The FBI and CIA Are Enemies of the American People

Joe Rogan and Tucker Carlson sat down for a three-hour-plus discussion on the Joe Rogan Show last week, covering everything from UFOs, to religion and artificial intelligence. But perhaps the most important topic they covered was the insidious and dangerous role played by the US regime’s intelligence agencies in America. 

Specifically, Carlson suggested the CIA continues to lobby for keeping the JFK files secret, possibly because the CIA had a role in the assassination. Tucker also brought up how the FBI’s second-in-command was responsible for taking down Richard Nixon. Carlson described how intelligence agencies hold immense power within Congress because members of Congress—who are generally disreputable people with many secrets—are terrified of being blackmailed. After all, in a post-Patriot Act world of nearly unrestrained spying by the US regime, there is no privacy in America. 

I’ll let you, dear readers, listen to the full interview and make up your mind for yourselves as to the details of the discussion. 

What I want to highlight here, however, is how remarkable it is that two major media figures—Rogan and Carlson—are announcing to their millions of listeners and readers that organizations like the CIA and the FBI are despicable agencies committed to undermining the legal and constitutional institutions of the United States. 

This is long overdue. 

Deep-state agencies like the CIA and the FBI have for far too long been considered reputable organizations just trying to “keep us safe” or somehow defend the United States from alleged foreign threats. Conservatives have long been among the worst offenders. Libertarians know this well, and have observed for decades the breed of “small-government” conservatives who one minute claim “the government can’t do anything right” and then the next minute simp for “heroic” CIA and FBI agents. People such as these have long checked their critical thinking skills at the door as soon as the discussion turns to the regime’s spy agencies—or the Pentagon, for that matter. This is not to say that Leftists are guiltless on this. While historically it was the Left that actually made some efforts to expose intelligence agencies and their crimes in the 1970s, that is now ancient history. The Left in 2024 has rarely met a regime spook it didn’t like. This was made explicit last month when Adam Westbrook and Lindsey Crouse declared in The New York Times that “the Deep State is actually kind of awesome.” 

The job of opposing these contemptible enemies of freedom at America’s intelligence agencies—especially the FBI and CIA and NSA—falls to the minority of Americans who actually care about law and human rights enough to seek true restraints on regime power. Those of us in this minority must never miss an opportunity to disparage, doubt, question, and generally express loathing for these organizations and for every single agent and employee at these agencies who collects a taxpayer-funded salary. 

A Danger for Many Decades 

Since at least the early 1960s, many have understood that the post-war intelligence agencies have posed an especially dangerous threat to the people of the United…

Vermont Passes Landmark Data Privacy Bill

The Vermont Legislature has passed the Vermont Data Privacy Act, which EPIC supported and which represents a significant step forward for state privacy laws.

The bill goes further than many existing state privacy laws by including:

  • data minimization requirements that set meaningful limits on the amount of personal data companies can collect and use;
  • a prohibition on the sale of sensitive data;
  • strong civil rights protections to prohibit digital discrimination;
  • a limited private right of action that will allow consumers to hold businesses accountable for violations of the sensitive data rules.

In a speech last night on the floor of the House of Representatives, sponsor Representative Monique Priestley said:

“At a time when everything we do and everything we are is monetized in a surveillance economy, the urgency of this moment cannot be overstated. Without incredibly thoughtful and comprehensive measures, we leave gaps that can be exploited, undermining the very protections we seek to establish.”

Vermont Representative Monique Priestley

The passage of Vermont’s bill comes the same week as the Maryland Governor signed the Maryland Online Data Privacy Act, which contains similarly strong provisions.  

“State lawmakers are sick of companies collecting massive amounts of data about us and using it whatever way they please, and they are doing something about it. The Vermont Data Privacy Act will force meaningful changes to harmful business practices such as the sale of geolocation data. We commend Representative Priestley and her colleagues for their incredible work on this legislation.”

