National security wake-up calls do not get louder than the revelation that a Chinese government-linked hacking group, known as Salt Typhoon, successfully penetrated major U.S. telecommunications carriers in 2024.  AT&T and Verizon were among the companies compromised, exposing the communications of Members of Congress, senior officials, and even both major-party presidential candidates.
 
This was not an isolated breach. It followed a 2023 cyberattack in which Chinese state hackers infiltrated Microsoft’s cloud-hosted email systems, compromising accounts at multiple federal agencies, including the Departments of State and Commerce. According to the Cyber Safety Review Board, the attackers downloaded roughly 60,000 emails from the State Department alone. Pilfered correspondence included those of Cabinet-level officials.
 
These events underscore an uncomfortable truth – the Department of Defense and the intelligence community cannot defend the nation with unencrypted communications routed through a handful of vulnerable providers.
 
The good news is that we do not have to accept this status quo. As the House and Senate negotiate the National Defense Authorization Act (NDAA) for Fiscal Year 2026, conferees must retain the Lummis-Wyden amendment, which mandates secure, interoperable, end-to-end-encrypted collaboration tools for the Pentagon.
 
A Pattern of Foreign Infiltration
From defense contractors to cloud service providers, adversarial regimes have repeatedly exploited weak communication infrastructure to spy on U.S. institutions. The Salt Typhoon and Microsoft incidents illustrate how a single breach in a major service can compromise thousands of sensitive conversations. When communication systems lack end-to-end encryption, even one point of failure can expose entire networks to foreign intelligence agencies.
 
What Lummis-Wyden Would Do
This measure requires the Department of War to use only collaboration systems that meet rigorous cybersecurity standards – including true end-to-end encryption that ensures only the sender and intended recipient can read a message, even if servers in between are hacked.
 
Just as importantly, Lummis-Wyden mandates interoperability. Today, the Pentagon is confined to using a small set of proprietary, “walled garden” platforms that block seamless communication across systems. Interoperable standards would allow the Defense Department to adopt superior tools as they emerge, preventing vendor lock-in that traps communications in the domains of single companies, while enhancing long-term resilience of the Pentagon’s digital networks.
 
By promoting interoperability and strong encryption, Lummis-Wyden would open the door to competition, inviting companies to develop more secure, agile, and affordable solutions. America’s defense and intelligence agencies should never be dependent on single-point-of-failure vendors whose systems are ripe targets for global espionage.
 
A Strategic Imperative
From the theft of federal employee records to the infiltration of telecom carriers, the pattern is unmistakable: insecure communications infrastructure is a strategic liability.
 
Passing Lummis-Wyden would do more than patch vulnerabilities: it would redefine what secure collaboration means in the 21st century. It would signal that America prizes both privacy and resilience, and rewards technologies that deliver genuine end-to-end security rather than superficial compliance checkboxes.

​“Made in China” products should carry the warning “Watching from China,” according to threat assessor Michael Lucci in an interview with Fox News. Nebraska Attorney General Mike Hilgers agrees and is suing the Chinese firm, Lorex, accusing it of using technology the FCC banned in 2022. Lorex cameras are commonly sold by U.S. retailers ranging from Costco to Best Buy, Kohls, and Home Depot.

Nebraska’s complaint accuses Lorex of using tech from Dahua, one of the companies the FCC banned after accusing it of sharing American consumers’ data with the Chinese government. So far, Lorex and other companies have managed to get around the ban by employing a popular strategy known as “white labeling,” in which products are made generically by Company A but sold under Company B’s name.

India recently made a similar determination about such products, imposing stringent new security requirements on mostly Chinese-made CCTV cameras. As we wrote at the time, China’s rap sheet when it comes to using products to spy on other countries is a long one. Nowhere is this truer than in the United States, China’s largest trading partner and most persistent observer.

Lorex’s cameras are frequently sold for in-home surveillance of infants and small children. But what threat could a baby monitor pose? Who cares if every gurgle and burp is captured?
Consider: With video and audio monitoring, Beijing could listen in to the conversations of parents who work in the military or in intelligence agencies. Knowing when thousands of parents with such duties are being called in for a weekend or late night could, in an emergency, be priceless strategic intelligence. The device could also be within earshot of parents talking about work in a way that yields intelligence about commercial business plans or useful Washington gossip.

As always, China is playing a numbers game. The PRC hoovers in vast intelligence, and then turns to AI and a vast army at the Ministry of State Security and its many consultants to winnow out useful intelligence. That is why Attorney General Hilgers calls these baby monitors a “national security issue.” Even if all Beijing has access to is Mom asking Dad to go to the kitchen for a bottle of milk, the erosion of privacy is galling. No American couple signs up to let a foreign government in their baby’s bedroom.
​
If these concerns are accurate, then parents and families aren’t the only ones being watched. All of which also makes us queasy about the growing popularity of AI-powered children’s toys – or, perhaps, justifiably paranoid.

We’ve recently reported on how Mexico is managing to surpass even the expansive surveillance state ambitions of Washington, D.C.

Mexico has passed laws that require every person to enroll in biometric ID systems that must now be presented for any significant transactions in banking, schooling, social services, and health care. This data, in turn, is fed into a “Central Intelligence Program” that can be accessed by civil and military forces.

An update by Karen Gullo at EFF shows just how Orwellian the new system actually is:

“The Mexican government passed a package of outrageously privacy-invasive laws in July that gives both civil and military law enforcement forces access to troves of personal data and forces every individual to turn over biometric information regardless of any suspicion of crime.   

“The laws create a new interconnected intelligence system dubbed the Central Intelligence Platform, under which intelligence and security agencies at all levels of government – federal, state and municipal – have the power to access, from any entity public or private, personal information for ‘intelligence purposes,’ including license plate numbers, biometric information, telephone details that allow the identification of individuals, financial, banking, and health records, public and private property records, tax data, and more. 

“You read that right. Banks’ customer information databases? Straight into the platform. Hospital patient records? Same thing …”

Of course, a Mexican citizen can opt out, provided they are willing to live off the grid without a bank account, healthcare, children in school, or much of anything else.

Mexico’s turn from a multi-party democracy to a state dominated by one party – the Morena Party – makes this collectivization of biometric data even more problematic. As Washington toys with the idea of a national ID, which would have to be based on biometrics to be effective, the uses and abuses of such a database south of the border should be top of mind.

​In a prior age, some politicians were accused of being so paranoid about communism that they saw “a Red under every bed.” We will leave the judgments of history to others, but it is a plain fact that today the People’s Republic of China is, if not exactly under our beds, surrounding us with potential surveillance devices embedded in everything from shipping cranes at U.S. ports to coffee pots in American hotels.

Now the Federal Highway Administration warns that “certain foreign-manufactured power inverters” and battery management systems of solar-powered highway infrastructure contain radios hidden within them. These devices power highway infrastructure including signs, traffic cameras, weather stations, solar-powered visitor areas, warehouses, and electric vehicle chargers.

This raises the possibility of not just surveillance, but of components that could be used for extensive spying or even remotely switched off, which would create an immediate freeze-up of highway traffic and possibly mass casualties.

