Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
United States Your Rights Online

Biden Aims To Stop Countries From Exploiting Americans' Data for Blackmail, Espionage (bloomberg.com) 119

The Biden administration is preparing an executive order that seeks to prevent foreign adversaries from accessing troves of highly sensitive personal data about Americans and people connected to the US government, Bloomberg News reported, citing documents. From the report: The administration plans to soon unveil the new executive order, which will direct the US Attorney General and Department of Homeland Security to issue new restrictions on transactions involving data that, if obtained, could threaten national security, according to three people familiar with the matter, who asked not to be named as the details are still private.

The draft order focuses on ways that foreign adversaries are gaining access to Americans' "highly sensitive" personal data -- from genetic information to location -- through legal means. That includes obtaining information through intermediaries, such as data brokers, third-party vendor agreements, employment agreements or investment agreements, according to a draft of the proposed order. In addition, organizations owned, controlled or operated by "countries of concern" are often obligated to hand such data over to the government when asked.

This discussion has been archived. No new comments can be posted.

Biden Aims To Stop Countries From Exploiting Americans' Data for Blackmail, Espionage

Comments Filter:
  • Uhm (Score:5, Insightful)

    by dbialac ( 320955 ) on Tuesday January 23, 2024 @04:03PM (#64182843)
    Good luck with that. Banks already have a terrible time with that, and they're the ones most likely impacted. One exploit and systems are compromised.
    • Yeah but if they do nothing itâ(TM)s worse.

      • Re: Uhm (Score:5, Insightful)

        by ShanghaiBill ( 739463 ) on Tuesday January 23, 2024 @04:46PM (#64182965)

        A big part of the solution is to stop collecting the data in the first place.

        They can't lose what they don't have.

        • How are we going to put targeted ads in front of you if we don't track you?

        • by tepples ( 727027 )

          How would, say, a company that sells widgets to the public reasonably stop collecting the mailing addresses of its direct customers?

          • How would, say, a company that sells widgets to the public reasonably stop collecting the mailing addresses of its direct customers?

            My address is in the phone book.
            That isn't confidential information.

            • PHONE BOOK?

              Senior-like typing detected...

              I honestly can't recall how long ago it was the phone company stopped dropping white and yellow pages on my doorstep annually.

          • Are you serious? Same way that company can accept credit cards without storing credit card numbers.
            • A payment processor such as Stripe or PayPal collects payment from the customer, remits it to the merchant's bank account, and sends the merchant an opaque identifier representing the payment. This is adequate because payment is electronic and fungible.

              The products to be shipped are physical, not electronic, and non-fungible in the sense that a widget's selling price does not uniquely identify it. By the time the customer receives the parcel, the customer's name and address have been physically printed on a

              • The computer network which ends on your desk in front of you does this all the time, through the magic of encapsulation and the OSI model. Note that the packets are not fungible, they represent unique bit patterns which are routed physically across the links via copies.

                For physical goods, your forwarding company suggestion is precisely the prototype here. These companies do in fact exist, some of us outside the US already use them regularly for purchases of physical goods from stores that don't accept for

          • by theCoder ( 23772 )

            Obviously, the company needs the address to deliver the widget. After a reasonable period of time, however, it could delete that address, and even the name of the customer.

            btw, companies would do this if that data was a liability. If a company had to pay a fine after a data breach proportional to the information lost, then they would be incentivized to get rid of information that they no longer needed to do business. This already happens in some cases. For example, many large companies have policies to

            • Obviously, the company needs the address to deliver the widget. After a reasonable period of time, however, it could delete that address, and even the name of the customer.

              As I understand it, the merchant must control the customer's personal data at least between when the customer places the order and when the merchant prints the shipping label and hands the parcel off to the courier. The worst case, an order on Friday evening and a Tuesday fulfillment after a Monday bank holiday, means the merchant controls the customer's personal data for four days. A country's data protection authority would argue that this gives four days for a data breach to occur, potentially exposing t

        • I guess this means that the US agreement with the EU is going to be cancelled?

    • Re: (Score:3, Interesting)

      Came here to say "Good Luck with that". Thank You.

    • by Anonymous Coward

      Good luck with that. Banks already have a terrible time with that, and they're the ones most likely impacted. One exploit and systems are compromised.

      Naah. It's healthcare.

