Newborn screening is performed on millions of babies in the U.S. every year to test for rare genetic diseases and, when necessary, allow for early treatment. While newborn screening is mandated by the federal government, each state runs its own screening program. Importantly, individual states manage how newborn screening data is stored and, potentially, accessed and used in the future. While such data is often used for quality assurance testing and clinical research, there have been  instances of law enforcement subpoenaing newborn screening data for use in criminal investigations. For example, New Jersey used newborn screening data to investigate a decades-old sexual assault This raises major concerns about overall transparency of data use and  privacy in the newborn screening process. 

The incoming administration should encourage states to develop data handling standards for newborn screening data. Specifically these standards should include how long data is stored and who can access it. This can be accomplished by directing the Health and Human Services’ (HHS) Federal Advisory Committee on Heritable Disorders in Newborns and Children (ACHDNC) to provide recommendations that clearly communicate data use and privacy measures to state health departments. In addition, the incoming administration should also encourage development of increased educational materials for parents to explain these privacy concerns, and create funding opportunities to incentivize both of these measures.

Challenge and Opportunity

Newborn screening is a universal practice across the United States. Blood samples are taken from infants only a few days old to test for a variety of genetic diseases such as phenylketonuria, which can cause intellectual disability that can be prevented through changes in diet—if it is caught early enough. These blood samples can be used for both metabolic and genetic tests, depending on which disease is being tested for and how it is detected.  Phenylketonuria, for example, is detected by high levels of a molecule called phenylalanine in the blood, while spinal muscular atrophy (SMA) is detected by changes in the genetic sequence of the gene associated with SMA. Newborn screening is an essential practice that identifies a wide range of severe diseases before symptoms occur, and three babies out of every 1,000 are identified with a genetic condition. 

While newborn screening is required by the federal government, each state can determine which panel of diseases are tested. The Department of Health and Human Services established an Advisory Committee on Heritable Disorders in Newborns and Children (ACHDNC), which regularly updates a Recommended Uniform Screening Panel (RUSP) with conditions. For example, SMA was approved to the RUSP in 2018, and all 50 states have now added SMA to their screening panels.  Much of the effort to both nominate conditions to the federal RUSP and to encourage individual states to adapt spinal muscular atrophy testing was led by patient advocacy groups such as CureSMA, and these sorts of groups play a significant role in the addition of future conditions. Similar efforts are underway for Krabbe disease, which was added to the RUSP in 2024  and is currently screened for in only twelve states, a number that may increase in the coming years as more states consider adding it to their panels.   State advisory boards will review new disease nominations and, along with their status on the RUSP, will often consider how prevalent a disease is, if there are treatments available for the disease, and cost-effectiveness of screening for this condition.  Regardless of which tests are performed, every state participates in newborn screening. Importantly, newborn screening does not require affirmative consent from parents—some states offer opt-out options, generally for religious reasons, but 98% of infants are screened. 

Mandatory newborn screening programs have led health departments across the country to obtain genetic data from nearly every child in the country for decades. With recent developments in genetic sequencing technologies, this means that, theoretically, this newborn screening data could be repurposed for other functions. In 2022, the New Jersey Office of the Public Defender filed a lawsuit against the New Jersey Department of Health for complying with a subpoena to provide newborn screening data to the police as part of a sexual assault investigation. Specifically, law enforcement subpoenaed the blood sample of a suspect’s child, which they used to perform new DNA analysis to match DNA crime scene evidence. The lawsuit reveals that the New Jersey Department of Health has retained newborn screening blood spots for over twenty years; that the data obtained from the subpoena was used to bring criminal charges for a crime committed in 1996; and that the Office of the Public Defender were not provided information about how many similar subpoenas have been complied with in the past. 

This case highlights the bigger issue of newborn screening data as the United States’ “hidden national DNA database.” Law enforcement has potential access to decades of samples that can be used for genetic analysis that were not intended for law enforcement use. Police in other states like California have also sought access to newborn screening databases for investigational purposes. In California, the state health department keeps samples indefinitely, and not only is this information not disclosed to parents, it no longer provides parents with an opt-out option. As law enforcement agencies across states begin to understand the magnitude of data that can be found in these databases, it is becoming clear that health department policies for regulating access to these data are lacking. 

Using genetic data in law enforcement has become increasingly common. The practice of “investigative genetic genealogy,” or IGG, has made national headlines in recent years, in which law enforcement can access genetic data from publicly available databases to use in criminal investigations. These databases are full of genetic data that consumers who participate in direct-to-consumer genetic testing, such as 23andMe, can use to voluntarily upload and share their data with more people. IGG presents its own privacy concerns, but it is important to recognize the voluntary nature of both (a) participating in direct-to-consumer testing and (b) uploading it to a third-party website. Newborn screening, on the other hand, is not an optional practice.  

Proponents of IGG argue that using genetic data is very effective at not only catching killers—and doing so quicker than without DNA data—but also exonerating innocents.  However, this fact does not outweigh the major issues of privacy, transparency, and the fact that this approach potentially violates the fourth amendment’s protections against unreasonable search and seizures—especially when it comes to incorporating newborn screening data into these approaches. A previous court case found a hospital in violation of the fourth amendment for providing law enforcement with warrantless drug screening results from pregnant women, even though the women were under the impression they were receiving diagnostic tests. The Supreme Court argued that the hospital’s actions break down public trust in the health system, as patients have a “reasonable expectation of privacy” regarding their test results. While cases of subpoenaing newborn screening data may not currently violate any legal procedure, allowing law enforcement access to these data for use in future investigations, particularly without informing the individuals or parents involved, may also erode trust in the health system. This may lead to parents—when given the option—to opting out of newborn screening programs more often, leading to an increase in genetic and metabolic disorders going undiagnosed in newborns and causing major health problems in the future. In addition, with many scientists advocating for adopting whole-genome sequencing of newborns—instead of simply sequencing a panel of genes that are commonly identified as disease-causing in newborns—the amount of potential available genetic data could be staggering.  As a result, the incoming administration needs to take action to address the lack of transparent policies regarding newborn screening data in order to maintain its success as a public health measure.