Reuters, which first reported this FHA memo, also reports that “industry group Green Power Denmark said that unexplained electronic components had been found in imported equipment for Denmark’s energy supply network.”

Here is our advice for U.S. policymakers and industry: QUIT BUYING ANYTHING FROM CHINA THAT CAN BE WEAPONIZED. We have never before reverted to all bold caps, but it should be clear by now that seeding weaponized devices from a hostile government is a suicidal proposition. We should either take this tariff moment to make such critical infrastructure here at home, or at least buy from manufacturers from democracies (such as Mexico) that we can trust.

While writing this, we had a sudden jolt of fear – are there, in fact, reds under our bed?

Some of us own smart mattresses that report how long and how well we slept during the night, including how much of our night was spent in deep sleep, light sleep, and REM sleep, as well as a stream of health data. To our relief, the brand we own is American-made. But some brands of smart mattresses are made in China.
​
The good news: The communists are not under your bed. The bad news: For some consumers, they may actually be your bed.

If you don’t like the feeling of being followed, we recommend avoiding Stockholm, Dubai, Almaty, and – this just in – Mexico City. All are major destinations under constant and growing surveillance by public cameras.

Izabelė Pukėnaitė at Cybernews reports that Mexico’s capital is now launching a mass surveillance CCTV plan with the suitably creepy name of “Eyes That Look After You.”
Let’s break that down: 30,000 new cameras, 15,200 new poles, a $19 million budget, and a whole lot of connectivity. Each pole will have two cameras, one fixed and one capable of tilting/zooming.

All of this comes as Mexico’s ruling Morena party moves to eliminate numerous independent regulatory and oversight agencies. One of those was a body that functioned as an ombudsman for the population, with the power to force government departments to hand over information citizens had filed requests for – a sort of Mexican version of the Freedom of Information Act.

As is always the case when such moves are enacted, the powers that be resort to doublespeak. “There will be more transparency,” declared Mexican President Claudia Sheinbaum, adding, “the public will be able to easily review the functioning, the spending, and everything the Mexican government does.”

An equally disturbing maneuver is the Morena party’s radical overhaul of the country’s judicial system that critics say could easily lead to unabashed one-party rule.

Color us skeptical, but we’re having a hard time seeing how a party that is voraciously concentrating its own power is going to use a new mass surveillance system to somehow make people freer – especially a camera system that the cartels have already used to target and kill informants.

These “eyes” aren’t designed to “look after” anyone. “Look for” is more like it, which, thanks to new legislation mandating a single biometric ID for all Mexican citizens, will soon be easier to do than ever. It is not hard to imagine these systems being used by Morena-controlled officials for political surveillance.

You might be tempted to think at least that could never happen here. It already is. Washington, D.C., beats out Mexico City as the global city with the most government-controlled cameras per capita.
​
Oh well, Ojos que no ven, corazón que no siente – What the eye doesn’t see, the heart doesn’t grieve.

The CLOUD Act of 2018 is a framework for working with U.S. tech companies to share digital data with other governments. This law and basis for international agreements was a reasonable concession to allow these companies to do business around the world. But the agreement has gone off the rails because of the United Kingdom’s astonishing attempt to force Apple to break end-to-end encryption so they can access the data of all Apple users stored in the cloud.

Rather than violate the privacy of its users, Apple has stood by its customers and withdrawn encrypted iCloud storage from the UK altogether.

The House Judiciary’s Subcommittee on Crime and Federal Government Surveillance was already skeptical about that agreement, but appalled when the British government used it to secretly order Apple to provide that unfettered, backdoor access to all the cloud content uploaded by every Apple user on the planet. It was an unprecedented request, and an unexpected one from a fellow democracy.

• In the two years the agreement has been in effect, the UK issued more than 20,000 requests to U.S. service providers. The bulk of those requests included wiretapping surveillance.

 

• In comparison, the United States issued a mere 63 requests to British providers, mostly for stored data.

 

• Compare the UK’s 20,000 requests to the 4,507 wiretap orders of U.S. federal and state law enforcement agencies in criminal cases in two years. The United States has five times the population of the U.K., but only issues about one-fourth the number of such orders.

In April, members of the House Judiciary Committee asked Attorney General Pam Bondi to terminate the U.K. agreement. As extreme as that sounds, PPSA supports that proposal as the best way to persuade Britain to back off an unreasonable position. In the worst-case scenario, no agreement would be better than comprehensive violation of Americans’ privacy.
Undeterred, the subcommittee convened a recent hearing entitled “Foreign Influence On Americans’ Data Through The CLOUD Act.” Greg Nojeim from the Center for Democracy & Technology was an invited witness. If one had to name a single theme to his powerful testimony, it would come down to one word: “dangerous.”

Subcommittee Chairman Andy Biggs used the same word, declaring the secretive British demand of Apple “sets a dangerous precedent and if not stopped now could lead to future orders by other countries.” Ranking Judiciary Committee Member Jamie Raskin struck a similar chord: “Forcing companies to circumvent their own encrypted services in the name of security is the beginning of a dangerous, slippery slope.”

In short, the hearing demonstrated that the CLOUD Act has been abused by a foreign government that does not respect privacy and civil liberties or anything remotely like the Fourth Amendment to our Constitution. It needs serious new guardrails, beginning with new rules to address its failure to protect encryption. Expert witness Susan Landau of Tufts University warned the subcommittee that the U.K. appeared to be undermining encryption as a concept. A U.S.-led coalition of international intelligence agencies, she observed, recently called for maximizing the use of encryption to the point of making it a foundational feature of cybersecurity. Yet Britain conspicuously demurred.

• Rep. Biggs said: “Efforts to weaken, or even breaking, encryption makes us all less secure. The U.S.-U.K. relationship must be built on trust. If the U.K. is trying to undermine this foundation of cybersecurity, it is breaching that trust.” Once pried opened, he cautioned, “It's impossible to limit a back door [around encryption] to just the good guys.”

 

• Rep. Raskin warned that issues with the CLOUD Act itself are emblematic of larger privacy issues. “None of these issues exists in a vacuum. All government surveillance curtails all citizens’ liberties.” To which witness Richard Salgado added, “If there's still a real debate about whether security should yield to government surveillance, it doesn't belong behind closed doors in a foreign country … the debate belongs in public before the United States Congress.”

That debate will likely become intense between now and next spring when Congress takes up the reauthorization of Section 702 of FISA, the Foreign Intelligence Surveillance Act. Judiciary Chairman Jim Jordan indicated as much when he used his opening remarks to tout the “good work” the Committee has ahead of it in preparing to evaluate and reform Section 702.

Later in the hearing, Chairman Jordan returned to the looming importance of the Section 702 debate, asking each of the witnesses in turn a version of the question, “Should the United States government have to get a warrant before they search the 702 database on an American?”

All agreed without hesitation.

“Wow!” declared Rep. Jordan in response. “This is amazing! We all think we should follow the Constitution and require a warrant if you're going to go search Americans’ data.”
​
Rep. Raskin nodded along. And that’s as bipartisan as it gets.

Israel’s spycraft is first-rate. From the “pager” attacks that decapitated Hezbollah, to the surgical strikes over the last few days that have eliminated Iran’s top generals and scientists, it is clear that Israel’s strategic success owes much to world-leading intelligence capabilities in the digital realm.

