​When your identity is confirmed by a string of numbers in a computer, are you still yourself if the algorithm determines you (the person) are not you (the digital ID)?

One state, Utah, is leading the nation in answering this question with policies that safeguard humans, while Washington, D.C. is heading down the path of reducing humans to algorithms.
Consider ACLU’s Jay Stanley, who praised Utah for its “State-Endorsed Digital Identity” (SEDI), the state’s new framework for digital ID systems. In an approach that should be the norm rather than the notable exception, the Beehive State puts privacy first.

Utah begins with the conviction that identity “is not something bestowed by the state, but that inherently belongs to the individual; the state merely ‘endorses’ a person’s ID.” In other words, our identities belong to us. We are born with them. We own them. With that realization comes new-found respect for privacy and other forms of personal freedom. 

This view of identity stands in sharp contrast to the definition Stanley found in the data-driven world of federal law enforcement. With the feds, identity is becoming something only the state can grant, defaulting to incomplete or faulty digital verification of citizenship.

To be clear, both Utah’s SEDI platform and the federal approach utilize digital ID systems, but one is a case study in digital due diligence while the other illustrates the dangers of slapdash digital recklessness. The federal system is based on incomplete databases, poorly designed architecture, evolving (meaning, far from perfect) technology, and an utter disregard for the constitutional rights of individuals.

Utah’s approach differs from the federal approach in very important ways:
​

1. Being “user-centric” to ensure that government identification systems are used to empower individuals, not control them.
2. Being free from surveillance, visibility, tracking, or monitoring by any entity – including private companies and unauthorized government agencies and staff – other than the party that is solely authorized to check the ID.  
3. Making factors like security, completeness, and accuracy a top priority, in contrast to the unreliability of the facial recognition technology that underlies many of today’s digital verification systems.
4. Enforcing a user’s “right to paper” (or plastic), including continued and unfettered access to essential government services, even when using only non-digital, physical ID methods.  
5. Adhering strictly to constitutional rights, particularly Fourth Amendment protections against warrantless searches and dragnet-style fishing expeditions conducted without probable cause.

Stanley goes on to quote the Ranking Member of the House Homeland Security Committee, who reports that an app (called Mobile Fortify) used by Immigration and Customs Enforcement (ICE) now constitutes “definitive” determination of a person’s status “and that an ICE officer may ignore evidence of American citizenship – including a birth certificate.”

That’s bad enough on its own of course, but along the way, the government now sweeps up Americans’ biometric identifiers en masse. The databases Mobile Fortify accesses contain not only our photographs but enough records to constitute a permanent digital dossier.

Congress did not get to review, much less approve, any of this. The American people never voted on it. In fact, the whole thing leaves us wondering what happened to the Privacy Act, signed into law by President Ford in 1974. It has been described as “the American Bill of Rights on data.”  

By declaring that identity is solely digital, determined by stealthy algorithms and policies, and deniable to those whose data is non-existent, incomplete or inaccurate, the federal standard – in sharp contrast to Utah’s – subverts 250 years of traditional, constitutional practice. Remember: Our founders built the world’s most vibrant democracy on pieces of parchment copied by hand.

In any truly free society, identities are personal possessions (to help secure individual rights and facilitate their voluntary participation in society). Identities bestowed by the state ultimately serve only the state.

That we even need to ponder the nature of identity reveals the absurdity of these abuses our personhood and privacy. Nevertheless, here we are. Without transparent conversations and healthy debate, we face a future in which we are whomever the state says we are, made of malleable 0s and 1s, with nothing grounded in the physical world.
​
It's a discussion that, as of now, Utah alone seems committed to having.

​Those who live by surveillance cry by surveillance.
 
We wonder how many times politicians on both sides of the aisle will have to get slammed by the very government spying practices they’ve supported before this lesson sinks in.
 
Case in point: Rep. Eric Swalwell (D-CA). Last week, he filed a lawsuit against Bill Pulte, President Trump’s director of the Federal Housing Finance Agency, for accessing and leaking private mortgage records in retaliation for political speech.
 
Pulte has issued criminal referrals to the Department of Justice (DOJ) against Swalwell, New York Attorney General Letitia James, Sen. Adam Schiff (D-CA), and Federal Reserve Governor Lisa Cook on the basis of alleged mortgage fraud. A federal judge dismissed the charges against James, while President Trump used the allegation against Cook to fire her from the Federal Reserve Board (she remains in her job while the Supreme Court reviews the case).
 
Rep. Swalwell’s lawsuit makes an important point:
 
“Pulte’s brazen practice of obtaining confidential mortgage records from Fannie Mae and/or Freddie Mac and then using them as a basis for referring individual homeowners to DOJ for prosecution is unprecedented and unlawful.”
 
We cannot think of any prior use of private mortgage applications to harass political opponents (at least one of them, James, is arguably guilty of using lawfare herself to harass Donald Trump).
 
Pulte’s actions appear to be a flagrant violation of the Privacy Act of 1974, which governs how the government can and cannot handle Americans’ private information. The law, as Swalwell notes, “explicitly forbids federal agencies from disclosing – or even transmitting to other agencies – sensitive information about any individual for any purpose not explicitly authorized by law.”
 
Congress passed the Privacy Act to prevent the creation of a federal database that would create comprehensive dossiers on every American, something we’ve warned is now being attempted. The law specifically forbids agencies from freely sharing Americans’ confidential data gathered for one purpose (such as IRS tax collection), for another purpose (an FBI investigation). Agencies must issue written request justifying any such information sharing.
 
Pulte is anything but transparent.
 
“I’m not going to explain our sources and methods, where we get tips from, who are whistleblowers,” Pulte told the media. This mindset is in keeping with the corrupting spread of the best practices of the intelligence-surveillance state playbook. Today, it is the federal housing agency. We shouldn’t be surprised if tomorrow such “sources and methods” thinking trickles down to federal poultry inspections.
 
Meanwhile, we remain dry-eyed over Rep. Swalwell’s plight.
 
As a member of the House Judiciary Committee, Swalwell argued against – and voted against – the Protect Liberty and End Warrantless Surveillance Act. This bill would have reformed Section 702 of the Foreign Intelligence Surveillance Act by requiring a warrant before the government could access U.S. citizens’ data collected through programs enacted to surveil foreign threats on foreign soil.
 
The Protect Liberty Act would have ended the government practice of using a foreign database to conduct “backdoor searches” on Americans… not unlike, say, a regulatory agency pulling a political opponent’s private mortgage application. The principle of mutually assured payback is something to keep in mind when lawmakers again debate the provisions of Section 702 in April.

Imagine being targeted for surveillance because of your race – not with facial recognition or government inspection of your personal digital data, but through your electric meter. If you lived in parts of Sacramento, this is exactly what happened, as a decade-long scheme quietly bled Americans’ privacy one kilowatt hour at a time.

Sacramento’s Municipal Utility District (SMUD) and local police zeroed in on Asian-American customers, flagging those deemed to be using “too much” electricity. Many were assumed to be growing marijuana illegally – and police eagerly requested bulk data on entire ZIP codes to feed their suspicions.

