Apple attempted to address some of those concerns with an iOS update yesterday allowing users to prevent apps from tracking their location across other websites or apps, as well as to decline to share their location information with data brokers. The new Apple feature will present users with a pop-up message allowing them to select “Ask App not to Track” when such information is requested.

Such identifier technology has been accused of violating European privacy regulations, which are much stricter than those in the United States. And here at home, Rep. Suzan DelBene (D-Wash.) last month reintroduced legislation creating a nationwide privacy standard that would require companies to gain consumer consent before sharing data. The bill would preempt a patchwork of state legislation regulating including the collection of location data by apps.

Apple's change is aimed at pushing back against apps that have been exploiting user data for financial gain, the company claims.

“Some apps have more trackers embedded in them than they need,” Apple said in a video posted to YouTube alongside the announcement. “They collect thousands of pieces of information about you to create a digital profile that they sell to others.

Washington Post tech columnist Geoffrey A. Fowler breaks down how the tracking technology works:

“Picture it: You’re walking down the street, and at every business you enter you leave a little sticky note saying you’ve been there. Someone who spotted enough sticky notes could connect the dots about who you are. Flower shop, jewelry store and tux rental? Someone is about to get married. The app equivalent of that sticky note is a code hidden in your iPhone called the Identifier for Advertisers, or IDFA. Although this ID doesn’t contain your name, it does look the same to every app. Many apps report your ID back to companies including Facebook and Google, allowing the advertising firms to connect the dots about what you do on your phone."'

But the new feature won't change the privacy landscape overnight, experts say.

Experts say that much of the feature's success will depend on apps honoring the new policy and how strictly Apple enforces it.

"One big question is: Will it work?” Gennie Gebhart, a director at the digital rights nonprofit the Electronic Frontier Foundation, told The New York Times.

The feature will rely on trackers honoring the rules, notes Casey Oppenheim, chief executive of privacy company Disconnect. Disconnect provides an app that blocks app tracking.

“As usual, Apple's privacy marketing has far outpaced its actual practices, which gives users a false sense of privacy,” Oppenheim says.

Apple has said it will remove and reject apps from its App Store if they violate the policy. But both Gebhart and Oppenheim raised the possibility that developers and firms that sell online advertising find new ways to track users and skirt the protections.

Additionally, Apple already forced apps to disclose whether they tracked location data in the past and gave users a way to opt out; it was just buried deeper in Apple's settings.

Apple is also far from the only source of mobile user data. Rough estimates show that Google Android makes up at least 50 percent of the U.S. market. Google Android also collects advertising data — approximately 20 times as much as Apple, according to one study. (Google disagreed with the researcher's methodology and claims.) Google also uses an advertising ID to track users. Users are able to opt-out but have to seek out the setting.

Regardless of your phone software software, your phone provider probably is still sucking up troves of sensitive personal data, as Recode's Sara Morrison reported. As of yesterday, T-Mobile will use customer's Web browsing and app usage data for targeted apps unless users opt out, for instance.

Still, Apple's move deals a blow to data brokers who sell location data to clients ranging from advertisers to the government.

There is a tide of opposition to the feature by companies that profit heavily off data, including Facebook. The social media giant, which is tweaking its advertising tools to comply with Apple's change, has blasted the new policy and accused Apple of acting in its own self-interest.

Apple also released an important security update for MacOS yesterday.

The update fixed a flaw that allowed hackers to work around privacy protections to target users with malware. Hackers have been using the vulnerability since at least January, Zack Whittaker at TechCrunch reports.

Chat room

More experts react to the Apple news:

Justin Brookman, head of tech policy for Consumer Reports:

Privacy lawyer Whitney Merrill:

Matt Tait, chief operating officer at Corellium:

The keys

Data brokers have location data on U.S. soldiers and special operations forces.

The Wall Street Journal’s Byron Tau obtained location data for a secret U.S. military staging area from an anonymous commercial data broker, raising concerns about the extent and ubiquity of location data. The report came just weeks after Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) introduced a bill to ban the sale of such data to “unfriendly” foreign companies and governments.

