Latest Cato Research on Privacy Issues en Flemming Rose discusses freedom and surveillance on Statens Overvågningsministerium Thu, 10 Dec 2020 12:20:53 -0500 Flemming Rose Privacy in a Pandemic Ali Lange, Ryan Calo, Harper Reed, Julian Sanchez <div class="mb-3 spacer--nomargin--last-child text-default"> <p>As states begin easing pandemic restrictions, Americans are hearing that a&nbsp;robust regime of “testing and tracing” is critical to reopening safely. Traditional contact tracing relies on meticulous interviews with patients to identify potential exposures, but today, many see a&nbsp;role for cutting edge technology in the fight against COVID-19. Many such proposals raise privacy and civil liberties concerns: Does high‐​tech contact tracing require giving government access to a&nbsp;database of Americans’ locations? Can the process be done anonymously? Could an architecture of monitoring designed to mitigate a&nbsp;pandemic be coopted for less salutary purposes? Technologists and privacy experts will explore an array of different models for digitally assisted tracing and exposure notification—and how to fight contagion without sacrificing privacy.</p> </div> Thu, 28 May 2020 11:50:12 -0400 Ali Lange, Ryan Calo, Harper Reed, Julian Sanchez Report Discloses Unlawful “Backdoor Searches” of FISA Database Julian Sanchez <p>The Intelligence Community’s annual <a href="">Statistical Transparency Report</a> was released earlier this month, and there’s a&nbsp;significant piece of news buried in a&nbsp;footnote: On at least six occasions in 2018 and once in 2019, the government unlawfully reviewed wiretapped communications from a&nbsp;foreign intelligence database while pursuing ordinary criminal investigations unrelated to national security—something the previous year’s report claimed had never happened. The disclosure validates civil libertarian concerns about so‐​called “backdoor searches”: The use of broad foreign intelligence authorities nominally aimed at non‐​Americans outside the country to monitor Americans’ communications, circumventing the normal constitutional warrant process.</p> <p>First, some context. Section 702 of the Foreign Intelligence Surveillance Act, which Congress created in 2008, permits the National Security Agency to obtain sweeping general warrants from the secretive FISA Court, under which they may intercept the communications of non-U.S. persons who are outside the country without individualized authorization. This effectively codified an extralegal wiretapping program secretly approved by President George W. Bush shortly after the 9/11 terror attacks in 2001. Traditionally, when intelligence agencies conducted wiretaps inside the United States, they needed a&nbsp;particularized warrant naming a&nbsp;specific target as long as one end of the communication was American. But §702 loosened the rules: Now instead of individualized warrants, the government asks the FISA Court to sign off on general “targeting procedures” used to select foreign targets located abroad. The communications of those targets can then be intercepted as they pass through American networks, including their communications with American citizens protected by the Fourth Amendment.</p> <p>From the outset, civil libertarians have been worried that such an authority would inevitably vacuum up enormous quantities of Americans’ communications, even if wiretap “targets” were foreign. The incredible scale of collection virtually guarantees that’s the case: Last year the number of foreign §702 targets rose to an astonishing 204,968 (up from 164,770&nbsp;in 2018). This massive cache of intercepts creates a&nbsp;tempting means of bypassing the ordinary warrant process for criminal investigations: Simply search for a&nbsp;U.S. person’s e‐​mail address, phone number, or other identifier in the §702 database.</p> <p>Backdoor searches are quite common. We know that agencies other than FBI (which in effect means NSA and CIA) searched the database for U.S. person identifiers and reviewed intercepted contents as a&nbsp;result&nbsp;9,126 times last year.&nbsp;FBI doesn’t count how frequently they query the database, but they’re now required to obtain a&nbsp;court order before actually reviewing U.S. person communications for criminal investigative purposes unrelated to national security.&nbsp;Until this most recent report, the government claimed that this had never happened.&nbsp;But the 2020 report discloses a&nbsp;number of recently discovered instances in which they did just that: One in 2016 (before the warrant requirement was added), six in 2018, and one in 2019—that we know of, at least.&nbsp;</p> <p>While it’s good these instances were belatedly detected, this disclosure underscores the problem of giving FBI, which has dual law enforcement and intelligence responsibilities,&nbsp;such poorly monitored access to the fruits of §702’s general warrants.&nbsp;Unlike other agencies, FBI is not required to report how often they query the §702 database for U.S. person identifiers—though by their own admission, they do so far more often than their peers.&nbsp;</p> <p>Congress should conduct vigorous oversight over how these unlawful searches occurred—and remove the exemption that spares FBI from having to tally their searches for Americans in this enormous database.&nbsp;The loophole exists because FBI says their systems aren’t designed to track the necessary information… a&nbsp;design choice that makes compliance problems like the ones newly disclosed more likely, and harder to catch when they occur.&nbsp;</p> </p> Fri, 15 May 2020 15:59:07 -0400 Julian Sanchez Reining in Unwarranted Surveillance of Americans Sen. Rand Paul, Caleb O. Brown <div class="mb-3 spacer--nomargin--last-child text-default"> <p>The Foreign Intelligence Surveillance Court is under scrutiny for its failures to properly check overzealous federal authorities. Republican Senator Rand Paul of Kentucky says the court is not constitutional, but he’s still offering reforms.