DOGE has been targeting several government agencies, gutting them in an effort to rein in spending. The Internal Revenue Service appears to be its latest target, with The Washington Post reporting that DOGE is asking for broad access to IRS data, including highly sensitive taxpayer data and tax returns.

The data in question includes the Integrated Data Retrieval System (IDRS), which provides a mechanism for IRS employees to access the agency’s most sensitive and private taxpayer data. Access to IDRS is carefully regulated, with federal law only allowing access under very specific circumstances.

• Law enforcement can only access the data with a court order.
• IRS and Treasury Department employees can only access the data for purposes related to audits, collections, tax enforcement, revenue collection, and some administration functions.
• Even lawmakers cannot access the data.

According to The Guardian, the White House defended its efforts to give DOGE access under the guise of rooting out fraud.

“Waste, fraud and abuse have been deeply entrenched in our broken system for far too long,” said White House spokesperson Harrison Fields. “It takes direct access to the system to identify and fix it.”

What the White House did not explain is how looking at taxpayers’ private data will reveal “waste, fraud and abuse,” as opposed to the agency’s policies, procedures, safeguards, and internal operations.

Despite the lack of a good reason for DOGE to be accessing IDRS, the Post reports that the agency “is considering a memorandum of understanding” that would give DOGE broad access.

The Legal Questions

One of the biggest questions many have is whether it is even legal for DOGE to access taxpayer data. Senators Ron Wyden and Elizabeth Warren have written to Acting IRS Commissioner Douglas O’Donnell demanding information regarding giving DOGE access.

As you are aware, tax returns and return information are subject to strong legal privacy protections under Sections 6103 and 7213A of the tax code.2 These laws were strengthened nearly 50 years ago with strong bipartisan majorities of Congress in response to President Nixon’s abuse of the IRS to target his political enemies. These reforms also included prohibitions on executive branch influence over taxpayer audits and other investigations. 3 These prohibitions have long prevented political appointees in previous administrations from accessing the private tax records of hundreds of millions of Americans, and allowing DOGE officials sweeping access these systems may be in violation of these statutes. Violations of these taxpayer privacy laws, including unauthorized access to or disclosure of tax returns and return information, can result in criminal penalties, including incarceration. In one recent example, a contractor working for the IRS who leaked taxpayer information was sentenced in 2024 to five years in federal prison.

While Section 6103 of the tax code prohibits any unauthorized disclosure of tax returns or information contained in tax returns, Section 7213A also makes it unlawful for any federal officer, employee, or authorized viewer to willfully inspect a return or return information for a purpose other than one specifically authorized by law, with inspection defined expansively, to include “any examination of a return or return information.”5 Therefore, improper inspection of tax return information is illegal, even if it has not been made public or disclosed to any unauthorized recipients.

Even if individuals affiliated with DOGE are employed by Treasury, their access to tax information may not be legal. For inspection of taxpayer information to be lawful, it must be made to or by an authorized person for an authorized purpose. While Treasury employees, such as IRS personnel, can access tax return information for their official duties involving tax administration, such as conducting audits or processing tax returns, they generally may not access them for reasons unrelated to those purposes. In addition, there are significant restrictions on access to tax return information for others in the employ of the federal government. There are serious statutory and regulatory restrictions on when employees outside the Treasury Department may gain access to tax return information. To date, no information on DOGE employees or any others executing orders on Musk’s behalf have revealed any clear, stated purpose as to why they need access to return information, whether they have followed all required laws to gain access to IRS systems, and what steps the IRS has taken to ensure that inspection of tax return is contained to authorized personnel and not disclosed to any unauthorized parties.

The two senators also directly address the legality of whether an executive order is enough to grant DOGE access.

No executive order requiring agency heads to provide DOGE personnel access to IRS records or information technology systems supersedes the federal tax code. Software engineers working for Musk seeking to gain access to tax return information have no right to hoover up taxpayer data and send that data back to any other part of the federal government and may be breaking the law if they are doing so. DOGE engineers also have no legal right to snoop around and inspect the tax returns of millions of American citizens unless expressly permitted under Section 6103.

The senators’ full letter can be read here and delves into greater detail regarding the legal implications.

Ethical Concerns

In addition to the strictly legal issues are the ethical questions raised by giving DOGE access. For example, the IRS’ own Taxpayer Bill of Rights assures taxpayers that this kind of scenario will not happen.

The Right to Privacy

Taxpayers have the right to expect that any IRS inquiry, examination, or enforcement action will comply with the law and be no more intrusive than necessary, and will respect all due process rights, including search and seizure protections and will provide, where applicable, a collection due process hearing.

Learn more about your right to privacy.

The Right to Confidentiality

Taxpayers have the right to expect that any information they provide to the IRS will not be disclosed unless authorized by the taxpayer or by law. Taxpayers have the right to expect appropriate action will be taken against employees, return preparers, and others who wrongfully use or disclose taxpayer return information.

Learn more about your right to confidentiality.

Given the number of government websites that have had information purged, below is a screenshot of the sections in question.

Conclusion

DOGE’s request to access Americans’ most private and sensitive data is a disturbing turn of events, one that has not been clearly explained and is likely in violation of the law. The revelation is even more concerning when considering previous reports that indicate DOGE is guilty of embarrassing lapses in cybersecurity, meaning its access to IRS data could open the door to an unprecedented avalanche of cybersecurity breaches.

Observers are also questioning why an administration that promised to reign in Big Tech has seemingly handed the keys of the kingdom to one of Big Tech’s most controversial executives and is now on the verge of handing over Americans’ most sensitive and private data to that same tech mogul.

The EU has become increasingly aggressive in its attempts to regulate tech companies, going far beyond the US on topics like privacy, user choice, data sharing, and more. As a result of that legislation, the EU has levied billions in fines against Apple, Google, Meta, and more.

Meta CEO Mark Zuckerberg has been particularly vocal in asking that Trump address the EU/Big Tech issue, calling on the President to take action to stop the EU from fining American companies, or make a way for companies to not pay them.

Trump apparently agrees, likening the fines to “a form of taxation,” always a hot topic among Republican lawmakers.

It’s unclear what Trump will or can do to stop the EU, although the threats of tariffs or withholding funding on other fronts may be something he could use as a bargaining chip.

The EU’s Complicated Stance

The EU has set itself apart from the US with its willingness to tackle tough issues, but the bloc is also beginning to gain a reputation for hypocrisy in some circles.

For example, while the is quick to punish companies for failing to uphold user privacy, the bloc has been pushing legislation aimed at creating backdoors in end-to-end encryption (E2EE), allegedly for the purpose of protecting children and cracking down on crime.

While the EU’s goals may be admirable, experts across the scientific, security, and privacy communities have made it abundantly clear that it is not possible to weaken encryption for law enforcement and not weaken it for everyone else. What’s more, any AI-powered or automatic methods of scanning for illegal content inherently comes with risks of false positives.

Despite setbacks, the EU continues to push for its chat control legislation, while simultaneously punishing American tech companies for alleged breaches of privacy.

Eventually, the EU may have to reevaluate its priorities.

Carr has served as a commissioner since 2017 when he was appointed by President Trump during his first term. In the wake of Trump’s second inauguration, Trump has followed through on a promise to appoint Carr as Chair of the FCC.

Carr issued a statement, outlining his planned areas of focus.

Chairman Carr issued the following statement:

I am deeply grateful to President Trump and honored by his decision to designate me as Chairman of the Federal Communications Commission. I have had the privilege of working at the FCC for over a dozen years now, including serving previously as the agency’s General Counsel, and I am humbled by the opportunity to lead the FCC.

The FCC has important work ahead—on issues ranging from tech and media regulation to unleashing new opportunities for jobs and growth through agency actions on spectrum, infrastructure, and the space economy. We will also advance America’s national security interests and protect consumers.

I am eager to accelerate the FCC’s work on these and other fronts. I look forward to collaborating with the Trump Administration, my Commission colleagues, and the FCC’s talented staff as well as Congress to deliver great results for the American people.

Carr’s intent to regulate tech is sure to draw concern from tech companies. On the other hand, Carr was a vocal opponent of net neutrality, as well as other Biden-era regulations. As a result, it’s hard to know exactly what the next four years hold for the tech industry under Carr’s watch.

Allstate is one of the biggest automotive insurance companies in the US. Unfortunately, according to a press release, Allstate paid app developers to include tracking software in popular apps, such as Life360, so the company could track users’ driving habits and raise rates accordingly.

Allstate, through its subsidiary data analytics company Arity, would pay app developers to incorporate its software to track consumers’ driving data. Allstate collected trillions of miles worth of location data from over 45 million consumers nationwide and used the data to create the “world’s largest driving behavior database.” When a consumer requested a quote or renewed their coverage, Allstate and other insurers would use that consumer’s data to justify increasing their car insurance premium.

“Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software,” said Attorney General Paxton. “The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable.”

Allstate’s Data Collection

The lawsuit goes on to accuse Allstate of building the “world’s largest driving behavior database.” The lawsuit also provides important details on exactly how Allstate achieved this.

Defendants, a series of companies owned by insurance giant, Defendant The Allstate Corporation, conspired to secretly collect and sell “trillions of miles” of consumers’ “driving behavior” data from mobile devices, in-car devices, and vehicles. Defendants used the illicitly obtained data to build the “world’s largest driving behavior database,” housing the driving behavior of over 45 million Americans. Defendants created the database for two main purposes: (1) to support Allstate Defendants’ car insurance business and (2) profit from selling the driving behavior data to third parties, including other car insurance carriers (“Insurers”). Millions of Americans, including Texans, were never informed about, nor consented to, Defendants’ continuous collection and sale of their data.

Defendants covertly collected much of their “trillions of miles” of data by maintaining active connections with consumers’ mobile devices and harvesting the data directly from their phone. Defendants developed and integrated software into third-party apps so that when a consumer downloaded the third-party app onto their phone, they also unwittingly downloaded Defendants’ software. Once Defendants’ software was downloaded onto a consumer’s device, Defendants could monitor the consumer’s location and movement in real-time.

Through the software integrated into the third-party apps, Defendants directly pulled a litany of valuable data directly from consumers’ mobile phones. The data included a phone’s geolocation data, accelerometer data, magnetometer data, and gyroscopic data, which monitors details such as the phone’s altitude, longitude, latitude, bearing, GPS time, speed, and accuracy.

How Allstate Monetized the Data

The only thing more disturbing than the quantity of data Allstate collected was how they collected it and what they did with the data.

