Tag: Fourth Amendment

Fear and Mass Surveillance: Our Constitutionally Toxic Political Cocktail

At 12:51pm on January 18, 2018–just a day before it was set to expire–the Senate followed the House’s lead and reauthorized the Foreign Intelligence Surveillance Amendments Act (FAA) Section 702 mass surveillance program for another six years by a vote of 65-34.

Writing for JustSecurity.org in October 2017, I made this prediction about the then-looming debate over extending the mass surveillance authority embodied in Section 702: 

Absent another Snowden-like revelation, Section 702 of the FAA will be reauthorized largely without change, and any changes will be cosmetic, and almost certainly abused. Whether it has a “sunset” provision or not is now politically and practically meaningless.

As it turns out, that prediction was optimistic. But first, a recap of the events of this week.

FISA “Reform”: The Surveillance Fear Mongering Campaign Ramps Up

The House GOP leadership must be at least somewhat worried about the prospects for passage of their Foreign Intelligence Surveillance Amendments Act (FAA) Sec. 702 bill, HR 4478, which the House Rules Committee will consider later today in an “emergency” session.

I say this because this morning, the House GOP leadership circulated a wanted poster-style flyer of a dead man: Haji Iman, the alleged ISIS deputy finance minister and second in command to ISIS leader Abu Bakr al-Baghdadi, who was killed in eastern Syria on March 25, 2016. The flyer puts the phrase “ISIS” in a huge font, just in case the reader wasn’t getting the message.

Claiming that “Iman would still be plotting to kill Americans without Section 702,” the flyer then makes an interesting admission: that the search for Iman “was ultimately successful based almost exclusively on intelligence activities under Section 702” (emphasis added).

Not only does the flyer provide no proof that Iman was planning attacks on the United States, it omits the fact that both the Iraqi and U.S. governments had previously claimed repeatedly that Iman had been killed—six times, in fact.

As I’ve noted previously, two other major post-9/11 surveillance programs—the illegal STELLAR WIND mass surveillance program, and the PATRIOT Act’s Sec. 215 telephone metadata collection program—failed to stop a single attack on America. If it took the NSA two years to find Iman using Section 702 “almost exclusively” after claiming repeatedly the man was dead, it should raise major questions about the veracity of the official government (and now House GOP leadership) account of this incident and the effectiveness of the Section 702 program.

And then there’s that tantalizing phrase—”almost exclusively.”

The flyer admits that programs besides Section 702 were responsible for finally—allegedly—killing Iman. So Section 702 collection was not, apparently, a “but for” capability (i.e., but for Section 702, Iman would still be alive). How effective is Secton 702? We don’t know. There’s never been an independent, case-by-case audit of claimed Section 702 “successes” during the nearly 10-year life of the program. And the bill being considered by the House Rules Committee today does not call for such an audit.

What the flyer also doesn’t say is that as written, HR 4788 would effectively expand warrantless surveillance under Section 702, including potentially against purely domestic targets. Given the abuses of the Section 702 program that have been exposed over the past several years, HR 4478 is an amazing statement of the contempt the House GOP leadership has for the Fourth Amendment rights of Americans.

The IRS Believes All Bitcoin Users are Tax Cheats

The Internal Revenue Service has filed a “John Doe” summons seeking to require U.S. Bitcoin exchange Coinbase to turn over records about every transaction of every user from 2013 to 2015. That demand is shocking in sweep, and it includes: “complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date.” And every single transaction:

All records of account/wallet/vault activity including transaction logs or other records identifying the date, amount, and type of transaction (purchase/sale/exchange), the post transaction balance, the names or other identifiers of counterparties to the transaction; requests or instructions to send or receive bitcoin; and, where counterparties transact through their own Coinbase accounts/wallets/vaults, all available information identifying the users of such accounts and their contact information.

The demand is not limited to owners of large amounts of Bitcoin or to those who have transacted in large amounts. Everything about everyone.

Communications and Data Meet the Fourth Amendment

This week and last, the Cato Institute filed amicus briefs urging the Supreme Court to take up two cases dealing with the constitutional status of “cell site location information,” or “CSLI.” This data, collected of necessity by cellular communications providers, creates detailed records of their customers’ movements. The briefs invite the Court to accept these cases so it can revise Fourth Amendment practice to eschew doctrine and more closely adhere to the language of the Fourth Amendment.

