in his Google search history,” and that “Seymour’s Google search history implicates his right to freedom of expression.” The court also found that law enforcement obtained and executed the warrant in good faith, so the evidence shouldn’t be suppressed under the exclusionary rule.
Thus the court acknowledged the serious constitutional issues at play and still treated the reverse warrant as if it was just an ordinary search. The court stated that “the warrant required individualized probable cause and that its absence here rendered the warrant constitutionally defective.” Yet, somehow, it was still admissible evidence.
Five innocent people had their data searched. Another five innocent people were murdered in a fire. There is a lot at stake in this case, and a lot to unpack. Does a search of Google search histories by a given address satisfy the Constitution’s requirement for a particularized search? Can probable cause be asserted when the identity of the suspect is unknown? Could digital bystanders have evidence used against them from a search result unrelated to this particular crime?
Perhaps this case will advance to the U.S. Supreme Court, which could take this opportunity to articulate boundaries and rules for future searches. We’ve seen, however, a time lag in the Court’s addressing of new technologies. Congress should consider taking measures to protect privacy in reverse warrants before the Supreme Court is forced to weigh in.
The Congressional debate over the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) has mostly centered around the outrage of federal agencies using an authority meant for the surveillance of foreigners on foreign soil to warrantlessly collect the communications of hundreds of thousands of Americans every year.
But the Section 702 debate highlights an even greater outrage that needs to be addressed – the routine practice by federal agencies to purchase and access the private data of Americans scraped from our apps and devices without a warrant.
While federal data purchases are not part of Section 702, history suggests that any reforms made to Section 702 to curtail the surveillance on Americans in the pool of “incidentally” collected communications will be futile if we don’t close this other loophole. Our data, freely collected and reviewed at will by the government, can be more personal than a diary – detailing our medical concerns, romantic lives, our daily movements, whom we associate with, our politics and religious beliefs.
The Wall Street Journal shined a much-needed light on this practice. It reported on the relationship between U.S. government agencies and the shadowy world of data-broker middlemen who peddle our most sensitive personal information. The Journal reported that India-based Near Intelligence has been “surreptitiously obtaining data from numerous advertising exchanges” and selling this data to the NSA, Joint Special Operations Command, the Department of Defense, and U.S. Air Force Cyber Ops.
The Journal accessed a memo from Jay Angelo, Near Intelligence general counsel and chief privacy officer, to CEO Anil Mathews about three privacy problems.
First, Angelo wrote that Near Intelligence sells “geolocation data for which we do not have consent to do so.”
Second, he wrote the company sells or shares “device ID data for which we do not have consent to do so.”
And, finally, Angelo wrote, the company violates the privacy laws of Europe by selling Europeans’ data outside of Europe. Customers include agencies of the U.S. federal government, which “gets our illegal EU data twice per day.” It is unclear the extent to which this company sells Americans’ data, though it seems likely that the privacy of Americans is implicated given that the company boasts of having access to data from a billion devices.
Near Intelligence is just one actor in this shadowy world of merchants of personal data. Congress should require government agencies to obtain a probable cause warrant to examine the private data of Americans, whether collected under Section 702 or through data purchases.
Intelligence Community Uses Intelligence Failure to Argue Members of Congress Who Support Reform of Section 702 Would “Degrade” Surveillance of Hamas
The intelligence community is now spinning the media that the barbarous invasion of Israel and mass murder of its citizens by Hamas should prompt Congress to reauthorize Section 702 of the Foreign Intelligence Surveillance Act without any meaningful changes or reforms.
Before listening to the intelligence community’s spin, Congress should first ask why given this powerful Section 702 authority and all the technology in the hands of the NSA, did U.S. intelligence miss the scale and scope of Hamas’ intentions? While U.S. intelligence detected rising activity in Gaza, it did not detect the threat that resulted in the killing of more than 1,400 Israelis and at least 30 Americans.
Instead of explaining this abject intelligence shortfall, some in the intelligence community are defaming champions of Section 702 reform on Capitol Hill as opposing surveillance of Hamas. This weak attempt to deflect from an abject failure makes no sense. It is, at best, an especially callous perversion of Rahm Emanuel’s aphorism that one should “never let a good crisis go to waste.”
Carrie Cordero, a CNN legal and national security analyst, and former counsel at the Office of the Director of National Intelligence, writes: “Hamas, Hezbollah and their state-sponsor, Iran, are wholly appropriate intelligence targets, and Section 702 authority should not be degraded while threats from these actors have escalated to the degree of starting a new war in the Middle East.”
In just a few words, Cordero portrays the many House and Senate Members in both parties who are pushing to add warrants for Americans to the reauthorization of Section 702 as being willing to “degrade” an authority that counters some of the worst regimes in the world. This broadside obfuscates the purpose of Section 702 and how it is being misused by our government to spy on the American people.
Congress designed Section 702 to create a legal authority for U.S. intelligence agencies to spy on foreigners located abroad for national security purposes. It is, as Cordero notes, a tool especially designed for counterterrorism. No reform on the table would restrict U.S. intelligence from using Section 702 to surveil Hamas, Hezbollah, Iran, Russia, China, North Korea, or the devil himself.
So how, then, could reforms to Section 702 “degrade” this important and useful authority? There can be only one meaning to this phrase. Somehow, protecting the rights of American citizens against intrusive and unconstitutional spying would “degrade” Section 702.
Civil liberties groups and their champions on the Hill are concerned that this authority, meant to surveil foreign threats on foreign soil for national security, has been used by the FBI to spy on a Member of the U.S. House, a Member of the U.S. Senate, 19,000 donors to a congressional campaign, community leaders, and protest groups both left and right. The FBI also uses Section 702 to warrantlessly access the communications of Americans to obtain a backdoor route to prosecuting them for ordinary crimes, such as bribery and healthcare fraud – far beyond the intention of Congress in passing Section 702.
In the hands of the FBI, Section 702 has turned the Fourth Amendment requirement for a probable cause warrant for American citizens into vaporware.
Fixing this would do nothing to degrade the ability of the CIA to follow Hamas and Hezbollah, or to restrain the FBI from obtaining a warrant to surveil an American who is in communication with dangerous actors.