      I have one client that has 9 separate shitty tools--all built by Indian developers that are bogging his server down constantly siphoning patient data away to the 3rd-world. We can't remove them because one makes sure that patients leave him good reviews on Google, Facebook, etc...another one makes sure he knows which patients have extra funds left on their insurance so they can milk more money out of them, another one does text messaging (now including AI (tm) for handling patient

    • Re:Uhm (Score:4, Insightful)

      by myowntrueself ( 607117 ) on Tuesday January 23, 2024 @09:03PM (#64183461)

      Good luck with that. Banks already have a terrible time with that, and they're the ones most likely impacted. One exploit and systems are compromised.

      I think he means stop OTHER countries from exploiting Americans' data for blackmail and espionage.
      As long as America does it and other countries don't its ok. Oh, and the 5 eyes partners, they are ok too.
      Just not like China and Russia etc.
      And yeah, good luck... You'll have to stop doing it yourself in order to be able to realistically stop the 'bad guys'.

      • by AmiMoJo ( 196126 )

        So what, it's basically like the EU's requirements for exporting data to the US, companies must comply with EU standards on handling it? No data export to countries on some blacklist of places that blackmail Americans?

        • So what, it's basically like the EU's requirements for exporting data to the US, companies must comply with EU standards on handling it? No data export to countries on some blacklist of places that blackmail Americans?

          Countries other than the USA which still gets an exemption, so that also includes the whole of 5 eyes and whoever gets to hack the USA.
          So basically, the whole world still has an exemption to the GDPA

    • How about starting with preventing companies in the USA from profiting by selling our personal data?
    • In related news, Biden also announced plans to tell Somalian pirates to leave Americans alone, and stop Mexican drug cartels from kidnapping Americans, and put a complete end to human trafficking.
  • GDPR (Score:5, Insightful)

    by bradley13 ( 1118935 ) on Tuesday January 23, 2024 @04:06PM (#64182857) Homepage
    Start by creating something like the GDPR. Then enforce it. That will massively reduce the legal trade in data.
    • Re:GDPR (Score:5, Insightful)

      by nightflameauto ( 6607976 ) on Tuesday January 23, 2024 @05:23PM (#64183047)

      Start by creating something like the GDPR. Then enforce it. That will massively reduce the legal trade in data.

      This is America. There's a reason this is targeted only at foreign countries. Raping data is BIG MONEY BUSINESS in this country, and Biden and his administration need to be very, VERY careful not to piss off the big data brokers during an election cycle. It sucks, but that's the reality of the situation.

      • I'm from outside, can you explain me why Biden needs to be careful with data brokers? I understand why he would need not to not piss off "farmers" or "gun owners" because they are a significant fractions of voters, but what is the special power of data brokers on the election result?

        • Re: (Score:3, Insightful)

          Because Google, Facebook, etc can make or break him in an election.

        • There's an old saying that you don't go to war with someone who buys ink by the barrel. Big tech/ad goons, even being the useless cunts that they are, buy ink by the tanker (so to speak)

        • Money buys elections and these are some of his big donors.
        • I'm from outside, can you explain me why Biden needs to be careful with data brokers? I understand why he would need not to not piss off "farmers" or "gun owners" because they are a significant fractions of voters, but what is the special power of data brokers on the election result?

          Couple reasons.

          Step one: If Biden pisses off the social media companies enough? Suddenly public opinion, which is primarily generated on social media, picked up off of social media by news outlets, and shoved into American's faces 24/7/365, would sway HARD against Biden. And this country thrives on hate and retribution. If they can cook up a reason for people to hate Biden it would be screamed from every rooftop, but it would all start on social media.

          Step two: The amount of lobbying money and campaign fund

          • by wed128 ( 722152 )

            If they can cook up a reason for people to hate Biden...

            No need to cook up a reason. Plenty of people already hate Biden, all it takes is one trip to the grocery store or gas pump. We're in economic shambles.

      • Selling it it foreign powers would be big money business too.

        • Selling it it foreign powers would be big money business too.

          Which is why this is about preventing foreign actors from collecting our data, not from buying it from one of our data collectors.

    • Re:GDPR (Score:5, Interesting)

      by VeryFluffyBunny ( 5037285 ) on Tuesday January 23, 2024 @05:27PM (#64183057)
      It sounds like they're simply proposing to prohibit banks, credit card companies, cable companies, employers, or anyone who collects your personal data as part of their relationship with you, from making extra money on the side by selling your data to 3rd parties... or at least restrict it to only American or licensed 3rd parties.

