Late last year, Sen. Ron Wyden (D-OR) put a hold on the appointment of Lt. Gen. Timothy Haugh to replace outgoing National Security Agency director Gen. Paul Nakasone. Late Thursday, Sen. Wyden’s pressure campaign yielded a stark result – a frank admission from Gen. Nakasone that, as long suspected, the NSA purchases Americans’ sensitive, personal online activities from commercial data brokers.
The NSA admitted it buys netflow data, which records connections between computers and servers. Even without the revelation of messages’ contents, such tracking can be extremely personal. A Stanford University study of telephone metadata showed that a person’s calls and texts can reveal connections to sensitive life issues, from Alcoholics Anonymous to abortion clinics, gun stores, mental and health issues including sexually transmitted disease clinics, and connections to faith organizations. Gen. Nakasone’s letter to Sen. Wyden states that NSA works to minimize the collection of such information. He writes that NSA does not buy location information from phones inside the United States, or purchase the voluminous information collected by our increasingly data-hungry automobiles. It would be a mistake, however, to interpret NSA’s internal restrictions too broadly. While NSA is generally the source for signals intelligence for the other agencies, the FBI, IRS, and the Department of Homeland Security are known to make their own data purchases. In 2020, PPSA reported on the Pentagon purchasing data from Muslim dating and prayer apps. In 2021, Sen. Wyden revealed that the Defense Intelligence Agency was purchasing Americans’ location data from our smartphones without a warrant. How much data, and what kinds of data, are purchased by the FBI is not clear. Sen. Wyden did succeed in a hearing last March in prompting FBI Director Christopher Wray to admit that the FBI had, in some period in the recent past, purchased location data from Americans’ smartphones without a warrant. Despite a U.S. Supreme Court opinion, Carpenter (2018), which held that the U.S. Constitution requires a warrant for the government to compel telecom companies to turn over Americans’ location data, federal agencies maintain that the Carpenter standard does not curb their ability to purchase commercially available digital information. In a press statement, Sen. Wyden hammers home the point that a recent Federal Trade Commission order bans X-Mode Social, a data broker, and its successor company, from selling Americans’ location data to government contractors. Another data broker, InMarket Media, must notify customers before it can sell their precise location data to the government. We now have to ask: was Wednesday’s revelation that the Biden Administration is drafting rules to prevent the sale of Americans’ data to hostile foreign governments an attempt by the administration to partly get ahead of a breaking story? For Americans concerned about privacy, the stakes are high. “Geolocation data can reveal not just where a person lives and whom they spend time with but also, for example, which medical treatments they seek and where they worship,” FTC Chair Lina Khan said in a statement. “The FTC’s action against X-Mode makes clear that businesses do not have free license to market and sell Americans’ sensitive location data. By securing a first-ever ban on the use and sale of sensitive location data, the FTC is continuing its critical work to protect Americans from intrusive data brokers and unchecked corporate surveillance.” As Sen. Wyden’s persistent digging reveals more details about government data purchases, Members of Congress are finding all the more reason to pass the Protect Liberty Act, which enforces the Constitution’s Fourth Amendment warrant requirement when the government inspects Americans’ purchased data. This should also put Members of the Senate and House Intelligence Committees on the spot. They should explain to their colleagues and constituents why they’ve done nothing about government purchases of Americans’ data – and why their bills include exactly nothing to protect Americans’ privacy under the Fourth Amendment. More to come … No sooner did the Protect Liberty and End Warrantless Surveillance Act pass the House Judiciary Committee with overwhelming bipartisan support than the intelligence community began to circulate what Winston Churchill in 1906 politely called “terminological inexactitudes.”
The Protect Liberty Act is a balanced bill that respects the needs of national security while adding a warrant requirement whenever a federal agency inspects the data or communications of an American, as required by the Fourth Amendment. This did not stop defenders of the intelligence community from claiming late last year that Section 702 reforms would harm the ability of the U.S. government to fight fentanyl. This is remarkable, given that the government hasn’t cited a single instance in which warrantless searches of Americans’ communications proved useful in combating the fentanyl trade. Nothing in the bill would stop surveillance of factories in China or cartels in Mexico. If an American does become a suspect in this trafficking, the government can and should seek a probable cause warrant, as is routinely done in domestic law enforcement cases. No sooner did we bat that one away than we heard about fresh terminological inexactitudes. Here are two of the latest bits of disinformation being circulated on Capitol Hill about the Protect Liberty Act. Intelligence Community Myth: Members of Congress are being told that under the Protect Liberty Act, the FBI would be forced to seek warrants from district court judges, who might or might not have security clearances, in order to perform U.S. person queries. Fact: The Protect Liberty Act allows the FBI to conduct U.S. person queries if it has either a warrant from a regular federal court or a probable cause order from the FISA Court, where judges have high-level security clearances. The FBI will determine which type of court order is appropriate in each case. Intelligence Community Myth: Members are being told that under the Protect Liberty Act, terrorists can insulate themselves from surveillance by including a U.S. person in a conversation or email thread. Fact: Under the Protect Liberty Act, the FBI can collect any and all communications of a foreign target, including their communications with U.S. persons. Nothing in the bill prevents an FBI agent from reviewing U.S. person information the agent encounters in the course of reviewing the foreign target’s communications. In other words, if an FBI agent is reading a foreign target’s emails and comes across an email to or from a U.S. person, the FBI agent does not need a warrant to read that email. The bill’s warrant requirement applies in one circumstance only: when an FBI agent runs a query designed to retrieve a U.S. person’s communications or other Fourth Amendment-protected information. That is as it should be under the U.S. Constitution. As we face the renewed debate over Section 702 – which must be reauthorized in the next few months – expect the parade of untruths to continue. As they do, PPSA will be here to call them out. CVS, Kroger, and Rite Aid Hand Over Americans’ Prescriptions Records to Police Upon Request1/17/2024
Three of the largest pharmaceutical chains – CVS Health, Kroger, and Rite Aid – routinely hand over the prescription and medical records of Americans to police and government agencies upon request, no warrant required.
“Americans' prescription records are among the most private information the government can obtain about a person,” Sen. Ron Wyden (D-OR), and Reps. Pramila Jayapal (D-WA) and Sara Jacobs (D-CA) wrote in a letter to HHS Secretary Xavier Becerra revealing the results of a congressional investigation into this practice. “They can reveal extremely personal and sensitive details about a person’s life, including prescriptions for birth control, depression or anxiety medications, or other private medical conditions.” The Washington Post reports that because the chains often share records across all locations, a pharmacy in one state can access a person’s medical history from states with more restrictive laws. Five pharmacies – Amazon, Cigna, Optum Rx, Walmart, and Walgreens Boots Alliance – require demands for pharmacy records by law enforcement to be reviewed by legal professionals. One of them, Amazon, informs consumers of the request unless hit with a gag order. All the major pharmacies will release customer records, however, if they are merely given a subpoena issued by a government agency rather than a warrant issued by a judge. This could be changed by corporate policy. Sen. Wyden and Reps. Jayapal and Jacobs urge pharmacies to insist on a warrant rather than comply with a request or a subpoena. Most Americans are familiar with the strict privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) from filling out forms in the doctor’s office. Most will surely be surprised how HIPAA, as strict as it is for physicians and hospitals, is wide open for warrantless inspection by the government. This privacy vulnerability is just one more example of the generous access government agencies have to almost all of our information. Intelligence and law enforcement agencies can know just about everything about us through purchases of our most sensitive and personal information reaped by our apps and sold to the government by data brokers. As privacy champions in Congress press HHS to revise its HIPAA regulations to protect Americans’ medical data from warrantless inspection, Congress should also close all the loopholes by passing the Protect Liberty and End Warrantless Surveillance Act. A letter of protest sent by the lawyers of Rabbi Levi Illulian in August alleged that city officials of Beverly Hills, California, had investigated their client’s home for hosting religious gatherings for his family, neighbors, and friends. Worse, the city used increasingly invasive means, including surveilling people visiting the rabbi’s home, and flying a surveillance drone over his property.
