Latest news with #OfficeofPersonalManagement
Yahoo
22-05-2025
- Business
- Yahoo
Tariffs or not, China's infiltration of US systems needs new attention
The markets are sharing a collective — if temporarily — sigh of relief as China and the United States reached a 90-day tariff deal. What cannot be avoided, however, is the underbelly of China's relations with the U.S. and other advanced economies — namely, the unrelenting pursuit of sensitive data and technologies. Press coverage of TikTok might lead some to think that the platform's capabilities and Chinese ownership pose a singular challenge to regulators and law enforcement officials in the United States, Europe and other democracies seized with concerns about protecting privacy, personal data and ultimately, their nations' security. The reality is that China's premeditated path toward legally and illegally seeking and gaining access to Americans' personal data began more than a decade ago when the PRC hacked and gained access to the Office of Personal Management's (OPM) database related to security clearances, exfiltrating the sensitive personal data of more than 20 million U.S. citizens approved for access to classified government material. The PRC's purpose in seizing the data of current and former U.S. officials does not require much imagination. Since then, China's methods have become more sophisticated and largely focused on commercial approaches leveraging the growing digital environment. Also, the vast distribution of software and hardware supply chains over the past 20 years, especially to China, have further facilitated the Chinese Communist Party's (CCP) aims. Globalization ironically has been the grand enabler of President Xi's vision to dominate the world economically and militarily on a foundation of stolen knowledge. Technologies upon which the consumer market relies offer optimal access to sensitive personal data. Consider the payment systems in U.S. stores, where point-of-sale terminals made by PAX Technology, a Chinese company, have become widely used by banks and across the retail sector. In October 2021, the FBI raided PAX's U.S. offices following reports of unexplained network activity and concerns about potential data vulnerabilities. A U.S. Treasury Department investigation later confirmed that PAX was sending encrypted data to unknown third-parties. It's not just financial information that is of interest to China. Access to Americans' DNA through companies that are focused on health care and identifying ancestry appear even more ominous in the wake of the COVID-19 pandemic. But setting individual data-rich companies aside, Chinese entities have also secured stakes in U.S. and allied cloud infrastructure platforms, raising questions about who ultimately controls or can gain access to sensitive enterprise and government data. The challenge facing the U.S. and allied governments is how to protect systems, citizens, infrastructure and industries from China's multi-front assaults. There are multiple approaches currently being used and new ones to be considered. Imposing fines, such as the $600 million one imposed in May on TikTok by the Irish Data Protection Commission following claims that the app unlawfully transferred residents' data to China without protection from government surveillance, is one method. Another is regulation on specific transactions. Interagency bodies such as the Committee on Foreign Investment in the United States (CFIUS) can effectively block a transaction involving Chinese entities acquiring U.S. companies with sensitive data. The Executive Branch together with Congress are poised to continuously update the varied regulatory and legal regimes that touch on these matters. In addition to CFIUS and Export Control Reform Act (ECRA) authorities, there are Defense Department supply chain regulations focused on software and hardware supply chain security, integrity and resilience. These efforts are being expanded beyond the Pentagon to the Departments of Homeland Security, Energy, and Transportation, to cover critical non-defense-related data and infrastructure. Market-based incentives — such as tax credits, loan guarantees, and preferential procurement approaches can effectively support domestic and allied alternatives to Chinese technologies. Fostering more opportunities and inducements for American innovation can help reduce dependence on foreign suppliers especially from risky countries. But what about the Chinese companies that are already operating with impunity in the United States? Or corporate structures and state-directed investment funds that funnel money through seemingly non-Chinese-owned entities? It may be timely to establish an interagency council concentrating on identifying high-risk threats, identifying gaps and coordinating mitigation strategies, thereby building on agencies' work already underway. One option may be to consider means by which additional transparency requirements related to personnel and technology sources could be required – not only in relation to U.S. government contracts – but for non-Five Eyes foreign-influenced tech firms operating in the United States in critical infrastructure, data services, health care, and financial technology. To reinforce such an endeavor, America should deepen cooperation with its NATO allies and Indo-Pacific partners and collaborate in securing procurement pathways, as well as developing trusted platforms. Finally, focus is critical – assessing where China could gain a dangerous advantage and how best to leverage limited government resources. The mission is vital. Not only do Americans deserve to know who controls the systems that collect and store their data, where that information might ultimately go, and for what purposes, they deserve to be protected from our adversaries' malign actions. Safeguarding data is not enough. Across the board, from the hardware in our weapons systems to the software in our payment systems, the time to smartly reduce our exposure is now. Failing to do so won't just cost us economically — it may one day cost us militarily. And by then, the price may be far higher than we are able to pay. Mira Ricardel is a non-executive board director of Titomic and served as under secretary of commerce for the Bureau of Industry and Security from August 2017- April 2018 and then as deputy National Security Advisor April-November 2018. She was a vice president at the Boeing Company from 2006-2015.