Caitriona Fitzgerald, Deputy Director, Electronic Privacy Information Center (EPIC)

Last year, EPIC crafted the State Data Privacy and Protection Act, modeled on American Data Privacy and Protection Act (“ADPPA”), to give state legislators the opportunity to use the bipartisan consensus language from ADPPA to strengthen state bills. The Vermont Data Privacy Act pulls many of its strong provisions from that model. The Act’s data minimization requirements include limiting the collection of personal data to what is reasonably necessary for the product or service requested by a consumer and prohibits the processing of personal data in ways that discriminate.  

EPIC recently released The State of Privacy: How State “Privacy” Laws Fail to Protect Privacy and What They Can Do Better, which found that nearly half of the 14 states that have passed so-called comprehensive privacy laws at the time received a failing grade, and none received an A. State lawmakers from across the country recently testified to Vermont’s House Committee on Commerce and Economic Development about how industry lobbying affected their experiences championing privacy bills in their states. 

The bill heads to Governor Phil Scott’s desk for signature.

White House Releases v.2 of National Cybersecurity Strategy Implementation Plan

Yesterday, the White House released Version 2 of the National Cybersecurity Strategy Implementation Plan (NCSIP). Updates to the initial NCSIP — released July 2023 — include a focus on healthcare and on education facilities, preventing abuse of U.S.-based infrastructure, updating the National Privacy Research Strategy, and supporting development of a digital identity ecosystem.

The five core pillars of the strategy have not changed; EPIC continues to support the Biden-Harris Administration’s commitments to establishing cybersecurity minimum requirements in critical sectors (under Strategy Pillar One: Defend Critical Infrastructure) and to improving privacy and data security practices in all sectors (under Strategy Pillar Three: Shape Market Forces to Drive Security and Resilience) in particular.

EPIC continues to call on policymakers across the country to take up the cause of establishing comprehensive privacy protections, limit harmful data practices, and impose data minimization standards. This includes urging regulators to incentivize stronger industry data security practices and to mandate transparency for consumers when breaches do occur.

CyberScoop: Top spy official releases principles on intel agency use of info bought from data brokers 

A privacy advocacy group shared Wyden’s mixed verdict on the framework. 

“For too long, government agencies have tried to buy their way around our constitutional and statutory protections using taxpayer money. This new framework — if implemented effectively — is an improvement over agencies’ current exploitation of the data broker loophole,” said Chris Baumohl, a law fellow at the Electronic Privacy Information Center. “However, it is not a replacement for Congress passing legislation that would close this loophole once and for all.” 

Read more here.

Cowardice, Not Courage, Led House Republicans to Side with the Democrats

Over the weekend, the House of Representatives passed four foreign aid bills that will allocate a combined $95 billion to Ukraine, Israel, Taiwan, and other “national security priorities.” House Republicans followed Speaker Mike Johnson’s (R-LA) lead and joined with Democrats to deliver all the foreign aid President Joe Biden wanted without requiring much of anything in return.

The passage came after House Republicans had handed the president similar victories with Foreign Intelligence Surveillance Act (FISA) reauthorization and government spending.

New York Times columnists celebrated Speaker Johnson for, in their words, “finally (showing) a spine.” Columnist Bret Stephens went as far as to call Johnson’s decision to roll over an act of courage:

Nothing is more difficult these days in American politics than going against your own ideological tribe. And nothing is more admirable than politicians who are willing to challenge their base and gamble their office for the sake of a great cause. I wasn’t much of a fan of Johnson when he became speaker of the House, but what he’s done is a profile in courage.

Speaker Johnson took a similar tone, framing himself as a courageous and selfless public servant willing to “do the right thing,” regardless of the personal consequences.

But Johnson didn’t do the right thing. And he certainly didn’t do the courageous thing.

America is a global empire that’s spread too thin. Washington could have used its unipolar moment following the fall of the Soviet Union to relax the totalitarian military bureaucracy built up during the Cold War. Instead, the United States government launched multiple unnecessary wars in the Middle East, needlessly expanded the anti-Russian military alliance in Europe, and helped militarize the waters and neighboring governments that surround China’s coast.

