Thursday, July 21, 2022

Panel calls for ending data dumps without a search warrant

A new law is needed to stop state, local and federal law enforcement and intelligence agencies from surveilling wide swathes of the U.S. population without a warrant, said panelists during a recent federal hearing, according to Government Technology.

The Fourth Amendment’s privacy protections require law enforcement to obtain a warrant before searching individuals’ personal records — and this definition should include their digital footprints, said Brett Tolman, executive director of Right on Crime, a group that advocates for “conservative criminal justice solutions.” Such requirements ought to prevent law enforcement from gathering extensive data collections on broad populations without first establishing probable cause, he said.

But agencies repeatedly skip getting permission to collect data themselves and instead purchase it from data brokers — essentially, a loophole, said panelist Bob Goodlatte, senior policy adviser for the nonpartisan advocacy group Project for Privacy and Surveillance Accountability.

“Agencies ranging from the Defense Intelligence Agency to the IRS to, likely, the FBI and CIA as well, are buying the personal data of millions of Americans they would otherwise have to get a warrant to obtain,” said Goodlatte.

Brokers sell vast data compilations that may include details like job histories, home addresses, voting records and more, and data broker LexisNexis alone contracts with more than 1,300 state and local law enforcement agencies, said Sarah Lamdan, law professor at The City University of New York School of Law.

Such practices can open the door to privacy invasions and wrongful arrests.

Rep. Jamie Raskin (D-MD) summarized calls to ban law enforcement from making such purchases:

“This is essentially the meta technological equivalent of saying that, if the government can't enter your home without a search warrant, they can't pay somebody who breaks into your home or otherwise gains access through some kind of duplicity [like] saying that they're a carpenter.”

'IT INVITES ABUSE'

Panelists and House representatives from both parties said that government purchasing collections and analyses of resident data without first establishing probable cause is unjustifiably invasive and enables governments to subject particular demographic groups and political parties for oversurveillance and arrest.

“It invites abuse, in particular, the targeting of people or groups based on race, religion or political activity,” said Elizabeth Goitein, senior director of the Brennan Center for Justice’s Liberty and National Security Program.

The discussion took place against the backdrop of the Dobbs decision, which has sparked fears that states criminalizing abortion might seek out anyone considering the procedure by collecting data from residents’ web searches, period apps and cellphone geolocation information. And warrantless data tracking and collection can affect people across all ideological and political divides, Goodlatte said, noting government could just as readily monitor people visiting gun stores.

Police data purchases raise concerns in the courtroom, too, according to Rebecca Wexler, an assistant professor of law and co-director of the Berkeley Center for Law and Technology. Current practices can tip the scales against criminal justice defendants. That’s in part because law enforcement and defense often get less insight into any potentially game-changing flaws and biases in third-party gathered data, causing them to miss context that could invalidate evidence.

A LEGISLATIVE FIX?

Many panelists recommended passing a federal privacy law restricting how and when private firms collect all this personal data in the first place. But that’s a larger task, and legislators should also push a quicker, targeted fix: passing the Fourth Amendment Is Not For Sale Act, panelists said. That measure would compel government to follow the spirit of existing rules, closing loopholes and updating policies to better reflect modern realities.

The act would bar law enforcement and intelligence agencies from buying customer and subscriber records or information collected illegally. And if agencies nonetheless violate this rule, they’d be forbidden to use that information as evidence in court or other proceedings.

The act also limits government’s ability to force companies to hand over such data. It says that if governments would - under current law - need a court order to get certain records from an electronic communications or remote computing services provider, then they’d also need a court order to get such records from a third party. That means officers who fail to get a judge’s approval to compel a telecom to share records could not just turn around and force that information out of a data broker the telecom sold the records to — unless officers first get a judge’s go-ahead.

“The government cannot obtain records from companies like Facebook and Google without a court order. Why should data brokers be treated any differently?” Goodlatte said.

EXISTING RULES

Goodlatte said there’s nothing necessarily wrong with agencies gathering personal data on suspects, so long as they follow the rules and show probable cause first. The process of seeking a warrant forces agencies to justify why they want the data, which helps catch situations in which unconscious or conscious prejudices — not genuine need — drive the quest for data on a particular group, Goitein said.

Speakers like Rep. Andy Biggs (R-AZ) also worried about the kind of data government can get through warrants. He cited a 2019 incident in which Gainesville, Fla., police used a warrant to make Google share data about all devices near the site of a break-in. This led them to wrongfully suspect a resident, because Google had tracked his phone passing by the house on his regular biking route.

SKEWED JUSTICE?

Criminal defense attorneys have the right to see evidence the other side has collected that could exculpate the defendant. For example, defendants ought to know if quality control errors make the data unreliable and if the software used to collect the data is skewed by bias or other issues, Wexler said. Government also generally cannot present illegally obtained evidence, and Wexler said defendants should learn if data was gathered “in violation of a privacy statue, or through breach of contract or through unlawful hacking,” she said.

But police buying information from data brokers are unlikely to know its limits or how it was gathered.

“When law enforcement purchases data from intermediaries, or uses private biometric databases, or licenses surveillance software from private companies, the officers can stay ignorant of flaws in the data,” Wexler said.

Defendants cannot discover such context through cross-examining police, if officers simply don’t know anything about their data brokers’ practices. Another hurdle: Firms are unlikely to voluntarily share information about their product, and defendants have limited abilities to compel them to through subpoenas, Wexler said. Some surveillance technology vendors also only sell to law enforcement, which blocks criminal defense from purchasing copies of the tools to test them for accuracy.

Evening out the playing field between prosecution and defense could require policies strengthening criminal defense’s subpoena powers, Wexler said.

WHAT IS 'VOLUNTARY'?

Laws crafted in the technological climate of the 1970s state that residents cannot expect to keep information private if they share it “voluntarily” — such as personal details shared with a bank when opening an account. But panelists say the interpretation of “voluntary” needs updating to match today’s realities.

Many personal data collected on people isn’t something they’re really giving up voluntarily, in an age when fully participating in society requires driving on roads with license plate readers and using cellphones that tightly track users, Lamdan said.

Plus, users of app and other digital services may not be able to give truly informed consent about data sharing. Company policies can be misleading, and customers who knowingly share information with a particular company have no control over whether and to whom that company then resells the data, Goitein said.

Users are also often told their data is “anonymous,” but this veil of privacy can easily be broken when data brokers purchase the records and combine them with other details, said Lamdan. And even customers who try to opt out cannot escape companies creating profiles on them through information gleaned from friends, families and associates’ online activities.

The Supreme Court appeared to give a nod to some of these concerns in a 2018 ruling that said police need warrants to seize certain cellphone records that reveal their locations. The court felt phone owners ought to trust that their personal movements are private and that they weren’t actively choosing to share this data.

To read more CLICK HERE

No comments:

Post a Comment