The Verge - Privacieshttps://cdn.vox-cdn.com/community_logos/52801/VER_Logomark_32x32..png2024-03-28T12:42:56-04:00https://www.theverge.com/rss/privacy/index.xml2024-03-28T12:42:56-04:002024-03-28T12:42:56-04:00Amazon’s palm-scanning service now lets you sign up from your phone
<figure>
<img alt="A photo showing someone scanning their palm with the Amazon One app on mobile" src="https://cdn.vox-cdn.com/thumbor/XfL23lqr_vz9e5h1hqP13bU3xe8=/103x0:1218x743/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73239177/amazon_one_palm_phone.0.jpg" />
<figcaption>Image: Amazon</figcaption>
</figure>
<p id="5ISjQt">Amazon now lets you sign up for its palm recognition service directly from your phone. <a href="https://www.aboutamazon.com/news/retail/amazon-one-app">It’s launching</a> a new Amazon One app on <a href="https://apps.apple.com/us/app/amazon-one/id6452192521?utm_source=Web&utm_medium=&utm_campaign=OB_Blog_2024">iOS</a> and <a href="https://play.google.com/store/apps/details?id=com.amazon.amazonone.androidapp&utm_source=Web&utm_medium&utm_campaign=OB_Blog_2024&pli=1">Android</a> you can use to take a photo of your palm and set up your account, allowing you to start scanning your palm at locations that support the verification tech.</p>
<p id="gDJpO8">Previously, Amazon required users to visit physical locations to enroll in Amazon One, which <a href="https://www.theverge.com/2020/9/29/21493094/amazon-one-palm-recognition-hand-payments-amazon-go-store">lets you make a purchase</a> or <a href="https://www.theverge.com/2023/5/22/23732823/amazon-one-palm-scanning-technology-age-verification">verify your age</a> based on the palm print linked to your Amazon account. The service is available at all <a href="https://www.theverge.com/2023/7/20/23801571/amazon-one-whole-foods-pay-palm-scan">Whole Foods stores</a> across the US and some <a href="https://www.theverge.com/2023/3/22/23651843/amazon-one-panera-bread-palm-scanning-biometrics-payment-loyalty">Panera Bread locations</a>, as well as more than 150 stadiums, airports, fitness centers, and convenience stores.</p>
<div id="PjjnfO"><div style="left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;"><iframe src="https://www.youtube.com/embed/VNcZaPlKyTA?rel=0" style="top: 0; left: 0; width: 100%; height: 100%; position: absolute; border: 0;" allowfullscreen="" scrolling="no" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share;"></iframe></div></div>
<p id="qSKDKe">Amazon One uses generative AI to analyze your palm vein structure to create a “unique numerical, vector representation” of your palm that it recognizes when you scan your hand in-store. It <a href="https://www.aboutamazon.com/news/retail/5-facts-you-may-not-know-about-amazon-one">doesn’t use raw palm images</a> to identify you.</p>
<p id="MlZ3vp">On mobile, Amazon says it uses AI to match the photo from a phone’s camera to the “near-infrared imagery” from an Amazon One device. You’ll need to add a payment method to the app and upload a photo of your ID if you plan to use the service for age verification. You can also link loyalty programs, season passes, and gym memberships.</p>
<figure class="e-image">
<img alt=" " data-mask-text="false" src="https://cdn.vox-cdn.com/thumbor/jQnWBCUqiVkMdpR2BtyZQ2riiNQ=/400x0/filters:no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/25359488/amazon_one_scanning_app.jpg">
<cite>Image: Amazon</cite>
</figure>
<p id="RP6tTi">Although the technology has raised <a href="https://www.cnbc.com/2023/08/26/amazon-biometric-payments-privacy-concerns.html">some privacy concerns</a>, Amazon <a href="https://www.aboutamazon.com/news/retail/5-facts-you-may-not-know-about-amazon-one">says</a> that your palm and vein images are “immediately encrypted” and sent to a “highly secure zone” in the AWS Cloud that’s specifically built for Amazon One. There, Amazon creates your palm signature.</p>
<p id="Yp3mCn">Amazon also says the new app “includes additional layers of spoof detection,” adding that you can’t save or download the palm images to your phone. That still might not be enough to convince some users (myself included) to hand over their, well, <em>hands</em>, for the sake of convenience. Because, unlike a password, <a href="https://www.theverge.com/2020/10/1/21496673/amazon-one-palm-reading-vein-recognition-payments-identity-verification">you can’t get a new palm print</a>.</p>
<p id="o3x9be"><em><strong>Update March 28th, 2:43PM ET:</strong></em><em> Added additional details of Amazon’s palm matching technology and security protocols.</em></p>
https://www.theverge.com/2024/3/28/24114499/amazon-one-palm-scanning-mobile-appEmma Roth2024-03-22T17:20:30-04:002024-03-22T17:20:30-04:00Mozilla just ditched its privacy partner because its CEO is tied to data brokers
<figure>
<img alt="An image showing the Firefox logo on a gradient background" src="https://cdn.vox-cdn.com/thumbor/Ynu0iyHIS1dOQdiu-2esZvH_-fI=/123x0:1278x770/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73226968/firefox_logo.0.jpg" />
<figcaption>Image: Mozilla</figcaption>
</figure>
<p id="qlyC41">Mozilla is ending its partnership with Onerep after the company’s CEO admitted to having ties to a data broker, as first reported by <a href="https://krebsonsecurity.com/2024/03/mozilla-drops-onerep-after-ceo-admits-to-running-people-search-networks/"><em>Krebs on Security</em></a>. “Though customer data was never at risk, the outside financial interests and activities of Onerep’s CEO do not align with our values,” writes Mozilla’s vice president of communications Brandon Borrman, in a statement provided to <em>The Verge.</em></p>
<p id="3krKvP">In February, Mozilla <a href="https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests">bundled Onerep’s data removal service</a> into its new $8.99 per month Monitor Plus subscription. The service let users hunt down their personal information on the web and submit takedown requests across dozens of websites — all through Mozilla’s partnership with Onerep.</p>
<div id="tOsXeJ"><div style="left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;"><iframe src="https://www.youtube.com/embed/lT0u415in5Y?rel=0" style="top: 0; left: 0; width: 100%; height: 100%; position: absolute; border: 0;" allowfullscreen="" scrolling="no" allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share;"></iframe></div></div>
