There is a mystery at the heart of the recently enacted law that broadens the definition of an “electronic communications service provider” with a duty to carry out secret surveillance at the request of the government.
Such compelled surveillance requirements were once focused on major companies, like Verizon, AT&T, and Google. But then came a secret case that led the intelligence community to want to expand the law to cover, well, almost everyone in business. This new law, increasingly known by its moniker “Make Everyone a Spy Act,” can now enlist business owners into copying the communications of their customers and handing them over to the FBI or some other government agency. What prompted the intelligence community to want such a dramatic expansion of covered entities? Senate Intelligence Committee Chairman Mark Warner said on the Senate floor in April: “Now, why has this suddenly now become such an issue? Well, one of those communications providers – remember I talked about clouds, data centers, how these networks come together and how network traffic is intertangled at these data centers? One of these entities that controlled one of those new enterprises that didn’t exist in 2008 said: Well, hold it. You can’t compel us to work with the American government because we don’t technically fit the definition of an electronic communications service provider. And the fact was, the company that raised that claim won in court. So what happened was, the FISA Court said to Congress: You guys need to close this loophole; you need to close this and change this definition.” Yet the new law is insanely broad. It covers “any” service provider with access to communications equipment. The government can now enlist custodial services, landlords, owners of small office complexes, gyms, dentist offices, and small businesses of almost every kind, as government spies. And, as with the larger telecoms and tech companies, these small businesses will be held under a gag order, preventing them from alerting their customers that they’ve been spied on. Worse, because few small business owners have the ability to neatly parse exact threads of communications from their equipment, they will likely just turn over the equipment itself – and every customers’ private data it contains – to the NSA. Little wonder that Sen. Ron Wyden (D-OR) described this sweeping provision as “one of the most dramatic and terrifying expansions of government surveillance authority in history.” Sen. Warner admitted that the provision “could have been drafted better.” He promised that if the Senate passed the bill, he would support a redraft of this law’s language in the next Intelligence Authorization Act or the National Defense Authorization Act. The Senate took him at his word and passed the bill. But how can such a redraft be done without some guidance as to the nature of the case that prompted this new law? Without a public disclosure of the type of service provider at the heart of the case Sen. Warner referred to, Congress cannot effectively narrow the language. The administration must declassify the type of provider in the FISC case to guide Congress in making precise refinements in its narrowing of the law. For that reason, PPSA is joining a host of civil liberties peer organizations – ranging from the American Civil Liberties Union and Brennan Center to the Due Process Institute and FreedomWorks – in an open letter to Attorney General Merrick Garland and Director of National Intelligence Avril Haines urging them to declassify the type of service provider at the heart of the FISC case. The administration issued a written commitment to apply the new definition only to the type of provider at issue in the FISC decision. The recent history of American surveillance shows, however, that such commitments won’t bind future administrations. And time and again, we’ve seen one agency or another in the intelligence community resort to legal sophistry to break its word. Given that data centers were named by Sen. Warner on the Senate floor and even in a New York Times article, foreign spies are surely aware of the nature of the broad outlines of the case behind this new law. It is hard to imagine a stronger case for discretionary declassification. Disclosure must happen so Congress can curtail this new warrantless surveillance legislation in the narrowest way possible. The long back-and-forth between Michigan’s Long Lake Township and Todd and Heather Maxon ended with the Michigan Supreme Court punting on the Fourth Amendment implications of drone surveillance over private property.
An appellate court had held that the township’s warrantless use of a drone three times in 2017 to photograph the Todd’s property was an unreasonable, warrantless search, constituting a Fourth Amendment violation. PPSA filed a brief supporting the Maxons before the Michigan Supreme Court, alerting the court to the danger of intimate searches of home and residents by relatively inexpensive drones now on the market. To demonstrate the privacy threat of drones, PPSA informed the court that commercially available drones have thermal cameras that can penetrate beyond what is visible to the naked eye. They can be equipped with animal herd tracking algorithms that can enhance the surveillance of people. Drones can swarm and loiter, providing round-the-clock surveillance. They can carry lightweight cell-site simulators that prompt the mobile phones of people inside the targeted home to give up data that reveals deeply personal information. Furthermore, PPSA’s brief states that drones “can see around walls, see in the dark, track people by heat signatures, and recognize and track specific people by their face.” PPSA agreed that even ordinary photography from a camera hovering over the Maxon’s property violated, in the words of an appellate court, the Maxon’s reasonable expectation of privacy. But in a unanimous decision, Michigan’s top court was having none of this. It concluded that the exclusionary rule – a judicial doctrine in which evidence is excluded or suppressed – is generally applied when law enforcement violates a defendant’s constitutional rights in a criminal case. The justices remanded the case based upon a procedural issue unrelated to the Fourth Amendment question. The Michigan Supreme Court, therefore, declined to address “whether the use of an aerial drone under the circumstances presented here is an unreasonable search in violation of the United States or Michigan Constitutions.” A crestfallen Todd Maxon responded, “Like every American, I have a right to be secure on my property without being watched by a government drone.” The issue between the township and the Maxons was the contention that, behind the shelter of trees, the couple was growing a salvage operation. This violated an earlier settlement agreement the Maxons had made pledging not to keep a junkyard on their five-acre property. Given the potential for drones to use imaging and sensor technology to violate the intimate lives of families, it is all but inevitable that a better – and uglier – test case will come along. If anything, this ruling makes it a virtual certainty. The Federal Government’s “Beneficial Ownership” Snoop Millions of small business owners are about to be hit with a nasty surprise. The Corporate Transparency Act, which passed Congress as part of the must-pass National Defense Authorization Act of 2021, goes into effect this year. Advertised as a way to combat money laundering, this new law now requires small businesses to report their “beneficial owners” to the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN).
