Law enforcement agencies in the U.S. have been bypassing the Fourth Amendment of the Constitution for years by buying personal data on American citizens that they would otherwise need a warrant to obtain. Recently, a whistleblower complaint suggests that Immigration and Customs Enforcement (ICE) is now pushing the limits even further by carrying out warrantless raids to arrest individuals, despite federal court rulings that affirm this practice violates the Fourth Amendment. This news comes amid ongoing protests in Minneapolis, where ICE is working to expand its deportation network across Minnesota and four other states. The Department of Homeland Security claims that simply naming an ICE agent can be considered “doxing,” yet a review by WIRED found that many agents publicly disclose their own identities. The implications of having access to personal information can be significant; one report this week highlighted that people are avoiding medical care due to surveillance from advertising technology and ICE activities.
ICE isn’t just raiding homes without judicial consent; they’re also on the lookout for drugs. Customs and Border Protection recently expressed interest in a “quantum sensor” capable of detecting fentanyl and connecting to an “AI database.”
In unrelated news, a researcher has uncovered an unsecured database containing 149 million login credentials associated with various platforms, from Gmail to government systems worldwide. Jeremiah Fowler, the researcher, suspects that the logins were gathered by infostealing malware. Thankfully, the database—previously open to anyone online—has since been taken offline.
In light of a recent sale to U.S. investors, TikTok has started collecting even more user data, including precise location information.
As always, we bring you a roundup of security and privacy news that we haven’t delved into too deeply. Click the headlines for the full stories and stay safe out there.
This week, the Trump administration acknowledged in court documents that operatives from the so-called Department of Government Efficiency (DOGE) might have shared Social Security Administration (SSA) data with an external group seeking to “overturn election results in certain states,” according to a January 16 Department of Justice filing. The DOJ is uncertain whether these undisclosed DOGE team members actually shared the data with the unidentified group. The filing aims to clarify earlier testimony, stating that DOGE operatives were using links to share information through the third-party server Cloudflare, which isn’t sanctioned for storing SSA data. It also noted that Steve Davis, a senior adviser to Elon Musk, was included in an email that contained password-protected files with names and addresses of about 1,000 individuals extracted from SSA records. However, the SSA could not determine if Davis accessed the file, which remained locked from current SSA employees at the time of the filing.
In an unusual move, the Federal Aviation Administration has included “Department of Homeland Security facilities in mobile assets” in a new “no-fly zone” announcement, as reported by 404 Media. This restriction prohibits “unmanned aircraft,” including commercial drones used for aerial footage, from being used within 3,000 feet horizontally and up to 1,000 feet vertically above DHS properties. Violators of these restrictions could face criminal charges, civil penalties, or even loss of their drone flying privileges.
As you prepare for this weekend’s major winter storm, it’s worth checking whether your thermals are from Under Armour. TechCrunch reported that the clothing and fitness app company is investigating a potential data breach after a hacker leaked millions of customer records online. Have I Been Pwned informed 72 million individuals via email about the breach, which included names, email addresses, genders, birth dates, approximate locations, and purchase-related details. An Under Armour spokesperson confirmed awareness of the claims and stated they have engaged “external cybersecurity experts” without finding evidence that the breach affected payment processing or customer password storage systems.
If you encrypt your laptop’s hard drive, you likely believe it means that only you can decrypt it and access your data. However, if you follow Microsoft’s recommendation of storing your decryption key in the cloud for easier recovery, you may need to re-evaluate your security assumptions. Microsoft confirmed that it often provides decryption keys to law enforcement upon request, granting them full access to your machine’s content. Forbes uncovered a case where Microsoft complied with an FBI request for keys in a Guam-based fraud investigation. Microsoft revealed that it receives about 20 requests annually for BitLocker keys from law enforcement, usually complying, though they noted they can’t do so if the key is stored locally.
In Iran, the government has cut off internet access for weeks due to widespread protests. However, anti-regime activists found a way around this by seemingly hacking the country’s state TV satellite to broadcast a message supporting demonstrators. This included a segment featuring Reza Pahlavi, the son of Iran’s former ruler, urging military and security forces to side with the protesters. The broadcast reportedly displayed messages like “Don’t point your weapons at the people. Join the nation for the freedom of Iran,” lasting as long as 10 minutes before the channel returned to its regular programming.