      If so, it'll be nothing like the GDPR.
      • by mjwx ( 966435 )

        It sounds like they're simply proposing to prohibit banks, credit card companies, cable companies, employers, or anyone who collects your personal data as part of their relationship with you, from making extra money on the side by selling your data to 3rd parties... or at least restrict it to only American or licensed 3rd parties.

        If so, it'll be nothing like the GDPR.

        Which is why the US should just copy the GDPR. It's inevitable that other countries will do the same, which is why websites bombard you with cookie popups in the US and other nations where the GDPR doesn't (yet) exist, they want to make you scared of it because they know you'll be happier with it.

        I expect the US to be one of the last to implement it, sometimes with the US they need to be dragged kicking and screaming into 20 years ago.

    • to stop voting for pro-corporate candidates while distracted by pointless culture war nonsense. Good luck with that. So in the meantime guys like Biden will try to squeak a few useful things past Congress using whatever discretionary powers they have.
      • by znrt ( 2424692 )

        to stop voting for pro-corporate candidates while

        the only not pro-corporate candidates ever were weirdos wearing crocodile skin boots or pink pompons or wielding a shotgun in campaign ads. ok, except maybe bernie sanders. anyhow, all of them would have been immediately forced to swear pro-corporate oath first thing.

        • The only thing anyone ever pays any attention to is the presidential primary. This is why the primaries are so fucked up with absolute lunatics in the Republican primary and milquetoast centrists in the Democratic primaries

          I've been voting in the Democratic primary for over 10 years now and every election there are great pro-consumer anti-corporate candidates. They lose. Every time. That's because guys like you don't actually pay any attention to anything but the presidential primary. So all anyone doe
          • by znrt ( 2424692 ) on Wednesday January 24, 2024 @12:32AM (#64183693)

            That's because guys like you don't actually pay any attention to anything but the presidential primary.

            dude, i'm not even eligible to vote there, i'm not a u.s. citizen, but as to why many people wouldn't give a rat's ass ... here is a hypothesis: it doesn't matter?

            and yes, i'm a boomer, and i just don't share your romantic view of democracy. it is maybe more palatable than any other system, but it doesn't change the plain fact that money rules. with democracy it just does so in an orderly fashion with an appearance of fairness, which is good because that generates confidence and stability. when the wolves sort of behave business can thrive. but any election process in any democracy in the world is designed to only allow candidates who are subservient to whatever powers be there, and that's the sole reason why the system is tolerated. there never was a deciding "demos" anywhere, and though anomalies can actually happen ... careful what you wish for.

          • by wed128 ( 722152 )
            The problem is that you can't vote in any primary without declaring allegiance to a political party, which i refuse to do. So i'm stuck with 3 choices
            1) A republican who makes some economic sense, but who is embarrassing in other fronts
            2) A democrat who makes some social sense, but who has no idea how an economy works
            3) An independent who will lose


            It really sucks to be a voter in this country. We are certainly free to choose which poison to kill ourselves with.
            • by BranMan ( 29917 )

              Or you do like I do - walk into the polling station as an independent, ask for whichever party's ballot I want to vote on, vote, and step up to a table at the back and switch back to independent.

    • by znrt ( 2424692 )

      that would stop "local adversaries" too. that's not what they want.

      btw, i'm thinking you have way too much faith on gdpr. not because of its many flaws, but because it's basically more a "feel good" (or "feel special") thing than anything seriously protecting people's privacy. inbefore the obvious question: i'm european.

      getting back to topic: this is just "feel good" stuff too, just with added nationalistic propaganda.

    • by tepples ( 727027 )

      Would that include requiring every business that ships to customers in the United States to hire a representative firm in the United States to act as its point of contact for U.S. customers' data protection inquiries? (See article 27 GDPR.)

    • "B-b-but that might mean business can't do whatever it wants with the data! THAT'S ISLAMOFASCICOMMUNISM! WHY YOU HATE BUSINESS?"

