The administration’s anti-migrant tactics are now months into an indefinite period of continuous escalation. That protest efforts have escalated alongside it apparently means nothing to the officials spearheading this brazen attack on non-white people.
It wasn’t until federal officers began killing people in front of witnesses that the administration decided to dial things back a bit. But did it ever actually do it? Or did it just sideline the most famous faces associated with this wave of violence and unlawfulness?
Punting former DHS head Kristi Noem into the nosebleed section of the federal government didn’t do much to change things, not when “Border Czar” Tom Homan (the guy who more or less said protesters were to blame for the Minneapolis murders) is still hanging around and her replacement, Markwayne Mullin, looks like just another expendable MAGA footsoldier.
Some small sort of de-escalation seems to be happening now, but it’s hard to tell if this is due to policy changes, budget issues, or the natural result of pushing this hard for this long. Sooner or later, things tend to trend towards inertia, no matter how much motivational frothing is being done by those who aren’t actually on the front lines.
Then there’s the DOJ upsetting the administration’s own apple cart by admitting in court that ICE officers were committing illegal arrests by pouncing on migrants attending immigration hearings. Not that ICE officers have necessarily stopped doing this (there’s evidence to suggest at least some of them haven’t), but it does make it clear that continuing to do so is at least a violation of policy, as well as being, you know, actually illegal.
So, when things are being said about further de-escalation, you may as well start ingesting fistfuls of salt. First, here’s the good news, which comes from two unnamed DHS officials who insist things are being calmed down from the top down:
Donald Trump’s administration has reportedly instructed immigration enforcement officers to cut back on arrests inside courthouses and to no longer enter homes without a warrant, backing off two controversial policies that have sparked violent and chaotic scenes in the president’s mass deportation campaign.
Immigration and Customs Enforcement field offices across the country were verbally instructed by their superiors that they should no longer enter homes unless they have a judicial warrant, two Homeland Security officials told NBC News.
That would seem to be the least this administration could do since it would finally align ICE’s actions with the law and its internal policies. However, if these instructions are only be handed out “verbally,” it means the DHS is deliberately avoiding creating a paper trail that might be used against it should it decide to just go back to doing this the old, illegal way.
And that probably explains the immediate, contradictory statement that followed the reporting based on assertions made by two unidentified DHS officials.
A spokesperson for Homeland Security told The Independent that there has been “no change in policy.”
“We will continue to arrest illegal aliens at immigration courts following their proceedings in compliance with the law and any applicable court orders,” the person said. “It is commonsense to take them into custody following the completion of their removal proceedings.”
That’s definitely not the same thing as what was expressed by these DHS officials. And the rest of the statement makes it clear federal officers will continue to arrest people who show up for their scheduled immigration hearings. While it does make sense to arrest people who’ve been issued an order of removal, that’s not actually what ICE has been doing. It has been bringing in DOJ lawyers to dismiss pending cases to immediately make people eligible for removal. And — as has been shown in court — ICE officers have been arresting people not currently under orders of removal and then generating arrest warrants after the fact.
So, it’s not a good news/bad news thing going on here. It’s bad news/worse news, with a balance that constantly shifts depending on what mood the administration is in on any given day. Courts haven’t been able to stop ICE from engaging in illegal arrests. And the growing national opposition to Trump’s anti-migrant actions hasn’t made any discernible dent in the administration’s lust for punishing non-white people simply for existing.
Under Trump, DHS, ICE, CBP, and Border Patrol have violated every single right affected by their daily work. When you’re trying to perform 3,000 arrests per day, you can be slowed down by things like the Constitution.
And these agencies certainly haven’t been slowed. In fact, they’ve been encouraged to continue violating rights by being told (by no less than DHS counsel) that judicial warrants aren’t needed to enter people’s homes, they’re free to hang around immigration courts to arrest migrants showing up for their scheduled check-ins, any person without valid citizenship can be detained indefinitely, and officers can pretty much do whatever they want, up to and including jumping out of unmarked cars, fully-masked, to snatch people off public streets.
That list doesn’t even cover the multiple murders and violent assaults committed by federal officers — none of which are in any danger of being investigated by the agencies employing them, much less by independent oversight.
Hundreds of rulings declaring these actions illegal haven’t done much to stop ICE, et al from doing whatever they want. Worse, the Supreme Court’s refusal to fully engage with these issues has given us little more than Justice Kavanaugh saying it’s okay to stop and detain people simply because they look foreign (in other words, not white).
That doesn’t mean these rulings are useless. They aren’t. While they’ve done little to deter these constant rights violations, they have become a sizable body of legal work that migrants can cite and the government can’t easily talk its way out of as migrant arrests/detentions continue to generate dozens of cases a day around the nation.
Here’s another one for the pile, via Kyle Cheney. Judges are becoming far less willing to deploy terms and legalese that gives the government far more deference than it deserves. The rulings (and the wording within them) are becoming far more direct and pointed.
Judge Sanket Bulsara of the Eastern District of New York is handling two habeas corpus cases challenging not only the arrests of the petitioners, but also their stays in federal detention centers. Bulsara doesn’t have anything good to say about what’s been observed in these cases, starting with the apparently unjustified arrest of Erik Parada Cruz while he was driving to work, and continuing through Rene Benitez’s arrest, which was objectively worse. From the ruling [PDF]:
Benitez has lived in New York for 14 years. He was driving his daughter to school when an unmarked vehicle pulled them over, and questioned him. His daughter explained that she needed to get to school. “[T]he officers responded that they did not care about that and that Mr. Benitez would either get out of the car on his own or they would use force. Rather than expose his daughter to such violence, Mr. Benitez exited the vehicle and was promptly detained by the agents. His daughter, however, was forced to remain in the vehicle on her own until a neighbor saw her and took her inside their home.” Benitez has no criminal history, and has two daughters—one a lawful permanent resident and one a U.S. citizen.
These are the people supposedly saving us from the “worst of the worst:” arresting someone with no criminal record and abandoning his child in the street.
Of course, it gets worse. ICE is required by law to file a “notice to appear [NTA].” It’s only if that has been violated that ICE can issue an arrest warrant. In Parada Cruz’s case, a single NTA was issued… in 2005… and it contained no date or time to appear. Facially invalid, as they say. A blank NTA is as good as no NTA at all. Not only that, but an immigration judge vacated his removal order in 2019, which meant there was no legal cause to have him removed.
That his arrest occurred at all demonstrates this administration’s contempt for the law. ICE’s contempt for the law knows no limits.
Yet, despite the fact that there were no open removal proceedings and there was no valid NTA, ICE arrested him “pursuant to” an I-200 arrest warrant [an administrative warrant issued by ICE but not reviewed by a judge – TC]. Such a warrant can only be issued if there are open removal proceedings reflected in a valid NTA. In other words, ICE was trying to use an invalid NTA and a rescinded removal order to arrest, despite plain evidence—from its own systems—that it lacked authority to do so.
There is more. It also appeared that Parada Cruz’s arrest warrant was issued after he was arrested.
Not a fluke! Not just an oversight!
That is the same problem as in Benitez. The paperwork in his case leaves the distinct impression that the NTA and the arrest warrant for him were both issued after he had already been arrested.
The judge pauses for a bit of understatement:
Using an after-the-fact warrant to justify a prior arrest is constitutionally problematic. It also is statutorily prohibited under the INA.
“Problematic,” for sure. Illegal? Definitely, especially when you add in the INA [Immigration and Nationality Act] violations.
And that leads to the judge comparing ICE’s actions to those of a police state:
This practice of after-the-fact arrest warrants can be called many things—illegal, improper, and unconstitutional, among them. But whatever label one wishes to apply, the practice is fundamentally at odds with and offensive to lawful, constitutional behavior in this country. “An arrest is not justified by what the subsequent search discloses[.]” A contrary rule—the one that the USAO here defends by backing detention and opposing release—“would obliterate one of the most fundamental distinctions between our form of government, where officers are under the law, and the police-state where they are the law.”
Police and law enforcement cannot operate as roving bands, detaining individuals, figuring out the reasons later, and papering over their failures afterwards. This sadly is the practice in many other parts of the world. But in the United States, the law prohibits such conduct.
The “police-state” quote is cribbed from a 1948 Supreme Court case involving a warrantless search. But the rest of this belongs to Judge Bulsara, who goes after the US Attorney’s Office (USAO) for doing everything it could to prevent any judicial examination of these arrests and detentions from taking place, including refusing to produce the arresting officers to provide testimony to the court.