A “notice of violation” from the city specifically threatened Illulian with civil and criminal proceedings for “religious activity” at his home. The notice further prohibited all religious activity at Illulian’s home with non-residents. With support from First Liberty Institute, the rabbi’s lawyers sent another letter detailing an egregious use of city resources to launch a “full-scale investigation against Rabbi Illulian” in which “city personnel engaged in multiple stakeouts of the home over many hours, effectively maintaining a governmental presence outside Rabbi Illulian’s home.” The rabbi’s Orthodox Jewish friends and family who visited his home had also received parking citations. The rabbi began to receive visits from the police for noise disturbances, such as on Halloween when other houses on the street were sources of noise as well. Police even threatened to charge Rabbi Illulian with a misdemeanor, confiscate his music equipment, and cite a visiting musician for violating the city’s noise ordinance, despite the obvious double-standard. First Liberty was active in publicizing the city’s actions. In the face of bad publicity about this aggressive enforcement, the city withdrew its violation notice late last year. That the city of Beverly Hills would blatantly monitor and harass a household over Shabbat prayers and religious holidays, particularly at a time of rising antisemitism, is made all the worse by sophisticated forms of surveillance aimed at the free exercise of religion. So city officials managed to abuse the Fourth Amendment to impinge on the First Amendment. This case is reminiscent of the surveillance of a church, Calvary Chapel San Jose, by Santa Clara, California, county officials, over its Covid-19 policies. Is there something about religious observances that attracts the ire of some local officials? Whatever their reasons, this story is the latest example of the need for local officials who are better acquainted with the Constitution. Agencies Must Release Policy Documents About Purchase of the Personal Data of 145 Members of Congress Late last week, Judge Rudolph Contreras ordered the NSA, the CIA, the FBI, and the Office of the Director of National Intelligence to respond to a PPSA Freedom of Information Act (FOIA) request. The government now has two weeks to schedule the production of “policy documents” regarding the intelligence community’s acquisition and use of commercially available information regarding 145 current and former Members of Congress.
This is the second time Judge Contreras has had to tell federal agencies to respond to a FOIA request PPSA submitted. In late 2022, Judge Contreras rejected in part the FBI’s insistence that the Glomar doctrine allowed it to ignore FOIA’s requirement to search for responsive records. Despite that clear holding, the FBI – joined this time by several other agencies – again refused to search for records in response to PPSA’s FOIA request. And Judge Contreras had to remind the agencies again that FOIA’s search obligations cannot be ducked so easily. Instead, Judge Contreras found that PPSA “logically and plausibly” requested the policy documents about the acquisition of commercially available information. And Judge Contreras concluded that a blanket Glomar response, in which the government neither confirms nor denies the existence of the requested documents, is appropriate only when a Glomar response is justified for all categories of responsive records. The judge then described a hypothetical letter from a Member of Congress to the NSA that clarifies the distinction between operational and policy documents. He considered that such a letter might ask if the NSA “had purchased commercially available information on any of the listed Senators or Congresspeople” without revealing whether the NSA (or any other of the defendant agencies) “had a particular interest in surveilling the individual.” Judge Contreras decided that “it is difficult to see how a document such as this would reveal sensitive information about Defendants’ intelligence activities, sources, or methods.” It is on this reasoning that the judge ordered these agencies to produce these policies documents. We eagerly awaits the delivery of these documents in both cases. Stay tuned. PPSA today announced that it is asking the District Court for the District of Columbia to force the FBI to produce two records about communications between government agencies and Members of Congress concerning their possible “unmasking” in secretly intercepted foreign conversations under the Foreign Intelligence Surveillance Act (FISA).
PPSA’s request to the court involves the practice of naming Americans – in this case, Members of the House and Senate – who are caught up in foreign surveillance summaries. In 2017, Sen. Lindsey Graham (R-SC) said he had reason to believe his identify had been unmasked and that he had written to the FBI about it. Similar statements have been made by other Members of Congress of both parties. The matter seemed to have been settled in October 2022 when Judge Rudolph Contreras of the U.S. District Court of the District of Columbia declared that “communications between the FBI and Congress are a degree removed from FISA-derived documents and which discuss congressional unmasking as a matter of legislative interest, policy, or oversight … the FBI must conduct a search for any ‘policy documents’ in its possession.” The FBI had first refused to release these documents under a broad and untenable interpretation of the Glomar doctrine, under which the government asserts it can neither confirm nor deny the existence of such records for national security reasons. After Judge Contreras swept that excuse away, the FBI in October 2023 asserted that three FOIA exemptions allow it to withhold requested documents. The FBI has gone from obfuscation to outright defiance of the plain text of the law. It still claims that releasing correspondence with Congress would, somehow, endanger intelligence sources and methods. It is time for the court to step in and issue a legal order the FBI cannot openly defy. Thus PPSA’s cross motion for summary judgment knocks down the FBI’s rationale and asks Judge Contreras to order the FBI to produce all FBI records reflecting communications between the government and Members of Congress on their “unmasking.” Earlier, the FBI had searched under a court order to find two relevant policy documents. These unreleased records include a four-page email between FBI employees and an FBI Intelligence Program Policy Guide. Significant portions of both documents are being withheld by the FBI because, the Bureau now asserts, of the three exemptions. It claims the disclosure can be withheld because it could implicate sources and methods, the records were created for law enforcement purposes, and because of confidentiality. None of these excuses meet the laugh test for correspondence with Members of Congress. PPSA is optimistic the court will end the FBI’s two years of foot-dragging and order it to produce. Man proposes, God disposes, but Congress often just kicks the can down the road.
