Tag: privacy

NSA Spying in the Courts

The National Security Agency’s collection of every American’s telephone dialing information is hotly contested in the court of public opinion and in Congress. It is now seeing its first test in the courts since its existence was revealed.

The Electronic Privacy Information Center, arguing that it has no other recourse, has filed an extraordinary appeal to the Supreme Court of the order requiring Verizon to turn over telephone calling information en masse to the government. EPIC is a Verizon customer that communicates by telephone with confidential sources, government officials, and its legal counsel.

Cato senior fellow and Georgetown University law professor Randy Barnett joined me this week on a brief to the Court urging it to accept the case so it can resolve statutory and constitutional issues that have “precipitated a juridical privacy crisis.”

The brief first argues that the Foreign Intelligence Surveillance Act does not authorize a sweeping warrant for all communications data. The law requires such a warrant to show relevance to an existing investigation, which is impossible when the data is gathered in support of future, entirely speculative investigations. Not only the text of the statute, but Congress’s intent and the structure of the statute support this interpretation.

Idaho Cooperates with Homeland Security on National ID

In June 2011, I noted here how a new cardless national ID system was forming up using state driver license data. It hasn’t gone very far. Passage of an immigration reform bill containing a national E-Verify requirement would slam down the gas pedal.

But a few days ago, Idaho became the third state in the union to sign up for the Department of Homeland Security’s RIDE (Records and Information from DMVs for E-Verify) program, which is administered by the ID-friendly American Association of Motor Vehicle Administrators. Idaho joins Mississippi and Florida in volunteering state driver information to the DHS.

As the full name of the program suggests, RIDE is an “add-on” to E-Verify, the government’s highly problematic system for “internal enforcement” of immigration law via government background checks. RIDE is intended to let the E-Verify system check the authenticity of driver licenses that are typically provided as one of the forms of ID during the broader verification process. E-Verify’s problems are legion—I documented them in my 2008 paper, “Franz Kafka’s Solution to Illegal Immigration“—and we highlighted them again on Capitol Hill in March.

Much like mass-scale license plate scanning, the RIDE program represents the application of technology and systems developed for one purpose to vastly different ones. The RIDE program takes state driver licensing data—which is for driver licensing and traffic law enforcment—and turns it over to the DHS for federal law enforcement and the creation of a national ID.

In 2007, Idaho was the second state in the nation to reject the REAL ID Act, our national ID law. The Idaho House and Senate passed a resolution condemning that effort to put all Americans into a national ID system. But the bureaucrats appear to have waited out the legislature. With most people’s attention elsewhere, the Idaho Transportation Department teamed up with DHS officials to move forward with a national ID.

After the DHS has tapped into Idahoans’ driver data, there is no guarantee that the uses of it would be limited to E-Verify. Mission creep is a law of gravity in government, and it’s likely over time that E-Verify and Idaho driver data will be put to new and interesting uses by the federal government. Expect the DHS to get a lot more familiar with you and your driver license data if mandatory E-Verify comes into effect and RIDE continues to grow.

Surprised by the Latest Privacy Invasion? Don’t Be

You shouldn’t be surprised by the revelation that police departments across the country are gathering data about innocent people’s movements.

Using automated scanners, law enforcement agencies across the country have amassed millions of digital records on the location and movement of every vehicle with a license plate, according to a study published Wednesday by the American Civil Liberties Union. Affixed to police cars, bridges or buildings, the scanners capture images of passing or parked vehicles and note their location, uploading that information into police databases. Departments keep the records for weeks or years, sometimes indefinitely.

The ACLU study is here.

You should be outraged that your tax dollars are going into surveillance that undercuts your privacy, but don’t be surprised. Why not? Because Cato told you so.

Here’s text from a study we published nearly nine years ago, Understanding Privacy—and the Real Threats to It:

Red-light cameras and speed cameras are another part of the rapidly growing Big Brother infrastructure. Little technical difference separates a digital camera that takes occasional snapshots from one that records continuous footage. Equipped with optical character recognition technology, traffic cameras may soon have the technical capability to read license plates and scan traffic for specific cars. Networked cameras will be able to track cars throughout a city and on the highways. And database technology will make it possible to create permanent records of the movements of all cars captured on camera.