CNN
07-02-2025
- Business
- CNN
Why privacy laws are the tip of the legal spear against Musk and Trump
What access Elon Musk has to closely-guarded government data – including sensitive information it has collected about and from the American public – is a key battlefront in the ongoing and quickly-moving legal war over how President Donald Trump has sought to drastically transform the federal bureaucracy. Multiple lawsuits accuse the administration of violating privacy law and other protections in allegedly allowing affiliates of the Musk-led Department of Government Efficiency to take control of highly restricted government IT systems. Judges have moved swiftly – sometimes scheduling hearings on just a few hours' notice – to try to understand what the DOGE affiliates are up to in reaching into the digital infrastructure through which the government carries some of its most fundamental operations. 'We don't have much facts, other than what's out in the media,' Judge Colleen Kollar-Kotelly told administration lawyers in a case concerning the government's system for transmitting trillions of dollars of payments each year. Already, lawsuits have been filed challenging the alleged actions taken by Musk associates to seize the keys of IT systems at the Office of Personal Management, the Treasury Department and the Department of Labor. More litigation may be coming, as DOGE affiliates have also set their sights on sensitive data at several other agencies, including the US Agency for International Development; the National Oceanic and Atmospheric Administration, and the Centers for Medicare and Medicaid Services, which administers the major federal health programs. Democratic attorneys general from a dozen states said Thursday that they also planned to add to the pile of lawsuits. It's not clear what kind of vetting Musk's allies – who have been installed at agencies across the federal bureaucracy, usually in a temporary status known as 'special government employees' – were subjected to before taking the helm of systems that are usually operated by a small group of career federal employees. The Trump administration has also not been forthcoming about what limits are being placed on the data's use, even though the systems are typically covered under federal privacy law. 'It's not just about these civil servants versus these agents of Elon Musk,' said Kathleen Clark, a Washington University Law professor specializing in legal and government ethics. 'It's also a matter of whether these agents of Elon Musk illegally accessed and downloaded information that is protected by statute.' Faced with the allegations of unlawful access, the Justice Department has said in court that proper protocols have been followed and security of such data has not been breached. The data-focused lawsuits are likely only one wave of legal scrutiny DOGE will face, as other newly filed cases accuse Musk and others of making sweeping changes to how the federal government operates without having the authority to do so. But privacy claims have been the tip of the spear in the legal effort to slow Musk's unprecedented and highly disruptive march through the federal bureaucracy. 'You can't just bring in everyone you want into the federal government, it's not like the private sector,' said Virginia Canter, the chief ethics counsel at Citizens for Responsibility and Ethics in Washington, or CREW. 'There are laws in place that protect people's access to information that's collected by the government.' The Treasury case has already yielded an agreement from the Trump administration limiting who would have access to the government payment system, which is operated by the Treasury Department's Bureau of the Fiscal Service, while the lawsuit moves forward. Justice Department lawyers have had to face questions in court about the state of play around the data systems and why DOGE wants access to them – but those attorneys have not aways had clear answers. 'I don't know if I can say nothing has been done' with records in the system, attorney Bradley Humphreys said at a Wednesday hearing in the Treasury case, while stressing that the department believed there had been no breaches to Americans' private information. While not directly aimed at DOGE, another lawsuit against the Trump administration produced similar hedging from the government's attorneys. Several FBI employees, along with the agency's union, have sued the Justice Department over its collection of information from bureau staff to identify who worked on the January 6 Capitol riot probes, including the investigation into Trump. The lawsuits argue that release of names or other information about employees who worked on the probes present grave risks to their safety. At a Thursday hearing, the employees' lawyers raised concerns that Musk or his allies could access DOJ computers containing the information. Pressed by the court, the administration's attorney couldn't say for sure who might have access to the data in the future and he resisted signing off on a proposed temporary agreement that would block anyone in the government from releasing the information publicly. 