Action Alert: Email Boston City Council **UPDATED x 2**

Please email the Boston City Council or call your Councilors, to express opposition to the acceptance of $3.4 million in state funding for the Boston Regional Intelligence Center.

By 2021, a mountain of evidence had accumulated that the Boston Regional Intelligence Center (BRIC), run out of the Boston Police Department, was spying on the residents of Boston and its surrounding municipalities, without reasonable suspicion of a resident’s personal involvement in an actual crime. Their racist “gang database” targets young people of color, even in some cases deporting them, without their having committed any crime. Their license plate reader systems keep tabs on where Bostonians come and go; they harass and intimidate filmmakers, Black Lives Matter protesters, and journalists engaging in First Amendment-protected activity. And nobody has ever obtained redress from them for violating Boston residents’ rights.

As a result, Boston City Council, in 2021, led by now-AG Andrea Campbell and then-Councilor Wu, voted to reject $850,000 in funding for BRIC.

Two weeks ago, now-Mayor Wu and Chair of Public Safety Flaherty brought forward a motion to waive a hearing to accept the same $850,000 in funding that the City Council had previously rejected. And another $850,000, for 2022. Oh, and another $850,000 for 2023. And another for 2024, totaling $3.4 million. The City Council rejected the motion to waive the hearing. On Sep 20, the City Council voted to refer the grants to the Public Safety Committee for a hearing. The hearing took place Friday, September 29 at Boston City Hall. Now, we’re expecting a Council vote this coming Wednesday, October 4, at their 12pm Council meeting.

The public hearing involved two hours of obfuscations and lies from Acting Director Walsh of BRIC and Commissioner Cox. There was explosive public testimony from filmmakers Lauren Pespisa and Rod Webber, who were targeted and harassed by white supremacist BRIC officer Andrew Creed, on the basis of a tip from a Proud Boy:

Local resident Will Justice, who was cleared of a charge of armed robbery, spoke about BRIC circulating alerts to local police after he was acquitted to be on the watch for him, which has led to his being stopped, pulled over and harassed and losing employment opportunities.

Mickey Metts, technologist and free software advocate, testified about how BRIC targets Boston’s “poorest neighborhoods with surveillance and isolation. Small things add up and create an atmosphere of unrest so police may respond with violence.”

We were joined by the Muslim Justice League, the Campaign for Juvenile Justice, and, remotely, by the ACLU of Massachusetts.

Each $850,000 motion simply says it’s for “upgrading, expanding, and integrating technology and protocols related to anti-terrorism, anti-crime, anti-gang and emergency response.” In practice, the grants would pay for more analysts and liaisons, to improve the efficiency of the surveillance state.

We say No. Council should keep rejecting this funding. BRIC is a secretive, unaccountable, scandal-ridden organization, that doesn’t deserve extra public funds on top of the already-large police budget. As Councilor Coletta argued, there should be an external, independent audit, such as those proposed here, to show that they are no longer violating the rights of the residents of Boston and the municipalities that surround it, before Council approves this extra money.

The Seven Years’ War

Boston police used their fusion center to surveil my journalistic actions. It took nearly seven years for BPD to hold itself somewhat accountable, and only after they used my information in a Department of Homeland Security conference presentation.

The department violated transparency laws and their own policies to hide their surveillance of me covering the Boston Marathon as a reporter. Despite their silence and purging of records, I finally got answers.


In April 2015, two years after the bombing of the Boston Marathon, the city’s police announced that they would detain anyone present on the streets around the finish line on the day of the race in order to search their personal property. The Boston Police Department also announced a sweeping ban on bags and containers (unless they were small and transparent).

While the events of 2013 spurred compelling reasons to upgrade security measures, they didn’t unwrite constitutional protections against unreasonable search and seizure. Or at least that’s what I thought, and so my goal on Marathon Monday in 2015 was to examine the gray area police were operating in by phrasing the bans as requests but then enforcing them like laws.

My news-gathering activities that day were monitored by law enforcement who identified my former news outlet, the Bay State Examiner, and knew they were tracking a journalist. As part of their targeted monitoring, officers disseminated a live timeline of my travel and activity to all their colleagues and partners from various local, state, and federal agencies. Later, they would use a photo of their surveillance operation-in-progress in a presentation at a Department of Homeland Security conference to brag about their skill in real-time tracking of a target.

Only now, years after I complained about this chilling violation of my First Amendment rights and privacy, do I know the truth about what happened behind the scenes—including how the Boston police handled my complaint. The lesson they appear to have learned: if the department conducts similar surveillance on reporters in the future, they need to do a better job of covering their actions to avoid getting discredited and exposed.

Marathon Monday, 2015

The marathon was in progress when I entered an area near the security hub near the finish line wearing a backpack. To begin documenting the checkpoints, I spoke with security guards and police officers and asked what would happen if I entered the area and exercised my Fourth Amendment rights to refuse to allow a search of my bags. They initially responded that I would not be able to enter through the checkpoint, but I wasn’t threatened with arrest. 

I didn’t know it at the time, but as I advanced to other checkpoints and continued to ask questions about bag searches, police began to monitor me as the only “Sig[nificant]” security event present. At some checkpoints, cops said that I would be arrested if I entered the secure area, despite it being a public sidewalk, while declining to allow a search of my bag (the contents of which included a wooden middle-finger statue and about a hundred printed copies of the Fourth Amendment). 

In speaking with police in Back Bay, there was confusion about what I’d actually be cuffed for. Still, they were explicit in that I would be arrested. Eventually, they said the charges would be for disorderly conduct due to my refusing to allow a search of my bag.

After that explanatory interaction, another cop tailed me to the next checkpoint. When I asked the checkers there if they’d arrest me for trying to enter with my bag, I was told no, but that I would “be dealt with accordingly”—a threat to stop me by force, but without detaining me. Their behavior only escalated from there; I was then physically removed from two other checkpoints by cops. I was not injured, but noted that the use of physical force on a journalist for declining a search of her bags on a public sidewalk is not justifiable. In comparison, police routinely arrest members of the public for using the level of force that they used on me against officers.

As I now know, my journalistic attempts to document the BPD’s unconstitutional bag searches led to my actions being deemed that day’s “significant event.” As a result of this designation, I was tracked, with data on my real-time location and activity broadcast to all working law enforcement by the BPD-run Boston Regional Intelligence Center, better known as the BRIC.

BRIC is one of America’s many regional fusion centers, which are law enforcement hubs built under the guise of the war on terror. They supposedly exist to pass intelligence between federal, state, and local agencies with the idea that such coordination will help foil terrorist plots. In practice, however, the BRIC has been used to, among other things, build a problematic “gang database” that was rebuked by the courts, to target activists and journalists like myself, and to circumvent sanctuary city policies so that Boston school records could be used in deportation hearings against students

On Marathon Monday 2015, BRIC helped officers working the race perimeter target and monitor a journalist. In doing so, those manning the intelligence center failed to follow their own privacy policy by spreading information about me without checking that information’s value. This failure coincides with, and appears to have led to, the aforementioned escalations in tactics including threatening and violent policing of me. They also violated their privacy policy by showing a photo of their surveillance setup in a presentation made to a number of law enforcement agencies, plus broke the Bay State’s public information law by purging records they received and shared about me.

Image via BRIC presentation at DHS headquarters

BRIC city

I learned about the BRIC’s surveillance of me several months after the 2015 Boston Marathon. The discovery came after BPD/BRIC Senior Intelligence Analyst Ryan Walsh spoke at DHS headquarters in Washington, DC during the agency’s National Geospatial Preparedness Summit later that year. His presentation, including a photo from the BRIC’s Boston Marathon command center, was posted online where it was found by another journalist and also flagged by the ACLU

On Oct. 24, 2015, I sought all records related to my surveillance under the Massachusetts public records law. The BPD violated the law by missing the 10(ish) business day deadline to respond; then, on Nov. 16, they claimed to not have any records. I responded by sending them the picture from the BRIC presentation that clearly shows that they had records of law enforcement surveillance occurring. The department never turned over those records, despite the law requiring them to and it being a violation that could carry fines or jail time (if the law were ever enforced).

Seeking another course of action, I then examined the BRIC privacy policy, which states that “if an individual has a complaint with regard to the accuracy or completeness of terrorism-related protected information that … Is exempt from disclosure … or … Is held by the BRIC and … Allegedly has resulted in demonstrable harm to the complainant … the individual may submit a complaint.” After which, “The Privacy Officer, on behalf of the Privacy Committee, will then acknowledge the complaint and state that it will be reviewed, but will not confirm the existence or nonexistence of the information to the complainant unless otherwise required by law.”

On Nov. 28, 2015, I filed a complaint under the above provisions with help from Digital Fourth, a nonprofit that advocates for Fourth Amendment rights. I was in a rare situation, where the existence of the picture from the presentation at the DPH proved the BRIC had watched me and passed records about me and my news outlet to other law enforcement outfits. Due to their reporting about my activity, the officers I met at checkpoints intensified our encounters, first to threats and then to the actual use of physical force. I clearly had standing to make a privacy complaint under the policy, and cited harms related to my physical treatment as well as the chilling effect that such handling and surveillance has on the First Amendment’s free press protections.

My complaint also addressed the violation of the state’s public records law—both in terms of missing the 10-day window to respond to my request, and then for returning a response saying they had no records about me or the Bay State Examiner when their own presentation showed that to be untrue. The state’s public records law is dysfunctional and rarely enforced, but I still asked the Secretary of the Commonwealth’s office (which oversees the law) to send the case to the Attorney General’s Office for criminal prosecution. Violations of the law can carry fines and penalties including up to a year of prison time, but despite the clearcut violations, no enforcement action was taken.