</p> </div> Wed, 13 May 2020 16:00:29 -0400 Sen. Rand Paul, Caleb O. Brown E‐​Verify Errors Plague Workers with Temporary Protected Status Alex Nowrasteh <p>We’ve long complained about E-Verify’s <a href="">failures</a>. It fails <a href="">miserably as a system designed to exclude illegal immigrant workers from employment</a>. It is also error‐​prone, affecting some native‐​born Americans but mostly flagging legal immigrant workers as illegal immigrants. Correcting those errors can <a href="">take weeks</a> if all of the bureaucratic steps are followed. It’s no surprise, then, that E‐​Verify especially excludes workers on Temporary Protected Status (TPS) from working. Despite being authorized to work legally in the United States, TPS migrants are disproportionately flagged as ineligible to work by E‐​Verify. This is further evidence that E‐​Verify is a dangerously flawed system that should be repealed.</p> <p><strong>Background</strong></p> <p><a href="">E‐​Verify</a> is an electronic government system that is supposed to stop employers from hiring illegal immigrant workers and thus reduce the main benefit of coming to the United States in the first place: high wages. <a href="">E‐​Verify is supposed to work this way</a>: Employers enroll in E‐​Verify and when they hire somebody, the employer is supposed to run that person’s identity information through E‐​Verify to confirm that he or she is legally eligible to work in the United States.</p> <p>Most legal workers are instantly approved to work while some workers, mostly those who are illegal workers, are flagged with a tentative non‐​confirmation (TNC). The worker and the employer then have a certain amount of time in which to resolve the TNC by fixing errors entered into the E‐​Verify portal, providing other forms of identification, or pointing out errors in government databases that produce a mismatch. If they can resolve the TNCs, the worker can remain employed. If they can’t, E‐​Verify issues a final non‐​confirmation (FNC) and the worker must be fired.</p> <p><strong>How E‐​Verify Affects Workers on Temporary Protected Status (TPS)</strong></p> <p>E‐​Verify interacts with migrants on <a href="">Temporary Protected Status</a> (TPS) in a particularly pernicious way. TPS is a status for migrants in the United States who can’t return to their home countries due to an ongoing armed conflict, an environmental disaster, or other extraordinary and temporary problem. TPS migrants are not removable from the United States<a href="">, are granted employment authorization documents</a>, and may be granted travel authorization. There are approximately <a href="">411,000</a> migrants on TPS from 10 countries: El Salvador, Haiti, Honduras, Nepal, Nicaragua, Somalia, South Sudan, Sudan, Syria, and Yemen. TPS status will <a href="">expire</a> for many migrants in the coming years due to decisions by the Trump administration.</p> <p>According to a recent <a href="">USCIS data release</a> in response to a FOIA, E‐​Verify was run 17,909 times against TPS migrants by employers in the 4<sup>th</sup> quarter of fiscal year 2019. Of those 17,909 E‐​Verify queries run against TPS migrants, E‐​Verify approved 16,299 of them to work and issued 1,610 with a TNC. In other words, about 9 percent of the E‐​Verify cases run against those on TPS in the 4<sup>th</sup> quarter of 2019 were mistakenly labeled at TNCs.</p> <p>E‐​Verify later rescinded the TNCs in 323 (20 percent) of the E‐​Verify cases against TPS migrants, thus allowing them to work. About 9 percent of the <em>legal </em>TPS migrant workers were initially flagged by E‐​Verify as illegal and only 20 percent of those initially flagged were eventually allowed to legally work. About 71 percent were not resolved because the worker didn’t challenge the TNC or, more likely, the employer didn’t inform the worker of a problem. E‐​Verify incentivizes employers to pre‐​screen applicants by running them through E‐​Verify before hiring them, in contravention of the law, so many TPS workers hit with TNCs will never have a chance to resolve them.</p> <p>During the 4<sup>th</sup> quarter of fiscal year 2019, there were <a href="">9,824,265</a> E‐​Verify cases with only 176,837 flagged as TNCs. That 1.8 percent TNC rate for all E‐​Verify queries is about one‐​fifth as high as the rate of E‐​Verify queries coming back as TNCs for TPS migrants run through E‐​Verify. Of all E‐​Verify queries in the 4<sup>th</sup> quarter of fiscal year 2019, 13.5 percent of erroneous TNCs were later approved for work. E‐​Verify queries run on TPS migrant workers resulted in an erroneous TNC rate 48 percent higher than the nationwide erroneous TNC rate. TPS migrants are about 0.13 percent of the U.S. population but they accounted for 0.9 percent of all TNCs and about 14 percent of all resolved TNCs – far in excess of their share of the population.</p> <p>TPS migrants were about 7.3 times as likely to be hit with a TNC than we’d expect if E‐​Verify errors were distributed randomly. TPS migrants were about 10.8 times as likely to have their erroneous TNC corrected as the rest of the population run through E‐​Verify. If 100 percent of the TPS migrants had their erroneous TNCs corrected, they would account for 6.7 percent of all corrected TNCs that resulted in the worker being hired, which is a rate of correction that would be 54 <em>times</em> greater than what we’d expect if E-Verify’s errors were distributed randomly.</p> <p>TPS migrants were more likely to be run through E‐​Verify than their share of the U.S. population would suggest. They account for about 0.13 percent of the population but 0.18 percent of all E‐​Verify queries in the 4<sup>th</sup> quarter of fiscal year 2019. Even taking that into account, TPS migrants are still more likely to be granted false TNCs. No matter how you slice the numbers, even correcting for their elevated share of E‐​Verify queries, TPS holders disproportionately bear the costs of the error‐​prone E‐​Verify system.