Mobile phone could become police snitch, lawyer warns


“Your messaging service should not be a DEA informant” – that is the damning indictment of a Senate bill by a digital rights advocate, who claims it could be used to compel providers to hand over user data that is incriminating, sometimes inaccurately so, if passed.

Mario Trujillo, staff attorney for civil liberties group the Electronic Frontier Foundation, said on April 24 that the mooted Cooper Davis Act “would require private messaging services, social media companies, and even cloud providers to report their users to the Drug Enforcement Administration (DEA) if they find out about certain illegal drug sales.”

ADVERTISEMENT

But he cautions that the law, if passed, would spawn myriad inaccurate reports and lead to innocent tech users being wrongly accused. This is because, in Trujillo’s view, such a law could be used to assume the worst from, say, a casual conversation about drug use where no actual evidence of such activity taking place existed.

“The Cooper Davis Act is likely to result in a host of inaccurate reports and in companies sweeping up innocent conversations, including discussions about past drug use or treatment,” Trujillo said.

“While explicitly not required, it may also give internet companies incentive to conduct dragnet searches of private messages to find protected speech that is merely indicative of illegal behavior.”

Drug talk policed today – what comes tomorrow?

Worse still, though ostensibly intended to combat the illegal sales of fentanyl and methamphetamine, the Cooper Davis Act could then be extended or used as a blueprint for follow-up legislation to force internet companies to “report their users to law enforcement for other unfavorable conduct or speech.”

In an era when the overturning of Roe vs Wade has caused seismic upheavals in the US political landscape, Trujillo did not shy away from asking: “What would prevent the next bill from targeting marijuana or the sale or purchase of abortion pills, if a new administration deemed those drugs unsafe or illegal for purely political reasons?”

“Under the [proposed] law, providers are required to report to the DEA when they gain actual knowledge of facts about those drug sales or when a user makes a reasonably believable report about those sales,” he added.

“Providers are also allowed to make reports when they have a reasonable belief about those facts or have actual knowledge that a sale is planned or imminent.”

ADVERTISEMENT

Trujillo pointed to the financial penalties Cooper Davis would impose on tech companies who refused to comply as a dangerously good motivator to do so, with providers liable for fines of “hundreds of thousands of dollars for a failure to report.”

“Providers have discretion on what to include in a report,” he said. “But they are encouraged to turn over personal information about the users involved, location information, and complete communications. The DEA can then share the reports with other law enforcement.”

Fears of ‘tech dictatorship’ growing

Providers would also be obliged to keep a record of reports and all information contained therein without telling the user that they had done so – another hint of the creeping tech totalitarianism many fear is just around the corner.

In an argument that echoes a petition lodged against a similar bill in the UK designed to protect children from harmful online content by increasing police surveillance of internet behavior, Trujillo called for more, not less privacy on the internet.

“After years of attempts to weaken privacy, lawmakers should focus their interest on strengthening protections for user content,” he said, pointing to the Electronic Communications Privacy Act of 1986, which stops digital providers from handing over private data to the law without due process such as a court order, subpoena, or warrant.

“This bill creates another carveout,” he said, referring to Cooper Davis.


More from Cybernews:

ADVERTISEMENT

Peugeot leaks access to user information in South America

Feds approve 5.9G safety band to prevent auto crashes

Cyberattack on US railroad company compromises critical infrastructure

Subscribe to our newsletter

ADVERTISEMENT