Tag: mass surveillance

Xbox Now Wants Your Face to Let You Play Games You Already Own in Singapore

Singapore gamers who bought and downloaded Xbox titles years ago are now being told they need to prove they’re adults before they can keep playing them.

Microsoft has started rolling out identity verification requirements across its Xbox and Microsoft Store platforms in Singapore, demanding face scans, government ID uploads, or authentication through the country’s national digital identity system, Singpass.

The price of accessing games you already own is now a biometric selfie or a copy of your passport.

The trigger is Singapore’s Online Safety Code of Practice for App Distribution Services, a regulation from the Infocomm Media Development Authority (IMDA) that took effect on April 1, 2026.

The rule requires app stores to prevent anyone estimated to be under 18 from downloading apps rated for adults, including dating services and content with sexual material. Five storefronts are covered: Apple’s App Store, Google Play, Samsung Galaxy Store, Huawei AppGallery, and Microsoft Store (which includes Xbox).

Each company has chosen its own methods for compliance. The methods vary, but they all share one thing in common: they collect sensitive personal data that didn’t exist in the platform’s records before this regulation.

Microsoft announced its approach on March 17, 2026, framing the verification as optional, while making it mandatory for anyone who wants full access.

“Microsoft users in Singapore will have multiple options to complete age assurance for our stores, giving people flexibility while prioritising privacy,” the company wrote, listing those options as Singpass verification, “secure facial age estimation using a selfie,” or uploading “an official government ID such as a national ID, driver’s license, passport, or residence permit.”

The company describes this as a one-time process. What it doesn’t describe is who processes the data, how long it exists in transit, or what happens if the system holding it gets breached.

Discord learned this lesson last year when its own partner leaked user data. The company that promises to delete your face scan still has to receive it first.

Singapore residents have started receiving emails from Xbox notifying them about the verification requirement, prompting confusion and concern.

Keep reading

UK Southport Inquiry Pushes Mass Surveillance and VPN Restrictions

On July 29 2024, a teenager walked into a children’s Taylor Swift-themed dance class in Southport, England, and murdered three young girls with a knife. He injured ten others.

It was, by any measure, one of the most horrifying attacks on British soil in recent memory, and what followed should have been a reckoning with the catastrophic state failures that let it happen.

Instead, the British government looked at the smoldering aftermath and decided the real enemy was the internet, and the solution just so happens to be the mass surveillance censorship proposals the government is already working on.

After the attack, outrage on social media turned to protests. Protests became riots. And the state’s response landed with a speed and ferocity that it had never managed to direct at, say, the agencies that let a known danger walk free for years.

A former childcarer named Lucy Connolly was jailed for 31 months for a single post on X. That is three months longer than the sentence given to a man who physically attacked a mosque during the same period of unrest.

The UK was already a country where arrests for “offensive” social media posts had nearly doubled in seven years, climbing from 5,502 in 2017 to 12,183 in 2023. The overall conviction rate for those arrests was falling at the same time. Police were locking people up for what they typed at a rate that was going up, while the number of convictions that actually stuck was going down.

The Southport riots became the accelerant. A House of Commons Home Affairs Committee report used the unrest to call for a “new national system for policing” with enhanced capabilities to surveil social media activity, framing public anger as a problem of online “misinformation” rather than a consequence of the state’s own failures.

The state was dodging accountability by demanding censorship and surveillance and blaming the internet for unrest.

Keep reading

FISA Section 702 Extension Faces House Vote With No Privacy Reforms

Section 702 of the Foreign Intelligence Surveillance Act expires in days.

The bipartisan push to extend it without a single privacy reform is now accelerating, with House Speaker Mike Johnson, Senate Judiciary Committee Chairman Chuck Grassley, and President Trump all lining up behind an 18-month renewal that preserves the government’s ability to search Americans’ communications without a warrant.

The House Rules Committee met to consider H.R. 8035, the bill that would keep Section 702 alive through late 2027.

Johnson has refused to allow amendments, telling reporters that adding reforms would threaten the bill’s passage. That position blocks the one change that privacy-focused lawmakers in both parties have spent years fighting for: a requirement that the FBI get a judge’s approval before searching a database of Americans’ phone calls, emails, and text messages that were collected without individual court orders.

