2019 Texas Legislature

With the start of the 86th Texas Legislature, there are many tech and civil-liberties related bills. Below are summaries of some of those bills, with more to follow in the future. An informed citizenry is a powerful citizenry, so equip yourselves and those around you with this knowledge so that we may guide, shape and affect our government.

HB 352

Cell Site Simulator Devices can be used by law enforcement to involuntarily snatch and store personal information stored on mobile devices. HB 352 would require law enforcement agents, termed “Peace Officers” in the bill text, to obtain a warrant to use these devices and the possible evidence they collect.

A judge would issue a warrant to an applying officer, only if “circumstances and facts” support probable cause to believe that the information collected will produce evidence in a criminal investigation of the suspected criminal activity.

Included in the warrant is:

Information on the applying officer
An identification of the device being monitored
Basic information on the owner of the device
The district in which the officer expects the device to be located
“Circumstances and facts” that justify the officer’s request for the warrant.

In the case of an immediate life threatening situation, officers can act without a warrant and apply for one as soon as possible. If for some reason the judge denies the request, any evidence collected would become void. Officers could also obtain information without a warrant, if the device is reported as stolen by the owner/possessor or with the consent of the owner.

The owner of the mobile device(from which information is collected) would be notified about the collection of their information no longer than a week after the expiration of the warrant, or any additional periods.

Any information collected that may be irrelevant to the cause of application for the warrant would be withheld or redacted. The defendant would also be informed on this matter.. Each entity that obtains and uses Cell Site Simulator Devices would be required to create a written policy for deleting irrelevant information that may have been collected.

The bill also limits ownership and use of Cell Site Simulator Devices to only Law Enforcement.

Author: Cesar Blanco

More Reading on Cell Site Simulator Devices

EFF – Cell-Site Simulators/IMSI Catchers

ACLU – STINGRAY TRACKING DEVICES: WHO’S GOT THEM?

Department of Justice Policy Guidance: Use of Cell-Site Simulator Technology

HB 181

This bill focuses on establishing a pilot program for a digital identification app. The app would contain driver’s license information and personal identification certificates. The only participants in and evaporators of the pilot program would be focus groups and possibly law enforcement agents for the law enforcement version of the app.

To ensure that the program can be executed, the department will assess and upgrade any necessary infrastructure. The upgrades would ensure that the developed mobile application would include an authentication/verification process for wireless devices, is able to be used regardless of a location’s level of wireless connectivity and include the identification information described above.

The department can contract with a third party to establish the program, as long as there is no cost for the department.

During the time of testing, no digital identification issued under this bill can be used or accepted as valid proof of identification. At the end of the program, the department will create a report with the results of the program, including any recommendations. The report will be submitted to the Public Safety Commission and the legislature by the 180th day after the completion of the program.

Author: Terry Canales

HB 108

HB 108 would establish a pilot program for a digital portfolio system used to assess student performance. The digital portfolio would be developed by a contracted developer and contain data drawn from a student’s academic career.

To be eligible for the contract,the developing entity must specialize in the development of digital portfolios, and have experience implementing them for student assessment. They would need to be able to create a tool to upload multiple types of student work samples to a digital format.

The portfolio would also need to be secure, yet accessible to students, teachers, administrators. (i.e. any individuals responsible for grading the student’s portfolio). It would also need to be able to deliver the scores recorded by the student to school districts. The bill stipulates that grading parties be prohibited to seeing the student ID information that is recording their own data. The entity would also be required to develop a rubric for evaluation and other functionalities of the tool.

Participating school districts would have to provide student performance data to the Texas Department of Education for periodic review.

Author: Mary Gonzalez

In early January of this year, as the Texas state legislature inaugurated its 83rd biennial session, EFF-Austin connected with a group of citizen activists concerned about the hidden exchange of information between telecommunications companies and law enforcement agencies. Together with the ACLU of Texas, Texans for Accountable Government, and the widely read and respected criminal justice blog Grits for Breakfast, we formed a new organization—the Texas Electronic Privacy Coalition—to initiate a targeted campaign to update Texas state law to better protect citizen privacy in the digital age.

If you own a mobile phone, you have signed a contract which includes a clause permitting your telecom provider to share your subscriber information (text messages and email) as well as information about your phone’s physical location (your whereabouts and movements) with law enforcement agencies should they legally request it. This information is typically requested through an administrative subpoena, which does not require demonstration of probable cause to a judge, and is typically sealed so no one ever hears about it. EFF-Austin is concerned about the lack of judicial oversight for this process and the lack of transparency into or accountability for this law enforcement surveillance tactic.

Just how much is this tactic used? Thanks to a Congressional privacy probe initiated by Representative Edward Markey (D-Massachusetts), we know that cell phone carriers serviced roughly 1.3 million requests for subscriber information in 2011 from state and federal law enforcement agencies.

Not much is known about the amount of surveillance being conducted in Texas. The ACLU carried out an open records campaign to survey the use of this surveillance tactic in 36 states, but Texas was not one of them. They concluded: “…we know that this method is widespread and often used without adequate regard for constitutional protections, judicial oversight, or accountability.”

