The Privacy Hazard

On June 3, Senator Dick Durbin (D-IL), the ranking member of the Senate Judiciary Committee, took the floor to urge his colleagues not to reauthorize Section 702 of the Foreign Intelligence Surveillance Act without serious privacy reforms. The authority was built to collect the communications of foreigners overseas without a warrant — but in the process it sweeps up the texts, emails, and calls of millions of ordinary Americans, which agencies can then search without ever going to a judge.

Durbin pointed to thousands of warrantless searches of Americans’ data in a single year and warned that oversight of the program leans heavily on the executive branch policing itself. With the authority set to expire June 12, he pressed for the bipartisan SAFE Act — co-authored with Senator Mike Lee (R-UT) — which would require a judicial warrant before the government reads Americans’ private communications. You can read the full release from the Senate Judiciary Committee here.

The scope and volume of digital storage of human life is hard to even picture.

By some estimates we’re now north of 250 zettabytes of stored data worldwide — roughly ten times what it was five years ago, and still climbing. It’s the PDF of your tax return sitting in the cloud (for how many years now?), every photo and video on your iPhone, every Costco run, every Ring doorbell snippet. It’s out there.

And that’s just the part you can see. Your driving history lives in automated traffic enforcement around I-465 and the Flock cameras dotted across Hamilton County. Your mortgage sits in a handful of places, scattered the moment it was packaged and sold. And if you haven’t been notified of a data breach involving you or your family by now, you’re a unicorn.

Here’s what changed. The latest AI models are genuinely good at reasoning — pulling disconnected data sets together and drawing connections a human never would. So good that the federal government has committed billions of dollars to a single firm, Palantir, including a reported $30M for an AI-enabled “ImmigrationOS” (yes, that’s a real thing). Great news if you’re a shareholder. You can see the contract trail yourself on USAspending.gov.

Americans have a right to privacy — in your business and in your personal life. The hard truth is that, in practice, you don’t have much of it anymore.

This is exactly why the Section 702 debate matters here, not just in Washington. When a warrantless dragnet meets a 250-zettabyte haystack and an AI that can actually find the needle, the old comfort of “I’ve got nothing to hide” stops meaning much. We, as community and business leaders, should be talking about this. My own view: it’s time to rethink FISA — not rubber-stamp the renewal the way we have for the last twenty years.

You can’t control what Congress does with Section 702, but you can control how exposed your business and your customers are when the data is out there. The goal isn’t paranoia — it’s knowing what you hold, why you hold it, and who can reach it. Three guardrails to put in place now:

• ✓

  Collect less, keep less. The single most effective privacy control is data you never gathered or already deleted — it can’t be breached, sold, or subpoenaed. Inventory the customer and business data you actually hold, map where it lives, and set a retention schedule that purges what no longer earns its keep.

• ✓

  Write a data policy with a breach plan attached. Decide in advance what counts as sensitive, who may access it, and how long you retain it — then document the first 48 hours of a breach response before you need it. Treat customer data like a trust you’re holding, not an asset you own.

• ✓

  Vet where your vendors’ and AI tools’ data flows. Before adopting any cloud or AI tool, understand where your inputs are stored, whether they train someone else’s model, who else can access them, and how the vendor responds to government or third-party requests. Put the answers in the contract — a data processing agreement is cheap insurance against a surprise.

← Back to all insights