Tag: biometrics

They’re All Ears: Apple’s Plan to Read Your Mind

We’ve handed over our location, our browsing history, our voice, our face, and our purchasing habits. In exchange, we’ve gotten convenience. Now Apple wants the one thing each of us might have thought was still ours—the electrical activity of our brain. And this time, they’re not even asking. What are we talking about here?

In January 2023, Apple quietly filed patent US20230225659A1 with the U.S. Patent and Trademark Office. The filing describes a wearable electronic device—an earbud—equipped with multiple electrodes embedded directly into the ear tip and housing. These electrodes aren’t for audio. They are not there to improve our sound quality. No indeed. Instead, they are there to read our brain—using the same EEG technology doctors use to monitor neurological activity in clinical settings. And because every ear canal is shaped differently, Apple’s patent describes a machine-learning model that figures out which electrode combinations work best for each person’s specific anatomy, then keeps refining that over time. The result is a read that is accurate, continuous, and tailored to each of us personally. The digital signal is then transmitted wirelessly to our phone—and, per the patent’s own language, to a server, where it can be stored as “historic data” accessible by “another person given permission.”

Read that sentence again.

What EEG Actually Reveals
This is not science fiction, and it is worth understanding what EEG data actually captures—because it is a lot more than Apple’s marketing department will ever tell you. Brain waves are not background noise. They are a direct readout of our inner life. The alpha, beta, delta, theta, and gamma frequencies each correspond to distinct mental states—relaxation, intense focus, deep sleep, creativity, active learning. Together they paint an individual portrait of our mind that is more revealing than anything we have ever typed into a search bar or whispered to a smart speaker. These frequencies, as Loyola University researchers have noted, are also the same signals measured in polygraph tests—the ones used to determine whether someone is lying. They can reveal our stress levels, our concentration, our emotional state, and potentially flag neurological conditions that have not yet been diagnosed. As one researcher at the Neurorights Foundation put it in a Science Friday interview, neural circuits in the brain create our thoughts, emotions, memories, decision-making, and our very sense of self.

Apple wants that data streaming off our ears into their servers.

Are There Any Upsides?
Fair is fair—applications for in-ear EEG technology are being floated, and it’s worth addressing them. As Neurofounders reports, startups like NextSense are already developing in-ear EEG devices to improve clinical sleep staging. Detecting seizure disorders from continuous passive monitoring is another possibility. Early signals for degenerative diseases like Alzheimer’s may surface in EEG data years before symptoms appear. And researchers have argued that natural-environment EEG collection—on the couch, at work, during real life rather than inside a sterile lab—would produce more accurate data on attention and cognitive states than anything gathered under clinical conditions.

These applications sound compelling on the surface. But step back for a second. Americans are not sleeping poorly because they lack a brain-monitoring device. They are sleeping poorly because they are overprescribed, overstimulated, and undernourished—and the same medical system profiting from that reality is not exactly rushing to fix it. Handing our neural data to Apple is not a solution to a pharmaceutical-created problem. It is just a new layer of surveillance dressed up as fake wellness. The idea that we should surrender the electrical activity of our brains as the price of entry for better sleep tracking should raise more than a few eyebrows.

Who Gets the Data?
Here is where things get serious. A 2024 Neurorights Foundation report pulled back the curtain on 30 companies already selling consumer neurotechnology devices. What they found should stop you cold. Twenty-nine of the thirty companies claimed unlimited rights to their users’ neural data. Most had quietly written third-party data sharing directly into their terms—buried in the kind of legal language nobody reads until it’s too late. Fewer than half even encrypt the data or de-identify users. There is no federal law in the United States governing how neural data collected by consumer devices can be used or sold. A handful of states—Colorado, California, Illinois—have moved to address this, but protections remain patchwork at best.

As a published paper in PMC bluntly put it, bulk sales of neural data by tech giants to third parties may already be occurring with minimal accountability. Data brokers could soon be cataloging individual “brain fingerprints” on a mass scale—data as uniquely identifying as a fingerprint, and infinitely more revealing.

Apple has faced its own data breach history. As Pearl Cohen’s legal analysts note, the patent describes data transmission to external servers accessible by parties beyond the user. The company that couldn’t keep our FaceID data secure wants a continuous stream of our brain’s electrical activity.