The Fourth Amendment states that “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” Presumably, when called upon to determine whether a Fourth Amendment violation has occurred, courts would analyze the elements of this language as follows: Was there a search? Was there a seizure? Was any such search or seizure of “their persons, houses, papers, [or] effects”? Was any such search or seizure reasonable?

And in cases involving familiar physical objects, courts usually do a sound textual analysis, at least implicitly. But in harder cases dealing with unfamiliar items such as communications and data, courts retreat to “reasonable expectation of privacy” doctrine that emerged from Katz v. United States in 1967, and offshoots of it like the “third-party doctrine.” The “reasonable expectation of privacy” test asks whether defendants’ feelings about things government agents accessed were reasonable. The corollary “third-party doctrine” cancels Fourth Amendment interests in information and things that are shared on the theory that expectations of privacy evaporate in that context.

The “reasonable expectation of privacy” test is the product of one non-essential concurrence in Katz, and the third-party doctrine was wrong when the Supreme Court created it in 1976 to ratify a law that deputized banks into financial surveillance. That doctrine grows further out of synch with each step forward our society takes in modern, connected living. Today, third-party service providers collect incredibly deep reservoirs of information about us: Cellular telephone networks, Internet service providers, search engines, and payment systems have data that can throw open windows onto our relationships, feelings, health conditions, business dealings, sexuality, emotions, and more.

The Weird World of Data (and Your Privacy)

In 2007, Judge Richard Posner found it “untenable” that attaching a tracking device to a car is a seizure. But the Supreme Court struck down warrantless attachment of a GPS device to a car on that basis in 2012. Putting a tracking device on a car makes use of it without the owner’s permission, and it deprives the owner of the right to exclude others from the car.

The weird world of data requires us to recognize seizures when government agents take any of our property rights, including the right to use and the right to exclude others. There’s more to property than the right to possession.

In an amicus brief filed with the U.S. Court of Appeals for the D.C. Circuit last week, we argued for Fourth Amendment protection of property rights in data. Recognition of such rights is essential if the protections of the Fourth Amendment are going to make it into the Information Age.

The case arises because the government seized data about the movements of a criminal suspect from his cell phone provider. The government argues that it can do so under the Stored Communications Act, which requires the government to provide “specific and articulable facts showing that there are reasonable grounds to believe that [data] are relevant and material to an ongoing criminal investigation.” That’s a lower standard than the probable cause standard of the Fourth Amendment.

As we all do, the defendant had a contract with his cell phone provider that required it to share data with others only based on “lawful” or “valid” legal processes. The better reading of that industry-standard contract language is that it gives telecom customers their full right to exclude others from data about them. If you want to take data about us that telecom companies hold for us under contract, you have to get a warrant.

The Fourth Amendment Protects Your Cell-Location Data

When the federal district court in D.C. ordered a seizure of Alonzo Marlow’s cell service location information (CSLI) held by his cell provider, it held that the federal government didn’t need a warrant to obtain CSLI data from a person’s phone provider. The Stored Communications Act of 1986 (SCA) governs the searching of such data, and under § 2703(d) of that act, federal investigators need not demonstrate probable cause in order to search—but merely to show “specific and articulable facts” that there is criminal wrongdoing. Thus, the Fourth Amendment requirement that “no warrants shall issue, but upon probable cause” is effectively removed.

Understanding U.S. v. Ackerman

The Supreme Court has eschewed the “reasonable expectation of privacy” test in its most important recent Fourth Amendment cases. It’s not certain that the trend away from the so-called “Katz test,” largely driven by Justice Scalia, will continue, and nobody knows what will replace it. But doctrinal shift is in the air. Courts are searching for new and better ways to administer the Fourth Amendment.

A good example is the Tenth Circuit’s decision last week in U.S. v. Ackerman. That court found that opening an email file was a Fourth Amendment “search,” both as a matter of reasonable expectations doctrine and the “distinct line of authority” that is emerging from the Supreme Court’s 2012 decision in U.S. v. Jones.

Here are the facts: AOL scans outgoing emails for child porn by comparing hashes of files sent through its network to hashes of known child porn. When it becomes aware of child porn, it is required by law to report them to the National Center for Missing and Exploited Children. NCMEC is a governmental entity and agent. (That point takes up the bulk of the decision; Congress has made huge grants of governmental power to the organization.) NCMEC opened the file without a warrant.

Pages