WASHINGTON — As the House Energy and Commerce Committee approved a federal data privacy bill last week, lawmakers on the House Judiciary Committee were looking to plug a gap in the law that allows government agencies to conduct broad surveillance without obtaining warrants or subpoenas to do so.
The Fourth Amendment prohibits law enforcement agencies from conducting searches, seizures and surveillance on Americans without court-approved warrants or subpoenas. But the FBI, the Department of Homeland Security and state and local law enforcement agencies are bypassing the restrictions by turning to commercial data brokers and database providers that collect vast quantities of data on Americans and using that to conduct surveillance.
Democrats and Republicans, for different reasons, want to prevent law enforcement agencies from snooping on Americans’ data.
Democrats are alarmed that women seeking abortions and other reproductive health consultations can be tracked through their online activities and risk prosecution in states that are banning abortion and putting other restrictions in place in the wake of the Supreme Court’s reversal in June of a constitutional right to an abortion.
Republicans are concerned about the surveillance measures the government used, for example, to identify those who took part in the Jan. 6, 2021, attack on the Capitol.
“I think one of the … things about surveillance, and you see it in the kind of bipartisan support, is nobody likes being spied on. Nobody wants their data to be used for creepy things that they don’t have notice of, or that they’re not aware of, and that cuts across party lines,” Sarah Lamdan, professor at the City University of New York School of Law, said in an interview. “It just kind of shows what a big issue data privacy is, and how central it is for everybody, regardless of political affiliation.”
The House Judiciary Committee last week held a hearing on a bill introduced in October 2021 by Rep. Jerrold Nadler, D-N.Y., chairman of the committee, and co-sponsored by Rep. Zoe Lofgren, D-Calif., that would seek to close the gap in law. Rep. Jim Jordan, R-Ohio, the committee’s ranking member, expressed support for the legislation.
The Senate has a companion bill, introduced in April 2021 and backed by Senate Finance Chair Ron Wyden, D-Ore., Sen. Rand Paul, R-Ky., and 19 others. Wyden has been a longtime champion of protecting Americans’ privacy from unauthorized government surveillance.
Rights over online and digital data
The House Energy and Commerce Committee last week approved, 53-2, legislation that would for the first time establish federal law giving Americans rights over their online and digital data. The bill would give Americans the right to opt out of targeted advertising, ask tech companies to delete data and protect children and minors from being targeted for data collection.
Federal data privacy law would likely place restrictions on the ease with which companies collect data on individuals, Elizabeth Goitein, senior director at the Brennan Center for Justice at the New York University School of Law, told lawmakers. But Congress “should move ahead very quickly with the Fourth Amendment is Not For Sale Act because there’s no reason to delay that,” Goitein said, referring to the bills backed by Nadler and Wyden.
“I think what Congress needs to do is to close the gaps that have opened up in existing laws that are allowing the government to evade those laws while then, simultaneously, taking on the larger project (of) expanding the universe of privacy protections,” Goitein said.
The Nadler and Wyden bills would prohibit law enforcement and other government agencies, including spy agencies, from obtaining data on Americans through third-party data brokers by paying for such information. Law enforcement agencies that obtain such information from commercial entities would not be able to use it as evidence in investigations and court cases.
Giving Americans greater rights over their data and preventing government agencies from obtaining data from third-party providers are related.
Companies gather and analyze data from Americans’ online presence, their use of digital tools and apps and even from driver’s licenses and utility bills. Not only do those companies use that data to steer advertising and marketing to consumers, the companies sell the data to government entities.
The FBI, Immigration and Customs Enforcement, a DHS agency, as well as state and local police departments are among those that buy information from commercial database providers to conduct surveillance, lawmakers and experts say. Legislation that would limit companies’ collection of data wouldn’t necessarily prevent the sale of that data to the state.
Gathering large troves of information on individuals “alone presents significant privacy concerns,” Nadler said. “It is even more troubling that law enforcement and intelligence agencies at all levels of government are purchasing this data for their own use, often sidestepping protections designed to limit the direct acquisition of the exact same information.”
Lamdan, who testified to House Judiciary at its hearing last week, told lawmakers that three types of companies were involved in assembling, analyzing and selling databases to government agencies.
Data brokers such as LexisNexis and Thomson Reuters promote their databases to government agencies by promising that they collect more than 10,000 different types of data for each individual, Lamdan said.
LexisNexis has contracts with 1,300 local and state law enforcement agencies, and both companies have multimillion-dollar contracts with ICE, she said.
Data analysis companies, including Palantir and PredPol, promise clients that their databases can predict whether an individual is likely to commit a crime or default on a loan or other payments, Lamdan said.
Other so-called designer data companies, such as Clearview AI and a platform called Vigilant, use biometric data such as facial recognition systems, genetic information, geolocation data and license plate-reading cameras and combine those with other types of data, Lamdan said.
Nadler warned of “dire consequences” without action. “For example, women across the country who wonder what America will look like in the wake of the Dobbs decision are at particular risk for this data surveillance. In states where abortion is now a crime, well, (law) enforcement can use available data to keep track of who searches online for the words ‘miscarriage’ or ‘abortion.’”
Nadler’s reference was to Dobbs v. Jackson Women’s Health Organization, the case in which the Supreme Court overturned the right to abortion.
Jordan asked if the Justice Department and the FBI were using similar measures “in a political manner as well.” The committee didn’t respond to a request for comment on whether it had heard from the agencies on the matter.
Former Rep. Robert W. Goodlatte, R-Va., a policy adviser to the Project for Privacy and Surveillance Accountability, an advocacy group, told lawmakers that geofencing technologies, which use GPS signals to define a geographic boundary, could be used to track women going to Planned Parenthood clinics.
“You also would have a similar concern about people visiting gun stores,” he said.