</p> <p>The results for the 4<sup>th</sup> quarter of 2019 are not an anomaly. During the entire time covered by the USCIS data from January 2016 through January 21, 2020, there were 191,990 E‐​Verify queries run against TPS migrants. Of those, 11,610 or 6 percent, came back as TNCs. Of the 11,610 TNCs, 17.1 percent were later approved for work. About 83 percent of TNCs against legal worker authorized TPS holders were not corrected during that time.</p> <p> <div data-embed-button="embed" data-entity-embed-display="view_mode:media.blog_post" data-entity-type="media" data-entity-uuid="bd5d4c84-aeda-4e54-8dad-344409db6942" data-langcode="en" class="embedded-entity"> <div class="embed embed--infogram js-embed js-embed--infogram"> <div class="infogram-embed" data-id="0797f2dc-b5dd-40e2-bc8c-481496f20601" data-type="interactive" data-title="Figure 1: Percentage of Erroneous TNC Cases Against TPS Migrants"></div> </div> </div> </p><p>During the Obama administration, from January 2016 through December of that year, 1.95 percent of E‐​Verify queries against TPS workers resulted in a TNC and 15.8 percent of them were erroneous. During the Trump administration, from January 2017 through late January 2020, 7 percent of E‐​Verify queries against TPS workers resulted in a TNC and 17.1 percent of them were erroneous. Although the rate of confirmed erroneous TNCs was similar under both administrations, the initial TNC rate was more than three times higher under the Trump administration than under the last year of the Obama administration. Furthermore, the average monthly number of TNCs issued to TPS migrants increased from 59 during the last year of the Obama administration to 301 during the Trump administration.</p> <p>E‐​Verify has been updated at least twice in ways that may have affected the issuance of TNCs for TPS workers. The first was in May 2018, right after a spike in the number of TNCs delivered against TPS migrants, and it guaranteed that E‐​Verify queries were run simultaneously against the Department of Homeland Security and the Social Security Administration databases. A second update in December 2019 automated the resolution of more TPS cases at the initial step, thus reducing the need to perform additional verification for cases involving TPS beneficiaries. It’s too soon to see if this later update has had any effect.</p> <p><strong>Conclusion</strong></p> <p>We’ve long known that E‐​Verify is an error‐​prone program that unintentionally denies legal immigrants the ability to work legally, but now we know that TPS workers are at even greater risk of being erroneously targeted by this program. At a very minimum, E‐​Verify errors like these should be minimized before the system is adopted by other states and localities. This is another reason to oppose E‐​Verify.</p> Thu, 30 Apr 2020 12:17:56 -0400 Alex Nowrasteh Judge Allows Warrantless Aerial Surveillance Over Baltimore Matthew Feeney <p>If you are a Baltimore resident there is a chance that over the next few months you will notice a small airplane circling above. Once you learn that it is a surveillance plane used to aid Baltimore police you might wonder how such persistent and warrantless surveillance is constitutional. After all, the Fourth Amendment of the Bill of Rights protects us from “unreasonable” searches and seizures. What could be more unreasonable that the warrantless use of an eye in the sky to snoop on hundreds of thousands of law abiding residents? The recent ruling from a Maryland district court allowing such surveillance helps highlight the sorry state of Fourth Amendment jurisprudence, which is of especially pronounced concern at a time when aerial surveillance – both manned and unmanned – is becoming increasingly intrusive.</p> <p>Persistent aerial surveillance over Baltimore is not new. <a href="">A few years ago</a>, the unambiguously named company Persistent Surveillance Systems (PSS) began flying its technology over Baltimore. It has also conducted flights over Dayton, Ohio; Compton, California; and Philadelphia, Pennsylvania. PSS uses technology originally used in Iraq, part of a regrettable trend of military gear making its way from foreign war zones to American police departments. The cameras used by PSS allow analysts to access what PSS founder Ross McNutt describes as <a href="">“Google Earth with TiVo”</a> over an area of about 32 square miles. Analysts can track people and cars, identifying where suspects travelled before and after alleged crimes.</p> <p>News that Baltimore police had been using PSS technology without key Baltimore officials (including the mayor and city council members) being informed caused uproar. Nonetheless, police in Baltimore are keen on using the technology, which is being bankrolled by non‐​profit run by the billionaire couple Laura and John Arnold. During the pilot PSS technology will be integrated with Baltimore police ground‐​level cameras and gun shot detection tools.</p> <p>In a bid to halt the surveillance, the grassroots organization Leaders of a Beautiful Struggle and a couple of activists argued that the use of warrantless aerial surveillance technology violated the First and Fourth Amendments of the U.S. Constitution. U.S. District Judge Richard Bennett <a href="">denial of their motion</a> outlines a number of issues with current Fourth Amendment jurisprudence while also showing that the most recent prominent Fourth Amendment case decided by the Supreme Court is not as helpful as many civil libertarians had hoped.</p> <p>Judges base their decisions on what constitutes a Fourth Amendment search by considering whether government action violated a “reasonable expectation of privacy.” The two‐​pronged reasonable expectation of privacy test, which Justice Harlan codified in his solo concurrence in the 1967 case <em>Katz. v. United States</em>, requires judges to consider whether government action 1) violated a subjective expectation of privacy, and if so 2) whether such a expectation is one society as a whole is prepared to accept as reasonable. If government action satisfies the reasonable expectation of privacy test it is a Fourth Amendment “search.”