The USAO seeks to adjourn both evidentiary hearings and have the Petitionsdismissed—asserting three basic arguments: (1) the matters are moot and this Court lacks jurisdiction to have a hearing; (2) the Court is violating the party presentation principle; and (3) Respondents have no obligation to comply with Gopie, in this or any other case, because no injunction has been issued, and the Court lacks the power to force ICE to comply with the decision. The Court finds the USAO’s arguments misguided, troubling, and in some instances, frivolous.
To be sure, the decision in Gopie, rendered by a single judge, in a case involving an individual, applies only to that individual. But that is surely to lose the forest in the shadows of imaginary trees. I have rendered many a decision—double digits at this point—as have other judges in this District, pointing out that ICE agents have been arresting individuals in this District and figuring out the reasons afterwards. In not one of these cases before the undersigned has the USAO cited a case, regulation, or legal principle that would permit this practice.[…]
The USAO says Gopie does not apply to petitioners subject to mandatory detention under § 1225, and in those cases, the Government may be able to arrest individuals without a warrant. The argument is irrelevant. First, in none of these cases have Respondents proceeded on a warrantless basis. Having issued warrants— presumably because they believed they were required to—they cannot justify detention by relying on an alternative procedure they opted not to use, and wave away the warrants as unnecessary. The fact is warrants were used and relied on by the officers for the detention and the USAO in their papers opposing the habeas petitions. Bad facts cannot be ignored to create fictional and alternative realities.
The judge says the government is no longer believable. It no longer can be assumed to be operating in good faith. That’s going to hurt it going forward. Worse — as the judge points out — the damage will last for years, even after a regime change, especially if these same prosecutors making these same points continue to be employed by the DOJ.
That is not just in the credibility of their presentations, but in the belief and understanding that lawyers for the Government are not just like other lawyers. The USAO has already been described by this Court and others of playing whack-a-mole with people’s lives by trying to forum-shop habeas cases out of this District. That loss is accentuated when the USAO seeks to shroud in darkness the conduct of the ICE officers here.
Up next for this court? Evidentiary hearings that will include the testimony of the ICE officers who justified their arrests after the fact. Beyond that are possible sanctions for US Attorneys’ Office for its refusal to honestly engage with these proceedings.
But what can never be undone, even if this administration continues to bury the courts in unlawful arrest/detention cases in hopes that it will somehow slip a few thousands migrants out of the country every day, is the fact that these actions are indistinguishable from police state efforts this nation used to vehemently decry when they occurred in other nations. Now, it’s our own government that wants to be the Stasi it used to see in the world.
The courts keep pounding the nails home. What this government is engaged in is illegal, on multiple levels. If you subtract the pro-MAGA Fifth Circuit and 6/9ths of the Supreme Court, you have a judicial quorum that says rights are still rights, despite this administration’s claims otherwise.
DHS has issued memos claiming (without facts or law in evidence) that officers can arrest people and enter homes without signed judicial warrants. This has always been false. And it’s not edging any closer to the truth no matter what this administration might say in Truth Social posts and/or court filings.
The administration is losing repeatedly in its bigoted war on non-whites. But it never accepts obvious defeat. It always heads back to court, full of steam and bullshit. And, in most cases, its losses are even more obvious the second time around.
A federal judge in California found on Wednesday that U.S. Customs and Border Protection officials had violated a previous order regarding warrantless arrests, and ordered agents operating in her judicial district to fully document their reasons for making any future stops.
The judge, Jennifer L. Thurston of the Federal District Court for the Eastern District of California, had previously found that immigration operations in Kern County, Calif., appeared to have been based on racial profiling, with agents making arrests when people they stopped could not produce proof of citizenship on the spot. Last year, she restricted the agency from continuing to carry out random immigration sweeps in the region, citing a “pattern and practice of agents performing detentive stops without reasonable suspicion.”
On Wednesday, Judge Thurston found that border agents appeared to have violated that order when they carried out an immigration sweep last year in a Home Depot parking lot in Sacramento.
The opinion [PDF] doesn’t cut corners or grant Trump’s DOJ more respect than it has earned. (It’s running in the red at the moment.) Multiple people who were arrested following a “targeted” operation, that saws mostly involved federal officers waiting in a Home Depot parking lot in hopes of rounding up day laborers, sued the government. The government has already lost once. This order clearly explains why the government is losing twice. Pretending conjecture is the same thing as established facts does nothing more than inform the court that you suck at your job.
The surveillance two days earlier somewhat contributes to understanding the statistical relationship, revealing that on one prior occasion, two out of a group of 20 individuals gathered in that location were noncitizens (roughly 10%). Yet, that statistic, which leaves the remaining 90% of the group unclassified, does little to dispel the concern that seeking work as a day laborer may be “[a] characteristic common to both legal and illegal immigrants.” See Manzo-Jurado, 457 F.3d at 937. Nor does it demonstrate that the Home Depot parking lot is used “predominantly” by noncitizens seeking day labor work.33 See id. at 936. Rather, the present record reveals little more than that the Home Depot parking lot is “a location . . . frequented by illegal immigrants, but also by many legal residents, [which] is not significantly probative to an assessment of reasonable suspicion.”
Yep. Fuck your “Kavanaugh stops.” Probable cause has never been “wow, they look kinda Mexican.” Hanging around places where you have a [checks government’s claims in support of its actions] 10% chance of catching illegal immigrants isn’t “probable.” It’s an inadvertent admission that you might be wrong 90% of the time.
The upshot of the ruling is this: The government needs to provide individualized reasonable suspicion, if not actual probable cause, to arrest migrants in California. The court does grant some concessions this DOJ definitely hasn’t earned, but at least it adds some guardrails:
The Court declines to preclude Defendants from using “boilerplate” when documenting stops and/or arrests pursuant to the PI Order and this clarification. However, Defendants are cautioned that copy and paste language may give rise to an inference that an individualized assessment was not made.
In short, if the government wants to claim its anti-migrant arrests are supported by reasonable suspicion and/or probable cause, it needs to show its work. And if the only work it can show has been cribbed from other cases, it should expect its overtures to be rejected by the court.
While this may not seem like much, it is at least worth the paper it’s printed on. The Trump administration seems incapable of flooding the zone at this point. It ran out of energy (and personnel) barely over a year into its unexpected resurrection. The DOJ no longer has enough lawyers to do everything the administration demands of it, much less press the dubious “but I’m a king tho” assertions Trump seems to feel it should be doing day in and day out.
Running a fast-break offense and a bet-you-miss defense only works until it doesn’t. The courts are delivering a counter-flood and the DOJ doesn’t have enough loyalists left to overpower the full-court press. The administration is headed towards an institutional collapse because whatever can be considered the “center” of this whirlpool of bigoted fuckwits will never hold. We’ll take every win we can get until we can finally celebrate the demise of a president who seems to think he’s the King George incarnation that makes his voter base so erect it will vote against its own interests.
The Supreme Court’s latest recap of its relative inactivity (Trump administration “emergency” appeals aside) has delivered yet more evidence of this court’s indifference to rights violations committed by the government. Other cases involving alleged rights violations that should have — at the very least — been handed over to jury for further consideration were tacitly blessed by the top court in the land by its refusal to grant certori.
This one — involving the retaliatory arrest of an independent journalists by cops who didn’t like her reporting — is yet another miscarriage of justice by a Supreme Court whose majority simply won’t take cases that might force it to hold the government accountable for its actions.
This case has bounced up and down the judicial ladder for more than a half-decade. Laredo, Texas native/independent journalist Priscilla Villarreal has been live streaming and reporting via Facebook under the name “Lagordiloca” for several years. Laredo PD officers don’t like her because she asks them questions they don’t like answering and films them when they’re performing traffic stops and arrests.
After Villarreal published information about a Border Patrol officer who had committed suicide, the Laredo PD worked with local prosecutors to have her arrested. All Villarreal had done was ask a PD employee to confirm information she’d already obtained. The PD responded by opening an internal investigation to oust the employee that had responded to Villarreal’s queries. Then it decided the only way for justice to be done was to arrest the person who had merely received confirmation (via a law enforcement employee) she already had in her possession.
Prosecutors claimed Villarreal’s acquisition and publication of this information violated a state law forbidding people from profiting from “misuse of official information.” To support this claim, the prosecutors claimed Facebook clicks were a form of “profit.” To date, no other citizen has ever been prosecuted under this law that was clearly written to prevent government employees from profiting from information only government employees might have access to.
The local judge immediately tossed the bullshit charges immediately after they were presented to her in court. Somehow, the district court managed to look past the obvious First Amendment violations to give the officers immunity. The Fifth Circuit’s first pass reversed this, with Judge Ho making it clear there’s no way any reasonable officer would have thought arresting a journalist simply for asking questions didn’t violate the Constitution.
