There are concerns that a bill under consideration in the House, the Fourth Amendment Is Not For Sale Act, goes too far in protecting us Americans from 4th Amendment violations by the government at the expense of our counterintelligence capabilities.
The bill…would ban the government from buying information on Americans from data brokers. This would include many things in the cloud of digital exhaust most Americans leave behind online, from information on the websites they visit to credit-card information, health information, and political opinions.
Worse, goes the argument, the bill
would prohibit the US government from buying digital information that would remain available to the likes of China and Russia.
That last is a non sequitur, though. The fact that the data are readily available to our enemies doesn’t legitimize its collection by our government, which has Constitutional bars against most kinds of searches. It’s further the case that if we can’t be secure against the unwarranted [sic] intrusions of our own government, how can we expect our own government to keep us secure from the intrusions of foreign governments, especially enemy foreign governments?
There also is a misunderstanding buried in the claim regarding that digital exhaust [that] most Americans leave behind online. A significant fraction of that “digital exhaust” is not voluntary; it’s left behind as a condition of doing business with those enterprises that require collection of the data. Some of those data are legitimately needed by businesses: credit card account numbers if payment is being offered via credit card, shipping addresses so the seller can deliver the product, personal names so the seller can be sure of the credit card numbers and shipping addresses, and the like. Other data are demanded by the business as a condition of doing business with the customer for reasons unique to the specific enterprise.
Better would be to bar the sale, rather than bar the purchase, of such data.
That sale, too, should be barred universally, not just with respect to our government, within the following boundaries. All data that an enterprise demands be collected in order to do business needs to be barred from sale or any other transfer, to any other entity, whether government or not. There should be no default position or opt in or out; the sale or transfer of these data should be prohibited. Government legitimately can still access those data on presentation in court of a probable cause, supported by Oath or affirmation, and particularly describing the [data] to be searched, and the [data] to be seized. Voluntarily left data should require affirmative opt-in before those data can be sold or transferred. Failure to choose should be taken as not opting in—the enterprise cannot sell of transfer the data.