US border forces are seizing Americans’ phone data and storing it for 15 years

If a traveler’s phone, tablet or computer ever gets searched at an airport, American border authorities could add data from their device to a massive database that can be accessed by thousands of government officials. US Customs and Border Protection (CBP) leaders have admitted to lawmakers in a briefing that its officials are adding information to a database from as many as 10,000 devices every year, The Washington Post reports. 

Further, 2,700 CBP officers can access the database without a warrant and without having to record the purpose of their search. These details were revealed in a letter Senator Ron Wyden wrote to CBP Commissioner Chris Magnus, where the lawmaker also said that CBP keeps any information it takes from people’s devices for 15 years. 

In the letter, Wyden urged the commissioner to update CBP’s practices so that device searches at borders are focused on suspected criminals and security threats instead of allowing “indiscriminate rifling through Americans’ private records without suspicion of a crime.” Wyden said CBP takes sensitive information from people’s devices, including text messages, call logs, contact lists and even photos and other private information in some cases. 

While law enforcement agencies are typically required to secure a warrant if they want to access the contents of a phone or any other electronic device, border authorities are exempted from having to do the same. Wyden also pointed out that travelers searched at airports, seaports and border crossings aren’t informed of their rights before their devices are searched. And if they refuse to unlock their electronics, authorities could confiscate and keep them for five days.

As The Post notes, a CBP official previously went on record to say that the agency’s directive gives its officers the authority to scroll through any traveler’s device in a “basic search.” If they find any “reasonable suspicion” that a traveler is breaking the law or doing something that poses a threat to national security, they can run a more advanced search. That’s when they can plug in the traveler’s phone, tablet or PC to a device that copies their information, which is then stored in the Automated Targeting System database.

CBP director of office of field operations Aaron Bowker told the publication that the agency only copies people’s data when “absolutely necessary.” Bowker didn’t deny that the agency’s officers can access the database, though — he even said that the number was bigger than what CBP officials told Wyden. Five percent of CBP’s 60,000 personnel have access to the database, he said, which translates to 3,000 officers and not 2,700.

Wyden wrote in his letter:

“Innocent Americans should not be tricked into unlocking their phones and laptops. CBP should not dump data obtained through thousands of warrantless phone searches into a central database, retain the data for fifteen years, and allow thousands of DHS employees to search through Americans’ personal data whenever they want.”

Two years ago, the Senator also called for an investigation into the CBP’s use of commercially available location data to track people’s phones without a warrant. CBP had admitted back then that it spent $500,000 to access a commercial database containing “location data mined from applications on millions of Americans’ mobile phones.”

Uber says it’s investigating a ‘cybersecurity incident’

Uber was hacked, and it had to take its internal messaging service and engineering systems offline to investigate the incident, according to The New York Times. Sources who talked to the publication said employees were instructed not to go on Slack, where the bad actor had posted a message that read “I announce I am a hacker and Uber has suffered a data breach” (along with a bunch of emoji) before it was pulled offline. In a tweet confirming the breach, the company said that it’s currently responding to a cybersecurity incident and that it’s now in touch with law enforcement. 

The company didn’t say what exactly the hacker was able to access and if user data was compromised. The Times says the hacker’s Slack message also listed databases they claim they were able to infiltrate, though. And based on screenshots seen by The Washington Post, the bad actor boasted about being able to gather internal code and messaging data. An Uber spokesperson explained that the bad actor was able to post on the company Slack after compromising a worker’s account. They then gained access to Uber’s other internal systems and posted an explicit photo on an internal page.

Bug bounty hunter and security researcher Sam Curry tweeted information reportedly from an Uber employee that could be about that explicit photo:

Uber admitting the incident and getting in touch with authorities shortly after it happened is a massive departure from how it handled the data breach it suffered back in 2016. The company hid that attack for a year and instead of reporting the incident, it paid the hackers $100,000 to delete the information they stole. Former Uber security chief Joseph Sullivan was fired and eventually charged with obstruction of justice for the role he played in the coverup, though his lawyers argued that he was used as a scapegoat. Uber settled with the Justice Department for failing to disclose the breach in July this year.

FTC wants to protect gig workers from ‘unfair or deceptive’ algorithms

The Federal Trade Commission is making its own bid to protect gig workers against exploitation. The regulator has adopted a policy statement detailing how it will tackle gig workers’ problems. The FTC plans to step in when there are misrepresentations about pay, costs, benefits and work terms. Officials also expect to intervene with “unfair or deceptive” algorithms, harsh contracts and anti-competitive behavior such as wage fixing and monopoly-creating mergers.

The Commission said the classification of workers wouldn’t affect enforcement, so companies can’t avoid repercussions by classifying people as contractors instead of employees. Violators may have to pay fines and change their practices, and the FTC could partner with other government bodies (such as the Justice Department and National Labor Relations Board) to address issues.

There are gaps. It could be difficult for the FTC to prove algorithm-driven abuse, for instance, and it’s not clear which non-contractual “restraints” might hurt workers’ freedom of movement. However, this could still serve as a warning to gig companies that might hide steep operating costs, fight unionization efforts or collude with rivals to keep wages low.

The FTC isn’t alone in hoping to improve the lot of gig workers. A bipartisan measure in Congress, introduced to the House and Senate this February, is meant to provide portable benefits to gig workers. Last year, the Labor Department revoked a rule that made it harder to protect those workers’ labor rights. States and cities have also filed lawsuits and otherwise taken efforts to bolster working conditions. However, the FTC’s policy provides an extra, nationwide safeguard that might further discourage attempts to exploit the gig economy.

Amazon greenlights ‘Blade Runner 2099’ sequel series

The long-teased Blade Runner sequel series is real. Variety has confirmed Amazon has ordered production of Blade Runner 2099 for Prime Video. Original movie director Ridley Scott will serve as an executive producer alongside Silka Luisa (Halo and Shining Girls), who will also be the showrunner. The premise of 2099 isn’t yet clear beyond its setting 50 years after Blade Runner 2049, but Amazon’s global TV head Vernon Sanders claimed the follow-up would preserve the “intellect, themes, and spirit” of the movies.

The cast hasn’t been set at this stage, although it’s doubtful you’ll see familiar names given events in past movies and the timeline of the show. Amazon also hasn’t said when it expects to release the series.

The project could still be one of Amazon’s more ambitious shows to date. The company has been ramping up the production values of Prime Video productions in recent years, and that appears to have paid off — the first season of The Lord of the Rings: The Rings of Power reportedly cost $465 million to make, and set a Prime viewing record upon its debut. It wouldn’t be surprising if Amazon committed to a major investment (if not necessarily as large) for a recognizable franchise like Blade Runner, particularly with Scott involved.