Instead of obtaining a warrant, the NSA would like to keep buying your data

[Undescribed Horrific Abuse, One Victim & Survivor of Many]

reprinted from arstechnica, reprinted from wired.com

https://arstechnica.com/tech-policy/2023/07/instead-of-obtaining-a-warrant-the-nsa-would-like-to-keep-buying-your-data/

An effort by United States lawmakers to prevent government agencies
from domestically tracking citizens without a search warrant is facing
opposition internally from one of its largest intelligence services.

Republican and Democratic aides familiar with ongoing defense-spending
negotiations in Congress say officials at the National Security Agency
(NSA) have approached lawmakers charged with its oversight about
opposing an amendment that would prevent it from paying companies for
location data instead of obtaining a warrant in court.

Introduced by US representatives Warren Davidson and Sara Jacobs, the
amendment, first reported by WIRED, would prohibit US military
agencies from “purchasing data that would otherwise require a warrant,
court order, or subpoena” to obtain. The ban would cover more than
half of the US intelligence community, including the NSA, the Defense
Intelligence Agency, and the newly formed National Space Intelligence
Center, among others.
https://www.wired.com/story/ndaa-2023-davidson-jacobs-fourth-amendment/

The House approved the amendment in a floor vote over a week ago
during its annual consideration of the National Defense Authorization
Act, a “must-pass” bill outlining how the Pentagon will spend next
year’s $886 billion budget. Negotiations over which policies will be
included in the Senate’s version of the bill are ongoing.

In a separate but related push last week, members of the House
Judiciary Committee voted unanimously to advance legislation that
would extend similar restrictions against the purchase of Americans’
data across all sectors of government, including state and local law
enforcement. Known as the “Fourth Amendment Is Not For Sale Act,” the
bill will soon be reintroduced in the Senate as well by one of its
original 2021 authors, Ron Wyden, the senator’s office confirmed.
https://www.wired.com/story/fourth-amendment-is-not-for-sale-act-2023/
https://subscriber.politicopro.com/article/2023/07/momentum-grows-for-bill-banning-data-sales-to-government-agencies-00108470

“Americans of all political stripes know their Constitutional rights
shouldn’t disappear in the digital age," Wyden says, adding that there
is a “deep well of support” for enshrining protections against
commercial data grabs by the government “into black-letter law.”

The extent to which the NSA in particular uses data brokers to obtain
location and web-browsing data is unclear, though the agency has
previously acknowledged using data from “commercial” sources in
connection with cyber defense. Regardless, the NSA’s lawyers have
authored extensive guidelines for acquiring commercially available
data, particularly when it belongs to US companies or individuals.
Some of the rules prescribed by the agency’s lawyers remain
classified.

The NSA did not respond to multiple requests for comment.

A government report declassified by the Office of the Director of
National Intelligence last month revealed that US intelligence
agencies were avoiding judicial review by purchasing a “large amount”
of “sensitive and intimate information” about Americans, including
data that can be used to trace people’s whereabouts over extended
periods of time. The sensitivity of the data is such that “in the
wrong hands,” the report says, it could be used to “facilitate
blackmail,” among other undesirable outcomes. The report also
acknowledges that some of the data being procured is protected under
the US Constitution’s Fourth Amendment, meaning the courts have ruled
that government should be required to convince a judge the data is
linked to an actual crime.
https://www.wired.com/story/odni-commercially-available-information-report/

The US Supreme Court has previously ordered the government to obtain
search warrants before seeking information that may “chronicle a
person’s past movements through the record of his cell phone signals.”
In the landmark Carpenter v. United States decision, the court found
that advancements in wireless technology had effectively outpaced
people’s ability to reasonably appreciate the extent to which their
private lives are exposed.
https://www.wired.com/story/carpenter-v-united-states-supreme-court-digital-privacy/

A prior ruling had held that Americans could not reasonably expect
privacy in all cases while also voluntarily providing companies with
stores of information about themselves. But in 2018 the court refused
to extend that thinking to what it called a “new phenomenon”: wireless
data that may be “effortlessly compiled” and the emergence of
technologies capable of granting the government what it called “near
perfect surveillance.” Because this historical data can effectively be
used to “travel back in time to retrace a person’s whereabouts,” the
court said, it raises “even greater privacy concerns” than devices
that can merely pinpoint a person’s location in real time.

Crucially, the court also held that merely agreeing to let data be
used “for commercial purposes” does not automatically abrogate
people’s “anticipation of privacy” for their physical location. Rather
than apply this view to location data universally, however, the
government has allowed defense and intelligence agencies to assume a
contradictory view, as their activities were not a factor in
Carpenter’s law enforcement-focused ruling.

A growing number of American lawmakers have argued in recent weeks
that the US intelligence community is itself more or less facilitating
the erosion of that privacy expectation—that location data is
protected from unreasonable government intrusion—mainly by ensuring it
isn’t.
https://www.wired.com/story/fourth-amendment-is-not-for-sale-act-2023/

Andy Biggs, who chairs a subcommittee on federal government
surveillance in the House of Representatives, says the federal
government has “inappropriately collected and used Americans’ private
information” for years. A whole range of agencies, including the
Federal Bureau of Investigation and the Drug Enforcement Agency, have
been exploiting “legal loopholes,” he says, to avoid oversight while
amassing “endless amounts of data.”

A senior advisory group to the director of national intelligence,
Avril Haines, the government’s top spy, stated in the report
declassified last month that intelligence agencies were continuing to
consider information “nonsensitive” merely because it had been
commercially obtained. This outlook ignores “profound changes in the
scope and sensitivity” of such information, the advisors warned,
saying technological advancements had “undermined the historical
policy rationale” for arguing that information that is bought may be
freely used “without significantly affecting the privacy and civil
liberties of US persons.”

Haines’ office did not respond to multiple requests for comment. In a
statement last month, the director said she was working to implement
key recommendations from her advisors and believed that Americans
should be given “some sense” of the policies affecting the collection
of their personal data. Much of the framework for dealing with
commercial purchases by the intelligence community would be disclosed
publicly when it is eventually finalized, she said.

The practice of paying businesses to spy on US citizens is one of
several concerns lawmakers say they’ll be exploring this fall during
what’s slated to be a long and heated debate over one of the
government’s most powerful surveillance tools: Section 702 of the
Foreign Intelligence Surveillance Act.
https://www.wired.com/story/fbi-section-702/

The Mozilla Foundation joined the chorus of civil society groups
calling for reforms of the 702 program today, saying FISA’s current
process is “overbroad” and “restricted only by weak legislation and
executive orders that, experience has shown, do not create real
accountability.”