“In Israel, a land lacking in natural resources, we learned to appreciate our greatest national advantage – our minds,” said the late Israeli Prime Minister Shimon Peres.  Under constant threat, Israel has applied its great minds to information technology in the service of national defense.

What works well in the national security space for Israel, however, is a problem for the rest of the world when cutting-edge surveillance technologies are exported. PPSA has extensively covered the Israeli-based NSO Group, which released malware called Pegasus into the international market. Pegasus is a “zero-click” attack that can infiltrate a smartphone, extract all its texts, emails, images and web searches, break the encryption of messaging apps like WhatsApp and Signal, and transform that phone’s camera and microphone into a 24/7 surveillance device.

It is ingenious, really. Zero-click means the victim doesn’t have to accidentally fall for a phishing scam. The malware is just installed into a phone remotely. Victims can then be counted on to do what we all do – compulsively carry their smartphones with them wherever they go, allowing total surveillance of all they and their friends say and do.
​

• Once released on the international market by the NSO Group, Pegasus rapidly spread to democracies and illiberal regimes alike. It has been implicated in the targeted murder of a journalist in Mexico at the hands of a cartel, as well as the murder of Jamal Khashoggi in the Saudi consulate in Istanbul. Pegasus allowed agents of an African dictatorship to listen in on a conversation at the State Department. And it has played a prominent role in the targeting of political opponents in governments from Madrid to New Delhi.

Another Israeli technology company, Paragon, differentiates itself from the NSO Group by promising a more careful approach. Its U.S. subsidiary promises that it is about “Empowering Ethical Cyber Defense.”

• One of Paragon’s products is Graphite, also a zero-click malware that can infect digital devices. It differs from Pegasus by mostly targeting data from cloud backups instead of extracting data directly from a phone. Apparent efforts by Paragon to ensure the ethical use of this technology by its customers has failed.

 

• Digital investigators at Citizen Lab at the University of Toronto revealed on Thursday that a prominent European journalist (who requested anonymity) and Italian journalist Ciro Pellegrino were told that they had been targeted by Paragon’s Graphite.

 

• A June 5 report from an Italian parliamentary committee with oversight responsibility over Italy’s intelligence services acknowledged forensic evidence that Graphite was used against two leaders of an NGO, Mediterranea Saving Humans, which advocates for immigrants.

Much of the world media reports that an indignant Italian government severed ties with Paragon. But Israeli media reports that after the Italian government rejected an offer by the company to investigate one of these cases, it was Paragon that unilaterally terminated its contract with the Italian government.

The takeaway from all this is that even with a responsible vendor who sets guardrails and ethical policies, a zero-click hack is too tempting a capability for intelligence services, even those in democracies. Whether Pegasus or Graphite, a zero-click, total surveillance capability is like a dandelion in the wind. It will want to go everywhere – and eventually, it will.

​The Ninth Circuit ruled that American tech companies share a degree of liability if their tools facilitate human rights abuses in other countries. The court’s 2023 decision meant that thirteen members of the Falun Gong spiritual practice group could continue to press their years-long case against Cisco Systems for its role in supporting China’s “Golden Shield.”
 
Golden Shield is the Chinese Communist Party’s domestic internet surveillance system. Members of the Falun Gong creed claim that the Chinese government used the Cisco-powered system to aggressively persecute them in a long-running and coordinated campaign.
 
Because a significant portion of Cisco’s work on Golden Shield was done in the United States, ruled the Ninth Circuit, the plaintiffs had sufficient standing to sue here. Importantly, the court noted that, “Cisco in California acted with knowledge of the likelihood of the alleged violations of international law and with the purpose of facilitating them.” The company’s role was essential, direct, and substantial to the point of being liable for “aiding and abetting.”
 
As the Electronic Frontier Foundation points out, this ruling wouldn’t apply to American companies that merely market a tool that anyone could buy and then potentially misuse. What happened in this case was different. Cisco is alleged to have designed, built, maintained – and even upgraded – a “customized surveillance product that the company knew would have a substantial effect on the ability of the Chinese government to engage in violations of human rights.” In so many words, said the Court in assessing Cisco’s role, the Chinese couldn’t have done it without them. To wit, Cisco empowered the following aspects of the Golden Shield surveillance system:
​

• Pattern analysis to identify Falun Gong members’ internet activity
• Real-time monitoring of those activities
• Reporting out this data to Chinese security officers
• Analyzing the system over time to make it more efficient
• Increasing the scope of the original system
• Upgrading the system with its “Ironport” tool to track emails

Cisco is accused of doing this while simultaneously helping the Chinese build a nationwide video surveillance system. The result was a state-of-the-art integrated system capable of creating “lifetime” information profiles on Falun Gong members, so full-featured that it could even be updated with data from members’ latest “interrogation” and “treatment” sessions at the hands of Chinese security personnel.
 
Cisco is alleged to have done it all in an environment in which it is common knowledge that torture, and other violations of international law, are likely to take place. This is not conjecture, but clear information in news coverage, shareholder resolutions, State Department communiques, etc.
 
Cisco rejects the Ninth Circuit’s decision, and recently asked the U.S. Supreme Court to grant cert and rule in its favor. As of now, the High Court has yet to decide whether or not it will do so, but on May 27 it asked the Solicitor General to weigh in with the government’s opinion.
 
This case has always been about testing whether foreign victims can sue U.S. companies for deliberately helping foreign governments commit human rights abuses – an inevitable outcome of advanced surveillance systems in particular. Let’s hope the Supreme Court will deny Cisco’s request. If it does, that will only mean that the case will move forward in California and Cisco and its accusers will still get a full and proper hearing.
 
This is too important a question with too many far-reaching implications to skip a step.

India has a pro tip for would-be users of surveillance cameras, especially ones installed in your own government’s buildings: Don’t buy from China. Recognizing since at least 2021 that they might have a teensy-weensy security problem with the one million Chinese-made cameras installed in government institutions, India has finally decided that maybe they should, well, do something.

In April, according to Reuters, Indian officials met with 17 surveillance gear makers and asked them if they were ready to play by the country’s new rules, which require closed-circuit television (CCTV) vendors to “submit hardware, software and source code for assessment in government labs.” And to absolutely no one’s surprise, they answered (more or less), “Um, no. We don’t like your rules, so, we’re not ready.”

All of which is to say, the surveillance gear makers pitched a wall-eyed fit, predictably portending industry losses, marketplace tremors, timeline impacts, and disruption of various unspecified projects. Of all the CCTV players, China has the most to lose, given their million installed cameras and that 80 percent of all camera components in India are Chinese-made.

For its part, China sees India’s new rules as a smear campaign. But it’s hard to be sympathetic when U.S. officials discovered:

• Among other things, communication equipment that couldn’t be readily explained inside Chinese-made solar power inverters.
• The potential for Chinese equipment in U.S. cell towers to spy on our missile silos.
• What Sen. Mark Warner called “the worst telecom hack in United States history” last December. The Chinese were conducting a “major intelligence gathering operation” using hundreds of thousands of smartphones, many of them in the Washington, DC, area.