Plan of Action

Current genetic privacy legislation

The landscape of genetic privacy legislation is, currently, somewhat patchwork. At the federal level, the most relevant legislation includes (1) the Genetic Information Nondiscrimination Act (GINA), (2) the Affordable Care Act (ACA), and (3) the Health Insurance Portability and Accountability Act (HIPAA). GINA specifically prohibits genetic discrimination in health insurance and in the workplace. This means that health insurers cannot deny coverage based on genetic data, and employers cannot make hiring, firing, or promotion decisions based on genetic data. The ACA strengthens GINA’s stipulation against genetic discrimination in health insurance by mandating that any health insurance issuer must provide coverage to whomever applies, as well as including genetic information on the list of factors that cannot be considered when determining overage or premium costs. HIPAA additionally regulates genetic data gathered in a healthcare setting, which includes newborn screening data, but HIPAA-protected information can be shared at the request of a court order or subpoena. The FBI developed an interim policy regarding all types of forensic genetic genealogy—often used with direct-to-consumer genetic tests but could also be applicable to newborn screening—which states the criteria required for investigators to use this approach. Criteria includes the requirement that a case must be an unsolved violent crime. In addition, the interim policy states that investigative agencies must identify themselves as law enforcement—a previous case was solved by accessing genetic databases without disclosing this information to the database—and that any collected data must be destroyed upon conclusion of the case.

Additionally, many states have additional laws that strengthen genetic privacy regulation on top of federal regulations. Maryland  passed a bill that regulates the use of genetic data in criminal investigations—specifically, it requires that law enforcement obtains informed consent from non-suspects before using their DNA in investigations. Other recent state regulations that address law enforcement access to genetic data in one way or another include Montana, which requires government agencies to obtain a warrant to access genetic data, and Tennessee, which explicitly allows law enforcement to access genetic data as long as they obtain a warrant or subpoena. Importantly, many of these laws are geared more towards addressing genetic data from direct-to-consumer testing and do not directly apply to newborn screening. Like federal legislation, state genetic privacy legislation is largely lacking in policies to address the use of newborn screening by law enforcement. 

On top of legislation regarding genetic privacy, states all have their own respective policies regarding newborn screening that vary dramatically. For example, a court in Minnesota found that nonconsensual storage of newborn screening data for use outside of genetic screening purposes violates the state genetic privacy law stating that genetic information can only be distributed with an individual’s written consent, leading to Minnesota destroying its newborn screening samples. Other states have no legislation at all. Additionally, states can have laws addressing other, non-law enforcement uses of newborn screening data; another major use of newborn screening data is research. 

Policy Recommendations

The incoming administration should address the lack of transparency in newborn screening data management by implementing the following recommendations:

Direct the ACHDNC to develop national recommendations detailing standards for newborn genetic screening sample and data handling.

These standards should include:

Standards for what the data can be used for outside of newborn screening, and by whom. Newborn screening data is used in additional ways outside of law enforcement; it can also be used for quality assurance to help ensure tests are working properly, to help develop new tests, and in clinical trials. There are compelling arguments for these uses; for clinical research, for example, this data can contribute towards research studying the disease the child may have been diagnosed with. However, for the sake of transparency, policy should state specifically what newborn genetic data can and cannot be used for, and who is allowed access to the data under these circumstances. For instance, Michigan has a program called the Michigan BioTrust, which takes the leftover, de-identified newborn screening samples for use in research towards understanding disease. Parents can choose to opt in or out at the time of screening, and parents—as well as children, upon turning 18—can change their mind and have their data removed later if they so choose. Regardless of state decisions on whether law enforcement should be able to access their newborn screening data, clearly stating what the data can be used for overall is paramount for parents to understand what happens to their children’s samples.

The length of time that blood samples and genetic data can be stored in state databases, and when, if ever, the data will be destroyed. As detailed by the lawsuit, New Jersey had been storing samples for over twenty years, although parents were not actually aware of this fact until the lawsuit was filed; potentially in response to this lawsuit, starting in November 2024, New Jersey will be destroying blood spots older than 2 years. Similarly, Delaware stores blood spot samples for three years before destroying them. While there is no definitive answer to what the best timeline for saving samples is, establishing a transparent timeline for how long samples can be stored in each state will improve data handling transparency.

What say, if any, do parents have in what is done with their child’s samples and data. In Texas, after a lawsuit determining that storing newborn screening samples without consent was against the law, parents have the right to request their child’s samples be destroyed if they so choose. Developing policies that allow parents—or children themselves, once they become adults—to have a say in what happens to the samples after screening is completed would provide individuals control of their data without disincentivizing testing. 

Partner with state advisory boards to develop educational materials for parents detailing ACHDNC recommendations and state-specific policy.

While newborn screening is mandated, there is variable information available to parents regarding what is done with the data. For example, Michigan has an extensive Q&A page on their Department of Health website addressing many major newborn screening-related questions, including a section addressing what is done with samples after screening is complete. In contrast, West Virginia’s Q&A page does not address what happens to the samples after testing.  Not only would developing standard policies for data handling be beneficial, but improving the dissemination of such information to parents would increase overall transparency and improve trust in the system. The incoming administration should work closely with state advisory boards to improve the communication of newly-developed data handling standards to parents and other relevant parties.

Incentivize development of plans by providing grant opportunities to state health departments to support newborn screening programs.

Currently, newborn screening programs receive no direct federal funding; however, costs include operating costs, testing equipment, and personnel on top of the tests themselves. In general, newborn screening is paid for through a fee for the tests, which are often covered by the parents’ health insurance, or the State Children’s Health Insurance Program or Medicaid. However, grants such as the NBS Co-Propel have been awarded to states in the past for creating improvements in their newborn screening programs such as support for long-term follow up on patients that have positive test results returned to them. The Co-Propel grant was administered through the Maternal & Child Health Bureau (MCHB) of Health and Human Services; the incoming administration could recommend that MCHB initiates a new funding opportunity for states to either develop data storage standards and/or educational materials for families to encourage the adaptation of these standards.

