The Supreme Court just ruled that a police officer could not be sued for gunning down Amy Hughes. This has vast implications for law enforcement accountability. The details of the case are as damning as the decision. Hughes was not suspected of a crime. She was simply standing still, holding a kitchen knife at her side. The officer gave no warning that he was going to shoot her if she did not comply with his commands. Moments later, the officer shot her four times.

“Shoot first and think later,” according to Justice Sonia Sotomayor, is what the officer did.

As Sotomayor argued in dissent, the court’s decision in Kisela v. Hughes means that such “palpably unreason­able conduct will go unpunished.” According to seven of the nine Justices, Hughes’ Fourth Amendment right to not be shot four times in this situation is less protected than the officer’s interest in escaping accountability for his brazen abuse of authority. According to Justice Sotomayor, “If this account of [the officer’s] conduct sounds unreasonable, that is because it was. And yet, the Court [] insulates that conduct from liability under the doctrine of qualified immunity.”

Worse yet, this decision wasn’t a surprise. And it certainly isn’t an aberration.

In fact, it is just the latest in a long line of cases in which the Supreme Court has decimated our ability to vindicate constitutional rights when government actors overstep. And when law enforcement oversteps, as was the case with Hughes, the consequences can be devastating.

As Professor William Baude explains, “[t]he doctrine of qualified immunity prevents government agents from being held personally liable for constitutional violations unless the violation was of ‘clearly established’ law.” If any reasonable judge might have deemed the action permissible, the law is not “clearly established.” Essentially, if you want to sue a police officer who you think violated your constitutional rights, you first have to convince the court that what happened to you was so outrageous that no reasonable person could have thought it was okay.

This makes excessive force cases a steep uphill battle. Such cases turn on the Fourth Amendment — a constitutional right that is notorious for its murky and context-specific contours. So proving a Fourth Amendment violation is hard enough on its own. When you have to prove a “clearly established” violation, the task becomes all but impossible because the Supreme Court keeps raising the bar. This further disempowers those injured or killed by police, and their surviving families.

Let’s examine the evolution of the term.

In 1982 it meant that “a reasonable person would have known” an action was unlawful. Fast forward to 2010 and “clearly established” meant that “every ‘reasonable official would have understood that what he is doing violates that right.’” The difference between “a” and “every” may seem technical, but, as Dean Chemerinsky and the late Judge Stephen Reinhardt explained, this change marks the difference between a measured fair notice standard under which it was possible to hold law enforcement accountable and what we have now: a system that “protects all but the plainly incompetent or those who knowingly violate the law.”

Qualified immunity has become a misnomer. It should be called what it is, as Justices Sotomayor and Ginsberg did in their dissent from last week’s opinion. It is an “absolute shield.”

This absolute shield subverts the basic principles of our legal system. It’s supposed to be harder to hold someone criminally liable than civilly liable, but is it? If you unknowingly commit a crime and the government wants to put you in prison for it, you can’t use your ignorance of the law as a defense. But if an officer makes “a mistake of law” by unreasonably gunning you down in your own backyard, that officer gets to use the defense of qualified immunity to avoid paying damages in a civil case.

It doesn’t take a law degree to know this is absurd.

Furthermore, it turns out the doctrine of qualified immunity has no legal basis in the first place — the courts simply made it up. So how can it possibly be justified?

The Supreme Court has told us that the doctrine “balances two important interests—the need to hold public officials accountable when they exercise power irresponsibly and the need to shield officials from harassment, distraction, and liability when they perform their duties reasonably.” That maybe sounds okay in theory, but Hughes’ case is just the latest to show us that in reality, there is no balance and there is no accountability.

The court’s qualified immunity doctrine contributes to the deep deficit in police accountability throughout our country, which disproportionately threatens and ends the lives of people of color, people with mental or physical disabilities, and members of LGBTQ communities. We are collectively holding law enforcement to the lowest standard of performance, when we should instead incentivize better, smarter, and more humane policing.

The result of the court’s decision is clear. Our right to not be unreasonably shot by the police is less protected, and therefore less important, than the court’s interest in shielding police officers from civil liability for their abuses of authority.

The Washoe County School District’s budgeting woes dominated this week’s education headlines in Northern Nevada, but there’s another district issue the public should be talking about.

The Washoe County School District Board of Trustees on Tuesday quietly adopted policies that may make it less transparent and constrain the public’s ability to hold the district accountable. The trustees rubber-stamped their approval on these changes to the district’s public records policies without consulting key stakeholders.

The policy changes undermine the spirit and intent of the Nevada Public Records Act, because it fails to provide a means of requesting a fee waiver for requests made in the public interest, creates a rigid definition of extraordinary use, and charges exorbitant fees for such requests.

The ACLU of Nevada — along with our coalition partners on transparency issues, the Nevada Press Association and the Nevada Policy Research Institute — pointed out several flaws in the proposed policy.

Our letter to school trustees, penned by our policy director, Holly Welborn, shows “the purpose of Nevada’s public records law is to ‘foster democratic principles’ by making records open to the public.”