<p id="VpXbSc">However, an in-depth <a href="https://krebsonsecurity.com/2024/03/ceo-of-data-privacy-company-onerep-com-founded-dozens-of-people-search-firms/">report from <em>Krebs on Security</em></a> found that Onerep’s CEO Dimitri Shelest started “dozens” of people-search websites over the course of several years. <a href="https://krebsonsecurity.com/wp-content/uploads/2024/03/Dimitri-Shelest-Letter-_-Comment-on-Krebs-article-3.20.24-1.pdf">Shelest later published</a> a statement admitting that he still holds an ownership stake in Nuwber, which lets visitors search for people based on their name, phone number, address, or email. Shelest says there is “zero cross-over or information-sharing” between Nuwber and Onerep.</p>
<p id="RwaGR6">“I get it. My affiliation with a people search business may look odd from the outside,” Shelest’s statement reads. “In truth, if I hadn’t taken that initial path with a deep dive into how people search sites work, Onerep wouldn’t have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I’m aiming to do better in the future.”</p>
<p id="vY3rs5">Following Shelest’s statement, Mozilla decided to end its short-lived partnership with Onerep. “We’re working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first,” Borrman tells <em>The Verge</em>. He adds that Mozilla is “continuing to offer Mozilla Monitor Plus” at this time.</p>
<p id="bnlf63"><em><strong>Update March 25th, 1:47PM ET: </strong></em><em>Added an additional statement from Mozilla.</em></p>
https://www.theverge.com/2024/3/22/24109116/mozilla-ends-onerep-data-removal-partnershipEmma Roth2024-03-20T16:46:11-04:002024-03-20T16:46:11-04:00House passes bill banning data brokers from selling personal data to foreign adversaries
<figure>
<img alt="Illustration of a password above a closed combination lock." src="https://cdn.vox-cdn.com/thumbor/LeUmVNLAi8kjfmFdWu7iJ1d0IHo=/20x0:2021x1334/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73221727/STK442_Password_Manager_A_CVirginia.0.jpg" />
<figcaption>Cath Virginia / The Verge | Photo from Getty Images</figcaption>
</figure>
<p id="UsLD37">A week after the House of Representatives <a href="https://www.theverge.com/2024/3/15/24102472/house-tiktok-ban-bill-staffers-calls-congress">passed a bill that seeks to force TikTok to separate from its Chinese parent company</a>, it passed a second bill that aims to protect Americans’ data from foreign adversaries.</p>
<p id="39QaUc"><a href="https://www.congress.gov/bill/118th-congress/house-bill/7520/text">The Protecting Americans’ Data from Foreign Adversaries Act, or HR 7520</a>, would prohibit data brokers from selling Americans’ personally identifiable information to foreign adversaries, including countries like China, Russia, North Korea, and Iran. Data brokers can face penalties from the Federal Trade Commission if they’re found to have sold sensitive information like location or health data to these countries. The bill sailed through the House, with all 414 lawmakers who voted opting to pass it.</p>
<p id="Tu97E3">The bill, led by House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Ranking Member Frank Pallone (D-NJ), was <a href="https://energycommerce.house.gov/posts/markup-recap-e-and-c-unanimously-advances-bipartisan-legislation-to-protect-americans-data-and-national-security-against-foreign-adversaries">unanimously voted out of committee</a> alongside the TikTok bill that <a href="https://www.theverge.com/2024/3/13/24097125/house-bill-vote-tiktok-ban-china-bytedance-divestment">similarly passed the House with broad support</a>. Lawmakers hope the combination of legislation will protect US internet users and safeguard US national security.</p>
<p id="8rMRvD">McMorris Rodgers and Pallone said in a <a href="https://republicans-energycommerce.house.gov/posts/rodgers-and-pallone-celebrate-house-passage-of-legislation-to-protect-americans-data-from-foreign-adversaries">joint statement</a> Wednesday that the legislation “builds on our efforts in the House last week to pass H.R. 7521 — with overwhelming and bipartisan support — and serves as an important complement to more comprehensive national data privacy legislation, which we remain committed to working together on.”</p>
<p id="ub8xGf">Unlike the TikTok bill, this one does not name individual companies. But it imposes a broad limit on data brokers’ ability to “sell, license, rent, trade, transfer, release, disclose, provide access to, or otherwise make available sensitive data of a United States individual” to foreign adversaries or organizations they control. It also gives the Federal Trade Commission authority to enforce the legislation.</p>
<p id="rg8QFl">The sensitive data covered by the bill includes biometric and genetic information, Social Security numbers, health diagnoses or treatments, and precise geolocation data.</p>
<p id="KebUYg">If it passes the Senate and is signed by the president, the bill would provide a significant uptick in data privacy for Americans — but that said, the bar for that is <a href="https://www.theverge.com/interface/2020/1/22/21075270/clearview-ai-facial-recognition-nytimes-federal-privacy-law-surveillance">relatively low</a>. Discussions about a broader privacy law have withered in recent years, but the Energy and Commerce leaders say they’re holding out hope that the overwhelming support for the data broker bill can get Congress moving on more ambitious privacy legislation. “We’re encouraged by today’s strong vote, which should help build momentum to get this important bipartisan legislation, as well as more comprehensive privacy legislation, signed into law this Congress,” McMorris Rodgers and Pallone said in their joint statement.</p>
https://www.theverge.com/2024/3/20/24106991/house-data-broker-foreign-adversaries-bill-passesLauren Feiner2024-03-19T09:10:48-04:002024-03-19T09:10:48-04:00Ad-free Facebook might get way cheaper to appease EU regulators
<figure>
<img alt="A Facebook logo surrounded by blue dots and white squiggles." src="https://cdn.vox-cdn.com/thumbor/YZ8ESnxWunZOWYgGmXYETJy_onY=/0x0:2040x1360/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73217520/STK040_VRG_Illo_N_Barclay_4_facebook.0.jpg" />
<figcaption>Illustration by Nick Barclay / The Verge</figcaption>
</figure>