'There has not been an official disclosure outside the department,' DOJ attorney Jeremy Simon said, while also acknowledging that other government officials could have gotten access to the list through 'unofficial' means. Judge Jia Cobb issued an administrative order maintaining the status quo until another hearing Friday. The administration has been able to sidestep one of the court cases as a judge on Thursday declined an emergency request to halt the Trump administration's use of a recently created government-wide email distribution system, alleged to present security concerns for protecting civil servants' private data. Judge Randy Moss told the challengers they would need to rework their lawsuit after the Office of Personnel Management said it had done the required privacy assessment that was the basis of the case. But the legal peril remains for other aspects of DOGE's wide-ranging data-mining mission. Proceedings in the Treasury and FBI cases will continue in the coming weeks. On Friday, a judge will weigh a request for a temporary restraining order in a lawsuit brought by several federal unions and others that would block DOGE associates from accessing sensitive data at the Department of Labor. In court filings, the challengers alleged that department employees were told they'd be terminated if they did not open up the systems to the government newcomers. At risk, their lawsuit says, is the security of data systems that 'contain the most private, sensitive employee and medical information on virtually every worker in America.' In a Thursday night evening declaration, a DOGE representative detailed to the department said that he and others like him would follow all legal rules governing the data and would comply with any directive from the agency's leaders.
Yahoo
07-02-2025
- Business
- Yahoo
Why privacy laws are the tip of the legal spear against Musk and Trump
What access Elon Musk has to closely-guarded government data – including sensitive information it has collected about and from the American public – is a key battlefront in the ongoing and quickly-moving legal war over how President Donald Trump has sought to drastically transform the federal bureaucracy. Multiple lawsuits accuse the administration of violating privacy law and other protections in allegedly allowing affiliates of the Musk-led Department of Government Efficiency to take control of highly restricted government IT systems. Judges have moved swiftly – sometimes scheduling hearings on just a few hours' notice – to try to understand what the DOGE affiliates are up to in reaching into the digital infrastructure through which the government carries some of its most fundamental operations. 'We don't have much facts, other than what's out in the media,' Judge Colleen Kollar-Kotelly told administration lawyers in a case concerning the government's system for transmitting trillions of dollars of payments each year. Already, lawsuits have been filed challenging the alleged actions taken by Musk associates to seize the keys of IT systems at the Office of Personal Management, the Treasury Department and the Department of Labor. More litigation may be coming, as DOGE affiliates have also set their sights on sensitive data at several other agencies, including the US Agency for International Development; the National Oceanic and Atmospheric Administration, and the Centers for Medicare and Medicaid Services, which administers the major federal health programs. Democratic attorneys general from a dozen states said Thursday that they also planned to add to the pile of lawsuits. It's not clear what kind of vetting Musk's allies – who have been installed at agencies across the federal bureaucracy, usually in a temporary status known as 'special government employees' – were subjected to before taking the helm of systems that are usually operated by a small group of career federal employees. The Trump administration has also not been forthcoming about what limits are being placed on the data's use, even though the systems are typically covered under federal privacy law. 'It's not just about these civil servants versus these agents of Elon Musk,' said Kathleen Clark, a Washington University Law professor specializing in legal and government ethics. 'It's also a matter of whether these agents of Elon Musk illegally accessed and downloaded information that is protected by statute.' Faced with the allegations of unlawful access, the Justice Department has said in court that proper protocols have been followed and security of such data has not been breached. The data-focused lawsuits are likely only one wave of legal scrutiny DOGE will face, as other newly filed cases accuse Musk and others of making sweeping changes to how the federal government operates without having the authority to do so. But privacy claims have been the tip of the spear in the legal effort to slow Musk's unprecedented and highly disruptive march through the federal bureaucracy. 'You can't just bring in everyone you want into the federal government, it's not like the private sector,' said Virginia Canter, the chief ethics counsel at Citizens for Responsibility and Ethics in Washington, or CREW. 