The Pentagon “is aware of the risks posed by geolocation tracking capabilities, including via commercial data, and issued policy on the use of geolocation-capable devices and applications in the summer of 2018,” Pentagon spokeswoman Candice Tresch said. “This policy, and its implementing risk guidance, protects DoD personnel and operations while still allowing flexibility to benefit from geolocation capabilities in certain low-risk situations.”

The U.S. intelligence community is building a clearinghouse for intelligence on foreign influence operations.

The office of Director of National Intelligence Avril Haines is setting up the Foreign Malign Influence Center “in light of evolving threats and in support of growing policy and congressional requirements,” an agency spokesperson said in a statement to Politico’s Martin Matishak. The move comes just weeks after the Biden administration sanctioned Russia for election interference and other malign actions such as hacking.

The legislation directs the intelligence community to cover foreign influence operations by China, Iran, North Korea and Russia, all of which have been named top threats by the intelligence community.

Lawmakers told the intelligence community to build the center in a recent intelligence authorization bill.

A federal court reauthorized the FBI’s warrantless surveillance power despite privacy violations.

The November reauthorization by a secretive federal court came despite the court finding that the FBI repeatedly violated rules designed to protect Americans’ privacy, Ellen Nakashima reports. The findings are at least the third set of rule breaches by the FBI in recent years.

James E. Boasberg, the presiding judge of the court, said the violations happened before the FBI improved its internal systems and that the coronavirus pandemic has limited the government’s ability to check whether the rules are being complied with. “While the Court is concerned about the apparent widespread violations … it lacks sufficient information at this time” to assess the adequacy of FBI system changes and training,” he said.

“We’ve seen this movie before,” said Julian Sanchez, a senior fellow at the Cato Institute. “The court wags its finger at systemic noncompliance but ultimately decides to give the FBI yet another chance.’’

Government scan

Former top cybersecurity officials urge Congress to pass a bill investing in state and local digital infrastructure.

“Modernizing state and local IT systems is not just good government — it’s a national security imperative,” former Cybersecurity and Infrastructure Security Agency director Chris Krebs and former senior cybersecurity adviser at CISA Matt Masterson wrote in an op-ed for The Hill.

“Investment and support of state and local cyber infrastructure is an investment in our democracy, our judicial system, law enforcement, and the privacy and security of our citizens," the write. "Our adversaries allow cybercriminals and their own state-supported hackers to operate from their own sovereign territory, disrupting citizen services and stealing money and intellectual property from U.S. governments and businesses alike. It’s time to step up and provide our non-federal partners with the resources they need to effectively defend themselves.”

Industry report

Cyber insecurity

Top video game executives are vulnerable to cyberattacks.

Eighty-three percent of executives from 15 of the world’s top 20 video game companies had their passwords exposed in clear text on the dark web, cybersecurity firm BlackCloak said. The exposure comes after high-profile attacks on video game companies like CD Projekt Red, which said in February that it was hit in a “highly targeted” cyberattack for ransom.

Law enforcement began to remove a strain of malicious software from infected devices.

Law enforcement authorities over the weekend told computers infected with Emotet to not run the malicious code automatically, CyberScoop’s Shannon Vavra reports. The move comes months after law enforcement authorities took down some of the infrastructure behind Emotet.

More news in hacks and breaches.

Daybook

Sen. Todd C. Young (R-Ind.) discusses a bill aiming to boost U.S. technological competition against China at a Washington Post Live event today at 9:15 a.m. Todd C. Young

A Senate Commerce Committee panel holds a hearing on coronavirus-related scams and identity theft on today 10 a.m.

Senate Intelligence Committee Chairman Mark R. Warner (D-Va.) discusses cybersecurity legislation at a U.S. Chamber of Commerce event today at 10 a.m. Mark R. Warner

Sir Nick Carter, the Chief of the UK Defense Staff, speaks at a Center for Strategic and International Studies event on the United Kingdom’s integrated review on Wednesday at 11 a.m. Defense

Secretary of Homeland Security Alejandro Mayorkas speaks at an Institute for Security and Technology event on hacks-for-ransom on Thursday at 1 p.m.