Phone toll records (call-detail records) do not include the content of calls or messages but include metadata such as timestamps for when calls and messages were sent or received and identifiers for the parties involved.
November 21, 2025
high
descriptive
Describes the typical contents of telecommunications toll records (also called call-detail records).
Court-issued gag orders can accompany subpoenas for phone records to delay or prohibit notifying the subpoena target for a specified period.
November 21, 2025
high
procedural
Gag orders are judicial tools that can limit disclosure about the existence of a subpoena or investigation.
The 2025 U.S. federal law permits redactions of information about Jeffrey Epstein’s victims when those details are part of ongoing federal investigations.
November 20, 2025
high
policy
Specifies allowable protections for victim information within the required disclosures.
The 2025 U.S. law permits redactions in released case files to protect victims' identities for ongoing federal investigations.
November 20, 2025
high
temporal
Statutory allowance for protecting victim privacy when releasing investigatory records.
New Jersey law criminalizes creating or sharing deceptive AI-generated media, with violations potentially subject to prison sentences and fines.
October 25, 2025
high
temporal
Example of a state-level statute that treats deceptive AI media (including deepfakes) as criminal conduct.
The federal Take It Down Act requires companies to remove nonconsensual intimate images within 48 hours of receiving a valid removal request.
October 25, 2025
high
temporal
Federal-level statutory mechanism intended to accelerate removal of nonconsensual intimate imagery from online platforms.
AI 'clothes-removal' or deepfake image tools can produce realistic-looking nude images from existing photos by algorithmically removing or altering clothing while preserving the subject's facial features, enabling rapid sharing and potential privacy and emotional harms.
October 25, 2025
high
temporal
Technical and social description of how certain image-manipulation AI tools operate and the harms they can cause.
Publicly disclosing identifying information about federal law enforcement agents, such as home addresses, can create safety risks for those agents and may violate laws that protect federal agents' identities.
October 24, 2025
medium
privacy
Revealing personal identifying information about federal agents can endanger their safety and implicate privacy- and safety-related legal protections.
The Sora app required new users to record a video of themselves from multiple angles and to record themselves speaking, and Sora provided a user-controlled setting called a "cameo" that allowed users to control whether others could create AI-generated videos of their likeness.
October 17, 2025
high
product
Description of Sora app onboarding and user controls for likeness use
Third-party customer support providers can have access to user-submitted customer support data that may include usernames, real names, email addresses, limited billing details (such as payment type and the last four digits of credit cards), IP addresses, messages exchanged with customer service agents, and government ID images provided for age verification.
October 17, 2025
high
technical
Typical types of user data accessible to third-party customer support vendors
Tolling data (also called call-detail records) typically show when a call was made, to whom the call was made, the call's duration, and general location data, and do not include the content of the call.
October 09, 2025
high
technical
Description of the information contained in call-detail records commonly used in investigations.
A common legal interpretation is that collecting call metadata (such as tolling data or call-detail records) does not constitute a wiretap because wiretapping involves intercepting the content of communications.
October 09, 2025
medium
legal_interpretation
Summarizes legal experts' view distinguishing metadata collection from wiretapping.
A proposed federal legislative provision would require service providers to notify a senator's Senate office and the Senate Sergeant at Arms when federal law enforcement requests that senator's data, and a court may not delay that notification unless the senator is the target of a criminal investigation.
January 01, 2022
high
legal
Notification and delay exceptions as described in proposed legislation covering alleged data-seizure or subpoena actions against senators.
Users of Sora 2 can control whether their own likeness is used in videos produced by the app.
high
policy
User-facing control over personal likeness in AI-generated content.
U.S. Immigration and Customs Enforcement (ICE) and other Department of Homeland Security components procure private‑sector surveillance technologies including facial recognition algorithms, iris‑based biometric identification systems that promise real‑time identification from eye photos, remote smartphone data extraction software, and platforms that integrate real‑time smartphone location data.
high
temporal
Types of commercial surveillance capabilities government agencies purchase from private vendors.
The Stored Communications Act authorizes federal judges to exercise discretion when issuing orders related to access to communications records, including nondisclosure (gag) orders or orders tolling notice to affected parties.
high
legal
Federal statutory framework governing access to electronic communications and related judicial orders.
Subpoenas for telecommunications records in federal investigations can be accompanied by nondisclosure orders directing providers not to notify targets, which can raise legal issues when the records sought concern members of Congress or other constitutionally protected actors.
high
legal
Intersection of investigative subpoena practice, provider gag orders, and constitutional protections for certain categories of individuals.
Social Security numbers and driver's license numbers are sensitive personal identifiers that cannot be easily changed and can be used for long-term identity theft, financial fraud, creating fake identities, opening fraudulent accounts, and enabling targeted phishing attacks.
high
security_risk
General risks associated with exposure of immutable personal identifiers.
Disclosure laws can authorize withholding of victims' personally identifiable information and child sexual abuse material from public release.
high
legal
Typical statutory exemptions intended to protect victim privacy and prevent dissemination of abuse material.
A federal provision requires service providers to notify U.S. senators if the senators' phone records or other data are seized or subpoenaed.
high
legal
Describes a statutory notification requirement for elected officials when communications data are compelled.
Exposure of basic contact information such as names, email addresses, phone numbers, and physical addresses in a data breach can be used by criminals to carry out scams and phishing attacks.
high
general
Contact data is valuable to attackers for targeted fraud even when financial or government ID data are not exposed.
Data removal services can reduce exposure by attempting to remove personal information from data broker sites that collect and resell contact details.
high
general
Using data removal services is a long-term step individuals can take to limit how widely their contact information is available to attackers.