This reporting requirement falls on any small business with fewer than 20 employees to reveal its “beneficial owner.” In plain English, this means a small business must give the government the name of anyone who controls or has a 25 percent or greater interest in that business. By Jan. 1, 2025, small businesses must submit the full legal name, date of birth, current residential or business address, and a unique identifier from a government ID of all its beneficial owners. There are significant privacy risks at stake in this seemingly innocuous law, beginning with the widespread access multiple federal agencies will have to this new database. This law, which covers 32 million existing companies and will suck in an additional 5 million new companies every year, threatens anyone who makes a mistake or files an incomplete submission with up to $10,000 in fines and up to two years in prison. “The CTA will potentially make a felon out of any unsuspecting person who is simply trying to make a living in his or her own lawful business or who is trying to start one and makes a simple mistake for violations,” says the National Small Business Association (NSBA). The “beneficial ownership” provision is one more way for the federal government to break down the walls of financial privacy in its quest to comprehensively track Americans’ finances. Consider another big bill, the recent Infrastructure Investment and Jobs Act of 2021, which requires $10,000 or more in cryptocurrency transactions to be reported to the government within 15 days. Incorrect or missing information may result in a $25,000 fine or five years in prison. In addition, the CATO Institute reports that new regulations under consideration would hold financial advisors accountable to “elements of the Bank Secrecy Act, which currently compels banks to turn over certain financial data to the feds.” It is likely that your financial advisor will soon be required to snitch on you. This undermines the whole concept of a fiduciary, someone who is by law supposed to be loyal to your interests. All of these measures are justified by the quest to track the money networks of criminals, terrorists, and drug dealers. But the data these authorities generate will be available, without a warrant, to the IRS, the FBI, the ATF, the Department of Homeland Security, and just about any agency that wants to investigate you for your personal activities or statements that some official deems suspicious. The CTA’s “beneficial ownership” provision represents a new assertion by the federal government over small business. Since before the Constitution, the regulation of small business has been under the purview of the states. Now Washington is assembling a database with which it can heap new regulations on small business regardless of state policies. The NSBA, which is challenging this law in court, estimates that complexities in business ownership will require companies to spend an average of $8,000 a year to comply with this law. NSBA’s lawsuit is moving forward with a named plaintiff, Huntsville business owner Isaac Winkles, in a federal lawsuit. NSBA and Winkles won summary judgment from Judge Liles Burke of the U.S. District Court of the Northern District of Alabama, who held the beneficial owner requirement to be unconstitutional because it exceeds the enumerated powers of Congress. While the government appeals its case to the Eleventh Circuit, FinCEN maintains that it will only exclude small businesses from this requirement if they were members of NSBA on or before March 1. These encroachments are steady and their champions on the Hill are growing bolder in financial surveillance. The good news is that privacy activists have just acquired 32 million new allies. Well, that didn’t take long.
A little more than three weeks ago Congress reauthorized FISA Section 702, a surveillance program enacted to authorize foreign surveillance but which is often used by the FBI to snoop on Americans’ communications caught up in the NSA’s global data trawl. Central to that debate was whether 702 should be made to conform to the Fourth Amendment’s bar against unreasonable searches. The House and Senate fiercely debated late into the night over whether to reauthorize this flawed program. Supporters said it is vital to national security. Critics said that is no excuse for the FBI using Section 702 to surveil large numbers of Americans in recent years, including sitting Members of the House and Senate, journalists, politicians, a state judge, and 19,000 donors to a Congressional campaign. In the House that debate culminated in a 212 to 212 tie vote. That’s how close advocates of privacy and freedom for law-abiding citizens from warrantless government surveillance came to victory. The intelligence establishment and its champions on Capitol Hill won many votes with promises. They included in their bill a codification of a list of new internal FBI procedures that they promised would curb any abuses of Americans’ privacy. FBI Director Christopher Wray promised that agents would be “good stewards” who would protect the homeland “while safeguarding civil rights and liberties.” On April 19, the Senate finalized the reauthorization of Section 702 and sent it to President Biden to be signed into law. On April 20, FBI deputy director Paul Abbate emailed Bureau employees, stating: “To continue to demonstrate why tools like this [Section 702] are essential, we need to use them, while also holding ourselves accountable for doing so properly and in compliance with legal requirements.” He added, “I urge everyone to continue to look for ways to appropriately use US person queries to advance the mission …” Wired, which obtained a copy of the memo, quoted Rep. Zoe Lofgren (D-CA), who said that Deputy Director Abbate’s email directly contradicted earlier assertions from the FBI made during the debate over Section 702’s reauthorization. “The deputy director’s email seems to show that the FBI is actively pushing for more surveillance of Americans, not out of necessity but as a default,” Rep. Lofgren said. The FBI reports it has drawn down the number of such U.S. person queries from about 3 million in 2021 to 57,094 in 2023. As Wired notes, however, the FBI methodology counts multiple accessing of Americans’ personal identifier, such as phone numbers, as just a single search. As Wired reports, the FBI’s proud assertion that its compliance rate of 98 percent with its more stringent rules would still leave it with more than 1,000 violations of its own policies. With the deputy director arrogantly pushing the Bureau to make greater use of Section 702 for the warrantless surveillance of Americans, we can only wonder what the numbers of U.S. person searches will be in the next few years. Whatever happens, the more than 150 civil liberties organizations, including PPSA, will be back when Section 702 is next up for reauthorization in less than two years. The Constitution’s protections of the people cannot be ignored. Today, Laredo – Tomorrow, Los Angeles and Little Rock? When the U.S. military dispatches a drone to strike a target, it often uses a wireless device detection system that can correlate signals from terrorists’ cellphones and other devices emanating from within a target vehicle. Under such circumstances, calls and other signals from terrorists’ devices lead missiles straight into a target’s car.