The Electronic Frontier Foundation in July joined the Asian American Liberation Network to ask the Sacramento County Superior Court to end the local utility district’s illegal dragnet surveillance program. Last week, the court agreed, finding that routine, ZIP-code-wide data dumps had nothing to do with “an ongoing investigation.”

The court wrote:

“The process of making regular requests for all customer information in numerous city ZIP codes, in the hopes of identifying evidence that could possibly be evidence of illegal activity, without any report or other evidence to suggest that such a crime may have occurred, is not an ongoing investigation.”

The response from EFF was even sharper:

“Investigations happen when police try to solve particular crimes and identify particular suspects. The dragnet that turned all 650,000 SMUD customers into suspects was not an investigation.”

The court recognized the obvious danger – dragnets turn vast numbers of innocent citizens and entire communities into suspects.

Still, it wasn’t a clean sweep. The court stopped short of ruling that SMUD’s practice violated the “seizure and search” clause in California’s Constitution.
​
But even a qualified victory is still a victory. We are reminded that privacy wins do happen – one dragged-into-the-sunlight surveillance program at a time. This win is something to be thankful for as we count our blessings this week.

Enraged by The Marion County Record’s reporting on a public document about a restaurateur’s DUI, officers of the Marion, Kansas, police department and the local sheriff’s department raided the newspaper, and seized its computers, servers, and cellphones. Editor Eric Meyer had his home raided while his 98-year-old mother Joan – a former editor – watched the police ransack her home in great distress.
 
Joan Meyer died the next day.
 
Marion County has now agreed to pay a total of $3 million to the victims of this raid in 2023 and to Joan Meyer’s estate. The Marion County Sheriff’s Office, for its part in the raid, issued an apology as well as a check:
 
“This likely would not have happened if established law had been reviewed and applied prior to the execution of the warrants.”

The Freedom of the Press Foundation responded by saying:
 
“The First and Fourth Amendments strongly protect against searches of journalists and newsrooms.
 
“Under the Fourth Amendment, a search warrant must be supported by probable cause, which means a likelihood that contraband or evidence of a crime will be found at a particular place. The government must also specify the place to be searched and the thing to be seized.
 
“When a search warrant targets materials protected by the First Amendment – like notes, recordings, drafts, and materials used or created by journalists – the Fourth Amendment’s requirements must be scrupulously followed, the Supreme Court has said.
 
“This means that judges must be extra strict in applying the Fourth Amendment’s requirements when a search impacts First Amendment rights, which it will any time it involves a journalist or newsroom. What judges should never do is allow overly broad searches where police rifle through journalists’ desks and computer files willy-nilly in the hopes of turning up something ‘incriminating.’”
 
The Freedom of the Press Foundation also noted that Kansas, like most states, has a press shield law that would have required a court hearing before law enforcement could rifle through journalists’ confidential sources. The federal Privacy Protection Act of 1980 requires law enforcement to obtain a subpoena, not just a warrant, thereby giving The Record an additional opportunity to challenge the demand in court.
 
The Freedom of the Press Foundation concluded:
 
“Journalists also have a right to publish information given to them by a source, even if the source obtained it illegally, as long as the journalist didn’t participate in the illegality. That means that if a source gives a journalist a document or recording that the source stole, the journalist can’t be punished for publishing it.
 
“Because these things are not crimes, it also means that accessing publicly available information or publishing information that a source illegally obtained can’t be the basis for a raid on a newsroom or search of a journalist’s materials.
 
“Next time, think before you raid.”

Another in a long line of privacy-busting apps is making headlines. Anthony Kimery of Biometric Update reports that Immigration and Customs Enforcement (ICE) has an app that allows an officer to photograph a license plate, run it through commercial platforms and “instantly retrieve a vehicle’s historical sightings.”

The data that can be called up includes a vehicle’s “travel history, ownership records, and associated personal data.” In other words, portfolio building. In the old days, the feds mostly kept extensive files on criminals, suspects, and witnesses. Now merely driving a vehicle is reason enough to assemble a dossier that includes almost everything there is to know about someone.

The tech is powered by Motorola and Thomson Reuters among others. Privacy advocates have previously called out Motorola for license-plate privacy breaches. A 2022 Georgetown University report identified this firm as a go-to seller for agencies in search of consumer data, including utility records and driver’s license information. In 2019, Vice reported that the company’s contracts with ICE were lucrative, which perhaps is why “The Answer Company” wouldn’t respond with details about those dealings when Privacy International pressed for details in 2018. 

With this latest reporting, Kimery makes clear that ICE has found the perfect partners in its quest to build a national surveillance infrastructure:

“The scale is enormous. With billions of detections stored in Motorola’s network and deep identity datasets flowing from Thomson Reuters, the mobile app gives ICE a level of situational awareness that previously required specialized investigative teams and large analytic centers.”

The newly invigorated shift toward a national scale is an ominous one. Whereas agencies like ICE previously focused on border regions, ABC News notes:

“Border Patrol has built a surveillance system stretching into the country’s interior that can monitor ordinary Americans’ daily actions and connections for anomalies instead of simply targeting wanted suspects. Started about a decade ago to fight illegal border-related activities and the trafficking of both drugs and people, it has expanded over the past five years.”

Thomson Reuters previously got into trouble for selling personal data, a fact that the City of Denver recalled this summer when it put the brakes on an extension of its police contract with the company. Thoughtful objections by municipalities like Denver are admirable. But without robust constitutional guardrails installed by Congress and the states, there's no stopping invasive juggernauts like this one. As we concluded the last time we shared news about Motorola’s involvement in license plate surveillance:

“The need for lawmakers in Congress and the state capitals to set guardrails on these integrating technologies is growing more urgent by the day. Perhaps the best solution to many of these 21st century problems is to be found in a bit of 18th century software – the founders’ warrant requirement in the Fourth Amendment to the Constitution.”

​Today, the House Judiciary Committee did something too rare in Washington – it unanimously passed a meaningful privacy reform. By voice vote, Republicans and Democrats joined together to approve the Non-Disclosure Order (NDO) Fairness Act, a bill that reins in one of the most abused secrecy powers in federal law.

Credit for this privacy victory goes to Rep. Scott Fitzgerald (R-WI) and Rep. Jerry Nadler (D-NY), as well as Chairman Jim Jordan (R-OH) and Ranking Member Jamie Raskin (D-MD). Their leadership moved this bill out of committee. It is now up to the full House to pass this measure and send it to the Senate.

The bill’s reform is sorely needed. Under current law, prosecutors can secretly dig through your phone records, emails, and other data – and then slap your telecom provider with a gag order forbidding it from ever telling you that your privacy has been violated. These nondisclosure orders can last indefinitely, leaving Americans in the dark that someone has sifted through their personal communications.

The NDO Fairness Act changes that.

It puts reasonable limits on gag orders, and forces prosecutors to justify any extension. It also requires courts to explain in writing why continued secrecy is necessary – whether to protect an investigation, safeguard a vulnerable person, or address a real national security concern. The NDO Fairness Act makes sunlight the default, not the exception.

The House has, of course, passed the NDO Fairness Act before, only to watch it stall in the Senate. But the politics are shifting.

Senators are furious after learning that Special Counsel Jack Smith secretly subpoenaed the communications of eight senators. They were justifiably upset, but their response was misguided. The Senate quietly added a provision to the recent short-term funding bill giving senators the exclusive right to sue the federal government for up to $500,000 for privacy violations.

