If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Rep. Thomas Massie (R-KY) and Rep. Lauren Boebert (R-CO) have introduced the Surveillance Accountability Act, a bill that feels like someone took the Fourth Amendment and actually meant it. The legislation aims “to ensure that all searches that significantly impinge on the privacy or security of a person require a warrant based on probable cause” and to create “a right of action for violations of Fourth Amendment rights.” That covers the kinds of searches federal agencies currently conduct without judicial oversight: pulling your financial records from banks, requesting your browsing history from ISPs, buying your location data from brokers, and harvesting your biometric information from surveillance cameras. We obtained a copy of the bill for you here. The bill lands in the middle of a brutal Congressional fight over FISA Section 702, the surveillance authority that currently lets the FBI search Americans’ communications. The new legislation goes much further than the various reform bills circulating around that debate. Where the SAFE Act and the Government Surveillance Reform Act target specific loopholes in FISA, the Surveillance Accountability Act tries to close all of them at once by rewriting the baseline rule: if the government wants your data, it needs a judge’s permission. More: How Your Weather App Became a Surveillance Machine — and How to Escape It The main part of the bill adds a new Section 3119 to Title 18 of the US Code with a simple default: “no search may be conducted without a warrant issued by a neutral and detached magistrate upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized.” The bill defines “search” broadly enough to actually matter, covering “any government-initiated act that intrudes upon an individual’s reasonable expectation of privacy,” whether through “human, digital, or automated means.” It explicitly lists what falls under warrant protection: “communications,” “associations,” “employment,” “social media usage,” “internet usage,” “financial transactions,” and “travel.” The bill goes further, extending protection to “the acquisition and analysis of any data, metadata, or information pertaining to a person’s digital or physical life,” including “geolocation,” “personal device activity,” “biometric identifiers,” and “behavioral signals data.” The government is already collecting and analyzing patterns of how you act online, and Massie and Boebert’s bill is the first piece of legislation to name it directly and bring it under warrant protection. The Third-Party Doctrine Problem The most significant provision attacks the legal fiction that has allowed warrantless government surveillance to flourish for nearly fifty years. The third-party doctrine, established by the Supreme Court in Smith v. Maryland (1979), holds that you lose your Fourth Amendment protection over any information you voluntarily share with a third party, like a phone company or a bank. The logic made a certain kind of sense when it meant the government could see which phone numbers you dialed. It makes no sense at all when every aspect of modern life generates data that passes through corporate servers. The Supreme Court acknowledged as much in Carpenter v. United States (2018), ruling that cell phone location data requires a warrant even though it’s held by wireless carriers. But Carpenter was deliberately narrow. The Court didn’t overturn the third-party doctrine. It just said that this particular type of data, cell site location information, was too revealing to leave unprotected. The new bill does what Carpenter didn’t. It creates a blanket presumption of privacy for all data held by third parties. The bill states that “the government shall not access any data, metadata, or personal information held by a third party, including financial services providers, telecommunication service providers, internet service providers, cloud storage companies, or data brokers, without a valid warrant, regardless of whether the third party consents or cooperates.” Your bank can’t waive your constitutional rights for you. Your phone company can’t either. More: Data Brokers, Deadly Consequences, and the Wild West of Information Trade The bill goes further still: “No contractual agreement between a user and a third party may be interpreted as waiving the government’s warrant requirement for access to the data of that user, unless such waiver is knowing, voluntary, and explicit.” This kills the argument that by agreeing to a terms of service, you’ve somehow consented to government surveillance. That argument has always been absurd, and the bill finally says so in statute. Facial Recognition and License Plate Readers The bill’s limitations section targets two surveillance technologies that have spread across American cities with almost no legal oversight: facial recognition systems and automated license plate readers. The bill prohibits the “warrantless collection, retention, querying, or analysis” of data gathered from people simply going about their lives in public. That prohibition covers “biometric data, including facial images, faceprints, gait, voice recognition, or other unique physical identifiers, obtained through facial recognition systems or comparable surveillance technologies.” It also covers “license plate images, vehicle metadata, or vehicle movement patterns obtained through automated license plate readers or similar systems.” Federal, state, and local law enforcement agencies have been building vast databases of facial recognition and license plate data for years, treating the fact that you walked down a public street or drove on a public road as blanket permission to track your movements indefinitely. The bill says that’s not how it works. Being in public doesn’t mean consenting to biometric surveillance. Suing the Government When It Violates Your Rights The second half of the bill creates something that currently doesn’t exist in federal law: a clear right of action for Fourth Amendment violations by federal employees. The bill’s language is direct: “Every person, including a Federal employee, who, under color of any statute, ordinance, regulation, custom, or usage, of the United States, subjects, or causes to be subjected, any citizen of the United States or any person within the jurisdiction thereof to the deprivation of any rights, privileges, or immunities secured by the Fourth Amendment, shall be liable to the party injured in an action at law, suit in equity, or other proper proceeding for redress.” Courts can