<br /><br /> Judge Bennett correctly notes in his opinion that the Supreme Court held in three cases in the 1980s (<em><a href="">Dow Chemical Co. v. United States</a>, <a href="">California v. Ciraolo</a>, </em>and <a href=""><em>Florida v. Riley</em></a>) that the warrantless surveillance of property from the air does not constitute a Fourth Amendment search. According to the Supreme Court, you do not have a reasonable expectation of privacy in the content of your private property observed from the air.</p> <p>Indeed, the Baltimore Police Department’s <a href="">memorandum on the constitutionality of PSS surveillance</a> correctly noted Supreme Court precedent:<br /><br /> “Here, like in Ciraolo, Dow Chemical, and Riley, the photographs taken from a manned aircraft flying within publicly navigable airspace do not constitute a search, and do not run afoul of the Constitution.”</p> <p>Judge Bennett goes on to discuss <em>Carpenter v. United States </em>(2018), the most significant Fourth Amendment Supreme Court decision in recent years. In <em>Carpenter</em>, the Supreme Court held that the warrantless use of cell‐​site location information (CSLI) to track a suspect for seven days violated the Fourth Amendment. The holding in <em>Carpenter </em>is a narrow one, with the majority written by Chief Justice Roberts noting: “This decision is narrow. It does not express a view on matters not before the Court; does not disturb [the Third Party Doctrine] or call into question conventional surveillance techniques and tools, such as security cameras.”</p> <p>Although a major case, it’s clear that <em>Carpenter </em>is not a case that privacy activists should rely on when it comes to challenging all persistent surveillance tools. Judge Bennett correctly writes in his opinion that the Supreme Court’s narrow holding in <em>Carpenter </em>does not implicate PSS surveillance.</p> <p>That the Supreme Court has not reassessed its 1980s aerial surveillance cases does not mean that warrantless and persistent aerial surveillance cannot be stopped. A number of states have taken steps to implement warrant requirements for drone surveillance, and there is no reason why Maryland lawmakers could not take steps to impose limits on manned and unmanned persistent aerial surveillance.</p> <p>Flights paths like <a href="">those </a><a href="">below</a>, which show recent PSS surveillance flights, should send chills down the spine of anyone who values civil liberties. It is not good enough for PSS defenders to argue that only wrongdoers need be worried. This kind of surveillance risks stifling valuable and legal activities such as protests and religious gatherings. It would not be unreasonable for many Baltimore residents to second‐​guess attending a protest if they know a PSS plane may be flying overhead. Members of some religious communities could also be forgiven for similar hesitance.</p> <p> </p><div data-embed-button="image" data-entity-embed-display="view_mode:media.blog_post" data-entity-type="media" data-entity-uuid="97400db5-5765-47c5-b5cd-7bb1e1853222" class="align-center embedded-entity" data-langcode="en"> <img srcset="/sites/ 1x, /sites/ 1.5x" width="700" height="336" src="/sites/" alt="Baltimore aerial surveillance flight path" typeof="Image" class="component-image" /></div> <div data-embed-button="image" data-entity-embed-display="view_mode:media.blog_post" data-entity-type="media" data-entity-uuid="37ce79b6-bb99-4504-b462-04edb7ec5f4f" class="align-center embedded-entity" data-langcode="en"> <img srcset="/sites/ 1x, /sites/ 1.5x" width="700" height="379" src="/sites/" alt="Baltimore aerial surveillance2 flight path" typeof="Image" class="component-image" /></div> <p>Aerial surveillance tools are becoming increasingly powerful. PSS cameras may not be able to identify individuals, who show up as blurs in PSS images, but we know that more powerful <a href="">aerial surveillance cameras exist</a>. It is true that the most intrusive of these cameras have been used by the military abroad, but we should be prepared for local police to deploy such technology as it becomes cheaper. Customs and Border Protection already uses drones originally designed for military missions, and we know that police departments across the country have demonstrated an <a href=";linkCode=osi&amp;th=1&amp;psc=1">unrestrained enthusiasm</a> for using military equipment at home.</p> <p>Until the Supreme Court reconsiders aerial surveillance it’s up to lawmakers to consider restrictions on persistent aerial surveillance. Unfortunately, too many lawmakers seem content with police using technology originally deployed in foreign wars.</p> Wed, 29 Apr 2020 12:35:07 -0400 Matthew Feeney Cato Institute Policy Analysis, “The New National ID Systems,” is shown on Netflix’s The Innocent Files Wed, 22 Apr 2020 10:43:54 -0400 Cato Institute, Jim Harper Surveillance and Civil Liberties in a Pandemic Matthew Feeney, Caleb O. Brown <p>Is there a&nbsp;role for government surveillance during a&nbsp;pandemic? And if so, does the genie go back in the bottle when the threat has passed? Matthew Feeney comments.</p> Wed, 15 Apr 2020 17:26:08 -0400 Matthew Feeney, Caleb O. Brown Barr v. American Association of Political Consultants Robert Corn-Revere, Ronald G. London, Ilya Shapiro, Trevor Burrus <div class="lead mb-3 spacer--nomargin--last-child text-default"> <p>Robo‐​calls are a&nbsp;growing issue of public concern, and the Telephone Consumer Protection Act (TCPA) is the federal law that regulates and penalizes their use. The law makes businesses who violate the many consumer‐​oriented provisions liable to private lawsuit. This is no idle threat, either; in the last ten years 21 TCPA cases have settled for over $10 million. It is also a&nbsp;favorite of states’ attorneys general, who earn popularity for targeting the sources of unwanted calls.</p> </div> , <div class="mb-3 spacer--nomargin--last-child text-default"> <p>The 1991 law was all‐​encompassing. Auto‐​dialers and pre‐​recorded calls were prohibited for political activists, local businesses, debt collectors, and charities alike. Unless a&nbsp;consumer has released their number willingly, they could not be called by such annoying methods. But in 2015, Congress passed a&nbsp;budget that contained an amendment exempting from the statute any calls made “solely to collect a&nbsp;debt owed to or guaranteed by the United States.”