Keep reading

DYSTOPIAN Truck Tech: AI Scans Faces, Reads Lips & Checks Police Database BEFORE You Can Drive

A video exposing Ford’s dystopian patents for new vehicles has gone viral on X, fueling outrage over the accelerating war on personal vehicle ownership and freedom of movement. 

The clip details in-cabin cameras, biometric scanners, lip-reading AI, emotion detection, and real-time criminal database queries – all deciding whether your truck will let you drive.

In the video, the narrator states “imagine there was an emergency outside the truck… An accident…I jump in this truck. But it won’t shift into drive. Why? Because cameras and sensors inside of my cab won’t let me shift.”

“It detects that my eyes are big. There’s some emotion. Some panic. And doesn’t feel like I’m fit to drive. That isn’t science fiction. This is happening. Ford just filed patents,” he explains.

He continues: “Ford actually has a series of patents down at the U.S. Patent and Trade Office that deal with sensors and cameras inside their cab. And if that sensor determines you’re not fit to drive, the truck won’t shift from park to drive.”

The patents extend deep into control. Biometric systems scan face, iris, and fingerprint, cross-referencing law enforcement databases before allowing movement. 

“You wake up one morning, walk out to the driveway, climb into a vehicle with your name on the title… Before you go anywhere, before you’ve done a single thing wrong, your truck has already run your face through a law enforcement database. Ford’s own patent language describes this as ‘potentially useful for police,’” the narrator further outlines.

Lip-reading tech uses interior cameras and machine learning on vast mouth-movement datasets, plus inaudible sound waves. This enables not just voice commands in noisy conditions but also monitoring for targeted ads based on conversations. 

Ford Pro Telematics also already feeds live driver video to fleet managers.

This corporate push dovetails perfectly with government efforts to restrict mobility. Just weeks ago, Massachusetts Democrats advanced Senate Bill S.2246, directing MassDOT to set binding goals for slashing statewide vehicle miles traveled (VMT) under “climate” pretexts. 

The bill creates a new council to shove residents onto public transit, hitting rural drivers hardest who rely on cars for work, family, and essentials.

Keep reading

Another Wrongful Arrest Based on Faulty Facial Recognition Raises Growing Concerns

Jason Killinger walked into Reno’s Peppermill Casino in September of 2023, later that evening as he was exiting the building he would be arrested. The casino’s facial recognition system had flagged him as a “100 percent match” for an individual that had previously been banned from the property. The only problem? It was completely wrong.

After the system flagged Killinger, casino security would approach him, referring to him as “Mike”, an individual who had been previously removed from the property. Despite his insistence and ability to prove that he was in fact not Mike, security would surround and handcuff Killinger before calling the Reno Police Department. Shortly thereafter rookie Officer Richard Jager would arrive on the scene.

Killinger quickly proved he was not the man identified in the system, as he was carrying three valid forms of identification, including a Nevada Real ID compliant drivers license, his Peppermill player’s card, and a debit card, all with his name on it. When this wasn’t enough he offered to retrieve more from his vehicle, which included a pay stub, vehicle registration, and a medical card. Despite all of this copious documentation proving who he was, Officer Jager declined to investigate further, not bothering to look at any of his other identifying documents. Killinger would be arrested and charged with criminal trespass.

He would then spend 11 hours in police custody, only after a fingerprint check at Washoe County jail confirmed his identity would he finally be released.

Keep reading

Mexico Speeds Up Biometric ID Rollout

Mexico’s government wants you to believe that handing over your fingerprints, iris scans, and facial data is voluntary. President Claudia Sheinbaum has said so publicly.

But by July 2026, every one of the country’s roughly 130 million mobile phone lines must be linked to a biometric national ID, and unregistered numbers get suspended on July 1.

Refuse the biometric credential and lose your phone.

The CURP Biométrica upgrades Mexico’s existing population registry code, the Clave Única de Registro de Población, from an 18-character alphanumeric string into something far more personal. The updated system captures face, fingerprint, and iris biometrics, packages them with a QR code and digital signature, and produces what amounts to a mobile-readable identity document tied to your body.

Registration happens at RENAPO and Civil Registry offices, where staff scan all ten fingerprints, both irises, take a facial photograph, and record a digital signature. You’ll need a valid photo ID, a certified CURP, and an original or certified birth certificate just to walk in.

The government has framed this primarily as a tool for addressing Mexico’s crisis of forced disappearances. The biometric data feeds into a Unified Identity Platform connecting the National Population Registry with the National Forensic Data Bank and records held by prosecutors and intelligence agencies, enabling real-time identity searches. That’s the stated purpose.

