Nothing much happened this week except, oh yeah, special counsel Robert Mueller filed his report on Friday night. Though attorney general William Barr now has the report in hand, the American people will have to wait to see how much of it he decides to make public.

In anticipation of the report, Mueller expert Garrett Graff laid out what information it could contain that would get Trump impeached.

Beyond Mueller, it was actually already a news-packed week. In fact, as the Mueller news was breaking, the Office of the Inspector General also dropped a bombshell report revealing that FEMA failed to safeguard the personal data of 2.3 million disaster survivors.

The week started with the lesson that most Android antivirus apps are garbage. Then we gave you an in-depth look into fallout from the massive Exactis data leak last year. Then we told you about a massive Android vulnerability that took Google five years to even partially patch. Researchers built an “online lie detector test,” and honestly, that could be a problem. And we explained why increasingly, people are turning to surveillance to feel safe.

Obviously, there isn’t a week without some kind privacy or security news out of Facebook. This week it was that the company had exposed—in plaintext—millions of passwords for employees to see. On ray of sunshine came from Utah, which just passed landmark digital rules, making a new state leader on the privacy front.

And of course there’s more. Each week we round up all the news we didn’t break or cover in depth. Click on the headlines to read the full stories. And stay safe out there.

According to their own lawyer, Trump’s daughter and son-in-law not only used private email accounts, but Jared Kushner also used encrypted messaging service WhatsApp to conduct official business. The lawyer apparently reported this to Congress late last year, according to what the chairman of the House Oversight and Reform Committee Elijah E. Cummings told The New York Times.

Needless to say, this is pretty alarming news—not least because Trump and Kushner are both bound by federal records keeping laws that are designed to ensure the American people know what government officials are up to. With WhatsApp’s end-to-end encryption, messages sent by Trump and Kushner could be hidden completely from oversight. The lawyer told Congress, according to Cummings, that Kushner “took screenshots of the communications and sent them to his official White House account or the National Security Council” to comply with those laws. Kushner has a cozy relationship with Saudi Arabian crown prince Mohammed bin Salman, and has reportedly communicated with him over WhatsApp—communications that should be available for scrutiny, especially given bin Salman’s presumed role in the murder of journalist Jamal Khashoggi.

When asked about the allegations of improper secure communications, the president said “I know nothing about it.” Cummings says the White House is “obstructing the committee’s investigation into allegations of violations of federal records laws by White House officials.” All of which brings to mind that well-worn refrain: "but her emails."

According to researchers writing in Slate, the National Institute of Standards and Technology, which is a governmental agency within the Commerce Department tasked with promoting innovation, has been using questionably ethical ways to train facial recognition algorithms. Through FOIAs and public documents, the researchers found that NIST’s Facial Recognition Verification Testing allegedly uses pictures of kids who’d been abused as part of child pornography rings, as well as images of dead inmates, and immigrants applying for visas. The researchers assert that NIST has been doing this without the consent of those whose images are used. All of these images are part of the database NIST uses to assess facial recognition technology from companies, academics, and developers. In that way, these images are actually used to test most facial recognition that’s being used. “Any one of us might end up as testing material for the facial recognition industry, perhaps captured in moments of extraordinary vulnerability and then further exploited by the very government sectors tasked with protecting the public,” they wrote.

A spyware company that sells software for people to spy on other people has left more than 95,000 pictures and 25,000 audio recordings on a public database, Motherboard reports. Those images are incredibly intimate, as are the audio recordings, according the report. Despite repeatedly trying to get in touch with the company to alert it to the problem, Motherboard says the company has not responded. Therefore, the graphic and revealing images and recordings are still just sitting there, waiting for bad actors to find. Motherboard reported the incident without revealing the name of the company for fear that doing so would enable people to find the cache and spread it around. Uh, company X, call the reporters back, please. Get this locked down.

More Great WIRED Stories