award attorney’s fees to the prevailing party, which means the threat of litigation carries financial weight. This is significant because of the Supreme Court’s steady erosion of Bivens v. Six Unknown Named Agents (1971), the case that originally allowed citizens to sue federal officials for constitutional violations. The Court has spent the last decade and a half narrowing Bivens to the point where it barely functions. Massie’s bill creates a statutory alternative that doesn’t depend on judicial willingness to recognize new causes of action. The right of action covers every federal employee except the President and Vice President. That’s a wide net. An NSA analyst who runs a warrantless query on your communications, an FBI agent who buys your location data from a broker, an ICE officer who accesses your records through a Section 702 backdoor search, all of them could face personal liability. The Political Context Massie has been fighting this battle for over a decade. He sponsored an amendment in 2014 to stop warrantless backdoor searches of Americans’ online data, which passed the House 293 to 123. He introduced the Surveillance State Repeal Act in 2015, seeking to repeal the PATRIOT Act and the FISA Amendments Act entirely. He’s called for Edward Snowden to be pardoned and for former Director of National Intelligence James Clapper to be prosecuted for lying to Congress about the NSA’s phone metadata program. The Surveillance Accountability Act arrives at a moment when the politics of surveillance are stranger than they’ve been in years. Massie has publicly demanded “No FISA reauthorization without a warrant requirement for US citizens!” on social media, attaching screenshots of past statements from President Trump, Vice President Vance, and House Judiciary Chairman Jim Jordan warning about FISA abuses. The Congressional Progressive Caucus, 98 House Democrats, has formally voted to oppose any Section 702 reauthorization without dramatic reforms. Senate Intelligence Committee Chair Tom Cotton is pushing an 18-month clean extension with no reforms at all, arguing that the war with Iran makes this the wrong time to weaken intelligence capabilities. The warrant amendment that would have required court approval for FBI searches of Section 702 data lost by a single vote in 2024, a 212-212 tie in the House. Speaker Mike Johnson cast the tiebreaker against it. “The Bill of Rights is not a suggestion, and Fourth Amendment protections against warrantless searches conducted by the government are not optional,” said Massie. “The Surveillance Accountability Act requires government employees to first obtain a warrant based on probable cause before searching Americans’ personal information even if the information sought is stored on a phone, in the cloud, or held by a third party. Warrantless searches are unconstitutional, and this does not change when the data the government seeks is in digital formats or held by a third party.” “For years, the federal government has treated the Fourth Amendment like a suggestion. They’ve built a massive surveillance machine that tracks, scans, and spies on law-abiding Americans without a warrant, without probable cause, and without any accountability. Enough is enough,” said Rep. Lauren Boebert.“The Surveillance Accountability Act puts the Constitution back in charge. It protects every American from an out-of-control federal government that thinks it owns your data, your movements, and your life. This is a true bipartisan issue for anyone who still believes in limited government and individual liberty.” Massie’s bill goes beyond Section 702. It rewrites the entire framework, or tries to. The chances of the Surveillance Accountability Act passing in its current form are, being realistic, very low. The intelligence community will fight it. The national security establishment will call it dangerous. The administration has already signaled it wants a clean FISA extension with no conditions. But the bill is a marker. It describes what actual Fourth Amendment compliance would look like if Congress took the text of the Constitution at face value. Warrants for searches. Probable cause. Judicial oversight. No exceptions for data that happens to sit on a corporate server. No loopholes for biometric surveillance conducted in plain view. And real consequences, financial ones, for agents who ignore the rules. The gap between what the Surveillance Accountability Act proposes and what Congress is actually likely to pass tells you everything about how far the federal government has drifted from the privacy protections Americans were supposedly guaranteed 235 years ago. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post The Surveillance Accountability Act Demands Warrants for Data appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. French authorities have added another case study to the growing argument against centralizing citizen identity data. France Titres, formerly known as ANTS, operates the portal where residents apply for passports, national ID cards, residence permits, driver’s licenses, and vehicle registrations. On April 15, something broke inside that system. A week later, the Interior Ministry confirmed what anyone watching digital ID schemes has been saying about this exact architecture for years, and the scale on offer from the attacker makes the warning harder to wave away. A threat actor using the aliases “breach3d” and “ExtaseHunters” appeared on criminal forums on April 16, claiming to have stolen between 18 and 19 million records from the agency’s internal systems. If accurate, that is roughly a third of France’s population sitting in a for-sale listing. The seller describes the haul as a fresh, structural compromise rather than a recycled dump, and is actively shopping it. Early French press reports, including Le Figaro, initially pegged the figure at around 12 million accounts before later estimates climbed. The government has not confirmed any number. What the ministry has confirmed is a “security incident that may involve the disclosure of data from both individual and professional accounts.” Login credentials, full names, email addresses, dates of birth, unique account identifiers, postal addresses, places of birth, and phone numbers may all have been extracted. That combination is a starter kit for identity fraud, synthetic identity construction, and convincing phishing attacks against people who already expect email from French government domains. The reassurances arrived on schedule. “The disclosure of data does not include additional