Americans don’t need a special carveout for elected officials. They need a law that protects everyone.

The NDO Fairness Act does exactly that.
​
It closes a major privacy loophole without hindering legitimate investigations, striking a balance between public safety and the Fourth Amendment rights of all Americans. The House and Senate now have a chance to fix this problem the right way – by advancing a bill that protects the people who sent them to Washington, not just themselves.

​Once upon a time, in Google’s 2004 IPO filing, it aspired to “Don’t Be Evil,” imagining itself a company “that does good things for the world.”

Dateline, November 2025: Various outlets have reported that Google’s app store now includes a version of its Mobile Identify app for Customs and Border Protection. This version is tailored to state and local law enforcement officers who are deputized to work with Immigration and Customs Enforcement (ICE) by using facial recognition to scan people using facial recognition algorithms. If a match is found on federal databases, officials at ICE are notified. And those databases (at least the ones we know of) contain records on more than 270 million people.

Odds are you and your loved ones are in those databases.

The fact that the law enforcement officers who use Mobile Identify are deputized to work alongside ICE is beside the point, as is the fact that ICE has its own, presumably more powerful version of the same app, called Mobile Fortify.

Of far greater concern is that any government agency possesses this ability. It’s easily shared across jurisdictions and Google seems to have no qualms about enabling a tool that could be deployed as a weapon to surveil American citizens at will.

After all, Google’s leaders could’ve just said “no.” But they didn’t, and now an insidious new public-private partnership is afoot. Today, it’s Google and ICE and the issue is immigration enforcement, but don’t expect it to stay that way for long. These kinds of surveillance technologies never stay contained, nor do limitations on who they target. Soon it will be Google and the government – federal, state, county, and local – and the reasons for spying on us could be our religion, political party, ethnicity, affiliation, or – well, you name it.
​
Mobile Identify is just one more reason why Congress must debate how federal agencies are accessing our private information without a warrant. This is something to keep in mind when FISA Section 702, a federal surveillance policy, comes up for reauthorization in April.

​Robert Frommer, a senior attorney with the Institute for Justice, tells the harrowing story of George Retes, a U.S. citizen and Army veteran of the Iraq War, who was stopped in his car during an immigration sweep.

He was on his way to work when he encountered an Immigration and Customs Enforcement (ICE) roadblock. A melee broke out between protesters and ICE agents. Retes’s car was engulfed in tear gas.

The Institute for Justice reports that agents smashed Retes’s car window, dragged him out, and forced him to the ground with knees on his neck and back – even though he was not resisting.

Despite Retes presenting proof of his citizenship, ICE agents detained him for three days without charges, strip-searched him, and forced him to provide DNA samples. He was not allowed to call a lawyer or given a hearing before a judge. Because Reyes was held incommunicado, his family was left to frantically search for him.

Writing in MSN, Frommer explores what happens to the biometric data ICE collected on Reyes.

“In addition to our DNA, the Department of Homeland Security (DHS) has recently and quietly authorized ICE officers to forcibly collect and retain intimate identifiers: our fingerprints and digital images of our faces. Combined with other technologies, the department is creating a general warrant for our persons, the kind of abuse that ignited the American Revolution.

“A DHS document, meant to ensure our privacy, lays out the facts. An app called Mobile Fortify allows ICE and Customs and Border Protection (CBP) officers to photograph and scan anyone they ‘encounter’ in the field, regardless of citizenship or immigration status. If there isn’t a photo match, officers can collect people’s fingerprints, which are then checked against DHS biometric records. Once DHS has that sensitive data, the app feeds it into CBP’s Automated Targeting System – an enormous watch list that merges border records, passport photos and prior ‘encounter’ images. CBP retains every nonmatch photograph for 15 years, meaning that even if you’re an American citizen mistakenly stopped on the street, the government has your biometric records for (almost) a generation.”
​
Congress should investigate and debate this retention of Americans’ biometric records before reauthorizing a single surveillance authority. And PPSA is hopeful that ICE will be forced to explain its unconstitutional detention of George Reyes when it faces his lawsuit under the Federal Torts Claim Act.

​When the narco-dictator of Panama, Manuel Noriega, took refuge in a Vatican diplomatic mission in Panama City after President George H.W. Bush ordered an invasion to topple him in 1989, the U.S. Army hit upon an ingenious, if obnoxious, solution to drive him out the compound and into their arms – Operation Nifty Package. Soldiers blared music at the enclave that included the punk rock interpretation of “I Fought the Law” by the Clash and AC/DC’s percussive “You Shook Me All Night Long.”
 
The songs went on without relief, day and night, until after ten days the sleep-deprived dictator finally turned himself in.
 
Many residents of the Buckhead area of Atlanta can attest to the effectiveness of this form of psychological torture. For two nights, a malfunctioning parking lot security tower at a shuttered Kroger grocery store has been flashing lights, shouting orders and playing music – at decibel levels approaching an air raid siren.
 
That the system is blaring classical music is no comfort. One of its selections is Tchaikovsky’s composition for the ballet, The Sleeping Beauty – an irony not lost on people who haven’t slept in two days.
 
“It’s beautiful when you listen and are looking at a play and it’s on your time,” one man told Atlanta’s 11Alive News. “But when you’re trying to sleep, it’s distracting.”
 
Perhaps you’ve had a taste of this, being startled after emerging from a movie theater late at night when from out of nowhere a flood light turns on. Police lights begin flashing on top of a metal tower. A stentorian voice shouts an order at you: “PLEASE EXIT IMMEDIATELY!”
 
There is a good reason why mobile, parking lot security towers are becoming commonplace in the lots of big box superstores, shopping malls, and grocery stores. These robotic guards keep watch with sensors, fish-eye cameras, see in infrared and regular light, and are equipped with AI to recognize and track human forms. These towers take no bathroom breaks and ask for no pay, but they do watch and record people who might be looking to break into cars, a store, or worse, harm an employee or last-minute shopper as she walks to her car. They can alert a human at a control station, who can call the police.
 
That is a good example of how surveillance can keep us safe. And, on balance, it is a needed public service. But we should also face the music: Surveillance, for good and ill, surrounds us everywhere now. Few people will mourn their lack of privacy in the moment it takes for them to exit a retail outfit to get to their car. But this is also just one more link in the chain of surveillance in which we are being watched inside the store, in the mall, and by license plate readers all the way home.

​When it was recently revealed that Special Counsel Jack Smith used a grand jury subpoena to secretly access the phone records of eight U.S. Senators and one Member of the House, we were outraged.

We quoted Chief Justice John Roberts in Carpenter v. United States (2018) that “this Court has never held that the Government may subpoena third parties for records in which the subject has a reasonable expectation of privacy.”

We’ve also stood fast by the principle that a right is only a right if it has a remedy, which necessarily includes the ability to sue government officials who violate your constitutional rights.

Concerning the spying on Members of Congress, we wrote: “Senators, like everyone else, deserve a reasonable expectation that their phone records are private.”