Conclusion

Newborn genetic screening is an essential public health measure that saves thousands of lives each year by identifying diseases in newborns that can either be prevented early or treated immediately rather than waiting until severe symptom onset. However, with the advent of new genetic technologies and the burgeoning use of newborn genetic screening data in law enforcement investigations, major privacy and transparency issues are becoming known to parents, potentially putting trust in the newborn screening process at risk. This could reduce desire to participate in these programs, leading to an inability to quickly diagnose many preventable or treatable conditions. The incoming administration should work towards encouraging state health departments to develop clear and well-communicated data storage standards for newborn screening samples in order to combat these concerns moving forward.

This action-ready policy memo is part of Day One 2025 — our effort to bring forward bold policy ideas, grounded in science and evidence, that can tackle the country’s biggest challenges and bring us closer to the prosperous, equitable and safe future that we all hope for whoever takes office in 2025 and beyond.

Frequently Asked Questions

How does newborn screening actually work?

Newborn screening is performed by pricking a newborn’s heel to obtain a blood sample, or “blood spot,” within two days of being born. These blood spot samples are used for both metabolic tests and genetic tests. Metabolic tests measure different molecules in the blood that might signal a disease, such as high levels of an amino acid called phenylalanine, which in healthy amounts is used by our bodies to make proteins and in high amounts can cause phenylketonuria. Genetic tests are performed by sequencing a panel, or selection, of genes that are often associated with newborn screening diagnoses; often, genetic testing is performed after a positive hit on a metabolic test to both confirm and further clarify the diagnosis.

read more

What does the Advisory Committee on Heritable Disorders in Newborns and Children do?

The role of the Advisory Committee on Heritable Disorders in Newborns and Children (ACHDNC) is to communicate with the Secretary of the Department of Health and Human Services regarding newborn screening policies. This not only includes managing the Recommended Uniform Screening Panel, but also providing advice on grants and research projects related to newborn screening research, assistance with developing policies for state and local health departments for newborn screening implementation, and recommendations towards reducing child mortality from the diseases screened.

read more

What is included in the Recommended Uniform Screening Panel?

The Recommended Uniform Screening Panel (RUSP) is the list of disorders recommended for newborn testing. As of July 2024, the RUSP contains 38 “core conditions,” which are conditions that states specifically test for, and 26 “secondary conditions,” which are conditions that physicians may identify incidentally while screening for core conditions. New conditions can be added, and conditions can be moved between categories if the advisory board chooses to do so. These conditions include metabolic disorders such as phenylketonuria, endocrine disorders such as thyroid disorders, hemoglobin disorders such as sickle cell anemia, and others such as cystic fibrosis.

read more

Where can I learn more about genetic privacy laws by state?

The National Human Genome Research Institute has a searchable database that details the different state genetic privacy laws, including their legislative status and a summary of their intended purpose. These laws have many goals, including expanding protections against genetic discrimination, research subject protections, artificial intelligence, and more.

read more

Surveillance has been used on civil rights activists, organizations, and protesters for decades by federal and local law enforcement. Some past victims of government spying include Martin Luther King Jr., Angela Davis, Jane Fonda, American Indian Movement, United Farm Workers, and the National Lawyers Guild. These activists and organizations were subjected to traditional surveillance tactics such as wiretapping and infiltration.

Today, surveillance looks different as technological advances have made it increasingly easy to track someone’s whereabouts, communications, and inner thoughts based on browser history, all without leaving an office. This level of digital surveillance has a chilling effect on people’s First Amendment rights, because a person may choose to censor themselves online or be reluctant to engage in political expression, such as attending a protest, due to their fear of being watched and retaliated against.

This report is the result of research that tries to answer the fundamental question: what can civil society do to fight back against the growing trend of widespread digital surveillance, particularly in the state of New York? New York is the focus of this research project because of the state’s widespread use of surveillance technology, particularly in New York City, and the strong activism within the state that works to improve the lives of marginalized communities.

Social justice organizations play an instrumental role in society through their organizing and fighting for civil rights. This report provides these organizations information on current surveillance practices and how these practices may impact the communities that they serve. The first section of the report provides a short roadmap on the recent history of digital surveillance in different contexts such as immigration, environmental justice, criminal legal system, housing, and the workplace. The next section will speak on pending and finalized legislation that could be helpful or harmful towards achieving the obliteration of surveillance. The third section will describe strategies organizations can take to help combat surveillance in their communities. Lastly, the report provides a list of legal organizations that are well versed in this arena and attuned to technological advances.

A Current History of Digital Surveillance

Before diving into action, it’s important to provide an overview of the types of  surveillance that many communities may be subjected to. This section will demonstrate how widespread surveillance is and provide background stories on the surveillance activist communities face within the immigration, environmental rights, criminal legal system, housing, and workplace context.

Immigration

There have been a growing number of surveillance tactics used against activists, migrants, journalists, and attorneys in the immigration space. In 2019, NBC 7 San Diego reported that federal agencies were keeping and sharing a secret database of an attorney, journalists, organizers, and “instigators” who had previously  worked at the U.S.-Mexico border.  The database contained photos of each person, obtained from the person’s passport or social media accounts.  It also included personal information such as the person’s work and travel history, names of their family members, and the kind of vehicle they drive. Some of these individuals reported that while traveling across the border, they were targeted for secondary screening. Border agents took their electronic devices and some individuals believed that the agents performed a warrantless search of their device, though they were unable to verify this. Journalists reported that these invasive actions affected their ability to protect their confidential sources. It’s easy to imagine that this unfounded suspicion and investigation could deter activists and journalists from continuing their work.

This isn’t the only incident of ICE keeping an eye on activists. In July 2021, The Intercept reported that U.S. Immigration and Customs Enforcement (ICE) had been surveilling activists and advocacy groups, such as Project South and Georgia Detention Watch, online and in person. This was done under the guise of safety and security as an ICE spokesperson stated “[l]ike all other law enforcement agencies, ICE follows planned protests to ensure the safety and security of its infrastructure, personnel, officers and all those involved.” Internal emails revealed that ICE officials were using Facebook to follow advocacy groups and ICE was tracking the attendees of their events.