Throughout 2023, PPSA and our civil liberties allies made the case that Section 702 of the Foreign Intelligence Surveillance Act – enacted by Congress to give federal intelligence agencies the authority to surveil foreign threats abroad – has become a convenient excuse for warrantless domestic surveillance of millions of Americans in recent years. With Section 702 set to expire, the debate over reauthorizing this authority necessarily involves reforms and fixes to a law that functions in a radically different way than its Congressional authors imagined. In December, a strong bipartisan majority in the House Judiciary Committee passed a well-crafted bill to reauthorize FISA Section 702 – the Protect Liberty and End Warrantless Surveillance Act. This bill mandates a robust warrant requirement for U.S. person searches. It curtails the common government surveillance technique of “reverse targeting,” which uses Section 702 to work backwards to target Americans without a warrant. It also closes the loophole that allows government agencies to buy access to Americans’ most sensitive and personal information scraped from our apps and sold by data brokers. And the Protect Liberty Act requires the inclusion of lawyers with high-level clearances who are experts in civil liberties to ensure the secret FISA Court hears from them as well as from government attorneys. The FISA Reform and Reauthorization Act from the House Permanent Select Committee on Intelligence would not stop the widespread practice of backdoor searches of Americans’ information. And it does not address the outrageous practice of federal agencies buying up Americans’ most sensitive and private information from data brokers. In the crush of business, the deadline for reauthorizing Section 702 was delayed until early spring. Now the contest between the two approaches to Section 702 reauthorization begins in earnest. With a recent FreedomWorks/Demand Progress poll showing that 78 percent of Americans support strengthening privacy protections along the lines of those in the Protect Liberty Act, reformers go into the year with a strong tailwind. While we should never underestimate the guile of the intelligence community, reformers look to the debate ahead with hopefulness and eagerness to win this debate to protect the privacy of all Americans. In July, we wrote about revelations that the U.S. Department of Justice subpoenaed Google for the private data of House Intel staffers looking into the origins of the FBI’s Russiagate investigation. Then, in October, we wrote about a FOIA request from Empower Oversight seeking documents shedding light on the extent to which the executive branch is spying on Members of Congress. Now, following the launch of an official inquiry, Rep. Jim Jordan has issued a subpoena to Attorney General Merrick Garland for further information on the DOJ’s efforts to surveil Congress and congressional staff.
On Halloween, Jordan launched his inquiry into the DOJ’s apparent attempts to spy on Congress, sending letters to the CEOs of Alphabet, Apple, AT&T, T-Mobile, and Verizon requesting, for example, “[a]ll documents and communications between or among Apple employees and Justice Department employees referring or relating to subpoenas or requests issued by the Department of Justice to Apple for personal or official records or communications of Members of Congress or congressional staff….” Jordan also sent a letter to Garland, asserting that “[t]he Justice Department’s efforts to obtain the private communications of congressional staffers, including staffers conducting oversight of the Department, is wholly unacceptable and offends fundamental separation of powers principles as well as Congress’s constitutional authority to conduct oversight of the Justice Department.” Nearly two months later, according to Jordan, the DOJ’s response has been insufficient. In a letter to Garland dated December 19, 2023, Jordan says that the “Committee must resort to compulsory process” due to “the Department’s inadequate response to date.” That response, to be fair, did include a letter to Jordan dated December 4 conveying that the legal process used related to an investigation “into the unauthorized disclosure of classified information in a national media publication. Jordan, citing news reports, contends that the investigation actually “centered on FISA warrants obtained by the Justice Department on former Trump campaign associate Carter Page” (which the Justice Department Inspector General faulted for “significant inaccuracies and omissions”). Whatever the underlying motivation, Jordan is right to find DOJ’s explanation to date unsatisfying. Spying on Congress not only brings with it tremendous separation of powers concerns but raises a broader question about FISA and other processes that would reveal Americans’ personal information without sufficient predication. We need answers. Who authorized these DOJ subpoenas? And how can we make sure this kind of thing doesn’t happen again? PPSA looks forward to further developments in this story. The House Judiciary Committee today announced its long-awaited bill that reauthorizes Section 702 of the Foreign Intelligence Surveillance Act (FISA) while reforming provisions that have allowed warrantless spying on Americans by federal agencies.
Enacted in 2008, Section 702 permits the FBI, the CIA, the National Security Agency, and the National Counter Terrorism Center to search through billions of warrantlessly acquired international communications to surveil foreign targets on foreign soil. The emails, texts messages, internet data, and other communications of Americans are also incidentally swept up in this program, allowing agencies to look for specific information about U.S. persons (U.S. citizens and permanent residents) without a warrant, as required by the Fourth Amendment of the U.S. Constitution. Statement of Bob Goodlatte, former Chairman of the House Judiciary Committee and PPSA Senior Policy Advisor: “The House Judiciary Committee has unveiled the most important government surveillance reform measure since the creation of FISA in 1979. “This bill addresses a growing crisis. Our government, with the FBI in the lead, has come to treat Section 702 – enacted by Congress for the surveillance of foreigners on foreign soil – as a domestic surveillance program of Americans. “The government used this authority to conduct over 200,000 ‘backdoor searches’ of Americans in 2022. Section 702 has been used to search the communications of sitting House and Senate Members, protesters across the ideological spectrum, 19,000 donors to a congressional campaign, journalists, and a state court judge. The American people can see that Section 702 has morphed into something that Congress never intended. “The House Judiciary Committee – with the leadership of Chairman Jim Jordan, Ranking Member Jerry Nadler, and Rep. Andy Biggs – has now crafted a bill that restores the rule of law. This bill allows Section 702 to continue to protect Americans by conducting surveillance of foreign spies and terrorists. But it does so in a way that respects the Fourth Amendment. By achieving this balance, the Judiciary Committee’s bill promises to rebuild the trust of the American people in the law, strengthening freedom from unwarranted surveillance and our right to privacy, as well as our national security.” Statement of Gene Schaerr, PPSA general counsel: “The House Judiciary Committee bill brings sweeping and needed reforms to Section 702 while respecting the legitimate needs of national security. It addresses the prime problems with this authority, establishing a clear warrant requirement. But it also includes some masterful reforms to practices and programs outside of Section 702 that, if left unaddressed, would merely be used by government agencies to end-run the Section 702 reforms. “The House Judiciary Committee bill, for example, imposes a warrant requirement on the government to access and inspect data scraped from consumer apps and sold to the government by data brokers. Without this fix, the government would continue to have ready access to Americans’ most sensitive information – about our medical issues, our location histories and travels, our financial records, and those with whom we associate for political, religious, or personal reasons. “This bill also puts an amicus, a representative of the public’s interest in privacy, into the secret FISA courtroom to challenge the issuance of warrants when the government exceeds its authority. “For years, champions of the Constitution have had to play a game of whack-a-mole with the surveillance state, closing one surveillance loophole only to find federal agencies easily replacing it by exploiting another. Although it will likely see further improvements in the legislative process, the House Judiciary Committee bill closes most of the big loopholes, forcing federal agencies to respect the Fourth Amendment. “We commend Chairman Jordan, Ranking Member Nadler, and Rep. Biggs for their hard work and wise judgments in crafting a bill that will better protect both our national security and our constitutional rights.” Defenders of the surveillance status quo in Congress are perplexed by the success of reform proposals and are flailing in response. Some have made national media appearances that give the American people an inaccurate picture of how Section 702 works and how the government uses it to access large amounts of Americans’ personal information without a warrant.