      Pretty much what will start being spouted the instant anyone makes any headway on something remotely close to GPDR.
  • All they have to do is ban Microsoft Windows. Especially on Homeland Security networks /s Microsoft Enterprise License Agreement (ELA) [dhs.gov]

    The Department of Homeland Security (DHS) established a Microsoft Enterprise License Agreement (ELA) Blanket Purchase Agreement (BPA) to provide access to all Microsoft product offerings listed on the Contractor’s General Services Administration (GSA) Schedule.
    • All your quote supports is that gov't agencies are able to buy Microsoft products... it doesn't explain why they shouldn't...

      Not sure you can blame Windows when gov't employees lose laptops, fall for phishing emails, lose backup tapes, comply with social engineering, etc. can you point to a data leak that was uniquely facilitated by the use of the windows operating system? I'm sure there are a couple - breaches that would not have been possible were the data not stored on a Windows server, but I don't know

    • by Tarlus ( 1000874 )

      Exploitable Windows vulnerabilities != Exploitable human error

  • Swell idea (Score:5, Insightful)

    by Opportunist ( 166417 ) on Tuesday January 23, 2024 @04:22PM (#64182893)

    Let's outlaw blackmail and espionage.

    • Exactly - an EO to accomplish what, exactly?

      This is as non-sensical as the administration's "War on Junk Fees"! [reuters.com]

      • The Federal Trade Commission proposed a new rule on Wednesday to ban hidden fees across a swath of industries including car rental agencies, hotels, and event ticketing providers. The agency estimated the fees cost consumers tens of billions of dollars annually on items such as hotel resort fees.

        Yup, totally nonsensical. I hate that that businesses can't hide fees! How dare anyone stop that!

      • Hey, if you're fine with bullshit fees being added on to whatever you're purchasing just because the seller wants to take more of your money without it being included in the advertised price, that's your business.

        The other 99.999% of us would like to keep our money and have these asshat companies be forced into the transparent pricing that they should be giving to begin with.

        I seriously don't know why you would be calling that "non-sensical" or be adverse to changing this horrible rent-seeking behavior othe

    • Re:Swell idea (Score:5, Insightful)

      by RogueWarrior65 ( 678876 ) on Tuesday January 23, 2024 @05:05PM (#64183019)

      Because it sounds noble and righteous. It's like prosecuting a murder as a "hate" crime. So what? It's still murder. The convict is still going to get life or death. Is the classification going to make the victim's family whole again?

      • The more "counts" you can throw at someone, the better the chance that they will receive the maximal punishment.

      • by mjwx ( 966435 )

        Because it sounds noble and righteous. It's like prosecuting a murder as a "hate" crime. So what? It's still murder. The convict is still going to get life or death. Is the classification going to make the victim's family whole again?

        Because every crime is exactly the same and there are no such things as mitigating or aggravating factors. An unintentional murder or crime of passion should get the same punishment as a premeditated murder based solely on the colour of the victims skin or which sky faerie they believed in?

        After all.. there aren't any degrees to murder, are there?

    • > Let's outlaw blackmail and espionage.

      If you outlaw blackmail, only criminals will have blackmail. Oh wait...

    • I know it's cool to be cynical and say every idea is stupid, but it's not outlawing the leveraging of the data for blackmail
      It's outlawing the (currently legal trading) of the data that could be used for that purpose.

      So 23andMe and hospitals wont be able to sell your genetic data directly to China.
      Existing US data companies would presumably have to open their books and say who they're trading their data to.

      Yeah this isn't a magical solution, but it's an attempt. If nothing else, occasionally we should see l

  • by Cpt_Kirks ( 37296 ) on Tuesday January 23, 2024 @04:23PM (#64182895)

    I dare you.

  • Somehow this will still be legal and valid the moment a foreign company establishes a company with an address in ye âole âmurrica, to call this access a "domestic usage of publicly available data for marketing research".

    But fret not: by restricting access for foreign countries, our government can ensure only the mighty United States is legally allowed to collect hurdles of data about citizens of the world. As a reminder, with the exception of TikTok, all social media companies are Americ

  • by SeaFox ( 739806 ) on Tuesday January 23, 2024 @04:35PM (#64182931)

    How 'bout we just severely curtail what information can be collected to start with? Then what is being exported and how securely its being stored won't be such a huge problem.

    • That is a very sensible idea. Of course, since both parties are wholly owned subsidiaries of Corporate America, and those corporations make tons of money collecting and using such data, we know how much chance your excellent suggestion has of being made real.

    • But that would impact the profits of many loyal patriotic American companies! We can't have that, you socialist.