'There are laws in place that protect people's access to information that's collected by the government.' The Treasury case has already yielded an agreement from the Trump administration limiting who would have access to the government payment system, which is operated by the Treasury Department's Bureau of the Fiscal Service, while the lawsuit moves forward. Justice Department lawyers have had to face questions in court about the state of play around the data systems and why DOGE wants access to them – but those attorneys have not aways had clear answers. 'I don't know if I can say nothing has been done' with records in the system, attorney Bradley Humphreys said at a Wednesday hearing in the Treasury case, while stressing that the department believed there had been no breaches to Americans' private information. While not directly aimed at DOGE, another lawsuit against the Trump administration produced similar hedging from the government's attorneys. Several FBI employees, along with the agency's union, have sued the Justice Department over its collection of information from bureau staff to identify who worked on the January 6 Capitol riot probes, including the investigation into Trump. The lawsuits argue that release of names or other information about employees who worked on the probes present grave risks to their safety. At a Thursday hearing, the employees' lawyers raised concerns that Musk or his allies could access DOJ computers containing the information. Pressed by the court, the administration's attorney couldn't say for sure who might have access to the data in the future and he resisted signing off on a proposed temporary agreement that would block anyone in the government from releasing the information publicly. 'There has not been an official disclosure outside the department,' DOJ attorney Jeremy Simon said, while also acknowledging that other government officials could have gotten access to the list through 'unofficial' means. Judge Jia Cobb issued an administrative order maintaining the status quo until another hearing Friday. The administration has been able to sidestep one of the court cases as a judge on Thursday declined an emergency request to halt the Trump administration's use of a recently created government-wide email distribution system, alleged to present security concerns for protecting civil servants' private data. Judge Randy Moss told the challengers they would need to rework their lawsuit after the Office of Personnel Management said it had done the required privacy assessment that was the basis of the case. But the legal peril remains for other aspects of DOGE's wide-ranging data-mining mission. Proceedings in the Treasury and FBI cases will continue in the coming weeks. On Friday, a judge will weigh a request for a temporary restraining order in a lawsuit brought by several federal unions and others that would block DOGE associates from accessing sensitive data at the Department of Labor. In court filings, the challengers alleged that department employees were told they'd be terminated if they did not open up the systems to the government newcomers. At risk, their lawsuit says, is the security of data systems that 'contain the most private, sensitive employee and medical information on virtually every worker in America.' In a Thursday night evening declaration, a DOGE representative detailed to the department said that he and others like him would follow all legal rules governing the data and would comply with any directive from the agency's leaders. CNN's Tami Luhby, Ella Nilsen and Rene Marsh contributed to this report.
CNN
07-02-2025
- Business
- CNN
Why privacy laws are the tip of the legal spear against Musk and Trump
What access Elon Musk has to closely-guarded government data – including sensitive information it has collected about and from the American public – is a key battlefront in the ongoing and quickly-moving legal war over how President Donald Trump has sought to drastically transform the federal bureaucracy. Multiple lawsuits accuse the administration of violating privacy law and other protections in allegedly allowing affiliates of the Musk-led Department of Government Efficiency to take control of highly restricted government IT systems. Judges have moved swiftly – sometimes scheduling hearings on just a few hours' notice – to try to understand what the DOGE affiliates are up to in reaching into the digital infrastructure through which the government carries some of its most fundamental operations. 'We don't have much facts, other than what's out in the media,' Judge Colleen Kollar-Kotelly told administration lawyers in a case concerning the government's system for transmitting trillions of dollars of payments each year. Already, lawsuits have been filed challenging the alleged actions taken by Musk associates to seize the keys of IT systems at the Office of Personal Management, the Treasury Department and the Department of Labor. More litigation may be coming, as DOGE affiliates have also set their sights on sensitive data at several other agencies, including the US Agency for International Development; the National Oceanic and Atmospheric Administration, and the Centers for Medicare and Medicaid Services, which administers the major federal health programs. Democratic attorneys general from a dozen states said Thursday that they also planned to add to the pile of lawsuits. It's not clear what kind of vetting Musk's allies – who have been installed at agencies across the federal bureaucracy, usually in a temporary status known as 'special government employees' – were subjected to before taking the helm of systems that are usually operated by a small group of career federal employees. The Trump administration has also not been forthcoming about what limits are being placed on the data's use, even though the systems are typically covered under federal privacy law. 