The actual system being built does considerably more than locate missing people. The legislation gives broad access to biometric and personal information to law enforcement, intelligence agencies, and the National Guard, and the law doesn’t require authorities to notify citizens when their data gets accessed. You won’t know who’s looking at your biometrics, or why, or how often.

Keep reading

US & EU Negotiate Biometric Data-Sharing Deal

Washington wants to run European fingerprints through American databases, and the EU is considering it. The Department of Homeland Security and the European Union are in formal negotiations over an arrangement that would give DHS direct query access to biometric records held by EU member states, a level of access that Brussels has never granted to a non-EU country for border security purposes.

The deal sits inside DHS’s Enhanced Border Security Partnership program, which effectively tells Visa Waiver Program countries to open their biometric databases or risk losing visa-free travel privileges. Washington has set a December 31, 2026, deadline for EBSP agreements to be operational. After that, DHS reviews each country’s compliance. Countries that fail to meet expectations risk suspension from the VWP, which would reimpose visa requirements on their citizens.

When DHS encounters a traveler, asylum seeker, visa applicant, or anyone flagged during immigration processing, it would query a participating country’s database using that person’s biometrics.

A match returns fingerprints and related identity data to DHS.

Keep reading

FC Barcelona Fined for Privacy Violations Over Biometric Data Collection

FC Barcelona got fined €500,000 ($579,219) for scanning the faces and recording the voices of over 100,000 members without doing the legal homework first.

Spain’s data protection authority, the AEPD, found the club had deployed biometric identity verification during a membership census update and processed all of it without a valid Data Protection Impact Assessment.

Members renewing their details remotely were required to either submit a facial scan through their device camera or record their voice. Both systems were live, both were processing biometric data at scale, and the documentation Barcelona produced to justify any of it didn’t meet the bar GDPR sets for high-risk processing.

Article 35 of the GDPR requires organizations to conduct a DPIA before deploying any system likely to create a high risk for individuals. Biometric data used for identification qualifies automatically.

Processing that touches more than 100,000 people, including minors, qualifies. Using new technologies qualifies. Barcelona’s system hit all three. The AEPD concluded the club’s documentation was missing the essential components of a genuine assessment: no real necessity and proportionality analysis, no adequate evaluation of what the processing actually risks for the people whose faces and voices it captured.

The AEPD’s decision in case PS-00450-2024 makes one point with particular clarity: consent doesn’t substitute for a DPIA. Barcelona had asked members to agree to biometric data collection, and members had agreed.

That agreement is legally irrelevant to the separate procedural obligation to assess risk before the system goes live. The GDPR treats them as independent requirements. Satisfying one doesn’t discharge the other.

What a valid DPIA actually requires, according to the decision, is a clear description of the processing, a genuine necessity and proportionality assessment, a detailed risk evaluation, proposed mitigation measures, and a residual risk assessment after mitigations are applied. Organizations that generate DPIA documentation as a compliance checkbox, without substantively working through those questions, remain exposed regardless of what consent language they put in front of users.

The appetite for facial biometric data has become near-universal across industries, and the Barcelona case lands in a moment when that appetite is accelerating faster than the rules meant to govern it.

Keep reading

The Dark Side of AI: Innocent Grandmother Wrongfully Jailed for 6 Months After Facial Recognition Error

A Tennessee grandmother spent nearly six months behind bars in North Dakota, a state she had never even stepped foot in, after being wrongfully identified by AI facial recognition technology in a bank fraud investigation.

The Grand Forks Herald reports that Angela Lipps, a 50-year-old mother of three and grandmother of five from Tennessee, found herself trapped in a nightmare that began last July when U.S. Marshals arrested her at gunpoint while she was babysitting four young children. Fargo police had used facial recognition software to identify her as the primary suspect in an organized bank fraud case, despite the fact that she had never set foot in North Dakota.

The case began in April and May 2025 when Fargo Police Department detectives investigated several bank fraud incidents. Surveillance footage captured a woman using a fraudulent U.S. Army military identification card to withdraw tens of thousands of dollars from local banks. To identify the suspect, investigators employed facial recognition software, which incorrectly matched the woman in the videos to Lipps.

