SALT LAKE CITY, Utah, (March 19, 2021) – Last week, Utah Gov. Spencer Cox signed a bill into law that requires police to get a warrant before accessing data transmitted through an electronic communication service. The new law will not only increase privacy protections in Utah; it will also hinder the expansion of the federal surveillance state.

Rep. Craig Hall (R-West Valley City) introduced House Bill 87 (HB87) on Jan 19. The law prohibits law enforcement agencies from accessing electronic information or data transmitted through a provider of an electronic communication service. In practice, this tightens up the existing law to ensure police must get a warrant before accessing communication service provider networks in order to intercept data.

The law also makes some technical changes to warrant reporting procedures.

On Feb. 22, the Senate passed HB87 by a 25-0 vote with no amendments. The House previously approved the measure with a vote of 72-0. With Gov. Cox’s signature, the law will go into effect May 5.

Another Step Forward

The enactment of HB87 will further expand existing laws already on the books in Utah requiring police to get a warrant before accessing location information, stored data, and transmitted data from an electronic device. The current laws effectively ban the warrantless use of “stingrays.” These devices essentially spoof cell phone towers, tricking any device within range into connecting to the stingray instead of the tower, allowing law enforcement to sweep up communications content, as well as locate and track the person in possession of a specific phone or other electronic device. Current law also requires police to get a warrant before accessing electronic data from third-party providers.

In 2019, the law was expanded to prevent warrantless access to data uploaded into the “cloud.” The enactment of HB87 will further limit the ability of law enforcement agencies to warrantlessly gather electronic information and data.

The law does provide some exceptions to the warrant requirement that will allow law enforcement agencies to obtain location information in the event of an emergency involving an imminent risk to an individual of death, serious physical injury, sexual abuse, live-streamed sexual exploitation, kidnapping, or human trafficking; or if a remote computing service inadvertently discovers information that appears to pertain to the commission of a felony, or of a misdemeanor involving physical violence, sexual abuse, or dishonesty. It also allows police to access stored or transmitted data from an electronic device, or electronic information or data transmitted by the owner of the electronic information or data to a remote computing service under a judicially recognized exception to the warrant requirement, or in connection with a report forwarded by the National Center for Missing and Exploited Children under 18 U.S.C. Sec. 2258A.

The statute specifically excludes information obtained in violation of the law from judicial proceedings.

IMPACT ON FEDERAL PROGRAMS

It has become standard practice for law enforcement agencies to upload warrantless surveillance data gathered at the state level to federal fusion centers operated by the Department of Homeland Security (DHS) and other federal agencies. Fusion centers serve as clearinghouses for all kinds of information shared between federal, state and local law enforcement agencies—including data gathered by surveillance cameras, drones, intercepted cellphone and email communications, social network spying, as well as ALPRs and other invasive modes of surveillance. The DHS funds and ultimately runs 79 fusion centers across the U.S. The DHS describes homeland security intelligence/information fusion as the ”…process of managing the flow of information to support the rapid identification of emerging terrorism-related threats requiring intervention by government and private-sector authorities.”

Fusion centers were sold as a tool to combat terrorism, but that is not how they are being used. The ACLU pointed to a bipartisan congressional report to demonstrate the true nature of government fusion centers: “They haven’t contributed anything meaningful to counterterrorism efforts. Instead, they have largely served as police surveillance and information sharing nodes for law enforcement efforts targeting the frequent subjects of police attention: Black and brown people, immigrants, dissidents, and the poor.”

Fusion centers operate within a broader federal system known as the “information sharing environment” or ISE. According to its website, the ISE “provides analysts, operators, and investigators with information needed to enhance national security. These analysts, operators, and investigators…have mission needs to collaborate and share information with each other and with private sector partners and our foreign allies.” In other words, ISE serves as a conduit for the sharing of information gathered without a warrant. Known ISE partners include the Office of Director of National Intelligence which oversees 17 federal agencies and organizations, including the NSA. ISE utilizes these partnerships to collect and share data on the millions of unwitting people they track.

When states limit the data and information law enforcement agencies can collect, it minimizes the amount of information and data that can end up in this federal information-sharing pipeline. Legislation such as HB87 practically hinders the operation and growth of the federal surveillance state. Simply put if the data is never gathered in the first place, it can’t be shared.

In a nutshell, without state and local cooperation, the feds have a much more difficult time gathering information. The enactment of HB87 will strike another blow to the surveillance state and would be a win for privacy.

Mike Maharrey