Proposed ban on data brokers selling warrantless personal info to Feds revived
Plus: Senator teases larger surveillance reform bill coming soon
A draft law that would prevent data brokers from selling US citizens' personal information to law enforcement and federal agencies without a warrant has been advanced by lawmakers.
On Wednesday, the House Judiciary Committee approved the aptly named Fourth Amendment Is Not For Sale Act [PDF]. If signed into law – and that's still a big if, as the legislation has to move through both chambers of Congress, committees and all – the proposal would close a loophole that allows government authorities to obtain people's location data and other personal information without a warrant by buying it from data brokers.
Right now when the Feds want data about users from internet giants, they typically need to show up with a warrant or a court order. Or they can obtain the data – such as someone's whereabouts – from a broker, without a warrant. That data is usually collected from apps that use third-party SDKs for serving adverts.
"Regular Americans who use their phones on a daily basis are not consenting to send all their movements, contacts and web browsing information to the government," said Senator Ron Wyden (D-OR), who introduced the bill with Senator Rand Paul (R-KY) in 2021.
Wyden, in a statement, also teased larger surveillance reform legislation that he said he plans to release "in the coming weeks" as Congress considers reauthorization of Section 702 of the US Foreign Intelligence Surveillance Act (FISA).
All roads lead to Section 702
That legislation "will include essential elements of this bill, to ensure government agencies don't buy their way around Americans' constitutional rights," Wyden explained.
FISA is the federal law that allows the Feds to collect foreign intelligence domestically, and Section 702 primarily permits the targeted surveillance of communications belonging to non-US persons located abroad – ideally to prevent criminal and terrorist acts.
As the name suggests, it's supposed to be limited to foreign communications. But the surveillance dragnet can, and often does, sweep up phone calls, texts, and emails involving US persons – who the suspect talked to, who their contact spoke to, and so on.
Surveillance reform is the one thing I'm really counting on happening this year
And it likely gave the Fourth Amendment Is Not For Sale Act a needed boost – considering the bill died in committee last year.
"You have a greater understanding of this ecosystem of warrantless government surveillance, and many of the privacy risks and abuses you see in the 702 context also exist when the government purchases data rather than when it collects it directly," Chris Baumohl, a law fellow at EPIC, told The Register.
"It's clear that if you are concerned about the abuse of the government's crown jewel of surveillance, you should also be concerned about what the government is doing with surveillance programs that have far less oversight and far fewer safeguards," he added, referring to the databroker loophole and Wyden's bill.
The one thing Dems and the GOP can support?
The Fourth Amendment Is Not For Sale Act advancing unanimously out of the House committee "is a sign of overwhelming bipartisan support," Baumohl said. "In a time where Republicans and Democrats can't agree on much, it is heartening that they can agree on the need to attack this data broker loophole."
Digital rights and data privacy groups including EPIC, along with the EFF and the Center for Democracy and Technology (CDT), have been among the loudest voices calling for government surveillance reform. And, it seems, lawmakers on both sides of the aisle are finally listening.
"Surveillance reform is the one thing I'm really counting on happening this year," Jake Laperruque, deputy director of the CDT's Security and Surveillance Project, told The Register.
The Fourth Amendment Is Not For Sale Act advancing out of the House committee "is a really clear sign of how strong the energy is for surveillance reform right now," Laperruque added. "There's a pretty good potential for policy like this to move through as part of a reauthorization of 702."
- Cops told: Er, no, you need a wiretap order if you want real-time Facebook snooping
- US senators and spies spar over Section 702 warrantless surveillance
- After Meta hands over DMs, mom pleads guilty to giving daughter abortion pills
- One year after Roe v Wade overturned and 'uterus surveillance' looks grim
The move to close the data broker loophole also comes as federal watchdog agencies have attempted to crack down on the sale of location and other mobile phone data – which, in addition to being used by US law enforcement agencies, can sometimes ends up in the hands of foreign spies.
The Federal Trade Commission is, for example, embroiled in a lawsuit against data broker Kochava, which the watchdog has accused of trampling over people's privacy by selling the "precise" whereabouts of hundreds of millions of mobile devices.
In other snooping news …
Meanwhile, on the uterus surveillance front, a group of 43 lawmakers are calling on the Biden administration to require a warrant for law enforcement access to all medical records – including reproductive health data.
In April, the US Department of Health and Human Services (HHS) issued a notice of a proposed rule to provide additional protections under the federal Health Insurance Portability and Accountability Act (HIPAA).
While the proposal offers more safeguards for sensitive health info, including the protection of abortion-related records, it does not go as far as requiring law enforcement get a warrant or court order to access medical records containing reproductive health information.
In a letter [PDF] sent to HHS Secretary Xavier Becerra, the Democratic lawmakers – plus Senator Bernie Sanders, an independent – urged the department to require cops obtain a warrant before forcing doctors, pharmacists, and other healthcare providers to hand over patients' protected health information (PHI).
The Dems also want to see a requirement that the PHI warrants prohibit sharing these patient records with other law enforcement agencies, and want patients to be notified when their PHI is disclosed to police and prosecutors.
"Law enforcement agencies need a warrant to wiretap someone's phone calls, obtain their emails and text messages, or track their phone's location," the lawmakers wrote. "Americans have just as much of a reasonable expectation of privacy in their PHI as they do in the contents of their communications or their movements." ®