After a long wait … 

Nearly six years passed before I heard anything about my complaint. Even then, the information didn’t come from the BPD or BRIC.

In August 2021, Emiliano Falcon, policy counsel for the Technology for Liberty Program at the ACLU of Massachusetts, received a partial log of cases pending before the BRIC Privacy Committee. My complaint was among them. In September 2022, Digital Fourth obtained a full copy of the fusion center’s privacy log. According to that document, my complaint had moved from “pending” to “resolved.”

Getting a complaint sent to the so-called Privacy Committee sounds like it should have been a step towards some answers. However, subsequent public records work by Digital Fourth found that “prior to September 2022, the ‘Privacy Committee’ was not an official board with standing meetings. … Meeting minutes or agendas were not drafted.” In other words, no records exist that could show what was done about my complaint, by who, or even when.

What we do know is that in the time since they were called out for the activities described herein, the BPD and BRIC have not made public efforts to improve relations with the media or the department’s compliance with the records law. Critics including the ACLU have fried the fusion center on multiple occasions. And while the Boston City Council has put some checks on law enforcement in place around these issues, BPD is always seeking workarounds and back doors.

At this year’s marathon, targeted policing was again on full display. A massive police presence was rolled out at the Heartbreak Hill cheer zone. The area was home base for two of the region’s premier clubs for BIPOC runners, and reportedly had more attention from authorities than locations nearby where there were drunk people vomiting on the actual course. The over-policing was flagrant enough (and documented in enough viral videos) that the Boston Athletic Association even had to apologize.

The policing of a section of this year’s race where Black running clubs were gathered made national news

Let the records show

As Digital Fourth and I learned more than half-a-decade after the incident, the BRIC first fielded an inquiry about their monitoring of me from another journalist whose name and publication are redacted in the privacy log. The reporter asked why the BRIC was monitoring the media, and according to their log from Nov. 9, 2015, the agency explained in response: “The purpose of the presentation was mistaken. The presentation was showing the capabilities of the software to share activities in real time to assist our (BPD) management of dynamic events, and this was an example of that capability, nothing to do with relationship with the media.”

Another BRIC privacy log, from December 2015, addresses my complaint:

On December 8, David Carabin,” [Carabin is now the director of the BRIC, and was on the 2016 National Geospatial Preparedness Summit steering committee]  “received and reviewed a letter addressed to the BRIC Privacy Committee…

Synopsis: On August 4th, the BRIC presented at the National Geospatial Preparedness Summit in Washington, DC. The presentation was intended to share GIS (mapping) related lessons learned by the BRIC over the last several years in our efforts to provide support to BPD’s special events and critical incidents, and our development of a “Common Operating Picture” (COP) for sharing operational information during such events/incidents in real time. On October 19, we were advised that our presentation was posted on the internet by the hosts of the training conference. We requested that it be removed and destroyed, and our request was honored. Unfortunately, the ACLU and others picked up on it, found it controversial and brought additional attention to it on Twitter.

The “unfortunate” part of the incident—that the media and watchdogs caught them, not that they targeted a journalist in the first place. The entry continues:

One of the slides includes a photo of our COP while it was being used during the 2015 Boston Marathon. In the photo (attached), there is a stream of information being shared, advising leadership that “3 individuals from the [REDACTED] [are] going from checkpoint to checkpoint testing security measures and filming interactions…” If you recall, this originally was reported as suspicious activity involving unknown people testing security checkpoints, and it was later determined to be the [REDACTED].”

In Ms. [REDACTED]’s letter, she advises of several matters that she believes to be a violation of the BRIC’s Privacy Policy, but also violations to her rights. She also believes that we did not properly honor her FOIA from March 13, 2015, requesting all BRIC files on “[REDACTED]” and/or the “[REDACTED]”. BPD’s response advised that the BRIC does NOT have records that satisfy her request. 

The fact of the matter is that the BRIC did not and still does not have records on [REDACTED] or the [REDACTED]. The photo is not part of an intelligence file or record of criminal activity, nor was the original information retained for intelligence purposes.

The record does exist. I requested it. Under the law, that is a responsive record. They claim it isn’t responsive because it wasn’t “retained for intelligence purposes,” but the law does not consider why a record exists or what it was retained for, except to check to see if it falls under a specific exemption. If it is exempt, the record’s existence must be disclosed and the exemption must be cited with an explanation as to why it applies to the record. Agencies cannot pretend the record does not exist.

BRIC respondents also claimed that the “original information was shared by a partner agency to advise on the context of a situation that was affecting security procedures during the Boston Marathon, and this information was purged after the event.” This appears to be an explanation of how BRIC agents destroyed records related to the monitoring of a journalist, and since the state has thorough laws determining retention, it could also be a blunt admission of criminal destruction of records.

Left unaddressed in the intel center’s minimal opaque responses is that the BRIC’s privacy policy states agents cannot share information without first assessing it for sensitive data, checking its value, and attempting to verify. The BRIC/BPD received and shared my info, both of which should have triggered copy retention. But if they shared my info in real time, they could not have possibly verified or assessed it. Meanwhile, the BRIC must have determined that the information was not valuable, given the agency’s claim that they “purged” all the records related to me immediately after the event.

Nearly 500 Massachusetts National Guardsmen were activated to augment local authorities in providing public safety missions during the 2015 Boston Marathon, April 20, 2015. The Soldiers and Airmen provided route security along the historic route of the Boston Marathon. (Image and description via Massachusetts National Guard)

Transparency time travel

In an apparent desperate attempt to discredit me internally while dodging my inquiries, the BRIC accused me of either lying or traveling through time. As their logs falsely claim: my “FOIA request was received and handled on March 13, 2015 and handled/resolved on March 18, 2015. This was a month BEFORE the 2015 Boston Marathon. So, both the activities and the photo that she is complaining about did NOT exist at the time of her FOIA, which makes at least part of her argument irrelevant.”

In present-day reality, the request I made on Oct. 24, 2015 did not arrive at the BRIC/BPD on March 13, 2015. I do not have a flux capacitor; rather, they created a bizarre fiction (my copy of the records request can be seen here). The logs also claim my case was sent to a board that we now know didn’t meaningfully exist at the time: “On 12/8/15, this information was forwarded to the BRIC’s leadership and Privacy Committee, as well as BPD Legal and Media Relations, for advisement.”

At no point in the seven-year long complaint process was I contacted—including when the complaint was “resolved.” Still, the incident and coverup had a significant effect on me. The fact that cops can so freely surveil a reporter using a counterterrorism fusion center and broadcast her information to law enforcement brings the First Amendment’s freedom of the press protections into question. In my case, I wound up stepping away from in-person police documentation, in part because I was concerned about having the cops target me among other possible repercussions.

At the same time, I’m glad that I was able to follow up on my complaint. As it turns out, I can travel through time after all—almost eight years, into the future, to finally see how I was targeted and watched, and to then report back to the public about what happens when the media attempts to impugn law enforcement misconduct and blatant violations of our right to privacy.

It’s A Whole New World

Every two years, the Massachusetts legislature starts a fresh session. Here, we review bills on the top ten topics relating to surveillance, privacy and the Fourth Amendment, that have been introduced in the new session.

Please contact your legislators via https://malegislature.gov/Search/FindMyLegislator, to express your support, and to ask for theirs. Our thanks to Julie Bernstein for conducting the legislative research for this article.

1. Civil Asset Forfeitures: HD1780 / SD2388, HD1328
2. QUALIFIED IMMUNITY REFORM: SD1970
3. Oversight of Fusion Centers: HD2088
4. Commercial Data Privacy Protection: SD745
5. Restricting Law Enforcement Use Of Facial Recognition: HD2304 / SD750
6. Restricting Automated License Plate Recognition: HD428 & HD2360
7. Protecting Locational Privacy: HD3698
8. Protecting Biometric Information: HD3053
9. Protecting Browsing Information: SD1217
10. SAFE COMMUNITIES ACT: HD2459 / SD1937

Summaries and explanations of each of these bills follow after the jump:

Read more: It’s A Whole New World
1. CIVIL ASSET FORFEITURES: HD1780 / SD2388, HD1328

HD.1780 / SD.2388 An Act Relative to Forfeiture Reform

HD.1328: An Act Relative To Civil Asset Forfeiture Transparency And Data Reporting

HD.2128: An Act Relative to Civil Asset Forfeiture

Restore The Fourth’s Issue Brief on Civil Asset Forfeiture

The threshold for civil asset forfeitures (CAFs) in MA is the lowest in the country, “probable cause” that a crime was committed. Our state is notorious for seizing cash and vehicles from people without them having committed a crime and we were ranked worst in the country for civil asset forfeiture policies by The Institute for Justice.

Last year, a special legislative commission was convened to investigate civil asset forfeiture in MA. They requested civil asset forfeiture data from every District Attorney (DA)  and every local law enforcement agency. The only response that they received was from Suffolk County and in cataloging  how the assets from their seizures and forfeitures were spent, they listed 50% as going to “other”. H.D.1780 is an outcome of the recommendations of the Commission on Civil Asset Forfeiture.

H.D.1780 raises the evidentiary standard for CAFs by one level to “a preponderance of the evidence” which is more typical nationwide. DAs and local law enforcement keep all of the proceeds from forfeiture in our state incentivizing seizures. H.D.1780 requires that all proceeds from seizures and forfeitures go to the Treasurer, who after reimbursing all non-personnel costs associated with the seizure and paying liens, would deposit the remainder in the General Fund.

