Key developments
Lawsuit seeks to stop DOJ voter database
Common Cause, CREW, the ACLU, Protect Democracy and Harvard Law School's Democracy and Rule of Law Clinic sued the Justice Department on April 21 to block its plan to assemble a national voter database from state voter rolls. The complaint says DOJ has sought unredacted rolls from nearly every state since last May, including addresses, birth dates and Social Security numbers, and has already sued 29 states and Washington, D.C. The plaintiffs allege the agency lacks statutory authority and violated the Privacy Act, the Paperwork Reduction Act and the Administrative Procedure Act.
Why it matters
It could centralize highly sensitive voter data at the federal level and shift control over voter-roll maintenance away from the states.
Sources & driving stories
DEMOCRACY DOCKET
Democracy Docket coverageNotion public pages expose editor identities
Researchers reported that public Notion pages can disclose editor usernames, profile images and email addresses associated with Notion accounts when pages are published. The issue was described as a platform behavior rather than a single isolated bug; researchers said publishing warnings were not visible in the interface, while Notion later acknowledged the behavior was unacceptable and said it was working on mitigation. Reported fixes include removing personal identifiers from public API responses and masking emails.
Why it matters
It shows routine publishing features can leak personal identifiers at scale, affecting both individuals and organizations using Notion.
Sources & driving stories
ESCUDO DIGITAL · Alberto Payo
Escudo Digital coverageMeta reportedly monitors employee work for AI
Forbes reported that Meta has installed monitoring software on U.S. employees' work computers to capture mouse movements, keystrokes, clicks and some screen snapshots for AI training. Meta said the collected data would not be used for performance reviews. The article says the effort is aimed at teaching AI systems how people navigate software and complete office tasks, but it also highlights transparency and proportionality concerns around workplace surveillance.
Why it matters
It suggests employee behavior is becoming training data for AI systems, raising privacy and labor-regulatory risk.
Sources & driving stories
FORBES · Ron Schmelzer
Forbes coverageWorth noting
WORTH NOTING
Self-spreading npm malware steals secrets
Researchers said the attack can republish compromised packages through publishing tokens while harvesting API keys, SSH keys, cloud credentials and wallet data.
WORTH NOTING
Oglethorpe settlement offers breach compensation
The proposed deal gives affected residents a claims path for documented losses or an estimated $75 cash payment after the June 2025 breach.
WORTH NOTING
FCC privacy fine fight reaches Supreme Court
The Court's skepticism could affect how telecom privacy and data-breach penalties are reviewed and whether companies can force jury-trial access.
Still unclear
OPEN QUESTION
Will courts block DOJ voter-data consolidation?
The lawsuit attacks the legal basis for the data grab, but DOJ has already pursued voter-roll access from most states.
OPEN QUESTION
Will workplace AI training face monitoring limits?
If employee keystrokes and screenshots become routine training inputs, regulators may need clearer rules on what is necessary and proportionate.