This is not just an obvious constitutional infringement—it’s hard to imagine a more textbook violation of the First Amendment.
Then things got weird. A couple of judges in the minority thought this shouldn’t stand and started making noise. The Fifth Circuit agreed to an en banc hearing and reissued this opinion with a new dissent written by Chief Judge Priscilla Richman, along with some additional commentary by Judge Ho about how far removed from sanity Richman’s dissent was.
Two years later, it handed down its second take. And the majority somehow came to the conclusion that it’s okay to engage in retaliatory arrests as long as you can find any criminal statute at all to support the arrest. According to Judge Jones, Villarreal should have either limited herself to official channels or challenged the law itself in court, rather than ask a government employee to verify information Villarreal already possessed.
This was appealed. Eight months later, the Supreme Court sent it back down to the Fifth Circuit for yet another pass, instructing it to apply the Trevino standard. That standard is fairly simple: if a law is rarely, if ever, enforced but somehow shows up conveniently to do the cops’ dirty work when they want to retaliate against a person they don’t like, there’s a good chance this selective application is an established violation of rights. In this case, prosecutors had never used this law to charge anyoneever.
The Fifth Circuit’s third pass — again written by Judge Edith Jones — said the Trevino factor just didn’t matter. If the law was on the books (even if it had never been enforced), it was justification enough for the arrest. And even if that arrest violated the Constitution, the officers should still be given qualified immunity because how could they have known that arresting the only person ever charged with this crime in its 23 years of existence might somehow be unconstitutionally retaliatory?
There’s a dissent written by Justice Sotomayor that’s even lengthier than my preamble. It’s worth reading, though, and it starts with this admonishment of the majority’s refusal to write this obvious wrong:
It should be obvious that this arrest violated the First Amendment. Yet the Fifth Circuit held that the officials were entitled to qualified immunity, and now Villarreal is left without a remedy. The Court today makes a grave error by declining to hear this case.
The nation’s top court has decided the Laredo PD and local prosecutors can walk away cleanly from a series of extremely obvious rights violations. And in doing so, it emboldens them (and others) to engage in future retaliatory arrests of journalists they don’t like.
The Supreme Court majority is apparently willing to pretend rights don’t exist when it’s convenient to do so, just like the officers whose actions it tacitly blesses with this particular inaction. Sotomayor drills down on this, rubbing the majority’s nose in its deliberate dismissal of constitutional rights:
[T]he Fifth Circuit found that the officials reasonably believed that they had probable cause to arrest Villarreal for violating §39.06(c). Id., at 385–390. Not so. Just like an individual cannot be convicted of a crime for engaging in First Amendment activity, it is axiomatic that a probable cause determination cannot be based on such protected activity either.
[…]
It necessarily follows that when an arrest is based on protected First Amendment activity, that activity cannot constitute probable cause and support adverse police action. All reasonable officers know this.
[…]
Here, it is hard to conceive of a more obvious constitutional violation than arresting a journalist who, in searching for corroboration, simply asks a government source for information. That is the essence of many journalists’ jobs. The arrest does not somehow become reasonable, and constitutional, merely because an unconstitutional application of a statute authorizes it.
All we have is the dissent. All Villarreal has is knowledge Laredo PD officers and local prosecutors will be digging through the state statutes to find something else to charge her with the next time her reporting pisses them off. The Supreme Court issued a short, clear instruction to the Fifth Circuit, telling it to apply a specific legal standard. Instead, the Fifth Circuit — led by the consistently awful Judge Edith Jones – sidestepped this instruction on its way towards granting the officers qualified immunity. And that deliberate refusal to engage with the Supreme Court’s specific instructions has now been ignored by the same court that strongly hinted the Fifth Circuit got this wrong. It’s a shrug that lets the general public know exactly where it stands: at the bottom of the national organization chart with no layers of protection between them and government officials who seek to do them harm.
Last week, the European Parliament voted to let a temporary exemption lapse that had allowed tech companies to scan their services for child sexual abuse material (CSAM) without running afoul of strict EU privacy regulations. Meanwhile, here in the US, West Virginia’s Attorney General continues to press forward with a lawsuit designed to force Apple to scan iCloud for CSAM, apparently oblivious to the fact that succeeding would hand defense attorneys the best gift they’ve ever received.
Two different jurisdictions. Two diametrically opposed approaches, both claiming to protect children, and both making it harder to actually do so.
I’ll be generous and assume people pushing both of these views genuinely think they’re doing what’s best for children. This is a genuinely complex topic with real, painful tradeoffs, and reasonable people can weigh them differently. What’s frustrating is watching policymakers on both sides of the Atlantic charge forward with approaches that seem driven more by vibes than by any serious engagement with how the current system actually works — or why it was built the way it was.
The European Parliament just voted against extending a temporary regulation that had exempted tech platforms from GDPR-style privacy rules when they voluntarily scanned for CSAM. This exemption had been in place (and repeatedly extended) for years while Parliament tried to negotiate a permanent framework. Those negotiations have been going on since November 2023 without resolution, and on Thursday MEPs decided they were done extending the stopgap.
To be clear, Parliament didn’t pass a law banning CSAM scanning. Companies can still technically scan if they want to. But without the exemption, they’re now exposed to massive privacy liability under EU law for doing so. Scanning private messages and stored content to look for CSAM is, after all, mass surveillance — and European privacy law treats mass surveillance seriously (which, in most cases, it should!). So the practical effect is a chilling one: companies that were voluntarily scanning now face significant legal risk if they continue.
The digital rights organization eDRI framed the issue in stark terms:
“This is actually just enabling big tech companies to scan all of our private messages, our most intimate details, all our private chats so it constitutes a really, really serious interference with our right to privacy. It’s not targeted against people that are suspected of child abuse — It’s just targeting everyone, potentially all of the time.”
And that argument is compelling. Hash-matching systems that compare uploaded images against databases of known CSAM are more targeted than, say, keyword scanning of every message, but they still fundamentally involve examining every unencrypted piece of content that passes through the system. When eDRI says it targets “everyone, potentially all of the time,” that’s an accurate description of how the technology works.
But… the technology also works to find and catch CSAM. Europol’s executive director, Catherine De Bolle, pointed to concrete numbers:
Last year alone, Europol processed around 1.1 million of so-called CyberTips, originating from the National Center for Missing & Exploited Children (NCMEC), of relevance to 24 European countries. CyberTips contain multiple entities (files, videos, photos etc.) supporting criminal investigation efforts into child sexual abuse online.
If the current legal basis for voluntary detection by online platforms were to be removed, this is expected to result in a serious reduction of CyberTip referrals. This would undermine the capability to detect relevant investigative leads on CSAM, which in turn will severely impair the EU’s security interests of identifying victims and safeguarding children.
The companies that have been doing this scanning — Google, Microsoft, Meta, Snapchat, TikTok — released a joint statement saying they are “deeply concerned” and warning that the lapse will leave “children across Europe and around the world with fewer protections than they had before.”
So the EU’s privacy advocates aren’t wrong about the surveillance problem. Europol isn’t wrong about the child safety consequences. Both things are true — which is what makes this genuinely tricky rather than a case of one side being obviously right.
Now flip to the United States, where the problem is precisely inverted.
In the US, the existing system has been carefully constructed around a single, critical principle: companies voluntarily choose to scan for CSAM, and when they find it, they’re legally required to report it to NCMEC. The word “voluntarily” is doing enormous load-bearing work in that sentence — and most of the people currently shouting about CSAM don’t seem to know it. As Stanford’s Riana Pfefferkorn explained in detail on Techdirt when a private class action lawsuit against Apple tried to compel CSAM scanning:
While the Fourth Amendment applies only to the government and not to private actors, the government can’t use a private actor to carry out a search it couldn’t constitutionally do itself. If the government compels or pressures a private actor to search, or the private actor searches primarily to serve the government’s interests rather than its own, then the private actor counts as a government agent for purposes of the search, which must then abide by the Fourth Amendment, otherwise the remedy is exclusion.
If the government – legislative, executive, or judiciary – forces a cloud storage provider to scan users’ files for CSAM, that makes the provider a government agent, meaning the scans require a warrant, which a cloud services company has no power to get, making those scans unconstitutional searches. Any CSAM they find (plus any other downstream evidence stemming from the initial unlawful scan) will probably get excluded, but it’s hard to convict people for CSAM without using the CSAM as evidence, making acquittals likelier. Which defeats the purpose of compelling the scans in the first place.