That they now want to use their failure as an excuse to violate the civil liberties of law-abiding U.S. citizens – by the hundreds of thousands each year – speaks to shameless opportunism, masking incompetence and authoritarian tendencies.
The titles slapped on government reports are often meant to downplay or obfuscate. Not so the title of a report from the Inspector General of the Department of Homeland Security – CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data.
The title may be lengthy, but it describes the alarming extent of lawless surveillance by federal agencies. For years, these three agencies freely accessed Americans’ location histories and other data collected from mobile device applications and sold by third-party data vendors to the government.
The Department of Homeland Security Privacy Office itself “did not follow or enforce its own privacy policies and guidance.” The report notes that DHS itself has no department-wide policy regarding privacy. This negligence allowed DHS agencies to break the law and do so without any supervisory review.
The law in this case is the E-Government Act of 2002, in which Congress mandated that agencies conduct a Privacy Impact Assessment (PIA) that requires the government to spell out what information it is collecting, why it is collecting it, how that information will be used, stored, and shared. The law also requires agencies to describe how this information will be protected from unauthorized use or disclosure, and how long it will be retained.
Instead, CBP, ICE, and the Secret Service helped themselves to location data harvested from apps installed on Americans’ smartphones. One CBP official felt sufficiently comfortable with this technology to use it to track his coworkers’ daily movements, for what purpose only HR knows.
Why might have DHS leaned away from adhering to the law? Nate Wessler, deputy project director of ACLU’s Speech, Privacy and Technology project told 404 Media that if the agencies had performed the required Privacy Impact Assessments “they could have reached only one reasonable conclusion: the privacy impact is extreme.”
The unclassified DHS report is a thunderclap of candid accounting of government agencies bending or breaking the law. It follows the unsparing analysis of the Crossfire Hurricane investigation by the 2019 Department of Justice Inspector General and PCLOB’s recent analysis of Section 702 of the Foreign Intelligence Surveillance Act, advocating for greater judicial oversight of that program’s use of Americans’ communication “incidentally” caught up in surveillance of foreign targets.
The DHS report should especially be read in the light of a surprisingly frank report released by the Office of the Director of National Intelligence that commercially acquired data can be used to follow protestors, degrade First Amendment expression, and “facilitate blackmail, stalking, harassment, and public shaming.”
The DHS report is just one more reason why Congress should take the pending reauthorization of Section 702 as a once-in-a-generation opportunity for reform. Congress should require federal agencies to obtain a probable cause warrant before examining Americans’ communications and data, whether obtained from Section 702 or through data purchases.
Intelligence Community MYTH: The FBI has new minimization procedures that have dramatically reduced the numbers of U.S. person queries in the Section 702 database and the potential for violations. No fixes in the law are needed.
FACT: Even FBI Director Christopher Wray’s brag that refinements in internal procedures have reduced the number of warrantless searches for Americans’ communications to approximately 204,000 queries of Americans’ personal communications per year is alarming. The number of people who have been victimized by these civil rights violations is equal to the population of many medium-sized U.S. cities. As Sen. Mike Lee says, “That number should be zero. Every ‘non-compliant’ search violates an American’s constitutional rights.”
Jonathan Turley of the George Washington University Law School dismissed the FBI’s recent boasts about the reduced number of improper queries into Americans’ private information, likening that boast to “a bank robber saying we’re hitting smaller banks.”
The many broken promises of the FBI should leave the bureau with little room for a “trust me” clean reauthorization of Section 702. Consider the government’s long history of abuses. In just the last few years, in violation of its own rules:
Other actions outside Section 702, such as the wide-ranging politically motivated investigation of “radical traditional Catholics,” further reveal an FBI appetite for playing politics. Nobody in their right mind should want the FBI to have warrantless access to their private sensitive personal communications and data.
Congress passed a mandate in 2021 that will require all new cars sold later in this decade to have a built-in drunk driver detection system. This law, well-intentioned as it may be, is fraught with enormous risks to the privacy of any American who drives a car.
The vague goal this mandate sets out is: If your car thinks you’re overserved, your car won’t start. Or perhaps it will pull over and call the police. It is not clear, exactly, how this technology will work. In any event, this law promises to make every car a patrol car, with you inside it.
Rep. Thomas Massie (R-KY), a long-time defender of civil liberties, is not having it. He is proposing an amendment to the Transportation, Housing and Urban Development (yes, the Washington acronym here is THUD) appropriations bill to safeguard Americans’ constitutional right to privacy by forbidding federal expenditures to implement this ill-conceived mandate. PPSA is proud to support this amendment and we stand together with other supporters, including FreedomWorks and the Due Process Institute.
While aggressive action to curb impaired driving is appropriate, the privacy issues raised by Rep. Massie about the mandate for this “advanced drunk driving and impaired driving prevention technology” are impossible to ignore. They are ultimately of great consequence to the future of our country.
First, consider that this technology will monitor the driving performance of millions of Americans who don’t drink and drive, potentially keeping many of them from operating their vehicles. While many states allow for court-mandated ignition interlock devices for people convicted of DUIs (requiring people under such an order to clear a self-administered breathalyzer test before their cars will start), these state restrictions are far more reasonably tailored than the broader and more intrusive federal mandate. Crucially, they make the necessary distinction between the irresponsible few who are under a court order, and the responsible many who are not. Additionally, the state regulations do not passively monitor drivers’ performance.
What do the responsible many have to lose under the federal mandate? The driver detection mandate could violate your privacy and constitutional rights on a massive scale.
Consider: Absent a breathalyzer, this technology might well – like some commercial delivery operators already do – use a camera and AI to passively monitor your body movements for signs of impairment.
Moreover, would your video data be stored? And if it is stored, would camera data follow you and any passengers in the car – perhaps with a sound recording of anything that you might say to each other? (After all, analyzing voice data could be used by AI to look for the possible slurring of your words.)