data submitted during the various procedures, such as attachments,” the notice stressed. “This personal data does not allow unauthorized access to the portal account.” Both statements may be accurate. Neither softens the reality that a government agency holding some of the most sensitive identifiers a person possesses has just lost control of a meaningful portion of them, with no disclosed user count and no attribution to any attacker. The ministry has not said how many people are affected. It has not said who did it. It has not said how they got in. What it confirmed is that an investigation is running and that additional security measures have been put in place to keep the portal operating and improve data protection. Tightening the locks after the data has already left the building is a partial comfort at best. A state that cannot keep the contents of its secure document portal secure is the same state currently pushing for backdoor access to end-to-end encrypted services and mandatory digital IDs for platform users. The pipeline from policy to breach disclosure is short. This is the structural failure mode of national-scale digital identity. France Titres was not built as a surveillance tool. It was built to make bureaucracy function. The outcome is indifferent to intent. Consolidating the documents that define a citizen’s legal existence into one portal creates one target, and the value of that target grows with every data field the state decides to demand. A breach of France Titres is not a breach of a retail site. It is a breach of the infrastructure of French legal identity itself. The incident fits into a pattern that has become hard to overlook. Last week, France’s Education Ministry disclosed that attackers had pulled student data from the ÉduConnect platform after compromising a staff account in late 2025. In February, intruders reached into France’s National Bank Accounts File, exposing information tied to roughly 1.2 million bank accounts out of more than 300 million entries. Earlier this year, cybercriminals made off with 15.8 million medical records from a French doctors’ ministry service. Four separate government-held databases, four separate failures, all involving records that citizens had no meaningful option to withhold. The useful question is not whether France Titres will improve its defenses. It probably will. The question is why a government that has shown, repeatedly, that it cannot reliably protect data of this sensitivity keeps expanding the categories of data it demands from citizens, and keeps lobbying for access to data it does not yet hold. Proponents of digital identity like to call these systems efficient and modern. The France Titres breach is a useful translation of what modern actually means here. It means the personal records that once sat in regional offices, on paper, inside locked filing cabinets, now live in databases reachable from anywhere on the internet by anyone resourceful enough to find a way in, and up for sale to anyone willing to pay for them. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post France’s ID Portal Hacked: 19 Million Records Up for Sale appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. A Tokyo court just sent a man to prison for writing about movies in too much detail. The Tokyo District Court convicted 39-year-old Wataru Takeuchi of copyright infringement and handed down an 18-month prison sentence plus a 1 million yen ($6,296.16) fine. His offense was running a website that published detailed, spoiler-heavy write-ups of popular films and series. Two pieces triggered the lawsuit, one about Godzilla Minus One and another covering the Overlord anime adaptation. Toho and Kadokawa Shoten brought the case jointly through the Content Overseas Distribution Association, known as CODA. The Japanese law Takeuchi violated prohibits creating “a new work by making creative modifications to the original while preserving its essential characteristics.” What counts as preserving “essential characteristics” is exactly the kind of vague standard that gives prosecutors wide latitude to decide which writers get charged and which don’t. Takeuchi didn’t even write the offending posts himself. He administered the site. That was enough for prison time. CODA’s case rests on an expansive theory. The organization argues that combining transcribed dialogue, scene descriptions, and press images creates something functionally equivalent to watching the film, and that this discourages paying customers. “Numerous websites that extract text from movies and other content have been identified and are considered problematic as so-called ‘spoiler sites,'” CODA said. “While these actions tend to be perceived as less serious than piracy sites or illegal uploads that upload the content itself, they are clear copyright infringements that go beyond the scope of fair use and are serious crimes.” CODA acknowledges fair use exists, then defines any sufficiently thorough description as falling outside it. The line between legitimate commentary and criminal infringement becomes a judgment call made by rights holders and prosecutors, after publication, with prison as the penalty. Takeuchi’s site made money. That appears to have done a lot of the lifting in the prosecution. In 2023, ad revenue reportedly brought in 38 million yen ($239,254.04). Monetization is the hook copyright enforcement loves because it strips away any pretense that the writer was engaging with the work for its own sake. But the logic cuts further than anyone involved seems willing to admit. Most professional entertainment journalism runs ads. Most reviews and recaps describe the plot. The question isn’t whether Takeuchi’s site was tasteful, it’s whether the Japanese state should be deciding how much description is too much, and then jailing people who get it wrong. The chilling effect writes itself. Every entertainment writer in Japan now has to guess where the line sits between acceptable coverage and an 18-month sentence. The line isn’t drawn by statute. It’s drawn by CODA, by the studios, by whichever prosecutor takes the next case. Writers who can afford lawyers will play it safe. Writers who can’t will either stop writing or hope no one notices. CODA has made clear this isn’t a one-off. The organization said it plans to “strive for the proper protection of copyrights and implement effective measures against similar websites.” If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Japan Jails a Man for Publishing Movie Spoilers appeared first on Reclaim The Net.