This bill also narrows a major loophole. Currently police departments participating in joint task forces with the federal government (often cooperating in large seizures of contraband), are required by the federal government to contribute the 80% of the proceeds which they receive into law enforcement. This has enabled law enforcement to purchase surveillance technology like stingrays, without any oversight even when required by a local Surveillance Ordinance. Under the new provisions, if federal law prevents the distribution of CAF proceeds to the General Fund, then police departments can no longer accept forfeited property or proceeds from the federal government. A remaining  gap is that all joint seizures would have to be litigated by a local DA or the AG except for seizures of U.S. currency worth more than $50,000. 

A report by Politico and WBUR about civil asset forfeitures in Worcester County revealed that 1 in 4 seizures of cash and property that the Worcester DA’s office filed forfeitures for in 2018 either were not associated with a criminal conviction or weren’t even linked to a criminal drug charge and another 9% of seizures had no publicly available court records. Among those, there were more than 90 instances where people lost money or cars, taken most often during traffic stops, frisks and home searches — even though there weren’t related drug convictions or drug charges. WBUR documented more than 500 occasions between 2016 and 2019  where funds were held by the DA’s office for ten years or more before officials tried to notify people. More than half of funds seized between 2017 and 2019 were $500 or less. When the county finally got around to notifying someone that their assets were not legitimately seized and could be returned, they published a small notice in the local newspaper.

Elsewhere in the state there was a well-publicized case where a vehicle belonging to Malinda Harris was seized after her son was suspected of using it in a crime. The woman had nothing to do with his crime and needed her car for work. Six years later it was finally returned to her.

H.D. 1780 would require that seizures and forfeitures occur only after a court convicts the suspect of a crime with exceptions for lawful arrests and searches, and seizures of contraband. Police officers would be compelled to itemize everything that they seize and they would be prohibited from seizing currency of less than $200 and vehicles worth under $10,000. A seizure that occurred before a trial for a crime can be appealed via a hearing. Both H.D.1780 and S.D.1328 compel every law enforcement agency including the state police and all DAs to annually report all seizures and forfeitures including those under federal jurisdiction, and the crimes associated with them.  These would be entered by the executive office of administration and finance into a case tracking system and searchable public website.

H.D. 1328 requires that important additional information be reported including the outcome of any criminal charges, the details of all proceedings related to seizures and forfeitures, all case numbers and the zip code in which the seizure occurred. This granularity is crucial in view of the abuses that have occurred and the need to understand whether the new regulations adequately address these. Furthermore, whereas H.D.1780 requires that the data be reported to the AG, H.D. 1328 requires that all of the data also be reported to the Senate and House Committees on Ways and Means and the Joint Committee on the Judiciary.

H. D. 2128 would raise the standard of proof for a civil forfeiture to occur further than H. D. 1780 would do; instead of the Commonwealth having to prove that the asset was associated with a crime on “the preponderance of the evidence”, they would have to meet a standard of “clear and convincing evidence”. That standard or higher is the law in 28 states. The bill would also route all state forfeitures revenue into the Commonwealth Substance Abuse Prevention and Treatment Fund. It includes process improvements similar to H. D. 1780, though less detailed than those in H. D. 1328.

Digital Fourth supports these bills individually, and would support a consolidation of them in committee, using the standard of proof and revenues provisions from H. D. 2128, the detailed process requirements from H. D. 1780, and the detailed reporting requirements from H. D. 1328. These bills should help to ensure that forfeitures occur only when the vehicle, asset, or realty was involved in a crime, that innocent owners do not lose their property, and that law enforcement agencies have no financial incentive to conduct seizures and forfeitures.

2. QUALIFIED IMMUNITY REFORM: SD1970

Qualified immunity reform was left out of the 2020 police reform in Massachusetts, unlike in other states. Currently, Massachusetts imposes an unfeasibly high bar on civil rights lawsuits against state government agents, including police, of having to prove that the civil rights violation involved “threats, intimidation or coercion.” As a consequence, attorneys don’t take these cases, because they don’t expect to win; many plaintiffs can’t afford to pay an attorney unless they win damages.

S.D. 1970 stipulates that: “In an action brought under this section against a person or entity acting under color of law, proof shall not be required that the interference or attempted interference was by threats, intimidation or coercion.”

3. OVERSIGHT OF FUSION CENTERS: HD2088

This bill would require the Commonwealth’s “criminal intelligence systems” – the Boston Regional Intelligence Center, the Commonwealth Fusion Center, and others – to submit to regular outside auditing to ensure that they are complying with 28 CFR Part 23. This federal regulation requires that any information they hold on Massachusetts residents be based on reasonable suspicion of involvement in a crime.

It provides a private right of action to residents who believe that these entities have violated their privacy rights. It also requires the Commonwealth Fusion Center to publish the names of its privacy advisory committee, to have it meet quarterly, and to make its minutes public.

4. COMMERCIAL DATA PRIVACY PROTECTION: SD745

SD. 745: An Act Establishing the Massachusetts Data Privacy Protection Act

This is a very complete data privacy bill that covers large corporations, service providers social media companies and data brokers that either collect, process or transfer data. It requires the originating covered entity (CE), for example, Google, to limit the data that it collects from you to only what is necessary in order to provide you the service that you desire and must give you an easily accessible and user friendly affirmative consent mechanism in which you will be told what data Google collects and where it goes for what purposes and you will be able to consent to or opt out of these uses of your data. The CE must communicate your preferences to all of the service providers(SPs) or data brokers (DBs) or any other third parties with which it shares your data because they must comply with your preferences.

Each covered CE and SP must make publicly available an obvious and understandable privacy policy including a detailed and accurate representation of its data collection, processing, and transfer activities, the purpose of all data collected, the length of time that the data is to be retained, the data security practices implemented, every data broker or third party to whom the data is transferred and several forms of contact information so an individual can readily access the CE or SP to make requests concerning their data.

If the covered entity makes any changes in the data it collects, shares or transfers or sends your data to a new party, this must be communicated to you so that you can consent or opt out. You can change your data preferences and delete data twice a year without paying.

All CEs must allow individuals to access their data in a downloadable, portable, structured, interoperable, and machine-readable format and to make any corrections to inaccurate and incomplete data. Requests to change or delete your data should generally be honored within 30 days and you can make these changes twice annually for free.

Companies will have to report to the Attorney General (AG) how many requests they receive and how they have been handled. Any individual alleging a violation of their privacy rights under this act may bring “a civil action in the superior court or any court of competent jurisdiction” against the CE, DP or third parties. If a violation is found to have occurred, the plaintiff will be eligible for damages as well as an injunction or other relief and attorney fees.

DBs must register with the OCABR Office of Consumer Affairs and Business Regulation)which will maintain a searchable database with information on what data it collects and transfers and how you can contact the data broker about removing or verifying your data, linked to a website provided by the DB where you can opt out of data collection. Failure of the DB to comply will result in a fine.

Each DB will also be required to provide the AG with an impact statement for any algorithms that it uses that can potentially have a disparate impact on any protected group or individual registered to a political party along with steps they are taking to mitigate the impact. The AG can take action against CE or SP that fails to comply with civil rights provisions.

Large data holders (DHs) must hire at least one privacy officer or a data security officer and implement a data privacy program and data security program to safeguard the privacy and security of covered data. All CEs and Large DHs must perform a privacy impact assessment that weighs the benefits of the data collecting, processing, and transfer practices against the potential adverse consequences of such practices, including substantial privacy risks, to individual privacy and mustreview how technologies are being used to secure covered data.

CEs must provide all legal requests for disclosure of personal information that they receive to the AG and the general public on a bimonthly basis. This includes requests for location information and both the number of legal requests that resulted in the covered entity disclosing location or biometric information and those that did not.

The bill bans targeted advertisements to minors.

The bill has strong protections for workers against electronic monitoring that limit the monitoring to the least amount of information necessary from the fewest number of employees for the shortest length of time in order to enable tasks that are necessary to accomplish essential job functions or to monitor production processes or quality. The monitoring must not harm the employee’s mental or physical health. Employers must provide employees with notice that electronic monitoring will occur prior to conducting each specific form of electronic monitoring and include details including the purpose, the specific activities, locations, communications, and job roles that will be electronically monitored, the technologies that will be used and all vendors and third parties who will receive the data.

5. RESTRICTING LAW ENFORCEMENT USE OF FACIAL RECOGNITION: HD2304 / SD750

This bill implements the findings of last session’s Commission on Face Surveillance. The findings had support from law enforcement as well as from civil liberties organizations. The bill would provide that:

1. Law enforcement other than the State Police and FBI cannot directly possess or access a biometric surveillance database.

2. Law enforcement may not use biometric surveillance to infer a person’s emotion or affect nor for analysis of moving images or video data.

3. The State Police can access the facial recognition database used by the registrar of motor vehicles to conduct a search for local law enforcement, a federal agency or the FBI if they are presented with warrant issued by a judge based upon probable cause or if there is an immediate threat of danger of serious injury to someone or a need to identify a deceased person.

4. Law enforcement must document the basis for any emergency requests and file them with the appropriate Superior Court within 48 hours of the request.

5. All searches of the database by the State Police or FBI must be documented and reported to the executive office of public safety and security, quarterly disaggregated, by the requesting law enforcement or federal agency. The same goes for breakdowns of whether the request involved a warrant or emergency. The agency must post the total # of searches performed ID of a deceased person. These must all be publicly posted by EOPSS by March 31 of the following year.