And if this video and/or voice data is stored, would these videos then be part of the enormous stream of data that federal agencies – from the IRS, to the FBI, to the DHS – now routinely purchase and access without a warrant? (This brings to mind an old joke: An FBI agent walks into a bar. The bartender says, “I’ve got a joke for you.” The agent replies, “heard it!”)
Video analytics technology, like facial recognition software, is hardly foolproof. Would this yet-to-be-developed device read people with disabilities as being intoxicated? Would perfectly sober people register false positives and not be able to drive?
Rep. Massie’s amendment would provide a much-needed sobriety check on the government’s foolhardy leap into mandating this technology. PPSA strongly urges Congress to pass the Massie amendment and protect the privacy and constitutional rights of millions of Americans.
An FBI raid on the home of a Tampa-based journalist, and the seizure of his computer, hard drives, cellphone and all they contain, is raising questions about the fidelity of the Department of Justice to a year-old revision to its News Media Policy announced by Attorney General Merrick Garland. Under that policy, the Department is forbidden from using compulsory legal processes to obtain the newsgathering records of journalists, except in extreme circumstances.
Now a wide spectrum of press freedom and civil liberties organizations, including PPSA, are asking the Department of Justice to provide transparency about this FBI raid in May.
The FBI executed its search warrant at the home of journalist Tim Burke, which he shares with his wife, Tampa city councilwoman Lynn Hurtak. The credibility of this extreme action is highly questionable, leaving the Department to explain how this ransacking of a journalist’s home and seizure of his devices differs from the now-widely ridiculed police raid on a newspaper in rural Kansas.
As Congress debates the reauthorization and reform of Section 702 of the Foreign Intelligence Surveillance Act (FISA), Members should keep in mind an instructive example from a local government that shows just how personal mass surveillance abuse can be.
During the pre-vaccine, early Covid era, Calvary Chapel San Jose in Santa Clara County, California, continued to hold regular worship services with hundreds of unmasked congregants, in defiance of official shelter-in-place orders. The county reacted by seeking north of $1 million dollars in fines against the non-denominational church, an action now wending its way through court.
Not content to fine the church, or warn congregants, Santa Clara County mounted a large surveillance campaign that managed to compromise both the Fourth Amendment rights of the congregants against unreasonable searches and seizures, while also compromising their First Amendment right to the free exercise of religion.
Some of the spying was physical, with county agents making 44 visits to Calvary Chapel in 2020 and 2021. Agents also parked a surveillance car in the parking lot of a nearby church, until they were asked to leave.
The county then turned to invasive and warrantless geofencing, using Safegraph software to track local citizens’ cellphones on church premises, following churchgoers as they went to the sanctuary room, nursery, the prayer room, even to the bathroom.
In a federal lawsuit against the county, the church’s complaint noted that location data reveals more than a target’s physical movements. It also shows “a person’s pattern of life. These tools provide a story about where and with whom people socialize, visit, worship, and much more.”
Data scientists tested just how anonymous geolocation data really is. Researchers at Imperial College London developed a machine learning model that was able to correctly re-identify 99.98 percent of Americans in any anonymized dataset using just 15 characteristics including age, gender, and marital status.
In another study that investigated smartphone location data, researchers were able to uniquely identify 95 percent of the individuals in a dataset with just four spatio-temporal points.
It is hard, then, to say the church exaggerates when it informs the court in its filing that “this is not just un-American; it is downright Orwellian.”
This surveillance was apparently done not to investigate a crime, which requires the government to obtain a warrant, limited in time and scope. It was done to give the county data information it could weaponize against the church in its ongoing lawsuit for violating public health orders.
Whatever one thinks of the church’s defiance of the county’s orders, the warrantless use of geolocation surveillance against hundreds of local residents is an example of how reckless government at all levels can be with widely available technology.
“There are all kinds of concerns with geofencing when you talk about your First Amendment rights like freedom of expression or freedom of religion,” Mike Katz-Lacade of the Center for Human Rights and Privacy told The San Jose Mercury News. “You could conceivably use it to see who goes to a mosque – or discriminate against certain religious groups or minorities.”
These same geolocation tools are widely available to federal intelligence and law enforcement agencies, which can either deploy them or simply buy the underlying data of our location tracked by our phones and apps.
Thus, this local story is one of national significance. It is something to keep in mind in debating needed changes to Section 702, the authority Congress designed for foreign surveillance but which the FBI uses routinely to conduct criminal investigations of Americans.
Former Director of National Intelligence John Ratcliffe appeared on the Kevin Roberts Show, a Heritage Foundation podcast, to discuss the myriad challenges posed by the creeping corruption of America’s intelligence network. In particular, Ratcliffe highlighted problems associated with Section 702 of the Foreign Intelligence Surveillance Act.
That intelligence agencies routinely abuse Section 702 is an open secret these days, but that should make it no less noteworthy when a former Director of National Intelligence validates it.
Prior to taking the nation’s top post in intelligence, Ratcliffe served as a Republican Congressman from Texas. Rep. Ratcliffe sat on the intelligence oversight committee, where he routinely interacted with intelligence agencies he’d later oversee. Contrasting these two perspectives, Ratcliffe exposed how much the intelligence agencies shield information from Congressional oversight.
“Congress has an oversight role over the intelligence community,” Ratcliffe said. “It wasn’t until I became the Director of National Intelligence and walked in and said ‘show me the intelligence that we have that says there’s Russian collusion, show me the intelligence that says that there’s support that [Covid] was a natural development from zoonotic transmission.’ The fact is the intelligence didn’t show that. As an elected official for the American people with oversight, I wasn’t getting the truth. I literally had to become the Director of National Intelligence to get the truth…”
Regarding Section 702, Ratcliffe noted that while “it does make America safer when used appropriately,” the policy needs firm guardrails to prevent abuse. “The problem is what we have seen, particularly in the Obama administration and now carrying forward into the Biden administration, and it occurred even during the Trump administration through these embedded partisans … was to turn that important tool inward on American citizens and even members of Congress.”
But Ratcliffe doesn’t think guardrails are enough. Regarding agency culture, Ratcliffe said, “I’m hesitant to now just say it’s a few bad apples, because it’s been a problem for so long that, if you talk about it that way, people think it’s a small problem. And it’s not. It’s become a cultural problem.”