To encourage developers to adopt Defendants’ software, Defendants paid app developers millions of dollars to integrate Defendants’ software into their apps. Defendants further incentivized developer participation by creating generous bonus incentives for increasing the size of their dataset. According to Defendants, the apps integrated with their software currently allow them to “capture[] [data] every 15 seconds or less” from “40 [million] active mobile connections.”

Once collected, Defendants found several ways to monetize the ill-gotten data, including by selling access to Defendants’ driving behavior database to other Insurers and using the data for Allstate Defendants’ own insurance underwriting. If a consumer requested a car insurance quote or had to renew their coverage, Insurers would access that consumer’s driving behavior in Defendants’ database. Insurers then used that consumer’s data to justify increasing their car insurance premiums, denying them coverage, or dropping them from coverage.

Defendants marketed and sold the data obtained through third-party apps as “driving” data reflecting consumers’ driving habits, despite the data being collected from and about the location of a person’s phone. More recently, however, Defendants have begun purchasing data about vehicles’ operation directly from car manufacturers. Defendants ostensibly did this to better account for their inability to distinguish whether a person was actually driving based on the location and movements of their phone. The manufacturersthat Defendants purchased data from included Toyota, Lexus, Mazda, Chrysler, Dodge, Fiat, Jeep, Maserati, and Ram. Allstate Defendants have used this data for their own insurance underwriting purposes.

Worst of all, customers had no idea they were being tracked, and no way of opting out.

Consumers did not consent to, nor were aware of Defendants’ collection and sale of immeasurable amounts of their sensitive data. Pursuant to their agreements with app developers, Defendants had varying levels of control over the privacy disclosures and consent language that app developers presented and obtained from consumers. However, Defendants never informed consumers about their extensive data collection, nor did Defendants obtain consumers’ consent to engage in such data collection. Finally, Defendants never informed consumers about the myriad of ways Defendants would analyze, use, and monetize their sensitive data.

Disturbing Allegations Underscore a Larger Issue

The allegations against Allstate are disturbing on multiple levels. The fact that a company collected an incredible amount of sensitive data from millions of customers without their knowledge is unconscionable. The fact that Allstate paid other app developers in order to collect data from their apps and then sold the data to third parties makes it even worse.

Unfortunately, despicable as its actions may be, Allstate serves as an example of a growing trend in multiple industries: collecting and monetizing data from paying customers.

When a company provides a service for free, it is completely understandable for that company to profit off of its customers’ data. That’s the trade-off for using a free service.

On the other hand, when a company is charging its customers for the service it provides, those customers have every reason to demand the company respect their privacy, not Hoover their data and sell it to third parties. After all, the company is already charging the customer—it is being paid in full for the service it provides. As a result, the customer’s data should be off-limits unless the customer gives their explicit permission.

If the allegations prove true, Allstate’s behavior is a despicable breach of trust, one they will hopefully pay dearly for at the hands of AG Paxton.

Net neutrality ensures that companies cannot favor or prioritize certain internet traffic, or charge some companies more, based on the the type of traffic they generate. Net neutrality also ensures that companies cannot charge competing services, or deprioritize their traffic. For example, before selling its stake in DirecTV, AT&T could have prioritized traffic to DirecTV and its Sling TV streaming service, and simultaneously deprioritize traffic to Hulu, Netflex, YouTube TV, and other competing services.

Net neutrality was originally passed under the Obama administration, repealed during the Trump administration, and reinstated during the Biden administration. The latest rules were challenged in court and, unfortunately, the court has struck down net neutrality and essentially dealt it a death blow.

Unsurprisingly, as Reuters points out, industry group USTelecom, which includes AT&T, Verizon, and others, lauded the decision as a victory for American consumers that will lead to more investment, innovation, and competition in the dynamic digital marketplace.”

Cable industry group NCTA was similarly opposed to net neutrality, with President and CEO Michael Powell promising “years of litigation and uncertainty.”

Alphabet, Amazon, Apple, Meta, Mozilla, Wikimedia, Dropbox, and many others strongly disagree, with the companies being staunch supporters of net neutrality. In a letter supporting net neutrality in 2021, Mozilla, Wikimedia, Droipbox, Reddit, ADT, and Eventbrite said the following:

Net neutrality simply preserves the environment that has allowed the internet to become an engine for economic growth. The rules serve as protections that users have in their relationship with internet service providers, preventing ISPs from blocking, throttling, or prioritizing traffic for payment. And in an environment where users frequently lack meaningful choices between ISPs, net neutrality can ultimately encourage greater long-term investment across the network stack by promoting broadband buildout, faster service, and new applications.

The court based its decision on the Supreme Court’s ruling in June that significantly reigned in the authority of federal agencies to interpret and apply established law in creating and enforcing rules. The ruling overturned the “Chevron deference” from 1984 that had granted agencies the authority they have since used.

What Happens Next

The goal of net neutrality was to promote a fair internet, one in which all companies are able to compete freely, on the merit of their offerings. The rules were seen as especially beneficial to startups, as well as companies that make services that compete with ISPs.

Fortunately, while the court’s decision strikes down a national net neutrality rule, it does not impact the various laws that have been passed by individual states, such as California. The DOJ, under the first Trump administration, launched a legal challenge to California’s net neutrality laws, arguing that the federal standard should supersede any one state. Ultimately, the DOJ dropped its case.

Despite the blow to net neutrality on the federal level, the fact that multiple states have implemented their own rules could be enough to still have a significant impact. For example, AT&T was favoring its own HBO Max service, ensuring HBO Max did not count against AT&T wireless users’ data limits. Once California passed its rules, however, AT&T stopped favoring Max, since it was no longer practical to complay with net neutrality on a state-by-state basis.

“A state-by-state approach to ‘net neutrality’ is unworkable,” AT&T said in a statement at the time. “A patchwork of state regulations, many of them overly restrictive, creates roadblocks to creative and pro-consumer solutions.”

Similarly, there is still the opportunity for Congress to pass net neutrality legislation, making it the law of the land. Traditionally, Republican-led governments have been very anti-regulation, and net neutrality is no exception. However, there is a growing distrust of Big Tech, as well as telecoms, including within the Republican party. As a result, while still highly unlikely, it’s not entirely outside the realm of possibility for a Republican-led government to pass such legislation.

Until that happens, however, individuals states appear to be the last, best hope for ensuring a free and open internet.

The EU’s Digital Markets Act (DMA) and Digital Services Act (DSA) went into effect in late 2022, taking aim at Big Tech. The DMA, in particular, has a number of provisions designed to level the playing field, especially in regard to platforms designated as “gatekeepers,” such as as app stores and other services offered by companies that have large user bases and unilateral control of their ecosystems.

In its latest bid, the EU wants Apple to open up AirDrop and allow access to Android and other platforms. The bloc outlines its goals in a new document.

Apple shall provide effective interoperability with the AirDrop feature. The AirDrop feature consists in the ability of end users to exchange files between iOS devices and Apple connected physical devices using AirDrop. AirDrop allows end users to transfer files (or more generically “items”), such as photos, URLs, or documents, between nearby AirDrop-capable Apple devices, such as between iPhones, iPads, Mac computers, Apple Vision Pro and Apple Watches.

Apple shall implement an interoperability solution that provides third parties with access to the same AirDrop feature described in the preceding paragraph as available to Apple, in a way that is equally effective as the solution available to Apple.

Apple shall provide interoperability with all functionalities of the AirDrop feature which are available to Apple’s own connected physical devices, including, but not limited to, Apple Vision Pro, Apple Watch, as well as any future Apple connected physical devices.

Apple shall provide a protocol specification that gives third parties all information required to integrate, access, and control the AirDrop protocol within an application or service (including as part of the operating system) running on a third-party connected physical device in order to allow these applications and services to send files to, and receive files from, an iOS device.

Argument for Opening AirDrop

AirDrop is one of hallmark features of iOS and macOS devices, using an encrypted peer-to-peer WiFi connection to easily transfer files between devices. Opening AirDrop to allow seamless file transfrer between Apple and Android devices would certainly be a major benefit to users, addressing one of the challenges with cross-platform communication: file sharing.

While Google has created its own AirDrop competitor, making AirDrop work with Android, Windows, and any other OS will make it infinitely easier to quickly share files without resorting to email, messaging, or a third-party file-sharing service.

Argument Against Opening AirDrop

Apple will likely fight the change, seeing it as another attempt by the EU to crack open its walled garden, and there is merit to concerns Apple will likely raise.

Apple has made a fortune delivering a curated experience for its users, ensuring everything works as expected. A significant reason everything works so well is because Apple is able to control both the harware and the software, giving it a level of integration few can match. Forcing the company to make AirDrop compatible with an infinite number of devices and configures will likely degrade the overall experience.

The Bigger Issue With the EU’s Stance

Apple has already run afoul of the DMA in regard to the iOS App Store, and will likely be the first Big Tech firm fined under the new legislation. The EU has accused Apple of having serious compliance issues with the DAM.

“We have a number of Apple issues; I find them very serious. I was very surprised that we would have such suspicions of Apple being non-compliant,” EU competition chief Margrethe Vestager said in mid-2024.

″[Apple] are very important because a lot of good business happens through the App Store, happens through payment mechanisms, so of course, even though you know I can say this is not what was expected of such a company, of course we will enforce exactly with the same top priority as with any other business,” Vestager added.

Meanwhile, Apple has already said it will not roll out its Apple Intelligence within the EU, saying it will not be able to deploy the features within the bloc as a result of the DMA.

Due to the regulatory uncertainties brought about by the Digital Markets Act, we do not believe that we will be able to roll out three of these [new] features — iPhone Mirroring, SharePlay Screen Sharing enhancements, and Apple Intelligence — to our EU users this year.

Meta has followed Apple’s lead, saying it will not bring its multimodel AI models to the EU over the same concerns.

We will release a multimodal Llama model over the coming months, but not in the EU due to the unpredictable nature of the European regulatory environment.

While the DMA may be admirable in its intent, EU regulators must be careful not to destroy companies’ ability to compete by offering unique services and features that differentiate them from competitors. If EU regulators cross that line, the may find that companies increasingly follow Apple and Meta’s example, leading to the bloc falling behind in the tech race.

Background on Chat Control Legislation

In the ongoing battle against CSAM, the EU has proposed legislation that would require communication platforms to scan encrypted messages before they are encrypted, ostensibly to detect and report illegal content. This initiative has stirred significant controversy since its inception. The legislation has already failed to pass multiple times, with lawmakers continuing to modify the proposal and force it through.