As law and order along the U.S. border breaks down, it is not surprising that two Texas jurisdictions – Webb and Val Verde counties – purchased such military-grade wireless detection systems. NOTUS.org reports that law enforcement along the border can detect in-vehicle wireless signals and merge them with systems that track vehicles’ license plates to isolate a given car. This is yet another sign that the U.S. Supreme Court urgently needs to revisit the limits that federal and local law enforcement agencies are placing on the Court’s 2018 Carpenter opinion, which requires a probable cause warrant before officers can use cell tower GPS data to access a suspect’s location history. Agencies have not internalized the basic principles of that ruling. Instead, they’ve rationalized that if they are not specifically accessing historical cell tower data, they are complying with the law. To be fair, parts of the border are beginning to resemble a war zone, with out-of-control illegal immigration organized by criminal cartels. Given the current lawless state of the U.S.-Mexican border, local governments are using Department of Justice grants to purchase systems similar to those used by the U.S. military and CIA. Captain Federico Calderon of the Sheriff’s office of Webb County, which includes the large border city of Laredo, told NOTUS that the county purchased a “very restricted” version. Capt. Calderon said that Webb County is using this technology as a pilot program to scan for signals coming from the empty quarters of ranches where no one should be. Val Verde County did not respond to NOTUS’s questions. The potential for widespread abuse of this technology rivals that of cell-site simulators and data purchases. NOTUS reports “as people walk around with headphones, fitness wearables and other devices, emitting a cloud of radio frequency signals unique to them, their data can be linked to a car, even after they have ditched the car.” Local law enforcement officials want such technology to identify human traffickers and cartel smugglers. It is doubtful, however, that this technology will remain restricted to such narrow purposes. And as with purchased data and cellsite simulators, the introduction of this new militarized technology compromises the privacy of many more people – friends, family, and bystanders. “We are well beyond the idea that people have no privacy in public,” Jennifer Grannick of the American Civil Liberties Union told NOTUS. “Here, they’re installing this mass surveillance system.” With the spread of often violent political protests across the nation, a high level of terror alert from the FBI, and college campuses convulsed by tent cities, there will be no lack of reasons for law enforcement to add one more capability to what is evolving into a national surveillance state. It is reasonable to use technology to control the border. But it is up to Congress and the courts to keep a close eye on the widespread introduction of military wireless device detection systems to track Americans. Why did the “unmasking” of Americans’ identities in the global data trawl of U.S. intelligence agencies increase by 172 percent, from 11,511 times in 2022 to 31,330 times in 2023?
Government officials briefing the media say that most of this increase was a defensive response to a hostile intelligence agency launching a massive cyberattack on U.S. infrastructure, possibly infiltrating the digital systems of dams, power plants, or the like. What we do know for sure is that this authority has been abused before. Unmasking occurs when American citizens or “U.S. persons” are caught up, incidentally, in warrantless foreign surveillance. When this happens, the identities of these Americans are routinely hidden from government agents, or “masked.” But senior officials can request that the NSA “unmask” those individuals. This should be a relatively rare occurrence. Yet for some reason, over a 12-month period between 2015 and 2016, the Obama Administration unmasked 9,217 persons. Former UN Ambassador Samantha Power, or someone acting in her name, was a prolific unmasker. Power’s name was used to request unmasking of Americans more than 260 times. Large-scale unmasking continued under the Trump administration, with 2018 seeing 16,721 unmaskings, an increase of 7,000 from the year before. In recent years, the number hovered around 10,000. Now it is three times that many. This is a concern if some subset of these unmaskings (which mostly involve an email account or IP address, not a name) were for named individuals for political purposes. Consider that in 2016, at least 16 Obama administration officials, including then-Vice President Joe Biden, requested unmaskings of Donald Trump’s advisors. Outgoing National Security Advisor Susan Rice took a particular interest in unmasking members of President-elect Trump’s transition team. We are left to wonder if all of this rise in unmasking numbers can be explained away by Chinese or Russian hackers, or if some portion of them reflect the use of this authority for political purposes. Were prominent politicians, officeholders, or candidates unmasked? These raw numbers come from the government’s Annual Statistical Transparency report. This report on intelligence community activities from the Office of the Director of National Intelligence offers revealing numbers, but often without detail or explanation that would explain such jumps. All we have to rely on are media briefs that at times seem more forthcoming than the briefings available to Members of Congress, even those tasked with oversight of intelligence agencies in the House and Senate Judiciary Committees. As these numbers rise, the American people deserve more information and a solid assurance that these authorities will never again be used for political purposes by either party. The Drug Enforcement Administration’s response to three PPSA Freedom of Information Act (FOIA) requests shows just how far government respect for that law has fallen. As we’ve seen recently with other government agencies, DEA didn’t even try to pretend it was following that law.