Migrants have also been subjected to government surveillance. Over the last several years, ICE has increased its use of electronic monitoring as an alternative to holding migrants in detention centers. Since March 2024,183,935 people have been subjected to electronic monitoring by ICE, with 18,518 of those required to wear GPS ankle monitors. In 2018, ICE launched SmartLINK, an app that allows the agency to track a migrant’s whereabouts. Since April 2024, ICE has monitored over 700,000 people through the app. The agency requires migrants to do periodic check-ins using SmartLINK to confirm the user’s identity through voice recognition, geolocation, and facial recognition technology (FRT). The app has access to the user’s phone camera and has the ability to record audio. If a migrant complies with their check-ins for around 14 to 18 months, ICE may remove the person from the app to make room for new migrants who have just arrived in the country. Users of the app have expressed concern about the app’s location tracking, as it may put their undocumented family members at risk. Users have also stated that the app feels just as restrictive and invasive as an ankle monitor. Thirteen immigrant rights organizations found that electronic monitoring is not only harmful to the user’s livelihood but also hampers their personal relationships and their ability to organize in their community. 

Surveillance in the immigration space interferes with the ability of migrants to organize and affects journalistic reporting. It also has the tendency to make migrants afraid of being a part of a community or spending time with their undocumented family members because they are aware that they are being watched. This kind of surveillance puts everyone in their circle at risk.

Criminal Legal System

Surveillance has been used in the criminal legal system for decades, as police often use various spying tools to investigate suspects. However, whereas before police would use agents to track a suspect’s movements, today, law enforcement is able to track a suspect from their desk. Law enforcement has been able to use private companies to obtain a person’s personal data such as their cell phone records, location data, web browsing history, and more. This tracking is not limited to suspects, as law enforcement agencies have been reported to subject activists to this level of surveillance as well. 

In 2018, Memphis police were accused of spying on Black activists from 2016 until 2017. Memphis Police Department’s Office of Homeland Security (MPD) was accused of creating a Facebook profile to monitor activists in the area. There was one incident in which a community organizer posted a book on their page, and MPD collected the names of everyone who liked the post. With that list, they created a dossier of those individuals and called it “Blue Suede Shoes”. MPD is far from the only law enforcement agency that has collected a list of organizers, but it is unclear what happens with these lists after they’ve been created.

During the 2020 protests, the world experienced a new level of surveillance at the hands of local law enforcement and federal agencies. In 2021, it was reported that six federal agencies used FRT during the 2020 Black Lives Matter (BLM) protests across the United States. The agencies admitted that they did use this technology to identify individuals but they stated it was used to identify those who they suspected had violated laws. In one instance, police officers were able to arrest a protester after using FRT and receiving a match. NYPD has also been accused of using the technology to identify protesters after the event and charge them with crimes.

Environmental Justice

Surveillance has also been found in the environmental justice space, from both law enforcement and private companies. Shanai Matteson is an artist and climate activist based in Palisade, Minnesota. In 2021, Matteson spoke at the “Rally for the Rivers” event which was organized around protesting a pipeline construction. At the conclusion of the rally, 200 people left and went to the construction site to protest. At some point, the police arrested a number of protestors although Matteson was not one. However, five months later, law enforcement officials found livestream videos of the event, identified who was at the rally, and charged Matteson with a misdemeanor accusing her of conspiring trespass.

During the Dakota Access Pipeline protests, we saw a private company conducting mass surveillance on individuals, in an unprecedented way. In 2016, private security firm, TigerSwan was hired by Energy Transfer Partners to surveil Dakota Access Pipeline protesters. TigerSwan monitored protesters’ social media posts, utilized aerial surveillance, employed informants, and used radio eavesdropping to spy on activists. TigerSwan used this information to make lists of “persons of interests” and pressure law enforcement to be more aggressive against the protesters. The firm also shared their intel with local law enforcement agencies and provided evidence to prosecutors to help them build cases against the protesters. After learning that Lee County, Iowa increased bail for protesters, TigerSwan stated in one of their documents that they needed to work closer with other counties to make sure protesters would be fined or arrested in order to deter them. Because TigerSwan is a private company, it was able to conduct this level of mass surveillance on protesters without much government or judicial oversight.

Housing

One of the areas people may least expect surveillance is within their housing, however those in private and public housing may deal with this issue in the near future.  Between 2018 and 2019, residents of a Brooklyn apartment complex organized and resisted their landlord’s attempts to install facial recognition cameras within the building.  In retaliation, the landlord threatened the organizers with loitering fines and told them, wrongfully so, that handing out flyers to fellow residents was unlawful behavior. The apartment complex justified their actions by stating that this technology would provide safety and security for their residents.

Public housing facilities have also been accused of installing surveillance systems in their communities without the consent of residents. Some of these systems contain FRT or other forms of artificial intelligence. In Scott County, Virginia, cameras at a public housing facility have FRT that searches for people barred from the facility. In New Bedford, Massachusetts, a surveillance system searches through hours of recordings to locate movement near the doorways in order to identify residents who violate overnight guest rules. The footage has been used to punish and evict residents, who may have a difficult time securing housing in the future as a result of their eviction. While the cameras are only installed in public spaces within these facilities, they still violate people’s privacy rights as residents and their guests are tracked walking to and from their homes, a place that many people consider sacred. 

Workplace Surveillance

Workers have been subjected to increasing surveillance over the last few years and one of the most infamous infringers is Amazon. The company has been accused of deploying many tactics in order to stop union organizing such as monitoring employee message boards and private Facebook groups. Amazon has also been accused of posting a job for an intelligence analyst who would be in charge of monitoring labor organizing threats. 

Amazon has several resources within their facilities to monitor their employees such as employee ID badges which can be used to track an employee’s location and can allow the company to discover which of their employees are participating in organizing. Amazon facilities have surveillance cameras that are capable of allowing supervisors to track their workers and human monitors who walk around the facilities in order to keep an eye on the workers. Amazon has been accused of identifying union organizers and rotating them throughout the workplace, to prevent the organizers from having prolonged contact with the same employees. One source stated that workers were not allowed to socialize with each other as a manager would come and break them up. 

Whole Foods, which is owned by Amazon, has also been accused of using surveillance to track union organizing. It was reported in 2020 that Whole Foods was using a heat map to track stores that could be at risk of unionization based on the distance from the store to the closest union, diversity within the store, team member sentiment, and additional factors.

Digital Surveillance: Where we are now

There have been a few promising federal and state bills introduced in the last few years that would provide vast protections for activists and journalists. On the other hand, there are also recent bills that have been passed that would increase government surveillance and cause more harm to these communities. This section provides a brief overview on where things currently stand. 