Beginning with the Obama Administration, partisans have been embedded “at the highest mid-and-senior level management within these institutions…” With respect to solutions, Ratcliffe said “it’s going to require those major structural reforms…”
Whatever your political leanings, such statements from a former Director of National Intelligence should be deeply worrying. PPSA is pleased former Director Ratcliffe is calling for serious reforms to Section 702. As Ratcliffe says, both Democrats and Republicans have contributed to the sorry state of the intelligence community, and it is up to concerned Americans to right the ship.
Intelligence Community MYTH: Warrantless access to Americans’ data is vital to defending people and companies against cyberattacks and ransomware. Otherwise, we’d be wide-open to cyberattacks from Russia and China.
FACT: Most cybersecurity experts disagree with the government’s argument. The Washington Post conducted a survey of “a group of high-level digital security experts from across government, the private sector and security research community.”
There is no “defensive” exception to the Fourth Amendment. The fact that the government claims to be doing something for our own good does not make it constitutional, nor does it mitigate the privacy intrusion or risk of abuse.
If government agents want to access our private communications for our own good, they should simply ask our permission. Without that permission, they should get a probable cause warrant to spy on Americans’ communications.
NYPD’s Angwang Case
This week, Baimadajie Angwang, an officer of the New York Police Department, appears before an administrative judge to make a bid to remain on the force. The long journey of Angwang – from Tibetan refugee to U.S. Marine in Afghanistan, to police officer, to accused spy – shows how an American can have his reputation destroyed and his freedom threatened by secret charges.
As a teenager, Angwang visited the United States on a cultural exchange program only to be beaten by Chinese police on his return to his homeland. He fled the country and successfully sought asylum and citizenship in the United States, serving as a Marine. Angwang joined the NYPD in 2016, married, and became a father.
On the morning of Sept. 21, 2020, Officer Angwang was confronted in front of his home by four souped-up pickup trucks squealing to a halt, half-a-dozen officers in tactical gear piling out, and rifles pointed inches from his face. Angwang was charged with spying for China on his fellow Tibetans in New York and lying on a security form. Angwang was held in the Metropolitan Detention Center in Brooklyn for five months.
The conditions in that jail are wretched, far worse than those of most prisons. Angwang had to borrow underwear from another prisoner. The facility lost power, leaving desperate prisoners to suffer in the cold through a bitter January. When Angwang fell ill, guards ignored his pleas for help.
What was Angwang’s alleged crime? It grew out of his quest to secure a long-term visa from the Chinese consulate to visit his elderly parents in Tibet and allow them to meet their granddaughter. In extensive conversations with a consular official, Angwang had tried to get this visa by demonstrating that he was friendly and apolitical. Angwang’s lawyer, John F. Carman, wrote to a federal judge that his client tried to strike a “solicitous tone and accommodating posture.” Prosecutors said that Angwang invited Chinese consular officials to NYPD events and reported on the activities of other Tibetans in New York.
The prosecution’s case was based on calls and likely texts between Angwang and the consulate, all secretly recorded. To be fair, the government arguably has good reason to watch how Chinese diplomats try to convert American citizens into spies. Furthermore, the government did obtain a warrant to surveil Angwang. Carman said that evidence from these communications, however, was misinterpreted and taken out of context by prosecutors.
In court, Angwang faced a dilemma shared with many charged with evidence they are not allowed to see. In such cases, when classified evidence is introduced in a trial, the judge and prosecutors secretly determine in a sealed court what evidence can be seen by the defense attorney and what can be presented in court. In August 2022, Carman read a single-page summary of these charges in the prosecutor’s office.
“What I saw was so powerful, it caused me to write the judge and ask if that’s what they have, why hasn’t there been a motion to dismiss?” Carman told The New York Times. In January, prosecutors dropped the case, citing a “holistic” assessment of the evidence and “additional information bearing on the charges.”
Now Angwang is asking an administrative court to let him keep his job as a New York City police officer. If he loses his job, Angwang will have to seek another job with a resume and a reputation forever under the shadow of secret evidence. “It creates a cloud of mystery,” Carman said. “You only have to assume that this guy did stuff that was bad for the country. Which is an inference that’s easily drawn, but in this case should not have been drawn.”
And should a defendant like Angwang, who escapes the crosshairs of secret evidence, sue the government for compensation, the state secrets privilege will ensure that he cannot win. The evidence against the government, you see, must remain secret. The defamatory effect, however, lives on.
Is there really a good justification – the protection of sources and methods – for withholding so much of a secret case? Can the government at least issue a note of exoneration for Angwang and others when secret charges are dropped?
Intelligence Community Myth: “The government is neither intentionally nor inadvertently targeting Americans for surveillance through Section 702.”
Fact: This assertion is in a Wall Street Journal op-ed on Thursday by Richard E. DiZinno and Beth A. Williams – the two dissenters from the recent critical report on Section 702 from the Privacy and Civil Liberties Oversight Board (PCLOB). This statement by DiZinno and Williams is flatly contradicted by the PCLOB report.
In that report, the government owns up to intentional violations. The report states:
“According to the government, there have been several examples where oversight mechanisms have identified incidents involving improper intent in seeking to circumvent or violate the procedures, related rules, or statutory requirements.”
Two of these violations are from 2022. This is important because the FBI, in announcing its new “accountability” procedures, claimed that there had been no identified instances of intentional non-compliance since 2018.
We know about these four searches because they are egregious, personal misuses of Section 702 data that cannot possibly be explained away. Imagine what can happen when agents can spin serious-sounding but imagined national security justifications to look at Americans’ private data and communications.
PCLOB Chair Ups Ante by Calling for Probable Cause Warrant for U.S. Person Queries
What are the topline takeaways from the report from the Privacy and Civil Liberties Oversight Board (PCLOB) on Section 702 of the Foreign Intelligence Surveillance Act (FISA)?
