A new White House directive giving government agencies legal authority to prevent Americans’ sensitive data from falling into the hands of foreign adversaries has been controversial, with industry executives saying it risks disrupting current data flow mechanisms. Do enough to address potential abuse in the home, which some say exists and privacy advocates say doesn’t.
The Justice Department and other government agencies are set to begin the complex process of developing regulations that are included in a sweeping data security executive order signed by President Joe Biden on Wednesday. The purpose of this order is to protect the vast majority of data from China, Russia, and other countries, on the grounds that such data could be secretly processed to target Americans and pose other national security risks. It’s about blocking the transaction.
As officials and researchers continue to warn of hacking threats from nation-states and other “countries of concern” on the directive’s target list, intelligence partners are also urging companies to remove genomic data from their systems. They are calling on people to be wary of China’s efforts to siphon off its own resources. Over the past year, hacking incidents involving data types listed in the executive order have further strengthened the agency’s authority to prevent the misuse of Americans’ data abroad.
Acting on such an order is expected to be a complex task, as regulators will need to decide how to apply restrictions to various cross-border data transfer scenarios.
Industry officials close to the White House said this includes formally defining the types of sensitive data and forming numerical thresholds for what constitutes large data transfers. Nextgov/FCWspoke on condition of anonymity to speak candidly about the debate surrounding the directive.
The order also introduces entirely new concepts, such as categories that combine multiple data types, such as packaging health and genomic data into the same data set, that should also be considered, officials added. Ta.
The order contemplates near-total restrictions on data brokers trading sensitive data to hostile countries or companies based in those countries. Americans who sell large amounts of personal or U.S. government data to these countries will also be held accountable. Several data brokers, including Equifax, Experian, CoreLogic, Oracle and Acxiom, did not respond to requests for comment.
Another tech industry official said the order could have unintended consequences if it is not sufficiently surgical, especially when it comes to employee data.
“We have 20,000 employees in China. We need to share data such as salaries and personal information,” said the official, speaking on condition of anonymity because he was not authorized to publicly comment. “[The Biden administration] “They assured us that was not the goal, but we would like to see what happens,” they added.
Although the Directive marks employment contracts and other common business contracts as a less restrictive category in which data transactions may still occur, the Directive says they are still limited by certain mitigation measures. says.
The United States also needs to consider scenarios in which U.S. data caches are transplanted to allies and ensure that safeguards to prevent that data from being transmitted again to adversaries remain intact.
John Ackerley, a former White House official who ran the Bush administration’s technology policy portfolio, said there are tracking technologies regulators could consider to address such cases.
Specialized labeling techniques, for example, can stick to data wherever it goes, said Ackerly, who now heads data encryption services company Virtru. “You can create [tagging] It’s a system that allows you to audit where your data goes,” he said, adding that the Department of Defense continues to use similar techniques to monitor classified information.
Privacy advocates say the order does not go far enough to address ongoing concerns about data brokers and related activities by tech companies.
Domestic-based data brokers already legally acquire, process, and sell data on U.S. citizens for commercial purposes, but civil liberties groups and members of Congress frequently report instances where data broker deals go too far. It is said that it is being taken up.
“Foreign adversaries are certainly using our information. Just as we’re seeing domestic private companies using our information in ways we don’t want.” said Cody Venske, senior policy advisor at the Civil Liberties Union.
The Biden administration has argued that Congress should not prohibit the U.S. government from purchasing Americans’ data because such protections would put the U.S. at a disadvantage to China and Russia. said privacy issue Sen. Ron Wyden (D-Oregon). A notable member of the Senate Intelligence Committee. “With this EO, that argument is no longer valid and the government should stop opposing common sense surveillance reform.”
It is also unclear how the order will affect U.S. spy agencies, which have frequently relied on data broker deals and similar commercial data agreements. In particular, disputed surveillance authorities frequently make use of communications data collected from overseas targets.
“Intelligence communities have many tools at their disposal,” Ackerley said, insisting that the order would not have a significant impact on U.S. national security operations.
Administration officials said at the time of the order’s announcement that intelligence community involvement in data purchases was outside the scope of the order, and that information on Americans by foreign adversaries is less important than how the United States uses such data. He emphasized that the use of
