Breach, Compliance Management, Data Security, Privacy

Federal bill to curtail CBP PII reveals, Illinois tackles digital assistant eavesdropping

Share

A bipartisan group of Senators plan to introduce a bill that would stop U.S. Customs and Border Protection (CBP) from selling the PII of citizens who move out of the country.

The bill, sponsored by Senators Steve Daines, R-Mont., and Gary Peters, D-Mich., addresses a loophole that allows CBP to sell certain pieces of personal data to a third party when that person moves overseas, according to The Hill. As it now stands the CBP has access to information such as residential addresses, Social Security numbers and passport numbers that is included on the shipping manifests which it includes in data packages it makes available to third parties.

The bill, which modifies the Tariff Act of 1930, would require that this information be removed from the manifests as there have been cases where identity theft and credit card fraud when the PII got into the wrong hands.

The bill was originally introduced in 2017 but stalled.

On the state level the Illinois State Senate bill passed SB1719 or the Keep Internet Devices Safe Act which stops digital assistant device manufacturers like Amazon and Google the device’s microphone.

“Provides that no private entity may turn on or enable, cause to be turned on or enabled, or otherwise use a digital device's microphone to listen for or collect information, including spoken words or other audible or inaudible sounds, unless a user first agrees to a written policy meeting specified criteria.,” the bill states.

Additionally, there is a provision that demands any information gathered through a device’s microphone in Illinois must implement and maintain reasonable security measures to protect such information from unauthorized access, acquisition, destruction, use, modification, and disclosure.

However, Matt Stoller, a Fellow at the Open Markets Institute, noted that the bill had been altered prior to passing that removed several and no longer contains wording that would allow residents to legally go after manufacturers for breaking this law.

“Seems like the secret microphone bill was gutted. No private rights of action, no ability to hold a manufacturer liable (even if Google secretly puts a microphone in Nest products). What it seems to require is an additional few paragraphs on an unreadable click-through agreement,” he said on Twitter.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.