Tag Archives: S. 9191

NY SPY Act: S. 9191

While people are starting to take notice of the New York bill that would include social media in licensing background checks, most seem to missing an important point or two.

When I first heard about this being draft, I asked, “Realizing you’re politicians, & thus insane, I ask: HOW are you going to see a 1YR Internet search history?”

The bill has been filed, and my question semi-answered.

NY: S09191 Summary: Relates to requiring social media and search engine reviews prior to the approval of an application or renewal of a license to carry or possess a pistol or revolver

Here is the most relevant part:

54 deem appropriate. In order to ascertain whether any social media
55 account or search engine history of an applicant presents any good cause
56 for the denial of a license, the investigating officer shall, after

S. 9191 3

1 obtaining the applicant’s consent pursuant to subdivision three of this
2 section, and obtaining any log-in name, password or other means for
3 accessing a personal account, service, or electronic communications
4 device necessary to review such applicant’s social media accounts and
5 search engine history, review an applicant’s social media accounts for
6 the previous three years and search engine history for the previous year
7 and investigate an applicant’s posts or searches related to (i) commonly
8 known profane slurs or biased language used to describe the race, color,
9 national origin, ancestry, gender, religion, religious practice, age,
10 disability or sexual orientation of a person; (ii) threatening the
11 health or safety of another person; (iii) an act of terrorism; or (iv)
12 any other issue deemed necessary by the investigating officer. For the
13 purposes of this subdivision, “social media accounts” shall only include
14 Facebook, Snapchat, Twitter and Instagram, and “search engine” shall
15 only include Google, Yahoo and Bing.

I’ll just get this part out of the way, so I can move on to the real problems (not that this isn’t pretty bad): “[K]nown profane slurs or biased language;” also known as protected speech, unless it involves a direct threat, or actual slander/libel. I see 1st Amendment issues if they deny a licensed based on protected speech they don’t like. Especially if they don’t know what “niggardly” means.

It’s almost as if Sen. Parker set out to shred the 1st Amendment, as well as the 2nd.

Now, as to how they would check for bad-think… We don’t know. This bill says what, but doesn’t specify the process, the how.

obtaining the applicant’s consent pursuant to subdivision three of this section, and obtaining any log-in name, password or other means for accessing a personal account, service, or electronic communications device necessary to review such applicant’s social media accounts and search engine history…

You have to give them your usernames and passwords. Not just for your social media accounts, but to your phone and/or computer. That’s how they’ll be able to see your browser search history. When you hand over your phone and computer; as that’s the only reason they would need the computer logon for themselves.

When you surrender your device, make them sign a receipt with the date and time. Send the state a bill for the time. It may be useful in other ways, too, as you’ll see.

Or your boss’s computer. I can tell from web site logs (I’m an admin for several sites) that a lot of people appear to be using company computers, which matches personal in-office observations over the years. If you’ve been surfing at work, you’ll need to let them search that computer, too. I wonder how companies are going to react to that, what with proprietary files and all.

I see no mention of controls to prevent them playfully scanning through all your directories in search of… oh, financial data, HIPAA-protected medical information, your porn stash, whatever.

But let’s say the thugs are just looking at your iPhone. Is the plan to check search engine history, then hand it back to you? When do they check years of multiple social media posts? Will they use your passwords to login from your phone, or from their own computers?

If they use yours… well, that puts you out-of-pocket for a phone for quite some time. And speaking of time…. air time. Are they going to burn your air time, or provide WiFi at their expense?

I also wonder about “search engine history.” Do they differentiate between that and browser history? When checking referral search terms, I see a lot of people entering URLs (“http://www.whatever.com/index2.html”) into the search engine instead of the browser address bar. Do these politicians know the difference, or are they like people I’ve met who said their browser is “Google”?

But either way, will they follow a URL entered into the search engine to see if it really is “profane” or “biased”? What if it turns out to be a URL for a medical appointment schedule, or your online banking account? I think they’ll run afoul of HIPAA again, or federal banking laws.

And if your browser cache is part of the “history” they think is from search engines…

On the other hand, if their techno-probing is that comprehensive, there would be some wonderful opportunities for malicious compliance. If they follow URLs…

One might prepare for the probing by loading up on every Russian malware site on the Internet. If the authorities use your computer/phone for the search, have your java/ad/malware blockers turned off, then sue the hell out of them for rendering your device useless. If they download the history files to their own computer and start browsing, they’ll infect themselves.

Or My Little Pony and brony sites; that might be worse.

All in all, it would safer — for the goons — to use your device. In which case, if your computer skills are up to hacking file properties, and you’re willing to take a chance…

Install an incriminating file — child porn is extremely risky, so you might want to use ISIS videos and bomb-making instructions — with creation/access properties showing it appeared on your device while it was in the goons’ custody (you got that receipt, right?). When you get your device back, “find” it and report that someone was being very naughty with your stuff. Child porn and terrorism can fall within the feds’ purview, so report this unlawful activity by NY cops to the FBI.

And watch the great state of New York try to explain it.

Depending on how they pull the history data from your device, other options might be available. It would be a darned shame if they plugged into a USB port and sucked everything out of your browser profile folder.

Including all the trojans and worms you thoughtlessly left there.

I could probably monkeywrench without doing anything special. I don’t use Facebook, Snapchat, Instagram, Google, Yahoo or Bing. I can imagine a brain-dead bureaucrat going nuts trying to find them on my device. I don’t like being tracked, so I routinely delete my entire browser history. If they stick to only what’s listed in this bill, all they would see from me is a series of Twitter posts making fun of idiots, including state Senator Parker himself.

No doubt that will be “biased language used to describe his mental disability.” There’s a reason I refuse to live in New York.


Carl is an unpaid TZP volunteer. If you found this post useful, please consider dropping something in his tip jar. He could really use the money, what with truck repairs and recurring bills. And the rabbits need feed. Truck insurance, lest I be forced to sell it. Click here to donate via PayPal.
(More Tip Jar Options)


Ed. note: This commentary appeared first in TZP’s weekly email alert. If you would like to be among the first to see new commentary (as well as to get notice of new polls and recaps of recent posts), please sign up for our alert list. (See sidebar or, if you’re on a mobile device, scroll down). Be sure to respond when you receive your activation email!

Facebooktwitterredditpinteresttumblrmail