Why, then, are so many House Republicans and Democrats up in arms about a last-minute provision stuck into the short-term funding bill that President Trump signed on Wednesday night? That provision, now law, allows individual senators to be awarded up to $500,000 in retroactive lawsuits against the government if their data was sought or obtained without them being notified.

Executive branch surveillance of senators is concerning because it directly impacts the independence of the legislative branch, the functioning of democracy, and thus ultimately the rights of us all. But does this have to mean that the rest of us should be treated as chopped liver?

Think about it:
​

• You cannot sue or in any way impede the dozen federal agencies – ranging from the FBI to the IRS and Department of Homeland Security – for purchasing your most sensitive personal digital data and examining it without a warrant.

 

• You cannot sue if the National Security Agency uses the “Make Everyone a Spy” law to ask your gym, office landlord, or church to hand over records of your communications carried by free Wi-Fi systems.

 

• You cannot sue if a federal prosecutor makes a similar intrusion into your phone logs but keeps it secret with a Non-Disclosure Order (NDO).

Only U.S. senators can sue for being improperly surveilled. And the money they can collect now they can stick right into their bank accounts. The Senate in the last Congress refused to join the House in passing the NDO Fairness Act, which would have restricted the government’s currently unlimited ability to issue gag orders to digital and telecom companies to prevent them from telling you that your records have been accessed.

About this last-minute Senate maneuver, Rep. Chip Roy (R-TX) said, “There’s going to be a lot of people, if they look and understand this, are going to see it as self-serving, self-dealing kind of stuff.”

As we approach next year’s reauthorization of FISA Section 702 – a surveillance authority enacted by Congress for foreign surveillance – Congress will have a golden opportunity to debate a number of reforms that can protect the rights of constituents.
​
Remember us?

The Foreign Intelligence Surveillance Court (FISC) and Foreign Intelligence Surveillance Court of Review (FISCR) are anomalies in American law – secret courts. For decades, they issued secret rulings that created novel interpretations of law that the American people were not allowed to know. They remain to this day one-sided courts in which only the government gets to present its case for why it has a valid intelligence reason to spy on people inside the United States.

Little wonder, then, that 99 percent of the government’s requests to spy on “U.S. persons” are granted by FISC. The one provision that allows FISC judges to bring in outside civil liberties experts, or amici, for advice was not used when the court four times permitted the FBI to spy on a presidential campaign and transition. The Department of Justice also failed to inform the court that a rash of applications for surveillance were actually for Members of Congress and staffers who had oversight responsibility for – you guessed it – the Department of Justice.

To bring oversight to this court and to ensure it is not, in fact, a potted plant, Congress in April 2024 passed the Reforming Intelligence and Securing America Act (RISAA). Among RISAA’s provisions was one that allowed select Members of Congress and designated staff to attend and conduct oversight of FISC proceedings.  

Now Senate Judiciary Committee Chairman Chuck Grassley (R-IA) and Ranking Member Dick Durbin (D-IL) have fired off a letter accusing the Department of Justice (DOJ) of derailing this process and curbing oversight.

They write that in the waning days of the Biden administration, DOJ “implemented a policy that requires Members of Congress and their staff to agree to a series of arbitrary and inappropriate procedures before being allowed to attend FISC proceedings, which the Trump Administration has maintained.”

Some of DOJ’s policies and procedures include:

• Prohibiting Members of Congress from sharing information with other Members of Congress and members of their staff;

 

• Restricting Members of Congress from requesting information or documentation from participants of FISC proceedings;

 

• Allowing DOJ staff to remove congressional observers, including Members of Congress, from FISC proceedings at any time and at the sole discretion of DOJ;
• Allowing only a limited number of congressional observers to attend FISC proceedings at any one time;

 

• Prohibiting designated staff from attending the same FISC proceeding as their specified Member of Congress; and

 

• Prohibiting notetaking during proceedings, despite congressional staff’s ability to maintain classified notebooks.

These restrictive rules are idiotic. The objections write themselves.

If Members of Congress cannot talk to anyone else about what they learn – including their staff members who have clearance – what is the point of observing the court proceedings?

Why can’t a Member of Congress and his or her cleared staffer attend together?

Why is the Department of Justice allowed to remove Members of Congress? Isn’t removing people from a courtroom up to a judge?

Above all, how can oversight be conducted if the overseers must promise forever after to forget what they heard and never mention it again – to anyone?

This is all part of a familiar pattern: Congress passes a bold reform that reins in an intelligence community practice. Then the intelligence community parses words and creates new standards out of thin air that geld the new attempt at oversight.

The good news is that RISAA and its provision for congressional attendance of FISC hearings passed only because of leverage provided by the April 2024 reauthorization debate about FISA Section 702, an authority that governs surveillance of foreign spies on foreign soil. The next Section 702 reauthorization debate is set to occur next April.

Congress should make it clear that the Department of Justice must pull back these onerous provisions as one of many preconditions for Section 702 reauthorization.
​
The easiest path to reform would be if President Trump – himself a target of illicit surveillance rubber-stamped by FISC – ordered the Department of Justice to roll back these severe limits on congressional oversight.

​Customs and Border Protection (CBP) has long asserted a right to inspect the contents of the digital devices of Americans returning from abroad. Now, Wired’s Dell Cameron and Matt Burgess report that the recent increase in these invasive practices at ports of entry has caused the number of international visitors to the United States to plummet. They note that while most of these searches are basic, “where agents manually scroll a person’s phone,” deeper, tool-based sweep-searches do occur.
 
In either scenario, refusing to provide a passcode means subjecting oneself to massive delays or even the seizure of one’s device(s). And while digital inspection at the border is not a new trend, it’s a rapidly increasing one.
 
CBP’s own data shows warrantless digital inspections conducted at the border jumped from 8,503 in 2015 to more than 50,000 this year.
 
This accelerating increase of warrantless scanning of digital devices at the border is attracting attention internationally and concern here at home.
​
Four years ago we noted the need for respect for the Fourth Amendment at U.S. borders and entry zones. Sens. Ron Wyden (D-OR) and Rand Paul (R-KY) introduced the Protecting Data at the Border Act, and then renewed their push to pass this initiative. In between, investigative journalist Jana Winter found that CBP was spying on journalists.
 
By that time, the Inspector General of the Department of Homeland Security (DHS) had issued a scathing report on the privacy violations committed by its various agencies – with agents helping themselves freely to Americans’ location histories and other personal data. This was, the IG found, partly because the DHS Privacy Office “did not follow or enforce its own privacy policies and guidance.”
 
And it appears that the agency is still not adhering to its own internal procedures in collecting and retaining Americans’ personal data. On the heels of the phone search story comes another tale of CBP overreach. Only this time, it isn’t about personal devices. Rather, the agency is looking for contractors to build a massive fleet of AI-powered surveillance trucks.
 
Wired reports: “With a fleet of such vehicles, each would act as a node in a wider surveillance mesh.” This is a technical point, but its chilling philosophical ramifications are what strike us most. 
 
Node by node, our government is building a surveillance net to cover the country. This is all the more reason for Congress to use the upcoming debate over the reauthorization of FISA Section 702 in April to subject every element of this emerging surveillance state to long-delayed scrutiny.

