Biden signs executive order to stop Russia and China from buying Americans’ personal data | The bulk sale of geolocation, genomic, financial and health data will be off-limits to “countries of conc…::President Joe Biden has signed an executive order that aims to limit the mass-sale of Americans’ personal data to “countries of concern,” including Russia and China.

    • seedoubleyou@infosec.pub
      link
      fedilink
      English
      arrow-up
      22
      ·
      9 months ago

      How about American companies and institutions that have a physical presence in this country? Pretty sure these nation states already have their data. Too late and not even remotely enough IMO.

  • Not_mikey@lemmy.world
    link
    fedilink
    English
    arrow-up
    40
    ·
    9 months ago

    This is just like Canada banning foreign investment in real estate. It admits there’s a problem, data harvesting , homes as investments, but just solves a small part of the problem pertaining to “foreign bad guys” while ignoring the larger domestic issue.

    All it does is make the government look like they did something without actually confronting the powerful interests that are causing the problem.

    • SpeakinTelnet@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      9 months ago

      Especially that this was mostly a smoke screen considering how easy it is to register a company in Canada and then buy estate from said company. Suddenly it isn’t foreign investment anymore.

  • Kit
    link
    fedilink
    English
    arrow-up
    25
    ·
    9 months ago

    What’s stopping a middle man in any other country from buying data and selling it to Russia / China?

    • Glytch@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      9 months ago

      The incredibly weak threat of not being able to buy more data if they’re caught? Maybe? Doesn’t seem like a big deterrent either way.

  • uis@lemm.ee
    link
    fedilink
    English
    arrow-up
    14
    ·
    9 months ago

    How about not producing it in the first place? As Russian I have no doubt Chinese spying agencies will obtain it anyway. Russian spying agency maybe will obtain it too.

    • NullPointer@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      9 months ago

      they’ll just buy it from someone else who is not restricted; second, third, fourth hand. Or just wait for yet another inevitable data breach since there is no enforcement or accountability for that.

      • uis@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        ·
        9 months ago

        That’s why I say it should not be collected in first place

  • RaoulDook@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    9 months ago

    We need more of this. Such as the legislation proposed in a couple of bills that this article mentions:

    https://www.brennancenter.org/our-work/analysis-opinion/data-brokers-are-running-wild-and-only-congress-can-rein-them

    Here’s an excerpt with details:

    *Over the past few years, lawmakers have sought to address the data broker problem, proposing bills that would limit the collection of location and health data and regulate the government’s purchases of data from third parties. Our resource highlights two legislative proposals that would constrain the government’s ability to acquire large swaths of personal information without legal process.

    The first, the Fourth Amendment Is Not For Sale Act, takes an important step toward closing the data broker loophole and updating the Electronic Communications Privacy Act. The bill would bar law enforcement and intelligence agencies from purchasing certain communications-related information and location data.

    But it could be stronger. The bill is still tied to outdated categories of communications service providers from the 1980s, and it would not cover similar information collected and sold by other companies, such as health and fitness apps. It also would not cover other categories of sensitive personal information like health, financial, or biometric information. Nor would it address the overcollection of data, or the trafficking of personal information to private entities or even foreign governments, practices that will likely intensify with the proliferation of AI models reliant on vast data sets.

    The American Data Privacy and Protection Act takes a different approach. It is a comprehensive federal consumer privacy bill that promises to reduce the amount of personal information flowing into and out of the hands of data brokers. It would do this by restricting the collection of such information to only what is necessary to provide a service or achieve certain purposes specified in the bill and by placing additional limits on data transfers. This legislation is a promising template, but it, too, should be strengthened.

    The bill has multiple exceptions that would allow government agencies to obtain a significant amount of personal data. These exceptions should be narrowed to prohibit transfers of data to law enforcement or intelligence agencies absent clear indications of a threat to public safety, a security incident, fraud, harassment, or illegal activity, or unless the government has followed the legal process required for compelled disclosure.

    These bills, with the modifications we suggest, point the way forward. The data broker loophole is growing wider by the day, and it threatens to swallow the privacy protections provided in statutes and even in the Constitution. Congress must intervene to bring the law in line with the modern world and end the government’s all-too-common practice of buying its way around our privacy rights.*

    • jmp242@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      unless the government has followed the legal process required for compelled disclosure.

      I don’t see why we can’t just say that for everything. If the government wants the data, they can get a warrant. It’s not that hard - don’t we regularly complain warrants are too rubber stamped?