<p id="6LjCgr">Meta says it’s offered to reduce the price of its ad-free subscription for Instagram and Facebook in Europe to address regulatory concerns, <a href="https://www.reuters.com/technology/meta-offers-cut-facebook-instagram-monthly-fees-599-euros-2024-03-19/"><em>Reuters</em> reports</a>. Speaking in a hearing with the European Commission, Meta lawyer Tim Lamb said the company has “offered to drop the price from €9.99 to €5.99 for a single account and €4 for any additional accounts” in its discussion with privacy regulators in an attempt to “get to a steady state.”</p>
<p id="M3fVNd">Lamb said €5.99 is “by far the lowest end of the range that any reasonable person should be paying for services of this quality” and hoped that the “regulatory uncertainty” will “settle down quickly.” It reportedly made the offer to cut its prices to data protection authorities earlier this year.</p>
<p id="ZBZgNA">The company launched its ad-free subscription <a href="https://www.theverge.com/2023/11/10/23955987/instagram-facebook-without-ads-eu-subscription">last November</a> after European Union regulators <a href="https://www.edpb.europa.eu/news/news/2023/edpb-urgent-binding-decision-processing-personal-data-behavioural-advertising-meta_en">challenged the legal basis for its collection and processing of user data</a>. Meta hoped that this “Subscription for no ads” program would allow it to effectively get consent to process user data under the EU’s GDPR rules as well as the Digital Markets Act. The subscription is available in the European Economic Area and Switzerland.</p>
<div class="c-float-left c-float-hang"><aside id="g9cH5R"><div data-anthem-component="readmore" data-anthem-component-data='{"stories":[{"title":"Facebook and Instagram launch a paid ad-free subscription","url":"https://www.theverge.com/2023/10/30/23938283/facebook-instagram-ad-free-subscription-eu"}]}'></div></aside></div>
<p id="a16u4n">But the paid tier was quickly the subject of complaints from consumer groups, who’ve attacked the measure as a “<a href="https://www.beuc.eu/press-releases/consumer-groups-launch-complaints-against-metas-massive-illegal-data-processing">pay-or-consent</a>” smokescreen. “Meta’s offer to consumers is smoke and mirrors to cover up what is, at its core, the same old hoovering up of all kinds of sensitive information about people’s lives which it then monetises through its invasive advertising model,” the European Consumer Organisation’s (BEUC) deputy director general, Ursula Pachl, said in a statement in February.</p>
<p id="i9YT7x">Eight consumer groups from the BEUC’s network filed complaints with their respective national data protection authorities accusing Meta of not complying with the GDPR. <a href="https://www.beuc.eu/press-releases/consumer-groups-launch-complaints-against-metas-massive-illegal-data-processing">The group said</a> Meta doesn’t have a “valid legal basis” to justify its data collection and that “the choice it imposes on its users can not lead to their freely given and informed consent.”</p>
<p id="Z7lD8z">It’s unclear whether simply lowering the price of this monthly subscription will address these privacy concerns. Although privacy rights group <a href="https://techcrunch.com/2023/11/28/meta-ad-free-sub-noyb-complaint/">NOYB attacked the cost of the subscription</a> for being “way out of proportion” to the value Meta gets from tracking EU users, other groups have more structural complaints with the way the subscription has been implemented. BEUC, which serves as an umbrella group of 45 consumer organizations, has <a href="https://www.beuc.eu/choose-to-Lose-with-Meta#the-solution">called for Meta</a> to give consumers more time to think about their choice, for example, and to be more transparent about which data is collected under the paid option.</p>
<p id="1gqUbe"></p>
https://www.theverge.com/2024/3/19/24105660/meta-ad-free-subscription-facebook-instagram-gdpr-dma-eu-privacy-regulationJon Porter2024-03-16T14:56:48-04:002024-03-16T14:56:48-04:00SpaceX is reportedly building a network of spy satellites for US intelligence
<figure>
<img alt="The Starshield logo." src="https://cdn.vox-cdn.com/thumbor/9T2jI5yJ-jAk1njR1IPMWdF-XNY=/0x1:1346x898/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73212035/Screen_Shot_2022_12_07_at_12.38.05_PM.0.jpg" />
<figcaption>Image</figcaption>
</figure>
<p id="gJqN8B">SpaceX’s Starshield unit has had a classified contract with the US National Reconnaissance Office (NRO) since 2021 to build a network of “hundreds” of spy satellites for the agency, <a href="https://www.reuters.com/technology/space/musks-spacex-is-building-spy-satellite-network-us-intelligence-agency-sources-2024-03-16/"><em>Reuters</em> reports today</a>, citing unnamed sources “familiar with the program.” </p>
<p id="qyar0z">A <a href="https://www.wsj.com/tech/musks-spacex-forges-tighter-links-with-u-s-spy-and-military-agencies-512399bd?page=1"><em>Wall Street Journal</em> report</a> in February listed a classified $1.8 billion SpaceX contract with a then-unnamed government agency. Now <em>Reuters</em> has attached a name, and that it’s to build a network of “hundreds of satellites bearing Earth-imaging capabilities that can operate as a swarm in low orbits.” </p>
<p id="lMgj1a">The report didn’t say when the network will be operational or what other companies are involved. It does mention that a US database of space objects lists satellites deployed by SpaceX that the company and government have not acknowledged and cites sources confirming those objects as Starshield prototypes.</p>
<figure class="e-image">
<img alt="A screenshot showing the things Starshield can be used for, including “Earth Observation.”" data-mask-text="false" src="https://cdn.vox-cdn.com/thumbor/mFCjZwH8vyZ2kPuWbz7qeTJACec=/400x0/filters:no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/25339774/Screenshot_2024_03_16_at_1.47.23_PM.png">
<cite>Screenshot: Wes Davis / The Verge</cite>
<figcaption>A screenshot from SpaceX’s Starshield website.</figcaption>
</figure>
<div class="c-float-left c-float-hang"><aside id="utFcG3"><div data-anthem-component="readmore" data-anthem-component-data='{"stories":[{"title":"SpaceX launches new Starlink service aimed specifically at governments&nbsp;","url":"https://www.theverge.com/2022/12/7/23497999/spacex-starshield-starlink-government-satellite-internet"}]}'></div></aside></div>