​Those of a certain age might remember the Domesticon, a line of 22nd century robotic butlers from the movie Sleeper. To avoid being caught by the authoritarian state, Woody Allen’s character Miles Monroe pretends to be a Domesticon during a dinner party. The scene is equal parts slapstick and satire. Miles’ cover is blown when he tries to help the host but acts too human in the process.

The Wall Street Journal’s Joanna Stern recently found that one actual prototype of the Domesticon is not entirely dissimilar to the fictional version. 1X Technologies is beta testing NEO, the $20,000 “home humanoid” it hopes to bring to market in 2026. Recently, Stern got to see it in action for the second time and discovered a decidedly Sleeper-like connection: NEO is part human.

Not organically, like a cyborg – so far the full integration of creature and computer is limited to cockroaches. No, NEO is remotely human, as in there’s a remote human operator back at company HQ, “potentially peering through the robot’s camera eyes to get chores done.”

Now, how’d you like to have that job? But as 1X CEO Bernt Børnich told Stern: “If you buy this product, it is because you’re okay with that social contract. If we don’t have your data, we can’t make the product better.”

Such transparency is refreshing. It is also a reminder of the Faustian bargain we must strike in order to make artificial intelligence work at the expense of our personal privacy. AI is unlike any software that came before in that it requires gargantuan amounts of data in order to learn its jobs. As Stern notes, “It needs data from us – and from our homes.” A world model, in other words, centered around us and private things we do at home. 

We expect these machines to be capable of fully human, fully competent, fully safe behaviors – all while being fully autonomous. None of that will happen without the ability to collect and learn from the data of day-to-day human lives. There are no shortcuts, either. When 1X let Stern drive NEO using one of the company’s VR headsets its human operators wear, she nearly dislocated its arm. The robot left for the shop in a wheelchair. The robot, a cross between “a fencing instructor and a Lululemon mannequin,” as she describes it, had neither’s dexterity nor style.

And during the first meeting the reporter had with NEO earlier in the year, the robot managed to faceplant.

“No way that thing is coming near my kids or dog,” she remembers thinking. Domestic robotics remains in its infancy – literally in Stern’s view. “The next few years won’t be about owning a capable robot; they’ll be about raising one.” Like a toddler, humanoid AI can’t learn without doing, watching, and remembering.

1X says users will be able to set “no-go” zones, blur faces in the video feed, and that human operators back at HQ will not connect unless invited to do so. CEO Børnich told Stern that such “teleoperation” was a lot like having a house cleaner. “Last I checked,” Stern responded wryly, “my house cleaner doesn’t wear a camera or beam my data back to a corporation.”

A punchline of sorts seems appropriate here: We’re big fans of the ethical AI principle that says always have a human in the loop – “but this is ridiculous!” 

Stern’s forthcoming book, I Am Not a Robot: My Year Using AI to Do (Almost) Everything and Replace (Almost) Everyone, is now available for pre-order. Readers can expect more dirt on NEO.
​
Unless he learns to vacuum first.

​Imagine a dish called Surveillance Stew. It’s served anytime multiple privacy-threatening technologies come together, rather like a witch’s brew of bad ideas. It's best served cold.

The latest Surveillance Stew recipe includes location data, social media, and facial recognition. Nicole Bennett, who studies such things, writes in The Conversation that this particular concoction represents a turning point: borders are no longer physical but digital. The government has long held that the border is a special zone where the Fourth Amendment has little traction. Now the government is expanding border rules to the rest of America.

Immigration and Customs Enforcement (ICE) has put out a call to purchase a comprehensive social media monitoring system. At first glance, Bennett notes, it seems merely an expansion of monitoring programs that already exist. But it’s the structure of what’s being proposed that she finds new, expansive, and deeply concerning. “ICE,” she writes, “is building a public-private surveillance loop that transforms everyday online activity into potential evidence.”

The base stock of Surveillance Stew came with Palantir’s development of a national database that could easily be repurposed into a federal surveillance system. Add ICE’s social media monitoring function and the already-thoroughgoing Palantir system becomes “a growing web of license plate scans, utility records, property data and biometrics,” says Bennett, “creating what is effectively a searchable portrait of a person’s life.”

Such a technology gumbo seems less a method for investigating individual criminal cases than a sweeping supposition that any person anywhere in the United States could, at any moment, be a “criminal.” It’s a dragnet, says Wired’s Andrew Couts, noting that 65 percent of ICE detainees had no criminal convictions. Dragnets are inimical to privacy and corrosive to the spirit of the Constitution.

Traditional, law-based approaches to enforcement are one thing – and enforcement, of course, is ICE’s necessary job. The problem now, warns Bennett, is that “enforcement increasingly happens through data correlations” rather than the gathering of hard evidence.

We agree with Bennett's conclusion that these sorts of “guilt by digitization” approaches fly in the face of constitutional guardrails like due process and protection from warrantless searches. To quote Wired’s Couts again, “It might be ICE using it today, but you can imagine a situation where a police officer is standing on a corner and just pointing his phone at everybody, trying to catch a criminal.”

The existence of Palantir’s hub makes it inevitable that ICE’s expanded monitoring capability will migrate to other agencies – from the FBI to the IRS. And when that happens, what ICE does to illegal immigrants can just as easily be done to American citizens – by any government entity, for any reason.
​
When our daily lives are converted into zeroes and ones, the authorities can draw “borders” wherever they want.

​Here’s a quick news update on one of the privacy stories of the year: Meta’s Ray-Ban smartglasses. Joseph Cox and Jason Koebler of 404 Media told the story of Bong Kim, a hobbyist who engineered a way to disable the LED light intended to shine conspicuously whenever Meta’s glasses are recording or taking photos.
 
Let’s be clear: Meta has nothing to do with hacks like this one. The company tried to prevent privacy violations by designing the glasses so that if someone covered up the LED light, the recording function wouldn’t work. So we'll skip the “we told you so” part where we question the wisdom of building a modern Prometheus (powered by an app and AI, of course) while clutching at pearls when it gets compromised – as it now is.
 
We’ll also refrain from asking what could possibly go wrong. But here’s one possibility out of 10,000 would-be privacy violations: Imagine a stalker no longer having to worry about an LED light giving him away. Or industrial spies. Or actual spies. Or the colleague at work tricking you into saying something that will get you fired.
 
From a privacy standpoint, wearables (including smartglasses) are a non-starter, a set of technologies primarily in search of a hack. And if you don’t believe that, you probably haven’t been on Reddit lately.
 
According to 404’s reporting, Kim’s modification is advertised on YouTube and costs just $60 (though it’s unclear whether shipping is included). That’s what your privacy is worth these days.
 
So what can you do? At the very least, familiarize yourself with the look of these new wearable glasses from a host of companies. And quietly read yourself a Miranda warning: “anything thing you say can and will be used against you in a court of law.” Or, maybe just in a meeting with HR.

​Search our news blog for "Flock" and you'll hit the jackpot. This company has been a consistent source of concern for privacy watchdogs.
 
Just last week, the ACLU’s Jay Stanley summarized the results of a detailed Massachusetts open-records investigation. Thanks to Flock’s contracts with more than 40 Massachusetts police departments, Bay State drivers can now be tracked by 7,000 of the company’s customers – “in real time, without a warrant, probable cause, or even reasonable suspicion of wrongdoing.” To be clear, that surveillance of Massachusetts drivers can be conducted from other parts of the country… because why wouldn’t Texas authorities want to know what Massachusetts drivers are up to?
 
