Surveillance cameras mounted on a building wall against a gray sky

Today's Headlines:

  • Pentagon vs. Anthropic escalates. DOD officially labeled Anthropic an "unacceptable risk to national security" in court filings. Google, Microsoft, OpenAI, and a dozen other tech giants filed amicus briefs defending the AI company.
  • France medical breach exposed 15.8 million. Hackers grabbed patient records through Cegedim Santé, including doctors' notes with HIV status, sexual orientation, and details on politicians and security officials.
  • Fargo jailed a woman for 5 months on bad facial recognition. Angela Lipps sat in jail after an AI system flagged her as a suspect. Charges dropped in December. MPR News broke the story this week.
  • DOGE whistleblower probe continues. SSA Inspector General still investigating claims that a former DOGE engineer copied 500 million Americans' records to a thumb drive.
  • Section 702 FISA: 32 days to sunset.

Pentagon Declares Anthropic a "National Security Risk"

The Department of Defense escalated its fight with Anthropic on March 18, filing court documents calling the AI company an "unacceptable risk to national security" [1].

This is the Pentagon's first formal response to Anthropic's lawsuit challenging Defense Secretary Pete Hegseth's decision to designate the company a supply-chain risk. The core dispute: Anthropic refuses to let the military use Claude for mass surveillance of Americans or autonomous weapons that can fire without human oversight.

"If any one company doesn't want to accommodate that, that's a problem for us," said the Pentagon's chief digital officer. The DOD wants "unrestricted access" to AI systems for "all lawful use cases."

The industry response tells you everything. Google, OpenAI, Meta, Microsoft, Nvidia, Cloudflare, Adobe, Accenture, and Deloitte filed amicus briefs defending Anthropic [2]. Tech companies watching this case know they could be next. If the government can blacklist a $200 million contractor for having ethical guardrails, any company with safety policies becomes a target.

The Pentagon is already building alternatives. "The Department is actively pursuing multiple LLMs into the appropriate government-owned environments," officials said in filings [3]. We covered the original move to ban Anthropic over its ethics guardrails.

Related: Anthropic Pentagon Lawsuit: Full Analysis

France Medical Breach: 15.8 Million Patient Records Stolen

Hackers stole 15.8 million medical files from Cegedim Santé, a software provider for France's health ministry, exposing some of the most sensitive information imaginable [4].

The attack targeted doctors using Cegedim's MonLogicielMedical platform: 1,500 of the 3,800 practitioners on the system. Basic PII like names, addresses, and phone numbers. But that's not the scary part.

The scary part: About 165,000 files contained doctors' notes. HIV/AIDS diagnoses. Sexual orientations. Mental health conditions. The database reportedly includes records on politicians, potential presidential candidates, senior civil servants, and national security officials [5].

Cegedim detected abnormal activity on doctors' accounts in late 2025 and filed a criminal complaint in October. But here's the twist: in September 2024, French regulators fined Cegedim 800,000 euros for processing health data without authorization [6]. They were already on notice. They kept the data anyway.

This is what happens when health systems centralize sensitive information without adequate protection. The breach vector? Attackers compromised doctor accounts, not Cegedim's infrastructure directly. Individual credentials led to 15.8 million exposed records.

Related: France Healthcare Breach: Full Coverage

FISA 702: 32 Days Until Sunset

Section 702 expires April 20. The SAFE Act reform bill is on the table. And Congress still can't agree on whether Americans deserve warrant protection for their own communications.

Here's the situation: Section 702 lets the NSA collect communications of foreign targets abroad, but sweeps up massive amounts of American conversations in the process. Agencies can then search that database for U.S. person information without a warrant [7].

The 2024 reauthorization passed by one vote: literally a 212-212 tie on the warrant amendment. Senate Intel Chair Tom Cotton wants a "clean" extension with no reforms. Privacy advocates say this is the best chance in years to require warrants for searches involving Americans.

What happens if it sunsets? Former intelligence officials warn of a "self-inflicted national security calamity." Critics say that's fear-mongering: the program's abuses are documented, and alternatives exist.

EFF published an analysis calling the SAFE Act "an imperfect vehicle" but one worth supporting [8]. The short version: it would require warrants for U.S. person queries, close the "about" collection loophole, and add meaningful oversight. Not perfect, but better than what we have.

Related: FISA 702 Countdown: What's at Stake | The SAFE Act Explained

Fargo Jailed a Woman for 5 Months Because Facial Recognition Got It Wrong

Angela Lipps spent more than five months in jail after Fargo Police's facial recognition system flagged her as a suspect. Charges were dropped in December [9].