<p id="DFlSeW">SpaceX describes Starshield as a <a href="https://www.theverge.com/2022/12/7/23497999/spacex-starshield-starlink-government-satellite-internet">government-focused secure satellite network</a>, and Elon Musk <a href="https://twitter.com/elonmusk/status/1707149214701019392">tweeted</a> it “will be owned by the US government and controlled by DoD Space Force.” Last fall, the business unit <a href="https://www.theverge.com/2023/9/28/23894239/spacex-starshield-satellite-network-space-force-pentagon-deal">signed a US Space Force contract</a> to provide satellite communications for the military via Starlink.</p>
<p id="DdCSd0">According to <em>Reuters</em>, if the NRO contract is a success, it would “significantly advance the ability of the U.S. government and military to quickly spot potential targets almost anywhere on the globe.</p>
<p id="ZBAbwY">While an NRO spokesperson reportedly declined to comment on <em>Reuters</em> findings about SpaceX’s involvement, it confirmed to the outlet that it’s working to develop “the most capable, diverse, and resilient space-based intelligence, surveillance, and reconnaissance system the world has ever seen.” </p>
<p id="MhMat9"></p>
https://www.theverge.com/2024/3/16/24103172/spacex-starshield-spy-satellite-network-us-intelligence-classified-contractWes Davis2024-03-14T13:52:01-04:002024-03-14T13:52:01-04:00CBP wants to use AI to scan for fentanyl at the border
<figure>
<img alt="US Border" src="https://cdn.vox-cdn.com/thumbor/XpENF7HZHsSkT1NGMVENrdES0aQ=/0x0:1000x667/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73207292/US-border-main.0.png" />
</figure>
<p id="fg3yDq">In his <a href="https://www.whitehouse.gov/briefing-room/speeches-remarks/2024/03/07/remarks-of-president-joe-biden-state-of-the-union-address-as-prepared-for-delivery-2/">State of the Union address</a> last week, President Joe Biden urged Congress to pass a bipartisan immigration bill “with the toughest set of border security reforms we’ve ever seen.” The bill would have, among other things, funded “100 more high-tech drug detection machines to significantly increase the ability to screen and stop vehicles from smuggling fentanyl into America.”</p>
<p id="bxElHv">The high-tech drug detection machines are actually just X-rays — really high-res ones, but X-rays all the same. The idea isn’t just to get better machines but to scan more vehicles at ports of entry, with an end goal of 100 percent. And to achieve that, Customs and Border Protection (CBP) will eventually deploy artificial intelligence so officers can scan and process cars and trucks as quickly as possible.</p>
<p id="G4TPiC">Two days before Biden’s speech, <a href="https://www.nbcnews.com/politics/immigration/border-fentanyl-scanners-unused-congress-provided-no-money-rcna141432">NBC News reported</a> that CBP already has the most up-to-date fentanyl-detecting machines — but the agency hasn’t been able to install them, because <a href="https://www.washingtonpost.com/politics/2024/02/10/biden-house-republicans-immigration/">Congress hasn’t appropriated the funds</a> for it to do so. </p>
<h2 id="fZdIo7">X-rays at the border</h2>
<p id="qQCW19">Politicians on both sides of the aisle have taken to framing the opioid epidemic as a border security issue — and it is, though not the way nativists may imagine it.<strong> </strong>The overwhelming majority of fentanyl seized by Customs and Border Protection — more than 90 percent — is smuggled through official border crossings by US citizens, not by migrants making unauthorized border crossings. </p>
<div class="c-float-left c-float-hang"><aside id="AT5VeN"><q>The Securing America’s Ports Act requires every passenger vehicle, truck, and freight train that crosses into the US to be X-rayed before entry</q></aside></div>
<p id="bm0C6F">CBP confiscated more than more than 43,000 pounds of fentanyl during the 2023 fiscal year, according to a Department of Homeland Security (DHS) <a href="https://www.dhs.gov/news/2023/12/22/fact-sheet-dhs-front-lines-combating-illicit-opioids-including-fentanyl">press release</a>. Per <a href="https://www.nbcnews.com/politics/immigration/border-fentanyl-scanners-unused-congress-provided-no-money-rcna141432">NBC News</a>, half of all the fentanyl CBP has interdicted at the border passed through a single point, the Mariposa Port of Entry in Nogales, Arizona. Unlike other official border crossings, the Mariposa POE has already installed the new machines, which X-ray cars and trucks as they’re processed for entry into the US. An unknown number of other machines are currently being stored in warehouses because CBP doesn’t have the money to install them, the agency’s acting commissioner Troy Miller told NBC News.</p>
<p id="euOSJa">In January 2021, just weeks before he was about to leave office, Former President Donald Trump <a href="https://www.sandiegouniontribune.com/news/border-baja-california/story/2021-02-16/dhs-xray-border">signed the Securing America’s Ports Act,</a> which requires every passenger vehicle, truck, and freight train that crosses into the US from Mexico and Canada to be X-rayed before entry. </p>
<p id="vcUbJo">The law <a href="https://www.cbo.gov/publication/56514">appropriated $59 million</a> for CBP to buy and install new scanners at ports of entry along the border. CBP is working on installing the <a href="https://www.border-security-report.com/18512-2/">newer machines</a> so they can be used in advance of primary screenings — before the vehicle pulls up to be inspected by a CBP officer, not after. These systems are already under construction or operational in Brownsville and Laredo, Texas; Nogales, Arizona; and Santa Teresa, New Mexico, <a href="https://www.dhs.gov/science-and-technology/news/2023/10/26/feature-article-securing-our-ports-entry-one-scan-or-thousands-time">according to DHS</a>. </p>
<h2 id="QrOxjK">Aspiring to scan 100 percent of vehicles</h2>
<p id="ti42Iu">Even with the machines, CBP doesn’t scan each of the thousands of cars and trucks that pass through ports of entry every day. A former senior leader at CBP <a href="https://www.sandiegouniontribune.com/news/border-baja-california/story/2021-02-16/dhs-xray-border">told <em>The</em> <em>San Diego Union-Tribune</em></a><em> </em>that the agency would most likely treat 100 percent as an “aspirational” goal. In order to get to closer to 100 percent, CBP wants to eventually integrate these new machines with AI systems.</p>