Finland’s Stance on Chat Control

Finland has taken a notable stance against the EU’s Chat Control proposal. The Finnish Parliament, in a significant move, rejected the EU’s proposal, opting to abstain rather than vote in favor. This decision was based on the belief that while the intentions behind the legislation are commendable, the method proposed could lead to severe privacy invasions and potentially infringe upon the rights of EU citizens. The Finnish Parliament’s decision underscores the tension between national sovereignty and EU legislative proposals, especially when it comes to sensitive issues like digital privacy.

The Technical and Ethical Concerns with Client-Side Scanning

Forcing platforms like Signal and WhatsApp to implement client-side scanning poses several technical and ethical challenges:

• Encryption Weakening: Client-side scanning necessitates breaking encryption at the point of message creation, which inherently weakens the security model of end-to-end encryption. This could introduce backdoors, making these platforms less secure against unauthorized access, not just by malicious actors but also potentially by state surveillance.
• False Positives: No scanning system is perfect, and the risk of false positives — where legitimate communications are flagged as potentially illegal — is significant. This could lead to privacy violations for innocent users, stigmatization, and unnecessary legal investigations, consuming resources that could be better used elsewhere.
• Privacy Invasion: The core of the debate lies in privacy. Scanning messages before encryption means that personal communications are subject to monitoring, which contradicts the very nature of private messaging intended for personal or sensitive exchanges.
• Legal and Ethical Ramifications: Implementing such measures could set a precedent for further erosion of digital rights. It raises questions about where to draw the line between security measures and privacy rights, especially when the technologies for such surveillance are not foolproof.

Patrick Breyer’s Advocacy

Patrick Breyer, a well-known advocate for digital rights, has been vocal against the Chat Control legislation. His recent X post highlights the urgency and complexity of the issue, stating:

“Will the EU’s #ChatControl attack on privacy and security be adopted in tomorrow’s COREPER vote? Unconfirmed rumors claim one critical government has carved in. Will Finland respect its Parliament’s vote to oppose?”

This post encapsulates the uncertainty and the pressure on countries like Finland to stand by their initial opposition.

The Broader Implications

The EU’s push towards Chat Control doesn’t just affect messaging platforms; it has broader implications for digital rights across the Union:

• Global Precedent: If enacted, this could set a global precedent for how digital communications are handled, potentially influencing other regions to adopt similar measures.
• Tech Industry Reaction: Major tech companies have historically resisted such measures, citing user privacy and the integrity of their services. Pushback from companies like Apple, Google, and others could lead to a tech vs. EU standoff, affecting market dynamics and consumer trust.
• Legislative Overreach: Critics argue that this legislation could be an overreach, potentially failing to balance the need for security with the protection of privacy. It might not only fail to effectively combat CSAM but could also drive such activities underground or to less secure platforms.

Some platforms, such as Signal, have already said they would they will leave the EU market altogether, rather than implement client-side scanning. Signal President Meredith Whittaker has been a vocal opponent, saying there is simply no way to do what lawmakers want, while still protecting users.

We ask that those playing these word games please stop and recognize what the expert community has repeatedly made clear. Either end-to-end encryption protects everyone, and enshrines security and privacy, or it’s broken for everyone. And breaking end-to-end encryption, particularly at such a geopolitically volatile time, is a disastrous proposition.

Instead of accepting this fundamental mathematical reality, some European countries continue to play rhetorical games. They’ve come back to the table with the same idea under a new label. InEU’s Renewed Push for Chat Control: A Deep Dive Into Privacy & Security

The European Union is once again at the crossroads of technology, privacy, and security with its renewed attempt to enforce the controversial Chat Control legislation aimed at combating Child Sexual Abuse Material (CSAM). This legislative push seeks to mandate messaging platforms like Signal and WhatsApp to implement client-side scanning, a move that has reignited debates over digital privacy and encryption integrity.

Background on Chat Control Legislation

In the ongoing battle against CSAM, the EU has proposed legislation that would require communication platforms to scan encrypted messages before they are encrypted, ostensibly to detect and report illegal content. This initiative, previously known as the ePrivacy Derogation, has stirred significant controversy since its inception. The initial vote saw 537 Members of the European Parliament approving the measure, with 133 voting against and 20 abstaining, despite strong opposition from privacy advocates and tech experts who argue it undermines fundamental digital rights.

Finland’s Stance on Chat Control

Finland has taken a notable stance against the EU’s Chat Control proposal. The Finnish Parliament, in a significant move, rejected the EU’s proposal, opting to abstain rather than vote in favor. This decision was based on the belief that while the intentions behind the legislation are commendable, the method proposed could lead to severe privacy invasions and potentially infringe upon the rights of EU citizens. The Finnish Parliament’s decision underscores the tension between national sovereignty and EU legislative proposals, especially when it comes to sensitive issues like digital privacy.

The Technical and Ethical Concerns with Client-Side Scanning

Forcing platforms like Signal and WhatsApp to implement client-side scanning poses several technical and ethical challenges:

• Encryption Weakening: Client-side scanning necessitates breaking encryption at the point of message creation, which inherently weakens the security model of end-to-end encryption. This could introduce backdoors, making these platforms less secure against unauthorized access, not just by malicious actors but also potentially by state surveillance.
• False Positives: No scanning system is perfect, and the risk of false positives — where legitimate communications are flagged as potentially illegal — is significant. This could lead to privacy violations for innocent users, stigmatization, and unnecessary legal investigations, consuming resources that could be better used elsewhere.
• Privacy Invasion: The core of the debate lies in privacy. Scanning messages before encryption means that personal communications are subject to monitoring, which contradicts the very nature of private messaging intended for personal or sensitive exchanges.
• Legal and Ethical Ramifications: Implementing such measures could set a precedent for further erosion of digital rights. It raises questions about where to draw the line between security measures and privacy rights, especially when the technologies for such surveillance are not foolproof.

Patrick Breyer’s Advocacy

Patrick Breyer, a well-known advocate for digital rights, has been vocal against the Chat Control legislation. His recent X post highlights the urgency and complexity of the issue, stating:

“Will the EU’s #ChatControl attack on privacy and security be adopted in tomorrow’s COREPER vote? Unconfirmed rumors claim one critical government has carved in. Will Finland respect its Parliament’s vote to oppose?” This post encapsulates the uncertainty and the pressure on countries like Finland to stand by their initial opposition.

The Broader Implications

The EU’s push towards Chat Control doesn’t just affect messaging platforms; it has broader implications for digital rights across the Union:

• Global Precedent: If enacted, this could set a global precedent for how digital communications are handled, potentially influencing other regions to adopt similar measures.
• Tech Industry Reaction: Major tech companies have historically resisted such measures, citing user privacy and the integrity of their services. Pushback from companies like Apple, Google, and others could lead to a tech vs. EU standoff, affecting market dynamics and consumer trust.
• Legislative Overreach: Critics argue that this legislation could be an overreach, potentially failing to balance the need for security with the protection of privacy. It might not only fail to effectively combat CSAM but could also drive such activities underground or to less secure platforms.

Conclusion

The EU’s Chat Control legislation, aimed at combating CSAM, poses a significant challenge to the principles of digital privacy and the integrity of end-to-end encryption. While the intent to protect vulnerable populations is noble, the methods proposed raise serious concerns about the erosion of privacy rights, the potential for false positives, and the weakening of encryption standards. Finland’s decision to oppose this measure reflects a broader concern across the EU about the direction of digital rights. As the debate continues, it will be crucial for policymakers to find a balance that respects privacy while effectively tackling the scourge of CSAM, ensuring that the cure does not become worse than the disease.

The conversation around Chat Control is a microcosm of the larger global debate on how to manage the intersection of technology, security, and privacy in an increasingly digital world. As such, it will have lasting implications for how digital communications are protected and surveilled, not just in the EU but potentially worldwide.stead of using the previous term “client-side scanning,” they’ve rebranded and are now calling it “upload moderation.” Some are claiming that “upload moderation” does not undermine encryption because it happens before your message or video is encrypted. This is untrue.

Rhetorical games are cute in marketing or tabloid reporting, but they are dangerous and naive when applied to such a serious topic with such high stakes. So let’s be very clear, again: mandating mass scanning of private communications fundamentally undermines encryption. Full stop. Whether this happens via tampering with, for instance, an encryption algorithm’s random number generation, or by implementing a key escrow system, or by forcing communications to pass through a surveillance system before they’re encrypted. We can call it a backdoor, a front door, or “upload moderation.” But whatever we call it, each one of these approaches creates a vulnerability that can be exploited by hackers and hostile nation states, removing the protection of unbreakable math and putting in its place a high-value vulnerability.

Conclusion

The EU’s Chat Control legislation, aimed at combating CSAM, poses a significant challenge to the principles of digital privacy and the integrity of end-to-end encryption. While the intent to protect vulnerable populations is noble, the methods proposed raise serious concerns about the erosion of privacy rights, the potential for false positives, and the weakening of encryption standards. Finland’s decision to oppose this measure reflects a broader concern across the EU about the direction of digital rights. As the debate continues, it will be crucial for policymakers to find a balance that respects privacy while effectively tackling the scourge of CSAM, ensuring that the cure does not become worse than the disease.

The conversation around Chat Control is a microcosm of the larger global debate on how to manage the intersection of technology, security, and privacy in an increasingly digital world. As such, it will have lasting implications for how digital communications are protected and surveilled, not just in the EU but potentially worldwide.

Once known primarily as an alternative, privacy-focused search engine, DuckDuckGo has been expanding its reach, developing an entire suite of applications and services aimed at helping individuals preserve their privacy.

In a year-end review, DuckDuckGo has revealed that it donated some $1.1 million in 2024 to a variety of privacy and digital rights causes, as well as to projects that play a fundamental role in the internet. The list of recipients includes:

• Electronic Frontier Foundation (EFF)
• Public Knowledge
• Article 19
• Demand Progress
• European Digital Rights
• Fight for the Future
• The Markup
• OpenMedia
• Restore the Fourth
• Signal
• Surveillance Technology Oversight Project (S.T.O.P)
• Tech Policy Press
• Tech Oversight Project
• Algorithmic Justice League (AJL)
• Bit of Freedom
• British Institute of International and Comparative Law (BIICL)
• Center for Critical Internet Inquiry
• Create Commons (CC)
• Digital Rights Watch
• Gesellschaft für Freiheitsrechte (GFF)
• nyob
• Open Home Foundation
• Open Rights Group
• Open Source Technology Improvement Fund (OSTIF)
• Perl and Raku Foundation
• Privacy Rights Clearinghouse
• Proof
• Tor Project

The donations range from $100,000 to the EFF, to $75,000 to Public Knowledge, several $50,000 donations, and the rest coming in at $25,000.