But exorbitant fees attached to records requests discourage members of the public, as well as public-interest nonprofits like ours, from making records requests. Good public records policies distinguish between requests that are part of a for-profit venture and requests made for the public good. The new policies make no such distinctions and do not specify any processes for requesting a fee waiver.

Washoe’s school trustees also added a fee for “extraordinary use,” which the agency arbitrarily defined as any request that takes more than two hours.

Our long-held position, with guidance from Nevada case law, is that “extraordinary use” is an entity-by-entity, request-by-request analysis that cannot be defined by rigid time limits. A request requiring “extraordinary use of personnel and technological resources” depends on many factors, including the mechanisms available to fulfill the request, the number of staff available to fulfill the request, the willingness of the requester to work with the agency to simplify the request.

The “extraordinary use” fee also fails to address electronic records. The policy conflates providing a “copy” with providing the record itself. In defining “extraordinary use,” the new policy discusses reviewing, redacting and extracting information. But those actions have nothing to do with providing a digital copy, and state law doesn’t provide a fee there for reviewing, redacting and extracting.

We advised the Washoe trustees to remove the two-hour threshold and instead create a policy that opens the lines of communication between the requester and the governmental entity. In today’s digital world, sound policies must clarify whether any fees apply to electronic records.

Nevadans have a right to know what our government agencies are up to. We have a right to request records and hold our government accountable.

A 2019 Silver State Sunshine Act could be the vehicle for change Nevada needs. We’ll keep fighting for 21^st Century public records policies and increased transparency, and we hope you’ll join us.

I don't use Facebook. I'm not technophobic — I'm a geek. I've been using email since the early 1990s, I have accounts on hundreds of services around the net, and I do software development and internet protocol design both for work and for fun. I believe that a globe-spanning communications network like the internet can be a positive social force, and I publish much of my own work on the open web.

But Facebook and other massive web companies represent a strong push toward unaccountable centralized social control, which I think makes our society more unequal and more unjust. The Cambridge Analytica scandal is one instance of this long-running problem with what I call the "surveillance economy." I don't want to submit to these power structures, and I don’t want my presence on such platforms to serve as bait that lures other people into the digital panopticon.

But while I've never "opted in" to Facebook or any of the other big social networks, Facebook still has a detailed profile that can be used to target me. I've never consented to having Facebook collect my data, which can be used to draw very detailed inferences about my life, my habits, and my relationships. As we aim to take Facebook to task for its breach of user trust, we need to think about what its capabilities imply for society overall. After all, if you do #deleteFacebook, you'll find yourself in my shoes: non-consenting, but still subject to Facebook’s globe-spanning surveillance and targeting network.

There are at least two major categories of information available to Facebook about non-participants like me: information from other Facebook users, and information from sites on the open web.

Information from other Facebook users

When you sign up for Facebook, it encourages you to upload your list of contacts so that the site can "find your friends." Facebook uses this contact information to learn about people, even if those people don't agree to participate. It also links people together based on who they know, even if the shared contact hasn't agreed to this use.

For example, I received an email from Facebook that lists the people who have all invited me to join Facebook: my aunt, an old co-worker, a friend from elementary school, etc. This email includes names and email addresses — including my own name — and at least one web bug designed to identify me to Facebook’s web servers when I open the email. Facebook records this group of people as my contacts, even though I've never agreed to this kind of data collection.

Similarly, I'm sure that I'm in some photographs that someone has uploaded to Facebook — and I'm probably tagged in some of them. I've never agreed to this, but Facebook could still be keeping track.

So even if you decide you need to join Facebook, remember that you might be giving the company information about someone else who didn't agree to be part of its surveillance platform.

Information from sites on the open Web

Nearly every website that you visit that has a "Like" button is actually encouraging your browser to tell Facebook about your browsing habits. Even if you don't click on the "Like" button, displaying it requires your browser to send a request to Facebook's servers for the "Like" button itself. That request includes information mentioning the name of the page you are visiting and any Facebook-specific cookies your browser might have collected. (See Facebook's own description of this process.) This is called a "third-party request."

This makes it possible for Facebook to create a detailed picture of your browsing history — even if you've never even visited Facebook directly, let alone signed up for a Facebook account.

Think about most of the web pages you've visited — how many of them don't have a "Like" button? If you administer a website and you include a "Like" button on every page, you're helping Facebook to build profiles of your visitors, even those who have opted out of the social network. Facebook’s “Share” buttons on other sites — along with other tools — work a bit differently from the “Like” button, but do effectively the same thing.

The profiles that Facebook builds on non-users don't necessarily include so-called "personally identifiable information" (PII) like names or email addresses. But they do include fairly unique patterns. Using Chromium's NetLog dumping, I performed a simple five-minute browsing test last week that included visits to various sites — but not Facebook. In that test, the PII-free data that was sent to Facebook included information about which news articles I was reading, my dietary preferences, and my hobbies.

