Tag: mass surveillance

Chat Control 2.0: EU Moves Toward Ending Private Communication

Between the coffee breaks and the diplomatic niceties of Brussels bureaucracy, a quiet dystopian revolution might be taking place. On November 26, a roomful of unelected officials could nod through one of the most consequential surveillance laws in modern European history, without ever having to face the public.

The plan, politely titled EU Moves to End Private Messaging with Chat Control 2.0, sits on the agenda of the Committee of Permanent Representatives, or Coreper, a club of national ambassadors whose job is to prepare legislation for the European Council. This Wednesday, they may “prepare” it straight into existence.

According to MEP Martin Sonneborn, Coreper’s diplomats could be ready to endorse the European Commission’s digital surveillance project in secret.

It was already due for approval a week earlier before mysteriously vanishing from the schedule. Now it’s back, with privacy advocates watching like hawks who suspect the farmer’s got a shotgun.

The Commission calls Chat Control 2.0 a child-protection measure. The branding suggests moral urgency; the text suggests mass surveillance. The proposal would let governments compel messaging services such as WhatsApp or Signal to scan users’ messages before they’re sent.

Officials insist that the newest version removes mandatory scanning, which is a bit like saying a loaded gun is safer because you haven’t pulled the trigger yet.

Keep reading

Escape the Digital Purse Seine

Due to the relatively short lifespan of human beings, it can be difficult to put our own life experiences in perspective with history. This is why we have the saying, “Those who forget history are condemned to repeat it.” Combine a lack of historical knowledge with the fact that human nature doesn’t change much, and you have a recipe for human-caused misery, repeated over and over.

In Edgar Allan Poe’s short story “The Cask of Amontillado,” we see an example of human nature gone awry, with lethal results. From the first, the reader is privy to Montresor’s disgust toward Fortunato and his desire to exact revenge for a perceived insult. As the story progresses, it should be evident to Fortunato that Montresor has ill intent, but Fortunato cannot imagine the evil, so he continues into the depths of the catacomb, willingly walking toward his own demise while being plied with wine and called “friend.”

Even as Montresor is about to place the last stone that will seal Fortunato’s death in chains behind the brick wall, Fortunato calls it a good joke that they will laugh about later. Montresor agrees, drops his torch into the opening, places the final brick, and piles old bones of his ancestors in front, where half a century later “no mortal has disturbed them.”

There are analyses interpreting Poe’s story, and its intended message, but surely one lesson is to pay attention when all the signs indicate that you are in a bad situation, even as others try to convince you of their solicitude and concern for your well-being. This is the dire situation of humanity today, in the form of the digital prison that is being formed right before our eyes under the guise of convenience, efficiency, and safety.

Keep reading

GrapheneOS Quits France, Citing Unsafe Climate for Open Source Tech

GrapheneOS, the privacy-focused Android operating system, has ended all operations in France, saying the country is no longer a safe place for open source privacy projects.

Although French users will still be able to install and use the software, the project is moving every related service, including its website, forums, and discussion servers, outside French territory.

Until now, GrapheneOS used OVH Bearharnois, a hosting provider based in France, for some of its infrastructure. That setup is being dismantled.

The Mastodon, Discourse, and Matrix servers will operate from Toronto on a mix of local and shared systems. These changes are designed to remove any dependency on French service providers.

The developers said their systems do not collect or retain confidential user data and that no critical security infrastructure was ever stored in France. Because of that, the migration will not affect features such as update verification, digital signature checks, or downgrade protection.

The decision also applies to travel and work policies. Team members have been told not to enter France, citing both personal safety concerns and the government’s endorsement of the European Union’s Chat Control proposal.

That measure would allow authorities to scan private communications for illegal material, something privacy developers see as incompatible with secure digital design.

Keep reading

UK Government “Resist” Program Monitors Citizens’ Online Posts

Let’s begin with a simple question. What do you get when you cross a bloated PR department with a clipboard-wielding surveillance unit?