The U.S. government has wisely banned certain brands of Chinese telecom equipment because they posed an unacceptable risk to U.S. national security.

But India reminds us that we need to do more. We don’t think India’s stance is old-fashioned protectionism, as some of the new policy’s detractors would like to suggest. Given China’s track record, we consider it a prudent form of self-preservation and risk mitigation.

In February, a Department of Homeland Security (DHS) bulletin connected the dots in no uncertain terms: Chinese cameras double as spy tools for the Chinese Communist Party and could even be used to disrupt critical U.S. infrastructure. The DHS bulletin’s advice is as clear as its warning:

“Broader dissemination of tools designed to help recognize PRC cameras, particularly white-labeled cameras, could tighten enforcement of the 2022 Federal Communication Commission (FCC) ban on the import of these cameras and help mitigate the threat of PRC cyber actors exploiting them for malicious purposes.”

Tens of thousands of such cameras are currently used across U.S. sectors that include critical ones like the energy and chemical industries. Yet the DHS bulletin notes that because of loopholes like the aforementioned “white-labeling” (where imported cameras ship under other companies’ brands), the ongoing proliferation of this Chinese spy tech continues.

It’s time to end practices like white-labeling banned Chinese cameras. And while we’re at it, let’s open up the cases on samples of CCTV cameras sold here and have a look inside.
And if doing so “voids the warranty,” we should just take our chances.

​Ireland’s Data Protection Commission, acting in its official capacity as an EU privacy guardian, recently fined TikTok $600 million (€530 million) for breaching its data privacy rules. This punishment was meted out after the conclusion of a four-year investigation, so it’s a decision that was not made lightly.
 
None of this surprises us. We have previously reported on the surveillance issues related to TikTok as well as other Chinese-owned concerns. It’s naïve to think that any software of Chinese provenance isn’t being used as a data collection scheme, and equally naïve to believe that said data isn’t being shared with the Chinese government.
 
A year ago, Congress passed a law mandating that ByteDance, the Chinese parent of TikTok, divest its ownership else be banned in the United States. ByteDance could be rich beyond all the dreams of avarice if it chose to sell. That it hasn’t done so simply reinforces everyone’s suspicions that the service’s real owner is primarily interested in something other than profits.
 
The bill that President Biden signed had passed the House 360-58 and the Senate 79-18. TikTok sued but the Supreme Court upheld the law in a unanimous ruling in January. It’s an astonishingly bipartisan issue in a deeply divided time. Yet in a mystifying turn of events, the current administration has twice extended the original divestment deadline (now set for June 19). “Perhaps I shouldn’t say this,” President Trump told NBC’s Kristen Welker, “but I have a little warm spot in my heart for TikTok.” Quite the switch for someone who rightly attempted to ban the service during his first term.
 
After the latest show of bad faith by Tik Tok revealed by Irish regulators, President Trump should now enforce this sale – after all, it is a law, not a suggestion – and protect our citizens. It is the president’s constitutional duty to carry out the laws the American people pass through the voice of their representatives. A show of seriousness about enforcing this law would probably allow TikTok to survive in some form. Moreover, it would protect tens of millions of Americans from Chinese government surveillance.

It looks like the CLOUD Act might soon evaporate.

A bilateral agreement under that Clarifying Lawful Overseas Use of Data Act went into effect in 2022 to facilitate the sharing of data for law enforcement purposes. In February, the news leaked that the UK’s Home Office had secretly ordered Apple to provide a backdoor to the content of all of its users, Americans included. The order would effectively break the Apple iPhone’s Advanced Data Protection service that uses end-to-end encryption to ensure that only the account user can access stored data.

In response, Rep. Jim Jordan, Chairman of the House Judiciary Committee, and Rep. Andy Biggs, Chairman of the Subcommittee on Crime and Federal Government Surveillance, have fired off a letter to Attorney General Pam Bondi asking her to terminate the agreement with the UK under the CLOUD Act.

They understand the UK order would be a privacy catastrophe for Apple users around the world. Encryption protects dissidents, women and children hiding from abusive relationships, not to mention the proprietary secrets of innumerable businesses and people who simply value their privacy.

Under the terms of the agreement, the two parties can renew the CLOUD Act every five years. Just after the 2024 election, however, then-Attorney General Merrick Garland preemptively renewed the agreement to try to discourage the incoming Trump Administration from canceling or changing the agreement.

These two leading House Republicans told Bondi that the UK order “exposes all Apple users, including American citizens, to unnecessary surveillance and could enable foreign adversaries and nefarious actors to infiltrate such a backdoor.”

Or, as Jordan and Biggs noted, President Trump told UK Prime Minister Keir Starmer that the order was like “something that you hear about with China.”

Perhaps fearing a consumer backlash in the United Kingdom, the British government made a bid to keep Apple’s appeal of the order in a secret court session, claiming that even discussing the “bare bones” of the case would harm national security. The Investigatory Powers Tribunal rejected the government’s stance, guaranteeing at least some openness in the court’s deliberations.

But we cannot count on the British government to get it right for Americans. For that reason, Chairmen Jordan and Biggs began heaving rhetorical chests of tea into the harbor. They wrote:

“Accordingly, because the UK’s order could expose U.S. citizens to surveillance and enable foreign adversaries and nefarious actors to gain access to encrypted data, we respectfully urge you to terminate the Agreement and renegotiate it to adequately protect American citizens from foreign government surveillance.”

​It seems that China is excelling of late in the artificial intelligence arena, and we’ll cover two such instances today.
 
The first is the launch of the game-changing large language model DeepSeek, which turned its Western competitors on their ears. Faster, less expensive, and more customizable than the rest, it is also brazenly forthright about its lack of privacy protections. As Zak Doffman of Forbes points out in his cybersecurity analysis of DeepSeek, buried deep within the product’s Privacy Policy are declarations like this: “The personal information we collect from you may be stored on a server located outside of the country where you live. We store the information we collect in secure servers located in the People's Republic of China.”
 
As for what they collect, specifically, Doffman says they are unambiguous: everything. See for yourself in detail.
 
And to think we worried about TikTok. “Just ask what a powerful AI engine in state hands could do with all that personally identifiable information,” Doffman muses. “This is strategic in a way TikTok never was.”
 
The second instance of this “you can’t spell CHINA without an ‘A’ and an ‘I’” moment is an update on a phenomenon about which Kay Firth-Butterfield, CEO of Good Tech Advisory, recently reminded us: China is building the AI that powers your children’s toys.
 
From robotic pets to interactive storytelling dolls to remote-control vehicles, as a market segment, AI toys are on target to grow to $40 billion in the next seven years. Laurent Belsie of The Christian Science Monitor found himself casting a wary eye on the whole scene as Christmas approached last year. Some of the growth will be obvious – last year it was Poe the AI Story Bear – but Belsie reports that within two years many makers will have stealthily added AI capabilities to their existing toys.
 
What does all of this have to do with China? Upwards of 80 percent of the world’s toys and their components are currently manufactured there. So when AI comes for (er, to) your children’s toys, it’s likely to be of Chinese design as well. And all that data generated by interactive, conversational – even potentially camera-based – AI toys have to be stored somewhere, as experts like Firth-Butterfield and others remind us. Where, exactly, is increasingly coming into focus.
 
