Today's Headlines:
- Bipartisan surveillance reform bill dropped. The Government Surveillance Reform Act from Lofgren, Davidson, Wyden, and Lee would require warrants for Section 702 searches involving Americans and ban data broker purchases.
- FBI surveillance system hacked. China-linked attackers breached the FBI's wiretap and FISA warrant management system. Investigation ongoing.
- DHS building $1 billion surveillance machine. New documents reveal plans for massive Palantir contract, AI-powered mobile surveillance trucks, and hundreds of millions in tracking tech.
- Kaplan breach exposed 173,000 SSNs. Test prep giant waited months to notify students. Class action investigation underway.
- Section 702 FISA: 31 days to sunset.
Congress Drops Most Comprehensive Surveillance Reform in 50 Years
A bipartisan group of lawmakers introduced the Government Surveillance Reform Act this week, the most ambitious attempt to overhaul America's surveillance laws since the Church Committee reforms of the 1970s [1].
The sponsors: Rep. Zoe Lofgren (D-CA), Rep. Warren Davidson (R-OH), Sen. Ron Wyden (D-OR), and Sen. Mike Lee (R-UT). Four lawmakers who agree on almost nothing except this: the government shouldn't be able to spy on Americans without a warrant.
What the bill does:
- Requires warrants for Section 702 queries involving Americans, with narrow exceptions for emergencies
- Bans the federal government from buying Americans' data from data brokers without a warrant
- Closes the "about" collection loophole that lets NSA grab communications that merely mention a target
- Reauthorizes Section 702 with actual oversight mechanisms
"The Fourth Amendment was written for a reason," said Rep. Davidson. "It applies to all Americans, regardless of which administration is in power" [2].
The timing is intentional. Section 702 sunsets April 20, 31 days from now. Senate Intel Chair Tom Cotton wants a "clean" extension with zero reforms. The administration has stayed silent on specifics. This bill is the privacy caucus throwing down a marker.
The EFF called the SAFE Act (an earlier reform vehicle) "an imperfect vehicle for real Section 702 reform" [3]. This new bill goes further. Whether it has votes is another question.
Related: Full Analysis: Government Surveillance Reform Act | The SAFE Act Explained
Suspected Chinese Hackers Breached FBI's Surveillance System
The FBI is investigating what appears to be a China-linked hack of an internal system that manages wiretaps and foreign intelligence surveillance warrants [4].
The breach hit the Digital Collection System Network, the platform FBI uses to manage FISA warrants and pen register/trap and trace surveillance during investigations. Agents discovered "suspicious activities" in mid-February. CISA and NSA are now involved.
What was at risk: The system contains law enforcement sensitive information including surveillance returns and personally identifiable information on FBI investigation targets. Officials say it's unclassified, but that's cold comfort when we're talking about active wiretap data.
The attackers used "sophisticated techniques" to exploit FBI network security controls, using infrastructure from a commercial internet service provider [5]. The scope isn't clear yet. Investigators are still assessing.
The irony isn't lost on anyone: while Congress debates whether surveillance authorities are adequate, adversaries are allegedly inside the surveillance apparatus itself.
DHS Planning $1 Billion Palantir Deal, Mobile AI Surveillance Trucks
Internal documents obtained by FedScoop reveal DHS is preparing to spend hundreds of millions (possibly billions) on surveillance tech in 2026 [6].
The shopping list:
- $1 billion blanket purchase agreement with Palantir
- AI-powered "Modular Mobile Surveillance System" trucks that can reach remote areas and operate autonomously
- 148 AI upgrades for existing border camera towers, plus 50 new "next-generation" towers
- Contracts with Cellebrite, Paragon Solutions, and other surveillance vendors
- $10-20 million AI-enhanced surveillance data platform
The budget boost comes from the 2025 "One Big Beautiful Bill" that pumped $191 billion into DHS. Much of that appears headed to companies like Palantir, which already helps ICE analyze datasets on millions of people.
The Office of Industry Partnership is pursuing an AI tool that uses 911 call data to build "geospatial heat maps" predicting incident trends. Translation: algorithmic pre-crime targeting based on emergency call patterns.
SC Media reports governance is lagging the spending: "oversight of the department" is struggling to keep pace [7].
