Key developments
ICE confirms spyware access to encrypted chats
On April 9, Thegrio reported that ICE acting director Todd Lyons confirmed ICE and Homeland Security Investigations use spyware that can intercept encrypted messages on platforms such as WhatsApp. Lyons said the Graphite tool from Paragon Solutions is used against foreign terrorist organizations and transnational criminal groups, under a federal contract that began in 2024, was paused under a Biden administration restriction on commercial spyware, and later resumed. Privacy advocates warned that domestic use could sweep in immigrants, Black and brown communities, journalists, organizers, and critics.
Why it matters
It confirms federal use of commercial spyware against encrypted communications and raises immediate civil liberties concerns.
Sources & driving stories
THEGRIO · Gerren Keith Gaynor
Thegrio coverageGoogle brings Gmail end-to-end encryption to mobile
On April 10, BleepingComputer reported that Google Workspace is rolling out client-side encryption-based end-to-end encryption for eligible enterprise Gmail users on Android and iOS. Encrypted messages can be composed and read natively in the Gmail app, while recipients without Gmail can still open them in a browser. The feature requires Enterprise Plus licensing with Assured Controls or Assured Controls Plus and is aimed at compliance use cases such as HIPAA and data sovereignty.
Why it matters
It makes encrypted email easier to use on mobile devices for enterprise customers handling sensitive information.
Sources & driving stories
BLEEPINGCOMPUTER · Sergiu Gatlan
BleepingComputer coverageLAPD discovery files exposed in city hack
FOX 11 Los Angeles and Security Magazine reported that a March 20 breach of a third-party storage tool used by the Los Angeles City Attorney's Office exposed 337,000 files, or about 7.7 terabytes of data. The exposed material reportedly included unredacted LAPD personnel records, Internal Affairs files, civil discovery, witness names, criminal complaints, and sensitive health information. Officials said the incident was contained to the third-party application, while forensic teams and outside counsel reviewed access and notification scope.
Why it matters
It exposes highly sensitive police and legal records at unusually large scale, creating significant privacy and security fallout.
Sources & driving stories
SECURITY MAGAZINE
Security Magazine coverageFOX 11 LOS ANGELES
FOX 11 Los Angeles coverageWorth noting
WORTH NOTING
Air New Zealand expands biometric ID
The airline is moving a passport-and-biometric workflow from an Auckland-Hong Kong trial to trans-Tasman routes, broadening collection of facial and fingerprint data in travel.
WORTH NOTING
Eurail breach exposes passport numbers
New breach notices say names and passport numbers were taken, and stolen data was later advertised on the dark web, making it a large travel-sector privacy incident.
WORTH NOTING
Coast Guard mandates Direct Access MFA
The new requirement extends authentication protections to retirees, annuitants, beneficiaries, and other non-CAC users who access pay and benefits records.
Still unclear
OPEN QUESTION
What guardrails will limit ICE spyware use?
The report confirms commercial spyware is active in federal immigration enforcement, but the scope, oversight, and review standards remain unclear.
OPEN QUESTION
Will enterprise Gmail E2EE see broad adoption?
Its privacy benefits depend on administrators enabling it and users working within licensing and recipient compatibility constraints.