To inform our perspective, the Texas Electronic Privacy Coalition (TxEPC) has initiated an open records campaign throughout the state of Texas to gather invoices issued to law enforcement agencies for services rendered by telecommunication providers. That’s another little wrinkle in this surveillance tactic: the telecom providers must be compensated for the expenditure of resources and staff time exhausted providing law enforcement access to subscriber information, even going so far as to build private web portals to receive and process all of the requests. From what we’ve learned, a law enforcement officer has to send an email to their District Attorney to acquire a subpoena, then login to a telecom web portal, type in the target number and attach a subpoena. That’s pretty darned easy and shows we’re a far cry from the days when a wiretap required actual physical exertion of effort and time to acquire much less information.

To add insult to injury—as if your cell phone bill weren’t outrageous enough already—taxpayer dollars are shoveled over to telecom providers…to conduct surveillance on taxpayers.

However, there is a silver lining to that ominous funnel cloud, as this means the invoices issued by telecom companies are public records and thus subject to required disclosure thanks to the enlightened open records laws of the great state of Texas. So the TxEPC open records campaign has been generating quantitative data by poring over public information – such as this sample of invoices obtained from the Fort Worth Police Department.

Fort Worth Police Department – Sample Cellphone Tracking Invoices (Feb 26, 2013) by grtsk1

Not only does this begin to tell us how much public money is spent on this surveillance tactic (a figure which no one currently knows, not even the Governor) but it also gives us insight into whether particular law enforcement agencies are going above and beyond current state law by requiring their staff to obtain search warrants. TxEPC sincerely hopes we discover law enforcement agencies which are doing a good job, as that would reflect the ACLU’s nuanced findings across the country. If you are a member of one of those agencies, we’d like to hear from you and celebrate your ethical wisdom and moral compass.

Simultaneous with and informed by our open records campaign, the Texas Electronic Privacy Coalition has composed a bill which minimally modifies the Texas state code to ensure better protection of citizen privacy in the digital age. Thanks to Representative Bryan Hughes and Senator Juan “Chuy” Hinojosa, legislation has been filed in both chambers to require a search warrant when law enforcement goes to your cell phone company for your comprehensive location data.

Check out HB 1608 as filed, and SB 786 as filed. You can also track the progress of the bills through the House and the Senate.

The bills accomplish three things:

require a warrant for cell phone location information, whether law enforcement is tracking your phone in realtime or checking in on where you’ve been
for tracking devices installed by police, limit the amount of time a tracking order can be sealed by a judge (kept secret) to one year
require aggregate reporting on the amount of location tracking that’s happening out there, and whether all this surveillance is actually resulting in the capture and conviction of criminals.

According to AT&T’s letter to Congressman Ed Markey last summer (PDF), “When the law requires a warrant for disclosure of customer phone usage information, AT&T requires that a warrant be provided.” Texas law, which hasn’t been updated for the smartphone era, is silent on the process for getting location information. These bills will end that silence.

EFF-Austin would like to thank the lawmakers who have taken this on, as well as all the other Representatives who’ve already told us they want to support our effort. We’re a long way from final passage, but we are well-positioned and the time is right. To turn these bills into law, it will take the combined efforts of all the groups who have thus far joined EFF-Austin in the Texas Electronic Privacy Coalition (we’d love to hear from your organization if you’d like to join). As well, our elected officials will need to hear from their constituents, so passage of these bills will also take grassroots support from Texans everywhere.

Toward that end, EFF-Austin has begun transforming into a member-oriented, grassroots organization. If you would like to join us on this adventure—and the many more yet to come—please join our new mailing list. At the same time, you can opt-in to volunteer with us (we’re all volunteers here) and indicate what you’d like to help out on. We can definitely use your help wrangling open records requests, planning events, fundraising, educating elected officials, building websites, and fighting the good fight!

Want to meet us in person? We’re hosting a non-badge SXSWi event in coordination with national EFF and iSEC Partners next Saturday March 9th from 4-6pm at Capital Factory. TxEPC will take the stage to talk about our legislative push, drum up support, and ask for your financial help. We’ll have cool “Geek Activist” t-shirts, coffee mugs, stickers, and buttons which we give away as gifts at certain donation levels. Registration is required and space is limited, so sign up and come meet as many privacy activists, civic hackers, and concerned citizens as we can fit in the place.
https://www.eff.org/sxsw13party

We’re also attending the Yale Information Society Project’s Location Tracking and Biometrics Conference this Sunday in New Haven, Connecticut. If you’ll be attending, keep your eyes open for Scott Henson of the Grits for Breakfast blog.
http://yaleisp.org/event/location-tracking-and-biometrics-conference

You can also follow us on Twitter, The Facebook (another battle!), and join our discussion list to share information and learn what’s happening with and to online civil liberties around the country and world:
http://twitter.com/effaustin
http://facebook.com/eff.austin
http://lists.effaustin.org/mailman/listinfo/effaustin-discuss_lists.effaustin.org

If you’d like to follow the Texas Electronic Privacy Coalition, we’re just getting our online presence off the ground (did I mention we could use some coders and designers?). For your reference, here’s where we’re at:
http://txepc.org/
http://twitter.com/txepc

And in case you were wondering, that’s pronounced “Tex-EPIC” y’all! See you in the halls of the state legislature!