The latest attempt to re-up a controversial expiring surveillance law has failed to placate vocal critics on both the left and right of the political spectrum.

Two House votes failed last week to extend the spying powers under Section 702 of the Foreign Intelligence Surveillance Act (FISA) for 18 months without changes, leading to Congress instead passing a 10-day reauthorization. GOP leaders have been scrambling to find a bill they can pass since with the April 30 deadline approaching.

House Speaker Mike Johnson, R-La., introduced a bill Thursday to extend it for three years, with a section stating that government officials can’t use Section 702 to target Americans. Under Section 702, U.S. spies and law enforcement agencies can warrantlessly search electronic communications of foreign targets. But those targets are sometimes communicating with U.S. persons, and officials can search the communications database using their personal information.

But critics of the latest Johnson proposal say the language about targeting Americans is window dressing.

“On the whole, it is an empty-calories bill and nothing more that does not engage in reform,” Jake Laperruque, deputy director of the center’s security and surveillance project at the Center for Democracy and Technology, said in a call with reporters Friday.

Civil liberties groups have long called for a warrant requirement for U.S. person-based searches.

“It doesn’t require a warrant or any kind of court process for U.S. person searches,” said Kia Hamadanchy, senior policy counsel for the American Civil Liberties Union’s political advocacy division. “The main reform just restates existing law… . It’s also completely irrelevant to the issue at hand, because backdoor searches have never been the product of the government intentionally targeting U.S. persons under 702. The problem is that they are incidentally collecting U.S. person communications and searching the communications of Americans.”

Gene Schaerr, general counsel of the conservative Project for Privacy and Surveillance Accountability, called the proposal “smoke and mirrors.”

The legislation did win over at least one key lawmaker, however: Rep. Warren Davidson, who had earlier introduced an amendment to attach a ban on the government buying American’s information from third-party data brokers, and who was a chief co-sponsor of legislation requiring a warrant for U.S. person searches under Section 702.

“Collectively, this set of reforms provides robust privacy protections for American citizens. Congress should bank this win and reauthorize Section 702,” Davidson said on X. “Then, we should swiftly begin gutting the unmitigated surveillance state left growing unchecked during these 702 fights.”

But it doesn’t look like it has yet won over enough conservative House Freedom Caucus members, and few Democrats have been on board with Johnson’s plans.

Rep. Ted Lieu, D-Calif., indicated on X in harsh terms that he doesn’t trust FBI Director Kash Patel with current Section 702 powers.

The post Latest spy power reauthorization bill leaves critics unimpressed appeared first on CyberScoop.

House Republicans unveiled on Wednesday Congress’ latest effort to tackle comprehensive digital privacy legislation for Americans.

The Secure Data Act would allow consumers to opt out of data collection for individual businesses for the purposes of targeted advertising, selling to third parties or for use in automated decisionmaking.

It would also require companies to inform consumers when their personal data is being collected or used, provide them with a portable version of that data, and give consent rights to parents over the data collection of teenagers.

“This bill establishes clear, enforceable protections so that Americans remain in charge of their own data and companies are held accountable for its safe keeping,” said Brett Guthrie, R-Ky., Chair of the House Energy and Commerce Committee and Rep. John Joyce, R-Pa., who led a working charged with developing the draft legislation, in a statement.

The draft bill also imposes new requirements on businesses and other organizations to limit their collection of personal consumer data to what is “adequate, relevant and reasonably necessary” and only for purposes that are disclosed to consumers in advance. They must also adopt new safeguards for customers’ personal data and disclose any third parties they share it or sell it to, including adversarial foreign governments like Russia and China.

The Federal Trade Commission would be given greater oversight of data brokers that buy, collect, repackage and sell personal data to the highest bidder. The draft bill requires data brokers to register with the FTC, comply with data minimization, disclosure and data security mandates, and creates a new national data broker registry.

Cobun Zwiefel-Keegan, managing director at the International Association of Privacy Professionals, told CyberScoop that based on the released draft and conversations on the Hill, the bill most resembles privacy laws passed by Virginia or Kentucky (the home state of Guthrie) in recent years, with an emphasis on providing notice and opt-out rights to individual consumers and often tying business compliance to “reasonable” standards of evidence that they acted to protect consumer data.  

At the same time, Zwiefel-Keegan said it could potentially further empower the Federal Trade Commission and state Attorneys General to investigate and sanction bad actors.

The bill is the product of more than 16 months of internal discussion and consensus-building within the GOP majority. While drafting it, a working group led by Rep. John Joyce (R-Pa.) and other House Republicans solicited feedback from 170 organizations and received more than 250 responses from the public to a Request for Information released last year.

While they have worked to achieve consensus within their own caucus, House Republicans did not involve Democratic members in the working group or drafting process, something observers said could make it difficult to attract bipartisan support.

Zwiefel-Keegan said that while the Republican drafters of the bill “would challenge Democrats to explain why they can’t support the type of bill that has been passed in blue states.”

But he also noted that there are “plenty of ways that people will point to how it’s weaker than a lot of blue state privacy laws,” including federal preemption of more robust state privacy laws like those in California, the lack of a private right of action allowing individuals to sue companies directly and a mandatory 45-day “curing” period that allows companies in violation of the law to come into compliance and avoid formal sanctions.  

“I think the privacy working group and the leadership of the committee thinks there’s a pretty strong chance of passing it out of committee.” After that the bill’s chances are likely dependent on other factors, like getting some Democrats on board and working with “red state representatives who may not like their own laws being preempted.”

Shortly after the draft bill was released, Rep. Frank Pallone, D-N.J., ranking member on the House Energy and Commerce Committee, said he was opposed and accused House Republicans of having “lost the plot” on passing national privacy legislation.

“This Republican privacy bill protects corporations and their bottom line, not people’s privacy,” Pallone said in a statement. “We should be protecting the little guy with a bill that empowers consumers, not one that preempts consumer protections at the behest of Big Tech.”

Eric Null, director of the privacy and data project at the Center for Democracy and Technology, indicated that the Secure Data Act falls short, calling it full of “easily exploitable loopholes” that let companies “hide behind cookie banners and lengthy terms of service rather than establishing meaningful privacy protections.”

Null was also critical of the bill’s lack of substance around AI, saying that Large Language Models pose significant privacy challenges today that will only worsen over time.

“Any federal privacy law discussed in 2026 should be future-proofed by protecting against growing AI-related privacy harms, namely by limiting data collection for AI training and preventing use of the technology to discriminate against protected classes, but this bill does neither sufficiently,” he said.

The American Civil Liberties Union also came out against the bill, with senior staff attorney Cody Venzke saying the GOP-led bill “places the onus on regular people” to sift through complex privacy policies created by businesses to request opt out or deletion of their data.

“And it leaves us without real recourse – even blocking us from going to court – if our requests go unanswered,” said Venzke in a statement.

In their joint statement, Guthrie and Joyce said they “look forward to working with our colleagues to build support for this bill and advance data privacy protections fit for our 21st century economy.”

The post House Republicans roll out national privacy bill appeared first on CyberScoop.

PUBLIC DEFENDER By Brian Livingston Most of the “smart” devices in your home or office are constantly uploading personal information about you to data brokers who sell your profile to all comers — but there are ways to prevent this leakage of your life to people who clearly don’t have your best interests at heart. […]

Jordan Drysdale // The following content is loosely based on a presentation I gave at BSides Denver. After speaking at BSides Denver, one of the audience members spent some time […]

The post Review of the Data Brokers appeared first on Black Hills Information Security, Inc..