One such champion did not do his cause any favors when he made inflammatory statements on Face the Nation on Sunday about the leading Members of Congress who want to bring Section 702 of the Foreign Intelligence Surveillance Act in line with the Fourth Amendment of the Constitution. We were told that Chairman Jim Jordan and many of his bipartisan colleagues on the House Judiciary Committee want to “hinder” the process of foreign intelligence and “don’t fully understand” Section 702’s “value and importance to national security.” Moreover, Jordan and his colleagues would “foolishly” cut off one of the most important tools for protecting national security. What we didn’t hear was anything about Section 702’s long litany of abuses, or the need to protect the freedoms and privacy of law-abiding Americans from government snooping. Protecting Americans’ rights and upholding the Constitution is a duty of the House Judiciary Committee. With primary jurisdiction over this program, the bipartisan team of reformers on the House Judiciary Committee understand this surveillance program all too well. They are working on a bill that has far greater substance than what Sen. Mike Lee has called the “window dressing” reforms of the House Intelligence Committee bill, the full text of which has yet to be released. It was never explained in this Face the Nation interview that Section 702 – enacted by Congress to authorize surveillance of foreign spies and terrorists on foreign soil – has morphed into a domestic spying program that in recent years has compromised the privacy of Americans millions of times. Add to that the practice of federal agencies buying Americans’ most sensitive and personal information from data brokers and holding and examining it without a warrant, as required by the Constitution, and you have a recipe for a surveillance state. Champions of surveillance are also wrong when they say that the bipartisan team that wants to reform Section 702 are hindering its passage. The bipartisan Judiciary Committee bill will reauthorize Section 702 for the purpose Congress intended – gathering intelligence about noncitizens outside the United States – while imposing a warrant requirement when the government wants to search Section 702-gathered information about American citizens. The Judiciary Committee, with a long history of protecting civil rights, is expected to soon mark up and pass a strong, bipartisan bill that will give federal agencies the tools they need to protect our national security while safeguarding our constitutional rights. Sen. Wyden Holds Up Promotion of New NSA Chief In January 2021, Sen. Ron Wyden (D-OR) released an unclassified memo from the Defense Intelligence Agency revealing it was purchasing, retaining, and using Americans’ location data. This flies in the face of Carpenter v. United States, a Supreme Court opinion requiring a warrant to examine Americans’ location history. Sen. Wyden next pressed the Department of Defense to identify which other agencies within the Department are buying Americans’ personal data, including location data and web browsing records.
The government answered with a “Controlled Unclassified Information” (CUI) response. Sen. Wyden took to the floor to call this “a made-up designation with no basis in law” to “keep this unclassified information from the American public.” A letter from Sen. Wyden to Defense Secretary Lloyd Austin asking him to clarify this extra-legal restriction resulted in a response letter from an underling declining to approve the release of the unclassified information. Now Sen. Wyden has hit on a strategy that is sure to get the attention of the intelligence community. Sen. Wyden says that he has, with “reluctance,” held up the promotion of Lt. Gen. Timothy Haugh to the grade of general to serve as Director of the National Security Agency and Commander of the U.S. Cyber Command. Sen. Wyden will keep this hold in place until the government provides “yes” or “no” answers as to whether the NSA is buying Americans’ location data and web browsing records. “The American people have a right to know whether the NSA is conducting warrantless domestic surveillance of Americans in a manner that circumvents the Fourth Amendment to the Constitution,” Sen. Wyden said. We are grateful to the men and woman who work hard to keep us safe. But the time has come for champions of civil liberties to respond to hardball tactics with some of our own. If the intelligence community and its enablers on the Hill continue to act with disrespect, what is happening to Lt. Gen. Haugh could be done across the entire alphabet soup of federal intelligence agencies. Proposes GAO Investigation of CIA’s Section 702-Like Program As Congress debates reform of Section 702, Patrick Eddington, former CIA analyst turned Cato Institute senior fellow, offers a timely reminder of how much we don’t know about government surveillance of Americans.
In a piece in The Orange County Register, Eddington writes that for years prior to the 9/11 attacks, the CIA was “apparently conducting exactly the kind of internet ‘backbone’ surveillance now carried out under FISA Section 702 … with absolutely no judicial oversight.” Eddington notes that it took a lawsuit under the Freedom of Information Act against the Privacy and Civil Liberties Oversight Board (PCLOB) to reveal an audit by the Inspector General of the CIA that covered 1999-2000. The audit is heavily redacted. Despite the fact that millions of Americans live, work, and travel abroad, under the CIA’s Section 702-like program, the agency presumed a target was foreign when starting collection. The CIA only allegedly ended collection when it discovered the target was in fact an American. The CIA IG report admitted it “was unable to review every regulated activity.” Did other CIA collection activities ensnare the communications of Americans? Most important, Eddington writes that the redactions prevent us from knowing if this CIA program was terminated or if it still operating. What can be done? First, Eddington points to Rep. Nancy Mace (R-SC) and Jamie Raskin (D-MD), who last year tasked the Government Accountability Office to investigate the FBI’s use of “assessments” – de facto investigations that can be opened on any person or organization absent any criminal predicate. Eddington proposes Congress instruct GAO to expand its surveillance program inquiry to include the CIA’s surveillance program. A good place for the GAO to start would be to determine if this program is, in fact, still in operation. Second, Congress should look to the solutions of the Government Surveillance Reform Act to curb widespread abuses, including those in FISA’s Section 702, which also targets digital communications passing through the backbone of major telecommunications firms and internet service providers’ networks. The absence of sunlight is sure to provide a breeding ground for many abuses. A recent opinion-editorial in The Hill casts a harsh light on the unfolding state of “digital authoritarianism” in America’s schools. Public schools are increasingly adopting artificial intelligence to monitor students and shape curricula. This trend could ultimately have the effect of stifling education, invading privacy, and changing the attitude of adult American society about pervasive surveillance.
Civil rights attorney Clarence Okoh writes that “controversial, data-driven technologies are showing up in public schools nationwide at alarming rates.” These technologies include AI-enabled systems such as “facial recognition, predictive policing, geolocation tracking, student device monitoring and even aerial drones.” A report compiled by the Center for Democracy & Technology found that over 88 percent of schools use student device monitoring, 33 percent use facial recognition and 38 percent share student data with law enforcement. These surveillance technologies enable schools to punish students with greater frequency. A study conducted by Johns Hopkins University found that students at high schools with prominent security measures have lower math scores, are less likely to attend college, and are suspended more often compared to students in schools with less surveillance. The study claims to factor out social and economic background data. Okoh highlights a Florida case in which the sheriff’s office has purportedly used a secret predictive policing program against vulnerable schoolchildren. At some point, the punishments of “predictive” behavior could easily become a self-fulfilling prophecy. A group known as the People Against the Surveillance of Children and Overpolicing (PASCO) has found through litigation and open records requests that the Pasco, Florida, sheriff’s office has a secret youth database that contains the names of up to 18,000 children each academic year. According to PASCO, the sheriff’s office built this database using an algorithm that assessed confidential student records: everything from grades, attendance records, and histories of child abuse are used to assess a student’s risk of falling into “a life of crime.” Many programs directly target minority students. Wisconsin uses a dropout prevention algorithm that uses race as a risk factor. Such modeling, mixed with surveillance software in schools, could have a demonstrably harsher impact on minority students, leading to higher suspension rates. State legislators need to drill down into these reports and verify these claims. One avenue to explore is the role of parents in this process. Are they informed of these practices? Have they been sufficiently heard on them? We have sympathy for why some schools would feel the need to resort to such tactics. But if these facts pan out, then artificial intelligence has just opened up a new front – not just in the war on privacy, but one that could seal the fate of children’s future lives. It also could have an impact on adult society as well. An elementary school student might not understand what it means to be surveilled 24/7 and could become accustomed to it over time. This could lead to a generation of Americans who are inured to ever-present monitoring. If digital authoritarianism becomes the norm in school, it will soon become the norm in society. PPSA looks forward to further developments in this story. When Richard Nixon wanted his minions to run a super-secret surveillance operation that came to be known as the White House Plumbers, the president had it set up in Room 16 in the basement of the Executive Office Building. A recent White House memo obtained and reported by Wired shows that a massive dragnet surveillance program – warrantlessly scooping up phone records from Americans by the trillions – is now being run out of the White House today.