6. Any person charged with a crime in which they were identified by a facial recognition search must be provided notice that the search occurred and defendants and their attorneys in criminal prosecutions must be provided with all records and information pertaining to any facial recognition searches performed or requested during the course of the investigation of the crime or offense.

6. Restricting Automated License Plate Recognition: HD428 & HD2360

HD.428 An Act Relative to All-Electronic Tolling Data Privacy.

This bill provides that:

1. A department may not access, search, review, disclose or exchange tolling data (meaning any data captured or created by an ALPR system or from signals or radio frequencies emitted by a transponder in connection with the assessment or collection of a toll, including, without limitation, GPS coordinates or vehicle location information, dates and times traveled, images, vehicle speed, and license plate numbers, existing in an any form or medium, whether electronic, paper or otherwise) unless this is necessary to:

a. collect, access or pursue payment tolls or fines or surcharges related to unpaid tolls

b. to install, maintain or repair a transponder

c. to respond to a reasonable belief that an individual is at imminent risk of serious physical injury, death or abduction; provided, that not later than 48 hours after responding, the access and detailed reasons for it are provided to the AG.

d. comply with a search warrant, production order, or preservation request issued in connection with the investigation or prosecution of a felony.

3. a. The department must erase or destroy the tolling data accessed within 120 days of access.

    b. The department may retain tolling data beyond 120 to comply with a search warrant, production order, or preservation request, or as necessary to collect unpaid tolls or fines or surcharges related to unpaid tolls.

4. a. A person whose tolling data was retained in violation of the above can institute a civil action in district or superior court for damages or in superior court for injunctive relief.

    b. If a violation has occurred the violator will not be entitled to absolute or qualified immunity and will be liable for proven actual damages, be liable for treble damages or for exemplary damages of between $100 and $1000 along with costs and reasonable attorney’s fees.

Why this is important: ALPR data records everywhere that someone has driven. If it is maintained in a database, then it can be reviewed retroactively for many unlawful purposes such as to identify a suspect in a crime for which there is ho particularized evidence of them having committed the crime This means that potentially many people who have traveled to the vicinity of the location of a crime will now become suspects. In addition, tolling data can be used to identify individuals who have participated in a political event or rally or a protest which are acts protected by the First Amendment and therefore should not be monitored.

HD.2360 An Act Establishing Driver Privacy Protections

This bill provides that:

Law enforcement or other state government employees or officials may not:

  • use an ALPR system to track or monitor activity protected by freedoms of religion or speech guaranteed by the Massachusetts Declaration of Rights or the First Amendment to the United States Constitution;
  • retain ALPR data longer than 14 days except in connection with a specific criminal investigation based on articulable facts linking the data to a crime;
  • disclose, sell or permit access to ALPR data except as required in a judicial proceeding; or
  • access ALPR data from other governmental or non-governmental entities except with a valid search warrant.

Toll collection technologies may only be used to identify the location of any vehicle for tolling purposes.

The department of transportation may not access, search, review, disclose, or exchange tolling data in its possession, custody, or control except to:

  • assess, collect or pursue the payment tolls or fines or surcharges related to unpaid tolls; 
  • install, maintain or repair an ALPR or transponder system or a system storing tolling data;
  • respond when an individual is at imminent risk of serious physical injury, death or abduction
  • comply with a search warrant, production order, or preservation request issued in connection with the investigation or prosecution of a felony.

The department of transportation must eliminate all tolling data that it possesses or controls within 120 days of its was creation unless it is necessary to comply with a search warrant, production order, or preservation request, or as necessary to collect unpaid tolls or fines or surcharges related to unpaid tolls.

No toll collection or vehicle data may be shared with or provided to any law enforcement entity or official without a search warrant, or production order; unless this information is requested  because of a reasonable belief that an individual is at imminent risk of serious physical injury, death or abduction and that such data is necessary to respond. Such a request must be narrowly tailored to address the emergency and subject to the following limitations:

  • the request must document the factual basis for the emergency and the applicability of toll collection and/or vehicle data
  • within 48 hours of accessing these records, the government office must file a written notice describing with particularity the grounds for emergency access and exactly what tolling data was accessed, with the Attorney General.

If ALPR data, tolling data, and vehicle data is collected, retained, disclosed, sold, or accessed without complying with the above requirements, it may  not be admitted, offered or cited by any governmental entity for any purpose in any criminal, civil, or administrative proceeding.

An individual whose rights have been violated by the improper transfer of or access to these data, may introduce evidence concerning this data in a civil action for damages or injunctive relief in a district or superior court or may allow another party in a civil proceeding to do the same.

If a willful violation occurred, the violator will not be allowed to claim any privilege absolute or qualified. In addition to any proven actual liability, the violator will be liable for treble damages, or, alternative, exemplary damages of between $100 and $1000 for each violation as well as costs and reasonable attorney’s fees.

The attorney general will enforce the above and will have the power to petition the court for injunctive relief and other appropriate relief against violators.  

7. PROTECTING LOCATIONAL PRIVACY: HD3698

In this bill, location information is defined as directly or indirectly revealing the present or past geographical location of an individual or device within the Commonwealth of Massachusetts with sufficient precision to identify street-level location information within a range of 1,850 feet or less. Location information includes but is not limited to (i) an internet protocol address (ii) Global Positioning System (GPS) coordinates; and (iii) cell-site location information.

HD. 3698 prohibits the collection, processing, or disclosure by  a Covered Entity (CE) including “any individual, partnership, corporation, limited liability company, association, or other group” (except a state or local government agency or court) of an individual’s location information  from any device that “connects to a cellular, bluetooth, or other wireless network” “for profit or in exchange for monetary or other consideration including selling, renting, trading, or leasing location information without the express consent of the individual except for the following purposes:

Location information can be collected for “(i) provision of a product, service, or service feature to the individual to whom the location information pertains when that individual requested the provision of such product, service, or service feature by subscribing to, creating an account, or otherwise contracting with a covered entity; (ii) initiation, management, execution, or completion of a financial or commercial transaction or fulfill an order for specific products or services requested by an individual, including any associated routine administrative, operational, and account-servicing activity such as billing, shipping, delivery, storage, and accounting; (iii) compliance with an obligation under federal or state law; or (iv) Response to an emergency service agency, an emergency alert, a 911 communication, or any other communication reporting an imminent threat to human life.”

When location information is collected for any but the last two allowed purposes, the CE must list each purpose in a Location Privacy Policy and individuals must provide discrete consent for each purpose to enable the collection of location information. Each CE must provide a clear, conspicuous, and simple means to opt out of the processing of their location information for purposes of selecting and delivering targeted advertisements.

Permission will be valid for one year unless the individual chooses to revoke it before that . If permission is revoked, any location information possessed by a covered entity must be permanently destroyed. An individual can opt in again at a future time. There cannot be any retaliation against someone who chooses not to have their location information collected but a service requiring this information can be withheld.

Covered Entities may not:

  • collect more precise location information than necessary to carry out the permitted purpose,
  • retain location information longer than necessary to carry out this purpose,
  • sell, rent, trade, or lease location information to third parties; or
  • derive or infer from location information any data that is not necessary to carry out the permitted purpose.

The CE may not disclose or assist in any way the disclosure of an individual’s location information to third parties (TPs), unless this is necessary to carry out the permissible purpose for which the information was collected, or requested by the individual to whom the location data pertains.

A CE or service provider (SP) may not disclose location information to any federal, state, or local government agency or official unless:(1) the agency or official presents a valid warrant or establishes the existence of exigent circumstances that make it impracticable to obtain a warrant ,or (2) disclosure is mandated under federal or state law, or (3) the subject of the data requests this disclosure.

The CE must maintain and make available its Location Privacy Policy including:

  • the purpose(s) for which the covered entity is collecting, processing, or disclosing any location information;
  • the type of location information collected, including the precision of the data;
  • the identities of SPs with which the CE contracts with respect to location data;
  • any disclosures of location data necessary to carry out each purpose and the identities of the third parties to whom the location information could be disclosed;
  • whether the CE’s practices include its use of location information for targeted ads
  • the data management and data security policies governing location information;
  • the retention schedule and guidelines for permanently deleting location information

Users of the CE must be given 20 days advance notice of any change in the Location Privacy Policy.

It will be illegal for the government to monetize location data.

Covered entities must annually disclose annually any warrants for location information received by themselves or any associated SPs or TPs (if known), disaggregated by the requesting agency, statutory offense under investigation, and the source of authority to the Attorney General (AG). The AG will make these reports available to the public online.

Any individual alleging a violation of this chapter by a CE or SP may bring a civil action in the superior court or any court of competent jurisdiction. They will not need to file a report with the AG or accept arbitration. If a claim is proven, the plaintiff may be rewarded damages for emotional distress, or $5,000 per violation, whichever is greater, (2) punitive damages; and (3) any other relief, including but not limited to an injunction or declaratory judgment, that the court deems to be appropriate as well as attorney’s fees and other costs.

The AG can bring an action against a CE or SP to remedy violations. The AG must conduct investigations of any possible violations of this chapter and refer cases for criminal prosecution to the appropriate federal, state, or local authorities.

Location information may be collected by a healthcare provider for treatment or research purposes in compliance with HIPPA.

CEs must comply with this chapter within 6 months of enactment and delete any location information retroactively for individuals who withhold consent.