If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Turkey is moving to make anonymous VPN use illegal, and Proton VPN signups in the country have doubled as word spreads. The Turkish government’s plan, reported by local outlet Yeni Şafak, would outlaw unlicensed VPN services and require any approved provider to log what users do and turn those records over to Turkish authorities on request. A VPN that logs and reports isn’t really a VPN. It’s a second surveillance pipe pointed at the same people the government already watches. Officials describe the measures as part of a package aimed at protecting children after school attacks in Şanlıurfa and Kahramanmaraş, with attackers reportedly drawn to violent mobile games. Packaged alongside the VPN clampdown are parent-controlled “child SIM” lines and a cap on how many mobile numbers a single person can register. The child-protection wrapper is the sweetener, because the actual infrastructure being built, licensed VPN providers that log and disclose, reaches every adult in the country, not just children playing shooters on their phones. Proton VPN General Manager David Peterson confirmed the signup spike and said the company is seeing connection blocks too, particularly on Vodafone. His guidance to Turkish users was practical rather than political. Turn on Proton’s Stealth protocol, which disguises VPN traffic as ordinary internet traffic so it slips past filters. Switch on Alternative Routing, which reroutes connections when the usual paths are blocked. If the Proton VPN website itself is unreachable, the Android and iOS apps remain available through Google Play and the App Store, and the clients are also hosted on GitHub. None of this is new territory for Turkey. The country has a history of internet shutdowns and targeted blocks, and Proton VPN has been one of 27 providers whose websites are already restricted there. In August 2024, Turkish ISPs moved against a raft of VPN providers and Proton recorded a 4,500% spike in signups. Last March, after the arrest of Istanbul Mayor Ekrem İmamoğlu and the throttling of major social platforms, signups jumped 1,100% over baseline. Vodafone Turkey, which controls roughly a third of the country’s mobile internet, has shown up repeatedly in these episodes, with Proton tracing past outages to carrier-level DNS manipulation rather than genuine technical faults. What the licensing proposal would add is a legal ceiling on escape. Right now, Turkish users can route around blocks with an unapproved VPN and keep their browsing off the state’s books. A licensing regime closes that door by design. The only VPNs left standing would be the ones that agreed to keep records and hand them over. Anyone using something unlicensed would be breaking the law. The same population that turned to VPNs for anonymity would find that anonymity is criminalized. The privacy cost lands in two places. The first is obvious. Approved VPNs that log become a searchable history of what every Turkish user did online, who they talked to, what they read, and where they routed their traffic from. Second, once a licensing regime exists, the government gets to decide which providers qualify, and providers that refuse to log are simply excluded from the market. The infrastructure that results is a permission system with authorities holding the clipboard. Peterson’s practical advice, install before you need it, use Stealth, route around blocks, sits in the gap this legislation is trying to close. Proton’s pitch is that a VPN that doesn’t log is the whole point of a VPN, and that circumvention tools will keep working whether or not a government licenses them. Turkey’s pitch is the opposite. Approved means logged. Unapproved means illegal. There is no third option being offered, which is usually the cue to ask why the option that protects users most is the one being removed. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Turkey to Ban Anonymous VPNs appeared first on Reclaim The Net.

This Post is for Paid Supporters Reclaim your digital freedom. Get the latest on censorship and surveillance, and learn how to fight back. SUBSCRIBE Already a supporter? Sign In. (If you’re already logged in but still seeing this, refresh this page to show the post.) The post The Opt-Out Button Is Decorative: A Guide to Hardening Your Browser appeared first on Reclaim The Net.