The House on Wednesday approved a bill that would limit how the government can purchase data from third parties — legislation that scored a vote after negotiations with a group of GOP colleagues who briefly tanked a vote on warrantless spy powers.
Dubbed the Fourth Amendment is Not For Sale, the legislation passed 219-199. It requires law enforcement and other government entities to get a warrant before buying information from third-party data brokers who purchase information gleaned from apps.
Division over the bill forged familiar fault lines to those seen in the debate over Section 702 of the Foreign Intelligence Surveillance Act (FISA), linking both conservatives and progressives who want greater privacy protections and pitting them against members from both parties who fear such protections could undercut an important law enforcement tool.
Those in favor of the bill argue the government should have to get a warrant before buying the commercially available information to carry out law enforcement activities.
“If the government wants to track a suspect today, they could go through the trouble of establishing probable cause and getting a warrant. Or federal law enforcement could simply purchase data from a third party about the target of their operation,” House Judiciary ranking member Jerry Nadler (D-N.Y.), a co-sponsor of the bill, said during debate.
“If that purchased data included location data for their subject, they would have no need for checks and balances, no need for a warrant, and during an ensuing criminal trial, no obligation even to tell the court how they obtained the initial data in the first place.”
“We have the Fourth Amendment for a reason,” Nadler continued. “If law enforcement wants to gather information about you, they should first obtain a warrant.”
Rep. Warren Davidson (R-Ohio), the sponsor of the bill, pegged it as a reinforcement of Fourth Amendment protections against unreasonable searches and seizures.
“The reality is the technology today effectively puts the government everywhere we go. We all essentially have a digital ID, a phone number. And we carry it with us. It’s tracked. It goes to your car. Your car spies on you as well. This data is being collected,” he said.
“Nothing in this bill would prohibit a search paid for or otherwise of public information. It would, however, restore privacy protections, grossly infringed by current practices.”
Still, it garnered pushback from House Intelligence Committee members, the White House and voices in the law enforcement community.
“It generally would prohibit the intelligence community and law enforcement from obtaining certain commercially available information — subject only to narrow, unworkable exceptions. It does not affect the ability of foreign adversaries or the private sector to obtain and use the same information, thus negating any privacy benefit to U.S. persons while threatening America’s national security,” the White House wrote in a statement of administrative policy.
“Responsible access to, and use of, commercially available information is critical to scores of vital missions carried out on behalf of the American people.”
House Intelligence Chair Mike Turner (R-Ohio) argued the bill was poorly written, with broad language and few exceptions.
“The bill bans law enforcement from paying for information available to any willing buyer in all contexts. There is no exception. Zero. There is no exception to even allow law enforcement to pay for stolen information to investigate and solve identity theft, data theft, data breaches, ransomware attacks. The bill will not make people safer,” he said.
The bill was a top priority of GOP privacy hawks in the House, who negotiated a stand-alone vote for the legislation after failing to attach it to the broader legislation reauthorizing FISA 702.
But Rep. Jim Himes (D-Conn.), ahead of its separation from FISA 702, said the fast-tracking of the bill left for little consideration of something that would have sweeping consequences.
“What are we going to do? We’re going to prohibit the CIA from buying data without ever having a hearing in Intel?” Himes said last week before it was clear the provision would get its own vote on the House floor.
“It’s very saddening because it’s a super interesting topic. We probably should regulate it maybe more than we are today. But it just should not be brought out of nowhere.”
Senior administration officials said the measure would blind U.S. intelligence outfits from getting information easily purchased by foreign intelligence operations.
“In practice, these standards make it impossible for the [intelligence community], law enforcement to acquire a whole host of readily available information that they currently rely on,” an administration official said.
“Covered customer records as defined in the bill is very broad and includes records pertaining to any U.S. person or indeed any foreigner inside the United States. And as a practical matter, there’s often no way to establish whether a particular individual was in the U.S. at a particular time a piece of data was created. Unless you did one thing, which is paradoxically to intrude further into their privacy just to figure out whether you could obtain some data.”
“It can be impossible to know what’s in a data set before one actually obtains a data set,” the official continued. “So you’d be barred from getting that which you don’t even know.”