Given the precision of this kind of mapping and targeting, "PII" isn’t necessary to reveal my identity. How many vegans examine specifications for computer hardware from the ACLU's offices while reading about Cambridge Analytica? Anyway, if Facebook combined that information with the "web bug" from the email mentioned above — which is clearly linked to my name and e-mail address — no guesswork would be required.

I'd be shocked if Facebook were not connecting those dots given the goals they claim for data collection:

We use the information we have to improve our advertising and measurement systems so we can show you relevant ads on and off our Services and measure the effectiveness and reach of ads and services.

This is, in essence, exactly what Cambridge Analytica did.

Consent

Facebook and other tech companies often deflect accusations against excessive data collection by arguing "consent" — that they harvest and use data with the consent of the users involved.

But even if we accept that clicking through a "Terms of Service" that no one reads can actually constitute true consent, even if we ignore the fact that these terms are overwhelmingly one-sided and non-negotiable, and even if we accept that it's meaningful for people to give consent when sharing data about other people who may have also opted in — what is the recourse for someone who has not opted into these systems at all?

Are those of us who have explicitly avoided agreeing to the Facebook terms of service simply fair game for an industry-wide surveillance and targeting network?

Privilege

I don’t mean to critique people who have created a Facebook profile or suggest they deserve whatever they get.

My ability to avoid Facebook comes from privilege — I have existing social contacts with whom I know how to stay in touch without using Facebook's network. My job does not require that I use Facebook. I can afford the time and expense to communicate with my electoral representatives and political allies via other channels.

Many people do not have these privileges and are compelled to "opt in" on Facebook's non-negotiable terms.

Many journalists, organizers, schools, politicians, and others who have good reasons to oppose Facebook's centralized social control feel compelled by Facebook's reach and scale to participate in their practices, even those we know to be harmful. That includes the ACLU.

Privacy should not be a luxury good, and while I'm happy to encourage people to opt out of these subtle and socially fraught arrangements, I do not argue that anyone who has signed up has somehow relinquished concerns about their privacy. We need to evaluate privacy concerns in their full social contexts. These are not problems that can be resolved on an individual level, because of the interpersonal nature of much of this data and the complexities of the tradeoffs involved.

Technical countermeasures

While they may not solve the problem, there are some technical steps people can take to limit the scope of these surveillance practices. For example, some web browsers do not send "third-party cookies" by default, or they scope cookies so that centralized surveillance doesn't get a single view of one user. The most privacy-preserving modern browser is the Tor Browser, which everyone should have installed and available, even if it's not the browser they choose to use every day. It limits the surveillance ability of systems that you have not signed up for to track you as you move around the web.

You can also modify some browsers — for example, with plug-ins for Firefox and Chrome — so that they do not send third-party requests at all. Firefox is also exploring even more privacy-preserving techniques.

It can’t be denied, though, that these tools are harder to use than the web browsers most people are accustomed to, and they create barriers to some online activities. (For example, logging in to some sites and accessing some web applications is impossible without third-party cookies.)

Some website operators take their visitors' privacy more seriously than others, by reducing the amount of third-party requests. For example, it's possible to display "share on Facebook" or "Like" buttons without sending user requests to Facebook in the first place. The ACLU's own website does this because we believe that the right to read with privacy is a fundamental protection for civic discourse.

If you are responsible for running a website, try browsing it with a third-party-blocking extension turned on. Think about how much information you're requiring your users to send to third parties as a condition for using your site. If you care about being a good steward of your visitors' data, you can re-design your website to reduce this kind of leakage.

Opting out?

Some advertisers claim that you can "opt out" of their targeted advertising, and even offer a centralized place meant to help you do so. However, my experience with these tools isn't a positive one. They don't appear to work all of the time. (In a recent experiment I conducted, two advertisers’ opt-out mechanisms failed to take effect.) And while advertisers claim to allow the user to opt out of "interest-based ads," it's not clear that the opt-outs govern data collection itself, rather than just the use of the collected data for displaying ads. Moreover, opting out on their terms requires the use of third-party cookies, thereby enabling another mechanism that other advertisers can then exploit.

It's also not clear how they function over time: How frequently do I need to take these steps? Do they expire? How often should I check back to make sure I’m still opted out? I'd much prefer an approach requiring me to opt in to surveillance and targeting.

Fix the surveillance economy, not just Facebook

These are just a few of the mechanisms that enable online tracking. Facebook is just one culprit in this online "surveillance economy," albeit a massive one — the company owns Instagram, Atlas, WhatsApp, and dozens of other internet and technology companies and services. But it’s not the only player in this space. Google’s business model also relies on this kind of surveillance, and there are dozens of smaller players as well.

As we work to address the fallout from the current storm around Facebook and Cambridge Analytica, we can't afford to lose sight of these larger mechanisms at play. Cambridge Analytica's failures and mistakes are inherent to Facebook's business model. We need to seriously challenge the social structures that encourage people to opt in to this kind of surveillance. At the same time, we also need to protect those of us who manage to opt out.