Over the course of a year, PPSA filed three FOIA requests with the DEA seeking documents relating to the use of cell-site simulators, commonly known by the trade name Stingray. Government agencies use these devices to mimic cell towers, pinging consumers’ cellphones in a given geographic area to prompt them to give up private location data, and sometimes the content of communications. PPSA sought records since 2015 that reflect each use of a cell-site simulator by DEA that was conducted without a warrant based on emergency, exceptional, or “exigent” circumstances. We thought it would be a useful guide for public policy to know how often the agency defined something as an emergency, side-stepping the need to obtain a probable cause warrant. On Monday, DEA came back with one combined response to all three FOIAs we had issued over the course of many months. If DEA had followed the law, it would have conformed to a federal precedent, Truitt v. Department of State (1990), which held that it “is elementary that an agency responding to a FOIA request must conduct a search reasonably calculated to uncover all relevant documents, and if challenged, must demonstrate beyond material doubt that the search was reasonable.” Instead, DEA did not even try to pass the laugh test. It waved away all three FOIA requests citing an exemption that covers personnel documents and other Human Relations files. How could PPSA’s request for the use of cell-site simulators for emergency circumstances, in the words of the law, fall under an exemption for subjects that relates “solely to the internal personnel rules and practices of an agency”? In a letter to the Director of Information Policy of the Department of Justice, PPSA general counsel Gene Schaerr responded: “It is almost certain that at least some documents concerning broader surveillance policy or related record-keeping would be responsive. Of course, DEA does not know one way or the other whether this is accurate because it refused to look for responsive records.” How would DEA know that this request only involved personnel records without a responsive search? It is clear that DEA simply wanted to clear this one FOIA request off its desk. We wish this case was an exception. Federal FOIA responses are becoming increasingly farcical. A FOIA response from the Department of Justice included 40 redacted pages with an insulting valediction – “hope that’s helpful.” Expect this lawless attitude toward the Freedom of Information Act to continue until courts step in and start leveling sanctions against those who treat the law as an ignorable suggestion. But Who Will Fine the FBI? The Federal Communications Commission on Monday fined four wireless carriers – Verizon, AT&T, Sprint, and T-Mobile – nearly $200 million for sharing the location data of customers, often in real-time, without their consent.
The case is an outgrowth of an investigation that began during the Trump Administration following public complaints that customers’ movements were being shared in real time with third-party companies. This is sensitive data. As FCC Chairwoman Jessica Rosenworcel said, consumers’ real-time location data reveals “where they go and who they are.” The carriers, FCC declared, attempted to offload “obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained.” The telecoms complain that the fines are excessive and ignore steps the companies have taken to cut off bad actors and improve customer privacy. But one remark from AT&T seemed to validate FCC’s charge of “offloading.” A spokesman told The Wall Street Journal that AT&T was being held responsible for another’s company’s violations. Verizon spokesman told The Journal that it had cut out a bad actor. These spokesmen are pointing to the role of data aggregators who resell access to consumer location data and other information to a host of commercial services that want to know our daily movements. The spokesmen seem to betray a long-held industry attitude that when it sells data, it also transfers liability, including the need for customer consent. Companies of every sort that sell data, not just telecoms, will now need to study this case closely and determine whether they should tighten control over what happens to customer data after it is sold. But there is one glaring omission in the FCC’s statement. It glides past the government’s own culpability in degrading consumer privacy. A dozen federal law enforcement and intelligence agencies, ranging from the FBI to the ATF, IRS, and Department of Homeland Security, routinely purchase and access Americans’ personal, digital information without bothering to secure a warrant. Concern over this practice is what led the House to recently pass The Fourth Amendment Is Not For Sale Act, which would require government agencies to obtain warrants before buying Americans’ location and other personal data from these same data brokers. It is good to see the FCC looking out for consumers. But who is going to fine the FBI? We needed a little perspective before reporting on the historic showdown on the reauthorization of FISA Section 702 that ended on April 19 with a late-night Senate vote. The bottom line: The surveillance reform coalition finally made it to the legislative equivalent of the Super Bowl. We won’t be taking home any Super Bowl rings, but we made a lot of yardage and racked up impressive touchdowns.
For years, PPSA has coordinated with a wide array of leading civil liberties organizations across the ideological spectrum toward that key moment. We worked hard and enjoyed the support of our followers in flooding Congress with calls and emails supporting privacy and surveillance reform. So what was the result? We failed to get a warrant requirement for Section 702 data but came within one vote of winning it in the House. There was a lot of good news and new reforms that should not be overlooked. And where the news was bad, there are silver linings that gleam.
We come out of this legislative fracas bloodied but energized. We put together a durable left-right coalition in which House Judiciary Committee Chairman Jim Jordan and Ranking Member Jerry Nadler, as well as the heads of the Freedom and Progressive caucuses, who worked side-by-side. For the first time, our surveillance coalition had the intelligence community and their champions on the run. We lost the warrant provision for Section 702 only by a tie vote. Had every House Member who supported our position been in attendance, we would have won. This bodes well for the next time Section 702 reauthorization comes up. We will be ready. Let’s not forget that a recent bipartisan YouGov poll shows that 80 percent of Americans support warrant requirements. We sense a gathering of momentum – and we look forward to preparing for the next big round in April 2026. The risks and benefits of reverse searches are revealed in the capital murder case of Aaron Rayshan Wells. Although a security camera recorded a number of armed men entering a home in Texas where a murder took place, the lower portions of the men’s faces were covered. Wells was identified in this murder investigation by a reverse search enabled by geofencing.