This chilling state of affairs is the result of Flock’s boilerplate contract language, which only changes if a police department demands it (most have not). The company’s contracts include an “irrevocable, worldwide, royalty-free, license to use the Customer Generated Data for the purpose of providing Flock Services.”
 
Stanley’s article includes additional anecdotes about Flock’s propensity for over-sharing that suggest the issue goes far beyond Massachusetts. In Virginia, for example, reporters found that “thousands of outside law enforcement agencies searched Virginians’ driving histories over 7 million times in a 12-month period.” As we’ve written before, Virginia is already one of the most surveilled states in the country, thanks largely to vendors like Flock Safety.
 
Consider following the ACLU’s advice for pushing back against this kind of Orwellian oversight. If we don’t say anything, nothing is going to change.

National security wake-up calls do not get louder than the revelation that a Chinese government-linked hacking group, known as Salt Typhoon, successfully penetrated major U.S. telecommunications carriers in 2024.  AT&T and Verizon were among the companies compromised, exposing the communications of Members of Congress, senior officials, and even both major-party presidential candidates.
 
This was not an isolated breach. It followed a 2023 cyberattack in which Chinese state hackers infiltrated Microsoft’s cloud-hosted email systems, compromising accounts at multiple federal agencies, including the Departments of State and Commerce. According to the Cyber Safety Review Board, the attackers downloaded roughly 60,000 emails from the State Department alone. Pilfered correspondence included those of Cabinet-level officials.
 
These events underscore an uncomfortable truth – the Department of Defense and the intelligence community cannot defend the nation with unencrypted communications routed through a handful of vulnerable providers.
 
The good news is that we do not have to accept this status quo. As the House and Senate negotiate the National Defense Authorization Act (NDAA) for Fiscal Year 2026, conferees must retain the Lummis-Wyden amendment, which mandates secure, interoperable, end-to-end-encrypted collaboration tools for the Pentagon.
 
A Pattern of Foreign Infiltration
From defense contractors to cloud service providers, adversarial regimes have repeatedly exploited weak communication infrastructure to spy on U.S. institutions. The Salt Typhoon and Microsoft incidents illustrate how a single breach in a major service can compromise thousands of sensitive conversations. When communication systems lack end-to-end encryption, even one point of failure can expose entire networks to foreign intelligence agencies.
 
What Lummis-Wyden Would Do
This measure requires the Department of War to use only collaboration systems that meet rigorous cybersecurity standards – including true end-to-end encryption that ensures only the sender and intended recipient can read a message, even if servers in between are hacked.
 
Just as importantly, Lummis-Wyden mandates interoperability. Today, the Pentagon is confined to using a small set of proprietary, “walled garden” platforms that block seamless communication across systems. Interoperable standards would allow the Defense Department to adopt superior tools as they emerge, preventing vendor lock-in that traps communications in the domains of single companies, while enhancing long-term resilience of the Pentagon’s digital networks.
 
By promoting interoperability and strong encryption, Lummis-Wyden would open the door to competition, inviting companies to develop more secure, agile, and affordable solutions. America’s defense and intelligence agencies should never be dependent on single-point-of-failure vendors whose systems are ripe targets for global espionage.
 
A Strategic Imperative
From the theft of federal employee records to the infiltration of telecom carriers, the pattern is unmistakable: insecure communications infrastructure is a strategic liability.
 
Passing Lummis-Wyden would do more than patch vulnerabilities: it would redefine what secure collaboration means in the 21st century. It would signal that America prizes both privacy and resilience, and rewards technologies that deliver genuine end-to-end security rather than superficial compliance checkboxes.

​Flock Safety – the vendor installing license plate readers across the country – is now helping police departments enhance their drone fleets with artificial intelligence. With this surveillance comes improved public safety, but also new threats to privacy and personal freedom.

Police drones are not an exotic trend. From 2018 to 2024, the number of police and sheriff departments with drones has risen by 150 percent – for a total of about 1,500 drone-enabled departments.

Increasingly, these drones have brains as well as eyes. Rather than requiring a human operator to direct them, a new generation of autonomous drones can work in concert with an officer at the scene. Lieutenant Ryan Sill, Patrol Watch Commander of the police department in Hayward, California, writes in Police 1 News of surveillance vendor Axon’s “One-Click” drone technology for Autonomous Aerial Vehicles (AAVs):

“The future is one where an AAV can be assigned to each officer, deploying from a patrol car, operating independently without the need for a pilot, responding to voice commands, and completing tasks as directed by the officer.”
​
The integration of AI and drone technology is undeniably a boon to public safety. One of the most dangerous police activities – both for police officers and the public – is the high-speed pursuit of criminals in cars. Increasingly, suspects in cars and on foot can run all they want, but they can be tracked wherever they go by drones.

​Intelligent drones can also zoom quickly to an accident or crime scenes. They can record incidents and respond to situations in ways that assist police departments with too-few officers.

But intelligent drones bring with them the likelihood that all the information they collect will be abused. Then there is information that won’t be collected by drones operated by citizens and journalists in airspace cleared by police drones. Earlier this month, the Federal Aviation Administration imposed a 12-day ban on all non-governmental drone flights across much of Chicago. This coincided with the arrival of National Guard troops and federal agents to conduct immigration raids.

ACLU reports: “This raises the sharp suspicion that it is intended not to ensure the safety of government aircraft, but (along with violence, harassment, and claims of ‘doxing’) is yet another attempt to prevent reporters and citizens from recording the activities of authorities.”

Even more concerning is the emergence of drones that can predict crime.

Malavika Madgula of Sify.com writes about “Dejaview,” a new South Korean technology that “blends AI with real-time CCTV to discern anomalies and patterns in real-life scenarios, allowing it to envisage incidents ranging from drug trafficking to pettier offenses with a sci-fi-esque accuracy rate of 82 percent.”

Knowing that a synthetic brain is watching you for any sign that you might be a criminal is hardly the vibe of a free society. Madgula writes: “It could trigger feelings of heightened self-awareness and unease for even the most innocuous of activities, such as taking a shortcut on your way home or using a cash machine.”
​
Elon Musk famously worried that in AI “we’re summoning the demon.” The demon is welcomed by law enforcement because he is enormously useful in protecting communities. Without guardrails in place to prevent the misuse of this immense collection of our personal movements, activities and associations, it could also turn out to be a Faustian bargain.

​Another day, another TikTok story. Last time, reporters found that TikTok Shop was allowing ads tailored to GPS-savvy stalkers. This time, it’s ads for Cheaterbuster – which represents yet one more invasive abuse of facial recognition technology, often with images taken from the Tinder dating app.
 
Cheaterbuster’s “Facetrace” feature, which 404 Media verified, allows users to “discover someone’s online presence from a single selfie.” That’s right, you need only upload a photo of your “loved one” and Cheaterbuster’s AI scours the web in search of that person’s Tinder profile, for $18 per search.
 