The answer, apparently, is the British Government Communications Service (GCS). Once a benign squad of slogan-crafting, policy-promoting clipboard enthusiasts, they’ve now evolved (or perhaps mutated) into what can only be described as a cross between MI5 and a neighborhood Reddit moderator with delusions of grandeur.

Yes, your friendly local bureaucrat is now scrolling through Facebook groups, lurking in comment sections, and watching your aunt’s status update about the “new hotel down the road filling up with strangers” like it’s a scene from Homeland. All in the name of “societal cohesion,” of course.

Once upon a time, the GCS churned out posters with perky slogans like Stay Alert or Get Boosted Now, like a government-powered BuzzFeed.

But now, under the updated “Resist” framework (yes, it’s actually called that), the GCS has been reprogrammed to patrol the internet for what they’re calling “high-risk narratives.”

Not terrorism. Not hacking. No, according to The Telegraph, the new public enemy is your neighbor questioning things like whether the council’s sudden housing development has anything to do with the 200 migrants housed in the local hotel.

It’s all in the manual: if your neighbor posts that “certain communities are getting priority housing while local families wait years,” this, apparently, is a red flag. An ideological IED. The sort of thing that could “deepen community divisions” and “create new tensions.”

This isn’t surveillance, we’re told. It’s “risk assessment.” Just a casual read-through of what that lady from your yoga class posted about a planning application. The framework warns of “local parental associations” and “concerned citizens” forming forums.

And why the sudden urgency? The new guidance came hot on the heels of a real incident, protests outside hotels housing asylum seekers, following the sexual assault of a 14-year-old girl by Hadush Kebatu, an Ethiopian migrant.

Now, instead of looking at how that tragedy happened or what policies allowed it, the government’s solution is to scan the reaction to it.

What we are witnessing is the rhetorical equivalent of chucking all dissent into a bin labelled “disinformation” and slamming the lid shut.

Keep reading

Victory! Court Ends Dragnet Electricity Surveillance Program in Sacramento

A California judge ordered the end of a dragnet law enforcement program that surveilled the electrical smart meter data of thousands of Sacramento residents.

The Sacramento County Superior Court ruled that the surveillance program run by the Sacramento Municipal Utility District (SMUD) and police violated a state privacy statute, which bars the disclosure of residents’ electrical usage data with narrow exceptions. For more than a decade, SMUD coordinated with the Sacramento Police Department and other law enforcement agencies to sift through the granular smart meter data of residents without suspicion to find evidence of cannabis growing.

EFF and its co-counsel represent three petitioners in the case: the Asian American Liberation Network, Khurshid Khoja, and Alfonso Nguyen. They argued that the program created a host of privacy harms—including criminalizing innocent people, creating menacing encounters with law enforcement, and disproportionately harming the Asian community.

The court ruled that the challenged surveillance program was not part of any traditional law enforcement investigation. Investigations happen when police try to solve particular crimes and identify particular suspects. The dragnet that turned all 650,000 SMUD customers into suspects was not an investigation.

“[T]he process of making regular requests for all customer information in numerous city zip codes, in the hopes of identifying evidence that could possibly be evidence of illegal activity, without any report or other evidence to suggest that such a crime may have occurred, is not an ongoing investigation,” the court ruled, finding that SMUD violated its “obligations of confidentiality” under a data privacy statute.

Granular electrical usage data can reveal intimate details inside the home—including when you go to sleep, when you take a shower, when you are away, and other personal habits and demographics.

Keep reading

EU’s Weakened “Chat Control” Bill Still Poses Major Privacy and Surveillance Risks, Academics Warn

On November 19, the European Union stands poised to vote on one of the most consequential surveillance proposals in its digital history.

The legislation, framed as a measure to protect children online, has drawn fierce criticism from a bloc of senior European academics who argue that the proposal, even in its revised form, walks a perilous line. It invites mass surveillance under a veil of voluntarism and does so with little evidence that it will improve safety.

This latest draft of the so-called “Chat Control” law has already been softened from its original form. The Council of the European Union, facing mounting public backlash, stripped out provisions for mandatory on-device scanning of encrypted communications.

