US government says companies are no longer allowed to send bulk data to these nations

Date:
Thu, 02 Jan 2025 15:03:00 +0000

Description:
The US DoJ has issued a final rule to prevent the mass transfer of US citizen data to hostile nations.

FULL STORY

The US Department of Justice has issued a final rule on Executive Order
14117, which President Joe Biden signed in February 2024, preventing the movement of US citizens data to a number of countries of concern.

The list of countries consists of China (including Hong Kong and Macau),
Cuba, Iran, North Korea, Russia, and Venezuela, all of which the DoJ says
have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or the security and safety of U.S. persons.

It added these nations could, access and exploit Americans bulk sensitive personal data and certain U.S. Government-related data.

No US data for hostile nations

The final rule will come into effect in 90 days, with Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security
Division stating, This powerful new national-security program is designed to ensure that Americans' personal data is no longer permitted to be sold to hostile foreign powers, whether through outright purchase or other means of commercial access.

The Executive Order is aimed at preventing countries generally hostile to the US from using the data of US citizens in cyber espionage and influence campaigns, as well as building profiles of US citizens to be used in social engineering, phishing, blackmail, and identity theft campaigns.

The final rule sets out the threshold for transactions of data that carry an unacceptable level of risk, alongside the different classes of transactions that are prohibited, restricted or exempt. Companies that violate the order will face civil and criminal penalties. The types of prohibited data are:

Certain covered personal identifiers (e.g., names linked to device
identifiers, social security numbers, drivers license, or other government identification numbers)

Precise geolocation data (e.g., GPS coordinates)

Biometric identifiers (e.g., facial images, voice prints and patterns, and retina scans)

Human genomic data and three other types of human omic data
(epigenomic, proteomic, or transcriptomic)

Personal health data (e.g., height, weight, vital signs, symptoms, test results, diagnosis, digital dental records, and psychological diagnostics)

Personal financial data (e.g., information related to an individuals credit, debit cards, bank accounts, and financial liabilities, including payment history)

The DoJ also outlined the final rule does not apply to medical, health, or science research or the development and marketing of new drugs and also does not broadly prohibit U.S. persons from engaging in commercial transactions, including exchanging financial and other data as part of the sale of
commercial goods and services with countries of concern or covered persons,
or impose measures aimed at a broader decoupling of the substantial consumer, economic, scientific, and trade relationships that the United States has with other countries.

Via The Hacker News

======================================================================
Link to news story: https://www.techradar.com/pro/security/us-government-says-companies-are-no-lon ger-allowed-to-send-bulk-data-to-these-nations

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (618:250/1)

Hello Mike Powell!

** On Friday 03.01.25 - 11:03, Mike Powell wrote to All:

US government says companies are no longer allowed to send bulk data to these nations

Date:
Thu, 02 Jan 2025 15:03:00 +0000

Description:
The US DoJ has issued a final rule to prevent the mass transfer of US citizen data to hostile nations.

[...]

Dunno how thy expect to police this unless the data is sent in
the clear.

--
../|ug

--- OpenXP 5.0.58
* Origin: (} Pointy McPointface (618:250/1.9)

Re: US government says compan
By: August Abolins to Mike Powell on Sat Jan 04 2025 08:28 am

Dunno how thy expect to police this unless the data is sent in
the clear.

These sort of rules exist in order to dogpile charges.

Say there is some guy you dislike who sells unlicensed icecreams. You open an investigation and start digging up dirt. It turns out his icecream refrigerator was built using old (outdated) regulations and in addition he has an account with a dropbox-like provider from a banned country, where he uploads his billing and accounting docs. Suddenly you have soooo much more material to jail this guy, for soooo much longer than just selling icecreams without a local license.


--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.23-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

Mike Powell wrote to All <=-

US government says companies are no longer allowed to send bulk data to these nations

But it's okay for our governmant to spy on us illegally.

-- Sean


... "Man is not free unless government is limited." - Ronald Reagan
--- MultiMail/Linux
* Origin: Outpost BBS * Johnson City, TN (618:618/1)

Description:
The US DoJ has issued a final rule to prevent the mass transfer of US citizen data to hostile nations.

Dunno how thy expect to police this unless the data is sent in
the clear.

I don't know that they will be able to actively. It would be a regulation
that would guide law-abiding companies not to do business with data
companies in hostile nations. In the event of a breach caused by
disobeying the law, that company would be open to addition charges.

To be honest, I am surprised (and also concerned) that this had to be said
to begin with. Most government agencies (state and federal) were already barred from sending PII data overseas. At least, KY was. I don't know why
any other company, in their right mind, would be doing so beyond saving a buck... which would quickly be lost when it comes time to clean up any
trouble that might be caused by doing so.

Mike


* SLMR 2.1a * Tonight's forecast: Dark, scattered light toward dawn.
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (618:250/1)

Hello Arelor!

These sort of rules exist in order to dogpile charges.

Say there is some guy you dislike who sells unlicensed
icecreams. You open an investigation and start digging up
dirt. It turns out his icecream refrigerator was built
using old (outdated) regulations and in addition he has an
account with a dropbox-like provider from a banned country,
where he uploads his billing and accounting docs. Suddenly
you have soooo much more material to jail this guy, for
soooo much longer than just selling icecreams without a
local license.

BUT.. the summary of the DOJ rule seems to *allow* business
with those countries:

"It also doesn't broadly prohibit US citizens from "engaging in
commercial transactions, including exchanging financial and
other data as part of the sale of commercial goods and services
with countries of concern or covered persons, or impose
measures aimed at a broader decoupling of the substantial
consumer, economic, scientific, and trade relationships that
the United States has with other countries."

So.. that sounds like "business" wrt goods is OK.

It seems that the issue is primarily about the reselling of personal/private/identification data only:

"Once the rule is implemented, Americans' personal data will no
longer be "permitted to be sold to hostile foreign powers,
whether through outright purchase or other means of commercial
access," Olsen added."

And then there is the "exception". :| Probably to exclude
the "scientific" goings on in places like Wuhan:

"There are a few exemptions. It doesn't prohibit Americans
"from conducting medical, scientific, or other research in
countries of concern, or from partnering or collaborating with
covered persons to share data to conduct researching, if that
activity does not involve the exchange of payment or other
consideration as part of a covered data transaction."

My quoted paragraphs come from:

https://www.pcmag.com/news/new-doj-rule-blocks-transfer-of- citizens-data-to-countries-of-concern

--
../|ug

--- OpenXP 5.0.58
* Origin: (} Pointy McPointface (618:250/1.9)