Even more telling, DuckDuckGo has donated $6,950,000 since 2011.

DuckDuckGo Is Proof Privacy and Profit Can Coexist

In a tech industry that has become obsessed with monetizing people’s personal data, collecting it, and selling it wholesale, DuckDuckGo has continued to be a beacon of privacy, proving that companies can respect—even protect—user privacy and still be profitable.

In fact, DuckDuckGo donating millions to other projects and causes demonstrates just how well the company is doing despite bucking the status quo.

Moving forward, more companies should take a page out of DuckDuckGo’s playbook, giving users control over their data, rather than exploiting it. Companies may just be surprised at how well such a course might be received.

In the meantime, DuckDuckGo is a company users should pay attention to, using their projects and services whenever possible.

Mozilla is best known for the Firefox web browser and Thunderbird email client. The Mozilla Foundation is the non-profit corporation that “supports the existing Mozilla community and oversees Mozilla’s governance structure.” In contrast, the Mozilla Corporation is owned by the Mozilla Foundation and is responsible for developing Firefox and other Mozilla software.

In an email seen by TechCrunch, Mozilla Foundation’s executive director Nabiha Syed informed the staff of the layoffs and said the advocacy and global programs divisions were “no longer a part of our structure.”

The organization’s communication chief, Brandon Borrman, confirmed the details to TechCrunch.

“The Mozilla Foundation is reorganizing teams to increase agility and impact as we accelerate our work to ensure a more open and equitable technical future for us all. That unfortunately means ending some of the work we have historically pursued and eliminating associated roles to bring more focus going forward,” read the statement shared with TechCrunch.

Borrman also made clear that the Mozilla Foundation is not abandoning its advocacy, but integrating it throughout the organization. Borrman said, “advocacy is still a central tenet of Mozilla Foundation’s work and will be embedded in all the other functional areas.”

Syed’s email made clear how important Mozilla’s mission is, and why the layoffs were necessary.

“Our mission at Mozilla is more high-stakes than ever,” Syed wrote. “We find ourselves in a relentless onslaught of change in the technology (and broader) world, and the idea of putting people before profit feels increasingly radical.”

“Navigating this topsy-turvy, distracting time requires laser focus — and sometimes saying goodbye to the excellent work that has gotten us this far because it won’t get us to the next peak. Lofty goals demand hard choices,” Syed added.

Why Mozilla Matters

Once one of the most popular web browsers on the market, Firefox single-handled broke Microsoft Internet Explorer’s dominance, and opened the door for a more diverse web browser market. Unfortunately, Google Chrome arrived on the scene shortly after and went on to supplant Firefox and Microsoft’s browser as the dominant option. Firefox’s share of the market has dropped precipitously, but the independent browser is more important than ever.

Despite Chrome’s status as the world’s most popular web browser, the fact remains that it’s a web browser that users should be very wary of using. At its core, Google is an advertising company, and one that has a horrible track record of using, abusing, and trampling on user privacy.

One only has to look at the company’s court loss in early 2024 over Chrome’s Incognito mode, in which the court found that the company continued to collect data on users even when Incognito mode was activate. Google was ultimately ordered to destroy billions of records from its illegal data collection.

That case illustrated that Google executives were fully aware that Chrome’s Icognito mode was not truly private, yet the company continued to market it as such.

“Make Incognito Mode truly private,” marketing chief Lorraine Twohill wrote in an email to CEO Sundar Pichai. “We are limited in how strongly we can market Incognito because it’s not truly private, thus requiring really fuzzy, hedging language that is almost more damaging.”

It wouldn’t be wise to buy an anti-virus program from the hacking group responsible for release the bulk of the world’s malware. Similarly, it’s simply unwise to have a reasonable expection of privacy when using a web browser from a company that makes its money from selling user data.

Beyond the privacy issues, Google’s dominance in the search and advertising markets gives it an oversized influence on the direction of the web in general. Add the fact that it has the most popular web browser, and the company can easily push protocols and agendas that benefit its business model, all the while ignoring what’s best for consumers or smaller competitors.

As user data continues to be a commodity that companies exploit for their own profit, organizations like Mozilla are more important than ever, providing viable software and options for privacy-conscious users. While layoffs are never desired, hopefully the organization’s latest round of layoffs help it streamline its focus and strengthen its efforts to better protect consumers.

Whether you’re scanning a QR code to check out a menu, make a payment, or access exclusive content, these simple squares are creating seamless digital bridges all around us. Their growing versatility, especially for businesses and individuals alike, is driving increased demand for easy-to-use tools, such as a qr generator, which simplifies the process of creating these codes.

QR codes offer remarkable flexibility, enabling anyone to tailor them for a wide range of uses. Whether directing users to a website, sharing vital documents, or providing a special discount, QR codes can accomplish these tasks swiftly and effectively.

Practical Ways to Use QR Codes in Everyday Life

QR codes are transforming how we interact with technology by offering fast, contactless solutions to everyday tasks. Their uses are nearly limitless, but here are some of the most practical applications for free QR codes:

• payments – use a qr generator free to create a code that links to a payment gateway, allowing quick and contactless transactions;
• marketing – fusinesses can create free QR codes to promote special offers or direct consumers to their website, maximizing their reach with just one scan;
• education – teachers and institutions can generate QR codes for students to access additional resources, digital handouts, or assignments;
• healthcare – QR codes can be used to provide patients with instant access to their medical records or instructions for prescriptions;
• events – instead of printing physical tickets, organizers can use QR codes for entry, schedules, or maps, enhancing the event experience.

With these simple applications, QR codes are not only saving time but also providing a secure and convenient way to manage personal and business needs.

Why QR Codes Are Becoming Indispensable

The secret behind the growing success of QR codes lies in their adaptability. From contactless payments to marketing promotions, they can serve a wide range of purposes. But what truly makes them a vital part of today’s technology landscape is their user-friendly nature and cost-effectiveness. Anyone can easily create a QR code for free using an online QR code generator, enabling both businesses and individuals to harness the power of this tool without a large financial commitment.

Platforms like me-qr.com have made the process of generating QR codes even simpler. With their free online tool, you can create custom QR codes in just a few minutes. Whether you’re a small business owner looking to enhance customer engagement or an individual wanting to streamline everyday tasks, me-qr.com offers the perfect solution.

Conclusion

QR codes are far from being a fleeting trend—they’ve rapidly evolved into a crucial tool for navigating the digital landscape, enhancing efficiency, convenience, and security in our daily lives. Whether you’re generating a QR code for personal or business use, adopting this technology can open up a world of new opportunities right at your fingertips.

The Rise of Adult Learning

By 2031, over 60% of jobs in Kentucky will require postsecondary education. This is compared to only 55% of Kentucky adults who currently hold a postsecondary credential. Aside from mere job selection, the lack of postsecondary graduates heavily influences the number of households who receive a livable wage. More than 30% of Kentucky households have incomes less than $35,000. Compare that to households with one college graduate receiving a staggering $40,000 more in earnings compared to non-graduate households.

Despite these benefits, college graduates in both public Kentucky universities and the Kentucky Community and Technical College System (KCTCS) have seen a regression in undergraduate students. Overall, there is around a staggering 40% decline through the entire post-secondary system across the decade from 2014 to 2024. The KCTCS specifically saw the sharpest decrease in learners from slightly above 76,000 to just below 50,000, or a 34% decrease in just 10 years. The drop in enrollment isn’t exclusive to the adult learning students, but for the post-secondary education systems in general. Public universities and the KCTCS have seen enrollment rates plummet by tens of thousands of students year after year. But what is driving this rapid decrease in post-secondary enrollment despite the potentially lucrative benefits?

For many, prior commitments prevent college enrollment. Around 48% of adult learners have children, and the limited childcare availability is a major obstacle. Between 2019 and 2021, nearly 16,000 childcare centers closed nationwide. Simultaneously, the average cost of childcare rose to $6,411 per year, or $534 monthly. Aside from childcare, adult workers must cover not only the cost of college, but family expenses and other bills. 58% of full-time undergraduates need to work, and 79% of part-time undergraduates are working adult learners.

However, there are other obstacles to adults in post-secondary education. Many require assistance with coursework in addition to the normal classes due to the years spent out of the classroom. Gateway courses have low success rates in both the public university and KCTCS systems. Adult learners in the KCTCS score less than 25% on English and Math, and learners in the public university system scored 15% on average in both English and Math.

Conclusion

When the financial and academic hindrances combine, they can make adults as much as 4 times less likely to complete postsecondary education. So how can we boost adult learner success in their post-secondary journey? Providing financial assistance and academic support is the best way to help adult learners. Scholarships like the Pell Grant enable learners to finance the costs of college, but also any excess aid covers childcare and other family expenses. This excess aid also provides them with more time to spend studying rather than working. 

Increasing Flexibility and Autonomy

One of the key draws of gig work is the flexibility it provides. Workers can set their own schedules, choose their tasks, and often work from anywhere. This autonomy is becoming more pronounced, with platforms providing tools that allow workers to customize their work experiences. For instance, ride-sharing and delivery services are experimenting with varying levels of commitment, enabling gig workers to choose from short, flexible shifts to longer, guaranteed earnings.

Rise of Niche Gig Platforms

As the gig economy matures, niche platforms are emerging to cater to specific industries and job types. For example, specialized platforms for freelancers in creative fields, such as graphic design and writing, are gaining traction. Similarly, services for skilled tradespeople, like plumbing and electrical work, are also seeing growth. These niche platforms often offer tailored services, support, and communities that traditional gig platforms may lack. 

Enhanced Benefits and Protections

Gig workers have historically faced challenges related to benefits and job security. However, there’s a growing movement advocating for better protections and benefits for gig workers. Some platforms are beginning to offer health insurance options, retirement saving plans, and paid time off. For example, initiatives like insurance for DoorDash drivers are emerging, providing critical coverage that allows gig workers to navigate their roles with greater peace of mind.

Moreover, companies like Walmart are recognizing the need for affordable insurance options, leading to the introduction of products such as Walmart auto insurance. This trend indicates that larger corporations are starting to cater to the needs of gig workers, acknowledging their vital role in the economy.

