Originally reported by Schneier on Security, WIRED Security
TL;DR
The FBI has admitted to purchasing phone location data to track Americans without warrants, while political pressure mounts to renew controversial FISA surveillance authorities. Meanwhile, cyberattacks continue disrupting critical services from car breathalyzer systems to Maryland hospitals.
The FBI's confirmed purchase of Americans' phone data represents a significant privacy concern with policy implications, while the FISA reauthorization debate affects fundamental surveillance authorities.
Three developments this week highlight ongoing tensions between security operations and privacy rights, from federal surveillance practices to critical infrastructure attacks.
The FBI has acknowledged purchasing phone location data from commercial data brokers to track Americans, according to reporting by WIRED. This practice allows federal agents to monitor citizen movements without obtaining traditional warrants, leveraging the vast ecosystem of location data harvested by apps and sold through intermediary companies.
The admission comes amid broader scrutiny of law enforcement's use of commercially available information to circumvent Fourth Amendment protections. Data brokers routinely aggregate location information from smartphone apps, creating detailed movement profiles that can be purchased by government agencies and private entities.
This practice effectively creates a parallel surveillance infrastructure outside traditional legal frameworks, where location data equivalent to what would require a warrant when obtained directly from carriers can be purchased on the open market.
Congressman Jim Himes is urging Democratic colleagues to support reauthorization of Section 702 surveillance authorities, claiming he has seen no evidence of abuses under FBI Director Kash Patel's leadership, according to internal messaging obtained by WIRED.
Section 702 of the Foreign Intelligence Surveillance Act allows warrantless collection of communications from foreign targets, but critics argue it enables backdoor surveillance of American citizens whose communications are incidentally collected. The authority requires periodic reauthorization by Congress.
Himes' position represents a shift from previous Democratic skepticism toward expansive surveillance powers. His support comes despite documented historical abuses of FISA authorities and ongoing civil liberties concerns from privacy advocates and some lawmakers.
The reauthorization debate reflects broader tensions over balancing national security imperatives against constitutional privacy protections, particularly as surveillance technologies become more sophisticated and pervasive.
A cyberattack on a car breathalyzer company has left drivers with court-mandated ignition interlock devices unable to start their vehicles, creating compliance and mobility issues for affected individuals.
The incident underscores how cyberattacks on specialized service providers can have cascading effects on vulnerable populations. Ignition interlock devices are typically court-ordered for DUI offenders and require regular calibration and monitoring through connected services.
Separately, Iranian-linked threat actors have disrupted medical care at hospitals in Maryland, continuing a pattern of healthcare sector targeting by state-sponsored groups. Healthcare systems remain attractive targets due to their critical nature, often outdated security infrastructure, and willingness to pay ransoms to restore patient care operations.
These attacks demonstrate how threat actors increasingly target specialized industries and critical services, where operational disruption can force rapid response and payment decisions.
Originally reported by Schneier on Security, WIRED Security