</p> <p>That exemption engendered a&nbsp;constitutional challenge from the American Association of Political Consultants (AAPC), arguing that the law had become a&nbsp;content‐​based restriction that is presumptively invalid under the First Amendment. Content‐​based restrictions are those that ban speech based on the content of the communication. Calls to collect government debt are different from other types of calls because of what is said on the call. The Fourth Circuit agreed that the restriction was content based but oddly “fixed” that problem by striking down the debt‐​collection exemption, which means the statute now bans more speech than before.</p> <p>The government petitioned the Supreme Court for review and the Court agreed to hear the case. Cato has filed an amicus brief in support of the AAPC. We argue that the exemption is a&nbsp;content‐​based restriction under any common‐​sense meaning of the term. Strict scrutiny is thus warranted partially because the exemption favors speech that benefits the government.</p> <p>Content‐​based restrictions are heavily scrutinized by courts partially because the government is not a&nbsp;neutral party, and it will often pass laws benefiting a&nbsp;certain type of speech. Generally, the only way the government can do that is by having regulations that select between different types of speech based on the content of the communication. While this may seem like a&nbsp;small fight over robo‐​calls, it’s important that the Court maintain a&nbsp;hard line on content‐​based restrictions. The government can’t play favorites when regulating speech because the government’s favorite is always the government.</p> </div> Wed, 01 Apr 2020 10:48:55 -0400 Robert Corn-Revere, Ronald G. London, Ilya Shapiro, Trevor Burrus Tom G. Palmer discusses the rise of the surveillance state on Learn Liberty Tue, 31 Mar 2020 10:52:09 -0400 Tom G. Palmer A Chance to Fix FISA Julian Sanchez <p>Last week, three Foreign Intelligence Surveillance Act authorities <a href="">expired</a> after a&nbsp;watered‐​down <a href="">reauthorization and reform bill</a> that had been hastily approved by the House ran into opposition in the Senate. <a href="">Though the Senate ultimately agreed to a&nbsp;short‐​term 77&nbsp;day extension</a>, the House has yet to act on it. Since the authorities are grandfathered for investigations already underway, or for potential offenses a&nbsp;temporary lapse is unlikely to have much operational impact, and an extension soon seems inevitable. When Congress does finally take up the issue again, this most recent compromise bill will be the baseline for further improvements—and improvements are sorely needed.</p> <p>There are certainly some things to approve of in the <a href="">failed compromise bill</a>, but it ultimately falls well short of what’s necessary—and includes a&nbsp;lot of cosmetic tweaks designed to mollify a&nbsp;<a href="">president outraged</a> over the <a href="">mishandling of the Carter Page investigation</a>, without actually effecting substantive change.</p> <p>Let’s review both the good and the not‐​so‐​good. The bill would finally put an end to the misbegotten “call detail records program” <a href="">initially exposed by Edward Snowden</a> nearly seven years ago, and preserved in a&nbsp;diluted form under the USA Freedom Act of 2015. Though more limited than its predecessor, which indiscriminately vacuumed up nearly all domestic call records, the USA Freedom version of the CDR program nevertheless led to the government <a href="">collecting hundreds of millions of call detail records each year</a>, based on just a&nbsp;handful of orders. Like its predecessors, it was both <a href="">plagued with compliance problems and errors</a>, and essentially useless operationally, as the independent <a href="">Privacy and Civil Liberties Oversight Board confirmed in a&nbsp;recent report</a>. Though NSA itself decided to mothball the program, the <a href="">administration formally requested that the authority for it be renewed</a>, just in case they saw a&nbsp;need for it in the future. Rejecting that idea, as this latest bill does, should be a&nbsp;no‐​brainer.</p> <p>There are also welcome–if inadequate–changes to the broader business records provision, also known as Section 215, which (as the name suggests) enables the government to obtain business records, or any other “tangible thing,” that is deemed “relevant” to a&nbsp;national security investigation. Because the bar for obtaining §215 orders is far lower than the probable cause required for a&nbsp;full‐​blown FISA warrant, the new bill closes a&nbsp;potential loophole by clarifying that the authority may not be used to obtain any record that would otherwise require a&nbsp;full search warrant in an ordinary criminal investigation—and that this includes location information, which the Supreme Court brought under the protection of the Fourth Amendment in <a href=""><em>Carpenter v. United States</em></a> (2018).