But for researchers closely following the legislation, the revised proposal is anything but a retreat.

“The proposal reinstates the option to analyze content beyond images and URLs – including text and video – and to detect newly generated CSAM,” reads the open letter, signed by 18 prominent academics from institutions such as ETH Zurich, KU Leuven, and the Max Planck Institute.

We obtained a copy of the letter for you here.

The argument, in essence, is that the Council’s latest version doesn’t eliminate the risk. It only rebrands it.

Keep reading

The Disguised Return of The EU’s Private Message Scanning Plot

A major political confrontation over online privacy is approaching as European governments prepare to decide on “Chat Control 2.0,” the European Commission’s revised proposal for monitoring private digital communications.

The plan, which could be endorsed behind closed doors, has drawn urgent warnings from Dr. Patrick Breyer, a jurist and former Member of the European Parliament, who says the draft conceals sweeping new surveillance powers beneath misleading language about “risk mitigation” and “child protection.”

In a release sent to Reclaim The Net, Breyer, long a defender of digital freedom, argues that the Commission has quietly reintroduced compulsory scanning of private messages after it was previously rejected.

He describes the move as a “deceptive sleight of hand,” insisting that it transforms a supposedly voluntary framework into a system that could compel all chat, email, and messaging providers to monitor users.

“This is a political deception of the highest order,” Breyer said.

“Following loud public protests, several member states, including Germany, the Netherlands, Poland, and Austria, said ‘No’ to indiscriminate Chat Control. Now it’s coming back through the back door disguised, more dangerous, and more comprehensive than ever. The public is being played for fools.”

Under the new text, providers would be obliged to take “all appropriate risk mitigation measures” to prevent abuse on their platforms. While the Commission presents this as a flexible safety requirement, Breyer insists it is a loophole that could justify forcing companies to scan every private message, including those protected by end-to-end encryption.

“The loophole renders the much-praised removal of detection orders worthless and negates their supposed voluntary nature,” he said.

He warns that it could even lead to the introduction of “client-side scanning,” where users’ devices themselves perform surveillance before messages are sent.

Unlike the current temporary exemption known as “Chat Control 1.0,” which allows voluntary scanning of photos and videos, the new draft would open the door to text and metadata analysis. Algorithms and artificial intelligence could be deployed to monitor conversations and flag “suspicious” content.

Keep reading

Why We Have a Surveillance State

It is the inevitable consequence of our prevailing governing philosophy.

“Gentlemen do not read each other’s mail.” Henry Stimson, Secretary of State, 1929

I was upbraided recently by a dear friend for my frequent praise of outcast investor Peter Thiel over Thiel’s involvement with big data company Palantir. He forwarded me a Bloomberg article titled “Peter Thiel’s data-mining company is using War on Terror tools to track American citizens” adding: “Really scary. Not good for democracy; a better version of the Stasi’s filing system and way cheaper and more efficient.”

Increasingly, we live under the kind of comprehensive surveillance predicted by science fiction writers. But Palantir is just an arms merchant, not the architect of our brave new world. Like gun manufacturers, its products can be used for good or evil.  I have always believed that moral responsibility lies with the wielder of weapons, not the manufacturers. (This is often expressed as “Guns don’t kill people, people kill people.”)

Peter Thiel’s choice to become an arms merchant rather than invest his considerable talents and fortune elsewhere is a fair question given his libertarian leanings. I have no insight into the answer. I would guess that he founded Palantir as an act of patriotism after 9/11, and it metastasized following the money, cash being the mother’s milk of the state, something the celebrated Alexander Hamilton deeply understood.

Surveillance Is Not the Problem, but It Is a Symptom

The real threat to the republic, however, lies not in the weapons available but in the unlimited and unaccountable bureaucracy in Washington that deploys them, both at home and abroad. Having broken free of constitutional constraints, America’s political class now directs an all-powerful state that naturally adopts every tool technology has to offer.