    • Agree but just as GDPR was passed via the EU Parliament something like that in the US would have to be done via Congressional legislation, Biden can't just EO his way to something so broad.

    • What, are you trying to set a new record for how fast lobbyists can start dumping wheelbarrows of Google / Microsoft / Meta / Apple / Twitter / Comcast / AT&T / Verizon cash in front of politicians?

      There is absolutely zero chance of that happening, as it would also severely curtail the business operations of the previously mentioned megacorps that make billions of dollars off collecting all this data, some of them charging us monthly fees while doing it.

    • How 'bout we just severely curtail what information can be collected to start with?

      LOL, someone doesn't understand Human Nature or the Universe very well.

      Humans will ALWAYS collect data about other humans. It is who we are. The reason we are the way we are is because we will use that information to try to control what other people do.

      There is no stopping this so a better solution would not try to stop it but rather obviate any bad effects from it.

  • by wakeboarder ( 2695839 ) on Tuesday January 23, 2024 @04:43PM (#64182953)
    but that isn't going to stop the data from moving or bad actors from hacking and selling it. But hey, it looks good on paper.
  • Make it illegal for any individual or entity to share/sell another individual's data including their own data. No sharing/selling no problem. But social media and advertising you say? Good riddance.

  • by gosso920 ( 6330142 ) on Tuesday January 23, 2024 @04:48PM (#64182977)
    "Because that's *our* fscking job!" he added.
  • Epstein did a good job of collecting dirt on politicians and celebrities, i wonder who Epstein worked for? CIA/Mossad? the banking cartel that loans the government money at interest?
  • I sure hope it does, because I always know they're serious when a "task force" is created.
  • The Irony (Score:5, Insightful)

    by k2dk ( 816114 ) on Tuesday January 23, 2024 @05:39PM (#64183085)

    The same US that has a law that it can search all data hosted by a US company anywhere in the world?

    • What's new?

      The US is and has always been do what we say, not what we do.

      And in fairness, most countries are the same way. It's just that most countries don't have the influence the US has in the world.

      • by k2dk ( 816114 )

        Absolutely. The Chinese are probably worse.

        I would too. But my evil Volcano Island (tm) unfortunately doesn't have Starlink yet. :)

  • I suspect so much data is already in compromised or about-to-be-compromised databases, that the primary beneficiaries of this legislation will be either very young children or kids who haven't yet been born. So the "legal means" proviso seems to me a bit of a red herring. That's not to say that Biden's plan shouldn't be implemented; just don't expect any significant positive results for a long time.

    Additionally, the government needs to walk its talk here and get its domestic affairs in order in other ways.

  • The sumbitches already have the data.

  • If this only targets "foreign adversaries," well let's say they're going to be a lot less successful at that than the Soviets were at keeping the US from getting an SR71's worth of titanium.

  • by Anonymous Coward

    You can't stop a corporation (a.k.a. a person) from exercising their First Amendment rights By sharing _their_data_ with anyone they so desire. Yes, it's their data. Standing law and terms of service back them up on this.

    I remember back when I got my first telephone (land line). There was a statement in TOS that Ma Bell would have to access _my_ call data for the purpose of billing. That's right. It used to be my data. But somewhere around the 1996 Telecommunications Act that changed. After that, it became

  • ... prevent foreign adversaries from accessing ...

    Today, the Australian government declared a much more practical solution. They're going to dox cyber-criminals. Corporations can still collect PII and still use record-keeping that easy to download, in the name of fighting crime, of course. But anyone stealing it will be named and shamed and occasionally, prosecuted.

    Every government thinks it's protected because it wrote a piece of paper telling itself that.

  • This isn't an emerging threat that requires immediate and decisive action. There are laws that need to be drafted, debated, revised, and passed. As such, this shouldn't be the President's job.

  • The Biden administration is preparing an executive order that seeks to prevent foreign adversaries from accessing troves of highly sensitive personal data about Americans and people connected to the US government, Bloomberg News reported, citing documents.

    LOL. Are these people even serious anymore? That data is sold by the yottabyte to anyone and everyone. How the fuck will they keep it from going across physical borders?

    And even if they did, my data was taken directly from the US government itself at the Office of Personnel Management... and two of my doctors, and my home loan company, and my phone company, and ... fuck it. I can't name them all.

    They could threaten the Brazen Bull for every byte of information that leaks and terabytes will still transfer ev

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...