Fueled in part by the NSA surveillance scandal, Minnesota lawmakers are poised to crack down on how police and government employees access private data. But just how tough a crackdown is being decided now — in legislative negotiations with agencies that are being targeted.
Bipartisan legislation would require cell phone tracking warrants, citizen notifications if cell phones are tracked, license plate data-storage restrictions, and logging and identifying government workers who access license information.
The moves address growing concerns that citizens’ private information might not be so private, but affected agencies argue a few proposals simply keep them from doing their job.
Underscoring the uncertainty of the end game, Gov. Mark Dayton is reserving judgment on several data-related bills. Dayton “has asked the several state agency heads with concerns about either bill to work with the authors and conference committee members to try to resolve those concerns before final floor action,” spokesman Matt Swenson said.
Watered-down cell phone warrants
GOP Sen. Branden Petersen, a freshman senator from Andover, says he’s working on a comprehensive, nation-leading regulatory framework around how government manages people’s personal data.
“I think the encouraging thing is it’s an issue that resonates on both sides of the aisle,” he said. “There are a lot of questions that need to be answered. In the 21st-century, what does the Fourth Amendment look like?”
But Petersen is already running into the political realities of trying to tighten data privacy rules.
While the full Senate passed his proposal Tuesday requiring law enforcement agencies in Minnesota to obtain a “tracking warrant” in order to use cell phone tracking devices, Petersen says it wasn’t as strong as his original bill.
The devices — commonly referred to by model names Kingfish and Stingray — work by impersonating a cell-phone tower and tricking a phone to connect to it using its own antenna. But while law enforcement is tracking the location of possible criminals in real time — an invaluable tool in missing persons and other cases, they say — they are also tracking the whereabouts of potentially thousands of innocent individuals.
The Minnesota Bureau of Criminal Apprehension (BCA) and the Hennepin County Sheriff’s office are the only agencies that currently use these devices, and they simply need a court order to do so.
Petersen originally wanted to pass a bill that required law enforcement to obtain a search warrant to employ cell-phone tracking, which has more specific use requirements than a tracking warrant. In a last-minute move, Petersen accepted the tracking warrant amendment as part of a compromise with law enforcement.
“I still prefer my original bill, my original position. Unfortunately most of the Democrat votes were going to be lost at the behest of law enforcement,” Petersen said. “We had to accept the amendment to keep the bill moving forward.”
He’s happy his bill still would require people to be notified if their cell-phone was tracked.
The Senate bill is now similar to its House counterpart, authored by DFL Rep. Joe Atkins, which requires probable cause and a court order to access the information from the devices.
Another law enforcement tool that allows police to track vehicles — known as License Plate Readers (LPR) — is headed for negotiations between the House and the Senate. The arguments are similar: police say the tool is invaluable in solving crimes, but legislators say information is being stored on innocent people’s whereabouts.
The House bill keeps law enforcement from keeping LPR information in a database — which could be used to reconstruct individual movements of people over a long period of time — but the Senate bill has a 90-day retention period for LPR scans or even longer, if the information is part of a criminal investigation.
“If you are innocent, the police department has no business tracking you without some level of probable cause,” House bill author John Lesch (DFL-St. Paul), said. “The Senate bill lowers that to a reasonable suspicion. That’s not high enough for me, and I think we are probably going to have a discussion about that.”
Public employee snooping
Law enforcement isn’t the only part of state government keeping massive data sets on individuals. A proposal currently in House-Senate negotiations would crack down on the misuse of state government databases.
Both bills would require identifying government employees from state or local agencies who access private data, even when it’s being used for work purposes. Government officials would also have to notify the person whose data was improperly viewed and allow that person to request a copy of the resulting investigative report.
Former state employee John Hunt was charged earlier this month for breaching thousands of driver’s license files — of mostly high-profile women — while he worked for the Department of Natural Resources.
His wasn’t the first case of state employees snooping on private data, and GOP Rep. Mary Liz Holberg, the author of the House provision, says it wont be the last. A lobbyist working on the medical marijuana issue at the Capitol this year was notified that there have been “dozens” of breaches of their personal data by government agencies around the state, sometimes at 3 a.m., Holberg said.
Sen. Scott Dibble, DFL-Minneapolis, the Senate bill author, said the provision to name the person snooping on data was added after Hennepin County Sheriff Rich Stanek found out his information had been viewed at other law enforcement agencies all over the state, but could not find out who was peeping.
The Senate also wants the ability to publicly naming the guilty person on a government website.
But government agencies are concerned about having to track and obtain information on anyone who looked at your information — even if it was part of their job. In some cases, small-town local governments won’t have the technology or capital to extensively track their databases, they say.
Beau Berenston, Association of Minnesota Counties policy analyst, said county workers to who, for instance, help calculate child services, could be the target of client “threats and other retribution” if the bill passes. “We are extremely concerned about the unintended consequences of this provision,” he said.
Legislators are still negotiating the proposal’s final details, but Holberg said they’re keeping government agencies’ concerns in mind. “We don’t want a situation where we put in language where it will have a chilling effect on people who are just doing their job,” she said.
One proposal aims to create a commission — based on the state’s pension commission — that would foster data-privacy experts within Legislative ranks for years to come.
“Technology is changing — we are constantly playing catch up,” said Lesch, DFL-St. Paul, who chairs the House Civil Law Committee. “We don’t need to just be vigilant on the back end when this stuff gets out, we need to be vigilant on the front end too, because no matter what there’s going to be leaks and mistakes.”