8. PROTECTING BIOMETRIC INFORMATION: HD3053

In this bill, “Biometric information or data” means information or data that pertains to measurable biological or behavioral characteristics of an individual that can be used alone, with each other or with other information, for verification, recognition, or identification of an unknown individual. Examples include: fingerprints, retina and iris patterns, voiceprints, DNA sequences, facial characteristics and face geometry, gait, handwriting, keystroke dynamics, and mouse movements. (The bill excludes medical information protected by HIPPA, medical images used for diagnosis or research. donated organs or tissues stored by a federal agency as well as writing samples, written signatures, mere photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color.)

The Covered Entities (CEs) include any individual, partnership, corporation, limited liability company, association, or another group, however organized but not a state or local government agency, or any court of Massachusetts.

“ Processing includes collecting, accessing, using, storing, retaining, sharing, monetizing, analyzing, creating, generating, aggregating, altering, correlating, operating on, recording, modifying, organizing, structuring, disclosing, transmitting, selling, licensing, disposing of, destroying, de-identifying, or otherwise manipulating biometric information.

A CE or Data Processor (DP) cannot collect or process  (collect access, use, store, retain, share, monetize analyze, create, generate, aggregate, alter, correlate, operate on, record, modify, organize, structure, disclose, transmit, sell, license, dispose of, destroy, or de-identify)

someone’s biometric information unless: they

  • provide a written explanation of exactly what it will collect or process
  • provide the individual with the Biometric Privacy Policy(BPP)
  • receive advance explicit handwritten or electronic consent from the individual or their legal guardian or representative

Consent will expire after 3 years or when the initial purpose for processing the biometric information has been satisfied, whichever occurs first. Upon expiration, any biometric information possessed by a CE must be permanently destroyed. Consent may be renewed

The BPP must include:

  • the use models, detailing whether the biometric information is going to be used for identification or verification purposes; 
  • all data management and data security policies governing biometric information; 
  • all disclosure practices; and 
  • the retention schedule and guidelines for permanently deleting biometric information.

The CE must provide notice of any change to its BPP at least 20 business days in advance of implementation and request consent for the changes.

The CE must store, transmit, and protect from disclosure all biometric data in a manner that is the same as or more protective than the manner that it stores, transmits, and protects other confidential and sensitive information, consistent with the standard for similar private industries.

Any CE, DP or third party (TP) may only disclose biometric information if:

  • disclosure is required for the provision of a service or product by the CE and the individual has consented
  • disclosure is needed to complete a financial or commercial transaction requested by the individual and to which they have consented
  • disclosure is for a single purpose to a TP that has been authorized by the individual in handwritten consent
  • federal or state law requires disclosure but individual must be notified in advance via BPP
  • in response to a valid warrant
  • response to imminent threat to life or property[JB1] 

No CE, DP or TP may monetize biometric information.

If CE, DP or TP are served with a warrant for biometric information (BI), they must immediately provide the individual with a copy of the warrant, to whom and when their BI was provided, an inventory of the data disclosed, whether the CE, DP or TP provided the data, who requested the warrant from the court, if known. However, a government entity may apply to the court for a 30 day delay in notification and for a renewal of that delay.

CEs must annually report to the Attorney General (AG) any warrants for BI received by them or by associated DPs or TPs. CEs required to report BI pursuant to a law must annually report general aggregate information pertaining to these to the AG.

An individual alleging harm by a violation of this law may bring a civil action in any court of competent jurisdiction directed to any CE, DP or TP believed to have committed the violation.

If the defendant prevails they are eligible for liquidated damages ranging from  0.1% of the annual global revenue of the covered entity or $1,000 per violation, whichever is greater for negligent violations to 0.5% of the annual global revenue of the covered entity or $5,000 per violation, whichever is greater for deliberate violations, punitive damages and any other relief, including but not limited to an injunction as well as reasonable attorney’s fees and costs, including expert witness fees and other litigation expenses. Each instance of violation is eligible for damages.

The AG may bring an action pursuant to section 4 of chapter 93A against a CE, DP or TP to remedy violations of this chapter and for other relief that may be appropriate. 

Within 6 months of enactment of the law CEs must obtain consent for all BI collected or stored and must destroy any BI for which consent was not given. The Act will be in effect one year after enactment.

9. PROTECTING BROWSING INFORMATION: SD1217

This law would apply to electronic information collected by any corporation which sends or receives electronic communications, including any service that acts as an intermediary in the transmission of electronic communications, or stores electronic communication information for the general public.

It covers any information pertaining to an electronic communication or the use of an electronic communication service, including, but not limited to the content of electronic communications, metadata, sender, recipients, format, or location of the sender or recipients at any point during the communication, the time or date the communication was created, sent, or received, or any information pertaining to any individual or device participating in the communication.

In order for a government office, law enforcement agency or public official to access your electronic information from either a service provider or an electronic device itself, they would need to get a particularized search warrant supported by probable cause from a superior court judge. Exceptions would include if there were an emergency threatening immediate physical injury or, if you had previously given written consent to the corporation that possesses your electronic data to release it to them. Even in an emergency situation, the government would need to provide a written explanation of why the data was needed to the local superior court within 48 hours. Corporations would have to share the requested information within 14 days or earlier if justified, unless the corporation appeals for and is granted more time.

A Massachusetts corporation that provides electronic communication services, remote computing services, or location information services must respond to a warrant or subpoena from another state to produce records that would reveal the identity of the customers using those services, data stored by, or on behalf of the customer, the customer’s usage of those services, the recipient or destination of communications sent to or from those customers, or the content of those communications, as if that warrant or subpoena had been issued under the law of the commonwealth. This element is concerning, because it would allow a state that prohibits abortion to access content that might reveal that someone either had an abortion or received abortion medication.

The law enforcement or government officer who obtains someone’s electronic information via a search warrant must provide them with a copy of the warrant, the application for the warrant, an explanation of the law enforcement inquiry and the information requested and date of the request within 7 days of collecting their information unless a reason is provided for a delay which may be granted for up to 90 days and may compel the entity providing the data to delay notifying the target person.

A warrant for the electronic information requested is not necessary if the owner of the electronic information or the recipient of the information gives the law enforcement or government officer their written consent to share it.

If a government office, law enforcement agency, or public official believes that an electronic device is lost, stolen, or abandoned they may access electronic device information necessary  in order to attempt to identify, verify, or contact the owner or authorized possessor of the device.

Within 5 business days of issuing or denying a warrant, the court must report to the office of court management within the trial court all of the information pertaining to the warrant described above as well as name of the agency making the application, the offense described in the warrant and any modifications or extensions made to the warrant.

Every June, the court administrator in the office of court management in the trial court must provide the legislature with a complete report of the number of applications for warrants authorizing or requiring the disclosure of or access to information including a summary and analysis of the data which will all be public records.

No government office or law enforcement may ask any court for a reverse-location court order (including a search warrant or subpoena) to obtain the location of a specific device(s) or a reverse-keyword court order to identify who electronically searched for particular words, phrases, or websites, nor may they purchase this data. No court is permitted to issue any court order allowing the disclosure of reverse-location or reverse keyword data.

No government office or law enforcement may make a reverse location request or reverse keyword request from a company. Nor may they seek the assistance of any agency of the federal government or any agency of the government of another state or subdivision thereof in obtaining information or data from a reverse-location court order, reverse-keyword court order, reverse-location request, or reverse-keyword request if they would be barred from directly seeking such information.

No government office, law enforcement agency, or public official may use a cell site simulator (CSS)device for any purpose other than to locate or track the location of a specific electronic device, pursuant to a particularized warrant based on probable cause or if exigent circumstances exist requiring swift action to prevent imminent danger to the safety of an individual or the public. A warrant issued limits the use of the CSS to 15 days unless an application is made for renewal.

A warrant application must specify

  • the facts establishing probable cause to believe the targeted individual has committed, is committing, or is about to commit a felony
  • that less invasive methods of investigation or surveillance to the privacy of non-targeted parties have been tried and failed or are reasonably unlikely to succeed
  • It must disclose the nature and capabilities of the cell site simulator to be used, the name of the government agency that owns the cell site simulator device
  • exactly how it will be deployed, including whether it will obtain data from non-target communications devices
  • the procedures that will be followed to protect the privacy of non-targets during the investigation, including the deletion of data obtained from non-target communication device
  • that all target data must be deleted within 30 days if there is no longer probable cause  that such information or metadata is evidence of a crime

Any individual whose information was obtained by a government entity in violation of the above requirements for the collection of private electronic information must be notified in writing, by the government office, law enforcement agency, or public official who committed the violation and of the legal recourse available to that person.

Any electronic information collected in violation of the above provisions may not be used in evidence any trial, hearing, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the commonwealth, or a political subdivision thereof.

Anyone who has been harmed by a violation of these protections of private electronic information may bring a civil action against the government office, law enforcement agency, or public official who violated those sections in the Superior Court or any court of competent jurisdiction. Such a person will not need to  file an administrative complaint with the attorney general or to accept mandatory arbitration of a claim.

When the plaintiff prevails in a civil action, the court may award actual damages, including damages for emotional distress, the greater of either $1000 per violation or actual damages, (punitive damages; and any other relief, including but not limited to injunctive or declaratory relief). In addition to any relief awarded, the court will award reasonable attorney’s fees and costs to the plaintiff.

Any contract whether government or private that infringes the above rights will be considered void.

This bill would also prohibit “library user private data” meaning records of a public library which reveals the identity and intellectual pursuits of a person using the library from being collected by any government or law enforcement agency.

10. SAFE COMMUNITIES ACT: HD2459 / SD1937

This long-standing goal of Digital Fourth and allied organizations, especially MIRA, would prevent local and state law enforcement from sharing information relating to the potential presence of undocumented immigrants, with ICE or other federal agencies.