It’s one thing if adults are profligate with their own data (downloading DeepSeek so quickly that it became the top free app on iTunes within a week of its release, for example). It is another when it comes to privacy of children.

​Investigative journalist Ronan Farrow delves into the Pandora’s box that is Israel’s NSO Group, a company (now on a U.S. Commerce Department blacklist) that unleashes technologies that allow regimes and cartels to transform any smartphone into a comprehensive spying device.
 
One NSO brainchild is Pegasus, the software that reports every email, text, and search performed on smartphones, while turning their cameras and microphones into 24-hour surveillance devices. It’s enough to give Orwell’s Big Brother feelings of inadequacy.
 
Farrow covers well-tread stories he has long followed in The New Yorker, also reported by many U.S. and British journalists, and well explored in this blog. Farrow recounts the litany of crimes in which Pegasus and NSO are implicated. These include Saudi Arabia’s murder of Jamal Khashoggi, the murder of Mexican journalists by the cartels, and the surveillance of pro-independence politicians in Catalonia and their extended families by Spanish intelligence. In the latter case, Farrow turns to Toronto-based Citizen Lab to confirm that one Catalonian politician’s sister and parents were comprehensively surveilled. The parents were physicians, so Spanish intelligence also swept up the confidential information of their patients as well.
 
While the reality portrayed by Surveilled is a familiar one to readers of this blog, it drives home the horror of NSO technology as only a documentary with high production values can do. Still, this documentary could have been better. The show is marred by too many reaction shots of Farrow, who frequently mugs for the camera. It also left unasked follow-up questions of Rep. Jim Himes (D-CT), Ranking Member of the House Intelligence Committee.
 
In his sit-down with Farrow, Himes made the case that U.S. agencies need to have copies of Pegasus and similar technologies, if only to understand the capabilities of bad actors like Russia and North Korea. Fair point. But Rep. Himes seems oblivious to the dangers of such a comprehensive spyware in domestic surveillance.
 
Rep. Himes says he is not aware of Pegasus being used domestically. It was deployed by Rwandan spies to surveil the phone of U.S. resident Carine Kanimba in her meetings with the U.S. State Department. Kanimba was looking for ways to liberate her father, settled in San Antonio, who was lured onto a plane while abroad and kidnapped by Rwandan authorities.
 
Rep. Himes says he would want the FBI to have Pegasus at its fingertips in case one of his own daughters were kidnapped. Even civil libertarians agree there should be exceptions for such “exigent” and emergency circumstances in which even a warrant requirement should not slow down investigators. The FBI can already track cellphones and the movements of their owners. If the FBI were to deploy Pegasus, however, it would give the bureau redundant and immense power to video record Americans in their private moments, as well as to record audio of their conversations.
 
Rep. Himes is unfazed. When Farrow asks how Pegasus should be used domestically, Rep. Himes replies that we should “do the hard work of assessing that law enforcement uses it consistent with our civil liberties.” He also spoke of “guardrails” that might be needed for such technology.
 
Such a guardrail, however, already exists. It is called the Fourth Amendment of the Constitution, which mandates the use of probable cause warrants before the government can surveil the American people. But even with probable cause, Pegasus is too robust a spy tool to trust the FBI to use domestically.
 
The whole NSO-Pegasus saga is just one part of much bigger story in which privacy has been eroded. Federal agencies, ranging from the FBI to IRS and Homeland Security, purchase the most intimate and personal digital data of Americans from third-party data brokers, and review it without warrants. Congress is even poised to renege on a deal to narrow the definition of an “electronic communications service provider,” making any office complex, fitness facility, or house of worship that offers Wi-Fi connections to be obligated to secretly turn over Americans’ communications without a warrant.
 
The sad reality is that Surveilled only touches on one of many crises in the destruction of Americans’ privacy. Perhaps HBO should consider making this a series.
 
They would never run out of material.

​Vice presidential candidate J.D. Vance (R-OH) told Joe Rogan over the weekend that backdoor access to U.S. telecoms likely allowed the Chinese to hack American broadband networks, compromising the data and privacy of millions of Americans and businesses.
 
“The way that they hacked into our phones is they used the backdoor telecom infrastructure that had been developed in the wake of the Patriot Act,” Sen. Vance told Rogan on his podcast last weekend. That law gave U.S. law enforcement and intelligence agencies access to the data and operations of telecoms that manage the backbone of the internet.
 
Chris Jaikaran, a specialist in cybersecurity policy, added in a recently released Congressional Research Service report about a cyberattack from a group known as Salt Typhoon:
 
“Public reporting suggests that the hackers may have targeted the systems used to provide court-approved access to communication systems used for investigations by law enforcement and intelligence agencies. PRC actors may have sought access to these systems and companies to gain access to presidential candidate communications. With that access, they could potentially retrieve unencrypted communication (e.g., voice calls and text messages).”
 
Thus, the Chinese were able to use algorithms developed for U.S. law enforcement and intelligence agencies to see to any U.S. national security order and presumably any government extraction of the intercepted communications of Americans and foreign targets under FISA Section 702. China doesn’t need a double agent in the style of Kim Philby. Our own Patriot Act mandates that we make it easier for hostile regimes to find the keys to all of our digital kingdoms – including the private conversations of Vice President Kamala Harris and former President Donald Trump.
 
As alarming as that is, it is hard to fully appreciate the dangers of such a penetration. The Chinese have chosen not to use their presence deep in U.S. systems to “go kinetic” by sabotaging our electrical grid and other primary systems. The possible consequences of such deep hacking are highlighted in a joint U.S.-Israel advisory that details the actions against Israel that were enabled when an Iranian group, ASA, wormed its way into foreign hosting providers.
 
ASA hackers allowed the manipulation of a dynamic, digital display in Paris for the 2024 Summer Olympics to denounce Israel and the participation of Israeli athletes on the eve of the Games. ASA infiltrated surveillance cameras in Israel and Gaza, searching for weak spots in Israeli defenses. Worst of all, the hack enabled Hamas to contact the families of Israeli hostages in order to “cause additional psychological effects and inflict further trauma.”
 
The lesson is that when our own government orders companies to develop backdoors into Americans’ communications, those doors can be swung open by malevolent state actors as well. Sen. Vance’s comments indicate that there is a growing awareness of the dangers of government surveillance – an insight that we hope increases Congressional support for surveillance reform when FISA Section 702 comes up for renewal in 2026.

​Signal is an instant messenger app operated by a non-profit to enable private conversations between users protected by end-to-end encryption. Governments hate that. From Australia, to Canada, to the EU, to the United States, democratic governments are exerting ever-greater pressure on companies like Telegram and Signal to give them backdoor entry into the private communications of their users.
 
So far, these instant messaging companies don’t have access to users’ messages, chat lists, groups, contacts, stickers, profile names or avatars. If served with a probable cause warrant, these tech companies couldn’t respond if they wanted to. The Department of Justice under both Republican and Democratic administrations continue to press for backdoors to breach the privacy of these communications, citing the threat of terrorism and human trafficking as the reason.
 
What could be wrong with that?
 