<p id="1ISNlx">Right now, CBP scans about 20 percent of commercial vehicles and less than 5 percent of personal vehicles, Miller, CBP’s current acting commissioner, told NBC News. The agency hopes to scan 40 percent of passenger vehicles and 70 percent of commercial trucks by the end of 2025.</p>
<div class="c-float-left c-float-hang"><aside id="mC3TH4"><q>CBP hopes to scan 40 percent of passenger vehicles and 70 percent of commercial trucks by the end of 2025</q></aside></div>
<p id="iFfrrw">Most people are waved through after answering questions about what they’re bringing across the border and showing CBP officers documentation that shows they can legally enter the US, usually in the form of a passport, green card, or visa. Truck drivers are also required to submit a manifest detailing what they’re carrying in their trucks before they arrive at the port of entry. CBP officers use the information in the manifest to decide which ones to X-ray.</p>
<p id="mrtGvh">The X-ray images are sent to a command center, where CBP officers review them to see if they check out. If a truck’s manifest says it’s carrying a load of bananas, for example, the X-ray should corroborate that. For personal cars, X-rays are used to detect whether there’s hidden cargo hidden somewhere in the vehicle. </p>
<p id="Bnl0de">“They have a single officer reviewing a single image,” said Kevin McAleenan, who served as the CBP commissioner under Trump from 2018 to 2019. “There’s a limitation. If you’re going to try to dramatically increase the number of inspections, you’re going to need not only a lot more scanners and a lot more officers to read them, or you’re going to need the assistance of technology.”</p>
<p id="FRqCfT">McAleenan, <a href="https://www.theverge.com/c/23172433/chad-wolf-homeland-secretary-illegal-tenure-dhs">the putative acting DHS secretary</a> for seven months in 2019, co-founded the trade and travel AI company Pangiam in 2020. Last year, Pangiam was <a href="https://www.prnewswire.com/news-releases/us-customs-and-border-protection-has-awarded-pangiam-with-a-prime-contract-for-anomaly-detection-algorithms-302008161.html">awarded a $16.86 million contract</a> to develop “Anomaly Detection Algorithms” that will use artificial intelligence to analyze the X-ray images scanned at the border, which McAleenan said will act as a “force multiplier” that will speed vehicle processing at the border. </p>
<div class="c-float-left c-float-hang"><aside id="83TWgj"><q>Pangiam was awarded a $16.86 million contract to develop “Anomaly Detection Algorithms”</q></aside></div>
<p id="f14qMX">At most ports of entry, the X-rays happen as part of secondary inspections. Sometimes a driver is pulled for a more intense screening after being flagged by the officer who conducted the primary inspection. Other times, drivers are randomly selected for secondary inspections. CBP is working on installing X-ray scanners before the primary inspection point, so <em>all</em> the cars and trucks heading into the US can be X-rayed before they even make it to the first officer.</p>
<p id="c9rXyi">“Based on how the cross-border supply chain works, a lot of the trucks are actually coming back to the US empty,” McAleenan said. The software, he explained, could “confirm that this truck said it’s empty, the manifest said it’s empty, the scan said it’s empty — no need for the officer to waste his or her valuable time reviewing that image.”</p>
<p id="EALgV2">For “homogenous loads,” like a truck full of melons, McAleenan said, “we can build software products that tell the officer, ‘That load’s supposed to be melons, it looks exactly like the other thousand shipments of melons that have crossed this border over the last two years, we don’t think you need to inspect it further.”</p>
<p id="K8bc6D">The tool, which is not yet in use at the border, is trained on CBP’s past X-ray scans. CBP has a <a href="https://www.nextgov.com/artificial-intelligence/2019/09/inside-look-all-data-cbp-collects-about-everyone-crossing-us-borders/159946/">treasure trove of data</a> on the <a href="https://www.cbp.gov/newsroom/stats/travel">millions of vehicles</a> that cross through ports of entry each year — and the people driving them. </p>
<p id="bZI60Y">Jay Stanley, a senior policy analyst with the ACLU’s Speech, Privacy, and Technology Project, said deploying AI at border crossings could raise privacy concerns. “When you cross the border, the CBP agent can search your bag, but they don’t take a photograph of it and store it,” he said. “If they’re going to create a whole other system of records about you and what’s in your car, how many people are in your car, there’s a lot of personal details that could be retained in that dataset.”</p>
<p id="h5TdLX"><em><strong>Correction March 19, 3:10PM ET:</strong></em><em> An earlier version of this story stated that Pangiam was awarded a $21.5 million contract, as reported by NBC News. According to Andrew Meehan, a spokesperson for Pangiam, the number is actually $16.86 million. We regret the error. </em></p>
https://www.theverge.com/2024/3/14/24099953/cbp-border-ai-fentanyl-scanners-privacyGaby Del Valle2024-03-14T12:00:00-04:002024-03-14T12:00:00-04:00Google says Chrome can now protect you better while preserving your privacy
<figure>
<img alt="The Google Chrome logo surrounded by blue rings" src="https://cdn.vox-cdn.com/thumbor/-bUyRNzUuNQG80KIejBhkPIbkas=/0x0:2040x1360/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73206887/STK114_Google_Chrome_02.0.jpg" />
<figcaption>Illustration: The Verge</figcaption>
</figure>
<p id="ahHZWN">Google <a href="https://security.googleblog.com/2024/03/blog-post.html">has added</a> real-time browsing protection to Chrome that it claims should protect your privacy. The feature, which Google says hides your visited URLs, is now available on the default Standard mode of Safe Browsing on Chrome.</p>
<p id="WAuNrK">For years, Chrome’s Safe Browsing feature has automatically added potentially unsafe URLs to a list Google stores on your device. Every time a user visits a site, Google checks the URL against that list and issues a warning. The problem is that Google only updates this locally stored database every 30 to 60 minutes. Given most dangerous sites exist for less than 10 minutes nowadays, a lot of unsafe sites slip through the cracks.</p>