For further details, please see the action alert here: https://actionnetwork.org/letters/tell-lawmakers-prioritize-the-safe-communities-act-this-session-23

Fusion Centers Target The Homeless, Substance Abusers, Protesters And More

A damning report on the Maine Information Analysis Center (MIAC) or Fusion Center, reveals just how intertwined corporate and government surveillance of the public has become.  

“Official secrecy, moreover, cloaks fusion centers, so what little public information is available on a particular fusion center rarely provides much detail on its unique profile.”

The MIAC Shadow Report reveals how law enforcement goes out of their way to hide who’s actually in charge of public surveillance and is pre-occupied with people committing conventional crimes. 

“Fusion centers are the nerve system of mass criminalization” the report warns. A major concern of the authors is how fusion centers use private corporations to conduct secret facial recognition and social media surveillance of ‘people of interest’ and warns that self-governing fusion centers are fraught with peril.

Despite there being a statewide ban of using facial recognition to ID innocent people in Maine there is evidence MIAC uses data brokers to do an end-run around privacy bans.

“This legislation bans the use of the technology in most areas of government and strictly limits its use by law enforcement.9 In our review of BlueLeaks documents, we found documents that raise questions about the MIAC’s use of private data brokers and ability to analyze cell phone data. These systems, like the recently regulated facial recognition technology, also pose existential threats to privacy and other basic rights.”

The report also found that fusion centers are being used to surveil people with mental illnesses, substance abuse, and the homeless.

It appears that the majority of what fusion centers do is ID ‘suspicious people, people of interest, suspects, missing persons, and wanted people.’

“The majority of MIAC documents concern the sharing of criminal information. Two-thirds of the BlueLeaks documents definitely shared by the MIAC—939 of 1,382—are (1) requests to identify a suspect or a wanted person, locate a person of interest or missing person, or provide information about possible crimes or suspicious circumstances or (2) bulletins and reports on specific incidents, cases, or individuals considered relevant to law enforcement but not directly connected to a criminal investigation by a police agency in Maine.”

Supermarkets, gas stations, utility companies, universities and hospitals receive daily ‘civil unrest’ reports 

The report reveals that fusion centers send daily intelligence (civil unrest) reports to 4526 registered users in Maine. The reports focus on protests and political violence, lumping together subjects like “civil unrest,” “extremism,” and “terrorism.” 

“This expansive list includes law enforcement officers and intelligence officials from across Maine, the New England Region, and across the country. It extends beyond law enforcement and intelligence to other government officials such as Department of Motor Vehicles personnel and school superintendents. The MIAC’s reach extends outside of the public sector. Many large corporations receive MIAC products, including Avangrid, Hannaford’s, ExxonMobile, and Bath Iron Works. Civil society organizations and nonprofits are also involved, such as universities, hospitals, and even special interest groups. The president of the Maine Chamber of Commerce, for example, is a registered user of the MIAC but, in contrast, there are no representatives from organized labor listed.” 

The report also revealed that fusion centers are monitoring people who commit property crimes or shoplifting and sends daily reports to businesses.

“Private firms also access documents. The most prolific private sector reader of MIAC reports is the Auburn Mall. Auburn, along with neighboring Lewiston, are the twin cities of Maine. They are post-industrial mill towns, which have not yet been gentrified. They contain the four highest poverty census tracts in the state. The opioid epidemic has devastated this region. Mall security at the Auburn Mall mostly reads documents on persons who have been arrested for opioid use and shoplifting.”

The Maine Beaconwarns, “counterterrorism has morphed into supercharged policing of drug, and property crimes,” and says “this is public-private surveillance.”

How easy is it for police officers to use fusion centers to secretly collect information on an innocent person?

MIAC, like fusion centers everywhere “can acquire and retain information that is unrelated to a specific criminal or public safety threat, as long as it determines that such information is useful.” As the report states, “the policy provides no definitions or standards for determining when information is useful in the administration of public safety.”

Let that sink in for a moment. Fusion centers can basically spy on anyone, even if they are not a ‘public safety threat,’ as long as a police officer determines that the information they collect on a person is useful!  

The report also revealed that fusion centers are ‘acquiring, retaining and sharing information about individuals and organizations based solely on their religious, political, or social views or activities.’

Fusion centers commonly send “situational awareness bulletins” to police departments about a person’s mental illness, saying these types of disclosures are common.

The report also reveals how police departments and the Rand Corporation create “strategic subject and HEAT lists” of anyone police think could commit a future crime[s].

Fusion Centers use TransUnion to secretly monitor people’s social media

“Documents received in response to FOAA requests provide evidence that the MIAC currently uses commercial databases as part of its investigations. For example, one heavily redacted record shows a TransUnion report on a redacted individual, which provides information on jobs, emails, usernames, aliases, and numerous social media profiles and internet sites.118 Another document traces a case that begins with a citizen report of “violent politically motivated rhetoric on Facebook” and leads immediately to a request to “begin to look into this individual” by a MIAC staffer. A case number and record are then created, and multiple reports are completed, including a “TLO (Comprehensive and Social Media)” report.”

The report proves that fusion centers are using data brokers to routinely collect highly sensitive personal information on people without a warrant. 

“The TLO document also contains the report itself, which includes information on bankruptcies, liens, properties, corporate affiliations, and other information which is fully redacted and cannot be identified.”

“MIAC routinely monitors social media accounts and/or conducts background checks on individuals associated with lawful public protests, frequently citing a pretextual criminal offense (subjects may litter during the protest, for example) to justify the collection. MIAC then retains all the data collected even after finding no indication of a threat, hazard, or criminal activity.”

Last week The Intercept reported that the state of New York wants to spend millions to create a statewide fusion center-run social media surveillance network.

“New York’s governor, Kathy Hochul, unveiled details of her own policing initiatives to crack down on gun crime — but hardly anyone seemed to notice. Embedded within the dozen bills and hundreds of line items that make up her plan for next year’s state budget, Hochul’s administration has proposed tens of millions of dollars and several new initiatives to expand state policing and investigative power, including agencies’ ability to surveil New Yorkers and gather intelligence on people not yet suspected of breaking the law.”

According to the MIAC report, fusion centers can use a “possible threat, crime analysis” or essentially any reason to justify spying on a person’s social media accounts. Using fusion centers to ID and surveil homeless people and juveniles is horrifying, as “we do not know what happens to these individuals when they become subjects of the MIAC intelligence reports.” 

As is typical of fusion center research, searching for ‘fusion centers and crime analysis’ returned vague results, as evidenced by this gem from DHS’s Fusion Center Fact Sheet: “Fusion centers conduct analysis and facilitate information sharing, assisting law enforcement and homeland security partners in preventing, protecting against, and responding to crime and terrorism.”


The closest and most disturbing definition of ”fusion centers and crime analysis” can be found in the Bureau of Justices, “Fusion Center Guidelines: Developing and Sharing Information and Intelligence in a New Era” report.

“The goal is to rapidly identify emerging threats; support multidisciplinary, proactive, and community-focused problem-solving activities; support predictive analysis capabilities; and improve the delivery of emergency and nonemergency services.” (page 13.)

What does that mean? It means fusion centers are guessing or predicting that someone could be a threat to the homeland or one of a possible 23 different types of violent extremists.There is a disturbing link between fusion centers and mass incarceration.

 “In addition to the previously discussed role of the MIAC in monitoring racial justice protests and the over-policing of the crimes of poverty, the MIAC records published with BlueLeaks include documents produced by the MIAC and “passed through” from other agencies that concern unhoused people, undocumented people, and youths running away from home or the juvenile justice system.”

It is not hard to see how a person of color, a homeless person or a substance abuser could receive a harsher sentence simply because a fusion center has a secret file on them.

Now is the time to press our leaders and politicians to put an end to fusion centers, the need to keep them going has long since passed. (Twenty-one years and counting since 9/11.) 

Allowing 79 fusion centers to use corporations and data brokers to collect massive amounts of personal information on anyone for any reason has and will continue to come at a high cost to our freedom.  

23 Different Types Of Violent Extremists And Counting, Will You Be Classified As One?

The Department of Homeland Security (DHS) wants Americans to believe since 2011, when the word “extremists” was just starting to take root in the public’s consciousness, there has been an explosion of violent extremism. 


The DHS report made dubious claims like al-Qa‘ida was trying to recruit Americans and radicalize terrorism across the country, which coincidentally was also the 10th anniversary of 9/11. The report mentions extremists and violent extremists interchangeably during a time when Americans were beginning to question the war on terror.
In May 2011, National Public Radio wrote, “Why We Must End The War On Terror” and asked in September, “Is It Time To End The War On Terror?” Similar articles were being published across the country asking the same thing.


Fast forward eleven years, to 2022 and the war on terror shows no signs of abating. 


DHS, who could be mistaken for magicians if it were not so ironic, have convinced law enforcement that America now has at least twenty-three different types of extremists.


There does not appear to be a master list of American extremists published by DHS or the Department of Justice.


I used four sources to compile this list of twenty-two different types of violent extremists, but I fear that the government’s “official list” is far larger.