The US’s meddling in the Middle East inadvertently swung the balance of power way in Iran’s favor. In Europe, NATO’s eastward expansion turned the Russian regime back into an enemy and eventually provoked Russia’s invasion of Ukraine in 2022. All the while China has maneuvered and worked to gain control of its own near-abroad and to build up military forces strong enough to back that effort up.

Officials in Washington have decided that they are the ones who should be in charge of the entire Middle East, all of Eastern Europe, and the East Pacific. The American people have already been forced to pay trillions of dollars and to sacrifice thousands of their sons, daughters, and siblings for this project. And Washington exerts even less control over those three regions than it did three decades ago.

But money and lives are not the only things Americans have been forced to give up. In the name of fending off the foreign enemies that they helped create, US officials have trampled on privacy rights here at home. Thanks to courageous journalists and whistleblowers like Edward Snowden, we know that the government uses the existence of foreign adversaries to sidestep the right to due process and violate the rights of Americans.

At home, the federal government spends trillions of dollars every year, either taxed directly…

Governor Moore Signs Maryland Online Data Privacy Act

Governor Wes Moore signed the Maryland Online Data Privacy Act today. This law marks a significant shift in state privacy law landscape toward laws that meaningfully limit personal data collection and abuse. 

EPIC testified in support of the bill in both the House and Senate earlier this spring, and attended the bill signing today. The bill had been sponsored by Delegate Sara Love and Senator Dawn Gile.

“The Maryland Online Data Privacy Act sets a new standard for state privacy laws,” Caitriona Fitzgerald, Deputy Director at the Electronic Privacy Information Center (EPIC) said. “It requires companies to limit the data they collect to better align with consumers’ expectations and creates strong civil rights protections online. EPIC commends the sponsors, Delegate Sara Love and Senator Dawn Gile, for their incredible work on this strong privacy bill.”

Last year, EPIC crafted the State Data Privacy and Protection Act, modeled on American Data Privacy and Protection Act (“ADPPA”), to give state legislators the opportunity to use the bipartisan consensus language from ADPPA to strengthen state bills. The Maryland Online Data Privacy Act pulls key data minimization principles and strong civil rights protections from that model. The Act’s data minimization requirements include limiting the collection of personal data to what is reasonably necessary for the product or service requested by a consumer, prohibits the sale of sensitive personal data, bans targeted advertising to kids and teens, and prohibits the processing of personal data in ways that discriminate.  

EPIC recently released The State of Privacy: How State “Privacy” Laws Fail to Protect Privacy and What They Can Do Better, which found that nearly half of the 14 states that have passed so-called comprehensive privacy laws received a failing grade, and none received an A. Last week, Delegate Love testified to a Committee in the Vermont Legislature about just how much money and effort national lobbyists spent trying to weaken her privacy bill:

“I will tell you, I have not in my six years, in my second term, seen as hard a lobbying job as these folks did. They put so much money into pushing and lobbying,” Del. Love said. “The more they pushed, the more we said — and not just me, also other legislators said — ‘Enough. We’re going to pass something that matters.

Maryland’s law breaks the trend of states passing weak, industry-backed laws and instead provides Marylanders with some of the strongest privacy protections in the country.  

Tech Policy Press: The FCC’s Big Fines Over Location Data Aren’t a Privacy Success Story 

This has been the FTC’s long-standing modus operandi, but without relitigating the merits of FTC consent decrees to protect privacy, the idea that the major wireless carriers need only get up to speed on basic best practices around geolocation is patronizing at best and insulting at worst. What the wireless carriers were caught doing in 2019 are privacy advocates’ worst nightmare. Location data in the hands of bounty hunters and domestic abusers is not some hypothetical privacy horrible, and even if the carriers privacy lawyers were confused about the legal status of this information, they certainly were on notice about the privacy risks involved. 

Numerous civil society organizations, including the ACLU, Center for Democracy & Technology, Electronic Privacy Information Center, and Public Knowledge, warned about the “significant privacy-related concerns” around commercial location services in a joint filing in 2014. 