Because our prevailing governing philosophy acknowledges no limits to the doing of good or the thwarting of evil, any means necessary may be employed as long as worthy ends can be plausibly asserted. Evil must be discouraged, taxed, or outlawed; good must be encouraged, subsidized, or made mandatory. This progressive government mission must be implemented in the public square, in the marketplace, in our educational institutions, around the world, and in our homes until all forms of social injustice are eliminated.

Keep reading

German States Expand Police Powers to Train AI Surveillance Systems with Personal Data

Several German states are preparing to widen police powers by allowing personal data to be used in the training of surveillance technologies.

North Rhine-Westphalia and Baden-Württemberg are introducing legislative changes that would let police feed identifiable information such as names and facial images into commercial AI systems.

Both drafts permit this even when anonymization or pseudonymization is bypassed because the police consider it “impossible” or achievable only with “disproportionate effort.”

Hamburg adopted similar rules earlier this year, and its example appears to have encouraged other regions to follow. These developments together mark a clear move toward normalizing the use of personal information as fuel for surveillance algorithms.

The chain reaction began in Bavaria, where police in early 2024 tested Palantir’s surveillance software with real personal data.

The experiment drew objections from the state’s data protection authority, but still served as a model for others.

Hamburg used the same idea in January 2025 to amend its laws, granting permission to train “learning IT systems” on data from bystanders. Now Baden-Württemberg and North Rhine-Westphalia plan to adopt nearly identical language.

In North Rhine-Westphalia, police would be allowed to upload clear identifiers such as names or faces into commercial systems like Palantir’s and to refine behavioral or facial recognition programs with real, unaltered data.

Bettina Gayk, the state’s data protection officer, warned that “the proposed regulation addresses significant constitutional concerns.”

She argued that using data from people listed as victims or complainants was excessive and added that “products from commercial providers are improved with the help of state-collected and stored data,” which she found unacceptable.

The state government has embedded this expansion of surveillance powers into a broader revision of the Police Act, a change initially required by the Federal Constitutional Court.

The court had previously ruled that long-term video monitoring under the existing law violated the Basic Law.

Instead of narrowing these powers, the new draft introduces a clause allowing police to “develop, review, change or train IT products” with personal data.

This wording effectively enables continued use of Palantir’s data analysis platform while avoiding the constitutional limits the court demanded.

Across North Rhine-Westphalia, Baden-Württemberg, and Hamburg, the outcome will be similar: personal data can be used for training as soon as anonymization is judged to be disproportionately difficult, with the assessment left to police discretion.

Gayk has urged that the use of non-anonymized data be prohibited entirely, warning that the exceptions are written so broadly that “they will ultimately not lead to any restrictions in practice.”

Baden-Württemberg’s green-black coalition plans to pass its bill this week.

Keep reading

ICE to Deploy Palantir’s ImmigrationOS AI to Track Migrants’ Movements

U.S. Immigration and Customs Enforcement is moving forward with ImmigrationOS, a new AI system built by Palantir Technologies to give officers near real-time visibility into immigrants’ movements and sharpen enforcement priorities nationwide. The agency awarded Palantir a $30 million contract in early 2025, with a working prototype due by September 25, 2025 and an initial operating period of at least two years, according to agency planning documents and contract disclosures. ICE frames the system as a way to speed removals of people already prioritized for enforcement, better track self-deportations, and coordinate federal data that now sits in disconnected silos.

What ImmigrationOS is meant to do

ImmigrationOS is designed to pull together a wide range of government-held records to sort, flag, and route cases to officers in the field. ICE officials say the tool will help them focus on individuals linked to transnational criminal organizationsviolent offenders, documented gang members, and those who have overstayed visas.

The system is also built to register when people leave the United States on their own, so field offices can avoid wasted detention and travel costs on cases that no longer require action. While the agency describes the platform as a needed modernization step, civil liberties groups warn that an AI-driven system with sweeping data inputs risks mistakes that could touch the lives of lawful residents and even U.S. citizens.

Keep reading