Integration of Technology and AI

Technology continues to revolutionize the gig economy. Artificial intelligence (AI) and machine learning are being integrated into platforms to optimize matching processes between workers and gigs, enhancing the user experience. For instance, AI can analyze patterns in demand and worker availability, improving efficiency for both parties. Additionally, automation tools are enabling gig workers to manage their tasks more effectively, from scheduling to invoicing.

Focus on Skills Development

As gig work becomes more competitive, there is an increased emphasis on skills development. Many platforms are now offering training programs and resources to help gig workers enhance their skills. This trend not only benefits the workers by making them more marketable but also helps platforms by raising the overall quality of service. Upskilling initiatives may include online courses, mentorship programs, and certifications tailored to specific fields, ensuring that gig workers are well-equipped to meet evolving demands.

Increased Attention to Mental Health

With the rise of gig work, concerns surrounding mental health have come to the forefront. Gig workers often experience isolation, stress, and financial insecurity, which can take a toll on their mental well-being. To address these issues, platforms are beginning to provide resources and support systems focused on mental health. This might include access to counseling services, stress management workshops, and community-building activities that foster connections among gig workers.

Sustainability and Ethical Considerations

As consumers become more environmentally conscious, gig platforms are starting to prioritize sustainability. Companies are exploring ways to reduce their carbon footprints, such as promoting eco-friendly transportation options for delivery services. Additionally, many gig workers are adopting sustainable practices, from using electric vehicles to sourcing eco-friendly materials for their freelance projects. This trend reflects a growing awareness of the impact of gig work on the environment and the importance of ethical business practices.

Global Expansion of Gig Platforms

The gig economy extends beyond the United States; it is a global phenomenon. Platforms are increasingly expanding their services to international markets, leading to a more diverse workforce and broader opportunities for gig workers. This globalization can bring unique challenges, such as navigating different regulations and cultural expectations, but it also opens doors to a wider range of gigs and collaborations across borders.

Evolving Legal Frameworks

As the gig economy grows, so does the need for clear legal frameworks to protect both workers and companies. Legislative changes are underway in several states, focusing on the classification of gig workers and their access to benefits. This evolving landscape will likely continue to impact how gig platforms operate and how they structure their relationships with workers.

Stay Informed

The gig economy is undergoing significant transformation, driven by technological advancements, changing workforce dynamics, and an increasing focus on worker well-being. As we look to the future, these emerging trends highlight the potential for a more sustainable, equitable, and efficient gig economy. Whether you are a gig worker, a platform operator, or simply an interested observer, staying informed about these trends will be essential to navigating this evolving landscape. As companies adapt to meet the needs of gig workers, innovations in benefits and protections are just the beginning of a more supportive and flexible work environment.

Oracle is one of the leading cloud providers, and has benefited greatly from the AI boom. The companies services are in high demand, thanks largely to the fully-integrated solutions and security the company provides.

Oracle’s Surveillance History

Unfortunately, Oracle is also known for issues with mass surveillance, with Ellison being a major proponent of the practice. In fact, the company faced a class action lawsuit in 2022, in which the plaintiffs accused the company of setting out to surveil people, regardless of whether they were Oracle customers or not.

According to Ellison, the purpose of Oracle ID Graph is to predict and influence the future behavior of billions of people. He explained Oracle could achieve this goal by looking at social activity and locations in real time, including “micro location[s].” For example, Ellison has represented that companies will be able to know how much time someone spends in a specific aisle of a specific store and what is in the aisle of the store. “By collecting this data and marrying it to things like micro location information, Internet users’ search histories, websites visits and product comparisons along with their demographic data, and past purchase data, Oracle will be able to predict purchase intent better than anyone.”

Ellison’s Latest Comments

Ellison has done little to quell those fears, and may well fuel another lawsuit, with his most recent comments at a company financial meeting. In the meeting, Ellison describes (transcript lightly edited for grammar) a future where cameras are constantly filming individuals, regardless of what they are doing, with some videos only accessible via a court order.

Ellison uses the example of police body cameras, saying that even when police request they be turned off for privacy reasons—such as using the restroom or having a private lunch—the cameras never stop recording. Instead, video labeled ‘private’ is simply locked and inaccessible without a court order.

“The police will be on their best behavior because we’re constantly recording and watching everything that’s going on,” Ellison said. “Citizens will be on their best behavior, because we’re constantly recording everything that is going on. And it’s unimpeachable. The cars have cameras on them. We’re using AI to monitor the video.

“It’s not people that are looking at those cameras; it’s AI that’s looking at the cameras.”

Ellison says the system will help prevent crime by giving society “super vision” to see shootings and other crimes immediately. He also says that “every police officer is going to be supervised at all times, and if there’s a problem, AI will report the problem and report it to the appropriate person.”

Ellison also says a new generation of AI-powered autonomous drones will make high-speed car chases a thing of the past. Instead, a drone will simply follow a suspect until they stop and can be arrested.

Anyone who thinks they can go out in the woods to get away from technology is in for a disappointment, if Ellison has his way, describing a situation in which autonomous drones will monitor people’s campfires to make sure they’re not unattended.

Tech Executives Keep Using Dystopian Fiction as a Blueprint

Ellison is simply the latest tech executive who seems to believe that dystopian fiction should provide a blueprint for how the future should look.

Books and movies like 1984, Minority Report, Blade Runner, Divergent, and many more serve as cautionary tales of what technology can cause, not what it should cause. Unfortunately, Ellison and many others have failed to get the memo and are instead rushing headlong to make many people’s worst fears an everyday reality.

Navigating the Terrain of Digital Transformation

Reflecting on Eric Ries’ seminal work, The Lean Startup, Okubo likens digital transformation to an exploration adventure. “Imagine you’re an explorer with a new map leading to a treasure that could significantly elevate your business,” Okubo explains. “But just holding the map isn’t enough. The real challenge lies in how you interpret it and decide on the path forward.”

Okubo’s analogy underscores the essence of digital transformation: possessing advanced technological tools is only part of the equation. The crux of digital transformation is integrating these tools into a cohesive strategy that aligns with your business objectives. “Having the most advanced compass doesn’t matter if you don’t know how to use it,” he adds. “Similarly, without a clear strategy, technological tools are just sophisticated gadgets gathering dust.”

The Lean Startup Approach: Small Steps and Iterative Learning

One of the most profound insights from The Lean Startup is the concept of iterative development. “Think of digital transformation as a journey through a dense jungle,” Okubo suggests. “You wouldn’t charge ahead blindly; instead, you’d make incremental progress, testing each path before advancing.” This approach emphasizes the importance of starting small, learning from each step, and adapting based on real-time feedback.

In practical terms, this means that businesses should avoid large-scale overhauls and instead focus on incremental changes. “Small, consistent wins provide valuable insights and allow you to adjust your strategy accordingly,” Okubo advises. “If a particular path doesn’t lead where you expected, you can pivot quickly without losing momentum.”

Feedback and Alignment: The Key to Effective Digital Transformation

The process of digital transformation is not a solitary one. Effective transformation requires constant feedback and alignment between leadership and frontline employees. “Just as an explorer relies on feedback from the field to refine their path, business leaders must listen to insights from their teams,” Okubo notes. “Digital transformation is most successful when there is alignment between the C-suite and those executing the strategy.”

This feedback loop is crucial for refining strategies and ensuring that they are practical and impactful. “Digital transformation initiatives must be responsive to the realities on the ground,” Okubo emphasizes. “Without this alignment, it’s like navigating a jungle without a clear plan, leading to confusion and missed opportunities.”

Integrating Digital Transformation with Business Strategy

True digital transformation transcends technology—it involves a fundamental shift in how businesses approach their operations and strategies. “Digital transformation isn’t just about implementing new technology; it’s about transforming the way we think about and execute business strategies,” Okubo states. “The real success of digital transformation occurs when it is seamlessly integrated with your overall business strategy, guiding you toward your goals.”

For example, Okubo cites a recent project where integrating new digital tools with a revised business strategy led to significant improvements. “By aligning our digital initiatives with our strategic objectives, we were able to enhance operational efficiency and drive substantial growth,” he recounts. “This alignment was key to unlocking the full potential of our digital transformation efforts.”

Embracing the Adventure of Digital Transformation

Drawing inspiration from The Lean Startup, Okubo encourages businesses to view digital transformation as an adventurous process. “Approach your digital transformation initiatives with curiosity and a sense of adventure,” he advises. “With a well-drawn map, a reliable compass, and a willingness to adapt, the treasures you uncover can be transformative.”

In summary, digital transformation is not merely a technical upgrade but a dynamic and strategic endeavor. As Okubo highlights, the essence of successful digital transformation lies in understanding and integrating technology within a broader strategic framework. “Digital transformation is the process, and your business strategy is what keeps you on course,” he concludes. “With the right mindset and approach, the path to success is not just achievable—it’s an exciting opportunity waiting to unfold.”

The Rise and Fall of Traditional Digital Transformation

The concept of digital transformation gained widespread traction after 2011 when Capgemini, in collaboration with MIT, defined it as “the use of technology to radically improve performance or reach of businesses.” This definition catalyzed a wave of digital initiatives across industries, as companies scrambled to adopt new technologies like cloud computing, big data, and social media to stay relevant. However, as Jim Harris, a digital transformation thought leader, points out, “Generative AI exposed the incomplete nature of digital transformation investments, emphasizing the pressing need to transform for an entirely new future of business.”

In its early years, digital transformation was often misunderstood. Companies equated it with digitization—simply implementing digital tools without fundamentally changing their business processes or models. This approach led to what many now consider the underwhelming outcomes of digital transformation. As Harris observed, “Digital transformation wasn’t really about transformation. Instead, a vast majority of companies were investing in digitization. Cloud and digital technologies were used to modernize business as usual rather than focus on transformative outcomes.”

This misalignment is evident in the numbers. According to KPMG’s 2023 Technology Survey, a majority of U.S. executives reported that they had not seen a significant increase in performance or profitability from their digital transformation investments. Further research from Boston Consulting Group (BCG) found that 70% of digital transformations fall short of their objectives, often with profound consequences. However, companies that genuinely embraced digital transformation—investing in competitiveness, productivity improvements, and better customer experiences—outperformed their peers, achieving 1.8 times higher earnings growth.

The Generative AI Revolution: A New Chapter in Business Transformation

The introduction of generative AI has sparked a new wave of business transformation, challenging the effectiveness of past digital transformation efforts. Unlike its predecessors, generative AI offers capabilities that extend beyond mere automation of existing processes—it enables entirely new ways of doing business. This distinction is crucial, as it marks the shift from technology-led transformation to executive-led business reformation.