In the US, if the government forces Apple to scan, that makes Apple a government agent. Government agents need warrants. Apple can’t get warrants. So the scans are unconstitutional. So the evidence gets thrown out. So the predators walk free. All because someone thought “just make them scan!” was a simple solution to a complex problem.
Congress apparently understood this when it wrote the federal reporting statute — that’s why the law explicitly disclaims any requirement that providers proactively search for CSAM. The voluntariness of the scanning is what preserves its legal viability. Everyone involved in the actual work of combating CSAM — prosecutors, investigators, NCMEC, trust and safety teams — understands this and takes great care to preserve it.
Everyone, apparently, except the Attorney General of West Virginia. As we discussed recently, West Virginia just filed a lawsuit demanding that a court order Apple to “implement effective CSAM detection measures” on iCloud. The remedy West Virginia seeks — a court order compelling scanning — would spring the constitutional trap that everyone who actually works on this issue has been carefully avoiding for years.
As Pfefferkorn put it:
Any competent plaintiff’s counsel should have figured this out before filing a lawsuit asking a federal court to make Apple start scanning iCloud for CSAM, thereby making Apple a government agent, thereby turning the compelled iCloud scans into unconstitutional searches, thereby making it likelier for any iCloud user who gets caught to walk free, thereby shooting themselves in the foot, doing a disservice to their client, making the situation worse than the status quo, and causing a major setback in the fight for child safety online.
The reason nobody’s filed a lawsuit like this against Apple to date, despite years of complaints from left, right, and center about Apple’s ostensibly lackadaisical approach to CSAM detection in iCloud, isn’t because nobody’s thought of it before. It’s because they thought of it and they did their fucking legal research first. And then they backed away slowly from the computer, grateful to have narrowly avoided turning themselves into useful idiots for pedophiles.
The West Virginia complaint also treats Apple’s abandoned NeuralHash client-side scanning project as evidence that Apple could scan but simply chose not to. What it skips over is why the security community reacted so strongly to NeuralHash in the first place. Apple’s own director of user privacy and child safety laid out the problem:
Scanning every user’s privately stored iCloud content would in our estimation pose serious unintended consequences for our users… Scanning for one type of content, for instance, opens the door for bulk surveillance and could create a desire to search other encrypted messaging systems across content types (such as images, videos, text, or audio) and content categories. How can users be assured that a tool for one type of surveillance has not been reconfigured to surveil for other content such as political activity or religious persecution? Tools of mass surveillance have widespread negative implications for freedom of speech and, by extension, democracy as a whole.
Once you create infrastructure capable of scanning every user’s private content for one category of material, you’ve created infrastructure capable of scanning for anything. The pipe doesn’t care what flows through it. Governments around the world — some of them not exactly champions of human rights — have a well-documented habit of demanding expanded use of existing surveillance capabilities. This connects directly to the perennial fights over end-to-end encryption backdoors, where the same argument applies: you cannot build a door that only the good guys can walk through.
And then there’s the scale problem. Even the best hash-matching systems can produce false positives, and at the scale of major platforms, even tiny error rates translate into enormous numbers of wrongly flagged users.
This is one of those frustrating stories where you can… kinda see all sides, and there’s no easy or obvious answer:
Scanning works, at least somewhat. 1.1 million CyberTips from Europol in a single year. Some number of children identified and rescued because platforms voluntarily detected CSAM and reported it. The system produces real results.
Scanning is mass surveillance. Every image, every message gets examined (algorithmically), not just those belonging to suspected offenders. The privacy intrusion is real, not hypothetical, and it falls on everyone.
Compelled scanning breaks prosecutions. In the US, the Fourth Amendment means that government-ordered scanning creates a get-out-of-jail card for the very predators everyone claims to be targeting. The voluntariness of the system is what makes it legally functional.
Scanning infrastructure is repurposable. A system built to detect CSAM can be retooled to detect political speech, religious content, or anything else. This concern is not paranoid; it’s an engineering reality.
False positives at scale are inevitable. Even highly accurate systems will flag innocent content when processing billions of items, and the consequences for wrongly accused individuals are severe.
People can and will weigh these tradeoffs differently, and that’s legitimate. The tension described in all this is real and doesn’t resolve neatly.
But what both the EU Parliament’s vote and West Virginia’s lawsuit share is an unwillingness to sit with that tension. The EU stripped legal cover from the voluntary system that was actually producing results, without having a workable replacement ready. West Virginia is trying to compel what must remain voluntary, apparently without bothering to read the constitutional case law that makes compelled scanning self-defeating. From opposite directions, both approaches attack the same fragile voluntary architecture that currently threads the needle between these competing interests.
The status quo in the United States — voluntary scanning, mandatory reporting, no government compulsion to search — is far from perfect. But the system functions: it produces leads, preserves prosecutorial viability, and does so precisely because it was designed by people who understood the tradeoffs and built accordingly.
It would be nice if more policymakers engaged with why the system works the way it does before trying to blow it up from either direction. In tech policy, the loudest voices in the room are rarely the ones who’ve done the reading.
In 2018, the Supreme Court ruled that warrants were needed to obtain cell site location info (CSLI). That decision dealt with law enforcement’s warrantless acquisition of 127 days of location data from a cell service provider. As the court saw it, the government was leveraging access to this data to turn cell phones (which has been given heightened protections with the 2014 Riley decision) into government tracking devices, all without having to bother with warrants or deploying government-crafted tracking tech.
The rationale for this 4th Amendment bypass was this: location data slurped up by websites and downloaded apps wasn’t exactly the same thing as cell tower location data. Therefore, it could be had without a warrant. In fact, it could be had without bothering the courts at all with a subpoena or any other lighter-weight legal paperwork. The government could just buy this data and sort through it to find what it was looking for. Some third parties were even willing to do the sorting for the right price, freeing the government up to pursue other rights violations.
This option obviously experienced a jump in popularity following the Supreme Court’s Carpenter ruling. While the spokespeople constantly stated the agencies they represented (which was pretty much all of them when it came to buying data from data brokers) were super-interested in respecting constitutional rights, they never took the time to explain their “respect” meant constantly testing (or breaking!) the boundaries until court precedent forced them to do otherwise.
In 2023, anti-encryption zealot Christopher Wray was heading the FBI. During the last years of his tenure, he admitted to Congress (or, more specifically, privacy hawk Senator Ron Wyden) that the FBI was — like CBP, ICE, US Secret Service, IRS, and federal prisons — buying up as much location data as it could purchase. Wray insisted this process was “court-authorized,” but somehow couldn’t find any court documents laying around that would support his claims of authorization.
The government is still buying this data. And it’s even more problematic than it was a few years ago, when federal agencies weren’t being run by MAGA loyalists and outright racists. Now there’s a new wrinkle: the government is delving into ad markets to siphon off RTB (real-time bidding) data that’s capable of tying location data to specific devices, even if those hawking the data pretend it’s been anonymized.
When asked by U.S. Senator Ron Wyden, Democrat of Oregon, if the FBI would commit to not buying Americans’ location data, Patel said that the agency “uses all tools … to do our mission.”
“We do purchase commercially available information that is consistent with the Constitution and the laws under the Electronic Communications Privacy Act — and it has led to some valuable intelligence for us,” Patel testified Wednesday.
First, there’s the obviously false insistence that this is all very constitutional. Buying location data from data brokers doesn’t just violate the spirit of the Supreme Court’s Carpenter decision, it’s only a letter or three off from violating the letter of the law. When the only difference is where you’re obtaining long-term location tracking data, you’re just exploiting loopholes rather than actually trying to be “consistent with the Constitution.”
The second part is even stupider. When you claim that legally-questionable efforts have “led to some valuable intelligence,” you’re just saying that the ends justify the means. And if that’s the low bar you’ve set for yourself, you’re going to be violating rights regularly because you prefer harvesting data to respecting rights.
This sums up the government’s stance concisely:
The FBI claims it does not need a warrant to use this information for federal investigations; though this legal theory has not yet been tested in court.
The government — especially this one — will never err on the side of restraint. It would rather explore the outer edges of legal theory, sacrificing our rights in exchange for more government power. At some point, this legal theory will be tested. But until it is, the government is going to continue to pretend the implications of Carpenter don’t apply to anything that hasn’t been specifically ruled unconstitutional.
We’ve all had the unsettling experience of seeing an ad online that reveals just how much advertisers know about our lives. You’re right to be disturbed. Those very same online ad systems have been used by the government to warrantlessly track peoples’ locations, new reporting has confirmed.
