Highly Sensitive
Highly Sensitive
Can Biden’s new executive order protect Americans’ data privacy?
We’ve been talking about data extraction and collection since this newsletter began, and it’s one of the focuses of Season Two of the Technically Optimistic podcast. One thing we haven’t spent much time talking about is the foreign adversary risk.
What happens when a company, or a data broker, wants to sell the data they have collected to a foreign country? Specifically the “countries of concern,” a.k.a. China, Russia, North Korea, Iran and Venezuela? The risks are considerable, from tracking and surveilling Americans to making them vulnerable to scams and blackmail. (And then there are the security risks faced by journalists, activists, political figures, NGO workers, members of the military and marginalized communities, etc.)
I’ve written repeatedly about how slow the government has been to pass comprehensive legislation protecting our privacy: Just the other week, the newsletter focused on how it’s fallen to the states to step into this increasingly dire regulation vacuum. So I was very interested to see yesterday’s news that President Biden has issued an Executive Order to protect Americans’ sensitive data, effectively authorizing the Attorney General to “prevent the large-scale transfer of Americans’ personal data to countries of concern and provides safeguards around other activities that can give those countries access to Americans’ sensitive data.”
This includes geolocation data, personal health data, biometric and genomic data, financial data and other personally identifiable information, which can be sold to commercial data brokers, foreign intelligence services and companies controlled by foreign governments.
While no legislation has been passed, President Biden is issuing a host of directives. The Department of Justice is required to issue regulations for these protections, and the DOJ and the Department of Homeland Security have been ordered to work together to prevent access to Americans’ data through other commercial means. (It’s also worth noting that the White House also just launched an investigation into the data that Chinese-made electric vehicles are gathering through their many sensors, with Biden likening modern cars to smartphones in terms of how much they know about us.)
This Executive Order is great. But…
While this is the first time the government is doing anything for data privacy, it’s a drop in the ocean of privacy concerns. For example, what about preventing data from being collected and aggregated in scary ways within the United States, or even from being collected in the first place?
One way to collect data is to buy it. Another way is to create an app that is so compelling that Amercians voluntarily give it away because it’s fun. Look at TikTok. If you look at what they have amassed – they have interest information for 150 million Americans. (Interest information is the content you gravitate toward and how long you spend on each video, data that tells the algorithm which clips to show you.) We consider that problematic, as it probably is, since we don’t know anything about the security of TikTok, nor do we fully understand their connections with the Chinese government, etc.
These days, TikTok is a tricky subject within the Biden administration, too. On the one hand, federal employees, along with government employees in over 30 states, aren’t allowed to have it on their phones. But the Biden campaign is starting to lean into the platform for its re-election campaign, since that’s where the young voters spend so much of their time.
Letting data brokers sell data is basically allowing other countries to take a shortcut: They don’t need to develop a TikTok to convince Americans to send them their data; they are just going to outright buy it. We can argue that data brokers should not be able to sell to anybody, foreign or domestic, and that in fact there should be data facilitators who allow people to sell data if they want to, and not through some mysterious third party.
In short, we need comprehensive data privacy in the States. This is a good first step toward protection, but we need to demand that our legislators do more. Today.
Worth the Read
The US military has been using algorithms on the battlefield since at least 2017. After Oct. 7, it moved into high gear. On Feb. 2 alone, it used algorithms to identify 85 targets in Syria and Iraq.
This is a great list of the pros and cons of AI, phrased as paradoxes. It’s a great example that we don’t exactly know how this is all going to play out.
Following up on a previous newsletter: There are now two class-action lawsuits against Temu with regards to how the shopping app (mis)handled data.