That material is based on testimony I gave to the House Transportation and Infrastructure Committee’s Subcommittee on Highways and Transit almost a dozen years ago. In it, I addressed the constitutional status of public monitoring like this. I talked about how license plates deprive drivers of the ability to navigate streets anonymously. That’s not the worst privacy invasion, given how driving laws and traffic disputes are administered. But it’s akin to requiring people to wear nametags to walk on public sidewalks.

Because the law has deprived people of the ability to protect privacy, the better view is that there is a Fourth Amendment search when law enforcement notes the license plates on cars. This search is inherently unreasonable if they do so when they do not suspect crime. As soon as red-light cameras are used for anything other than snapping suspected speeders — and they soon will be — these cameras should be shown a red light themselves.

Courts have only just begun to grapple with these issues, including the Supreme Court in the Jones case, which last year held that the government couldn’t attach a GPS device to a car and monitor its movements, even in public, without getting a warrant. I wrote about the state of Fourth Amendment law in this area in an article cleverly (ahem) titled: “U.S. v. Jones: Fourth Amendment Law at a Crossroads.”

Concerned? Yes, you should be. Angry? If you need that outlet. But don’t be surprised to learn that police departments are tracking of every car’s movements without a warrant.

Using Metadata to Find Paul Revere

What stood out to me in David Brooks’ amateur psychologizing about NSA leaker Edward Snowden on Monday was his claim that Snowden “has not been able to point to any specific abuses.” Brooks’ legal skills are even worse than his psychologizing. He didn’t notice that the document Snowden leaked was a general warrant. It fails to satisfy the Fourth Amendment’s requirements of probable cause and particularity. That’s an abuse.

I gather that it’s hard to apply the principles of liberty and our nation’s founding charter to the new world of data. In aid of your consideration, I offer you the fun essay: “Using Metadata to Find Paul Revere,” which recounts how metadata (so-called) reveals relationships and, from the perspective of King George, sedition.

The essay concludes:

[I]f a mere scribe such as I—one who knows nearly nothing—can use the very simplest of these methods to pick the name of a traitor like Paul Revere from those of two hundred and fifty four other men, using nothing but a list of memberships and a portable calculating engine, then just think what weapons we might wield in the defense of liberty one or two centuries from now.

The present-day federal surveillance programs revealed in media reports are “the tip of the iceberg,” Rep. Loretta Sanchez (D-CA) said Wednesday after being briefed Tuesday.

NSA Snooping: a Majority of Americans Believe What?

Yesterday, the Washington Post and the Pew Research Center released a joint poll that purportedly showed that “a large majority of Americans” believe the federal government should focus on “investigating possible terrorist threats even if personal privacy is compromised.”

But a careful look at the poll shows citizens are far less sanguine about surrendering their privacy rights, as the facts continue to be revealed.

Pollsters faced a difficult challenge—to accurately capture public opinion during a complex and evolving story. Recall, on Wednesday of last week, the story was about the NSA tracking Verizon phone records. So the pollsters drew up a perfectly reasonable and balanced question:

As you may know, it has been reported that the National Security Agency has been getting secret court orders to track telephone call records of MILLIONS of Americans in an effort to investigate terrorism. Would you consider this access to telephone call records an acceptable or unacceptable way for the federal government to investigate terrorism?

Fifty-six percent found this “acceptable.” Thus, the “majority of Americans” lead in the Washington Post.

However, on Thursday, the Washington Post revealed explosive details about the massive data-collection program PRISM—and the public was alerted that the NSA was not just collecting phone records, but email, Facebook, and other online records. So the pollsters quickly drew up a new question, asked starting Friday, from June 7-9:

Do you think the U.S. government should be able to monitor everyone’s email and other online activities if officials say this might prevent future terrorist attacks?

Fifty-two percent—a majority—said “no.” So Americans feel differently about the story based on the facts on Wednesday, when the story was about tracking “telephone calls,” and facts on Thursday, when the story was about monitoring all “email and other online activity.”

The Washington Post could have fairly gone with a story that a majority of Americans do not agree that the federal government should monitor everyone’s email and online communication, even if it might prevent future terrorist attacks.