For years, the internet advertising industry has been sucking up our data, including our location data, to serve us “more relevant ads.” At the same time, we know that federal law enforcement agencies have been buying up our location data from shady data brokers that most people have never heard of.
Now, a new report gives us direct evidence that Customs and Border Protection (CBP) has used location data taken from the internet advertising ecosystem to track phones. In a document uncovered by 404 Media, CBP admits what we’ve been saying for years: The technical systems powering creepy targeted ads also allow federal agencies to track your location.
The document acknowledges that a program by the agency to use “commercially available marketing location data” for surveillance drew from the process used to select the targeted ads shown to you on nearly every website and app you visit. In this blog post, we’ll tell you what this process is, how it can and is being used for state surveillance, and what can be done about it—by individuals, by lawmakers, and by the tech companies that enable these abuses.
Advertising Surveillance Enables Government Surveillance
The online advertising industry has built a massive surveillance machine, and the government can co-opt it to spy on us.
In the absence of strong privacy laws, surveillance-based advertising has become the norm online. Companies track our online and offline activity, then share it with ad tech companies and data brokers to help target ads. Law enforcement agencies take advantage of this advertising system to buy information about us that they would normally need a warrant for, like location data. They rely on the multi-billion-dollar data broker industry to buy location data harvested from people’s smartphones.
We’ve known for years that location data brokers are one part of federal law enforcement’s massive surveillance arsenal, including immigration enforcement agencies like CBP and Immigration and Customs Enforcement (ICE). ICE, CBP and the FBI have purchased location data from the data broker Venntell and used it to identify immigrants who were later arrested. Last year, ICE purchased a spy tool called Webloc that gathers the locations of millions of phones and makes it easy to search for phones within specific geographic areas over a period of time. Webloc also allows them to filter location data by the unique advertising IDs that Apple and Google assign to our phones.
But a document recently obtained by 404 Media is the first time CBP has acknowledged the location data it buys is partially sourced from the system powering nearly every ad you see online: real-time bidding (RTB). As CBP puts it, “RTB-sourced location data is recorded when an advertisement is served.”
Even though this document is about a 2019-2021 pilot use of this data, CBP and other federal agencies have continued to purchase and use commercially obtained location data. ICE has purchased location tracking tools since then and recently requested information on “Ad Tech” tools it could use for investigations.
The CBP document acknowledges two sources of location data that it relies on: software development kits (SDKs) and RTB, both methods of location-tracking that EFF has written about before. Apps for weather, navigation, dating, fitness, and “family safety” often request location permissions to enable key features. But once an app has access to your location, it could share it with data brokers directly through SDKs or indirectly (and often without the app developers’ knowledge) through RTB. Data brokers can collect location data from SDKs that they pay developers to put in their apps. When relying on RTB, data brokers don’t need any direct relationship with the apps and websites they’re collecting location data from. RTB is facilitated by ad companies that are already plugged into most websites and apps.
How Real-Time Bidding Works
RTB is the process by which most websites and apps auction off their ad space. Unfortunately, the milliseconds-long auctions that determine which ads you see also expose your information, including location data, to thousands of companies a day. At a high-level, here’s how RTB works:
The moment you visit a website or app with ad space, it asks an ad tech company to determine which ads to display for you.
This ad tech company packages all the information they can gather about you into a “bid request” and broadcasts it to thousands of potential advertisers.
The bid request may contain information like your unique advertising ID, your GPS coordinates, IP address, device details, inferred interests, demographic information, and the app or website you’re visiting. The information in bid requests is called “bidstream data” and typically includes identifiers that can be linked to real people.
Advertisers use the personal information in each bid request, along with data profiles they’ve built about you over time, to decide whether to bid on the ad space.
The highest bidder gets to display an ad for you, but advertisers (or the adtech companies that represent them) can collect your bidstream data regardless of whether or not they bid on the ad space.
A key vulnerability of real-time bidding is that while only one advertiser wins the auction, all participants receive data about the person who would see their ad. As a result, anyone posing as an ad buyer can access a stream of sensitive data about billions of individuals a day. Data brokers have taken advantage of this vulnerability to harvest data at a staggering scale. For example, the FTC found that location data broker Mobilewalla collected data on over a billion people, with an estimated 60% sourced from RTB auctions. Leaked data from another location data broker, Gravy Analytics, referenced thousands of apps, including Microsoft apps, Candy Crush, Tinder, Grindr, MyFitnessPal, pregnancy trackers and religious-focused apps. When confronted, several of these apps’ developers said they had never heard of Gravy Analytics.
As Venntel, one of the location data brokers that has sold to ICE, puts it, “Commercially available bidstream data from the advertising ecosystem has long been one of the most comprehensive sources of real-time location and device data available.” But the privacy harms of RTB are not just a matter of misuse by individual data brokers. RTB auctions broadcast the average person’s data to thousands of companies, hundreds of times per day, with no oversight of how this information is ultimately exploited. Once your information is broadcast through RTB, it’s almost impossible to know who receives it or control how it’s used.
What You Can Do To Protect Yourself
Revelations about the government’s exploitation of this location data shows how dangerous online tracking has become, but we’re not powerless. Here are two basic steps you can take to better protect your location data:
Disable your mobile advertising ID (see instructions for iPhone/Android). Apple and Google assign unique advertising IDs to each of their phones. Location data brokers use these advertising IDs to stitch together the information they collect about you from different apps.
Review apps you’ve granted location permissions to. Apps that have access to your location could share it with other companies, so make sure you’re only granting location permission to apps that really need it in order to function. If you can’t disable location access completely for an app, limit it to only when you have the app open or only approximate location instead of precise location.
For more tips, check out EFF’s guide to protecting yourself from mobile-device based location tracking. Keep in mind that the security plan that’s best for you will vary in different situations. For example, you may want to take stronger steps to protect your location data when traveling to a sensitive location, like a protest.
What Tech Companies and Lawmakers Must Do
Legislators and tech companies must act so that individuals don’t bear the burden of defending their data every time they use the internet.
Ad tech companies must reckon with their role in warrantless government surveillance, among other privacy harms. The systems they built for targeted advertising are actively used to track people’s location. The best way to prevent online ads from fueling surveillance is to stop targeting ads based on detailed behavioral profiles. Ads can still be targeted contextually—based on the content people are viewing—without collecting or exposing their sensitive personal information. Short of moving to contextual advertising, tech companies can limit the use of their systems for government location tracking by:
Stopping the use of precise location data for targeted advertising. Ad tech companies facilitating ad auctions can and should remove precise location data from bid requests. Ads can be targeted based on people’s coarse location, like the city they’re in, without giving data brokers people’s exact GPS coordinates. Precise location data can reveal where we work, where we live, who we meet, where we protest, where we worship, and more. Broadcasting it to thousands of companies a day through RTB is dangerous.
Removing advertising IDs from devices, or at minimum, disabling them by default. Advertising IDs have become a linchpin of the data broker economy and are actively used by law enforcement to track people’s location. Advertising IDs were added to phones in 2012 to let companies track you, and removing them is not a far-fetched idea. When Apple forced apps to request access to people’s advertising IDs starting in 2021 (if you have an iPhone you’ve probably seen the “Ask App Not to Track” pop-ups), 96% of U.S. users opted out, essentially disabling advertising IDs on most iOS devices. One study found that iPhone users were less likely to be victims of financial fraud after Apple implemented this change. Google should follow Apple’s lead and disable advertising IDs by default.
Lawmakers also need to step up to protect their constituents’ privacy. We need strong, federal privacy laws to stop companies from spying on us and selling our personal information. EFF advocates for data privacy legislation with teeth and a ban on ad targeting based on online behavioral profiles, as it creates a financial incentive for companies to track our every move.
Legislators can and must also close the “data broker loophole” on the Fourth Amendment. Instead of obtaining a warrant signed by a judge, law enforcement agencies can just buy location data from private brokers to find out where you’ve been. Last year, Montana became the first state in the U.S. to pass a law blocking the government from buying sensitive data it would otherwise need a warrant to obtain. And in 2024, Senator Ron Wyden’s EFF-endorsed Fourth Amendment is Not for Sale Act passed the House before dying in the Senate. Others should follow suit to stop this end-run around constitutional protections.
Online behavioral advertising isn’t just creepy–it’s dangerous. It’s wrong that our personal information is being silently harvested, bought by shadow-y data brokers, and sold to anyone who wants to invade our privacy. This latest revelation of warrantless government surveillance should serve as a frightening wakeup call of how dangerous online behavioral advertising has become.
The Trump administration is loosening restrictions on the sharing of law enforcement information with the CIA and other intelligence agencies, officials said, overriding controls that have been in place for decades to protect the privacy of U.S. citizens.