'It's not just about these civil servants versus these agents of Elon Musk,' said Kathleen Clark, a Washington University Law professor specializing in legal and government ethics. 'It's also a matter of whether these agents of Elon Musk illegally accessed and downloaded information that is protected by statute.' Faced with the allegations of unlawful access, the Justice Department has said in court that proper protocols have been followed and security of such data has not been breached. The data-focused lawsuits are likely only one wave of legal scrutiny DOGE will face, as other newly filed cases accuse Musk and others of making sweeping changes to how the federal government operates without having the authority to do so. But privacy claims have been the tip of the spear in the legal effort to slow Musk's unprecedented and highly disruptive march through the federal bureaucracy. 'You can't just bring in everyone you want into the federal government, it's not like the private sector,' said Virginia Canter, the chief ethics counsel at Citizens for Responsibility and Ethics in Washington, or CREW. 'There are laws in place that protect people's access to information that's collected by the government.' The Treasury case has already yielded an agreement from the Trump administration limiting who would have access to the government payment system, which is operated by the Treasury Department's Bureau of the Fiscal Service, while the lawsuit moves forward. Justice Department lawyers have had to face questions in court about the state of play around the data systems and why DOGE wants access to them – but those attorneys have not aways had clear answers. 'I don't know if I can say nothing has been done' with records in the system, attorney Bradley Humphreys said at a Wednesday hearing in the Treasury case, while stressing that the department believed there had been no breaches to Americans' private information. While not directly aimed at DOGE, another lawsuit against the Trump administration produced similar hedging from the government's attorneys. Several FBI employees, along with the agency's union, have sued the Justice Department over its collection of information from bureau staff to identify who worked on the January 6 Capitol riot probes, including the investigation into Trump. The lawsuits argue that release of names or other information about employees who worked on the probes present grave risks to their safety. At a Thursday hearing, the employees' lawyers raised concerns that Musk or his allies could access DOJ computers containing the information. Pressed by the court, the administration's attorney couldn't say for sure who might have access to the data in the future and he resisted signing off on a proposed temporary agreement that would block anyone in the government from releasing the information publicly. 'There has not been an official disclosure outside the department,' DOJ attorney Jeremy Simon said, while also acknowledging that other government officials could have gotten access to the list through 'unofficial' means. Judge Jia Cobb issued an administrative order maintaining the status quo until another hearing Friday. The administration has been able to sidestep one of the court cases as a judge on Thursday declined an emergency request to halt the Trump administration's use of a recently created government-wide email distribution system, alleged to present security concerns for protecting civil servants' private data. Judge Randy Moss told the challengers they would need to rework their lawsuit after the Office of Personnel Management said it had done the required privacy assessment that was the basis of the case. But the legal peril remains for other aspects of DOGE's wide-ranging data-mining mission. Proceedings in the Treasury and FBI cases will continue in the coming weeks. On Friday, a judge will weigh a request for a temporary restraining order in a lawsuit brought by several federal unions and others that would block DOGE associates from accessing sensitive data at the Department of Labor. In court filings, the challengers alleged that department employees were told they'd be terminated if they did not open up the systems to the government newcomers. At risk, their lawsuit says, is the security of data systems that 'contain the most private, sensitive employee and medical information on virtually every worker in America.' In a Thursday night evening declaration, a DOGE representative detailed to the department said that he and others like him would follow all legal rules governing the data and would comply with any directive from the agency's leaders.