Unfortunately, that’s not the story that the Washington Post went with. Subsequent media coverage of the Post-Pew poll has neglected this nuance and cemented this misinterpretation of what “majority of Americans” believe.

A more reasonable interpretation of the Post-Pew poll is that citizens’ views seem to be changing as more details are revealed about the massive extent of the NSA snooping program. Indeed, most citizens have not been following this story as closely with only 48 percent report following thing “very closely” or “fairly closely.”

I’ll be watching eagerly to see what the next polls find out about that ever elusive “majority of Americans.”

A Brief Civil Liberties Quiz

See if you can spot the civil-liberties victory:

  1. The Supreme Court says the government can put your DNA in a national database, even if you were wrongly arrested.
  2. The State of Mississippi imposes mandatory collection of the DNA of babies born to teenage moms, neither of which is suspected of a crime.
  3. The Department of Justice is tracking and threatening to prosecute reporters, for the crime of reporting.
  4. The National Security Agency is collecting everyone’s phone records, even if they suspect you of nothing.
  5. The U.S. Senate kills a bill that could lead to a registry of law-abiding gun owners.

Answer: #5. 

Those crazy senators are looking less crazy all the time. 

How Identification Is Overused and Misunderstood

Justice Anthony Kennedy seems to be carving out his place as the Supreme Court justice who doesn’t “get” identity. Maryland v. King was the case issued today that shows that.

His opener was the 2004 decision in Hiibel v. Sixth Judicial District Court of Nevada, which ratified laws requiring people to disclose their names to police officers on request.

In that case, Deputy Lee Dove of the Humboldt County (NV) Sheriff’s Department had received a report that a man had slugged a woman. He didn’t know the names of the alleged perpetrator or the victim, but Dove found Larry Hiibel standing next to his truck at the side of the road talking to his seventeen-year-old daughter seated inside. Dove didn’t check to see if they were having a dispute, or if anyone had hit anyone. He just started demanding Hiibel’s ID.

“Knowledge of identity may inform an officer that a suspect is wanted for another offense, or has a record of violence or mental disorder,” Justice Kennedy wrote, approving Hiibel’s arrest for refusing to show his papers:

On the other hand, knowing identity may help clear a suspect and allow the police to concentrate their efforts elsewhere. Identity may prove particularly important in [certain cases, such as] where the police are investigating what appears to be a domestic assault. Officers called to investigate domestic disputes need to know whom they are dealing with in order to assess the situation, the threat to their own safety, and possible danger to the potential victim.

Even if he had gotten Larry Hiibel’s ID, that wouldn’t have told Dove any of these things. Dove would have had to stop his battery investigation to investigate Hiibel’s background, which he didn’t do until after he had arrested Hiibel–and after his partner had thrown Hiibel’s distraught daughter to the ground. (There’s your battery.)

In Maryland v. King, Justice Kennedy did it again. He wrote the decision approving DNA identification of arrestees. Like demanding Hiibel’s ID, which had no relation to investigating battery, Maryland’s practice of collecting DNA has no relation to investigating or proving the crime for which King was arrested, and it does nothing to administer his confinement. This Justice Scalia made clear in a scathing dissent.

The Court alludes at several points to the fact that King was an arrestee, and arrestees may be validly searched incident to their arrest. But the Court does not really rest on this principle, and for good reason: The objects of a search incident to arrest must be either (1) weapons or evidence that might easily be destroyed, or (2) evidence relevant to the crime of arrest. Neither is the object of the search at issue here. (citations omitted)

Justice Kennedy appears to think there are certain behaviors around detention and arrest that law enforcement is allowed without regard to the detention or arrest. Here, he has sanctioned the gathering of DNA from arrested people, supposedly presumed innocent until proven guilty, to investigate the possibility of their connection to other, unknown crimes. His logic would allow searching the cell phone of a person arrested for public drunkenness to see if they have participated in an extortion plot.

There is plenty of time to run DNA identification data past cold case files after conviction, and all parties agree that’s what would have happened in King’s case. Given that, the Supreme Court has upheld DNA-based investigation of innocent people for their connections to cold cases because they happen to have been arrested. That’s the strange result of Maryland v. King.