Government officials said the changes could give the intelligence agencies access to a database containing hundreds of millions of documents — from FBI case files and banking records to criminal investigations of labor unions — that touch on the activities of law-abiding Americans.
Administration officials said they are providing the intelligence agencies with more information from investigations by the FBI, Drug Enforcement Administration and other agencies to combat drug gangs and other transnational criminal groups that the administration has classified as terrorists.
But they have taken these steps with almost no public acknowledgement or notification to Congress. Inside the government, officials said, the process has been marked by a similar lack of transparency, with scant high-level discussion and little debate among government lawyers.
“None of this has been thought through very carefully — which is shocking,” one intelligence official said of the moves to expand information sharing. “There are a lot of privacy concerns out there, and nobody really wants to deal with them.”
A spokesperson for the Office of the Director of National Intelligence, Olivia Coleman, declined to answer specific questions about the expanded information sharing or the legal basis for it.
Instead, she cited some recent public statements by senior administration officials, including one in which the national intelligence director, Tulsi Gabbard, emphasized the importance of “making sure that we have seamless two-way push communications with our law enforcement partners to facilitate that bi-directional sharing of information.”
In the aftermath of the Watergate scandal, revelations that Presidents Lyndon Johnson and Richard Nixon had used the CIA to spy on American anti-war and civil rights activists outraged Americans who feared the specter of a secret police. The congressional reforms that followed reinforced the long-standing ban on intelligence agencies gathering information about the domestic activities of U.S. citizens.
Compared with the FBI and other federal law enforcement organizations, the intelligence agencies operate with far greater secrecy and less scrutiny from Congress and the courts. They are generally allowed to collect information on Americans only as part of foreign intelligence investigations. Exemptions must be approved by the U.S. attorney general and the director of national intelligence. The National Security Agency, for example, can intercept communications between people inside the United States and terror suspects abroad without the probable cause or judicial warrants that are generally required of law enforcement agencies.
Since the terror attacks of Sept. 11, 2001, the expansion of that surveillance authority in the fight against Islamist terrorism has been the subject of often intense debates among the three branches of government.
Word of the Trump administration’s efforts to expand the sharing of law enforcement information with the intelligence agencies was met with alarm by advocates for civil liberties protections.
“The Intelligence Community operates with broad authorities, constant secrecy and little-to-no judicial oversight because it is meant to focus on foreign threats,” Sen. Ron Wyden of Oregon, a senior Democrat on the Senate Select Committee on Intelligence, said in a statement to ProPublica.
Giving the intelligence agencies wider access to information on the activities of U.S. citizens not suspected of any crime “puts Americans’ freedoms at risk,” the senator added. “The potential for abuse of that information is staggering.”
Most of the current and former officials interviewed for this story would speak only on condition of anonymity because of the secrecy of the matter and because they feared retaliation for criticizing the administration’s approach.
Virtually all those officials said they supported the goal of sharing law enforcement information more effectively, so long as sensitive investigations and citizens’ privacy were protected. But after years in which Republican and Democratic administrations weighed those considerations deliberately — and made little headway with proposed reforms — officials said the Trump administration has pushed ahead with little regard for those concerns.
“There will always be those who simply want to turn on a spigot and comingle all available information, but you can’t just flip a switch — at least not if you want the government to uphold the rule of law,” said Russell Travers, a former acting director of the National Counterterrorism Center who served in senior intelligence roles under both Republican and Democratic administrations.
The 9/11 attacks — which exposed the CIA’s failure to share intelligence with the FBI even as Al Qaida moved its operatives into the United States — led to a series of reforms intended to transform how the government managed terrorism information.
A centerpiece of that effort was the establishment of the NCTC, as the counterterrorism center is known, to collect and analyze intelligence on foreign terrorist groups. The statutes that established the NCTC explicitly prohibit it from collecting information on domestic terror threats.
National security officials have spent much less time trying to remedy what they have acknowledged are serious deficiencies in the government’s management of intelligence on organized crime groups.
In 2011, President Barack Obama noted those problems in issuing a new national strategy to “build, balance and integrate the tools of American power to combat transnational organized crime.” Although the Obama plan stressed the need for improved information-sharing, it led to only minimal changes.
President Donald Trump has seized on the issue with greater urgency. He has also declared his intention to improve information-sharing across the government, signing an executive order to eliminate “information silos” of unclassified information.
More consequentially, he went on to brand more than a dozen Latin American drug mafias and criminal gangs as terrorist organizations.
The administration has used those designations to justify more extreme measures against the criminal groups. Since last year, it has killed at least 148 suspected drug smugglers with missile strikes in the Caribbean and the eastern Pacific, steps that many legal experts have denounced as violations of international law.
Some administration officials have argued that the terror designations entitle intelligence agencies to access all law enforcement case files related to the Sinaloa Cartel, the Jalisco New Generation Cartel and other gangs designated by the State Department as foreign terrorist organizations.
The first criterion for those designations is that a group must “be a foreign organization.” Yet unlike Islamist terror groups such as al-Qaida or al-Shabab, Latin drug mafias and criminal gangs like MS-13 have a large and complex presence inside the United States. Their members are much more likely to be U.S. citizens and to live and operate here.
Those steps were seen by some intelligence experts as potentially opening the door for the CIA and other agencies to monitor Americans who support antifa in violation of their free speech rights. The approach also echoed justifications that both Johnson and Nixon used for domestic spying by the CIA: that such investigations were needed to determine whether government critics were being supported by foreign governments.
The wider sharing of law enforcement case files is also being driven by the administration’s abrupt decision to disband the Justice Department office that for decades coordinated the work of different agencies on major drug trafficking and organized crime cases. That office, the Organized Crime Drug Enforcement Task Force, was abruptly shut down on Sept. 30 as the Trump administration was setting up a new network of Homeland Security Task Forces designed by the White House homeland security adviser, Stephen Miller.
The new task forces, which were first described in detail by ProPublica last year, are designed to refocus federal law enforcement agencies on what Miller and other officials have portrayed as an alarming nexus of immigration and transnational crime. The reorganization also gives the White House and the Department of Homeland Security new authority to oversee transnational crime investigations, subordinating the DEA and federal prosecutors, who were central to the previous system.
That reorganization has set off a struggle over the control of OCDETF’s crown jewel, a database of some 770 million records that is the only central, searchable repository of drug trafficking and organized crime case files in the federal government.
Until now, the records of that database, which is called Compass, have only been accessible to investigators under elaborate rules agreed to by the more than 20 agencies that shared their information. The system was widely viewed as cumbersome, but officials said it also encouraged cooperation among the agencies while protecting sensitive case files and U.S. citizens’ privacy.
Although the Homeland Security Task Forces took possession of the Compass system when their leadership moved into OCDETF’s headquarters in suburban Virginia, the administration is still deciding how it will operate that database, officials said.
However, officials said, intelligence agencies and the Defense Department have already taken a series of technical steps to connect their networks to Compass so they can access its information if they are permitted to do so.
The White House press office did not respond to questions about how the government will manage the Compass database and whether it will remain under the control of the Homeland Security Task Forces.
The National Counterterrorism Center, under its new director, Joe Kent, has been notably forceful in seeking to manage the Compass system, several officials said. Kent, a former Army Special Forces and CIA paramilitary officer who twice ran unsuccessfully for Congress in Washington state, was previously a top aide to the national intelligence director, Tulsi Gabbard.
The FBI, DEA and other law enforcement agencies have strongly opposed the NCTC effort, the officials said. In internal discussions, they added, the law enforcement agencies have argued that it makes no sense for an intelligence agency to manage sensitive information that comes almost entirely from law enforcement.
“The NCTC has taken a very aggressive stance,” one official said. “They think the agencies should be sharing everything with them, and it should be up to them to decide what is relevant and what U.S. citizen information they shouldn’t keep.”
The FBI declined to comment in response to questions from ProPublica. A DEA spokesperson also would not discuss the agency’s actions or views on the wider sharing of its information with the intelligence community. But in a statement the spokesman added, “DEA is committed to working with our IC and law enforcement partners to ensure reliable information-sharing and strong coordination to most effectively target the designated cartels.”
Even with the Trump administration’s expanded definition of what might constitute terrorist activity, the information on terror groups accounts for only a small fraction of the records in the Compass system, current and former officials said.
The records include State Department visa records, some files of U.S. Postal Service inspectors, years of suspicious transaction reports from the Treasury Department and call records from the Bureau of Prisons.
Investigative files of the FBI, DEA and other law enforcement agencies often include information about witnesses, associates of suspects and others who have never committed any crimes, officials said.