Notably, Tinder itself has nothing to do with this according to Sullivan Davis and other bloggers. “Not only do we not authorize this practice, it is squarely against our policies,” the company told 404 Media. It appears that sites like Cheaterbuster (sadly, there are others) are scraping publicly available profiles (pro tip – pay for Tinder tiers that allow private mode).
 
The Mary Sue webzine points out that any number of TikTok accounts are really just paid marketing fronts for Cheaterbuster. “Aurora” was applauded by naïve users who believed that she was literally dumping her boyfriend (by driving him to the landfill) after Cheaterbuster saved the day. According to 404, Cheaterbuster’s affiliate program pays more than YouTube does.
 
About a year ago, two Harvard students hacked Meta’s Ray-Ban smartglasses to identify strangers on the subway. As we wrote at the time, “Armed with this technology, your neighborhood creep could easily spot a woman walking down the street and be there when she arrives at her front doorstep.”
 
Now thanks to TikTok and Cheaterbuster, he could know all about her and just what to say.

​Sigh. As if we didn’t have enough to worry about already. While privacy experts were focusing on the security of undersea fiberoptic cables, government surveillance, and corporate subterfuge, our data is being broadcast unencrypted all around the Earth by satellites.

Satellites are leaky – and it isn’t fuel they’re off-gassing; it’s our personal information. “These signals are just being broadcast to over 40 percent of the Earth at any point in time,” researchers told Wired’s Andy Greenberg and Matt Burgess.

A few years ago, those researchers (at UC San Diego and the University of Maryland) followed up on a whim: Could we eavesdrop on what satellites are broadcasting? The answer was a big fat “yes” – and it took only about $800 in equipment. Their complete findings are detailed in a newly released study. They had assumed, or at least hoped, to find very little – that almost every signal would be protected by encryption – the ne plus ultra of privacy protection.

Instead, among the many things they found floating in the ether were:
​

• Miscellaneous corporate and consumer data (such as phone numbers)
• Actual voice calls
• Text messages
• Industrial communications
• Decryption keys
• Even in-flight Wi-Fi data for systems used by 10 different airlines (including users’ in-flight browsing activities).

Researchers also “pulled down a significant collection of unprotected military and law enforcement communications,” including information about some U.S. sea vessels.

The Wired article’s authors are quick to note that the National Security Agency warned about the security of satellite communications more than three years ago.

Will the publication of such research encourage bad actors to take advantage of these weaknesses?

In the short term, perhaps, but the study’s authors are hopeful that various companies will respond like T-Mobile did and immediately get their encryption house in order (a spokesperson noted the issue was not network-wide). Another affected company, Santander Mexico, responded: “We took the report as an opportunity for improvement, implementing measures that reinforce the confidentiality of technical traffic circulating through these links.” (It should be noted that the affected organizations were notified many months prior to the study’s release.)

In the meantime, let’s hope most hackers haven’t renewed their Wired subscriptions.
​
After all, the scale of the problem is enormous. A Johns Hopkins expert told the magazine: “The implications of this aren't just that some poor guy in the desert is using his cell phone tower with an unencrypted backhaul. You could potentially turn this into an attack on anybody, anywhere in the country.”

​In September, Lynn Adelman, a federal judge in Wisconsin, helped shore up the Fourth Amendment against the Digital Age’s all-out assault on privacy. As we’ve written so often on this site, algorithms and artificial intelligence are existential threats to constitutional rights like search warrants and probable cause.
 
The digital world seeks to automate the process of justice. It is amoral in the name of efficiency, with automated justice tantamount to automated sentencing.
 
The good news is that the “smartest” algorithms, the most “fine-tuned” large language models can still be stopped by a public official who sticks to a solemn oath to uphold the Constitution. This reminds us that true justice will always require a human in the loop.
 
Which is exactly what defendant Peter Braun did not have when Google and Microsoft sent automated alerts – based on “hash value” data patterns alone – to a national clearinghouse. A Wisconsin special agent, alerted by these hash values, then conducted his own investigation into the flagged files and took a peek before deciding to get a search warrant.
 
A warrant obtained after an examination turned up incriminating evidence of child sex abuse material in Braun’s home. Braun subsequently sued to have that evidence suppressed on the basis that its acquisition violated his Fourth Amendment protections. Judge Adelman agreed.
 
An investigator is paid to be suspicious. But no investigator should be able to explore hunches without a warrant. The investigator’s hunches in this case were based on an interpretation of hash values – which, unlike hash tags that group files for users – are cryptographic functions meant to identify data for computing. Hash values are inherently prone to misinterpretation of contents.
 
If the authorities’ motives are well intentioned – and we believe they were in this case – the rule of law still requires that a court must first review the evidence and agree before an investigator can look at a file. We condemn anyone involved in the possession of material that is, and must be, inherently criminal. But that is no reason throw out due process and the Fourth Amendment.
 
Ante omnia hoc, meaning “before all things, this”: The Constitution could not be clearer – GET A WARRANT.
 
Did the Wisconsin authorities have probable cause in Braun’s case? They might have, but in the eyes of the Fourth Amendment they forfeited any such claim because they could not be bothered to go to a magistrate and present their case. That is why Judge Adelman had no choice but to suppress the illicitly obtained evidence.
 
 “It would have been easy for [agent] Koehler to obtain a warrant before viewing the images,” wrote Adelman in his opinion, “but he decided not to do so.” Illegally obtained evidence isn’t evidence at all.
 
We all want the authorities to protect children to the maximum extent under the law. But even Peter Braun has rights – and his rights are our rights. Do we really want the authorities searching our digital lives without a warrant in hand, simply because some unthinking, blunt-force algorithms decided that something seemed suspicious?
 
Judge Adelman also ruled on the basis that reliance on hash values can target many images that are deeply private, but perfectly legal. He wrote: “Here the government omitted any discussion as to the reliability of hash matching in the warrant affidavit, a fatal flaw which undermines the existence of probable cause.”
 
Justice Amy Coney Barrett calls the Fourth Amendment a “principle” of the rule of law. That principle was ratified in 1791 – by humans, for humans, with nary a bit, byte, algorithm, or special agent in sight. Convenience and expediency were never the point of the Fourth. In fact, they were seen as antithetical to the deliberate – and difficult – ruminations justice requires. That the Digital Age is blindly premised upon such efficiencies should give us all pause.

​Here’s a quick news item that will come as a surprise to absolutely no one, except perhaps for hermits who have been living in caves since AI went mainstream in 2022. Two new pieces of reporting, from Stanford and Tech Policy Press, confirm the fresh dangers to privacy emerging from the AI frontier.
 
First to Palo Alto, where researchers evaluated the privacy policies of six frontier AI developers. You can check out the complete analysis, but here are the takeaways from the abstract. Spoiler alert – they’re not a win for privacy:

• All six AI developers appear to employ their users' chat data to train and improve their models by default
  
  
• Some retain this data indefinitely
  
  
• Developers may collect and train on personal information disclosed in chats, including sensitive information such as biometric and health data, as well as files uploaded by users
  
  
• Four of the six companies examined appear to include children's chat data for model training, as well as customer data from other products
  ​
  
• On the whole, developers' privacy policies often lack essential information about their practices, highlighting the need for greater transparency and accountability.