Accenture’s 2024 report highlighted this shift, noting nearly 40,000 mentions of AI on earnings calls by the end of 2023, as C-Suite leaders prepared for a “massive technology shift.” The report underscores the fact that AI is no longer just a tool for efficiency; it’s a strategic asset that can fundamentally alter business models. As Harris aptly puts it, “Given its enormous potential, it should be no surprise that almost every CEO plans to invest heavily in generative AI.”

Yet, despite the enthusiasm, there is already a notable gap between expectations and reality. BCG research indicates that 66% of leaders are “ambivalent or outright dissatisfied” with their AI and generative AI progress. The main barriers include a lack of talent and skills, unclear AI roadmaps, and the absence of a dedicated AI strategy. This disconnect highlights the growing pains of a new era of transformation—one that demands more than just investment in technology, but a rethinking of business strategies and models.

From Automation to Augmentation: The Dual Nature of AI

One of the most significant distinctions between traditional digital transformation and the current AI-driven wave is the shift from automation to augmentation. Automation has long been a focus of digital transformation—using technology to streamline operations, reduce costs, and increase efficiency. While this approach has delivered benefits, it has also limited the scope of transformation to incremental improvements rather than radical innovation.

Generative AI changes this dynamic by introducing the concept of augmentation—enhancing human capabilities to achieve outcomes that were previously unattainable. Harris explains the difference: “Automation takes the work we did yesterday and repeats it at scale, saving costs while increasing efficiencies. Augmentation unlocks new opportunities to do the work we couldn’t do yesterday and achieve new value and outcomes tomorrow.”

This duality is where the true potential of AI lies. Companies that can successfully integrate both automation and augmentation into their operations will not only improve efficiency but also drive exponential growth and innovation. According to PwC’s 27th Annual CEO Survey, 70% of global CEOs see generative AI as significantly changing the way companies create, deliver, and capture value. Moreover, 64% believe that AI will increase the amount of work employees can accomplish, and 59% see it boosting productivity in their work.

Business Model Innovation: The Next Frontier

As companies grapple with the implications of AI, it’s becoming clear that the next phase of transformation will require more than just technological adoption. It will demand a fundamental rethinking of business models—how companies generate revenue, engage with customers, and deliver value. This shift from digital transformation to business model innovation represents the true endgame of the current technological revolution.

As Harris points out, the failure of many digital transformations can be traced back to a lack of clear goals, vision, and strategic alignment with the core business. “Investments hadn’t tied as much to business strategy and goals as they were to iterative improvements, digitization, shiny objects, unrealistic expectations, under-resourced budgets, training, expertise, and resources, and a lack of commitment to change management.” To succeed in the AI era, businesses must start with a clear vision of what they want to achieve and align their AI investments with strategic business objectives.

This shift is already underway. Cisco’s research identified significant gaps in companies’ readiness to embrace AI across six foundational business pillars: strategy, infrastructure, data, governance, talent, and culture. These pillars are critical for building a robust AI-driven business model that can adapt and thrive in an increasingly competitive landscape.

Leadership in the Age of AI: Driving Cultural and Organizational Change

One of the key lessons from the digital transformation era is the importance of leadership in driving change. Too often, digital initiatives were relegated to IT departments, with little involvement from top executives. This lack of leadership support contributed to the underwhelming results of many digital transformation efforts.

In contrast, the current wave of AI-driven transformation is being led by CEOs and CFOs, who recognize the strategic importance of AI in shaping the future of their businesses. As Harris notes, “Leaders are pivotal in driving change. They communicate vision, set the standards for success, and also set the bar for operationalizing future behaviors and norms. CEOs are responsible for creating the culture that the company embodies in its execution and evolution.”

This cultural shift is crucial. For AI to deliver on its potential, companies must foster a digital-first mindset that encourages agility, experimentation, and innovation. This means not just upskilling employees but also reshaping organizational culture to support transformation. Companies that succeed in this will be those that can inspire and empower their employees to embrace new tools and ways of working, driving continuous innovation and growth.

The Future of Business Transformation

As we look ahead, it’s clear that the transformation of digital transformation is just beginning. Generative AI and other emerging technologies are poised to reshape industries and redefine how businesses operate. But for companies to fully realize the benefits of these technologies, they must move beyond the limitations of past digital transformation efforts and embrace a more holistic approach to business model innovation.

This means rethinking not just how they use technology, but how they structure their organizations, engage with customers, and create value. As Harris concludes, “Let’s rethink digital transformation as business model transformation. Doing so will disrupt not only ourselves but entire industries. Not doing so will leave us open to disruption. It’s a gift we either give ourselves or our competitors.”

In the end, the companies that will thrive in this new era are those that can successfully navigate the complexities of AI and use it not just to automate, but to innovate. By placing AI at the core of their business strategies and fostering a culture of continuous learning and adaptation, they can turn the challenges of today into the opportunities of tomorrow.

A three-judge panel—Judges Carolyn Dineen King, James C. Ho, and Kurt D. Engelhardt—overturned a ruling by the Fourth Circuit to conclude that geofence warrants are unconstitutional.

We hold that the use of geofence warrants—at least as described herein—is unconstitutional under the Fourth Amendment. In doing so, we part ways with our esteemed colleagues on the Fourth Circuit.

What Is A Geofence Warrant?

Geofence warrants are a relatively new type of warrant in which law enforcement tries to identify random individuals within a geographic area based on Google Location History data.

For example, when a crime is committed, law enforcement may approach Google and ask for anonymized identifiers for all phones within a certain radius of the crime at the time it was committed. With that data in hand, investigators can drill down, comparing it with other evidence and eventually identify the owners of specific devices, yielding potential suspects.

As the judges point out, Google is the primary recipient of goefence warrants since it received the first one in 2016. Much of this is because of the ubiquity of Google’s software and services, both on its own devices as well as Apple’s.

So far, Google has been the primary recipient of geofence warrants, in large part due to its extensive Location History database, known as the “Sensorvault.”

Google collects data from accounts of users who opt in to Google’s Location History service. Location History is disabled by default.

Google’s Android cell phones, which “comprise about 74% of the total number of smartphones worldwide,” “automatically have an Android operating system, as well as various Google apps that could potentially store a user’s location.”

Apple, which makes approximately 23% of the world’s smartphones, does not keep location data associated with its phones, but its phones still “often have various apps that . . . provide Google with a specific device’s location.”

The judges go on to describe the extremely detailed data provided by Google’s Location History.

Moreover, not only is the volume of data comprehensive, so is the quality. “Location History appears to be the most sweeping, granular, and comprehensive tool—to a significant degree—when it comes to collecting and storing location data.”

The data is “considerably more precise than other kinds of location data, including cellsite location information because [Location History] is determined based on multiple inputs, including GPS signals, signals from nearby Wi-Fi networks, Bluetooth beacons, and cell towers.”

Why Geofence Warrants Are Problematic

Geofence warrants can and do lead to innocent people being suspected of crimes. A person may be in the wrong place at the wrong time, and suddenly find themselves at the heart of an investigation. Similarly, a person may have lost their phone, forgotten it, or had it stolen, all of which could result in someone’s phone being within a geofence area, even if the owner is not.

Even more concerning is the vast amount of private data that is vacuumed up in a geofence warrant, with the location data of users who have nothing to do with the crime being collected and analyzed, all with no probable cause.

As federal judge Nina Morrison said in a recent ruling about the Fourth Amendment’s application at the US border, a person’s location data hold extremely private insights into a person’s personal life, associations, and beliefs:

In Carpenter v. United States, 585 U.S. 296, 311–12 (2018), the Court concluded that cell-site location data, even though it is collected by (and thus not kept private from) third party cell phone companies, requires Fourth Amendment protection for precisely this reason….It reasoned that cell-site location data “provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’”

The Legal Precedent

Interestingly, in the specific case before the Fifth Circuit—the robbery of a contracted US Postal carrier—the judges decided not to suppress the information that law enforcement collected via a geofence warrant. Because geofence warrants were so new at the time they were used in this specific case, the judges ruled the Postal Inspectors “acted in good faith” in using the warrant.

Nonetheless, the judges looked at the broader scope of the geofence warrant issue and analyzed whether such warrants violate the Fourth Amendment’s guarantee against “unreasonable searches and seizures.” The judges then pointed to the precedent set by the Supreme Courts decision in Carpenter v. United States, “arguably the most relevant Supreme Court precedent addressing law enforcement’s investigatory use of cellular consumer data.

Chief Justice Roberts’s majority opinion in Carpenter speaks at length about the privacy interests inherent in location data, and it expresses grave concern with the government being able to comprehensively track a person’s movement with relative ease due to the ubiquity of cell phone possession. The Court acknowledged “some basic guideposts” in resolving questions related to the Fourth Amendment’s protections of privacy interests, including securing “the privacies of life against arbitrary power,” and placing “obstacles in the way of a too permeating police surveillance.” Carpenter, 585 U.S. at 305 (internal quotations omitted). The Court also recognized the necessity of applying the Fourth Amendment to systems of advanced technology, expressing concern that CSLI is approaching “GPS-level precision,” with wireless carriers having the capability to “pinpoint a phone’s location within 50 meters.” Id. at 313; see also Riley v. California, 573 U.S. 373, 396 (2014) (acknowledging the privacy concerns implicated by cell phone location data that “can reconstruct someone’s specific movements down to the minute, not only around town but also within a particular building”).

Many of the concerns expressed by Chief Justice Roberts in his Carpenter opinion are highly salient in the context of geofence warrants. Perhaps the most alarming aspect of geofences is the potential for “permeating police surveillance.” As Chief Justice Roberts explained, modern cell phones enable the government to achieve “near perfect surveillance”; carrying one of these devices is essentially a prerequisite to participation in modern society, and users “compulsively carry cell phones with them all the time.” Id. at 311–12, 315. Geofences also exemplify the Court’s concern with pinpoint location data—this technology provides more precise location data than either CSLI or GPS. Geofence Warrants and the Fourth Amendment, supra at 2510. Furthermore, obtaining data through geofences, like obtaining data through CSLI, is “remarkably cheap, easy, and efficient compared to traditional investigative tools.” Carpenter, 585 U.S. at 311. With “just the click of a button,” the government can search the pinpoint locations of over half a billion people with Location History enabled.

The Court’s Conclusion

After carefully considering all of the above factors, as well as how hard it is to keep Google from collecting Location History, the judges revealed their ruling.