Related: DOGE Is Building a Master Database of Every American With Palantir | ICE Gets $28.7 Billion Surveillance Budget
FISA 702: 31 Days Until Sunset
The countdown continues. Section 702 expires April 20. Two competing visions: a clean extension that preserves warrantless searches, or reform that finally requires warrants for American queries.
Jim Jordan, once a champion of the warrant requirement, flipped this week [8]. He'll back the administration's clean extension. The privacy coalition lost a key vote.
The classified briefing tension from February hasn't resolved: intelligence officials still won't publicly state whether the Trump administration wants reforms or a simple renewal. The strategy appears to be: say nothing specific, let Cotton push for clean extension, and blame Congress if it fails.
EFF's position: "The SAFE Act is an imperfect vehicle for real Section 702 reform," but better than nothing [3]. The Government Surveillance Reform Act introduced this week goes further. Neither has passed committee.
Related: Cotton's 18-Month Extension Push
Data Breach Roundup
Kaplan North America: 173,000 Students' SSNs Stolen
Hackers accessed Kaplan's servers between October 30 and November 18, 2025, and Kaplan just told people on March 17, 2026 [9].
The breach hit 173,676 Texas residents. Names, Social Security numbers, and driver's license numbers. A class action investigation is already underway. Attorneys are questioning whether the multi-month delay violated state and federal notification laws.
Kaplan provides test prep services for standardized exams. The data they held (and lost) could enable identity theft affecting students for years.
Intuitive Surgical: Medical Robotics Giant Phished
Intuitive, maker of the da Vinci surgical robot, disclosed a phishing attack that compromised employee credentials and led to unauthorized access to internal systems [10].
Exposed data: healthcare provider names, specialties, contact information, procedure types and lengths, training records, and engagement histories. The surgical systems themselves weren't affected, but if you're a surgeon or hospital admin who used Intuitive's platform, attackers now have your professional profile.
This is the second major medtech breach in a week, following Stryker's disclosure.
DOGE/SSA Investigation Update
The SSA Inspector General continues investigating claims that a former DOGE engineer copied databases containing 500+ million Americans' records to a thumb drive [11]. No charges filed. Senator Wyden called it "one of the largest known data breaches in American history." The whistleblower allegations remain unverified but the investigation is active. Our Coverage
Quick Hits
- ICE's mobile facial recognition expands. Agents are using Mobile Fortify, an NEC app that runs faces through 200+ million images from DHS, FBI, and State Department databases in real time [12]. Senators Markey, Jayapal, and others introduced the "ICE Out of Our Faces Act" to ban the practice. Our Coverage
- Clearview AI contract active today. The Army's new Clearview AI deal went live March 20: $75,000 for access to 50 billion images through March 2027, with options through 2030 [13]. Our Coverage
- Kentucky adds ACR to sensitive data. HB 692 passed unanimously, classifying automatic content recognition as sensitive data under state privacy law [14].
- Hawaii bans selling eavesdropped data. SB 1163 prohibits selling geolocation, browser data, and anything collected through background apps using device microphones [14].
What to Watch
This week:
- March 23-26: RSA Conference 2026 in San Francisco. Federal agencies boycotting. Preview
Coming up:
- March 30-31: IAPP Global Privacy Summit, Washington DC
- April 1: California "Delete My Data" requests open
- April 6: Meta deadline to respond to senators on Ray-Ban surveillance
- April 20: FISA Section 702 sunset. 31 days.
References
- Sen. Mike Lee - Government Surveillance Reform Act Introduction
- Rep. Warren Davidson - FISA Reform Bill Press Release
- EFF - The SAFE Act is an Imperfect Vehicle for Real Section 702 Reform
- Federal News Network - FBI Investigating Cyber Activity on Surveillance System
- TechCrunch - FBI Investigating Wiretap System Hack
- FedScoop - DHS Surveillance Apparatus to Surge
- SC Media - DHS Surveillance Spending Outpaces Oversight
- The Hill - Jim Jordan Reverses on FISA 702
- PR Newswire - Kaplan Data Breach Investigation
- SecurityWeek - Intuitive Surgical Cyberattack Disclosure
- NPR - DOGE Social Security Data Investigation
- NBC News - How ICE Agents Are Using Facial Recognition
- Biometric Update - Army Renews Clearview AI Contract
- Troutman - State Privacy Law Update March 2026
Last updated: March 20, 2026