Trump posted on Truth Social today, calling on Republicans to “get a clean extension of FISA 702 through the House of Representatives this week.” He wrote, “I am asking Republicans to UNIFY and vote together on the test vote to bring a clean Bill to the floor. We need to stick together when this Bill comes before the House Rules Committee today to keep it CLEAN!”

The president, who told lawmakers to “KILL FISA” during the 2024 reauthorization debate, wrote in a March Truth Social post that “whether you like FISA or not, it is extremely important to our Military.”

Grassley announced his support for the clean extension this morning after the Department of Justice agreed to revise rules governing congressional oversight of the Foreign Intelligence Surveillance Court.

The DOJ committed to rolling back a Biden-era policy from November 2024 that had restricted how members of Congress could attend and observe FISC and FISCR proceedings, including banning note-taking and allowing the DOJ to exclude lawmakers from certain sessions.

Those restrictions directly contradicted the Reforming Intelligence and Securing America Act (RISAA), which Congress passed in April 2024 and which explicitly required congressional access to the surveillance courts.

“I applaud DOJ for lifting its restrictions on congressional oversight of FISC and FISCR proceedings. With Congress’s access fully restored, the Trump administration has faithfully implemented the reforms Congress called for in its last FISA reauthorization and proven its commitment to transparency and the protection of civil liberties,” Grassley said.

“Section 702 is one of our nation’s most valuable national security tools. Especially given the current threat environment, it’s imperative Congress doesn’t allow this critical authority to lapse. We must ensure American lives aren’t put at risk by a potential Section 702 expiration on April 20. The best path forward is for the House to pass a clean, 18-month FISA extension.”

The DOJ agreed to stop excluding members of Congress from surveillance court proceedings, stop banning note-taking, and stop preventing lawmakers from sharing information with appropriately cleared colleagues. These were things Congress already required by law.

The DOJ was violating its own statute, got caught, and agreed to comply. Grassley is treating compliance with existing law as a reason to skip reforms that would protect 330 million Americans from warrantless searches of their private communications.

Nothing about the DOJ’s procedural fix addresses the core problem with Section 702: the FBI routinely searches a massive database of communications collected under the program to find and read Americans’ emails, texts, and phone calls, all without getting a warrant.

The FISA Court itself called the FBI’s compliance problems “persistent and widespread” in 2022. FBI queries targeting Americans’ data rose 35% in 2025, according to the latest transparency report from the Office of the Director of National Intelligence.

The agency asking Congress for more time is the same one running more warrantless searches than ever.

Keep reading

Trump Reverses Himself, Joins Obama and Biden in Demanding “Clean” Renewal of NSA Domestic Spying Powers

In August 2013 — in the wake of our Snowden reporting, which revealed the NSA’s mass warrantless domestic spying on Americans — an extraordinary bipartisan bill emerged. Jointly sponsored by one of the most liberal House members (Michigan Democrat John Conyers) and one of his most libertarian-conservative counterparts (Michigan Republican Justin Amash), the bill would have reined in the NSA’s domestic spying powers by imposing serious limits on how such powers can be exercised when aimed at American citizens.

When the Conyers-Amash bill was first introduced, “Official Washington” did not take it seriously. But the Snowden revelations were causing serious public anger about NSA spying, and many members of Congress shared that anger because they were not told that the NSA had implemented a system of mass warrantless surveillance aimed, in part, at Americans. As a result, support for the bill quickly picked up bipartisan steam, seemingly heading toward certain passage — until Barack Obama called Nancy Pelosi.

Despite running for President as a constitutional law professor who vowed to end the civil liberties abuses of the War on Terror, Obama had become an enthusiastic supporter — and user — of the NSA’s domestic spying system. He thus instructed then-Speaker Nancy Pelosi to whip enough Democratic House votes to kill the bill. She did as she was told, and the bill — which initially appeared on its way to approval — was defeated 205-217 (94 Republicans and 111 Democrats voted for the reform bill; 134 Republicans and 83 Democrats voted against it). Official Washington heralded Pelosi as the heroine who saved NSA warrantless spying on Americans.