Federal Legislation

In April 2021, U.S. Senators Ron Wyden (D-OR), Rand Paul (R-KY), and 18 additional senators introduced the Fourth Amendment is Not For Sale Act. For years, data brokers have been able to sell people’s personal information, such as their location data, to law enforcement and intelligence agencies without judicial oversight. Federal law fails to protect people’s data from being sold in this matter, so this bill would work to close this legal loophole and require the government to obtain a court order in order to buy a person’s data. This bill would prohibit law enforcement agencies from purchasing a person’s information from a third party, prohibit government agencies from sharing a person’s records with law enforcement and intelligence agencies, and require the agencies to obtain a court order before obtaining someone’s records. This bill was passed in the House and received by the Senate in April 2024 with little movement since then.

Another promising bill is the Protect Reporters from Exploitive State Spying (PRESS) Act, which was introduced in June 2023 by U.S. Senators Ron Wyden (D-OR), Mike Lee (R-UT), and Richard Durbin (D-IL). Law enforcement agencies have been secretly obtaining subpoenas for reporters’ emails and phone records in order to determine their confidential sources. The bill would protect a reporter’s data that is held by a third party from being secretly obtained from the government without having an opportunity to challenge the subpoena. As of now, this bill has passed the House and has been received in the Senate and referred to the Committee on the Judiciary.

On the opposite end of the spectrum, there has been legislation passed that expands surveillance such as the National Security Supplemental Appropriations Act bill, which was introduced in February 2024 and passed in April 2024. The bill provides $204 million to the FBI for DNA collection at the border. $170 million goes towards autonomous surveillance towers, mobile video surveillance systems, and drones at the border.

Digital Surveillance in New York State

Turning to New York specifically, there has been some positive movement towards obtaining information on the prevalence of government surveillance and curtailing the recent overreach as well. Recently, the NYPD was ordered by the New York Supreme Court to disclose 2,700 documents and emails related to its surveillance of the 2020 BLM protests between March and September 2020. This information can provide some clarity into the mystery around what surveillance tools were used during this time period, since much of the information known about this time period has come from FOIA requests instead of the NYPD voluntarily disclosing their surveillance practices.

In 2020, the Public Oversight of Surveillance Technology (POST) Act passed. This act required the NYPD to disclose the surveillance tools it uses and publish the impact of those technologies. NYPD is required to publish reports on these surveillance tools, informing the public about how it plans to use these tools and the potential impacts on New Yorkers’ civil liberties and rights. The Brennan Center has written about the shortcomings of the law, largely due to the NYPD failing to adhere to the provisions. In February 2024, a bill adding provisions to the POST Act was introduced to the New York City Council. The provisions would require NYPD to provide the Department of Investigation a list of all surveillance technologies currently in use and provide their retention policies for the information they collected from the technologies. This bill was referred to the Committee on Public Safety in February 2024.

How to Take Action Against Surveillance

There are numerous ways organizations can take action in order to combat the use of mass surveillance in their communities. This section will provide  a few examples of actions that organizations can undertake in protecting their community right now, such as legislative action, forming working groups, sharing protest safety procedures, conducting Freedom of Information Act (FOIA) requests, and spreading the word. 

Legislation

As demonstrated above, legislation can provide a promising avenue towards ending the overreach of widespread government surveillance of vulnerable communities. It’s important for organizations to have journalists who are willing to report on the issues their community may be facing, such as in the immigration space. The PRESS Act can help journalists who travel to the U.S.-Mexico border to report on issues affecting migrants and humanitarian organizations. Unfortunately, these journalists have been subjected to intimidation tactics while working on their stories which may prevent them from continuing their work. The PRESS Act would prevent government agencies from secretly obtaining subpoenas for reporters’ sources, but there is additional legislation needed to prevent law enforcement agencies from targeting journalists, activists, and attorneys who are providing assistance to migrants. Law enforcement should be prevented from performing warrantless searches, interrogating these individuals about their work without just cause, and creating dossiers of these individuals with illegitimately obtained personal information.

Legislation would also immensely benefit future protesters exercising their rights to free speech and assembly, and could have prevented many harms that occurred during the BLM protests. Since those protests, a few states and around 18 cities, such as Boston and Portland, have passed legislation banning government agencies from using FRT or layed out restrictions on how the technology can be used. But years later, some of these governments would roll back this legislation and allow law enforcement to utilize the technology to investigate crimes, such as New Orleans and Virginia which initially banned local police from using the tool. Vermont, a state that previously had a near complete ban on police use of FRT, passed legislation that would allow the police to use it for investigations in certain instances. Pushes can be made in New York and elsewhere to persuade legislators to care about privacy concerns as much as they care about crime. 

Legislation can also be pushed to prevent government agencies from surveilling residents in public housing while they are at their homes. Additionally, legislation can prevent law enforcement agencies from making dossiers of individuals based on the content the person follows or likes on social media. There is a lot of room for growth in this arena since the law has failed to keep up with technological advances. Advocacy organizations can propose or draft bill text with other organizations, meet with legislators, or sign onto letters in support or opposition of pending bills related to digital surveillance and data privacy rights.

Form a local working group to review proposed technology

In 2020, Syracuse mayor Ben Walsh formed the Syracuse Surveillance Technology Working Group, which provides residents an opportunity to comment on proposed uses of surveillance technology by city departments. The group is composed of 12-15 individuals from different community groups in Syracuse, as well as some City of Syracuse employees that are selected by the mayor.

When a city department is interested in utilizing a technology, they submit the request to the working group for review. The group advertises to the public through social media and local news channels to get widespread input. The group obtains comments from the public about their opinion and concerns about the technology and the group conducts their own research as well. The group then produces a report for the city with recommendations and explains how the technology may affect the Syracuse community. The mayor then approves or disapproves of the technology based on the report. Thus far, the group has reviewed automated license plate readers, body-worn cameras, street cameras, and more.

This working group provides the public an opportunity to conduct their own research on the proposed technologies and voice their opinions in a public forum. With many local government agencies wanting to explore the use of technologies like facial recognition, this could give activists a chance to have their opinions heard on these issues before they are implemented. This working group concept could be incorporated in other cities and provide some oversight and input into surveillance technologies that local agencies are utilizing on their residents.