A majority of board members of this government watchdog panel directly counter the claims of the Biden Administration and the intelligence community that a requirement for the government to seek judicial review of the private communications of Americans would be “operationally unworkable” and lead to extreme danger to national security. The report punctures the FBI’s frequent claims that having the ability to rifle through Americans’ communications without a warrant is essential to national security and protecting the United States from harm.
The PCLOB majority endorses “individualized and particularized judicial review” by the FISA Court before the government can review data of U.S. citizens and legal residents.
PCLOB is coming down firmly on the side of civil liberties organizations that have long argued against intelligence and law enforcement agencies being allowed to have ready access to Americans’ private data and communications, with little judicial oversight.
Internal FBI Procedures Insufficient
The PCLOB majority finds the internal changes by the FBI in its Section 702 procedures to be far less than what is needed to protect Americans from backdoor searches, the practice of using secretly derived information to develop a case. Moreover, these searches are generally useless, as are the FBI’s internal procedures. The report also rejects that broad categories of searches, such as so-called “defensive” searches for potential victims’ information, should be exempted from judicial review.
Amici, Abouts and Unmasking
The report endorses the proposal to require amici – or qualified civil liberties experts to advise the FISA Court whenever proposed investigations touch sensitive cases that implicate basic constitutional rights. The board would narrow the standards by which the government selects targets. And the board would formally restrict “abouts” collection – information in which a target is merely mentioned.
Even the two board members who voted against the report found that “The U.S. Intelligence Community should adopt new rules to protect against the unmasking of U.S. Persons for political purposes.”
The Chair’s Call for a Warrant Requirement
Chair Sharon Bradford Franklin (see p. 226) writes that a “search through Section 702 communications data seeking information about a particular American constitutes a search under the Fourth Amendment, and current query standards are insufficient to meet constitutional requirements.”
Chair Franklin notes that the FBI routinely runs searches of U.S. persons at a preliminary stages of an inquiry. The FBI “asserted that it could not meet a probable cause standard for such queries conducted at these early stages.” Nor could the FBI identify, outside the categories of “victim” or “defensive” queries, “a single criminal prosecution that relied on evidence identified through a U.S. person query.”
Chair Franklin raises the ante on PCLOB’s recommendation that a FISA Court provide judicial review for U.S. person queries.
“But I believe that Congress should also require a probable cause standard for FBI’s U.S. person queries conducted at least in part to seek evidence of a crime in order to fully protect Americans’ privacy and civil liberties.”
Franklin writes that this is the only way to ensure such queries fully comply with the Fourth Amendment, while being consistent with criminal law in other contexts. She would explicitly adopt the standards of Carpenter v. United States (2018), in which the U.S. Supreme Court held that the police don’t need a warrant to seize a cellphone but do need a warrant to search the contents of that cellphone, which contain “the privacies of life.” She analogizes this case to the “seizure” of the incidental collection of Americans’ information under Section 702, and the need to have a warrant to search it.
Chair Franklin’s conclusions, and the PCLOB’s full list of 19 recommendations, are included in the executive summary of its report.
Today, the Privacy and Civil Liberties Oversight Board (PCLOB) issued its long-awaited report on Section 702 of the Foreign Intelligence Surveillance Act. The report, endorsed by a majority of the Board’s members, sheds new light on abuses over the past few years, revealing that, “[i]n the reporting period covering November 2020 to December 2021, non-compliant queries related to civil unrest numbered in the tens of thousands.”
The report includes recommendations that Congress enact robust reforms as part of any reauthorization of Section 702. Among other reforms, it urges Congress to (1) require the government to obtain individualized judicial approval to access communications retrieved through U.S. person queries (commonly known as “backdoor searches”), with exceptions for consent and exigent circumstances; (2) codify President Biden’s executive order specifying the legitimate objectives of surveillance; (3) improve the workings of the FISA Court, including by strengthening the role of amici; (4) prohibit the government from re-starting “abouts” collection; and (5) impose a deadline for declassifying significant FISA Court opinions.
Privacy, civil rights, and civil liberties groups issued the following statement responding to the report:
“The message of the Board’s report is clear: individualized judicial review of U.S. person queries is critical to protect Americans’ rights and prevent further abuses. The report flatly rejects the government’s self-serving claim that individualized judicial review is unworkable. It also rejects the baseless notion that broad categories of these searches, such as searches for foreign intelligence or so-called ‘defensive’ searches for potential victims’ information, should be exempted from this requirement. And it rejects the fallacy that the FBI’s tweaks to its internal procedures are sufficient to address the acute risks posed by backdoor searches.
“Three members of the Board stated that they would support a probable cause standard for U.S. person queries in any criminal investigation, including those related to foreign intelligence. In her statement, the Chair of the Board compellingly explained why the full ‘probable cause’ standard is required by the Fourth Amendment and necessary to safeguard Americans’ privacy. We believe the same logic supports a requirement for a probable cause order for any U.S. person query.
“We note that the Board limited its inquiry and its recommendations to Section 702. It did not address many of the other issues that are very much part of the current debate, including the government’s use of data brokers to circumvent legal protections for Americans’ privacy and the use of overseas surveillance to collect Americans’ information without statutory authority or judicial oversight. Congress, however, must address these issues. If it limits itself to reforms of Section 702, the government will simply continue its warrantless surveillance of Americans using these other methods.”
More than thirty organizations from across the political spectrum have called for a range of reforms as a precondition for any reauthorization of Section 702. Those reforms include:
Statement above attributable to the following organizations:
Intelligence Community MYTH: We need to reauthorize Section 702 of the Foreign Intelligence Surveillance Act – just as it is now – in order to counter the carnage caused by fentanyl trafficking.
FACT: The government hasn’t cited a single instance in which warrantless searches of Americans’ communications proved useful in combating the fentanyl trade.
None of the proposed surveillance reforms involving Americans’ privacy, such as a warrant requirement, would stop the intelligence community from using Section 702 to locate foreign fentanyl labs, whether in China or Mexico, and tracking the cartels that smuggle it.
And if an American does become a suspect in this trafficking, the government can and should seek a probable cause warrant, as is routinely done in other domestic law enforcement cases. We do not need to sacrifice our constitutional rights in order to fight fentanyl trafficking.