<p id="ELBGyV">Safe Browsing’s opt-in <a href="https://security.googleblog.com/2020/05/enhanced-safe-browsing-protection-now.html">Enhanced protection</a> mode deals with this by using Google’s Safe Browsing server-side database, which catches unsafe URLs much faster in real time. Yet users must provide Google with more security-related data for full protection, which is why it’s an opt-in mode.</p>
<div class="c-float-left c-float-hang"><aside id="QsNAZz"><div data-anthem-component="readmore" data-anthem-component-data='{"stories":[{"title":"Google is starting to squash more spam and AI in search results","url":"https://www.theverge.com/2024/3/5/24091099/google-search-high-quality-results-spam-ai-content"},{"title":"Microsoft’s AI Copilot for Security launches next month with pay-as-you-go pricing","url":"https://www.theverge.com/2024/3/13/24099670/microsoft-copilot-for-security-pricing-launch-date-features"}]}'></div></aside></div>
<p id="DXsHIw">Google claims the new version of Safe Browsing solves this problem with an API that hides the URLs of visited sites from Google. Now, Google says it will do a real-time check for sites that it couldn’t find in its database and will then send an encrypted version of the URLs to Fastly’s independently operated privacy server.</p>
<p id="EqJKJ9">Google says the privacy server will then strip the URL of any potential user identifiers like IP addresses and will not be able to decrypt the URL. Afterward, it’ll send it to Safe Browsing’s server-side database via a TLS connection that mixes your request with those sent by other Chrome users. </p>
<p id="CAZjph">Safe Browsing should then be able to decrypt the URL to its full hash form — which still hides the URL — and check it against its list. If Safe Browsing finds a match, Google says it’ll only send the encrypted hash form over to Google, and Google will then warn the user. </p>
<div class="c-float-left c-float-hang"><aside id="ZAFAYR"><div data-anthem-component="readmore" data-anthem-component-data='{"stories":[{"title":"The Verge is not interested in interviewing you about crypto — but scammers are","url":"https://www.theverge.com/2024/1/19/24043482/the-verge-crypto-calendly-scam-phishing"}]}'></div></aside></div>
<p id="lUpySY">As a result, throughout the process, Google claims your browsing activity remains private; no single party will be able to see both your IP address and the URL’s hash prefixes. At the same time, Google says it should be able to block 25 percent more phishing attempts. </p>
<p id="DifP13">Yet while the Standard and Enhanced modes can now both do real-time checking, Google claims the Enhanced version continues to offer greater protection. That’s because it comes with extra features, like AI to block attacks, deep file scans, and extra protection from dangerous Chrome extensions.</p>
<p id="PTdCtt">The new real-time checking feature for Standard mode is currently available on Chrome for desktop and iOS and will roll out to Android later this month.</p>
<p id="TsACgB"></p>
<p id="C04PJHEGR9D-1710356742.874309-thread-list-Thread_1710357397.302889"></p>
<p id="zfxurW"></p>
<p id="7gtsUN"></p>
https://www.theverge.com/2024/3/14/24099937/google-chrome-safe-browsing-cybersecuritySheena Vasani2024-02-29T19:49:58-05:002024-02-29T19:49:58-05:00UnitedHealth says Blackcat is the reason healthcare providers are going unpaid
<figure>
<img alt="Illustration of a computer screen with a blue exclamation point on it and an error box." src="https://cdn.vox-cdn.com/thumbor/Is_7tjvQfYIsemLb-aJtgU9u5oU=/0x0:2040x1360/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73174595/akrales_220309_4977_0232.0.jpg" />
<figcaption>Photo by Amelia Holowaty Krales / The Verge</figcaption>
</figure>
<p id="xrELyC">Health insurance provider UnitedHealth has identified Blackcat as the group behind a debilitating cyber attack that has disrupted healthcare providers nationwide, <a href="https://www.reuters.com/technology/unitedhealth-confirms-blackcat-group-behind-recent-cyber-security-attack-2024-02-29/"><em>Reuters </em>is reporting</a>. The attack has led to more than a <a href="https://www.reuters.com/technology/cybersecurity/healthcare-providers-hit-by-frozen-payments-ransomware-outage-2024-02-29/">week-long outage</a> of the the United-owned Change Healthcare system, <a href="https://www.cnbc.com/2024/02/29/change-healthcare-cyberattack-has-caused-financial-mess-for-doctors.html">disrupting payments</a> at hospitals, clinics, and pharmacies across the nation. </p>
<p id="Z5Q5XZ">Since Change Healthcare acts as a middleman between healthcare providers and insurance companies, the breach has hindered <a href="https://www.cnbc.com/2024/02/29/change-healthcare-cyberattack-has-caused-financial-mess-for-doctors.html">everyday transactions</a> like electronic pharmacy refills and new insurance claims. The company first identified suspicious activity on its IT systems on February 21st, according to an <a href="https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/unh-20240221.htm">SEC filing</a>. </p>
<p id="TSkeyH">The breach could last for weeks, UnitedHealth Group Chief Operating Officer Dirk McMahon <a href="https://www.statnews.com/2024/02/29/change-healthcare-cyber-attack-outage-will-last-for-weeks/">told STAT</a>. The insurance company is setting up a loan program for healthcare providers in the meantime. </p>
<p id="UIVYzl">Blackcat, also known as ALPHV, has claimed credit for numerous hacks over the past year, including the <a href="https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware">MGM casino breach in Las Vegas</a>, a hack on <a href="https://www.theverge.com/2023/6/19/23765895/reddit-hack-phishing-leak-api-pricing-steve-huffman">Reddit’s systems</a>, and many others. </p>
<p id="LXbHix">In a <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a">joint cybersecurity advisory</a>, federal agencies including CISA and the FBI warned that Blackcat is now intentionally targeting the healthcare system. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized,” the agencies wrote.</p>
<p id="3IhdUb">The US government has even offered a combined <a href="https://www.theverge.com/2024/2/15/24074398/the-missing-black-cat-with-a-15-million-award">$15 million reward</a> for any actionable intelligence on the group’s whereabouts. An attempt by the FBI to seize Blackcat’s servers and sites last year seemingly failed —the group <a href="https://www.theverge.com/2023/12/19/24008093/alphv-blackcat-ransomware-gang-site-seized-fbi-doj">quickly regained control</a>. </p>