In 2020, Martin Kaste of NPR told listeners that “as most computer scientists will tell you, when you build a secret way into an encrypted system for the good guys, it ends up getting hacked by the bad guys.” Kaste’s statement turned out to be prescient.
 
AT&T, Verizon and other communications carriers complied with U.S. government requests and placed backdoors on their services. As a result, a Chinese hacking group with the moniker Salt Typhoon found a way to exploit these points of entry into America’s broadband networks. In September, U.S. intelligence revealed that China gained access through these backdoors to enact surveillance on American internet traffic and data of millions of Americans and U.S. businesses of all sizes. The consequences of this attack are still being evaluated, but they are already regarded as among of the most catastrophic breaches in U.S. history.
 
There are more than just purely practical reasons for supporting encryption. Meredith Whittaker, president of Signal, delves into the deeper philosophical issues of what society would be like if there were no private communications at all in a talk with Robert Safian, former editor-in-chief of Fast Company.
 
“For hundreds of thousands of years of human history, the norm for communicating with each other, with the people we loved, with the people we dealt with, with our world, was privacy,” Whittaker told Safian in a podcast. “We walk down the street, we’re having a conversation. We don’t assume that’s going into some database owned by a company in Mountain View.”
 
Today, moreover, the company in Mountain View transfers the data to a data broker, who then sells it – including your search history, communications and other private information – to about a dozen federal agencies that can hold and access your information without a warrant.
 
When it comes to our expectations of privacy, we are like the proverbial frogs being boiled by degrees. Whittaker says that this is a “trend that really has crept up in the last 20, 30 years without, I believe, clear social consent that a handful of private companies somehow have access to more intimate data and dossiers about all of us than has ever existed in human history.”

Whittaker says that Signal is “rebuilding the stack to show” that the internet doesn’t have to operate this way. She concludes we don’t have to “demonize private activity while valorizing centralized surveillance in a way that’s often not critical.”
 
We’re glad that a few stalwart tech companies, from Apple and its iPhone to Signal, refuse to cave on encryption. And we hope there are more, not fewer, such companies in the near future that refuse to expose their customers to hackers and government snooping.
 
“We don’t want to be a single pine tree in the desert,” Whittaker says, adding she wants to “rewild that desert so a lot of pine trees can grow.”

​The intelligence community’s disregard for solemnly made pledges reminds us of the hit song by the ‘80s new wave band Naked Eyes: “You made me promises promises/
Knowing I'd believe …”
 
Forgive the Boomer reference, but the failure of the intelligence community to live up to its promises is also a golden oldie.
 
For example, in 2017, Dan Coats was asked in a Congressional hearing if he would, if confirmed as Director of National Intelligence, provide public estimates of the number of people inside the United States with communications “incidentally” collected by National Security Agency surveillance. Coats said he would “do everything I can” to work with the head of the NSA “to get you that number.” That pledge was followed up by NSA Deputy Director Richard Ledgett to provide an estimate by the end of that year.
 
This would have been important information for the reauthorization of FISA Section 702 in 2018, as well as congressional debate and reauthorization of this same authority this year. Section 702 allows the NSA to scour global networks in search of the communications of foreign spies and terrorists. Given the interconnected nature of global communications, surveillance technology cannot help but also collect the private communications of Americans at home, potentially violating the Fourth Amendment. Having a ballpark estimate of how many Americans have had their privacy rights implicated by federal surveillance would be very useful guidance for congressional oversight of the intelligence agencies.
 
Yet, Director Coats and the NSA backtracked. Their estimates never came. Their excuse was that separating Americans from this global trawl would be too impractical, somewhat like counting all the krill picked up in a large fishing net. But this argument, to strain a metaphor, doesn’t hold water. The watchdog Privacy and Civil Liberties Board made it clear in 2023 that in order to comply with the Constitution’s Fourth Amendment, as well as directives from the Foreign Intelligence Surveillance Court (FISC), the NSA already filters out domestic communications in its programs. In 2022, Princeton researchers published a methodology for a rough estimate of how many people in the United States have their communications caught up under programs authorized by Section 702. Under such partial proxies, Congress could at least have some idea of how many Americans have their communications captured by their government.
 
Beyond ballpark numbers, Congress needs to know how government agencies – the FBI in particular – might be using Americans’ personal information gleaned from Section 702 programs for warrantless domestic surveillance. Despite solemn promises by the champions of the intelligence community that this never happens, the FISC Court revealed that such surveillance has been used by the FBI in ordinary domestic cases – evidence against American citizens that is never revealed in court.
 
Frustrated by the government’s many broken promises, PPSA joined with Restore The Fourth and 22 other civil liberties organizations across the ideological spectrum – ranging from the American Civil Liberties Union to Americans for Prosperity – to send a letter to the directors of national intelligence and NSA. We demand access to numbers that the government clearly has and pledged to Congress to provide.
 
Director of National Intelligence Avril Haines and NSA Director Gen. Timothy Haugh would be well advised not to toss this one into the round file. The reauthorization of Section 702 passed by one tie-breaking vote in the House this year. If the government once again fails to keep its promise, it will not augur well for the next reauthorization of Section 702 on the legislative calendar for 2026.

​A disturbing new report from the Wall Street Journal reveals the staggering extent to which a Chinese hacker group recently gained access to US critical infrastructure, including systems belonging to AT&T, Lumen, and Verizon that the federal government uses for wiretapping investigations. It’s a wakeup call, and a reminder that commercial encryption free of backdoor government access is increasingly paramount given the apparent susceptibility of the surveillance state to outside intrusion.
 
According to WSJ, “[t]he surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations.” The hack, per the paper’s sources, appears “to be geared towards intelligence collection….” In other words, it’s a way to snoop on those in our government who doing the snooping on foreign adversaries like China.
 
The fact that China-backed hackers can access our own investigative channels should make the hair on the back your neck stand up. But it’s an unfortunate inevitability when governments demand backdoors into encrypted commercial communications. As we wrote back in August:
 
“Congress should … resist the persistent requests from the Department of Justice to compel backdoors for commercial encryption, beginning with Apple’s iPhone. The National Public Data hack reveals that the forced creation of backdoors for encryption would create new pathways for even more hacks, as well as warrantless government snooping.”
 
A recent article at BGR puts a finer point on it, noting that, “[p]lacing a backdoor in any product … [invites] even more scrutiny from the hacking community. First, you [won’t] be able to keep it a secret. Second, if there’s a locked door to something, someone can always find the keys.”
 
Outside of the national security implications at play here, the hack also implicates the data privacy of millions of Internet customers, which is already at enough risk domestically. (Reminder to the Senate: pass the Fourth Amendment Is Not for Sale Act.)
 
Apple and all other telecom companies should stand strong in resisting federal efforts to gain access to their encrypted systems. And both law enforcement and policymakers should think again about creating backdoors that only bad actors can access.

​A whitepaper from social media company Meta presents a startling new reality in bland language. It claims that magnetoencephalography (MEG) neural imaging technology “can be used to decipher, with millisecond precision, the rise of complex representations generated in the brain.”
 
In layman’s terms, AI can crunch a person’s brainwaves and apply an image generator to create an astonishingly accurate representation of what a person has seen. Paul Simon was right, these really are the days of miracles and wonders – and also of new threats to personal privacy. (If you want to see this science-fictional sounding technology in action, check out these images from science.org to see how close AI is to representing images extrapolated from brain waves.)
 