  1. Anti–government violent extremist
  2. Anti-war extremist
  3. Anti–authority violent extremist
  4. Anarchist violent extremist
  5. Domestic violent extremist
  6. Racially or ethnically motivated violent extremist
  7. Militia violent extremists 
  8. Sovereign citizen violent extremist 
  9. Individual violent extremist
  10. Involuntary celibate–violent extremist
  11. Abortion extremist
  12. Anti-abortion extremist 
  13. Animal rights extremist 
  14. Environmental extremist 
  15. Right-wing extremist 
  16. Left-wing extremist 
  17. Christian Identity extremist
  18. Islamist extremist 
  19. Muslim extremist 
  20. Racist extremist 
  21. Nativist extremist
  22. Schoolboard extremist

Sources: National Strategy for Countering Domestic Terrorism,  A Schema of  Right-Wing Extremism in the United States,  Homegrown Violent Extremist Violent Indicators (2019) report and the National School Board.


Two weeks ago, the Tallahassee Democrat revealed that a Hot Yoga shooting in 2018 was the result of “Misogynist extremism.”

“Scott Beierle had a long trail of misogynist and criminal behavior that was missed by authorities before he walked into Hot Yoga in 2018 in Tallahassee, killing two people and injuring five, the U.S. Secret Service determined in a new report.”

“The case study focused on 40-year-old Beierle — who killed himself minutes after the shooting began — and linked his behavior to the greater threat of what investigators called misogynistic extremism, sometimes referred to as male supremacy.” 

According to the report by the National Threat Assessment Center (a component of the Secret Service) a man who killed two women attending a hot yoga class was an act of “Misogynist extremism” making it the twenty-third different type of violent extremism in the U.S.

“The behavioral history of the Hot Yoga Tallahassee attacker illustrates many of the behavioral threat assessment themes identified through years of U.S. Secret Service research examining targeted violence. Further, this attacker’s history highlights the specific threat posed by misogynistic extremism. This gender-based ideology, sometimes referred to as male supremacy, has received increased attention in recent years from researchers, government agencies, and advocacy groups due to its association with high-profile incidents of mass violence. Some of these attacks were perpetrated by individuals who espoused specific types of misogynistic extremism, including anti-feminists and involuntary celibates.”

After reading this report it appears that there are probably at least two more types of violent extremists: “Anti-feminist extremists and “involuntary celibate extremists” that the public is not aware of. 

All indications are that the Feds are re-classifying attacks on women as violent extremism.

“It is further important to note that misogynistic violence is not restricted to high-profile incidents of mass violence. Misogyny frequently appears in more prevalent acts of violence, including stalking and domestic abuse. No matter the context, responding to the threat posed by these beliefs requires collaboration across multiple community systems, including law enforcement, courts, mental health providers, and domestic violence and hate crime advocacy groups.”

Taking what we know of DHS, the Secret Service and the FBI it would not be stretch of the imagination to see people who stalk, abuse and rape women and kids being charged with ‘Domestic Abuse extremism’ and up to ten more crimes.

The FBI’s new “National Incident-Based Reporting System” is designed to do just that, according to the Baltimore Sun.

The article describes how the Baltimore Police Department, like police departments across the country, are now charging people who have committed a single crime with up to 10 additional crimes.

“The transition to the National Incident-Based Reporting System, which is mandated by the FBI, will increase the number of crimes reported. The new system requires law enforcement to report multiple crimes, up to 10, that might be associated with a single incident.”

“For example, a burglary at a home in which the burglar assaults a homeowner would result in the entry of at least two separate crimes, the burglary of the home and the assault of the homeowner.” 

A recent story in Homeland Security Today hints that the Feds have created or will create ‘Cryptocurrency Domestic extremists’ saying that a “whole-of-society response” is necessary to stop them. 

“To mitigate the continued threat posed by white supremacist extremists and their supporters, the U.S. government and the private sector should institute policies that target extremists’ use of cryptocurrency,” noting that a whole-of-society response will be necessary to mitigate this risk.

It is only a matter of time before people who use cryptocurrency are called Cryptocurrency Domestic extremists.

Last year, a District Attorney in Arizona called BLM protesters, “gang members” effectively creating BLM extremists.

Police who testified before the grand jury accused the protesters of being part of a violent criminal street gang called “ACAB” — “ACAB” means “All Cops Are Bastards,” a phrase commonly used at protests against police violence.

The Arizona DA and police tried to convince the jury that BLM protesters are essentially BLM violent extremists. 

A recent DHS “Report to the Secretary of Homeland Security Domestic Violent Extremism Internal Review” claimed that people who doubt the results of elections and vaccines pose an elevated threat to the Homeland. Does that mean the Feds have secretly created ‘Election Doubter extremists’?

Reclassifying domestic violence and workplace violence as violent extremism appears to be a reality according to DHS.

“[T]he Department and its Components did not track domestic violent extremism allegations as their own sub-category of misconduct. Instead, such allegations were classified under another sub-category (e.g., workplace violence). Second, the responsibility to investigate allegations regarding violent extremist activity varied across the Department and its Components. Investigations could be led by multiple offices such as the DHS Office of Inspector General, Component offices responsible for internal investigations, or the Component’s Insider Threat Program. Further, other gaps that limited our ability to collect and validate data included (1) the lack of an official definition of “domestic violent extremist;” (2) guidance as to what constitutes violent extremist activity, or an established list of behaviors that may be indicators of violent extremism; (3) the lack of a centralized, interoperable DHS-wide investigative case management system; and (4) lack of standardized reporting and information sharing mechanisms for investigating allegations of violent extremist activity.”

What “behaviors” could make someone an alleged domestic violent extremist? No one can can say for sure, not even DHS: “DHS lacks a definitive list of behaviors that may be indicators of domestic violent extremism…” (page 8).

Based on the above information, one can expect that in the near future the Feds will add Anti-Republican extremists, Anti-Democrat extremists, Anti-Big Tech extremists, Anti-Vaccine extremists, Anti-Vaccine Passport extremists, Anti-Digital ID extremists, and Anti-School Book extremists to their growing list of violent extremists.

The reason why there is no publicly available master-list of violent extremists is obvious as DHS’s internal review revealed: “the lack of an official definition of domestic violent extremist; and guidance as to what constitutes violent extremist activity” means that there is no legal definition, PERIOD. 

We owe it to ourselves and the generations to follow to put a stop to this madness before the Feds re-classify everything they do not like as violent extremism.

Cambridge Spies On CPS Students

Illustration by Annie Zhao for VICE magazine

Many kids in the Cambridge Public Schools (and elsewhere in the Commonwealth) still don’t know that if you’re using a school-issued Chromebook, the school is monitoring whatever you browse, down to deleted draft emails, whether you’re at school or not.

This is through a browser add-on called “Securly.” CPS has an agreement with Securly that all school-issued Chromebooks will have this add-on.

What’s more, wittingly or not, CPS is lying to the City Council about whether student data gets shared. Let’s show you how.

In the Annual Surveillance Report submitted to the City, Cambridge Public Schools cites to the language of its Data Privacy Agreement with Securly, insisting, “This data is not shared with third parties” (Annual Surveillance Report, p.67). However, the DPA actually allows the sharing of data with third parties – specifically, but not limited to, the cops. Law enforcement is allowed to contact Securly to get data on students, and Securly is allowed to disclose that information without waiting for a warrant or evidence of involvement in illegal activities, and without telling either CPS or the student:

II. 4. Law Enforcement Requests. Should law enforcement or other government entities (“Requesting Party(ies)”) contact Provider with a request for Student Data held by the Provider pursuant to the Services, the Provider shall notify the LEA in advance of a compelled disclosure to the Requesting Party, unless lawfully directed by the Requesting Party not to inform the LEA of the request.

Since Securly can tell the cops without telling CPS, there’s no way CPS can truthfully guarantee to the City Council that your “data is not shared with third parties.” It might not be. But they can’t know for sure.

Beyond that, Article IV of the DPA goes into great detail about the circumstances under which Securly may share both personally identifiable student information and de-identified student information, for a variety of purposes. Again, it might be that, despite the DPA allowing them to, Securly is not in fact sharing CPS student information onwards; but we suspect that they are doing whatever the DPA currently allows them to do.

CPS also insists that Securly is being used only as a “Web Filter”, to block various kinds of disagreeable content. The material they have provided to the City Council focuses on students accessing gun-related content and suicide-related content.

But Securly’s Web Filter product not only blocks; it also shows to teachers and to admins what URLs are being blocked, offering what Securly describes as “Complete online visibility … monitor[ing] for signs of bullying, self-harm, gun terms, and violence”, with “AI-based context analysis … for signs of bullying, self-harm, gun terms, and violence across social networking and web searches. If a student is suffering or looking at concerning content, you’ll know.”

It is legal for students to search for content that includes violence, graphic imagery, and guns, and it’s hard to envision how they could research, say, Russia’s invasion of Ukraine without encountering such content.

It’s not clear that school monitoring software in general works. VICE reports, “The few published studies looking into the impacts of these tools indicate that they may have the opposite effect, breaking down trust relationships within schools and discouraging adolescents from reaching out for help—particularly those in minority and LGBTQ communities, who are far more likely to seek help online.” It is evident in places where school monitoring software is in use that students and parents are often contacted, inflicting harm, without administrators or teachers first examining the context of the flagged material. At a minimum, the City Council should find out what terms and sites are being flagged in Securly’s system, in order to evaluated whether there is manifest prejudice going into the selection of those terms and sites and whether each instance is being reviewed by the student’s teacher.