It is hard to overstate how significant the passage of this bill would have been. It would have been the first time in two decades that the U.S. Congress limited rather than increased the domestic powers of the U.S. security state. The era of the Patriot Act would finally have been confronted, or at least diluted. But Obama and Pelosi joined hands with the likes of GOP pro-spying members such as Peter King, Michelle Bachmann, and Kristi Noem to block any limits on the NSA’s power to spy on Americans without warrants.

Now, Donald Trump is on the verge of doing what Obama and Pelosi did back then. Despite running in 2024 by vowing to “KILL FISA,” based on his (quite valid) claim that spying powers had been abused against him for political ends in the 2016 presidential campaign, Trump on Monday demanded that FISA be fully renewed: yet again, with no reforms, safeguards, or limits of any kind.

Congress this week, perhaps as early as Wednesday, will vote on a renewal of Section 702 of FISA, which grants the NSA the power to spy on certain communications of American citizens without a warrant. Although it appeared that there was bipartisan support for finally imposing some limits and safeguards in the wake of years of documented abuses, Trump’s demand on Tuesday — that all House Republicans unite to renew the spying powers with no limits — raises serious doubts about whether any reform is now possible.

Keep reading

Treasury Secretary Says Order on Citizenship Proof for Banking Is ‘in Process’

Treasury Secretary Scott Bessent on Monday confirmed that an executive order mandating banks to collect citizenship information on customers is underway.

“It’s in process. And I don’t think it’s unreasonable, because, why don’t we have information on who’s in our banking system?” he told Semafor in an April 13 interview, responding to whether the Trump administration was working on the banking order.

“I have a place in the UK; they want to know who lives in every apartment—and how do we know that it’s not part of a foreign terrorist organization?” he added.

At least one Republican lawmaker has asked the Trump administration to implement such an order, and The Wall Street Journal reported, citing anonymous sources, that banks could be tasked with requiring people to submit passports under the policy.

In a post issued on X in October 2025, Sen. Tom Cotton (R-Ark.) included a letter he sent to Bessent urging the secretary to carry out a “comprehensive review of current rules that allow illegal aliens to obtain financial services and access to the U.S. banking system.”

“Access to the American banking system is a privilege that should be reserved for those who respect our laws and sovereignty,” Cotton wrote in the letter. “When individuals are allowed to open accounts without verifying legal status, we are permitting illegal aliens to establish financial roots and integrate economically, all while bypassing the legal channels that millions use properly.”

Keep reading

Trump Pushes Skeptical House Republicans to Pass FISA Extension: ‘It Is Extremely Important to Our Military’

The Foreign Intelligence Surveillance Act and President Donald Trump do not have a happy history, but Trump is urging congressional Republicans to extend one part of the law Trump says was not the one misused during the Russiagate hoax.

Trump made a public plea on Truth Social to extend Section 702 of FISA.

As noted by Politico, Trump followed that up by calling Republicans opposed to extending the law that allows warrantless wiretaps of non-U.S. citizens for the next 18 months to the White House.

“I am asking Republicans to UNIFY, and vote together on the test vote to bring a clean Bill to the floor. We need to stick together when this Bill comes before the House Rules Committee today to keep it CLEAN!” Trump wrote earlier in his Truth Social post.

“I was a victim of the worst and most illegal abuse of FISA in our Nation’s History, by Radical Left Lunatics, who lied to the FISA Court to spy on my 2016 Presidential Campaign in their attempt to RIG the Election in favor of Crooked Hillary Clinton. Their use of this instrument in the 2020 Presidential Election was even worse! When the Dirty Cop, James Comey, the failed Head of the FBI, went after me, he was using FISA Title I, the Domestic Collection, not FISA 702, the Foreign Collection, which needs to be extended today,” Trump continued.

“While parts of FISA were illegally and unfortunately used against me in the Democrats’ disgraceful Witch Hunt and Attack in the RUSSIA, RUSSIA, RUSSIA Hoax, and perhaps would be used against me in the future, I am willing to risk that as a Citizen in order to do what is right for our Country,” he wrote.

Trump said that Section 702 is a tool the military needs.

Keep reading

New ATF Rule Should Dismantle Billion-Record Gun Registry

The Trump administration will soon release a rule dealing with ATF’s illegal registry. It will change the Biden-era requirement that gun dealers permanently keep all firearm transaction records. 

Ending the permanent retention of these records is could be a huge step in the right direction, since the Biden ATF’s entire plan was to use these forms to continue building their illegal gun registry.  