A lower court upheld the geofence in this case as sufficiently narrow. It was near the location of a homicide and was within a precise timeframe on the day of the crime, 2:45-3:10 a.m. But ACLU in a recent amicus brief identifies dangers with this reverse search, even within such strict limits. What are the principles at stake in this practice? Let’s start with the Fourth Amendment, which places hurdles government agents must clear before obtaining a warrant for a search – “no warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” The founders’ tight language was formed by experience. In colonial times, the King’s agents could act on a suspicion of smuggling by ransacking the homes of all the shippers in Boston. Forcing the government to name a place, and a person or thing to be seized and searched, was the founders’ neat solution to outlawing such general warrants altogether. It was an ingenious system, and it worked well until Michael Dimino came along. In 1995, this inventor received a patent for using GPS to locate cellphones. Within a few years, geofencing technology could instantly locate all the people with cellphones within a designated boundary at a specified time. This was a jackpot for law enforcement. If a bank robber was believed to have blended into a crowd, detectives could geofence that area and collect the phone numbers of everyone in that vicinity. Make a request to a telecom service provider, run computer checks on criminals with priors, and voilà, you have your suspect. Thus the technology-enabled practice of conducting a “reverse search” kicked into high gear. Multiple technologies assist in geofenced investigations. One is a “tower dump,” giving law enforcement access to records of all the devices connected to a specified cell tower during a period of time. Wi-Fi is also useful for geofencing. When people connect their smartphones to Wi-Fi networks, they leave an exact log of their physical movements. Our Wi-Fi data also record our online searches, which can detail our health, mental health, and financial issues, as well intimate relationships, and political and religious activities and beliefs. A new avenue for geofencing was created on Monday by President Biden when he signed into a law a new measure that will give the government the ability to tap into data centers. The government can now enlist the secret cooperation of the provider of “any” service with access to communications equipment. This gives the FBI, U.S. intelligence agencies, and potentially local law enforcement a wide, new field with which to conduct reverse searches based on location data. In these ways, modern technology imparts an instant, all-around understanding of hundreds of people in a targeted area, at a level of intimacy that Colonel John André could not have imagined. The only mystery is why criminals persist in carrying their phones with them when they commit crimes. Google was law enforcement’s ultimate go-to in geofencing. Warrants from magistrates authorizing geofence searches allowed the police to obtain personal location data from Google about large numbers of mobile-device users in a given area. Without any further judicial oversight, the breadth of the original warrant was routinely expanded or narrowed in private negotiations between the police and Google. In 2023, Google ended its storage of data that made geofencing possible. Google did this by shifting the storage of location data from its servers to users’ phones. For good measure, Google encrypted this data. But many avenues remain for a reverse search. On one hand, it is amazing that technology can so rapidly identify suspects and potentially solve a crime. On the other, technology also enables dragnet searches that pull in scores of innocent people, and potentially makes their personal lives an open book to investigators. ACLU writes: “As a category, reverse searches are ripe for abuse both because our movements, curiosity, reading, and viewing are central to our autonomy and because the process through which these searches are generally done is flawed … Merely being proximate to criminal activity could make a person the target of a law enforcement investigation – including an intrusive search of their private data – and bring a police officer knocking on their door.” Virginia judge Mary Hannah Lauck in 2022 recognized this danger when she ruled that a geofence in Richmond violated the Fourth Amendment rights of hundreds of people in their apartments, in a senior center, people driving by, and in nearby stores and restaurants. Judge Lauck wrote “it is difficult to overstate the breadth of this warrant” and that an “innocent individual would seemingly have no realistic method to assert his or her privacy rights tangled within the warrant. Geofence warrants thus present the marked potential to implicate a ‘right without a remedy.’” ACLU is correct that reverse searches are obvious violations of the plain meaning of the Fourth Amendment. If courts continue to uphold this practice, however, strict limits need to be placed on the kinds of information collected, especially from the many innocent bystanders routinely caught up in geofencing and reverse searches. And any change in the breadth of a warrant should be determined by a judge, not in a secret deal with a tech company. The U.S. Supreme Court held in Riley v. California (2014) that police must obtain a warrant from a judge before inspecting the digital contents of a suspect’s cellphone. The reason, the Court memorably opined, is that a cellphone holds “the privacies of life.”
But what about a backpack? Or a purse? Or a shopping bag? Such items don’t come close to having the deep privacy implications of a cellphone, which is stuffed with location data, recent call logs, emails, and personal photos. But personal carry containers, too, can hold items reasonably considered to be private. Are police free to paw through a bag or backpack, or does the same principle from Riley also apply to them? This question is central to the case of William Bembury, who was suspected by police of selling a joint containing synthetic marijuana when he was placed under arrest in a park in Lexington, Kentucky, in 2019. While Bembury was placed in handcuffs, officers searched his backpack and found a small bag of synthetic marijuana and a few dollars. However, Bembury was not wearing the backpack when police searched it – a key fact, since police are allowed to search a person under arrest, including any containers on their person, to ensure officers’ safety. But Bembury’s backpack was sitting on a park table at the time of the arrest. And Bembury never consented to the police search of it. When Bembury appealed on Fourth Amendment grounds, he won in a state appeals court. But he lost before the Kentucky Supreme Court. Kalvis Golde of Scotusblog writes of that court’s dilemma: “Acknowledging that the U.S. Supreme Court has yet to decide whether items like backpacks or purses are categorically protected by the Fourth Amendment during arrest, the state supreme court was split on how to proceed.” In the end, a majority of Kentucky Justices held that because the backpack had been immediately in Bembury’s possession, the officers were justified in their search. Bembury is now asking the Supreme Court to grant review and bring clarity to a hodgepodge of state precedents. Bembury’s petition for review asks the Supreme Court to give state courts a principle by which to draw a line between the permissible search of a person, and nearby “purses, backpacks, suitcases, briefcases, gyms bags, computer bags, fanny packs, etc.” The appeal notes “there is little uniformity” with state courts that “have not yet parsed this issue in those exact terms.” Justices might feel that this case itself is a bit of a Pandora’s backpack. Without a clear standard, police are free to paw though any object they wish. On the other hand, a suspect carrying a backpack stuffed with contraband might simply toss it a few yards away and refuse to allow officers’ to inspect it. The Court might consider that it is odd that a clearer standard exists in the digital world with cellphones under Riley (though still sometimes honored in the breach) than with physical objects an arm’s reach away from a suspect. The high Court should consider granting a review of this case to bring clarity to how the law treats evidence in thousands of cases every year. A recent House hearing on the protection of journalistic sources veered into startling territory.