Having concluded that the acquisition of Location History data via a geofence is a search, it follows that the government must generally obtain a warrant supported by probable cause and particularity before requesting such information. Carpenter, 585 U.S. at 316. Accordingly, we turn to the issue of whether geofence warrants satisfy this mandate, addressing Appellants’ argument that these novel warrants resemble unconstitutional general warrants prohibited by the Fourth Amendment.

The judges then drive the point home in their comparison of geofence warrants and illegal general warrants.

Geofence warrants present the exact sort of “general, exploratory rummaging” that the Fourth Amendment was designed to prevent.

The judges also addressed the governments assertion that geofence warrants should be exempt since they pertain “to a particular crime at a particular place and time.”

This argument misses the mark. While the results of a geofence warrant may be narrowly tailored, the search itself is not. A general warrant cannot be saved simply by arguing that, after the search has been performed, the information received was narrowly tailored to the crime being investigated. These geofence warrants fail at Step 1—they allow law enforcement to rummage through troves of location data from hundreds of millions of Google users without any description of the particular suspect or suspects to be found.

In sum, geofence warrants are “[e]mblematic of general warrants” and are “highly suspect per se.”

We hold that geofence warrants are modern-day general warrants and are unconstitutional under the Fourth Amendment. However, considering law enforcement’s reasonable conduct in this case in light of the novelty of this type of warrant, we uphold the district court’s determination that suppression was unwarranted under the good-faith exception.

The Decision Will Hamper Law Enforcement

In a concurring opinion, Judge Ho acknowledged that the decision would make law enforcement’s jobs more difficult. Nonetheless, Judge Ho pointed out that this was the entire point of the Constitution.

His concurring opinion is a fascinating look into the balancing act that exists between protecting the public, while also protecting the rights of the individual. His opinion bears being included in its entirety.

Geofence warrants are powerful tools for investigating and deterring crime. The defendants here engaged in a violent robbery—and likely would have gotten away with it, but for this new technology. So I fully recognize that our panel decision today will inevitably hamper legitimate law enforcement interests.

But hamstringing the government is the whole point of our Constitution. Our Founders recognized that the government will not always be comprised of publicly-spirited officers—and that even good faith actors can be overcome by the zealous pursuit of legitimate public interests. “If men were angels, no government would be necessary.” The Federalist No. 51, at 349 (J. Cooke ed. 1961). “If angels were to govern men, neither external nor internal controls on government would be necessary.” Id. But “experience has taught mankind the necessity of auxiliary precautions.” Id. It’s because of “human nature” that it’s “necessary to control the abuses of government.” Id.

Our decision today is not costless. But our rights are priceless. Reasonable minds can differ, of course, over the proper balance to strike between public interests and individual rights. Time and again, modern technology has proven to be a blessing as well as a curse. Our panel decision today endeavors to apply our Founding charter to the realities of modern technology, consistent with governing precedent. I concur in that decision.

First spotted by Kotaku, Game Informer’s official X account announced the news.

The Final Level: Farewell from Game Informer

After 33 thrilling years of bringing the the latest news, reviews, and insights from the ever-evolving world of gaming, it is with a heavy heart that we announce the closure of Game Informer.

From the early days of pixelated adventures to today’s immersive virtual realms, we’ve been honored to share this incredible journey with you, our loyal readers. While our presses may stop, the passion for gaming that we’ve cultivated together will continue to live on.

Thank you for being part of our epic quest, and may your own gaming adventures never end.

Game Informer (@gameinformer) | August 2, 2024

Game Informer’s closure is the end of an era, as it was the last print magazine in the US gaming industry. According to Kotaku, the entire staff was laid off as part of the closure.

Background

Judge Nina Morrison, of the Eastern District of New York, ruled that Customs and Border Patrol needs probable cause and a valid warrant to seize and search travelers’ cell phones.

The ruling—at least in the Eastern District of New York—is a major blow to federal agents, who have long maintained that the Fourth Amendment does not apply at the border. As a result, it has become increasingly common for individuals to be forced to hand over their device and passcode, giving agents the ability to peruse their private information. In many cases, agents have made full copies of the contents of a person’s phone before returning it.

Judge Morrison’s ruling joins a number of similar decisions, helping set a legal precedent that may one day provide nationwide protection for travelers and their private data.

Why It Matters

Unfortunately, a number of the cases that have tackled the issue of data privacy at the border have involved individuals engaging in despicable behavior. For example, the plaintiff in the case before Judge Morrison was accused of possessing child sexual abuse material.

Criminal behavior is far from the only reason for protecting one’s data at the border, however. In fact, there are many legitimate reasons why perfectly law-abiding citizens should be concerned. Below are just a few examples.

Journalists

As Judge Morrison noted in her ruling, journalists have increasingly been targeted by CBP agents intent on searching their devices. This has especially been true among journalists who write about privacy and other politically sensitive topics. As Judge Morrison described, this action appears to be a coordinated effort to surveil journalists.

After formal complaints were filed regarding a series of such incidents in 2019, it was revealed that they may not have been the isolated acts of individual border agents who suspected that a particular traveler’s device contained contraband but instead part of a targeted effort to surveil journalists in particular: a non-public CBP database that contained the names of journalists covering migration issues and which pushed “alerts” to flag those journalists for secondary screening when they returned from international travel.

Judge Morrison goes on to say that this kind of surveillance, whether coordinated or not, severely undermines the ability of journalists to do their job.

And even without the specter of a larger, insidious effort targeting journalists at the border, there remains a considerable and undue risk that — without the safeguards of a judicial warrant — journalists’ sources in and outside the United States will be fearful of relaying information about matters of public concern to them.

Medical and Science Professionals

Medicals professionals are bound by law to protect their patients’ privacy. What happens, however, when agents seize a doctor’s devices, devices which may contain sensitive information?

Similarly, what about a scientist en route to a conference with sensitive research in their possession?

Entrepreneurs and Executives

Entrepreneurs and corporate executives often have access to sensitive information and corporate, and it’s not uncommon for them to bring projects with them so they can continuing working while traveling.

Unfortunately, under CBP’s interpretation of the law, such individuals could see their life’s work literally ripped from their hands and copied by other individuals. While that doesn’t mean the US government is going to steal their intellectual property, government agencies are no more immune to outside hackers or internal corruption than any other organization.

In short, once an individual loses control of their information, all bets are off on what may happen to it.

Religious Leaders

Religious leaders are another demographic that often are privy to private information, with a moral and ethical responsibility to protect the privacy of individuals who have confided in them. If a religious leader’s devices are confiscated, unlocked, and copied, is there any guarantee that sensitive information contained on those devices will remain private?

Other Considerations

As the above examples show, there are any number of situations—far more than what has been covered here—in which violating travelers’ privacy can have profoundly negative implications. And none of the above examples address the emotional toll of having one’s private data accessed by complete strangers, something Judge Morrison made special note of.

A person’s search history can reveal the questions that keep him up at night, including questions he might be too ashamed to ask his spouse or doctor. Data on a person’s cell phone may reflect information about her that is so private, she would not disclose it to her therapist or closest friend. It is not just that cell phones often contain intimate information available in microscopic detail — the number of steps the phone’s user took that day and where she took them, the results of recent blood work in the application where her doctor uploads all her medical records, or the calendar reminder for a meeting with her local Alcoholics Anonymous chapter or prayer group. It i s that the details, taken together, can provide a kaleidoscopic view of the user’s whole life.

In view of what’s at stake, what can travelers do?

Practical Steps to Protect Your Data

The first thing travelers must do is realize they must be proactive in protecting their data, especially in jurisdictions that are not covered by favorable decisions, like Judge Morrison’s. Unfortunately, this may at times result in a fair amount of inconvenience, but not nearly as much as losing control of one’s private data and having to deal with the fallout.

Below are a few steps travelers should consider taking.

Limit the Number of Devices

One of the biggest precautions travelers can take is limiting the number of devices they bring when traveling. A single smartphone is much easier to protect than a smartphone, tablet, and computer. The more devices that are in play, the more attack vectors agents have to compromise an individual’s privacy.

Disable Biometrics In Favor of Passwords/Passcodes

While fingerprints and facial recognition are convenient ways to unlock a device, they also represent a legal gray area.

A number of courts have ruled that law enforcement cannot force a person to hand over their password or passcode. Some of those courts, however, have ruled that biometric security measures do not have the same legal protection, meaning there is more of a legal basis for agents to force a user to provide a fingerprint or facial recognition unlock.

As a result, it’s better to simply disable biometrics and rely on good old-fashioned passcodes when traveling.

Log Out of Cloud Accounts

Most modern devices should be viewed as a doorway to an individual’s life, rather than the destination itself. In other words, with the rise of cloud computing, most users don’t just keep everything on a single device. Instead, that device is often connected to any number of cloud services that contain infinitely more data than resides on the device alone.

In fact, this concern was specifically mentioned by the Ninth Circuit Court in one of its rulings (via the Electronic Frontier Foundation).

With the ubiquity of cloud computing, the government’s reach into private data becomes even more problematic. In the “cloud,” a user’s data, including the same kind of highly sensitive data one would have in “papers” at home, is held on remote servers rather than on the device itself. The digital device is a conduit to retrieving information from the cloud, akin to the key to a safe deposit box. Notably, although the virtual “safe deposit box” does not itself cross the border, it may appear as a seamless part of the digital device when presented at the border.

Because of this, it’s important to log out of any cloud services before traveling, that way agents cannot gain access to the data stored on those accounts, even if they gain access to the device’s contents.

Importantly, this also means making sure that passwords to online accounts are properly cleared before traveling. Otherwise, agents could still gain access.

Use Full Disk Encryption

Every major operating system—Linux, macOS, Windows, Android, and iOS—provide the option for full disk encryption (FDE), with some enabling it by default. This is different than encrypting specific folders, such as a user’s home directory, and is far stronger.

Power Off Devices Rather Than Suspend

Travelers should make sure that devices are powered off when crossing a border, rather than merely suspending them. This is especially true of computers, but applies to mobile devices as well.

While computers, phones, and tablets have login screens designed to protect data when a device is suspended, or the screen is locked, these measures are not foolproof. There are a number of ways that lock screens can sometimes be bypassed.

As a result, for the best protection, it’s a good idea to completely power devices off.

Use Secure Boot On Windows and Linux Computers

Travelers should make sure Secure Boot is enabled on computers. Secure Boot is designed to protect the boot process and ensure that no outside software is introduced in an effort to gain access.

In many cases, Secure Boot is enabled by default, but one should check their UEFI settings to be sure.