</p> <p>Yet this bill does not go nearly as far as Sen. Ron Wyden’s <a href="">Safeguarding Americans’ Private Records Act</a>, which would similarly require a&nbsp;warrant to obtain a&nbsp;target’s Web browsing history and other categories of particularly sensitive records. Nor, perhaps more importantly, does it address the underlying breadth of §215: The trivially low bar of “relevance to an investigation” compounded by a&nbsp;<em>requirement</em> that the FISA Court approve orders for individuals with any connection to the target of an investigation. In the now notoriously botched investigation of former Trump campaign advisor Carter Page, for instance, the FISA Court would have been presumptively obligated to issue an order for the financial or telecommunications records of anyone “known to” or “in contact with” Page, since he was the target of a&nbsp;foreign intelligence investigation believed to be acting as an agent of a&nbsp;foreign power, and all such records are defined as automatically “relevant” by the statute. In principle, that would have made the records of virtually the whole of the senior Trump campaign staff available to the FBI without any further basis for suspecting them individually,</p> <p>Also in the positive column are expansions of the role of the FISA Court’s <em>amici curiae</em>—expanding their ability to provide the Court with an independent perspective from the government’s, and assuring them access to files and evidence needed to do their job effectively—as well as a&nbsp;firmer deadline for the publication of significant rulings by the Court. But these are ultimately efforts to compensate for a&nbsp;deeper defect in the FISA process: Unlike ordinary criminal wiretaps, FISA surveillance is normally permanently covert by default, with only a&nbsp;tiny fraction of those spied on every learning about it. Eliminating that back‐​end notice to the target of surveillance—notice that is normally considered constitutionally necessary to make a&nbsp;search “reasonable”—also eliminates an important incentive to be scrupulous in seeking applications. There may often be compelling national security reasons to delay notice to individual targets, perhaps even for quite extended periods of time, but at least in the case of U.S. persons, there is no good justification for making secrecy the universal, uniform default: The government should have to make the argument once surveillance terminates. In cases where surveillance has ultimately failed to support the government’s belief that a&nbsp;U.S. target had acted as a&nbsp;foreign agent, then there will often be no compelling national security rationale for failing to disclose.</p> <p>Finally, there are what I&nbsp;think of as the “Carter Page provisions” of the bill. These are fairly clearly calculated to persuade Donald Trump that serious reforms have been enacted which will prevent a&nbsp;repeat of the grossly flawed investigation of his erstwhile advisor. As one might expect, they are largely cosmetic—sounding “tough” but with little real chance of making much practical difference. Criminal penalties for misuse of FISA are increased somewhat, which doesn’t add up to much if, in practice, nobody is ever actually criminally prosecuted for FISA misuse. Even in the Page case, only one of the attorneys involved in reviewing the application faces even the slenderest chance of prosecution. FBI agents are not thinking “well, I’ll falsify an application if I&nbsp;risk a&nbsp;three year prison term, but eight is too much!” They don’t believe they will be prosecuted, and they are well justified in that belief.</p> <p>There’s also a&nbsp;provision requiring the “attorney general” to approve in writing of investigations targeting candidates for federal office before certain FISA tools can be employed. “Attorney general” is in quotation marks there, because for FISA purposes “attorney general” is actually defined as a&nbsp;cluster of senior Justice Department officials who must already sign off on any full‐​blown FISA surveillance. And given the narrowness of this provision, it’s not clear it would have applied even to the investigation of Page—not himself a&nbsp;candidate for any office.</p> <p>These aren’t necessarily inherently objectionable, but they are ultimately Potemkin reforms designed to persuade an audience of one to sign an otherwise relatively weak bill.</p> <p>In short, the FISA reauthorization bill qualifies as a&nbsp;promising start, but falls fall short of the fiery rhetoric we’ve heard lately about the need to overhaul the system. But it remains a&nbsp;stronger baseline than many civil libertarians would have thought possible a&nbsp;few years ago, and if amendments offered before a&nbsp;final vote address some of the shortcomings identified here, reality might actually live up to the rhetoric.</p> <p><em><a href="">Cross posted to the Just Security</a>.</em></p> </p> Fri, 27 Mar 2020 17:46:49 -0400 Julian Sanchez Foes of Suspicionless Surveillance Score a Small Win Patrick G. Eddington, Caleb O. Brown <p>Amendments will finally be offered to the broad federal surveillance powers granted by Congress. Patrick Eddington discusses what that means for liberty and privacy.</p> Mon, 23 Mar 2020 09:18:41 -0400 Patrick G. Eddington, Caleb O. Brown Clearview AI and You Cato Institute <p>Is there a picture of you on social media?</p> <p>If so, you are possibly among the trove of people whose images are part of a massive facial‐​recognition database. A company called Clearview AI collected billions of publicly available images from websites to build a facial image search engine. Clearview’s clients include public and private organizations alike, including the FBI, local police departments, Walmart, Macy’s, and even the NBA.</p> <p>Too often, police across the country use surveillance technology without first informing the public. Although law enforcement agencies have used Clearview’s technology to investigate crimes, it could also allow them to identify protesters, journalists, and people simply engaged in legal activity.</p> <p>A liberal society requires citizens and residents to have private areas. Facial recognition databases used by law enforcement should only include data related to people with outstanding warrants for violent and other serious crimes. Local officials should halt the use real‐​time identification and be transparent about the surveillance technology they plan to use.</p> <p>Facial recognition can be useful, but without right protections and restrictions it’s a surveillance nightmare.</p><br /><div> <h4>RELATED</h4> <span class="hs-cta-wrapper" id="hs-cta-wrapper-6e07a506-8772-408c-81ed-3c1dcc7300be"><span class="hs-cta-node hs-cta-6e07a506-8772-408c-81ed-3c1dcc7300be" id="hs-cta-6e07a506-8772-408c-81ed-3c1dcc7300be"><a href="" target="_blank"><img class="hs-cta-img lozad" id="hs-cta-img-6e07a506-8772-408c-81ed-3c1dcc7300be" alt="PODCAST: Clearview and the Cops" data-src="" /></a></span> //--&gt; </span> <p>A tech company promises to link up photos of unknown people with their presence on the web for private clients and police. What does that mean for privacy, and for how police do their jobs?