Share protest safety procedures  

There are a few measures organizations can recommend to help individuals protect their privacy while they are at a protest. The Surveillance Technology Oversight Project has done a wonderful job creating a safety guide for protesters who wish to protect their digital privacy while organizing. The guide provides information on protecting location data, DNA, and cell phone data. Some of the tips include turning one’s cell phone on airplane mode so that location cannot be tracked, considering what information one posts and shares on social media since it can be observed, and consider what transportation one takes to the protest as vehicles could be tracked via automated license plate readers. This information could be shared by organizations within their communities to ensure activists are doing what they can to protect their information as well as their fellow co-activists. Following these recommendations could prevent activists from being unjustly targeted by law enforcement, such as in the case of Shanai Matteson, the climate activist and artist in Minnesota referenced earlier.

FOIA requests

Another avenue organizations may want to explore is FOIA requests, which can help an organization and the public understand what kind of surveillance their community is being subjected to. There is a cloud of secrecy surrounding which tools government agencies use to surveil people, largely because agencies refuse to share this information with the public without legal force. As stated above, the NYPD was recently ordered to turn over records that would reveal how they used FRT against BLM protesters. It is essential to have this kind of information as it will help organizations discover how law enforcement utilized this tool and help organizations fight against future use. Almost all of the stories featured above were derived from an organization submitting a FOIA request and obtaining internal documents that revealed how communities were being harmed by a government agency. 

Sometimes, a party may refuse to comply with a FOIA request and the situation will escalate to legal action. As an example, in 2024, Just Futures Law, Mijente Support Group, and the Samuelson Clinic filed a lawsuit to force ICE to comply with a 2021 FOIA request that ICE failed to respond to. Because these situations can turn contentious, it’s important to have legal support when pursuing a FOIA, which can come from an attorney, a law firm, or law school clinic.

Spread the word

In order to combat these issues, people have to be informed about the mass surveillance that they are subjected to on a daily basis. Many people have expressed the sentiment “If you’re not doing anything wrong, you have nothing to hide”; however, they may not be fully versed on the implications of surveillance on vulnerable communities who have done nothing to warrant this invasion into their privacy. Some ways to spread the word can include holding public meetings on various surveillance topics with speakers, organizing against local surveillance tactics and publicizing the action, speaking with community members to see if they’ve noticed any surveillance tactics in their neighborhood, and working with other social justice, tech, or legal organizations. As stated above, a legal organization or clinic can help social justice organizations litigate FOIA requests that are not complied with as well as provide assistance with other kinds of litigation as needed. Social justice organizations can also work with think tank organizations to produce reports on civil rights violations and inform the public of rising issues. After the report is released, organizations can sign onto a letter calling on the government to stop an action or support an action. 

Conclusion

There is much work to be done in the digital privacy space as the law has failed to keep up with the advancement of technology and rising surveillance concerns. However, everyone is capable of becoming well-versed in these issues, pushing for change on the state and federal level, and spreading the word throughout their communities. Privacy can be nearly impossible to achieve on an individual level, but together we can fight against efforts that degrade, dehumanize, and obstruct freedoms in our society.

---

Appendix 1. Legal Organizations to Know

Legal organizations in the privacy space are well versed on surveillance issues and could help social justice organizations know where to turn when individuals they serve come under surveillance. The following organizations are prominent in the privacy rights space and are performing groundbreaking work to combat government overreach.

ACLU

The ACLU has a Project on Speech, Privacy, and Technology department that focuses on the right to privacy, ensuring individuals have control of their personal information, and protecting individual’s civil liberties as new advances are made in science and technology. The project focuses on consumer privacy, internet privacy, location tracking, medical and genetic privacy, national ID, privacy at borders and checkpoints, surveillance technologies, and workplace privacy.

S.T.O.P

The Surveillance Technology Oversight Project fights government surveillance through advocacy and litigation and hopes to transform New York into a pro privacy state. S.T.O.P. organized over 100 organizations to get the POST Act approved in the state, has sued city and state agencies for records pertaining to a variety of issues such as NYPD’s use of FRT, and also publishes research papers on different surveillance technologies. 

Brennan Center for Justice

The Brennan Center for Justice is a nonpartisan law and policy organization that works to defend democracy and justice. One of their initiatives is privacy and free expression. Through that project, the Brennan Center works to challenge mass surveillance policies that are overreaching and works to inform the public about these issues. The Brennan Center has been a leader in challenging the structure of the Foreign Intelligence Surveillance Court and the fact that the court only hears from the government when government agencies seek to obtain people’s data. 

Center on Privacy and Technology

The Center on Privacy and Technology is a think tank focused on privacy and surveillance law and policy. The Center fights back against surveillance by conducting long-term investigations, research, and publishing reports with their findings. Their most recent report, Raiding the Genome: How the United States is abusing its immigration powers to amass DNA for Future Policing, discusses migrants having their privacy rights invaded by the Department of Homeland Security (DHS). DHS  is taking DNA samples from detainees, which is later stored in the FBI’s database, CODIS. 

Just Futures Law

Just Futures Law works alongside activists, organizers, and community groups to dismantle mass surveillance, incarceration, and deportation via advocacy and legal support. They have worked on ending ICE digital prisons, stopping data brokers from selling people’s data to ICE which could lead to deportation, ending the digital border wall, protecting driver data from being turned over to ICE, amongst many other projects. 

Require that personal data is processed safely and fairly

Washington, DC – June 27, 2024 – The Federation of American Scientists believes that the House Energy & Commerce Committee made the right decision in canceling its markup of the American Privacy Rights Act (APRA) today. Privacy laws are only effective if they include civil rights protections that ensure personal data is processed safely and fairly regardless of race, gender, sexuality, age, or other protected characteristics.

“We believe that the United States needs federal data privacy laws, and despite the clear shortcomings of the latest version of APRA, we commend Chair McMorris Rodgers and Ranking Member Pallone for their leadership and efforts in advancing comprehensive privacy legislation. We hope the conversation on privacy doesn’t end here, and that new attempts to pass privacy legislation include the critical civil rights protections necessary to build trust across all communities participating in our data-based society,” says Dan Correa, CEO of Federation of American Scientists.