“You have witness information, target information, bank account information,” the former OCDETF director, Thomas Padden, said in an interview. “I can’t think of a dataset that would not be a concern if it were shared without some controls. You need checks and balances, and it’s not clear to me that those are in place.”
Officials familiar with the interagency discussions said NCTC and other intelligence officials have insisted they are interested only in terror-related information and that they have electronic systems that can appropriately filter out information on U.S. persons.
But FBI and other law enforcement agencies have challenged those arguments, officials said, contending that the NCTC proposal would almost inevitably breach privacy laws and imperil sensitive case information without necessarily strengthening the fight against transnational criminals.
Already, NCTC officials have been pressing the FBI and DEA to share all the information they have on the criminal groups that have been designated as terrorist organizations, officials said.
The DEA, which had previously earned a reputation for jealously guarding its case files, authorized the transfer of at least some of those files, officials said, adding to pressure on the FBI to do the same.
Administration lawyers have argued that such information sharing is authorized by the Intelligence Reform and Terrorism Prevention Act of 2004, the law that reorganized intelligence activities after 9/11. Officials have also cited the 2001 Patriot Act, which gives law enforcement agencies power to obtain financial, communications and other information on a subject they certify as having ties to terrorism.
The central role of the NCTC in collecting and analyzing terrorism information specifically excludes “intelligence pertaining exclusively to domestic terrorists and domestic counterterrorism.” But that has not stopped Kent or his boss, intelligence director Gabbard, from stepping over red lines that their predecessors carefully avoided.
In October, Kent drew sharp criticism from the FBI after he examined files from the bureau’s ongoing investigation of the assassination of Charlie Kirk, the right-wing activist. That episode was first reported by The New York Times.
Last month, Gabbard appeared to lead a raid at which the FBI seized truckloads of 2020 presidential voting records from an election center in Fulton County, Georgia. Officials later said she was sent by Trump but did not oversee the operation.
In years past, officials said, the possibility of crossing long-settled legal boundaries on citizens’ privacy would have precipitated a flurry of high-level meetings, legal opinions and policy memos. But almost none of that internal discussion has taken place, they said.
“We had lengthy interagency meetings that involved lawyers, civil liberties, privacy and operational security types to ensure that we were being good stewards of information and not trampling all over U.S. persons’ privacy rights,” said Travers, the former NCTC director.
When administration officials abruptly moved to close down OCDETF and supplant it with the Homeland Security Task Forces network, they seemed to have little grasp of the complexities of such a transition, several people involved in the process said.
The agencies that contributed records to OCDETF were ordered to sign over their information to the task forces, but they did so without knowing if the system’s new custodians would observe the conditions under which the files were shared.
Nor were they encouraged to ask, officials said.
While both the FBI and DEA have objected to a change in the protocols, officials said smaller agencies that contributed some of their records to the OCDETF system have been “reluctant to push back too hard,” as one of them put it.
The NCTC, which faced budget cuts during the Biden administration, has been among those most eager to service the new Homeland Security Task Forces. To that end, it set up a new fusion center to promote “two-way intelligence sharing of actionable information between the intelligence community and law enforcement,” as Gabbard described it.
The expanded sharing of law enforcement and intelligence information on trafficking groups is also a key goal of the Pentagon’s new Tucson, Arizona-based Joint Interagency Task Force-Counter Cartel. In announcing the task force’s creation last month, the U.S. Northern Command said it would work with the Homeland Security Task Forces “to ensure we are sharing all intelligence between our Department of War, law enforcement and Intelligence Community partners.”
In the last months of the Biden administration, a somewhat similar proposal was put forward by the then-DEA administrator, Anne Milgram. That plan involved setting up a pair of centers where DEA, CIA and other agencies would pool information on major Mexican drug trafficking groups.
At the time, one particularly strong objection came from the Defense Department’s counternarcotics and stabilization office, officials said. The sharing of such law enforcement information with the intelligence community, an official there noted, could violate laws prohibiting the CIA from gathering intelligence on Americans inside the United States.
The Pentagon, he warned, would want no part of such a plan.
The SAFE act, introduced by Senators Mike Lee and Dick Durbin, is the first of many likely proposals we will see to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008—and while imperfect, it does propose a litany of real and much-needed reforms of Big Brother’s favorite surveillance authority.
The irresponsible 2024 reauthorization of the secretive mass surveillance authority Section 702 not only gave the government two more years of unconstitutional surveillance powers, it also made the policy much worse. But, now people who value privacy and the rule of law get another bite at the apple. With expiration for Section 702 looming in April 2026, we are starting to see the emergence of proposals for how to reauthorize the surveillance authority—including calls from inside the White House for a clean reauthorization that would keep the policy unchanged. EFF has always had a consistent policy: Section 702 should not be reauthorized absent major reforms that will keep this tactic of foreign surveillance from being used as a tool of mass domestic espionage.
What is Section 702?
Section 702 was intended to modernize foreign surveillance of the internet for national security purposes. It allows collection of foreign intelligence from non-Americans located outside the United States by requiring U.S.-based companies that handle online communications to hand over data to the government. As the law is written, the intelligence community (IC) cannot use Section 702 programs to target Americans, who are protected by the Fourth Amendment’s prohibition on unreasonable searches and seizures. But the law gives the intelligence community space to target foreign intelligence in ways that inherently and intentionally sweep in Americans’ communications.
We live in an increasingly globalized world where people are constantly in communication with people overseas. That means, while targeting foreigners outside the U.S. for “foreign intelligence Information” the IC routinely acquires the American side of those communications without a probable cause warrant. The collection of all that data from U.S telecommunications and internet providers results in the “incidental” capture of conversations involving a huge number of people in the United States.
But, this backdoor access to U.S. persons’ data isn’t “incidental.” Section 702 has become a routine part of the FBI’s law enforcement mission. In fact, the IC’s latest Annual Statistical Transparency Report documents the many ways the Federal Bureau of Investigation (FBI) uses Section 702 to spy on Americans without a warrant. The IC lobbied for Section 702 as a tool for national security outside the borders of the U.S., but it is apparent that the FBI uses it to conduct domestic, warrantless surveillance on Americans. In 2021 alone, the FBI conducted 3.4 million warrantless searches of US person’s 702 data.
The Good
Let’s start with the good things that this bill does. These are reforms EFF has been seeking for a long time and their implementation would mean a big improvement in the status quo of national security law.
First, the bill would partially close the loophole that allows the FBI and domestic law enforcement to dig through 702-collected data’s “incidental” collection of the U.S. side of communications. The FBI currently operates with a “finders keeper” mentality, meaning that because the data is pre-collected by another agency, the FBI believes it can operate with almost no constraints on using it for other purposes. The SAFE act would require a warrant before the FBI looked at the content of these collected communications. As we will get to later, this reform does not go nearly far enough because they can query to see what data on a person exists before getting a warrant, but it is certainly an improvement on the current system.
Second, the bill addresses the age-old problem of parallel construction. If you’re unfamiliar with this term, parallel construction is a method by which intelligence agencies or domestic law enforcement find out a piece of information about a subject through secret, even illegal or unconstitutional methods. Uninterested in revealing these methods, officers hide what actually happened by publicly offering an alternative route they could have used to find that information. So, for instance, if police want to hide the fact that they knew about a specific email because it was intercepted under the authority of Section 702, they might use another method, like a warranted request to a service provider, to create a more publicly-acceptable path to that information. To deal with this problem, the SAFE Act mandates that when the government seeks to use Section 702 evidence in court, it must disclosure the source of this evidence “without regard to any claim that the information or evidence…would inevitably have been discovered, or was subsequently reobtained through other means.”
Next, the bill proposes a policy that EFF and other groups have nonetheless been trying to get through Congress for over five years: ending the data broker loophole. As the system currently stands, data brokers who buy and sell your personal data collected from smartphone applications, among other sources, are able to sell that sensitive information, including a phone’s geolocation, to the law enforcement and intelligence agencies. That means that with a bit of money, police can buy the data (or buy access to services that purchase and map the data) that they would otherwise need a warrant to get. A bill that would close this loophole, the Fourth Amendment is Not For Sale Act passed through the House in 2024 but has yet to be voted on by the Senate. In the meantime, states have taken it upon themselves to close this loophole with Montana being the first state to pass similar legislation in May 2025. The SAFE Act proposes to partially fix the loophole at least as far as intelligence agencies are concerned. This fix could not come soon enough—especially since the Office of the Director of National Intelligence has signaled their willingness to create one big, streamlined, digital marketplace where the government can buy data from data brokers.