As expected, celebrated investigative journalist Catherine Herridge spoke movingly about her facing potential fines of up to $800 a day and a possible lengthy jail sentence as she faces a contempt charge for refusing to reveal a source in court. Herridge said one of her children asked, “if I would go to jail, if we would lose our house, and if we would lose our family savings to protect my reporting source.” Herridge later said that CBS News’ seizure of her journalistic notes after laying her off felt like a form of “journalistic rape.” Witnesses and most members of the House Judiciary subcommittee on the Constitution and Limited Government agreed that the Senate needs to act on the recent passage of the bipartisan Protect Reporters from Exploitative State Spying (PRESS) Act. This bill would prevent federal prosecutors from forcing journalists to burn their sources, as well to bar officials from surveilling phone and email providers to find out who is talking to journalists. Sharyl Attkisson, like Herridge a former CBS News investigative reporter, brought a dose of reality to the proceeding, noting that passing the PRESS Act is just the start of what is needed to protect a free press. “Our intelligence agencies have been working hand in hand with the telecommunications firms for decades, with billions of dollars in dark contracts and secretive arrangements,” Attkisson said. “They don’t need to ask the telecommunications firms for permission to access journalists’ records, or those of Congress or regular citizens.” Attkisson recounted that 11 years ago CBS News officially announced that Attkisson’s work computer had been targeted by an unauthorized intrusion. “Subsequent forensics unearthed government-controlled IP addresses used in the intrusions, and proved that not only did the guilty parties monitor my work in real time, they also accessed my Fast and Furious files, got into the larger CBS system, planted classified documents deep in my operating system, and were able to listen in on conversations by activating Skype audio,” Attkisson said. If true, why would the federal government plant classified documents in the operating system of a news organization unless it planned to frame journalists for a crime? Attkisson went to court, but a journalist – or any citizen – has a high hill to climb to pursue an action against the federal government. Attkisson spoke of the many challenges in pursuing a lawsuit against the Department of Justice. “I’ve learned that wrongdoers in the federal government have their own shield laws that protect them from accountability,” Attkisson said. “Government officials have broad immunity from lawsuits like mine under a law that I don’t believe was intended to protect criminal acts and wrongdoing but has been twisted into that very purpose. “The forensic proof and admission of the government’s involvement isn’t enough,” she said. “The courts require the person who was spied on to somehow produce all the evidence of who did what – prior to getting discovery. But discovery is needed to get more evidence. It’s a vicious loop that ensures many plaintiffs can’t progress their case even with solid proof of the offense.” Worse, Attkisson testified that a journalist “who was spied on has to get permission from the government agencies involved in order to question the guilty agents or those with information, or to access documents. It’s like telling an assault victim that he has to somehow get the attacker’s permission in order to obtain evidence. Obviously, the attacker simply says no. So does the government.” This hearing demonstrated how important Fourth Amendment protections against unreasonable searches and seizures are to the First Amendment’s guarantee of freedom of the press. If Attkisson’s claims are true, the government explicitly violated a number of laws, not the least of which is mishandling classified documents and various cybercrimes. And it relies on specious immunities and privileges to avoid any accountability for its apparent crimes. Two proposed laws are a good way to start reining in such government misconduct. The first is the PRESS Act, which would protect journalists’ sources against being pressured by prosecutors in federal court to reveal their sources. The second proposed law is the Fourth Amendment Is Not For Sale Act, which passed the House last week. This bill would require the government to get a warrant before it can inspect our personal, digital information sold by data brokers. And, of course, these and other laws limiting government misconduct need genuine remedies and consequences for misconduct, not the mirage of remedies enfeebled by improper immunities. The disappointments of this evening’s votes cannot hide the momentum of a civil liberties coalition that won enhanced oversight of the FBI, and reduced the next reauthorization from five years to two. We made the forces of the status quo fight on warrant requirements, whittling them down to a tie vote, despite the vociferous opposition of the administration. The growing momentum of the surveillance reform coalition reflects the 80 percent support of the American people for warrants. We’ve got the momentum and we will be back.
PPSA Calls on Senate to End Data Purchases The House voted 219-199 to pass the Fourth Amendment Is Not For Sale Act, which requires the FBI and other federal agencies to obtain a warrant before they can purchase Americans’ personal data, including internet records and location histories.
