Law enforcement authorities in the United States have for years circumvented the US Constitution’s Fourth Amendment by purchasing data on US residents that would otherwise need to be obtained by a warrant. Today, Immigration and Customs Enforcement apparently thinks it can ignore long-standing constitutional protection by warrantlessly breaking down doors to arrest people, according to a recent whistleblower complaint—despite recent federal rulings that doing so violates the Fourth Amendment.
Such is the news coming out of Minneapolis this week, where protesters and the federal government continued their standoff—even as ICE plans to build out a deportation network spanning Minnesota and four other states. And despite the Department of Homeland Security’s claims that merely naming an ICE agent publicly is akin to “doxing,” a WIRED review of LinkedIn found that agents are frequently doxing themselves. Of course, having access to someone’s personal information can have consequences: A report this week found that people are less likely to seek medical care due to ad-tech surveillance and ICE enforcement activities.
Immigration authorities aren’t just raiding people’s homes without a judge-signed warrant—they’re also looking for drugs. Customs and Border Protection this week put out feelers for a “quantum sensor” that’s capable of detecting fentanyl that ties into an “AI database.”
In non-immigration news, a researcher recently discovered an unsecured database containing 149 million login credentials. The usernames and passwords appear linked to accounts for everything from Gmail, Facebook, and Apple to government systems around the world. The researcher who found the database, Jeremiah Fowler, believes the stolen logins were collected by infostealing malware. The database, which was accessible to anyone on the internet, has since been taken offline.
TikTok, meanwhile, has begun collecting even more data on its users—including precise location data—after the social video app was sold to US investors.
But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
The Trump administration this week admitted in court documents that operatives with the so-called Department of Government Efficiency (DOGE) may have shared data from the Social Security Administration (SSA) with an outside group that seeks to “overturn election results in certain states,” according to a January 16 Department of Justice court filing. However, it is not clear to the DOJ whether the unnamed “DOGE Team members” actually shared the data with the group, which was unidentified in the court records.
The filing, which seeks to “correct” previous testimony, also says DOGE operatives “were using links to share data through the third-party server ‘Cloudflare,’” which is “not approved for storing SSA data and when used in this manner is outside SSA’s security protocols.” The filing further says that Steve Davis, a high-ranking adviser to Elon Musk, was copied on a March 3, 2025, email that included an attached password-protected file containing the names and addresses of around 1,000 people, which was taken from SSA systems of record. The SSA was not able to determine, however, whether Davis accessed the file, which remained inaccessible to current SSA workers as of the date of the court filing.
The Federal Aviation Administration has taken the unusual step of including “Department of Homeland Security facilities in mobile assets” in a “no-fly zone” announcement, 404 Media reports. The notice restricts “unmanned aircraft,” which would include commercial drones used to capture aerial footage, from being used within 3,000 feet horizontally and up to 1,000 feet of altitude above DHS assets. According to 404 Media, people caught violating the restrictions could face criminal charges, civil penalties, or even lose their authority to fly drones in the future.
If you’re breaking out your thermals in preparation for this weekend’s giant winter storm, you might want to check to see if you bought it from Under Armour. TechCrunch reports that the clothing and fitness app company is investigating a potential data breach after a hacker posted millions of customer records online. The data breach notification site Have I Been Pwned informed 72 million individuals by email about the leak and says that the dataset included names, email address, genders, dates of birth, approximate location, and information related to purchases. An Under Armour spokesperson told TechCrunch that the company was aware of claims about the breach, had engaged “external cybersecurity experts” for help, and did not have evidence that the issue affected systems to process payments or store customer passwords.
When you encrypt your laptop’s hard drive, you likely expect that means only you, the computer’s owner, will be able to decrypt it at will and access your data. If you follow Microsoft’s recommendation of storing your decryption key in the cloud for easier recovery of your data if you lose the key or forget your password to unlock it, then you you’ll need to update your security expectations: Microsoft has confirmed that it often hands out those decryption keys to law enforcement at an agency’s request, giving them full access to the machine’s secrets. Forbes found an instance when Microsoft complied with an FBI request for decryption keys for a computer in Guam that was part of a fraud investigation. Microsoft went on to confirm to Forbes that it receives about 20 requests for Bitlocker keys a year from law enforcement and often complies. The company added that it can’t comply, however, when the key is stored only locally by the user—an instructive note for cypherpunks everywhere.
The Iranian government has shut off the country’s internet for weeks amid protests that have swept the country. But anti-regime voices this week found another way to reach the country’s populace: an apparent hacking operation hijacked the country’s state TV satellite to air a message in support of protesters, thousands of whom have died amid the recent uprising. The clip, which featured the son of the former ruler of Iran, Reza Pahlavi, called on military and security forces to join protesters and fight the regime. “Don’t point your weapons at the people,” one graphic in the broadcast read. “Join the nation for the freedom of Iran.” According to some reports, the unauthorized message lasted as long as 10 minutes before the state TV channel resumed its normal programming.