This program, currently called Data Analytical Services (DAS) allows federal, state, and local law enforcement to mine the details, though not the content, of Americans’ calls. As a study at Stanford University showed, metadata alone can reveal startling amounts of highly personal information. When the government adds “chain analysis” – moving outward from one target to the person he or she communicated with, and on to the next person – vast networks of associational groups, whether religious, political, or journalistic, can be X-rayed. “In response to a 2019 Freedom of Information Act request the Project for Privacy and Surveillance Accountability filed jointly with Demand Progress, we received a document from the Drug Enforcement Administration with a redaction into which one could easily fit the word ‘Hemisphere’” said Gene Schaerr, PPSA general counsel. “Hemisphere was the name of this warrantless surveillance program until it was rebranded as Data Analytical Services. Clearly, the government was holding on to something it didn’t want us to see. We had no idea, however, they were hiding it in the White House. With the ‘two-hop’ rule, government at all levels can not only target an individual, but also her spouse, children, parents, and friends. “This is nothing less than warrantless, dragnet surveillance at the national level,” Schaerr said. There is as of yet no evidence that implicates this program in political surveillance. But as with the Nixon Administration, running a program out of the White House has unique advantages. In the current era, a White House operation is not subject to the requirement to review its privacy impacts. It also cannot be subject to FOIA requests. Wired reports that the memo shows that over the years the White House has provided more than $6 million to target the records of any calls that cross AT&T’s infrastructure. Wired also reports that White House funding had intermittent starts and cancellations under the current and last two presidents. Still, the program seems to have been in continuous operation for over a decade. Internal records suggest that the government can access records held by AT&T for at least ten years. These records include the names of callers and recipients, the dates and times of their calls, and their location histories, although the 2018 Supreme Court opinion, Carpenter v. United States, established a warrant requirement for location data. On Sunday, Sen. Ron Wyden (D-OR) fired off a letter to Attorney General Merrick Garland saying, “I have serious concerns about the legality of this surveillance program, and the materials provided by the DOJ contain troubling information that would justifiably outrage many Americans and other Members of Congress.” This breaking news story is certain to provide more momentum for the Government Surveillance Reform Act (GSRA), and the inclusion of a broad warrant requirement and other reforms within a House Judiciary Committee reform bill now being drafted. As this story makes clear, we must have these reforms before any extension of Section 702 of the Foreign Intelligence Surveillance Act can be contemplated. Every now and then, even with an outlook jaded by knowledge of the many ways we can be surveilled, we come across some new outrage and find ourselves shouting – “no, wait, they’re doing what?”
The final dismissal of a class-action lawsuit law by a federal judge in Seattle on Tuesday reveals a precise and disturbing way in which our cars are spying on us. Cars hold the contents of our texts messages and phone call records in a way that can be retrieved by the government but not by us. The judge in this case ruled that Honda, Toyota, Volkswagen, and General Motors did not meet the necessary threshold to be held in violation of a Washington State privacy law. The claim was that the onboard entertainment system in these vehicles record and intercept customers’ private text messages and mobile phone call logs. The class-action failed because the Washington Privacy Act’s standard requires a plaintiff to approve that “his or her business, his or her person, or his or her reputation” has been threatened. What emerged from this loss in court is still alarming. Software in cars made by Maryland-based Berla Corp. (slogan: “Staggering Amounts of Data. Endless Possibilities”) allows messages to be downloaded but makes it impossible for vehicle owners to access their communications and call logs. Law enforcement, however, can gain ready access to our data, while car manufacturers make extra money selling our data to advertisers. This brings to mind legislation proposed in 2021 by Sens. Ron Wyden (D-OR) and Cynthia Lummis (R-WY) along with Reps. Peter Meijer (R-MI) and Ro Khanna (D-CA). Under their proposal, law enforcement would have to obtain a warrant based on probable cause before searching data from any vehicle that does not require a commercial driver’s license. Under the “Closing the Warrantless Digital Car Search Loophole Act,” any vehicle data obtained in violation of this law would be inadmissible in court. Sen. Wyden in a statement at the time said: “Americans’ Fourth Amendment rights shouldn’t disappear just because they’ve stepped into a car.” They shouldn’t. But as this federal judge made clear, they do. Late last week, word began to circulate that the Senate majority is considering including Section 702 of the Foreign Intelligence Surveillance Act in a Continuing Resolution (CR). On Monday morning, a broad coalition of civil liberties groups – left, right and center – sent a letter to Majority Leader Chuck Schumer urging him and the Senate not to include Section 702 in the CR or any must-pass legislation.
Bob Goodlatte, PPSA Senior Policy Advisor and former Chairman of the House Judiciary Committee, explained why PPSA joined in this effort in a media statement. Goodlatte said: “We’ve seen how short-term extensions have a habit of becoming long-term. Extending Section 702 in the CR risks a clean reauthorization of Section 702 with no reforms. “If that happens, expect the FBI to get back to business as usual. Expect warrantless FBI surveillance of Members of Congress and Americans exercising their First Amendment rights to continue. Including Section 702 in the CR would also cut reform off at the knees. It would short-circuit bipartisan reformers in the House and Senate, including critical legislative efforts by the House Judiciary Committee and by dozens of Senators and House Members who’ve worked in good faith to balance national security with our constitutional rights. “Upending these reform efforts would not only lead to a new wave of abuses under Section 702 or other parts of FISA – it would also enable federal agencies to increasingly surveil Americans by accessing our most sensitive personal data, scraped from apps, and sold to the government by shadowy data brokers. “For all these reasons, it would be a terrible mistake to include Section 702 in a CR or any other must-pass legislation.” Four experts on civil liberties, including PPSA’s general counsel Gene Schaerr, explored the tension between liberty and safety at a Federalist Society discussion on Section 702 of the Foreign Intelligence Surveillance Act on Friday. A newsworthy declaration was made by Beth Williams, board member of the government watchdog, the Privacy and Civil Liberties Oversight Board (PCLOB) about balancing Section 702 reform with national security. Williams called Section 702 a “highly valuable” program that “provides irreplaceable intelligence” that generates two-thirds of the president’s daily intelligence briefing. Williams added that all five PCLOB members, while disagreeing on many points, agreed that: “While Section 702 is not a bulk collections program, we agreed that reforms to the program are in order to fix some problems with its operation, particularly by the FBI and to prevent its possible misuse for political and other improper purposes. This can be done without degrading the value of the program.” This was a notable declaration given that Williams and board member Richard DiZinno had dissented from PCLOB Chair Sharon Bradford Franklin and the board’s majority on the need for warrant requirements and other reforms. Williams’ remarks validated a statement by Chair Franklin that no PCLOB member “has called for the program to lapse and also no board member has called for clean reauthorization of the program." A sharp divergence in world views emerged between the constitutional vision of Gene Schaerr and a dark, dystopian future suggested by former NSA lawyer Stewart Baker. Schaerr kicked off this part of the discussion by asking the Federalist Society audience to conduct a thought experiment by imagining what James Madison would say if we could bring him up back to life and up to speed about the many ways the FBI has to surveil Americans. “He would be horrified,” Schaerr said by the denigration of the Fourth Amendment and the breakdown between congressional and executive powers. Schaerr imagined Madison reminding us that the founders “decided that way we set up this government would be to accept some inefficiencies as the price of freedom.” Baker posited a world in which artificial intelligence enables anyone who wants to develop more lethal toxins and infectious diseases to do so, a world of weapons of mass destruction in the hands of “disgruntled teenagers.” Baker’s reply to Schaerr’s thought experiment: “I don’t think James Madison would come back and say, ‘well, you’re just going to have to live in my world and suffer 21st century consequences.’” Gene Schaerr listed the “multipronged” ways the FBI can surveil Americans – from Section 702 information, to personal, sensitive data scraped by apps and purchased by the FBI and other government agencies from data brokers, to executive orders that allow the government to extract Americans’ texts, emails, and browsing histories from the cloud. Given the pervasive reach of such government surveillance, are the alarming fears of technology and hostile actors reason to give up on the Constitution and live in a surveillance state? This discussion leaves us to decide: Do you agree with Stewart Baker, that we must embrace pervasive surveillance to survive? Or do you agree with Gene Schaerr, who concluded: “We can realign federal government surveillance powers with the founders’ vision of what our government can be.” Watch: The Ninth Circuit Court of Appeals in March issued a controversial opinion in Twitter v. Garland that the Electronic Frontier Foundation calls “a new low in judicial deference to classification and national security, even against the nearly inviolable First Amendment right to be free of prior restraints against speech.”