Intelligence Community MYTH: To talk about anything other than Section 702 during the reauthorization debate is a distraction.
FACT: Section 702 is only one of many ways the government collects and searches through Americans’ private communications and data without a warrant. If we do not close all the loopholes that allow for illicit surveillance, then the government will seamlessly shift over to alternate ways of watching our every action, move, and utterance.
One of the most dangerous forms of lawless surveillance is the widespread practice of government agencies buying up Americans’ sensitive digital communications, geolocation histories, and other private information from third-party data brokers.
Federal agencies from the IRS, to DHS, FBI, DEA and DoD routinely purchase and access data of American consumers scraped from apps and social media to review our online search histories, location histories, and communications from texts to phone calls and emails. The government, for example, has purchased data from religious apps and dating apps. Government attorneys assert that this is lawful because the Fourth Amendment forbids “seizures” of our papers and effects, when in fact they are merely buying it.
This sophistry must be countered. We should extend a warrant requirement to data purchases under Section 702 to keep the intelligence community from shifting to a reliance on purchased data or some other authority largely unconstrained by judicial and Congressional oversight.
The government also surveils American citizens through Executive Order 12333 – not a law, just an assertion of authority by the executive branch – with very little (if any) oversight from Congress. Former Sen. Richard Burr (R-NC), a noted champion of the intelligence community, said on the Senate floor in 2020 that 12333 authority allows “the president to do all of this, without Congress’s permission, without guardrails.”
The Section 702 reauthorization is our best opportunity to rein in these and other forms of warrantless surveillance. It is imperative that Congress act on this opportunity. If legislative reforms are narrowly limited to Section 702, the Administration will simply rely more heavily on these loopholes to continue its lawless surveillance of Americans.
Congress intended Section 702 of the Foreign Intelligence Surveillance Act (FISA) to give U.S. intelligence agencies the authority to collect intelligence from foreigners located abroad.
For fifteen years, however, federal agencies have exploited Section 702 and other surveillance programs to conduct warrantless surveillance on millions of Americans. The numbers are staggering: In 2021 the FBI conducted 3.4 million warrantless searches of Americans’ communications obtained under Section 702. Even after an effort to shape up for the reauthorization debate, in 2022 the FBI still conducted more than 200,000 such warrantless searches.
Now former intelligence community officials are waging a media campaign to scare Congress into submitting to a “clean” or mildly revised reauthorization of Section 702.
Predictably, they are resorting to scare tactics to get their clean reauthorization. Rep. Andy Biggs, Chairman of the House Judiciary Subcommittee on Crime and Federal Government Surveillance, earlier this year warned:
“The FBI and federal intelligence agencies use scare tactics to convince Congress that these unchecked powers are the only method available to protect our nation from harm. Well, every American should be scared to know federal agents are spying on them, even if they have nothing to hide.”
Below is the first of our “Myths vs. Facts” responses from PPSA to fables being foisted by advocates of the intelligence community.
Intelligence Community MYTH: A warrant requirement to search for Americans’ private data and communications in the Section 702 database would be “drastic and unwarranted,” putting the American homeland at risk. Congress must not let Section 702 expire.
FACT: We can protect national security and have a foreign surveillance authority that respects the constitutional rights of American citizens.
A warrant requirement is by definition not a proposal to let Section 702 expire at the end of this year. Indeed, Section 702 expiration can only happen if surveillance hawks fail to agree to significant reform. They cannot play a game of chicken and then act like Chicken Littles. If national security is being risked by the expiration of Section 702, then it will be the champions of the intelligence community who will cause it to happen.
The specific intelligence community argument against warrants when Americans are surveilled makes no sense. The stated purpose of Section 702 is to conduct surveillance of foreign targets outside the United States. The government’s own Section 702 success stories all involve obtaining critical intelligence about plots by hostile foreign actors. It is wrong and patently absurd to sidestep Americans’ constitutional rights and warrantlessly surveil our own citizens in the name of foreign surveillance.
Reform proposals, such as a warrant requirement for the surveillance of Americans’ communications, are not radical proposals. It is the ongoing mass surveillance of Americans who’ve done nothing remotely suspicious by our own government that is radical.
Your phone, like your dog, knows all about you. But your dog will never tell. Your smartphone does, all day long, producing data that the federal government can buy and access without a warrant.
The same, increasingly, is true of your car. It knows where you go, and for how long. For example, Tesla has internal cameras, and according to Elon Musk biographer, Walter Isaacson, that CEO wanted them to record drivers to defend the company against lawsuits in the event of an accident.
As your car integrates with your smartphone, the automobile becomes just another digital device that tracks your every move. A contemporary car can accumulate 4,000 gigabytes of data every day. Our cars’ entertainment and communications systems track our address books, call logs and what we listen to. Systems made to monitor performance can report our weight, as well as where we’ve driven, and if we’ve driven there alone or with someone else.
But at least your dog in the backseat still won’t rat you out.
This is just one more way digital technology is narrowing the bounds of privacy to, essentially, floatation tanks. The good news is that lawmakers in the Bay State are reacting to defend the privacy of their constituents. Two bills, one introduced in the Massachusetts House and one in the Senate, would limit collected data, set rules for the security of that data, and require it to be purged after it becomes irrelevant. Moreover, data collection would require the consent of the owner.
Jalopnik.com reports that privacy advocates, however, are finding loopholes in the law “wide enough to drive a Nissan through.” Whatever the strength of these bills, Protect The 1st commends Massachusetts lawmakers for thinking around the technological curve while that very technology hurtles us ever faster, ever forward.
As with AI, a sense of urgency for predictive rulemaking is in order. There was a time when talking cars were a staple of science fiction. Now our cars tell us where to go and when to turn – and sometimes won’t shut up. What our cars will do next we may not be able to quite imagine.
Massachusetts has started a debate that needs to go national and in high gear.
An Example of American Techno-Masochism
PPSA works hard to counter growing government surveillance. This generally means surveillance by U.S. federal agencies – such as FISA’s Section 702 authority passed by Congress for foreign surveillance but used to spy on Americans. We also scrutinize expanding surveillance by state and local police, including cell-site simulators that trick your smartphone into giving up your location and other information, and ubiquitous facial recognition software that can follow you around.