What Securly’s system appears to do is to monitor everything, and then rely on school officials’ discretion to determine whether what gets flagged is really cause for worry. Monitoring and disciplining students for accessing such content places the school district on dangerous legal ground. In last September’s ruling in Mahanoy School District v. B. L., the Supreme Court explained that students’ off-campus speech may be regulated only in cases of  “[1] serious or severe bullying or harassment targeting particular individuals; [2] threats aimed at teachers or other students; [3] the failure to follow rules concerning lessons, the writing of papers, the use of computers, or participation in other online school activities; and [4] breaches of school security devices, including material maintained within school computers.” Securly’s systems envision monitoring students’ off-campus speech in a far larger set of circumstances than provided for in Mahanoy.

My master’s thesis was on blocking and filtering technologies, and their potential for discriminating against the provision of LGBT-oriented information. I was also bullied in school, for years. I understand why schools want to track students’ access to gun- and suicide-related imagery. But public schools have to adhere to the Constitution in the surveillance they conduct of students. At most, considering the rights protected by the Fourth and First Amendments, schools are only be justified in starting to track out-of-school browsing behavior of a particular student on a school-issued device if they have probable cause to believe that the student was engaged in or is the target of one of the four kinds of conduct envisioned under Mahanoy. This technology goes far beyond what the law and the Constitution permits. We believe that the City Council should not approve the use of this technology.

This is part of a series on the surveillance technologies the City of Cambridge is reviewing. The City Council has referred consideration of these technologies through to the Public Safety Committee, which will hold a hearing and then report back to the City Council with recommendations. Email us if you’d like to testify at the Public Safety Committee. Now is the time to weigh in on whether you want to see this technology deployed in your community!

FBI & Boston PD Work Together To Convene Grand Jury To Investigate Left-Wing Activists, Citing Jan 6

During the Trump years, the President loved to lay into the FBI, and in consequence, the FBI found new allies on the left. Lifelong Republican Jim Comey became a darling of the Sunday morning talk shows, and after the January 6 attack on Congress, the FBI went full tilt after insurrectionists, to the applause of many Democratic legislators.

Funny thing about the power of the State, though. It has a deep bias against those who want to disrupt, violently or peacefully, the economic, social or racial status quo. And for that reason, the FBI and the police are always going to be more natural enemies of left social movements than of right-wing militia folks.

Take, for example, Detective Andrew Creed of the Boston PD Field Operations Group, who is heavily involved with the Boston Regional Intelligence Center; and FBI Special Agent Steven Kimball, whose lamentable grasp of the context of Dzokhar Tsarnaev’s social media posts made international news and imperiled that prosecution.

Creed last showed up on our radar harassing and surveilling water protectors at the Standing Rock Reservation. Now, he and Kimball are back, harassing and surveilling people involved with a satirical documentary, “2020: The Dumpster Fire“, forthcoming on Apple TV and in theaters December 7.

The investigation, they claim, began when as part of the investigation of Jan. 6, a Proud Boy suggested that a trailer for this documentary was evidence of a plot to assassinate then-President Trump. (C’mon, if you can’t trust a Proud Boy’s word, who can you trust? Especially when Mr. Webber, the film’s director, had just finished up a documentary excoriating the Proud Boys…)

Unable to make a charge of plotting an assassination stick, this tyrannous tag-team got “Dumpster Fire”‘s producer, Embry Galen, fired from their day job. They’re threatening Lauren Pespisa, the film’s producer, with felon-in-possession charges for, during filming on private property in Maine, dressing up and holding a replica gun. And both she and the film’s director, Rod Webber, have experienced frequent visits to their door from Creed and Kimball.

The chilling effect which a potential prosecution would inflict on First Amendment rights is not hypothetical.  It is direct and far reaching.  Everyone involved in this film is in fear with the looming threat of prosecution.  If this goes to court, I can only imagine that anyone seeking to convey a message (especially a message which seeks to inspire debate, which is the most vital form of expression) would hesitate to risk it.  In the face of a government willing to scrutinize their production for any evidence of violation of law, then seek to prosecute it regardless of whether the violation implicated any true public safety concerns, many would choose to remain silent.

Murat Erkan, attorney for Lauren Pespisa

Alex Jones may think that Webber and Pespisa exemplify what is wrong with America, but Alex Jones’s hold on reality is only so-so. The truth is that the FBI and the police are clutching at any possible connection to January 6, to go after the same old targets: People on the left who embarrass and offend the powerful.

This is contemptible and unconstitutional. Please sign the petition to stop the prosecution of people involved with “2020: The Dumpster Fire.”

Secret Surveillance Outlawed In Boston

On October 20 at around 1pm, the Boston City Council unanimously approved a surveillance oversight ordinance.

Boston’s ordinance is the result of four years of work, beginning in November 2017 with representatives from Digital Fourth, Families for Justice as Healing, the Muslim Justice League, Jewish Voices for Peace and the ACLU of Massachusetts, and continuing with support from the Student Immigrant Movement and Unafraid Educators. The ordinance was first proposed for consideration by Michelle Wu in 2019, received significant support from Ayanna Pressley, Ricardo Arroyo, Andrea Campbell, Kim Janey and Lydia Edwards, and then went through considerable revisions to address the important topic of information sharing on BPS students with BPD and through them to ICE.

This is a big deal. Police departments across New England look to Boston PD. It will now be the job of local surveillance activists on the ground, to discover as much as we can about how surveillance technologies are used at Boston PD, and to organize to block approvals of intrusive technologies, just as we have been doing in Somerville and Cambridge.

To join our existing campaigns for ordinances in Watertown and Arlington, or to help us launch one in Newton, please contact [email protected].

And if you think this is a good example of work worth doing, please consider donating to Restore The Fourth at www.restorethe4th.com/donate-now

Understanding Fusion Centers

Our local fusion center, BRIC, has been at the core of police efforts to surveil and suppress social movements for over a decade. And, since 2012, we’ve been calling them out on their abusive and un-Constitutional practices.

This October 30, please join us for a livestreamed discussion on fusion centers, with Boston City Councilor Ricardo Arroyo, law student Dani Hargus, and journalist Emma Best, moderated by our own Alex Marthews!

Boston’s Spy Center Thinks It Has (Almost) Free Rein To Open A File On You

Like the Stasi, but digital

We’re long-time critics of the Boston Regional Intelligence Center, or “BRIC.” BRIC is one of over 80 “fusion centers” across the nation. that spy on Americans without probable cause.

We filed a public records request this January to delve deeper into BRIC’s surveillance practices. We partnered with the ACLU of Massachusetts, the Muslim Justice League and the Student Immigrant Movement, We have just received the first responsive record: BRIC’s “Criminal Intelligence File Guidelines.”

The key to understanding this document is that BRIC is legally obliged to follow 28 CFR Part 23. This is part of a Clinton-era Executive Order that tried to ensure that “criminal intelligence systems” don’t violate your Fourth Amendment rights. It makes it illegal for BRIC to keep a file on you not based on a “criminal predicate” — in other words, reasonable suspicion of your involvement in an actual crime.

As it turns out, BRIC’s attitude to this whole “Constitution” thing is a little … different.

BRIC’s Permanent Files

For its “Permanent” files, BRIC does indeed require a criminal predicate — though this document doesn’t include any information on how well that policy is followed.

BRIC’s Temporary Files

For its “Temporary” files, however, BRIC retains information on Boston area residents where “involvement in the suspected activity is questionable”, or where their identity cannot be established with certainty. The examples are that they have “possible associations with known criminals,” or that they have “criminal history” and “could again become criminally active.” BRIC retains “Temporary” files for up to a year, to see if information emerges that would enable to upgrade it to a “Permanent” file.

No. No, no. That’s not how the Fourth Amendment works. The government isn’t supposed to keep “criminal intelligence files” of people they generally believe to be Bad, or people with Bad Associations, based on a belief that they have a generalized propensity to commit crimes in the future. BRIC’s belief must be a reasonable one, based on evidence of your involvement in an actual crime. This violates 28 CFR Part 23 and, with it, the Fourth Amendment itself.

BRIC’s Interim Files

Oh, and it gets worse. Just in case their rules on “Temporary” criminal intelligence files don’t provide them with enough room to wiggle around the Constitution, BRIC allows itself a further category of “Interim” files. Apparently, BRIC can open an “Interim” file and retain it for up to 90 days if they receive “information that, absent additional information or change, would be deemed unnecessary for retention beyond a short term period,” or that is “specific to an anticipated event or incident with the potential for criminal conduct.”

I know, vague much?

It seems BRIC considers that they can open a file for 90 days based on literally anything at all. There’s no such thing as an “event or incident” with no “potential for criminal conduct.” This could cover everything down to your aunt’s Sunday evening knitting circle. “Interim Files” only exist as a category to allow BRIC essentially unfettered discretion.

To be fair, the Guidelines also tell BRIC employees what shouldn’t be in an intelligence file. This includes protected criminal record information, information “based solely on support of an unpopular cause”, information “based on ethnic background”, “based on religious or political affiliations” or “based on non-criminal personal habits;” and “associations that are not of a criminal nature.” However, we know from their gang databasing practices that their definition of what constitutes “associations of a criminal nature” is extremely broad, and that their notion of surveillance not “based solely” on religion, politics or ethnicity may differ sharply from Bostonians’ common understanding.

In practice, these Guidelines give BRIC permission to surveil “events or incidents” that it already dislikes and has a track record of surveilling; namely, protests that challenge the police themselves, or the current economic, social or racial arrangements in our society that police exist to violently defend.

Recommendations

We call on BRIC to make available to the public, with any legally necessary redactions, a representative sample of its current Temporary, Interim and Permanent Files, and then to delete the Temporary and Interim Files as contrary to the Fourth Amendment.

Then, at least, we will know how much surveillance BRIC is conducting that is not based on at least reasonable suspicion of involvement in an actual crime.