Until now, even in a total surveillance state such as North Korea or China, netizens could have their faces, movements, emails, online searches and other external attributes recorded throughout the day. But at least they could take comfort that any unapproved thoughts about the Dear Leader and his regime were theirs and theirs alone. That is still true. But the robustness of this new technology indicates that the ability of brain data to fully read minds is not far off. Researchers in China in 2022 announced technology to measure a person’s loyalty to the Chinese Communist Party. A number of non-invasive brain-wave reading helmets are on the U.S. market for wellness, education, and entertainment.
 
The Members of the California State Assembly and Senate were sufficiently alarmed by these developments to follow the example of Colorado and regulate this technology. This new law amends the California Consumer Privacy Act to include “neural data” under the protected category of “personal sensitive information.” On Saturday, Gov. Gavin Newsom signed that bill into law.
 
Under this new law, California citizens can now request, delete, correct, and limit what neural data is being collected by big tech companies. We know what you’re thinking, would I be sufficiently concerned about my privacy that I would register with a state-mandated database to make changes to my privacy profile?
 
Actually, that was just our best guess about what you’re thinking. But give it a few years.

​For days after the arrest of Telegram CEO Pavel Durov by French authorities at Le Bourget Airport near Paris, the world civil liberties community held back.
 
The impulse to rush to the defense of a Russian dissident/entrepreneur was almost overwhelming. Durov had refined his skills with the creation of VK, a social media website that allowed dissidents, opposition politicians, and Ukrainian protesters to evade Vladimir Putin’s emerging surveillance state as late as 2014. After Durov fled Russia with his brother Nikolai, they created the encrypted messenger service Telegram, which allows users not only to communicate in secrecy, but to also set their messages to disappear.
 
Across Asia, Africa, Latin America, and our own country, Telegram enables dissidents, journalists, and people in fear of cartels or abusive spouses to communicate without making themselves vulnerable. So civil libertarians were naturally poised to rush to Durov’s defense. But they didn’t. There was the matter of the 12 charges approved by a French judge this week, including “complicity” in crimes such as aiding in the distribution of international narcotics and child sex abuse material.
 
The many devils in this case lurk in its many details, some of which are far from well understood. At this point, however, we can at least pose preliminary questions. Some answers must come from the French government. Some must come from every person who cares about privacy, including the almost 1 billion users of Telegram.

1. Telegram has a service that offers unencrypted, custom chat rooms and one-way broadcast channels that can accommodate up to 200,000 users. Was it in these semi-public channels that the French government alleges the criminal conduct took place?
   
   
2. Did Durov and his people monitor these large chat rooms and channels? If they did not, perhaps out of a matter of principle, does that exculpate them to any degree?  
   ​
   
3. The value of an encrypted messaging service is its security. The provision of a backdoor by Telegram to any government would necessarily result in the compromise of Telegram’s value to some of the most endangered and vulnerable people in the world. But the flip side of this is that with an encrypted service there may be no way for even Durov himself to know the content of the messages crossing his servers. Should such hands-off, deliberate ignorance absolve Durov & Co. from criminal liability?

 
We can already highlight at least one aspect of this case that should concern civil libertarians and free speech advocates around the world. Thanks to an insightful analysis by Kevin Collier and Rob Wile in Slate, we know that two of the 12 charges involve a purported obligation of providers of cryptological services to require their users to register with their real identities. Another count declares it a crime to import such an encrypted service “without prior declaration.”
 
Collier and Wile write that this latter provision, which at first sounds like a matter of bureaucratic form-filling, actually implies that “France sees the use of internationally based, unregulated ‘encryption’ service as a crime all its own.” If so, will France get away with criminalizing private encryption services? And if that happens, might this become EU policy?
 
We are already seeing Europe employ illiberal interpretations of the recently enacted Digital Services Act. The EU’s top digital regulator, Thierry Breton, threatened X with legal action if it ran Elon Musk’s full interview with Donald Trump. While Breton’s threat was later disowned by his boss, EU President Ursula von der Leyen, it was still breathtaking to see in Europe today that a powerful regulator believes the European public would be well served by censoring the words of a major party nominee to lead the United States. It is not a stretch to imagine such people also wanting to stamp out private communications. Is France now using possibly legitimate charges about Telegram’s operation to undermine the very idea of encryption?
 
Everyone who cares about privacy should watch how this case unfolds. After all, thanks to Telegram, we know that there are at least one billion of us.

​A report by The New York Time’s Vivian Wang in Beijing and one by Tech Policy’s Marwa Sayed in New York describes the twin strategies for surveilling a nation’s population, in the United States as well as in China.
 
Wang chronicles the move by China’s dictator, Xi Jinping, to round out the pervasive social media and facial recognition surveillance capability of the state by bringing back Mao-era human snitching. Wang writes that Xi wants local surveillance that is “more visible, more invasive, always on the lookout for real or perceived threats. Officers patrol apartment buildings listening for feuding neighbors. Officials recruit retirees playing chess outdoors as extra eyes and ears. In the workplace, employers are required to appoint ‘safety consultants’ who report regularly to the police.”
 
Xi, Wang reports, explicitly links this new emphasis on human domestic surveillance to the era when “the party encouraged residents to ‘re-educate’ purported political enemies, through so-called struggle sessions where people were publicly insulted and humiliated …” Creating a society of snitches supports the vast network of social media surveillance, in which every “improper” message or text can be reviewed and flagged by AI. Chinese citizens are already followed everywhere by location beacons and a national network of surveillance cameras and facial recognition technology.
 
Marwa Sayed writes about the strategy of technology surveillance contained in several bills in New York State. One bill in the state legislature would force the owners of driver-for-hire vehicles to install rear-facing cameras in their cars, presumably capturing private conversations by passengers. Another state bill would mandate surveillance cameras at racetracks to monitor human and equine traffic, watching over people in their leisure time. “Legislators seem to have decided that the cure to what ails us is a veritable panopticon of cameras that spares no one and reaches further and further into our private lives,” Sayed writes.
 
She notes another measure before the New York City Council that would require the Department of Sanitation to install surveillance cameras to counter the insidious threat of people putting household trash into public litter baskets. Sayed writes:
 
“As the ubiquity of cameras grows, so do the harms. Research shows that surveillance and the feeling it creates of constantly being watched leads to anxiety and paranoia. People may start to feel there is no point to personal privacy because you’ll be watched wherever you go. It makes us wary about taking risks and dampens our ability to interact with one another as social creatures.”
 
Without quite meaning to, federal, state, and local authorities are merging the elements of a national surveillance system. This system draws on agencies’ purchases of our sensitive, personal information from data brokers, as well as increasingly integrated camera, facial recognition, and other surveillance networks.
 
And don’t think that organized human snitching can’t come to these shores either.
 
During World War One, the federal government authorized approved citizens to join neighborhood watch groups with badges inscribed with the words, “American Protection League – Secret Service.” At a time when Americans were sent to prison for opposing the war, the American Protection League kept tabs on neighbors, always on the watch out for anyone who seemed insufficiently enthusiastic about the war. Americans could be reported to the Department of Justice for listening to Beethoven on their phonographs or checking out books about German culture from the library. 
 