 
The Tech Policy Press interview with experts sheds some light on why “agentic AI” is so dependent on user information. Agentic AI refers to generative AI with the ability to act independently. Generative AI says things. Agentic AI does things. Both are built on the large language models Stanford studied.
 
It’s a logical evolution – think of asking a restaurant chef to give you his recipe versus having a live-in chef who plans and prepares them. But it’s all built on memory. The more AI is allowed to remember about us, the more effective it will be at meeting our asks. “The central tension, then, is between convenience and control,” the experts told Tech Policy Press.
 
We would add that if you think you’re trusting AI what to remember about your prompts and interests and what not to remember, think again. We’re really talking about trusting companies like the ones in the Stanford study – because they’ll be the ones licensing the AI. As of now, then, the fate of your data ultimately rests in the hands of others. From the interview:
 
“Who, exactly, can access your agent’s memories – just you, or also the lab that designed it, a future employer who pays for integration, or even third-party developers who build on top of the agent’s platform?
 
In short, these experts say, the stakes are these:

“Deciding what should be remembered is not just a question of personal preference; it’s a question of governance. Without careful design and clear rules, we risk creating agents whose memories become less like a helpful assistant and more like a permanent surveillance file.”

We close with a refrain that will be familiar to our readers – now is the time for common-sense laws that privilege personal privacy. Without it, these experts warn, AI will become a tool of enclosure rather than empowerment.

​Outrage, the currency of our times, is being minted at a furious rate over Special Counsel Jack Smith’s use of grand jury subpoenas to spy on the telephone metadata records of eight senators and one congressman around the time of the Jan. 6th 2021 assault on the U.S. Capitol.

One statement of majestic and appropriate outrage – the gold standard, if you will – came from Sen. Rand Paul (who was not among those surveilled). He wrote in Breitbart:

“Our Founding Fathers objected to general warrants that allowed soldiers to go from house to house searching homes of American colonists, [and] I think they would be equally horrified by a government that goes from phone to phone collecting data on all Americans.”

Then there is Sen. Lindsey Graham, one of the targets of Smith’s surveillance, who shouted (rhetorically, starting at 2:35) at Attorney General Pam Bondi, “Can you tell me why my phone records, when I’m the Chairman of the Judiciary Committee, were sought by the Jack Smith agents, why did they ask to know who I called and what I was doing from January 4th to the 7th, can you tell me that?”

It's a good question.

David Corn, writing in the progressive Mother Jones, had his own angle of outrage – that President Trump “incited a violent assault on the Capitol, and for hours – as cops were being beaten and Democratic and Republican legislators were being threatened – did nothing in the hope this domestic terrorism would benefit him and allow him to stay in power …

“Should that not have been thoroughly investigated?”

Another good question.

Here’s our take. Yes, after the trashing of the U.S. Capitol, savage beatings of Capitol police, and the erection of a gallows to “hang Mike Pence,” it would have been astonishing for the government not to investigate. But when the executive branch spies on the metadata of Members of Congress – data that can yield a wealth of private information – you would expect a special prosecutor, appointed by one president to investigate his predecessor and likely future opponent, to dot all “i’s” and cross all “t’s.”

Instead of adhering to a strict constitutional standard, Jack Smith predicated his surveillance of U.S. senators and a representative on a subpoena issued by a grand jury. Such a panel, as New York Chief Judge Sol Wachtler famously said, would gladly indict a ham sandwich if that was what the prosecution wanted.

In his Breitbart piece, Sen. Paul quotes Chief Justice John Roberts when the Supreme Court held in Carpenter v. United States (2018) that geolocation from cellphone metadata was a privacy interest protected by the Fourth Amendment. Justice Roberts, for the majority, wrote, “this Court has never held that the Government may subpoena third parties for records in which the subject has a reasonable expectation of privacy.”

Senators, like everyone else, deserve a reasonable expectation that their phone records are private. Of course, senators – also, like everyone else – are not exempt from lawful investigations. But when one branch investigates another – when one political party investigates its opponents – is it too much to ask that the government respect the Fourth Amendment? If Jack Smith had a good reason to surveil nine Members of Congress, he should have made his case for probable cause before a neutral magistrate and obtained a warrant – as the Constitution requires.
​
That Smith instead chose to slather two pieces of bread with mustard and add a slice of ham indicates (mixed metaphor alert) that he was on nothing more than a fishing expedition. When politics intersect with criminal law, prosecutors must adhere to the most rigorous standards. That is in keeping with the character of an exceptional nation. We must not lose it.

​We’ve long reported on Pegasus, the prolific spyware that allows attackers to access the calls, texts, emails, and images on a target’s smartphone. Worse, Pegasus can turn on a phone’s camera and microphone, transforming it into a 24/7 spying device that the victim helpfully takes from place to place.

• This technology was used by Saudi intelligence to track the soon-to-be murdered journalist Jamal Khashoggi, helped cartels in Mexico to target journalists for assassination, and was implicated in political spying scandals from India to Spain.

 

• One of the most insidious aspects of Pegasus is that it is “zero-click” malware, meaning it can be remotely installed on a phone and the user doesn’t have to fall for a phishing scam or commit some other act of poor digital hygiene.

But Pegasus has a flaw – digitally savvy victims may be tipped off by a phone’s unusually high data usage, overheating, quick battery drain, and unexpected restarts. If you’re suspicious that Pegasus has been planted in your smartphone, you can scan for it via the Mobile Verification Toolkit developed by Amnesty International’s Security Lab.

Unfortunately, evolution works on spyware as it did on dinosaurs, creating new predators with enhanced stealth and devastating lethality.

Enter First Wap’s Altamides. Based in Jakarta, Indonesia, First Wap’s technology can do what Pegasus does, but without installing malware or leaving digital traces. It tracks people, Mother Jones reports, by exploiting archaic telephonic networks designed without security in mind. It can track users’ movements, listen in on their calls, and extract their text messages.
Recent versions can even penetrate encrypted messaging apps.

• Victims of such surveillance reportedly include Blackwater founder Erik Prince, Google engineers, the actor Jared Leto, and the wife of former Syrian dictator Bashar al-Assad. Mother Jones also found “hundreds of people with no public profile swept up in the dragnet; a softball coach in Hawaii, a restaurateur in Connecticut, an event planner based in Chicago.”

Who has purchased this surveillance weapon?

Lighthouse Reports, a coalition of media organizations, performed a sophisticated sting operation in which a journalist posed at a Prague sales conference as a shady buyer for an African mining concession. The journalist said he was looking for a way to identify, profile, and track environmental activists.

The salesman replied: “If you are holding an Austrian passport, like me, I am not even allowed to know about the project, because otherwise I can go to prison.”

The salesman, who (irony alert) was secretly videotaped by the journalist, added: “So that’s why such a deal, for example, we make it through Jakarta, with the signature coming from our Indian general manager.”

When the undercover journalist came back for another meeting, he elicited on tape senior First Wap executives discussing workarounds through Niger-to-Indonesia bank transfers to sell its technology to individuals under international sanctions.

Click below for a short film about this undercover sting.

​U.S. Sen. Ron Wyden (D-OR) told Mother Jones that this story only underscores the extent to which the U.S. government and telecoms have failed to make patches to “the glaring weaknesses in our phone system, which the government and phone companies have failed dismally to address.”