X (née Twitter) is appealing this opinion before the U.S. Supreme Court. Whatever you think of X or Elon Musk, this case is an important inflection point for free speech and government surveillance accountability. Among many under-acknowledged aspects of our national security apparatus is the regularity with which the government – through FBI national security letters and secretive FISA orders – demands customer information from online platforms like Facebook and X. In 2014, Twitter sought to publish a report documenting the number of surveillance requests it received from the government the prior year. It was a commendable effort from a private actor to provide a limited measure of transparency in government monitoring of its customers, offering some much-needed public oversight in the process. The FBI and DOJ, of course, denied Twitter’s efforts, and over the past ten years the company has kept up the fight, continuing under its new ownership. At issue is X’s desire to publish the total number of surveillance requests it receives, omitting any identifying details about the targets of those requests. This purpose is noble. It would provide users an important metric in surveillance trends not found in the annual Statistical Transparency Report of the Office of the Director of National Intelligence. Nevertheless, in April 2020, a federal district court ruled against the company’s efforts at transparency. In March 2023, the Ninth Circuit upheld the lower court’s ruling, sweeping away a substantial body of prior restraint precedent in the process. Specifically, the Ninth Circuit carved out a novel exemption to long established prior restraint limitations: “government restrictions on the disclosure of information transmitted confidentially as part of a legitimate government process.” The implications of this new category of censorable speech are incalculable. To quote the EFF amicus brief: “The consequences of the lower court’s decision are severe and far-reaching. It carves out, for the first time, a whole category of prior restraints that receive no more scrutiny than subsequent punishments for speech—expanding officials’ power to gag virtually anyone who interacts with a government agency and wishes to speak publicly about that interaction.” This is an existential speech issue, far beyond concerns of party or politics. If the ruling is allowed to stand, it sets up a convenient standard for the government to significantly expand its censorship of speech – whether of the left, right or center. Again, quoting EFF, “[i]ndividuals who had interactions with law enforcement or border officials—such as someone being interviewed as a witness to a crime or someone subjected to police misconduct—could be barred from telling their family or going to the press.” Moreover, the ruling is totally incongruous with a body of law that goes back a century. Prior restraints on speech are the most disfavored of speech restrictions because they freeze speech in its entirety (rather than subsequently punishing it). As such, prior restraint is typically subject to the most exacting level of judicial scrutiny. Yet the Ninth Circuit applied a lower level of strict scrutiny, while entirely ignoring the procedural protections typically afforded to plaintiffs in prior restraint cases. As such, the “decision enables the government to unilaterally impose prior restraints on speech about matters of public concern, while restricting recipients’ ability to meaningfully test these gag orders in court.” We stand with X and EFF in urging the Supreme Court to promptly address this alarming development. The Government Surveillance Reform Act (GSRA) Four bipartisan champions of civil liberties – Sen. Ron Wyden (D-OR), Sen. Mike Lee (R-UT), Rep. Warren Davidson (R-OH) and Rep. Zoe Lofgren (D-CA) – today introduced the Government Surveillance Reform Act (GSRA), legislation that restores force to overused Capitol Hill adjectives like “landmark,” “sweeping,” and “comprehensive.”
“The Government Surveillance Reform Act is ambitious in scope, thoughtful in its details, and wide-ranging in its application,” said Bob Goodlatte, former Chairman of the House Judiciary Committee and PPSA’s Senior Policy Advisor. “The GSRA is a once-in-a-generation opportunity for wide-ranging reform.” The GSRA curbs the warrantless surveillance of Americans by federal agencies, while restoring the principles of the Fourth Amendment and the policies that underlie it. The authors of this bill set out to achieve this goal by reforming how the government uses three mechanisms to surveil the American people.
The GSRA will rein in this ballooning surveillance system in many ways.
“The GSRA enjoys widespread bipartisan support because it represents the most balanced and comprehensive surveillance reform bill in 45 years,” Goodlatte said. “PPSA joins with a wide-ranging coalition of civil liberties organizations to urge Congress to make the most of this rare opportunity to put guardrails on federal surveillance of Americans. “We commend Senators Wyden and Lee, and Representatives Davidson and Lofgren, for writing such a thorough and precise bill in the protection of the constitutional rights of every American.” Did IRS Inspect Personal Data of Matt Taibbi and Other Journalists?Matt Taibbi is not everyone’s cup of tea – or shot of tequila. He is a former Rolling Stones reporter, an investigative journalist with gonzo-flavored prose. Taibbi was most recently in the headlines for reporting on government interference, including FBI agents, in secretly advising social media content curation. This was just one of the revelations of the Twitter Files.