Another positive thing about the SAFE Act is that it creates an official statutory end to surveillance power that the government allowed to expire in 2020. In its heyday, the intelligence community used Section 215 of the Patriot Act to justify the mass collection of communication records like metadata from phone calls. Although this legal authority has lapsed, it has always been our fear that it will not sit dormant forever and could be reauthorized at any time. This new bill says that its dormant powers shall “cease to be in effect” within 180 of the SAFE Act being enacted.
What Needs to Change
The SAFE Act also attempts to clarify very important language that gauges the scope of the surveillance authority: who is obligated to turn over digital information to the U.S. government. Under Section 702, “electronic communication service providers” (ECSP) are on the hook for providing information, but the definition of that term has been in dispute and has changed over time—most recently when a FISA court opinion expanded the definition to include a category of “secret” ECSPs that have not been publicly disclosed. Unfortunately, this bill still leaves ambiguity in interpretation and an audit system without a clear directive for enforcing limitations on who is an ECSP or guaranteeing transparency.
As mentioned earlier, the SAFE Act introduces a warrant requirement for the FBI to read the contents of Americans’ communications that have been warrantlessly collected under Section 702. However, the law does not in its current form require the FBI to get a warrant before running searches identifying whether Americans have communications present in the database in the first place. Knowing this information is itself very revealing and the government should not be able to profit from circumventing the Fourth Amendment.
When Congress reauthorized Section 702 in 2014, they did so through a piece of policy called the Reforming Intelligence and Securing America Act (RISAA). This bill made 702 worse in several ways, one of the most severe being that it expanded the legal uses for the surveillance authority to include vetting immigrants. In an era when the United States government is rounding up immigrants, including people awaiting asylum hearings, and which U.S officials are continuously threatening to withhold admission to the United States from people whose politics does not align with the current administration, RISAA sets a dangerous precedent. Although RISAA is officially expiring in April, it would be helpful for any Section 702 reauthorization bill to explicitly prohibit the use of this authority for that reason.
Finally, in the same way that the SAFE Act statutorily ends the expired Section 215 of the Patriot Act, it should also impose an explicit end to “Abouts collection” a practice of collecting digital communications, not if their from suspected people, but if their are “about” specific topics. This practice has been discontinued, but still sits on the books, just waiting to be revamped.
ICE has been telling itself all it needs to do is write its own paperwork and it can do whatever it wants. Memos — passed around secretively and publicly acknowledged by no one but whistleblowers — told ICE agents they don’t need judicial warrants to arrest people or enter people’s homes.
All they need — according to acting director Todd Lyons, who issued the memos — is paperwork they could create and authorize without any need to seek the approval of anyone else. ICE calls them warrants but they’re just self-issued paperwork in which the officer says a person needs to be arrested and then signs it. That’s it. The review process begins and ends at the same desk. If the agent swears it to be true, he’s only swearing it to himself, which means every finger can be crossed and every “fact” can be fiction.
Courts aren’t having it. ICE’s internal memos may claim there’s no need for the Constitution to come between them and their mass deportation efforts, but that doesn’t mean the Constitution agrees to be sidelined. The courts are stepping in with increasing frequency to protect constitutional rights. A lot of activity in recent months has focused on the due process rights being denied to detainees.
More recent activity is focusing on the Fourth Amendment which, if violated, naturally lends itself to other rights violations. Via Kyle Cheney of Politico (who has been tracking these cases since Trump’s most recent election) comes another case where a federal judge refuses to play along with ICE’s unconstitutional game of charades.
The opening paragraph of this opinion [PDF] lays out the facts. And they are ugly.
ICE officers are casting dragnets over Oregon towns they believe to be home to agricultural workers, calling them “target rich.” Landing in those communities, officers surveil apartment complexes in the early morning hours, scan license plates for details about the vehicles’ owners, and wait for them to get into their vehicles. Officers then stop, arrest, detain and transport people out of the District of Oregon to the Northwest ICE Processing Center (“NWIPC”), 144 miles away in Tacoma, Washington, before ultimately deporting them. Sworn testimony and substantial evidence before this Court show that ICE officers ask few questions and allow little time before shattering windows, handcuffing people, and detaining them at an ICE facility in another state.
There’s no “worst of the worst” going on here. These are the actions of masked opportunists who know the only way to make the boss happy is to value quantity over quality. Untargeted dragnets cannot possibly rely on probable cause, even considering Justice Kavanaugh’s blessing of racial profiling. Given this — and the administration’s desire to see 3,000 arrests per day — immigration officers can’t even be bothered to issue administrative warrants, much less secure judicial warrants, before performing arrests.
The Oregon courts drives home the point in the next paragraph (emphasis in the original):
The law on this issue is clear and undisputed. An ICE officer may arrest someone if the officer obtains in advance a warrant for their arrest. If the officer does not have a warrant, they cannot arrest someone unless they have probable cause to believe that both (1) the individual is in the United States unlawfully and (2) they are “likely to escape before a warrant can be obtained.”
The government’s response to this could be generously called “implausible.” It’s more accurately “risible” and backed by absolutely nothing that can’t be immediately contradicted by literally everything everywhere, as the court points out.
Plaintiffs challenge ICE’s practice of abusing its arrest power by failing to meet those criteria before arresting, detaining, and deporting people. Defendants do not—and could not— argue that this practice is lawful. Rather, they argue that there is no such practice, and that the myriad cases presented to this Court are mere coincidence.
But there is “such practice.” It’s impossible to deny it, even though the government tried to. The court isn’t interested in the government’s deflections and straight-up lies. It’s here to compare the facts to the law. Here are the facts:
[T]he overwhelming evidence in this record confirms that ICE officers targeted Woodburn and other cities in Oregon because of the large number of agricultural workers living in those areas. Officer testimony regarding human smuggling serves only as an inappropriate pretextual reason for developing reasonable suspicion for a stop. That officer also testified that he believed the van was suspicious because it had tinted windows and did not have any commercial markings.
When asked what gave the officers “reasonable suspicion that there may have been a crime afoot or that the folks in the van may not have had legal status,” the officer noted that the registered owner of the van had an immigration history, and that “[p]eople are being — going into a van early in the morning.” The officers did not have the identities of anyone in the van and they were not pursuing any known targets.The officers did not have a warrant for M-J-M-A-’s arrest.
Here’s more:
The evidence also demonstrates ICE’s practice of fabricating warrants after arrests were made. Tr. 306 (if an officer “encountered a file that did not have a warrant for arrest, an I-200,” he would create one); Tr. 356 (officer affirming that “for any case” involving a warrantless arrest, he would “create a warrant for the arrest after” individuals were detained at ICE field offices). This practice of creating warrants after the fact is highly probative of ICE’s failure to make individualized determinations of one’s escape risk prior to arresting them. That is especially true where, as in M-J-M-A-’s case, the encounter narratives for arrestees were exactly “the same.” Tr. 401.
Heading towards the granting of requested restraining order, the court makes it explicitly clear that federal immigration officers are routinely violating constitutional rights:
The Court finds that ample evidence in this case demonstrates a high likelihood—if not a certainty—that Defendants are engaging in a pattern and practice of unlawful conduct in Oregon…
And if it’s unlawful in Oregon, it’s illegal everywhere in the United States. Nothing in this order relies on Oregon’s state Constitution. Everything here falls under the minimum standard set by the US Constitution and its amendments.
The order ends with a stark warning — one that makes it clear what’s happening now is not only extremely abnormal, but a threat to the Republic itself.
It is clear that there are countless more people who have been rounded up, and who either remain in detention or have “voluntarily” deported than those, like M-J-M-A-, who were fortunate enough to find counsel at the eleventh hour. Defendants benefit from this blitz approach to immigration enforcement that takes advantage of navigating outside of the boundaries of conducting lawful arrests. For the one detainee who has the audacity to challenge the legality of her detention and gains release, several more remain detained or succumb to the threat of lengthy detention, and then instead “voluntarily” deport. Defendants win the numbers game at the cost of debasing the rule of law.
Finally, this Court has previously described ICE officers’ field enforcement conduct as brutal and violent. The practices are intended to strike fear across large numbers of people throughout Oregon. The persistent intensity of regular ICE immigration enforcement operations may very well have the intended effect of normalizing this level of violence. If this normalization continues, then even greater harm will be inflicted.
This is all much larger than the individuals who have somehow managed to challenge this administration’s deportation activities. This is only where it begins. If the courts can’t get this shut down, this rot will be deliberately spread to cover anyone who isn’t sufficiently deferential to the authoritarians ensconced in the GOP.