</p><br /><span class="hs-cta-wrapper" id="hs-cta-wrapper-c88bd2e4-8d98-4ed5-a6d3-d5b34601373b"><span class="hs-cta-node hs-cta-c88bd2e4-8d98-4ed5-a6d3-d5b34601373b" id="hs-cta-c88bd2e4-8d98-4ed5-a6d3-d5b34601373b"><a href="" target="_blank"><img class="hs-cta-img lozad" id="hs-cta-img-c88bd2e4-8d98-4ed5-a6d3-d5b34601373b" alt="Facial Recognition Technology Is Getting out of Control " data-src="" /></a></span> //--&gt; </span> <p>Technology may be moving faster than the law, but that’s not a reason for officials to resign themselves to an inevitable world where the abolition of privacy is the price of a social life.</p> </div> Tue, 17 Mar 2020 16:17:14 -0400 Cato Institute Facial Recognition Technology Is Getting out of Control Matthew Feeney <div class="lead mb-3 spacer--nomargin--last-child text-default"> <p>Until January few had heard of Clearview AI, a&nbsp;company that has scraped billions of publicly available images from millions of websites in order to build a&nbsp;facial image search engine app.</p> </div> , <div class="mb-3 spacer--nomargin--last-child text-default"> <p>Clearview claims that more than six hundred law enforcement agencies have used its technology in the last year. News that police officers can search against a&nbsp;plethora of images uploaded to the most popular social media platforms has prompted outcry from officials, activists, and civil libertarians.</p> <p>Clearview’s technology should concern everyone who values privacy and security.</p> <p><strong>The dangers of Clearview’s tech</strong></p> </div> , <aside class="aside--right aside--large aside pb-lg-0 pt-lg-2"> <div class="pullquote pullquote--default"> <div class="pullquote__content h2"> <p>Technology may be moving faster than the law, but that’s not a&nbsp;reason for officials to resign themselves to an inevitable world where the abolition of privacy is the price of a&nbsp;social life.</p> </div> </div> </aside> , <div class="mb-3 spacer--nomargin--last-child text-default"> <p>Clearview CEO Hoan Ton‐​That has been on the defensive since a&nbsp;<em>New York Times&nbsp;</em>report raised the company’s profile from relative obscurity to the topic of a&nbsp;nationwide privacy discussion. Ton‐​That claims that the First Amendment allows Clearview to scrape publicly available images, although&nbsp;<a href="" target="_blank">some lawyers disagree</a>.</p> <p>Many of “Big Tech’s” best‐​known firms, such as YouTube, Facebook, and Twitter have issued Clearview cease‐​and‐​desist letters. Clearview, clearly wary of the potential backlash to news of its technology, has hired former solicitor general Paul Clement to buttress its legal arguments.</p> <p>Clearview did&nbsp;not provide a&nbsp;list of the agencies using its app to the&nbsp;<em>New York Times</em>. However,&nbsp;<a href="" target="_blank">a&nbsp;leaked list</a>&nbsp;of Clearview clients reveals that many of Clearview’s customers are private companies such as Macy’s as well as state and local police departments including the Miami Police Department, Philadelphia Police Department, Chicago Police Department, and New York State Police.</p> <p>Clearview’s credentialed users include FBI agents and Customs and Border Patrol officers. In the hands of a&nbsp;police officer prone to misconduct, Clearview’s app would be a&nbsp;dangerous tool, allowing them to identify protesters, journalists critical of their departments, and people simply engaged in legal activity.</p> <p>Too often, police across the country use surveillance technology without first informing the public. In one particularly egregious case, police in Baltimore partnered with a&nbsp;private company that builds airplane‐​mounted surveillance technology without even informing local officials, let alone the&nbsp;<a href="" target="_blank">public</a>.</p> <p>Facial recognition is a&nbsp;more pressing concern than aerial surveillance. Thanks to technology like that developed by Clearview, anyone who has uploaded photos of themselves to social media is potentially identifiable to hundreds of law enforcement agencies.</p> <p>Even those who have opted out of social media can be identified via Clearview. If someone took a&nbsp;photo of you — even if you have no social media whatsoever — and Tweeted it or posted it on their Facebook page, you could end up among the billions of images Clearview scraped.</p> <p>Clearview defenders have highlighted that its technology has been used to identify children who have been sexually abused. Law enforcement agencies have noted that Clearview’s technology has been used to investigate a&nbsp;wide range of crimes including murder, shoplifting, and identity theft.</p> <p>But the fact that technology can be used to investigate crimes and help secure convictions is not a&nbsp;sufficient condition for its unbridled use. Wiretapping is often a&nbsp;valuable method for gathering evidence of serious crimes, but police cannot use wiretap technology without first having an order approved by a&nbsp;judge.</p> <p>A liberal society requires citizens and residents to have private areas, and civil liberties protections help ensure the sanctity of such spaces even if many crimes are committed outside the watchful eye of surveillance technology.</p> <p><strong>Finding the right balance</strong></p> <p>A&nbsp;<a href="">liberal approach to facial recognition</a>&nbsp;that respects civil liberties without being technophobic would require that facial recognition databases queried by law enforcement should only include data related to people with outstanding warrants for violent and other serious crimes. It would also ban the use of real‐​time identification and require local officials to be transparent about the surveillance technology they plan to use.