So how does GOA know this?  

Well in case you missed our video on it, the Trump administration’s proposed new director of the ATF, Robert Cekada, answered questions from Senators following his hearing.  

These “Questions for the Record” or QFRs, are questions that could not be asked during hearings because of time constraints. Nominees submit their answers creating a via a public legal record that is published before their confirmation vote.

These answers can be enlightening where a nominee stands on particularly complex issues.

Specifically, Senator Ted Cruz asked about ATF’s 920 million-record illegal registry and how many documents they’ve added in the 4-year gap since the ATF last updated those figures.  

In his response, Deputy Director Cekada said  

“Consistent with the President’s Executive Order on the Second Amendment, ATF is also undertaking a review of how long firearm transaction records should be maintained.” 

In another question from Senator Cruz, he asks what’s the point in maintaining infinite or even more than 10 years of records when the average national time to crime is less than 10 years, and there are few traces that use records older than 20 years. 

In Cekada’s response to this question, he says:  

“Further, in accordance with the President’s Executive Order, Protecting Second Amendment Rights, ATF has been working with the Department to conduct a thorough review of existing regulations to assess whether they infringe on Second Amendment rights. As part of this review, we are examining the law enforcement value of older firearm transaction records. The results of that review should be forthcoming shortly.”  “ 

Thanks to these public records, we KNOW the ATF is looking into ending the Biden era Rule that made all gun transaction records or ATF Form 4473s into permanent records. And this is “coming soon.”

Ending the Biden era rule is good news. Permanent record retention was a crucial step in the anti-gun lobby’s plan to build a complete registry of all guns and gun owners in the United States to be used eventually for confiscation.

But before the permanent record retention rule, Federal Firearms Licensees only needed to keep their records for 20 years; afterwards they could destroy them.

So right now, the ATF and FFLs nationwide have every single dealer sale record since 2002. That’s a pretty significant number of records, which the ATF is attempting to turn into a registry as you read this article.

There is no public information outside of Cekada’s responses to Senator Cruz about what the rule will look like. But, in light of this information, the GOA’s Legal and Federal Affairs teams have put together a proposal to the DOJ, ATF, and the Trump administration on what a “No Compromise” rule would look like.  

And don’t worry, we’re still lobbying Congress to delete the registry with Rep. Michael Cloud’s No REGISTRY Rights Act and some appropriations language that Rep. Andrew Clyde has been introducing the last couple of years.

And of course, we’re continuing our lawsuit against the Biden-era rule that made these records permanent. But there’s a path here for President Trump to really restore our Second Amendment rights and dismantle this registry.

Ideally, ATF’s record retention period should be zero years.

Keep reading

Mexico Speeds Up Biometric ID Rollout

Mexico’s government wants you to believe that handing over your fingerprints, iris scans, and facial data is voluntary. President Claudia Sheinbaum has said so publicly.

But by July 2026, every one of the country’s roughly 130 million mobile phone lines must be linked to a biometric national ID, and unregistered numbers get suspended on July 1.

Refuse the biometric credential and lose your phone.

The CURP Biométrica upgrades Mexico’s existing population registry code, the Clave Única de Registro de Población, from an 18-character alphanumeric string into something far more personal. The updated system captures face, fingerprint, and iris biometrics, packages them with a QR code and digital signature, and produces what amounts to a mobile-readable identity document tied to your body.

Registration happens at RENAPO and Civil Registry offices, where staff scan all ten fingerprints, both irises, take a facial photograph, and record a digital signature. You’ll need a valid photo ID, a certified CURP, and an original or certified birth certificate just to walk in.

The government has framed this primarily as a tool for addressing Mexico’s crisis of forced disappearances. The biometric data feeds into a Unified Identity Platform connecting the National Population Registry with the National Forensic Data Bank and records held by prosecutors and intelligence agencies, enabling real-time identity searches. That’s the stated purpose.

The actual system being built does considerably more than locate missing people. The legislation gives broad access to biometric and personal information to law enforcement, intelligence agencies, and the National Guard, and the law doesn’t require authorities to notify citizens when their data gets accessed. You won’t know who’s looking at your biometrics, or why, or how often.