Today, large numbers of FBI and other government employees secretly “suggest” that social media companies remove posts that contain “disinformation.” They monitor social media to track posts of people, whether targeted by the FBI as traditional Catholics or observant Muslims, for signs of extremism. As world tension grows between the United States and China, Russia, Iran and North Korea, something like the American Protection League might be resurrected soon in response to a foreign policy crisis. Its digital ghost is already watching us.

​Amnesty International released a report based on interviews with 32 Chinese students, including 12 from Hong Kong, studying in universities in eight countries – from the United States to Belgium, Canada, France, Germany, the Netherlands, Switzerland, and the United Kingdom.
 
Sarah Brooks, Amnesty International’s China Director, said that even when Chinese students study thousands of miles from home, many live in fear. “The Chinese authorities’ assault on human rights activism is playing out in the corridors and classrooms of the many universities that host Chinese and Hong Kong students,” she said.
 
A typical story was told by a student who attended a commemoration of the 1989 Tiananmen Square massacre. She was careful not to share her real name with anyone involved in the protest or to post anything online. Yet, a few hours later she heard from her father in China, who had been grilled by security officials. 
 
Such surveillance could possibly be performed by a quick study of online images. About one-half of Amnesty’s interviewees said they had been photographed or recorded at events by someone present at the protest. The only conclusion to draw from this is that China has enough spies in the United States and Western countries to show up and shadow protest events. Many students said they censor themselves online – even in the classroom – due to the perceived risk their comments and opinions will be reported. One-third of students said they changed the focus of their studies or dropped out of planned academic careers because of this pressure.
 
“Threats made to family members in mainland China included to revoke their passports, get them fired from their jobs, prevent them from receiving promotions and retirement benefits, or even limiting their physical freedom,” Amnesty reports. In some instances, families have been pressured to cut off financial support for their children.
 
More than one-half of the students interviewed said they suffered mental health issues linked to their fears, ranging from stress and trauma to paranoia and depression. One case led to hospitalization.
 
Western universities have been slow to recognize and counter these threats to students. Some academics have even sided with China against dissident students. Amnesty reports that a student was dropped by a Western university researcher on a project after learning that she had participated in a protest critical of China.
 
“The impact of China’s transnational repression poses a serious threat to the free exchange of ideas that is at the heart of academic freedom, and governments and universities must do more to counter it,” Brooks said.
 
Universities need to be fully aware of the threat of surveillance and retaliation against their students from China. The U.S. government must also take countermeasures to stop Chinese surveillance of students in the United States, even if this means expelling diplomats or tracking others who surveil and harass students exercising their right to free speech. We must also be aware of the dangers of purchased or posted data and videos that expose Chinese students to harm.
 
Amnesty’s report is a reminder that that in the United States, it is not just the U.S. federal government that surveils Americans and visitors to our shores.

​Ken Blackwell, former ambassador and mayor of Cincinnati, has a conservative resume second to none. He is now a senior fellow of the Family Research Council and chairman of the Conservative Action Project, which organizes elected conservative leaders to act in unison on common goals. So when Blackwell writes an open letter in Breitbart to Speaker Mike Johnson warning him not to try to reauthorize FISA Section 702 in a spending bill – which would terminate all debate about reforms to this surveillance authority – you can be sure that Blackwell was heard.
 
“The number of FISA searches has skyrocketed with literally hundreds of thousands of warrantless searches per year – many of which involve Americans,” Blackwell wrote. “Even one abuse of a citizen’s constitutional rights must not be tolerated. When that number climbs into the thousands, Congress must step in.”
 
What makes Blackwell’s appeal to Speaker Johnson unique is he went beyond including the reform efforts from conservative stalwarts such as House Judiciary Committee Chairman Jim Jordan and Rep. Andy Biggs of the Freedom Caucus. Blackwell also cited the support from the committee’s Ranking Member, Rep. Jerry Nadler, and Rep. Pramila Jayapal, who heads the House Progressive Caucus. Blackwell wrote:
 
“Liberal groups like the ACLU support reforming FISA, joining forces with conservatives civil rights groups. This reflects a consensus almost unseen on so many other important issues of our day. Speaker Johnson needs to take note of that as he faces pressure from some in the intelligence community and their overseers in Congress, who are calling for reauthorizing this controversial law without major reforms and putting that reauthorization in one of the spending bills that will work its way through Congress this month.”
 
That is sound advice for all Congressional leaders on Section 702, whichever side of the aisle they are on. In December, members of this left-right coalition joined together to pass reform measures out of the House Judiciary Committee by an overwhelming margin of 35 to 2. This reform coalition is wide-ranging, its commitment is deep, and it is not going to allow a legislative maneuver to deny Members their right to a debate.

The Biden Administration has placed the people, the industry, and the national security of the United States on the edge of a cyber cliff and is threatening to push us all off.
 
Does that sound alarmist? Consider: Wikipedia brings together thousands of volunteers to curate a free, online encyclopedia about – well, everything – including the policies and personalities of repressive, homicidal regimes from Russia, to China, to North Korea.
 
In the last decade, the Wikimedia Foundation, the non-profit that hosts Wikipedia, has received increasing requests to provide user data to governments and wealthy individuals. These foreign appeals not only seek to bowdlerize accurate information and censor editorial content, they also ask for personal data to enable retaliation against the volunteers who edit Wikipedia.
 
On one level, this is actually kind of funny. Dictators and cartel bosses who rule by terror at home are reduced to making polite requests to the Wikimedia Foundation because the current system denies them local access to Wikipedia data. The architecture of an open internet, which forbids forced data localization, thus throws up roadblocks for malevolent foreign interests that would access Americans’ online, personal information.
 
Now Americans’ privacy and the security of U.S. data is completely at risk because of U.S. Trade Representative Katherine Tai’s astonishing withdrawal of support for the underpinnings of a global internet before the World Trade Organization.
 
Tai’s move leaves the Biden Administration moving in opposite directions at once. With one hand, the Biden Administration recently issued an executive order cracking down on the sale of Americans’ personal data by data brokers to foreign “countries of concern.” With the other hand – the president’s trade representative – the U.S. offered to drop its long-standing opposition to forced data localization and to forced transfers of American tech companies’ algorithms to governments around the world. Tai would hand the keys to America’s digital kingdom to more than 80 countries, including China.
 
It is not only Americans who will be at risk, but political dissidents and religious minorities around the world.
 
“Growing requirements for data localization are happening alongside a global crackdown on free expression,” wrote the American Civil Liberties Union, the Center for Democracy & Technology, Freedom House, Information Technology and Innovation Foundation, Internet Society, PEN America, and the Wikimedia Foundation. “And people’s personal data – which can reveal who they voted for, who they worship, and who they love – can help facilitate this … 78 percent of the world’s internet users live in countries where simply expressing political, social, and religious viewpoints leads to legal repercussions.”
 
The Biden Administration’s forced disclosure of source codes will undermine the national and personal security of our country. Why? And for what? We are not sure, but it is clear that it would put all Americans’ privacy and personal security at risk.