U.S. President Joe Biden will sign an executive order on Wednesday aimed at blocking a handful of countries, including China, North Korea and Russia, from buying sensitive information about Americans through commercial data brokers in the United States.
Administration officials say the White House’s so-called “countries of concern” are collecting a variety of sensitive data, including personal identifiers, precise location information and biometrics, which are important tools for launching cyberattacks, espionage and extortion operations against the United States.
Biden administration officials disclosed the order to reporters in advance during a Zoom call on Tuesday and briefly answered questions on the condition that their names or titles not be disclosed.
They said the order would have no immediate impact. The U.S. Department of Justice will launch a rulemaking process aimed at developing a “data security plan” envisioned by the White House. This process provides an opportunity for experts, industry stakeholders and the public at large to have their say before the proposal is adopted by the government.
White House officials said the U.S. attorney general will consult with the heads of the State and Commerce departments to finalize the list of countries that will be targeted by the program. However, a tentative list provided to reporters during Tuesday’s call included China, Cuba, Iran, North Korea, Russia and Venezuela.
Officials said the categories of information covered by the plan would include health and financial data, precise geolocation information and “certain sensitive government-related data.” The order will contain multiple exemptions for certain financial transactions and activities “incidental to” normal business operations.
It’s unclear how effective such a plan would be. Notably, it does not extend to most countries where ostensibly trafficking in Americans’ private data remains legal.What’s more, it’s unclear whether the administration has the authority or funding (outside of an act of Congress) to restrict countries that, while diplomatically and militarily aligned with the United States, also spy on the United States—close U.S. ally Israel. Because, for example, the United States in 2019 accused the company of installing mobile phone spying equipment near the White House and becoming an international market for illegal spyware; or Saudi Arabia, in 2018, exploiting the market for covert surveillance Washington post Contributor, later kidnapped and murdered by Saudi commandos.
If China, Russia or North Korea took action to obtain U.S. data from a third party from one of the more than 170 countries not on the U.S. government’s list, there might be nothing to stop it. U.S. data brokers are only required to take steps to ensure overseas customers follow “certain security requirements” during transfers, many of which are already required by law.
A White House official said the restrictions imposed by the executive order are intended to prevent “indirect transfers of data.” But in practice, this means that data brokers only need to obtain “some type of undertaking” – an “understanding” – from overseas clients about the likelihood that data will be sold or transferred.