Keep reading

UK’s New Pandemic Plan Would Turn Big Tech Into a Mass Location Tracking Network

Britain’s new £1 billion ($1.3m) pandemic strategy treats a future outbreak as a “certainty” and proposes building a contact tracing system that would feed on real-time location data harvested with the help of Silicon Valley’s biggest companies.

The plan, published by the Department of Health and Social Care, also calls for PPE stockpiles, new emergency legislation, and a biosecurity research hub in Essex.

But the centerpiece that deserves the most scrutiny is the contact tracing proposal, which would create a surveillance architecture designed to track the movements of millions of people, ready to switch on at a moment’s notice.

The UKHSA will run the new system, which the strategy document says will use “live location data” and artificial intelligence to provide “a more rapid, large-scale detection and alert system during pandemics.”

The agency plans to “explore options to work with ‘big tech’” to build it, with deployment targeted for 2030. The government is pre-building a location surveillance system in partnership with companies whose entire business model depends on harvesting as much personal data as possible.

The strategy doesn’t name which companies, what data-sharing agreements would look like, or what happens to your location history once the pandemic ends.

The UK government has already tracked its own citizens through their phones without telling them. A 2021 report by the Scientific Pandemic Influenza Group on Behaviors (SPI-B) revealed that government-funded researchers tracked one in ten people in Britain via their mobile phones in February of that year, without the users’ knowledge or permission.

Researchers used cell phone mobility data to select over 4,200 vaccinated individuals, then monitored them through 40 call data records with corresponding location observations. The data was used for behavioral analysis, tracking radius of movement on vaccination day, whether people visited businesses during opening hours, and whether they went straight home afterwards. None of this was made public at the time.

When the tracking came to light, a spokesperson for Big Brother Watch said citizens would be “disturbed to discover they were unwittingly tracked and subjected to behavioral analysis via their phones.”

“No one expects that by going to get a vaccine they will be tracked and monitored by their own Government,” the spokesperson said. “This is deeply chilling and could be extremely damaging to public trust in medical confidentiality. Between looming Covid passports and vaccine phone surveillance, this Government is turning Britain into a Big Brother state under the cover of Covid. This should be a wake up call to us all.”

The government’s defense was that the data was collected at cell tower level, not the individual level, and that it was “GDPR-compliant” data provided by a company that “collected, cleaned, and anonymized” it.

Keep reading

FC Barcelona Fined for Privacy Violations Over Biometric Data Collection

FC Barcelona got fined €500,000 ($579,219) for scanning the faces and recording the voices of over 100,000 members without doing the legal homework first.

Spain’s data protection authority, the AEPD, found the club had deployed biometric identity verification during a membership census update and processed all of it without a valid Data Protection Impact Assessment.

Members renewing their details remotely were required to either submit a facial scan through their device camera or record their voice. Both systems were live, both were processing biometric data at scale, and the documentation Barcelona produced to justify any of it didn’t meet the bar GDPR sets for high-risk processing.

Article 35 of the GDPR requires organizations to conduct a DPIA before deploying any system likely to create a high risk for individuals. Biometric data used for identification qualifies automatically.

Processing that touches more than 100,000 people, including minors, qualifies. Using new technologies qualifies. Barcelona’s system hit all three. The AEPD concluded the club’s documentation was missing the essential components of a genuine assessment: no real necessity and proportionality analysis, no adequate evaluation of what the processing actually risks for the people whose faces and voices it captured.

The AEPD’s decision in case PS-00450-2024 makes one point with particular clarity: consent doesn’t substitute for a DPIA. Barcelona had asked members to agree to biometric data collection, and members had agreed.

That agreement is legally irrelevant to the separate procedural obligation to assess risk before the system goes live. The GDPR treats them as independent requirements. Satisfying one doesn’t discharge the other.

What a valid DPIA actually requires, according to the decision, is a clear description of the processing, a genuine necessity and proportionality assessment, a detailed risk evaluation, proposed mitigation measures, and a residual risk assessment after mitigations are applied. Organizations that generate DPIA documentation as a compliance checkbox, without substantively working through those questions, remain exposed regardless of what consent language they put in front of users.

The appetite for facial biometric data has become near-universal across industries, and the Barcelona case lands in a moment when that appetite is accelerating faster than the rules meant to govern it.

Keep reading