If you’ve been following EFF’s work, you’ll know that we’ve been fighting against the creeping surveillance state for over 20 years. Often, this means pushing back against the National Security Agency’s dragnet surveillance programs, but as new technology becomes available, new threats emerge.

Here are some of the biggest legislative fights we had in 2017.

FISA Section 702

Section 702 is a surveillance authority that is part of the FISA Amendments Act of 2008. It was created as a way for the intelligence community to collect foreign intelligence from non-Americans located outside of the United States. However, the way the law is currently written allows the NSA to “incidentally” collect communications from an untold number of Americans. We say “untold” because the government has never disclosed how many law-abiding Americans have had their communications vacuumed up by the NSA and other intelligence gathering organizations. In addition to being used to prevent terrorism, Section 702 allows for that collected information to be used in ordinary law enforcement activities. As we have witnessed in several recent Congressional hearings, even members of Congress tasked with overseeing these programs literally don’t know how many Americans have been impacted by this program because the FBI, the DOJ, and the NSA have refused repeated requests share that information.

Section 702 authority was set to expire on December 31, 2017, which means that Congress had a chance to make the many necessary changes needed to protect their constituents from excessive government surveillance. Various members of Congress have introduced some great bills, but other bills do nothing to prevent unwarranted dragnet surveillance.

We are disappointed that Congress hasn’t prioritized having a transparent debate about how law enforcement and intelligence agencies should be using their spying authorities while also respecting Americans’ Fourth Amendment rights. Sadly, as we approached the potential sunset of Section 702 at the end of the year with no consensus in sight, Congressional leadership punted by tacking a three week extension of Section 702 into a must-pass spending bill. The new deadline is January 19, 2017, and we hope that this time, Congress will use this opportunity to end warrantless, unconstitutional surveillance for good.

No matter what happens, we stand ready to continue the fight to rein in sweeping spying programs.

Facial Recognition and other Biometric Screening

In 2004, the U.S. Department of Homeland Security (DHS) began biometric screening of foreign citizens upon their arrival in the U.S. In 2016, DHS launched a pilot program to expand facial recognition screening to U.S. citizens, in addition to foreign travelers, on a daily international flight out of Atlanta. This summer, DHS has gone even further, and has started working to expand the screening to all travelers on certain flights out of certain airports, with the list of airports growing. Customs and Border Protections (CBP) has also announced plans to expand their facial recognition program to land borders in 2018, requiring any person driving into the U.S. to submit to biometric screening. DHS executives have even been quoted as saying that they would like to substitute biometric screenings at every place in the airport where we currently have to show ID.

While Congress did authorize automated tracking of foreign citizens as they enter and exit the U.S. in 1996, they have not authorized this intrusion into the lives of American travelers. DHS expanded these programs on their own, backed by President Trump’s revised travel ban.

Several Members of Congress are scrambling to codify DHS’s increased biometric surveillance, introducing several bills in 2017, such as Sen. Cornyn’s bill S. 1757, Sen. Thune’s bill S. 1872, Rep. McCaul’s bill H.R. 3548, and others. These bills would both authorize these programs, and in some cases, expand them even further. Additionally, it’s possible that expanded biometric screening could be included in upcoming legislation that contains permanent changes to DACA.

As we have written extensively, biometric screening, and especially its implementation as a law enforcement tool, is inherently problematic. Our faces are easy to capture and hard to change. Plus, facial recognition has significant accuracy problems, especially for non-white travelers. One of the biggest problems of this screening is data security. The Equifax database breach was a grave violation of privacy, based just on release of numbers (like dates of birth and Social Security numbers). The risk to privacy posed by breach of biometric databases is even greater. The government must answer questions about how the data will be stored, how long it will be stored, and how they will ensure that data is kept secure.

Our governments should not try to force us to abandon travel in order to protect the privacy of our faces. We will continue to oppose such bills that endanger Americans’ privacy, watch for biometric screening language sneaking into other bills, and work with our allies in Congress to beat back these threats to privacy.

Cell Site Simulators Devices

At the beginning of 2017, we were heartened when the House Oversight and Government Reform Committee (OGR) issued a bipartisan report acknowledging and detailing police abuse of cell-site simulators, also known as stingrays. OGR’s report also called on Congress to pass legislation requiring that this technology only be deployed based on a court-issued probable cause warrant. We agree that Congress should set forth clear guidelines like this on the limits of this authority.

Sadly, Congress has not yet passed this legislation, even as news broke that demonstrated how necessary these limits are. Through a FOIA request, Buzzfeed found that DHS used cell-site simulators 1,885 times from January 2013 through to October 2017 throughout the United States. However, how and why DHS used these devices remains unclear.

Sen. Ron Wyden asked these questions, sending a letter to U.S. Immigration and Customs Enforcement (ICE) requesting information on the agency’s use of the devices. Sen. Wyden asked what policies govern the use of stingrays in law enforcement operations, and what steps ICE takes to limit the interference on innocent Americans. ICE responded by saying that cell site simulators are allowed both under current law and current policy. ICE maintains that there is “virtually” no interference with “non-targeted” devices, though they offer no evidence to that effect. Similarly, ICE claims that their use of cell-site simulators is limited and current policy only allows their use with probable cause warrants.

While we are glad to know that ICE has a policy around these devices, we also know that policies can be easily changed. Given the expansion of cell-site simulator snooping under this Administration, we will continue to work with Congress to create more effective, legislative protections against law enforcement overreach.

Going into 2018

As surveillance technology becomes cheaper and more accessible, law enforcement and intelligence agencies are going to continue to seek access to it, often at great cost to our privacy. Our increasingly digital lives show the growing need for ironclad privacy protections, and EFF plans to continue leading this fight for your rights in 2018 and beyond.

This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2017.

Like what you're reading? Support digital freedom defense today!