According to court documents obtained through an open records request, the detective assigned to the case reviewed Lipps’ social media accounts and Tennessee driver’s license photo after receiving the facial recognition match. In the charging document, the detective stated that Lipps appeared to be the suspect based on facial features, body type, hairstyle, and hair color. Notably, no one from the Fargo Police Department contacted Lipps to question her before filing charges.

Lipps was arrested on July 14 and booked into her county jail in Tennessee as a fugitive from justice. She faced four counts of unauthorized use of personal identifying information and four counts of theft in North Dakota. Held without bail due to her fugitive status, Lipps spent 108 days in the Tennessee jail before North Dakota officers transported her to Fargo on October 30.

“It was so scary, I can still see it in my head, over and over again,” Lipps said during an interview about her ordeal.

Keep reading

UK Lords Back Facial Recognition Overreach, Protest Crackdown Powers

The UK Lords spent March 9 dismantling what little legal cover existed for anonymous protest and privacy, and building new tools to suppress it entirely.

Start with what they refused to protect. Peers voted down an amendment that would have kept the DVLA database (the equivalent of the DMV in the US) out of live facial recognition searches.

That database isn’t a surveillance archive. It was built to verify driving licenses. It contains photographs linked to the confirmed real-world identities of most UK drivers, and the Lords just cleared the path for police to run it against faces captured in real time at public gatherings. A licensing bureaucracy would become an identification engine. The repurposing happened quietly, through a vote most people won’t read about.

The Lords also voted down a proposed “defence of reasonable excuse” for concealing identity at protests. The amendment would have shifted the burden of proof onto police officers to justify why a face covering made someone arrestable.

Keep reading

Mexico Mandates Biometric SIM Registration for All Phone Numbers

Anonymous prepaid SIM cards are dying in Mexico. By July 1, 2026, every active cell phone number in the country must be biometrically linked to a named, government-credentialed individual or face suspension. That’s around 127 million numbers, each one tethered to an identity the Mexican government can look up by name.

The mobile registration law took effect January 9, 2026, covering prepaid and postpaid plans, physical SIMs, and eSIMs alike. Existing subscribers have until June 30 to complete registration. New lines activated after January 9 get 30 days. Miss the window, and the line goes dark.

The enforcement mechanism runs through the CURP Biométrica, Mexico’s biometric upgrade to its existing population registry code. The new credential embeds a photograph, electronic signature, and QR code that ties directly to biometrically verified records held in the national registry.

Residents registering a mobile line must provide their CURP number alongside a valid government ID, which makes biometric enrollment not optional but structurally required. You cannot register a phone number without first handing your biometric data to the state.

What Mexico is building here is a national phone network where every number has a face attached to it.

Keep reading

Epstein Flipped Israel’s Gaza-Tested Biometric Scanners Into Nigeria Ports Deal for UAE

The year before Jeffrey Epstein’s suspicious death in a Manhattan jail, the financier was working to broker an infrastructure deal for Emirati logistics conglomerate DP World in Nigeria, according to a massive trove of emails released by the Justice Department last month.

In an email exchange from the summer of 2018, Epstein facilitated talks between then-chair of Nigeria’s sovereign investment fund, Jide Zeitlin, and DP World’s ex-chairman, Sultan Ahmad bin Sulayem, on possible shipping terminals in Lagos and Badagry. Sulayem resigned from DP World on February 13, 2026 amid fallout from the revelation of his intimate friendship with Epstein.

DP World’s leadership was reluctant to invest in an industrial zone in Nigeria unless they could own the surrounding port outright, and talks with previous Nigerian presidents, since 2005, had led nowhere. Zeitlin informed Sulayem that he was close to then-President Muhammadu Buhari and billionaire shipping magnate Gabriele Volpi—the owner of Intels, Nigeria’s largest logistics company, which services the country’s massive oil & gas sector. Epstein, in turn, offered to involve Kathryn Ruemmler, former White House counsel under President Barack Obama. Ruemmler recently announced her resignation as chief legal officer of Goldman Sachs.

Sulayem and Epstein worked together for more than a decade, cultivating a friendship between Israel and the United Arab Emirates long before the Abraham Accords agreement in 2020. Zeitlin wrote to Epstein in September 2018, after Djibouti nationalized DP World’s main hub in East Africa, “I hope your pal’s sojourn in Tel Aviv … was more effective than his efforts on the African continent.” After Epstein’s death, DP World acquired a controlling stake in a Nigerian logistics provider in 2022 and began expanding its footprint in Lagos as of last year.

Keep reading