CNN
07-02-2025
- Business
- CNN
Why privacy laws are the tip of the legal spear against Musk and Trump
What access Elon Musk has to closely-guarded government data – including sensitive information it has collected about and from the American public – is a key battlefront in the ongoing and quickly-moving legal war over how President Donald Trump has sought to drastically transform the federal bureaucracy. Multiple lawsuits accuse the administration of violating privacy law and other protections in allegedly allowing affiliates of the Musk-led Department of Government Efficiency to take control of highly restricted government IT systems. Judges have moved swiftly – sometimes scheduling hearings on just a few hours' notice – to try to understand what the DOGE affiliates are up to in reaching into the digital infrastructure through which the government carries some of its most fundamental operations. 'We don't have much facts, other than what's out in the media,' Judge Colleen Kollar-Kotelly told administration lawyers in a case concerning the government's system for transmitting trillions of dollars of payments each year. Already, lawsuits have been filed challenging the alleged actions taken by Musk associates to seize the keys of IT systems at the Office of Personal Management, the Treasury Department and the Department of Labor. More litigation may be coming, as DOGE affiliates have also set their sights on sensitive data at several other agencies, including the US Agency for International Development; the National Oceanic and Atmospheric Administration, and the Centers for Medicare and Medicaid Services, which administers the major federal health programs. Democratic attorneys general from a dozen states said Thursday that they also planned to add to the pile of lawsuits. It's not clear what kind of vetting Musk's allies – who have been installed at agencies across the federal bureaucracy, usually in a temporary status known as 'special government employees' – were subjected to before taking the helm of systems that are usually operated by a small group of career federal employees. The Trump administration has also not been forthcoming about what limits are being placed on the data's use, even though the systems are typically covered under federal privacy law. 'It's not just about these civil servants versus these agents of Elon Musk,' said Kathleen Clark, a Washington University Law professor specializing in legal and government ethics. 'It's also a matter of whether these agents of Elon Musk illegally accessed and downloaded information that is protected by statute.' Faced with the allegations of unlawful access, the Justice Department has said in court that proper protocols have been followed and security of such data has not been breached. The data-focused lawsuits are likely only one wave of legal scrutiny DOGE will face, as other newly filed cases accuse Musk and others of making sweeping changes to how the federal government operates without having the authority to do so. But privacy claims have been the tip of the spear in the legal effort to slow Musk's unprecedented and highly disruptive march through the federal bureaucracy. 'You can't just bring in everyone you want into the federal government, it's not like the private sector,' said Virginia Canter, the chief ethics counsel at Citizens for Responsibility and Ethics in Washington, or CREW. 'There are laws in place that protect people's access to information that's collected by the government.' The Treasury case has already yielded an agreement from the Trump administration limiting who would have access to the government payment system, which is operated by the Treasury Department's Bureau of the Fiscal Service, while the lawsuit moves forward. Justice Department lawyers have had to face questions in court about the state of play around the data systems and why DOGE wants access to them – but those attorneys have not aways had clear answers. 'I don't know if I can say nothing has been done' with records in the system, attorney Bradley Humphreys said at a Wednesday hearing in the Treasury case, while stressing that the department believed there had been no breaches to Americans' private information. While not directly aimed at DOGE, another lawsuit against the Trump administration produced similar hedging from the government's attorneys. Several FBI employees, along with the agency's union, have sued the Justice Department over its collection of information from bureau staff to identify who worked on the January 6 Capitol riot probes, including the investigation into Trump. The lawsuits argue that release of names or other information about employees who worked on the probes present grave risks to their safety. At a Thursday hearing, the employees' lawyers raised concerns that Musk or his allies could access DOJ computers containing the information. Pressed by the court, the administration's attorney couldn't say for sure who might have access to the data in the future and he resisted signing off on a proposed temporary agreement that would block anyone in the government from releasing the information publicly. 'There has not been an official disclosure outside the department,' DOJ attorney Jeremy Simon said, while also acknowledging that other government officials could have gotten access to the list through 'unofficial' means. Judge Jia Cobb issued an administrative order maintaining the status quo until another hearing Friday. The administration has been able to sidestep one of the court cases as a judge on Thursday declined an emergency request to halt the Trump administration's use of a recently created government-wide email distribution system, alleged to present security concerns for protecting civil servants' private data. Judge Randy Moss told the challengers they would need to rework their lawsuit after the Office of Personnel Management said it had done the required privacy assessment that was the basis of the case. But the legal peril remains for other aspects of DOGE's wide-ranging data-mining mission. Proceedings in the Treasury and FBI cases will continue in the coming weeks. On Friday, a judge will weigh a request for a temporary restraining order in a lawsuit brought by several federal unions and others that would block DOGE associates from accessing sensitive data at the Department of Labor. In court filings, the challengers alleged that department employees were told they'd be terminated if they did not open up the systems to the government newcomers. At risk, their lawsuit says, is the security of data systems that 'contain the most private, sensitive employee and medical information on virtually every worker in America.' In a Thursday night evening declaration, a DOGE representative detailed to the department said that he and others like him would follow all legal rules governing the data and would comply with any directive from the agency's leaders.