Read more here.

Massachusetts Data Privacy Act Approved by Legislative Committee

The Chairs of the Joint Committee on Advanced Information Technology, the Internet, and Cybersecurity of the Massachusetts General Court, Representative Tricia Farley-Bouvier and Senator Michael Moore, announced today that the Massachusetts Data Privacy Act (“MDPA”) had been reported favorably out of Committee. If passed, the MDPA would be the strongest state privacy law in the country.

Last year, EPIC crafted the State Data Privacy and Protection Act, modeled on American Data Privacy and Protection Act (“ADPPA”), to give state legislators the opportunity to use the bipartisan consensus language from ADPPA to strengthen state bills. The MDPA closely follows this model, including key data minimization principles, strong civil rights protections, and robust enforcement mechanisms. The Act’s data minimization requirements include limiting the collection of personal data to what is reasonably necessary for the product or service requested by a consumer, prohibits the sale of sensitive personal data, bans targeted advertising to minors, and prohibits the processing of personal data in ways that discriminate. The Location Shield Act was combined with the privacy bill, banning the sale of precise geolocation data. 

The MDPA includes strong enforcement provisions, which are critical to ensuring privacy laws are complied with. The Attorney General is empowered to enforce the MDPA under its own terms and as a violation of the Massachusetts’ consumer protection law, Chapter 93A. Consumers are also able to bring claims on their own behalf through a private right of action.

EPIC had previously testified in favor of the bill.

Having been approved by the Joint Committee on Advanced Information Technology, the Internet, and Cybersecurity, the bill now will move forward to the Senate and House Committee on Ways and Means for further review.

FTC Finalizes Health Breach Notification Rule Modifications, Improving Health Privacy Safeguards for Consumers

The Federal Trade Commission recently finalized changes to modernize the Health Breach Notification Rule (HBNR), expanding its scope and improving its efficacy to address health privacy and data security risks that fall outside of HIPAA. In the event of a breach of security, the HBNR lays out requirements for covered entities to notify consumers, the Commission, and the public based on the nature of the breach. In addition modifying the HBNR and increased enforcement activity to protect the privacy of consumer health information, the Commission brought its first enforcement actions against entities for failing to comply with HBNR last year.

In our comments to the Commission in June 2023, EPIC highlighted various proposed changes that have now become finalized in the HBNR. First, it is critical that the Commission expanded the scope of covered entities to include mobile apps and other digital service providers to more accurately reflect how consumers create and share identifiable health information in today’s digital ecosystem. Second, the Commission importantly clarified that a breach of security includes unauthorized access to identifiable health information. In other words, beyond a data breach, a breach of security under the HBNR would also include a scenario where an entity acquires identifiable health data without the authorization of the individual.  

EPIC regularly files comments in response to proposed FTC rulemakings regarding business practices that violate privacy rights. Additionally, EPIC has long advocated for health privacy safeguards, including comments to the Department of Health and Human Services supporting its efforts to update the HIPAA Privacy Rule to protect reproductive privacy.

EPIC Urges OMB to Rein In Unchecked Expansion of CBP One App

In comments to U.S. Customs and Border Protection and the White House Office of Management and Budget, EPIC urged the agencies to stop expanding the flawed CBP One app. EPIC highlighted the risks of a proposal that would allow travelers departing from the U.S. to record their exit through CBP One, keeping the agency in compliance with the Biometric Exit requirement. Using CBP One for Biometric Exit effectively shifts the responsibility for collecting exit information from CBP to individuals leaving the U.S., collects unnecessary precise geolocation information from them, and opens the door to mandating that travelers report their exits by the app in the future.

EPIC regularly advocates for the privacy of travelers and immigrants both at the border and in the U.S. EPIC has long opposed the use of facial recognition for Biometric Entry/Exit, including in comments, in FOIA litigation  reavling CBP’s facial recognition procedures and on opt-out practices.  Last year, EPIC urged CBP and DHS not to make CBP One mandatory for asylum seekers.