</p> <p>It would be wrong to portray facial recognition as a&nbsp;technology that inevitably leads to civil liberty abuses. Like any other piece of technology, it can be used for good and ill. Yet the potential for tools like Clearview to be misused at a&nbsp;time when facial recognition is relatively unregulated should prompt lawmakers and officials to prevent law enforcement officers from using Clearview’s app.</p> <p>Lawmakers across the country have already taken steps to limit the use of surveillance technology and increase transparency.</p> <p>The American Civil Liberties Union’s <a href="" target="_blank">&nbsp;Community Control Over Police Surveillance campaign</a>&nbsp;resulted in surveillance transparency bills passing across the country. A&nbsp;handful of cities, including San Francisco and Cambridge, Massachusetts, have passed bans on government use of facial recognition.</p> <p>Sens. Cory Booker (D-NJ) and Jeff Merkley (D-OR) recently introduced a&nbsp;bill that would place a&nbsp;moratorium on federal funds being used on state or local facial recognition systems and ban federal use of the technology until a&nbsp;commission outlined appropriate safeguards.</p> <p>While&nbsp;<a href="">I&nbsp;don’t support a&nbsp;complete ban</a>&nbsp;on facial recognition, it’s not hard to understand why officials have implemented bans in an environment where technology is outpacing the law.</p> <p>Technology may be moving faster than the law, but that’s not a&nbsp;reason for officials to resign themselves to an inevitable world where the abolition of privacy is the price of a&nbsp;social life.</p> <p>Facial recognition can be a&nbsp;valuable tool for law enforcement, but absent the right protections and regulations it’s a&nbsp;surveillance nightmare. Lawmakers should take steps to ensure that police and other government officials can’t use facial recognition technology to identify law abiding residents and citizens.</p> </div> , <div class="mb-3 spacer--nomargin--last-child text-default"> <div> <h4>RELATED</h4> <span class="hs-cta-wrapper" id="hs-cta-wrapper-6e07a506-8772-408c-81ed-3c1dcc7300be"><span class="hs-cta-node hs-cta-6e07a506-8772-408c-81ed-3c1dcc7300be" id="hs-cta-6e07a506-8772-408c-81ed-3c1dcc7300be"><a href="" target="_blank"><img class="hs-cta-img lozad" id="hs-cta-img-6e07a506-8772-408c-81ed-3c1dcc7300be" alt="PODCAST: Clearview and the Cops" data-src="" /></a></span> //--&gt; </span> <p>A tech company promises to link up photos of unknown people with their presence on the web for private clients and police. What does that mean for privacy, and for how police do their jobs?</p><br /><span class="hs-cta-wrapper" id="hs-cta-wrapper-f34ea05f-0613-47a2-aa29-9e7322cf6473"><span class="hs-cta-node hs-cta-f34ea05f-0613-47a2-aa29-9e7322cf6473" id="hs-cta-f34ea05f-0613-47a2-aa29-9e7322cf6473"><a href="" target="_blank"><img class="hs-cta-img lozad" id="hs-cta-img-f34ea05f-0613-47a2-aa29-9e7322cf6473" alt="VIDEO: Clearview AI and You" data-src="" /></a></span> //--&gt; </span> <p>Facial recognition can be useful, but without the right protections and restrictions, it’s a surveillance nightmare.</p><br /></div> </div> Mon, 09 Mar 2020 14:55:50 -0400 Matthew Feeney Patrick G. Eddington discusses domestic surveillance spying on free speech groups on the CounterSpeak podcast Wed, 04 Mar 2020 11:06:20 -0500 Patrick G. Eddington In Hoffa’s Shadow: A Stepfather, a Disappearance in Detroit, and My Search for the Truth Jack Goldsmith, Gene Healy, Patrick G. Eddington <p>How would you react if your stepfather, a&nbsp;man you revered, was accused of the greatest unsolved murder of the 20th century? How would it alter your relationship with him, the rest of your family, and your friends and colleagues? How would your own subsequent exposure to the federal government’s investigative and surveillance powers reshape your view of the government, your stepfather, and yourself? Former Assistant Attorney General Jack Goldsmith experienced all these things and more, sharing them with the world via his third book, <em><a href="" target="_blank">In Hoffa’s Shadow: A&nbsp;Stepfather, a&nbsp;Disappearance in Detroit, and My Search for the Truth</a></em>.</p> Mon, 02 Mar 2020 17:02:53 -0500 Jack Goldsmith, Gene Healy, Patrick G. Eddington Cato Institute research on e‐​Verify is cited at the Florida House Committee on Commerce Thu, 27 Feb 2020 12:54:07 -0500 Cato Institute Julian Sanchez discusses FISA on FBN’s Kennedy Thu, 27 Feb 2020 09:16:21 -0500 Julian Sanchez Cops Partner with Ring to Deliver Doorbell Surveillance Matthew Feeney, Caleb O. Brown <p>Amazon’s Ring provides handy surveillance of the front porches of many Americans. What happens when localities partner with the company to make it easier for cops to get the footage?</p> Wed, 26 Feb 2020 16:14:53 -0500 Matthew Feeney, Caleb O. Brown Disrupt, Discredit, and Divide: How the New FBI Damages Democracy Michael German, Caleb O. Brown <p>How did the FBI turn into a&nbsp;domestic intelligence agency? How does the FBI do its job today? Mike German is author of <em>Disrupt, Discredit, and Divide: How the New FBI Damages Democracy</em>.</p> Tue, 25 Feb 2020 17:48:17 -0500 Michael German, Caleb O. Brown An Effort to Reform Warrantless Surveillance Sen. Steve Daines, Sen. Ron Wyden, Caleb O. Brown <p>Ending longstanding warrantless surveillance of Americans has long been a&nbsp;desire of libertarians. So how do Senators Steve Daines (R-MT) and Ron Wyden (D-OR) plan to accomplish it?</p> Mon, 17 Feb 2020 16:28:20 -0500 Sen. Steve Daines, Sen. Ron Wyden, Caleb O. Brown Greg Nojeim and Chip Gibbons at the 2019 Cato Surveillance Conference Wed, 05 Feb 2020 10:06:27 -0500 Greg Nojeim, Chip Gibbons Matthew Feeney discusses Clearview and security concerns around facial recognition on CKOM’s The Brent Loucks Show Wed, 22 Jan 2020 11:21:31 -0500 Matthew Feeney Julian Sanchez discusses privacy concerns surrounding the FBI’s attempt to unlock 2 I‐​Phones after the Pensacola Naval Base shooting on NPR’s 1A Thu, 16 Jan 2020 13:08:24 -0500 Julian Sanchez Julian Sanchez participates in the event, “Reforming the FISA Process: Proposals for the Future,” at the NYU School of Law Thu, 16 Jan 2020 11:04:42 -0500 Julian Sanchez