“The latest draft of APRA not only discards basic protections, but also baseline considerations for AI and other algorithms that would prevent data-based discrimination. If this draft became law, it would also undermine hard-fought privacy protections currently in effect in several states,” says Clara Langevin, AI Policy Specialist on FAS’s Emerging Technologies team. 

###

ABOUT FAS

The Federation of American Scientists (FAS) works to advance progress on a broad suite of contemporary issues where science, technology, and innovation policy can deliver dramatic progress, and seeks to ensure that scientific and technical expertise have a seat at the policymaking table. Established in 1945 by scientists in response to the atomic bomb, FAS continues to work on behalf of a safer, more equitable, and more peaceful world. More information at fas.org.

At a time when democratic rule of law and human rights have weakened globally, emerging digital surveillance technologies have made the authoritarian model more accessible, stable, and competitive than ever before.

Read the report here.

Summary

Modern civil rights challenges are technically complex. Today, decisions made by algorithms, rather than people, limit opportunities for historically disadvantaged groups in critical areas like housing, employment, and credit. The next administration should establish a broad, new task force, led by the U.S. Chief Technology Officer (CTO), to address issues at the intersection of civil rights and emerging technologies. The task force should encourage federal agencies to prioritize regulatory and enforcement activities where tech and civil rights overlap, and to increase temporary exchanges of staff between agencies to facilitate cross-pollination of civil rights and tech expertise. The Administration should also prioritize appointment of key agency personnel who are committed to addressing tech/civil rights challenges.

Summary

Young people today face surveillance unlike any previous generation, at home, at school, and everywhere in between. Constant use of technology while their brains are still developing makes them uniquely vulnerable to privacy harms, including identity theft, cyberbullying, physical risks, algorithmic labeling, and hyper-commercialism. A lack of privacy can ultimately lead children to self-censor and can limit their opportunities. Already-vulnerable populations—who have fewer resources, less digital literacy, or are non-native English speakers—are most at risk.

Congress and the Federal Trade Commission (FTC) have repeatedly considered efforts to better protect children’s privacy, but the next administration must ensure that this is a priority that is actually acted upon by supporting strong privacy laws and providing additional resources and authority to the FTC and support to the Department of Education (ED). The Biden-Harris administration should also establish a task force to explore how to best support and protect students. And the FTC should use its current authority to increase its understanding of the children’s technology market and robustly enforce a strong Children’s Online Privacy Protection Act (COPPA) rule.

In 2018 the Census Bureau discovered that results of the 2010 census could be processed and matched with external sources in such a way as to reveal confidential personal information, in violation of the law.

“This had not been thought to be feasible owing to the large amount of data and computation involved,” a new report from the JASON science advisory panel said. But in fact it was feasible, the JASONs confirmed. The risk of re-identifying protected personal information “is four orders of magnitude larger than had been previously assessed.”

In order to prevent this potential privacy violation, the Census Bureau proposes to use an approach called Differential Privacy. This method, developed by Cynthia Dwork and colleagues, adds “tailored noise” to the results of any query of the census data. Doing so makes it possible “to publish information about a survey while limiting the possibility of disclosure of detailed private information about survey participants.”

The JASONs affirmed that the Differential Privacy technique would provide the necessary privacy protection but said that it would come with a cost in accuracy, particularly with respect to small data groups.

“As the size of the population under consideration becomes smaller, the contributions from injected noise will more strongly affect such queries. Note that this is precisely what one wants for confidentiality protection, but is not desirable for computation of statistics for small populations.”

See Formal Privacy Methods for the 2020 Census, JASON report JSR-19-2F, April 2020.

“Depending on the ultimate level of privacy protection that is applied for the 2020 census, some stakeholders may well need access to more accurate data,” the JASONs said.

“A benefit of differential privacy is that products can be released at various levels of protection depending on the [desired] level of statistical accuracy. The privacy-loss parameter can be viewed as a type of adjustable knob by which higher settings lead to less protection but more accuracy. However, products publicly released with too low a level of protection will again raise the risk of re-identification,” the new report said.

*    *    *

The JASONs are currently working on a new study of how to safely reopen research laboratories during the ongoing pandemic, Jeffrey Mervis of Science Magazine reported this week.

“Jason is examining such issues as the 1.8-meter separation rule, the efficacy of personal protective equipment, and the optimal way to reconfigure work space given how the virus is thought to spread.” See “Secretive Jasons to offer advice on how to reopen academic labs shut by pandemic,” May 11.

The jurisdiction of the Privacy and Civil Liberties Oversight Board (PCLOB) would be restricted for the second year in a row by the Senate Intelligence Committee version of the FY2017 Intelligence Authorization Act (S.3017). Section 603 of the Act would specifically limit the scope of PCLOB’s attention to the privacy and civil liberties “of United States persons.”

Internal disagreements over the move were highlighted in the Committee report published last week to accompany the text of the bill, which was reported out of Committee on June 5.

“While the PCLOB already focuses primarily on U.S. persons, it is not mandated to do so exclusively,” wrote Senators Martin Heinrich and Mazie K. Hirono in dissenting remarks appended to the report. “Limiting the PCLOB’s mandate to only U.S. persons could create ambiguity about the scope of the PCLOB’s mandate, raising questions in particular about how the PCLOB should proceed in the digital domain, where individuals’ U.S. or non-U.S. status is not always apparent. It is conceivable, for example, that under this restriction, the PCLOB could not have reviewed the NSA’s Section 702 surveillance program, which focuses on the communications of foreigners located outside of the United States, but which is also acknowledged to be incidentally collecting Americans’ communications in the process,” they wrote.

“Over the past three years, the Privacy and Civil Liberties Oversight Board has done outstanding and highly professional work,” wrote Sen. Ron Wyden in his own dissent. “It has examined large, complex surveillance programs and evaluated them in detail, and it has produced public reports and recommendations that are quite comprehensive and useful. Indeed, the Board’s reports on major surveillance programs are the most thorough publicly available documents on this topic. My concern is that by acting to restrict the Board’s purview for the second year in a row, and by making unwarranted criticisms of the Board’s staff in this report, the Intelligence Committee is sending the message that the Board should not do its job too well.”