But our concerns about government surveillance don’t end with just our government.
We are increasingly concerned about the regular and sometimes pervasive surveillance of Americans by the People’s Republic of China, most recently the potential for Beijing to use TikTok as a way to track 80 million Americans.
Now, thanks to an investigative piece in The Free Press, we’ve learned that China is also looking to surveil Americans through an increasingly common technology in American cars – LIDAR, or Light Detection and Ranging. This is the system that allows self-driving and semiautonomous cars to track the traffic around them. LIDAR is also, The Free Press reports, “a mapping technology, an aid to the growing number of smart cities, a tool for robotics, farming, meteorology, you name it.”
Who is the dominant manufacturer and seller of LIDAR technology in the United States? It is Hesai, a Chinese company that sells nearly one out of every two LIDAR systems globally. In sales, it far outsells all of its American competitors together.
China is relying on an old playbook to dominate the U.S. and world markets in LIDAR. The Free Press reports that Hesai does this by offering a solid product, but one backed by Chinese subsidies to sell at below price. Why would they do that?
An explanation comes from Sen. Ted Budd (R-NC), who fired off a letter earlier this summer to the Assistant Secretary of Defense for Industrial Base Policy.
“[I]t is my understanding that the Chinese LIDAR companies are working with the Chinese Government and the People’s Liberation Army (PLA) to improve this technology and leverage it for Chinese military applications. Simultaneously, these companies have been flooding the U.S. market with low-cost, heavily subsidized Chinese LIDAR, potentially enabling the Chinese to collect a trove of valuable information …
“Moreover, the Chinese Government is using LIDAR sensors to conduct police surveillance in the Xinjiang Uyghur Autonomous Region, where evidence suggests China is engaged in ongoing genocide of the Uyghur people.”
Given that Chinese law enforces a “military-civil fusion” strategy on Chinese businesses, requiring every Chinese organization and citizen to “support, assist, and cooperate with the state intelligence work,” why on earth would we allow that same government to be able to spy on every American in every near-future car?
It is one thing to be forced into the position of the Uyghurs. It is quite something else for the United States to willingly submit to techno-masochism.
The Fourth Amendment of the U.S. Constitution protects Americans against “unreasonable” searches and seizures. But what is unreasonable? Is a low-flying drone taking photos of you and your property behind a privacy fence reasonable?
In October, the Michigan Supreme Court will hear oral arguments in what could well become a landmark privacy case. The outcome may help determine the national limits of drone surveillance – and perhaps influence the limits of government surveillance – for all Americans.
The facts are pretty simple. Todd and Heather Maxon of Long Lake Township in Michigan live on a five-acre estate, where Todd likes to repair old cars.
In 2008, the Township government charged the Maxons with operating an illegal junkyard. The couple and the Township reached a settlement. In 2018, the Township received tips that the Maxons had violated their settlement by bringing more cars onto their property, even though such vehicles were not visible from the street. So the Township hired a private drone operator to fly a high-resolution camera over the Maxon property to take images.
The Maxons sued, claiming that their Fourth Amendment rights were violated. A lower court agreed with the government but was overturned in 2021 by the Michigan Court of Appeals. That court ordered that the drone photos be suppressed.
At the heart of this case is the “reasonable expectation of privacy” articulated by Supreme Court Justice John Marshall Harlan II in Katz v. United States (1967). But technology keeps testing what is a reasonable expectation of privacy. The Supreme Court has zigged and zagged along the way, once upholding a wiretap to be permissible because it occurred at the telephone pole and did not require a physical intrusion into the home.
Katz overturned that standard, invalidating an FBI wiretap of a public payphone, where the caller (a sports bookie) had a reasonable expectation that he would not be overheard. “The Fourth Amendment protects people, not places,” Justice Potter Steward declared in the Court’s majority opinion. But the Court returned somewhat to the physical intrusion standard – invalidating thermal imaging by police from the street that penetrated inside a target’s home in Kyllo v. United States (2001).
The Cato Institute and Rutherford Institute, in an amicus brief, noted the problem with the physical intrusion standard: “At present, police are free to go through people’s garbage, look into their barn with a flashlight, and read through their bank records without going through the hassle of first securing a warrant.” We now live in an age of ubiquitous digital intrusion with government purchases of our private data, as well as optical intrusion from drones and other aerial surveillance.
In other words, the current privacy standard is a jumbled mess. That is why the Maxon case is potentially so important. At its simplest, it will determine if drones – an increasingly ubiquitous reality in American life – will be freely used to spy on Americans in their backyards (as the New York City Police recently did over backyard barbecues during Labor Day).
But we think the Maxon case may prove to be pivotal in defining – perhaps, eventually, by the U.S. Supreme Court – what privacy and reasonableness mean in an era of drones, facial recognition software, and artificial intelligence.
For years PPSA has documented the increasing disposition of federal intelligence and law enforcement agencies to use the ever-expanding Glomar response – a “cannot confirm or deny” answer once reserved for the nation’s most closely guarded secrets – as a blanket response to any meddlesome Freedom of Information Act (FOIA) requests.
We should not overlook, however, another handy tool for FOIA avoidance, and that is to release the requested document but redact many or all of its meaningful parts. Now the Department of Justice Office of the General Counsel has perfected this technique, taking it to its logical end.
It began in 2020 when PPSA joined with Demand Progress to file a FOIA request. Our request concerned surveillance that may be taking place under no statute, but instead under a self-professed authority of the executive branch known as Executive Order 12333. The reply from the FBI is, in its own way, telling.
In the DOJ response, a certain Mr. or Ms. BLANK who holds the title of BLANK in the Office of the General Counsel returned with 40 pages of responsive documents. Thirty-nine pages are redacted in their entirety, as is the 40th page, with the redacted name of the signator and his/her redacted title, but with one, unredacted statement:
Hope that’s helpful.
There’s honestly no other way to take this than the Department of Justice shooting a middle finger at the very idea of a FOIA request, an exercise of the Freedom of Information Act, passed by Congress and signed into law by President Lyndon Johnson. This is a shame because the subject of this request is an important one.