<p id="2J202g">In a darknet message that was later deleted on Wednesday, Blackcat also claimed it <a href="https://www.reuters.com/technology/cybersecurity/unitedhealth-hackers-say-they-stole-millions-records-then-delete-statement-2024-02-28/">stole millions of patient records</a>, including sensitive medical and insurance data in the UnitedHealth breach, <em>Reuters</em> reported. The group also admitted, in the same message, to stealing data from Medicare, the military medical agency Tricare, and even CVS Health. No further details were provided about the timing of these breaches, and the message was reportedly deleted without explanation. <em>Reuters</em> was unable to reach the hackers or verify any of their claims.</p>
<p id="Q4NRU2">Even the theft of sensitive records from UnitedHealth alone could impact millions of people. Change Healthcare handles nearly <a href="https://www.aha.org/lettercomment/2024-02-26-aha-letter-hhs-implications-change-healthcare-cyberattack">1 in 3 patient records</a> in the US, the American Hospital Association told HHS Secretary Xavier Becerra in a letter sent on Monday. “Any prolonged disruption of Change Healthcare’s systems will negatively impact many hospitals’ ability to offer the full set of health care services to their communities,” wrote AHA president Richard J. Pollack. </p>
<p id="OKoaoQ">UnitedHealth is currently working with Google-owned Mandiant and cybersecurity software vendor Palo Alto Networks, <a href="https://www.cnbc.com/2024/02/29/blackcat-claims-responsibility-for-cyberattack-at-unitedhealth.html#:~:text=The%20company%20said,Palo%20Alto%20Networks"><em>CNBC </em>reports</a>. The company hasn’t indicated whether it plans to pay the ransom. </p>
<p id="HuqJ4i"></p>
<p id="pGqEVt"></p>
https://www.theverge.com/2024/2/29/24087105/united-health-black-cat-ransom-ware-hospitals-paymentsAmrita Khalid2024-02-28T13:49:20-05:002024-02-28T13:49:20-05:00New regulation could stop abusers from stalking via connected cars
<figure>
<img alt="Capitol Hill - Washington, DC" src="https://cdn.vox-cdn.com/thumbor/ntN34TmoQ0CMzhNIgLvMqpsDnKo=/0x0:5400x3600/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73171098/1694436871.0.jpg" />
<figcaption>Photo by Matt McClain/The Washington Post via Getty Images</figcaption>
</figure>
<p id="aArYgw">Federal Communications Commission Chair Jessica Rosenworcel shared a new proposal Wednesday that would make it harder for domestic abuse survivors to be stalked through their cars’ location tracking systems.</p>
<p id="PT5Hlh">The notice of proposed rulemaking would kick off a process for the FCC to consider how it can use existing authority to create new protections for domestic abuse survivors. It seeks more information on available connected car services and whether changes to the way the agency implements the <a href="https://www.congress.gov/bill/117th-congress/house-bill/7132">Safe Connections Act</a> are necessary to address how those tools could be used for abuse. The agency is expected to take up the issue in the next month.</p>
<p id="W9LlWG">The Safe Connections Act, which was signed into law in late 2022, requires mobile service providers to let survivors of domestic abuse separate their phone lines from their abuser’s. <a href="https://www.reuters.com/world/us/us-law-domestic-abuse-should-cover-carmakers-fcc-chair-says-2024-02-28/">Rosenworcel told <em>Reuters</em></a> that the issues with connected cars “seemed extraordinarily similar” to the agency’s work implementing the Safe Connections Act.</p>
<div class="c-float-left c-float-hang"><aside id="cm0xHG"><div data-anthem-component="readmore" data-anthem-component-data='{"stories":[{"title":"Your car may be recording more data than you know","url":"https://www.theverge.com/2020/12/28/22203587/car-recorded-data-investigation-stalking-privacy-concerns"},{"title":"AirTags are dangerous — here’s how Apple could fix them","url":"https://www.theverge.com/2022/3/1/22947917/airtags-privacy-security-stalking-solutions"},{"title":"Apple and Google are working together to limit AirTag stalking","url":"https://www.theverge.com/2023/5/2/23707920/apple-google-airtag-stalking-bluetooth-tracker-alert-standard"}]}'></div></aside></div>
<p id="46Jj7P">“A car is a critical lifeline that can give survivors a way to escape their abusers, gain independence, and seek support,” Rosenworcel said in a press release announcing the proposal. “Survivors of domestic abuse shouldn’t have to choose between giving up their vehicle and feeling safe.”</p>
<p id="V1FObO">The move underscores the ubiquity of GPS tracking across many different devices and how those features can be exploited for tech-enabled abuse.</p>
<p id="C40s3V">Outlets <a href="https://www.reuters.com/technology/an-abused-wife-took-tesla-over-tracking-tech-she-lost-2023-12-19/">including <em>Reuters</em></a> and<em> </em><a href="https://www.nytimes.com/2023/12/31/technology/car-trackers-gps-abuse.html"><em>The New York Times</em></a><em> </em>have reported on examples of domestic abuse survivors being tracked by abusive partners through their internet-connected cars. In one case, a woman tried to sue Tesla for negligence in allegedly enabling her husband to stalk her through the vehicle, despite repeated complaints to the company, <em>Reuters</em> reported. But Tesla prevailed.</p>
<div class="c-float-left c-float-hang"><aside id="Ns9J6b"><q><strong>“</strong>Survivors of domestic abuse shouldn’t have to choose between giving up their vehicle and feeling safe.”</q></aside></div>
<p id="gEwoWT">Last month, Rosenworcel <a href="https://docs.fcc.gov/public/attachments/DOC-399700A1.pdf">wrote letters to nine leading automakers</a> in the US, including Ford, General Motors, and Tesla, asking about how they handle geolocation data and if they have any plans to help domestic abuse survivors separate their car tracking from their abusers. Rosenworcel also sent letters to AT&T, T-Mobile, and Verizon at the time asking about how they treat geolocation data from connected car services and their compliance with the Safe Connections Act.</p>
<p id="UNVXCX">Automakers asked to share their domestic abuse plans <a href="https://www.fcc.gov/ecfs/search/search-filings/results?q=(proceedings.name:(%2222-238%22))">responded in varied levels of detail</a>, Rosenworcel told <em>Reuters</em>.</p>