That data dump, released by X CEO Elon Musk, show considerable interaction between the federal government and social media companies’ curation of ideological content. Whether this was “jawboning” or “coercion” on the part of the government will be at the heart of an upcoming U.S. Supreme Court case, Murthy v. Missouri. This is an intensely political case, one that pits the Biden Administration, which insists it has every right to alert social media companies about misinformation, against Republicans, who see it as secret censorship. A new report from the House Judiciary Committee raises the question why the IRS sent an agent to make an unannounced field visit to the home of journalist Matt Taibbi. That visit just happened to occur on the same day Taibbi was testifying before Congress about purported secret government abuse to dial back or exclude content from social media. The Weaponization of the Federal Government subcommittee found that the IRS had taken the unusual step of opening a case against Taibbi on Christmas Eve, a Saturday, just weeks after Matt Taibbi began reporting on the Twitter Files. In the four-and-one-half years between when the IRS alleges it last tried to contact Taibbi about his taxes and the day it conducted an unannounced field visit, neither he nor his accountant received notice from the IRS about an issue with his tax returns. As it turned out, the journalist owed no money to the IRS, but the IRS did owe him a refund. As a result of this and similar incidents, IRS chief Danny Werfel repealed the agency’s policy of allowing agents to make unannounced field visits to taxpayers’ home. In today’s social media-saturated world, the appearance of an IRS agent acting as a government “heavy” to pressure a journalist – if that is what indeed happened – is a tactic guaranteed to backfire. The greater danger is how the IRS could misuse its immense surveillance power for its own ends or those of one political master or another. The IRS, like many other federal agencies, purchases Americans’ personal data scraped from our apps and sold to it by third-party data brokers – a major focus in reforms that civil libertarians want to add to FISA’s Section 702. The IRS could have easily accessed Taibbi’s personal location history, as well as his communications from emails to texts, all without a warrant. A good follow up question for Congress might be to ask the IRS if it used purchased data to snoop on Taibbi or other journalists. The IRS does not need probable cause to investigate us. It doesn’t need a warrant to send someone to our home, to order us to conduct an expensive and time-consuming audit, or to look into our most personal and sensitive information taken right out of our smartphones. Congress should demand to know if the IRS or any other government agency has been accessing the personal data of journalists investigating the administration. Is the Executive Branch Targeting Oversight Committees? PPSA continues to press a Freedom of Information Act (FOIA) request seeking documents that would shed light on the extent to which the executive branch is spying on Members of Congress. We are asking the government for production of documents on “unmasking” and other forms of government surveillance of 48 current and former House and Senate Members on committees that oversee the intelligence community.
Now the court and Congress have fresh reason to give the issue of executive branch spying on Congress and its oversight committees renewed attention. Jason Foster, the former chief investigative counsel for Sen. Chuck Grassley – the Ranking Member of the Senate Judiciary Committee – recently learned that he is among numerous staffers, Democrats as well as Republicans, who had their personal phone and email records searched by the Department of Justice in 2017. A FOIA request filed by the nonprofit Empower Oversight, founded by Foster, seeks documents concerning the government’s reasons for compelling Google to reveal the names, addresses, local and long-distance telephone records, text message logs and other information about the accounts of congressional attorneys who worked for committees that oversee DOJ. The government’s subpoena also compelled the release of records indicating with whom each user was communicating. The Empower Oversight FOIA notes: “This raises serious public interest questions about the basis of such intrusion into the personal communications of attorneys advising congressional committees conducting oversight of the Department. Constitutional separation of powers and privilege issues raised by the Speech or Debate Clause of (U.S. Const. art I. § 6) and attorney-client communications of those targeted with these subpoenas should have triggered requirements for enhanced procedural protections and approvals.” As The Wall Street Journal noted in an editorial, these subpoenas coincided with leaks of classified information concerning a wiretapped phone call between incoming Trump national security adviser Michael Flynn and the Russian ambassador. This leak was investigated by the Senate Judiciary Committee. Many now wonder if DOJ’s dragnet of personal information of congressional staffers was an attempt at misdirection, perhaps a fishing expedition to find someone else to blame. Empower Oversight’s FOIA states: “If the only reason the Justice Department targeted the communications of these congressional attorneys was their access to classified information that was later published by the media, it raises the question of whether the Department also subpoenaed the personal phone and email records of every Executive Branch official who had access to the same information.” The Empower Oversight FOIA concludes about this surveillance of Congressional staff: “It begs the question whether DOJ was equally zealous in seeking the communications records of its own employees with access to any leaked document.” Sen. Grassley, who aggressively pursues government surveillance overreach, will likely want to follow up on these questions. In the meantime, PPSA petitions the D.C. Circuit Court for an en banc hearing on the possible unmasking and other surveillance of some of the elected bosses of these congressional attorneys. Case Involves “Unmasking” and “Upstreaming” of 48 Members of Congress Earlier this week, PPSA asked the D.C. Circuit court to require federal agencies to follow FOIA’s most basic requirement: conduct a search for records. Although that should be simple enough, agencies have been excusing themselves of that obligation at an alarming rate, and PPSA has asked the court to rein in this practice.
PPSA’s request this week for an en banc hearing follows up on a FOIA request PPSA submitted in 2020 to six agencies – the Department of Justice and the FBI, the Office of the Director of National Intelligence, the National Security Agency, the Central Intelligence Agency, and the Department of State. PPSA sought records from these agencies about the possible surveillance of 48 Members of Congress who serve or served on intelligence oversight committees. The request specifically concerns two intelligence practices under the Foreign Intelligence Surveillance Act (FISA). One such practice is “unmasking,” which results in the naming of Americans caught up in foreign surveillance in U.S. intelligence summaries. The other practice is “upstreaming,” the use of a person’s name as a search term in a database. Targets include prominent current and former House and Senate Members, including Sen. Marco Rubio, Rep. Mike Turner, Rep. Adam Schiff, as well as now-Vice President Kamala Harris and former Secretary of State Mike Pompeo. “Their silence speaks volumes,” Gene Schaerr, PPSA general counsel said at the time. “They clearly do not want to answer our requests.” Last year, the district court invoked the judicially created Glomar doctrine, which allows agencies to neither confirm nor deny the existence of records relating to matters critical to national security. In doing so, the district court relied on the D.C. Circuit’s expansion of the Glomar doctrine in Wolf v. CIA (2007) and Electronic Privacy Information Center (EPIC) v. NSA (2012), which allows agencies to refuse to confirm or deny the existence of records without even searching first to determine if any records might exist. In both instances, the federal court allowed the government to skip the search requirement in the text of the Freedom of Information Act. PPSA is now petitioning the court to reconsider this ruling with an en banc hearing with the court. “FOIA’s plain text requires federal agencies to search for responsive records before determining what information they may properly withhold, even in the Glomar context,” PPSA declares. “Wolf and EPIC are untenable in the face of intervening Supreme Court precedent, and they clash with at least three other circuits that, even in Glomar cases, reject deviating from the demands of FOIA’s plain text.” In short, PPSA is alerting this federal court how far it has strayed from precedent and the law. Glomar began as a judicial solution to protect the most sensitive secrets of the nation. In the original case, Glomar protected secrets involving the CIA’s raising of a sunken Soviet nuclear submarine. It has since been expanded to prevent the searching of records; an inherently absurd proposition given that agencies cannot even make a Glomar determination without looking. And Glomar is now reflexively used to plainly defy FOIA, a law that mandates searches. PPSA will report on the court’s response. Long Lake Township v. Maxon In a brief before the Michigan Supreme Court, PPSA alerted the court to the danger of intimate searches of home and residents by relatively inexpensive drones now on the market.