Demand Progress and PPSA based our FOIA request on a July 2020 letter from now-retired Sen. Patrick Leahy (D-VT) and current Sen. Mike Lee (R-UT) to then-Attorney General William Barr and then-Director of National Intelligence John Ratcliffe. The two senators noted the expiration of Section 215 of the Foreign Intelligence Surveillance Act (FISA), commonly known as the “business records” provision of FISA. The intelligence community had vociferously lobbied for the renewal of Section 215 with predictions that allowing its expiration would lead to something akin to the city-destroying scenes in the 1996 movie Independence Day.
Then the Trump Administration called their bluff and allowed this authority to expire. The response from the intelligence community? Crickets.
The sudden complacency of the intelligence community struck many as suspicious. Were federal intelligence and law enforcement agencies shifting their surveillance to another authority? Sens. Leahy and Lee seemed to think so. They wrote:
“At times the executive branch has tenuously relied on Executive Order 12333, issued in 1981, to conduct surveillance operations wholly independent of any statutory authorization … This would constitute a system of surveillance with no congressional oversight potentially resulting in programmatic Fourth Amendment violations at tremendous scale … We strongly believe that such reliance on Executive Order 12333 would be plainly illegal.”
This July 2020 letter, with a detailed series of penetrating questions about the practice and scope of 12333 surveillance, was issued by two powerful and respected members of the United States Senate … And it hit the walls of the Department of Justice and the Office of the Director of National Intelligence with all the full force of wet spaghetti. As with so many other congressional requests, this letter was not answered in any substantive way.
So Demand Progress joined with PPSA in October 2020, in an effort to use the law to compel an answer, this time as a formal FOIA request. We leveraged that law to request responsive documents that would reveal how the agencies might be repurposing EO 12333 to pick up the slack from the expired 215 authority, in order to spy on persons inside the United States.
And this is the answer we get. It can only be taken, in a general way, as confirmation that Executive Order 12333 is, in fact, being relied upon for the surveillance of people in the United States. This is one more reason why Congress should use the reauthorization of Section 702 to seek broad surveillance reform, including significant guardrails on Executive Order 12333. With mounting evidence of abuses of Americans’ civil rights, a powerful coalition of leading conservatives and liberals in Congress is building steam to do just that.
Hope that’s helpful.
"The government should do all it can to combat the illegal trafficking of dangerous drugs. But those efforts should not - and need not - come at the expense of Americans’ constitutional rights," writes Noah Chauvin in The Hill.
Noah is a counsel in the Liberty and National Security Program at the Brennan Center for Justice at NYU Law in The Hill.
Montana governor Greg Gianforte recently signed into law SB 351, the Genetic Information Privacy Act. It’s the latest in Montana’s concerted effort to protect its citizens’ privacy interests in the face of evolving threats from emerging technologies.
Montana was in the vanguard of digital privacy protection in 2013 when it passed HB 603, requiring judicial authorization before law enforcement is permitted to access location data. This was a full five years before Carpenter v. United States, in which the U.S. Supreme Court recognized that warrantless access to such information violates the Fourth Amendment.
Since that time, Montana’s has passed into law:
(Hat tip to Jennifer Lynch of the Electronic Frontier Foundation for a good breakdown of this decade-long trajectory.)
Montana also passed a 2021 constitutional amendment with sweeping support that added electronic data and communications to the state’s search and seizure protections. (Montana’s recent ban on TikTok resulted in some privacy benefits but significantly more consternation from some in the media.)
To date, Washington has failed to pass much in the way of meaningful digital privacy legislation (or genetic privacy legislation outside of a non-discrimination bill in 2008 and piecemeal HIPAA protections). The United States has a number of older information privacy laws related to specific sectors such as health care and finance, and they’ve been used to prevent certain harms. In short, the federal government broadly allows the collection of personal data, then subsequently regulates certain industries that use that data. It’s a reactive – rather than proactive – way to address a growing threat to privacy.
As a result, individual states are stepping in to act on privacy in the digital age. It’s encouraging to see a bipartisan array of state legislatures do so: California, Connecticut, Colorado, Indiana, Iowa, Montana, Tennessee, Virginia, and Utah have already passed or enacted comprehensive data privacy laws.
As for genetic privacy, other states should consider following Montana’s lead. As digitization of medical records becomes standardized and genetic sequencing becomes easier, authorities and private actors have ever more avenues for accessing your information. Whether it’s warrantless law enforcement searches of DNA databases, use of medical information by private companies for employment and insurance purposes or even the private patenting of human genes – the threats are manifold – and scary.
Our (cowboy) hats are off to Montana for its forward-thinking efforts to safeguard our rights in the face of rapidly advancing technology.
Our bipartisan coalition is prompting former intelligence agency officials to carry the Biden administration's water by lobbying hard to kill Section 702 reform. Our Senior Policy Advisor and former U.S. Congressman, Bob Goodlatte, and Americans for Prosperity's deputy director of Federal Government Affairs, Matthew Silver, cut through the spin in RealClearPolitics.
1.3 Million IC Security Clearances – But House Only Trusted With a Few?
Mark Davis, PPSA’s Director of Policy, recently spoke to a group of Legislative Directors for Members of the U.S. House of Representatives about the intelligence community’s opposition to House oversight of its activities.
Davis discussed the need to enhance Congressional oversight. The number of staffers with security clearance sufficient to help their Members review the operations of the intelligence community is sharply limited. Most House offices cannot have a staffer who obtains “top secret” and “sensitive compartmented information,” or TS/SCI clearance. Davis discussed proposals to allow every Member of the House to advance one staff member for such clearance, subject to passing a background check.
Davis told the Legislative Directors:
“The reform of Section 702 must ensure that Congress itself has the tools to conduct necessary oversight of surveillance agencies—including sufficiently cleared staff for each Member. There are about 1.3 million intelligence community employees and consultants with top-secret clearance. It is insulting to hold, as the intelligence community does, that it would be dangerous to add a few hundred more on Capitol Hill.”