MPR News broke the story this week. The details are infuriating: AI identified a face. Police arrested the person. That person sat in jail for 150+ days. Then prosecutors quietly dropped the charges when the evidence fell apart.

This isn't a hypothetical "what if AI gets it wrong" scenario. This is a documented case of a real person losing half a year of her life because a computer said her face matched a suspect's.

Fargo joins a growing list of facial recognition failures: Robert Williams in Detroit (wrongful arrest, 2020). Nijeer Parks in New Jersey (wrongful arrest, 2019). Porcha Woodruff in Detroit (wrongful arrest while pregnant, 2023). The technology keeps failing. Departments keep using it.

The pattern: Facial recognition flags a match. Overworked or undertrained officers treat it as confirmation rather than a lead. The accused can't afford bail. Months pass before anyone bothers to verify the AI was wrong.

Related: Full Coverage: Fargo Wrongful Arrest

DOGE Whistleblower: Investigation Continues

The Social Security Administration's Inspector General is still investigating claims that a former DOGE software engineer copied databases containing 500+ million Americans' records [10].

Quick recap: A whistleblower alleged that an engineer who worked at SSA last year copied the "Numident" and "Master Death File" databases (Social Security numbers, birth dates, citizenship status, race, ethnicity, parents' names) onto a thumb drive. That engineer allegedly took the data to his next job at a government contractor in October 2025.

Senator Ron Wyden called it "one of the largest known data breaches in American history, perpetrated by Trump appointees for the explicit purpose of weaponizing Americans' sensitive personal data for political gain" [11].

This follows earlier allegations from whistleblower Chuck Borges that DOGE staffers violated internal SSA policies and federal laws when copying a dataset of 300+ million Americans' information without following security protocols. We traced how those 300 million records ended up on an unsecured server.

The investigation is ongoing. No charges have been filed. But the scope of potential exposure, half a billion Americans' most sensitive records, makes this one of the most serious data incidents in government history.

Related: DOGE Whistleblower Allegations: Full Coverage

Quick Hits

  • Samsung stops spying on Texas. Texas AG Ken Paxton secured an agreement forcing Samsung to get proper consent before collecting ACR data from smart TVs. Sony, LG, Hisense, and TCL are still fighting similar lawsuits [12]. Our Coverage
  • Kentucky adds ACR as sensitive data. HB 692 passed the House unanimously, amending Kentucky's privacy law to classify "automatic content recognition" as sensitive data requiring extra protections [13].
  • Hawaii passes anti-eavesdropping bill. SB 1163 prohibits selling geolocation or browser data without consent, and bans selling data collected through background apps using device microphones [14].
  • Iran still using Russian facial recognition. Forbidden Stories' investigation into Iran's use of NtechLab's FindFace system continues to generate coverage. An estimated 30,000+ killed in January crackdowns where the technology was reportedly deployed [15].
  • Army Special Forces renews Clearview AI. New contract runs March 2026 to March 2027, with options through 2030. Access to 50 billion images for identifying "high-value targets" [16]. Our Coverage. See also CBP's own Clearview deal for tactical targeting.

What to Watch

This week:

  • March 23-26: RSA Conference 2026 in San Francisco. CISA, FBI, and NSA boycotting over Jen Easterly's appointment as CEO. Preview

Coming up:

  • March 30-31: IAPP Global Privacy Summit in Washington DC. AI governance and US privacy laws on the agenda.
  • March 31: Conduent breach credit monitoring enrollment deadline.
  • April 1: California "Delete My Data" requests open.
  • April 20: FISA Section 702 sunset. 32 days.
  • April 30: Conduent breach credit monitoring deadline.

References

  1. TechCrunch - DOD Says Anthropic's Red Lines Unacceptable Risk
  2. Axios - Tech Industry Rallies Behind Anthropic
  3. TechCrunch - Pentagon Developing Anthropic Alternatives
  4. The Register - 15.8M French Medical Records Stolen
  5. La Revue Tech - French Health-Tech Breach Details
  6. CPO Magazine - French Healthcare System Breach
  7. Brookings - FISA Section 702 Expiration
  8. EPIC - FISA Section 702 Reform Campaign
  9. MPR News - Fargo Police Facial Recognition Failure
  10. NPR - DOGE Social Security Data Investigation
  11. Senate Finance Committee - Wyden Statement on SSA Breach
  12. Malwarebytes - Samsung ACR Texas Settlement
  13. Troutman - State Privacy Law Update March 2026
  14. Troutman - Hawaii SB 1163
  15. Biometric Update - Iran NtechLab
  16. Biometric Update - Army Clearview Contract

Last updated: March 19, 2026