Commercially available drones have thermal cameras that can penetrate beyond what is visible to the naked eye. They can be equipped with animal herd tracking algorithms that can enhance the surveillance of people. Drones can swarm and loiter, providing round-the-clock surveillance. They can carry lightweight, cell-site simulators that prompt the mobile phones of people inside the targeted home to give up data that reveals deeply personal information. Furthermore, PPSA’s brief states that drones “can see around walls, see in the dark, track people by heat signatures, and recognize and track specific people by their face.” These are some of the ramifications of a case now before the Michigan Supreme Court. This case began when Long Lake Township in Michigan, suspecting that Todd and Heather Maxon had violated an agreement not to add to a scrap pile of old cars on their five-acre estate, hired a private drone photography business to investigate. No warrant was issued for this surveillance. Michigan’s top court is now reviewing the ruling by a lower court that found that while warrantless drone surveillance of a residence violated the Fourth Amendment, the evidence should not be excluded from this civil case. PPSA argues that this lack of exclusion of tainted evidence threatens to open a Pandora’s box of pervasive surveillance that could pierce the privacy of virtually anyone inside any structure. PPSA cites ample precedent for the exclusion of the Maxon evidence. In Carpenter v. United States (2018), the U.S. Supreme Court made it clear that the Fourth Amendment applies to digital technologies. In that case, the Court excluded location information derived without a warrant from mobile phones. In Kyllo v. United States (2001), the Court found that the use of thermal images – which reveals the heat signature emanating from inside a home – requires a warrant. Compare Kyllo’s comparatively mild surveillance to the “stereo-camera” configuration of many commercially available drones that enable reconstruction of 3D images from 2D cameras. Such surveillance goes well beyond Kyllo, in which police simply used heat radiating from the external surface of the house to detect marijuana cultivation. “Ready-made drone packages, specifically designed for thermal surveillance flights, with the ability to create 3-dimensional maps from their footage, can be had for around $6,000,” PPSA informed the court. “For less than $10,000, police can obtain a specialized drone with superhuman sensory abilities and better maneuverability than a multi-million-dollar helicopter or plane,” PPSA told the court. Drone’s warrantless extraction of personal information far exceeds the Carpenter warrant requirement. PPSA’s filing addresses an error by the lower court. The Michigan Court of Appeals recognized that the Township had violated the Fourth Amendment in its use of drones. That court nonetheless found that the exclusionary rule did not apply in Maxon. PPSA declared: “The Exclusionary Rule is a judicially crafted remedy that gives teeth to the Fourth Amendment by excluding illegally obtained evidence when the privacy value of enforcing Constitutional rights outweighs social harm from excluding evidence.” PPSA concluded: “If the Fourth Amendment is to have any real meaning in this context, evidence obtained by illegal drone surveillance must be subject to exclusion.” The Michigan Supreme Court is hearing oral argument on this case this week. PPSA will follow the outcome of this important, precedent-setting case. The Colorado Supreme Court issued a 5-2 ruling that leaves an urgent privacy question wreathed in a cloud of ambiguity. As a result, Americans must worry that merely being in the same location as someone who might have done an internet search for suspicious material could end up with their own search data being examined by the police.
So-called “reverse warrants” are a powerful new type of search warrant enabled by the collection of Americans’ private data. Reverse warrants allow the police to sift through the search histories of thousands of people. They come in two types: geofence warrants, which allow police to identify people whose devices were in a certain area at a certain time, and reverse keyword warrants, which allow police to identify who searched certain keywords, phrases, or addresses online. These warrants and their underlying technologies allow police to track any person and search through their data. Instead of developing suspicions about a person based on factual evidence and then applying for a warrant to search that specific person – as required by the Fourth Amendment – reverse warrants involve looking through the search history or location history of many innocent people in the hopes of finding a suspect. Reverse warrants exist in legal limbo. There is little precedent or written law that govern this new form of data analysis. Accordingly, some courts have treated reverse warrants as they would any standard warrant. Seymour v. Colorado is the first case to address the constitutionality of reverse warrants. This case springs from a particularly heinous crime – an arson that killed a family of five. Two months later, the Denver Police Department obtained a reverse keyword warrant. As a result of the warrant, Google was forced to hand over the data of eight people, five of whom had Colorado-based IP addresses that had searched for the location of the arson in a two-week period before the crime. Three suspects were eventually charged. One of them, Gavin Seymour, sued to suppress evidence obtained by the warrant on constitutional grounds. The court held that “Seymour has a constitutionally protected privacy interest in his Google search history,” and that “Seymour’s Google search history implicates his right to freedom of expression.” The court also found that law enforcement obtained and executed the warrant in good faith, so the evidence shouldn’t be suppressed under the exclusionary rule. Thus the court acknowledged the serious constitutional issues at play and still treated the reverse warrant as if it was just an ordinary search. The court stated that “the warrant required individualized probable cause and that its absence here rendered the warrant constitutionally defective.” Yet, somehow, it was still admissible evidence. Five innocent people had their data searched. Another five innocent people were murdered in a fire. There is a lot at stake in this case, and a lot to unpack. Does a search of Google search histories by a given address satisfy the Constitution’s requirement for a particularized search? Can probable cause be asserted when the identity of the suspect is unknown? Could digital bystanders have evidence used against them from a search result unrelated to this particular crime? Perhaps this case will advance to the U.S. Supreme Court, which could take this opportunity to articulate boundaries and rules for future searches. We’ve seen, however, a time lag in the Court’s addressing of new technologies. Congress should consider taking measures to protect privacy in reverse warrants before the Supreme Court is forced to weigh in. The Congressional debate over the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) has mostly centered around the outrage of federal agencies using an authority meant for the surveillance of foreigners on foreign soil to warrantlessly collect the communications of hundreds of thousands of Americans every year.
But the Section 702 debate highlights an even greater outrage that needs to be addressed – the routine practice by federal agencies to purchase and access the private data of Americans scraped from our apps and devices without a warrant. While federal data purchases are not part of Section 702, history suggests that any reforms made to Section 702 to curtail the surveillance on Americans in the pool of “incidentally” collected communications will be futile if we don’t close this other loophole. Our data, freely collected and reviewed at will by the government, can be more personal than a diary – detailing our medical concerns, romantic lives, our daily movements, whom we associate with, our politics and religious beliefs. The Wall Street Journal shined a much-needed light on this practice. It reported on the relationship between U.S. government agencies and the shadowy world of data-broker middlemen who peddle our most sensitive personal information. The Journal reported that India-based Near Intelligence has been “surreptitiously obtaining data from numerous advertising exchanges” and selling this data to the NSA, Joint Special Operations Command, the Department of Defense, and U.S. Air Force Cyber Ops. The Journal accessed a memo from Jay Angelo, Near Intelligence general counsel and chief privacy officer, to CEO Anil Mathews about three privacy problems. First, Angelo wrote that Near Intelligence sells “geolocation data for which we do not have consent to do so.” Second, he wrote the company sells or shares “device ID data for which we do not have consent to do so.” And, finally, Angelo wrote, the company violates the privacy laws of Europe by selling Europeans’ data outside of Europe. Customers include agencies of the U.S. federal government, which “gets our illegal EU data twice per day.” It is unclear the extent to which this company sells Americans’ data, though it seems likely that the privacy of Americans is implicated given that the company boasts of having access to data from a billion devices. Near Intelligence is just one actor in this shadowy world of merchants of personal data. Congress should require government agencies to obtain a probable cause warrant to examine the private data of Americans, whether collected under Section 702 or through data purchases. |
Categories
All
|