“Every American should celebrate this strong victory in the House of Representatives today,” said Bob Goodlatte, former House Judiciary Chairman and PPSA Senior Policy Advisor. “We commend the House for stepping up to protect Americans from a government that asserts a right to purchase the details of our daily lives from shady data brokers. This vote serves notice on the government that a new day is dawning. It is time for the intelligence community to respect the will of the American people and the authority of the Fourth Amendment.” Federal agencies, from the FBI to the IRS, ATF, and the Departments of Defense and Homeland Security, for years have purchased Americans’ sensitive, personal information scraped from apps and sold by data brokers. This practice is authorized by no specific statute, nor conducted under any judicial oversight. “The Fourth Amendment Is Not For Sale Act puts an end to the peddling of Americans’ private lives to the government,” said Gene Schaerr, general counsel of PPSA. “Eighty percent of the American people in a recent YouGov poll say they believe warrants are absolutely necessary before their digital lives can be reviewed by the government. It is now the duty of the U.S. Senate to finish the job and express the will of the people.” PPSA is grateful to Rep. Warren Davidson, House Judiciary Chairman Jim Jordan, Ranking Member Jerry Nadler, Reps. Andy Biggs, Rep. Pramila Jayapal, Rep. Zoe Lofgren, Rep. Thomas Massie, Rep. Sara Jacobs, and many others who worked to persuade Members to pass this bill in such a strong bipartisan victory. Much of the credit also goes to PPSA’s followers, thousands of whom called and emailed Members of the House at a critical time. “We will need you again when the Fourth Amendment Is Not For Sale Act goes to the Senate,” Schaerr said. “Stay tuned.” ITI is the big tent tech association with members that rank among America’s most innovative companies, such as Dell, Salesforce, and Texas Instruments. ITI is warning the Senate to strip out language in the Reforming Intelligence and Securing America Act (RISAA) that “vastly expands the U.S. government’s warrantless surveillance capabilities.”
This language was added as an amendment by the House Permanent Select Committee on Intelligence. It requires “any service provider” or “custodians” with “access to equipment that is being or may be used to transmit or store wire or electronic communications,” to grant the government access to warrantlessly acquired messages. Some on Capitol Hill are questioning if this provision is really as broad as it reads. It is being portrayed by the intelligence community as a technical fix that will allow the NSA to selectively surveil foreign intelligence targets. The ITI and hundreds of other organizations beg to differ. ITI writes that adding “access to equipment” is a monumental change because – from routers and switches to servers and virtual networking gear to the internet and communications that ride on it – all global communications transmission and storage are powered by real-life physical information and communications technology (ICT). And ITI writes “there are tens of thousands of such companies” that use such equipment. “Expanding the definition to ‘any’ service provider by dropping ‘communications’ has equally wide-ranging implications when we factor in the multiplicity of service providers who play a role in helping to transmit or store the ICT communications,” ITI writes. “For example, on its face the amendment would appear to cover data centers, cloud storage providers, co-location providers, managed security services providers and a variety of other companies who provide services underlying or related to ICT communications transmission and storage; or merely those many companies and individuals who have access to the equipment necessary to provide such services – from building and facilities owners/landlords to cleaning/janitorial staff to the many types of commercial entities that provide a WiFi connection to their guests.” (Emphasis added.) Thus, the nation’s most innovation companies validate civil liberties experts who characterize this amendment as the “Everyone’s a Spy” provision. On a final note, ITI writes that this provision complicates the already contentious and complicated efforts of the Biden Administration to comply with the new EU-US Data Privacy Framework. It is hard to imagine that European politicians and EU regulators will not react to this vast expansion of U.S. surveillance, most likely in a protectionist manner that will harm U.S. exports and competitiveness. So take it from the experts – this language is as exactly as expansive as it reads. It is critical for the Senate to remove it before passing the bill. Like a gourmand gorging at a banquet table, the government’s growing appetite for expanding surveillance is beginning to get a little hard watch. Consider some recent developments.
First, the Senate is voting this week on a bill to reauthorize FISA Section 702 with an amendment that includes what Sen. Ron Wyden calls “one of the most dramatic and terrifying expansions of government surveillance authority in history.” This bill would compel millions of small businesses that merely have “access” to “communications equipment” (like Wi-Fi) to hand over customers’ messages to the government. Little wonder this has been branded the “Everyone’s a Spy” provision. Second, the House will also vote on the Fourth Amendment Is Not For Sale Act, which would curb the practice of the FBI and other federal agencies of purchasing Americans’ most sensitive digital information from data brokers. Third, a House Judiciary Committee investigation also recently found that the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has been working with banks to conduct warrantless dragnets of large numbers of Americans’ confidential financial information, often using politically charged search terms. In all, 650 companies were connected to the FBI’s web port, covering two-thirds of U.S. GDP and 35 million people. See a pattern here? The government’s hunger to expand surveillance into every realm of American life cannot be filled. Many of these programs – like data purchases and FinCEN surveillance – are based on no law and fall under no Congressional or judicial oversight. Now, thanks to former Attorney General William Barr, we know that the Securities and Exchange Commission (SEC) is also getting in on the act. With no statutory approval, the SEC is taking it upon itself to start a huge database called the Consolidated Audit Trail that will allow 3,000 government employees to track, in real time, the identity of tens of millions of Americans who buy and sell stocks and other securities. “This invites abusive investigatory fishing expeditions, targeting of individuals, and intrusive data mining,” Barr writes in The Wall Street Journal. “Concentrating this sensitive data in a single repository guarantees it inevitably will be hacked, stolen, or misused by bad actors.” Barr mostly dwells on the inappropriateness of government surveillance of millions of people who’ve done nothing suspicious. He adds that “the whole point of the Fourth Amendment is to make the government less efficient by making it jump through hoops when it seeks to delve into private affairs. For an agency to argue that it should be able to avoid these hoops to make investigations easier is to assert that it should be exempt from the Fourth Amendment.” Well stated. This is the same William Barr, however, who also recently took the pages of National Review to persuade his fellow conservatives to support the House Intelligence Committee’s version of FISA reauthorization – which also authorizes many forms of dragnet surveillance. Perhaps it will soon dawn on the supporters of the status quo that the “whole point of the Fourth Amendment” should reach beyond stock trades to include “Everyone’s a Spy,” data purchases and all the other egregious privacy violations of our growing surveillance state. Is it fair to call one amendment to the Reforming Intelligence and Securing America Act (RISAA) the “Everyone’s a Spy” provision? This amendment to RISAA now before the Senate would compel a provider of any service, who has “access” to communications equipment, to quietly cooperate with the NSA in collecting messages.