In support of the provision, the report said that “The Committee believes it is important for the Board to consider the privacy and civil liberties of U.S. Persons first and foremost when conducting its analysis and review of United States counterterrorism efforts.”

But the PCLOB already considers U.S. person privacy “first and foremost.” And the language of the Senate bill does not appear to permit even “secondary” consideration of the privacy of non-U.S. persons. Last year, the FY2016 intelligence authorization bill barred access by the Board to information deemed relevant to covert action.

On June 16, Sen. Patrick Leahy paid tribute to retiring PCLOB chair David Medine on the Senate floor. “[PCLOB] reports and Mr. Medine’s related testimony before the Senate Judiciary Committee have been tremendously beneficial to Congress and the American people in examining government surveillance programs,” he said.

Within a remarkably short period of time– less than two decades– all of us have become immersed in a sea of electronic data collection. Our purchases, communications, Internet searches, and even our movements all generate collectible traces that can be recorded, packaged, and sold or exploited.

Before we have had a chance to collectively think about what this phenomenal growth in data production and collection means, and to decide what to do about it, it threatens to become an irreversible feature of our lives.

In his new book Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World (Norton, 2015), author and security technologist Bruce Schneier aims to forestall that outcome, and to help recover the possibility of personal privacy before it is lost or forgotten.

“Privacy is not a luxury that we can only afford in times of safety,” he writes. “Instead, it’s a value to be preserved. It’s essential for liberty, autonomy, and human dignity.”

Schneier describes the explosion of personal data and the ways that such data are harvested by governments and corporations. Somewhat provocatively, he refers to all types of personal data collection as “surveillance,” whether the information is gathered for law enforcement or intelligence purposes, acquired for commercial use, or recorded for no particular reason at all. Under this sweeping definition, the National Security Agency and the FBI perform surveillance, but so do Google, Sears, and the local liquor store.

“Being stripped of privacy is fundamentally dehumanizing, and it makes no difference whether the surveillance is conducted by an undercover policeman following us around or by a computer algorithm tracking our every move,” he writes (p.7). Others would argue that it makes all the difference in the world, and that while one never wants to be followed by an undercover policeman, a computer algorithm that helps us drive a car to our destination might be quite welcome. Schneier, of course, knows about the benefits of such applications and acknowledges them later in the book.

Having gained access to classified NSA documents that were leaked by Edward Snowden and having aided reporters in interpreting them, the author is particularly exercised by the practice of bulk collection or, the term he prefers, mass surveillance.

“More than just being ineffective, the NSA’s surveillance efforts have actually made us less secure,” he says. Indeed, the Privacy and Civil Liberties Oversight Board found the “Section 215” program for bulk collection of telephone metadata to be nearly useless, as well as likely illegal and problematic in other ways. But by contrast, it also reported that the “Section 702” collection program had made a valuable contribution to security. Schneier does not engage on this point.

Aside from the inherent violations of privacy, Schneier condemns the NSA practice of stockpiling — instead of repairing — computer software vulnerabilities and government strong-arming of Internet firms to compel them to surrender customer data.

His arguments are fleshed out in sufficient detail that readers will naturally find points to question or to disagree with. “For example,” he writes, “the NSA targets people who search for information on popular Internet privacy and anonymity tools” (p. 38). It’s not clear what “NSA targeting” means in this context. Many people conduct such information searches with no discernible consequences. In any case, Schneier positively encourages readers to seek out and adopt privacy enhancing technologies.

“Surveillance is a tactic of intimidation,” Schneier writes, and “in the US, we already see the beginnings of [a] chilling effect” (pp. 95-96). But this seems overwrought. One may curse the NSA, file a lawsuit against it, advocate reductions in the Agency’s budget, or publish its Top Secret records online all without fear of reprisal. Lots of people have done so without being intimidated. (Agency employees who defy their management are in a more difficult position.) If there is a chilling effect associated with NSA surveillance, it doesn’t appear to originate in the NSA.

What is true is that surveillance shapes our awareness and that it can alter our conduct in obvious or profound ways. Many people will slow down when driving past a police car or a traffic surveillance camera. Almost all will modify their speech or their behavior depending on who is listening or watching. The book is particularly good at exploring the ramifications of such surveillance-induced changes in the way we behave and interact, and the risks they pose to an open society.

In the latter portions of the book, Schneier presents an action agenda for curbing inappropriate surveillance including steps that can be taken by government, by corporations, and by concerned members of the public. The proposals are principled and thoughtful, though he admits not all are readily achievable.

Schneier’s core objective is to preserve, or to restore, a domain of personal privacy that is impervious to unwanted intrusion or monitoring.

He acknowledges the necessity of surveillance for valid law enforcement and intelligence purposes. Among other things, he calls for the development of privacy-respectful innovations in these areas of security policy.

“If we can provide law enforcement people with new ways to investigate crime, they’ll stop demanding that security be subverted for their benefit.” Similarly, “If we can give governments new ways to collect data on hostile nations, terrorist groups, and global criminal elements, they’ll have less need to go to the extreme measures I’ve detailed in this book…. If we want organizations like the NSA to protect our privacy, we’re going to have to give them new ways to perform their intelligence jobs.”

Along these lines, a 2009 study performed for the Office of the Director of National Intelligence that was released last month raised the somewhat fanciful possibility of “crowdsourcing intelligence”:

“The intelligence community has a unique opportunity to engage the public to help filter and solve a multitude of difficult tasks…. For example, consider a citizen-driven Presidential Daily Brief and its potential to enable truly democratic communication to the highest levels in the United States.”  See Mixed Reality: Geolocation & Portable Hand-Held Communication Devices, ODNI Summer Hard Problem (SHARP) Program, 2009.

Anyway, for many people the erosion of personal privacy has arrived abruptly and overwhelmingly. They might reasonably conclude that the changes they’ve experienced are beyond their ability to control or influence. Schneier insists that that is not necessarily the case– but that the future of privacy depends on how much the public cares about it. This challenging book explains why privacy matters, how it is threatened, and what one can do to defend it.

“In the end, we’ll get the privacy we as a society demand and not a bit more,” he concludes.