Key developments
Trump signs short FISA extension
Congress moved a short-term extension of Section 702 of the Foreign Intelligence Surveillance Act through both chambers, and President Donald Trump signed it on Saturday, keeping the authority in place through April 30. Section 702 lets U.S. intelligence and law enforcement agencies collect and analyze overseas communications without a warrant, while sometimes incidentally capturing Americans' messages. The stopgap sets up another round of negotiations over whether access to Americans' emails, phone calls, or texts should require a warrant.
Why it matters
It preserves warrantless surveillance powers for now while leaving core privacy limits unresolved.
Sources & driving stories
GREATER MILWAUKEE TODAY
Greater Milwaukee Today coverageHAWAII TRIBUNE-HERALD · Charlie Savage, Robert Jimison and Megan Mineiro
Hawaii Tribune-Herald coverageLawmakers press ICE over Palantir surveillance
On April 18, Rep. John Garamendi joined Reps. Dan Goldman and Nydia Velázquez, along with Sen. Ron Wyden, in demanding answers from ICE and DHS about ongoing use of Palantir-developed technologies to collect Americans' personal data. The lawmakers cited a broader surveillance stack that includes Clearview AI facial recognition, PenLink social-media monitoring, L3Harris stingray technology, and Paragon cellphone surveillance tools. They asked for details on government and commercial datasets and data applications used in DHS immigration enforcement and raised concerns about use against citizens, journalists, and people engaged in lawful assembly and protest.
Why it matters
It shows growing scrutiny of how commercial surveillance tools are being woven into immigration enforcement and domestic monitoring.
Sources & driving stories
SIERRA SUN TIMES
Sierra Sun Times coverageVercel confirms breach after extortion claims
Vercel disclosed a security incident after threat actors claimed its systems were breached and stolen data was being offered for sale. The company said a limited subset of customers experienced unauthorized access to certain internal systems, but core services were not impacted; it also said it brought in incident-response experts, notified law enforcement, and would provide updates. The report said the alleged attacker claimed access keys, source code, database data, internal deployments, API keys, and a file containing 580 employee records.
Why it matters
A compromise at a deployment platform can expose customer secrets and create downstream privacy and security risk.
Sources & driving stories
BLEEPINGCOMPUTER · Lawrence Abrams
BleepingComputer coverageWorth noting
WORTH NOTING
Carnival probes alleged 8.7M-record theft
The claim targets a major consumer-data holder, but the record count and full impact remain unverified.
WORTH NOTING
Qatar privacy agency explains rights
The official guide spells out rights to object, erase, and correct personal data under Qatar's privacy law.
WORTH NOTING
Opexus class action targets insider breach
The filing underscores privacy risks when a federal records contractor handles highly sensitive government and third-party data.
Still unclear
OPEN QUESTION
Will Congress add warrant limits to Section 702?
The short-term extension leaves the core privacy fight unresolved and sets another deadline for lawmakers.
OPEN QUESTION
What data is flowing through DHS's Palantir systems?
The lawmakers' letter suggests the scope of government and commercial datasets inside immigration-enforcement tools is still unclear.