Because the people who work at most ordinary businesses – from fitness centers to commercial office buildings – have no expertise in parsing data, they would likely just hand over all the messages of their customers to the NSA, including countless messages between Americans. Here’s how Sen. Ron Wyden characterized this measure on the Senate floor: “After all, every office building in America has data cables running through it. These people are not just the engineers who install, maintain, and repair our communications infrastructure; there are countless others who could be forced to help the government spy, including those who clean offices and guard buildings. If this provision is enacted, the government could deputize any one of these people against their will and force them to become an agent for Big Brother. “For example, by forcing an employee to insert a USB thumb drive into a server at an office they clean or guard at night. “This could all happen without any oversight. The FISA Court won’t know about it. Congress won’t know about it. The Americans who are handed these directives will be forbidden from talking about it. And unless they can afford high priced lawyers with security clearances who know their way around the FISA Court, they will have no recourse at all.” Sen. Wyden is not writing science-fiction. We’ve seen again and again when the FBI and other federal agencies can find a way to expand a loophole – as with backdoor searches of Section 702 data or the data broker loophole – they will do so. Our digital traces can be put together to tell the stories of our lives. They reveal our financial and health status, our romantic activities, our religious beliefs and practices, and our political beliefs and activities.
Our location histories are no less personal. Data from the apps on our phone record where we go and with whom we meet. Taken all together, our data creates a portrait of our lives that is more intimate than a diary. Incredibly, such information is, in turn, sold by data brokers to the FBI, IRS, the Drug Enforcement Administration, the Department of Defense, the Department of Homeland Security, and other federal agencies to freely access. The Constitution’s Fourth Amendment forbids such unreasonable searches and seizures. Yet federal agencies maintain they have the right to collect and examine our personal information – without warrants. A recent report from the Office of the Director of National Intelligence shows that:
The American people are alarmed. Eighty percent of Americans in a recent YouGov poll say Congress should require government agencies to obtain a warrant before purchasing location information, internet records, and other sensitive data about people in the U.S. from data brokers. The Fourth Amendment Is Not For Sale Act now up for a vote in the House would prohibit law enforcement and intelligence agencies from purchasing certain sensitive information from third-party sellers, including geolocation information and communications-related information that is protected under the Electronic Communications Privacy Act, and information obtained from illicit data scraping. This bill balances Americans’ civil liberties with national security, giving law enforcement and intelligence agencies the ability to access this information with a warrant, court order, or subpoena. Call your U.S. House Representative and say: “Please protect my privacy by voting for the Fourth Amendment Is Not For Sale Act.” When Members of the House voted last week to reauthorize FISA Section 702, most did not realize that an amendment from the House Permanent Select Committee on Intelligence (HPSCI), sold as a “narrow” definitional change to the law, will actually deliver what Sen. Ron Wyden (D-OR) calls “one of the most dramatic and terrifying expansions of government surveillance authority in history.” What the House missed the Senate can still fix. The Senate still has time to perform emergency surgery and excise this particularly toxic amendment. Here’s the background: For years, “electronic communications service providers” such as Verizon or Google’s Gmail have been required to turn over the communications of targets. The House bill expands this requirement to enlist millions of small businesses that provide Wi-Fi or have access to routers or similar communications equipment. This provision would make American small businesses into providers of KGB-like surveillance. If this seems hyperbolic, consider that this HPSCI amendment would force American small businesses of many sorts to collect the communications of their customers for the government. The bill does this by including any service provider who has access to equipment that transmits communications. The language was narrowed to exclude hotels, restaurants, dwellings, and community centers, but the measure still includes most businesses – owners and operators of any facilities that house equipment used to store or carry data, including data centers and commercial office buildings. Millions of Americans, with little or no knowledge of the equipment they own or service –landlords, utility providers, repairmen, plumbers, cleaning contractors, and similar professionals – would have a legal obligation to secretly spy for the government. Lacking any ability to separate the communications of Americans from foreigners, they would be forced either to give the government direct access to the equipment or copy its messages en masse and turn it over. And then they would be under a gag order to keep their snooping a secret. This version of Section 702 reauthorization would be a disaster for small businesses of all sorts. Bound to silence, small businesses would suffer consumer distrust as public knowledge of the contamination of the data supply chain spread. Consumers and business would have no recourse. This bill also marks a terrifying replacement of the constitutional order under the Fourth Amendment. For these reasons, the Senate must do its duty and remove it. Call Your Senators: |
Categories
All
|