<p id="WSHiTJ">Tesla’s response, for example, does not directly address domestic abuse but <a href="https://www.fcc.gov/ecfs/document/10227291877863/1">says car owners can</a> “customize the sharing parameters by restricting location visibility.” <a href="https://www.fcc.gov/ecfs/document/10227273331484/1">But Toyota wrote</a> it will remove “access to vehicle location information and connectivity functions at the request of a domestic violence survivor or other authorized user.”</p>
<p id="VSzkZq">It’s a topic that’s also caught the attention of Congress. On Tuesday, Sen. Ed Markey (D-MA) <a href="https://www.markey.senate.gov/imo/media/doc/senator_markey_letter_to_ftc_on_auto_privacy__022824pdf.pdf">wrote to the Federal Trade Commission</a>, urging it to investigate auto manufacturers’ data privacy practices, pointing to issues of domestic abuse in part. Markey said that when he’d asked automakers for information on their data collection practices, <a href="https://www.markey.senate.gov/imo/media/doc/automaker_responses_to_sen_markey_letter_on_privacy_-_022824pdf.pdf">they mostly “sidestepped” his questions</a>.</p>
<p id="awogvA">The notice of proposed rulemaking also seeks comment on how connected car service providers can proactively try to protect survivors from misuse of their systems. If adopted, the proposal would be open to a public comment period before the FCC shapes and votes on a rule.</p>
https://www.theverge.com/2024/2/28/24085723/fcc-domestic-abuse-survivors-connected-cars-proposed-ruleLauren Feiner2024-02-28T11:10:12-05:002024-02-28T11:10:12-05:00Biden orders crackdown on selling Americans’ personal data abroad
<figure>
<img alt="An image showing a silhouette of Capitol Hill" src="https://cdn.vox-cdn.com/thumbor/cxLlbpPok4CnoVwFa-wpZpyZy3A=/0x0:3000x2000/1310x873/cdn.vox-cdn.com/uploads/chorus_image/image/73170527/acastro_170711_1777_0001.0.jpg" />
<figcaption>Illustration by Alex Castro / The Verge</figcaption>
</figure>
<p id="qaXcDU">President Joe Biden has <a href="https://www.whitehouse.gov/briefing-room/statements-releases/2024/02/28/fact-sheet-president-biden-issues-sweeping-executive-order-to-protect-americans-sensitive-personal-data/">issued an executive order</a> authorizing the US attorney general “to prevent the large-scale transfer of Americans’ personal data to countries of concern.” <a href="https://www.justice.gov/opa/pr/justice-department-implement-groundbreaking-executive-order-addressing-national-security">According to the US Department of Justice</a> today, those countries could include China, Russia, Iran, and North Korea.</p>
<p id="2BDXYh">The White House says it’s targeting data brokers, which it says collect more personal data than ever before — data that includes things like personal health and financial data. The scale can be staggering: in a recent extreme example from a Consumer Reports study, 48,000 companies had sent Facebook data <a href="https://www.theverge.com/2024/1/17/24041897/facebook-meta-targeted-advertising-data-mining-study-privacy">on a single user</a>. </p>
<p id="DpuHGJ">Several departments will be required to roll out new protections under the order. The White House writes that the Department of Justice (DOJ) will have to create rules to prevent countries of concern from exploiting personal data, though it’s not clear through what means the DOJ would accomplish this. The data would include that related to genomics, biometrics, personal health, finances, and “certain kinds of personal identifiers.” The DOJ would also be required to work with the Department of Homeland Security to set new security standards regarding data gathered through “investment, vendor, and employment relationships.”</p>
<div class="c-float-left c-float-hang"><aside id="50nheL"><div data-anthem-component="readmore" data-anthem-component-data='{"stories":[{"title":"FTC bans major data broker from selling invasive location tracking details","url":"https://www.theverge.com/2024/1/10/24032966/ftc-bans-outlogic-location-data-sales-tracking-settlement"}]}'></div></aside></div>
<p id="2gVEpZ">Biden also ordered the Departments of Health and Human Services, Defense, and Veterans Affairs to ensure that Americans’ health data can’t be transferred via other routes like federal grants. </p>
<p id="jk5rOm">Finally, the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector would have to consider personal data threats when reviewing submarine cable licenses. The order, which would be the president’s third so far this year, has not yet been published to the <a href="https://www.federalregister.gov/presidential-documents/executive-orders/joe-biden/2024">Federal Register</a>.</p>
<p id="estU58">The order described by the White House’s announcement doesn’t appear to address the overall issue of the personal data market in the US, which has very little in the way of boundaries. That leaves us with case-by-case regulatory action by agencies like the FTC, which recently banned <a href="https://www.theverge.com/2024/1/10/24032966/ftc-bans-outlogic-location-data-sales-tracking-settlement">two</a> <a href="https://www.theverge.com/2024/1/18/24043260/the-ftc-bans-another-data-broker-from-selling-your-location-data">brokers</a> from selling precise location data that could endanger consumers. </p>
<p id="EeqxtQ">Foreign actors aren’t the only concern. Senator Ron Wyden (D-OR), who has been beating the drum for digital privacy for many years, cited one of those bans when he <a href="https://www.wyden.senate.gov/news/press-releases/wyden-releases-documents-confirming-the-nsa-buys-americans-internet-browsing-records-calls-on-intelligence-community-to-stop-buying-us-data-obtained-unlawfully-from-data-brokers-violating-recent-ftc-order">called on the NSA</a> to stop buying location information from data brokers. The <a href="https://www.theverge.com/2023/6/14/23759585/odni-spy-report-surveillance-data-location-tracking">US director of national intelligence said</a> information US intelligence agencies buy from them is as detailed as any it could have gotten “only through targeted (and predicated) collection.” </p>
<p id="zMWCNc"></p>
https://www.theverge.com/2024/2/28/24085572/biden-executive-order-personal-data-transfer-china-privacy-surveillanceWes Davis