Use Panic Mode, Lockdown Mode, or Duress Code

Most mobile devices have some form of feature designed to shut down the most vulnerable forms of attack. This is useful for those situations when a traveler must keep their phone while traveling.

For example, iOS has Panic Mode that disables facial recognition and fingerprint scanning, requiring the user enter a passcode. When the feature is activated, via Settings > Emergency SOS, a user can tap the power button five times to activate it.

Android has a similar feature called Lockdown. A user can simply hold the power button down and choose Lockdown from the on-screen popup.

GrapheneOS—a security hardened version of Android used by Edward Snowden, yours truly, and many other journalists—takes things a step further with a duress code. In other words, a user can set a duress code in GrapheneOS that can be given to someone instead of the phone’s real passcode. When the duress code is entered, the phone immediately and securely wipes all data from itself.

Legal Steps to Protect Private Data

While the above steps are practical measures travelers can take, there are legal factors to consider, as highlighted by the Electronic Frontier Foundation (EFF).

As the EFF highlights, even in areas not covered by the recent favorable court rulings, the border is not completely a legal Wild West.

However, the U.S. border is not a Constitution-free zone. The powers of border agents are tempered by our Fourth Amendment right to digital privacy, our First Amendment rights to speak and associate privately and to gather the news, our Fifth Amendment right to freedom from self-incrimination, and our Fourteenth Amendment right to freedom from discrimination.

The EFF goes on to point out that travelers must be aware of the distinction between routine searches and non-routine ones. For example, it is completely normal and routine for agents to search one’s bags or belongs, either via a metal detector or manually.

In contrast, the EFF maintains that searching, let alone copying, the contents of one’s digital devices constitutes a non-routine search, a position that at least some court decisions have supported.

In view of these issues, what should a person do?

Do Not Be Quick to Waive Constitutional Rights

The EFF makes the case that travelers—especially US citizens—should not be quick to waive their constitutional protections.

The constitutional protections described above can be waived. For example, the Fourth Amendment allows law enforcement officials to search people or their property if those people voluntarily consent to the search.

That said, whether consent is truly “voluntary” depends on the totality of the circumstances, such as the nature of the questioning and the youth of the person being questioned.66 There is a strong argument that a traveler’s compliance when border agents demand the unlocking of a device, the device password, or social media information, should never be treated as voluntary consent. Border screening is an inherently coercive environment, where agents exercise extraordinary powers, and travelers are often confused, tired after international travel, and/or rushing to make a connecting flight.

However, courts may rule otherwise. It is possible that if you unlock your device, and agents then search your device, a court will rule that you consented to the search. It will depend upon the totality of the unique circumstances surrounding your particular border crossing.

…the best way to avoid an inadvertent “consent” to search is to decline to unlock your device, provide the device password, or provide any social media information.

The EFF’s report is well worth a read, and goes into detail on the various factors that come into play when the individual is a foreign visitor or a permanent resident.

Conclusion

Until legislation or a Supreme Court ruling provides clear guidelines and protections that apply nationwide, the border will continue to be a gray area that affords more protections in some regions than in others.

To be forewarned is to be forearmed, and nowhere is that more true than when it comes to protecting one’s private data.

Following the steps in this article, as well as the excellent EFF report, can help travelers be as well-equipped as possible to protect their data at the border.

EFF Full Report.

The US government and Customs and Border Patrol (CBP) has long maintained that the Fourth Amendment doesn’t apply at the border. As a result, agents will detain individuals without probable cause or a warrant, demanding they hand over their electronic devices and passwords, often copying the entire contents of the devices before returning them.

In a case brought by Kurbonali Sultanov, Judge Morrison called out the government’s position that cell phones should be searchable without a warrant, saying it was a “remarkable” claim (documents courtesy of Knight First Amendment Institute at Columbia University).

The government takes the remarkable position here that cell phones should not be treated any differently for Fourth Amendment purposes than any other property a traveler carries across a border. Opp’n Br. It urges this Court to deem such searches “routine” and to hold that no individualized suspicion whatsoever is needed for border officials to search a traveler’s cell phone upon entry into the United States….In essence, the government argues that no practical limits should be placed on cell phone searches at the border whatsoever, as long as they fall into what agents categorize as a “manual” search (i.e., one unaided by extrinsic technology but limited only by the border agents’ time and interest in examining the phone’s contents).

And the government’s position fails to account for both the substantial privacy intrusions at issue here, as well as the Supreme Court’s Fourth Amendment jurisprudence concerning other advanced technologies that carry with them the potential to reveal vast amounts of the owner’s personal data.

Legal Precedent

Judge Morrison emphasized the sensitive nature of data that is available through a forcible search of one’s phone, and the intimate details of a person’s life such a search would reveal.

Until technology that can “translate people’s brain activity — like the unspoken thoughts swirling through our minds — into actual speech” meaningfully advances,8 reviewing the information in a person’s cell phone is the best approximation government officials have for mindreading. A person’s search history can reveal the questions that keep him up at night, including questions he might be too ashamed to ask his spouse or doctor. Data on a person’s cell phone may reflect information about her that is so private, she would not disclose it to her therapist or closest friend. It is not just that cell phones often contain intimate information available in microscopic detail — the number of steps the phone’s user took that day and where she took them, the results of recent blood work in the application where her doctor uploads all her medical records, or the calendar reminder for a meeting with her local Alcoholics Anonymous chapter or prayer group. It i s that the details, taken together, can provide a kaleidoscopic view of the user’s whole life.

Judge Morrison compares the situation to previous rulings that applied the Fourth Amendment to cell phone location data.

In Carpenter v. United States, 585 U.S. 296, 311–12 (2018), the Court concluded that cell-site location data, even though it is collected by (and thus not kept private from) third party cell phone companies, requires Fourth Amendment protection for precisely this reason….It reasoned that cell-site location data “provides an all-encompassing record of the holder’s whereabouts. As with GPS information, the time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’”

Judge Morrison then makes the point that, if protections apply to location data, they should apply even more to data on one’s phone.

The logic of Carpenter applies with even greater force to the information contained on cell phones, which includes not only the historic and specific location information captured by cell-site data, but droves of other sensitive information that is “detailed, encyclopedic, and effortlessly compiled.” Id. at 297. If the cell-site location records at issue in Carpenter hold “the privacies of life,” id.at 305 (citation omitted), then surely the heightened privacy interests associated with the far greater trove of information in a traveler’s cell phone data strike at the very heart of the Fourth Amendment.

The case also shown a spotlight on issues involving journalists, in which many have seemingly been targeted by border agents, especially after writing pieces about sensitive political topics.

The amici brief filed by the Knight First Amendment Institute at Columbia University and the Reporters Committee for Freedom of the Press makes a persuasive case that warrantless searches of cell phones not only constitute an unjustified governmental intrusion into travelers’ private expressions of religion, personal associations, and journalistic endeavors — they also risk chilling the exercise of those rights. Specifically, amici assert that border searches of electronic devices burden freedom of the press by chilling reporter-source communications. Amici Br. 12. They argue that “[j]ournalists are particularly vulnerable to the chilling effects of electronic device searches, both because confidential or vulnerable sources may refuse to speak with reporters for fear that anything they say may end up in the government’s hands, and because such searches can be used to retaliate against or deter reporting critical of the government.”

Judge Morrison said there is evidence to support the belief that incidents with journalists were not random, nor were they the work of overzealous agents, but likely a “targeted effort to surveil journalists.”

Amici’s concerns are not hypothetical but instead are based on the recent experience of numerous journalists who were flagged for secondary inspection and were required to surrender their electronic devices for warrantless searches and, in some cases, downloading of the devices’ contact lists and contents based on these journalists’ ongoing coverage of politically sensitive issues, like migration through the U.S.-Mexico border.12 After formal complaints were filed regarding a series of such incidents in 2019, it was revealed that they may not have been the isolated acts of individual border agents who suspected that a particular traveler’s device contained contraband but instead part of a targeted effort to surveil journalists in particular: a non-public CBP database that contained the names of journalists covering migration issues and which pushed “alerts” to flag those journalists for secondary screening when they returned from international travel.13 And even without the specter of a larger, insidious effort targeting journalists at the border, there remains a considerable and undue risk that — without the safeguards of a judicial warrant — journalists’ sources in and outside the United States will be fearful of relaying information about matters of public concern to them. If journalists cannot reasonably assure their sources that border officials will not have broad discretion to access and download their contacts, notes, electronic messages, and recordings, the risk of chilling fundamental press activities is unduly high.

Conclusion

In her final conclusion, Judge Morrison ruled that probable cause and a warrant must be the bar that is met for the government to be given access to such an intimate look into the life of individuals.

The right to dissent is the “fixed star in our constitutional constellation.” W.Va. State Bd. of Educ. v. Barnette, 319 U.S. 624, 642 (1943). Courts must be vigilant in protecting that right, whether in the context of barring compelled speech, see id., or — as here — guarding against government intrusion into the private, expressive activities of those who may hold disfavored viewpoints. Where the government seeks access to private devices that hold such a vast array of expressive content, only the standard conceived by the Founders and codified in the Fourth Amendment — probable cause and the approval of a neutral magistrate — can bear the weight of that obligation.

Judge Morrison’s ruling is a welcome one for journalists and non-journalists alike, shutting down what many believed to be a blatant example of unconstitutional government overreach. While the ruling applies primarily to the Eastern District of New York, Judge Morrison’s decision joins a growing list of similar decisions that have placed the burden on CBP to have a legitimate basis to search a traveler’s phone.

With the growing number of cases upholding the Fourth Amendment, a legal precedent is slowly being set that should lead to greater protections for individual privacy. In the wake of Judge Morrison’s ruling—at least in New York—users’ private data should be a bit more secure at the US border than it has been in decades.

More Information

Please see How to Protect Your Data At the US Border for more info and practical steps every traveler can take to protect their data.

The FCC voted in April to restore net neutrality. The rules, which ensure companies cannot penalize or throttle certain internet traffic, were originally passed during the Obama administration, before being repealed by the Trump-era FCC.

The current FCC voted 3-2 to restore net neutrality, even closing loopholes that experts warned could be abused by internet service providers. Michael Powell, President & CEO of NCTA – The Internet & Television Association, wasted no time promising “years of litigation and uncertainty.”

According to The Verge, the Sixth Circuit Court of Appeals’ panel of judges said a temporary “administrative stay is warranted.” The judges are weighing the merits of the case brought by broadband providers.

The administrative stay is in effect till August 5, at which point the judges will hopefully have reached a final decision.