Tag: mass surveillance

More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints

An EFF analysis of millions of searches of Flock Safety automated license plate reader (ALPR) data by police has uncovered a troubling pattern: in the absence of a warrant requirement to search ALPR databases, law enforcement agencies have moved beyond specific investigations to use these surveillance networks for virtually any whim.

Our findings suggest that the absence of a warrant requirement has fostered a culture of unrestricted access to sensitive location data, allowing agencies to leverage that data beyond the scope of specific criminal investigations.

As a refresher: Law enforcement agencies lease or purchase camera systems from Flock Safety and then mount them by the side of the road and at intersections to document every vehicle that passes, including the plate, make, model, color and distinguishing characteristics, along with the date, time and location of where it was seen.

Law enforcement’s talking points—often scripted by the company itself—trumpet their role in solving high-stakes crimes. But the data reveals a different story. What they’re not saying is that ALPRs are also frequently used for extremely low-level investigations, such as verifying whether a student lives within a particular school zone. In some cases, police have even used this tech to conduct employment background checks and investigations into loud music complaints. Recently, a motorcyclist was even targeted for simply holding a cell phone while riding.

The reach of this ALPR surveillance is amplified by the nature of the indiscriminate sharing these technologies encourage. Most agencies choose to share broadly, often as part of a nationwide pool, making it common for a single city’s system to be searched hundreds of thousands of times each month. By analyzing these “network audit logs,” privacy advocates and journalists have uncovered evidence of the technology being used to surveil protestersabortion-seekersimmigrants, and even ethnic Roma populations.

While these high-profile abuses are shocking, the more mundane uses are also problematic, signaling a massive, unchecked mission creep that has turned an alleged “crime-fighting” tool into a universal tracker of everyone’s movements.

Keep reading

Canada Moves to Destroy Encryption – Demands Backdoor Access to ALL Available Data

Canada is walking into extremely dangerous territory and most people do not understand the implications because governments always package surveillance laws as “public safety.” That is how this begins every single time historically. They sell fear first, then quietly expand state power behind the scenes while claiming only criminals should worry.

Now even Apple, Google, Meta, Signal, privacy experts, cybersecurity professionals, and members of the U.S. Congress are warning that Canada’s Bill C-22 could force technology companies to weaken encryption and build government access mechanisms directly into their systems.

People need to understand what encryption actually is. Encryption is not some toy used only by criminals. Encryption protects bank accounts, corporate systems, private medical data, government communications, journalists, dissidents, businesses, lawyers, and ordinary citizens. Every time you use secure banking, send a private message, or protect sensitive data online, encryption is standing between you and cybercriminals.

The government always frames these laws as targeting terrorists, child exploitation, organized crime, or national security threats. But the mechanism itself never stays limited. Once governments establish the legal right to force “lawful access” into encrypted systems, the infrastructure for surveillance already exists. The temptation to expand those powers becomes overwhelming.

Apple warned directly that Bill C-22 could allow Canada to “force companies to break encryption by inserting backdoors into their products.” Meta warned the bill could require companies to “break, weaken, or circumvent encryption” and potentially install government spyware capabilities directly into systems. Signal reportedly stated it would rather leave Canada entirely than compromise its encryption promises.

Keep reading

California’s New Age-Verification Bill Frees Linux But Expands Age Tracking to the Open Web

California Assembly Bill 1856 is getting friendly press coverage because it now exempts Linux from the state’s age-tracking mandate. The part nobody’s talking about is that it simultaneously expands the surveillance to your web browser.

AB 1856, authored by the same lawmaker who wrote the original Digital Age Assurance Act, amends the law to exclude open-source operating systems from its definition of “operating system provider.”

Any software distributed under a license that lets users “copy, redistribute, and modify the software” would no longer be covered. Debian, Ubuntu, Fedora, Arch Linux, and Mint all walk free. That sounds like a win and tech outlets are reporting it as one. It’s also a distraction from what the bill adds.

The original law, AB 1043, required operating systems to harvest users’ ages during device setup and feed that data to app stores and app developers through a real-time API.

AB 1856 keeps all of that and extends the data pipeline to browser providers and website operators. Browsers would now be required to collect age signal data from the OS and pass it along to any website subject to online age verification laws.

We obtained a copy of the amended bill for you here.

Those websites, in turn, would have to request the age signal when you visit them. Your age bracket, declared once during OS setup, would follow you from app to app and now from site to site, broadcast to every developer and website operator who asks.

This is how a law originally limited to apps and app stores becomes an age-tracking system for the entire internet.

The Expanding Universe of “Covered” Websites

The category of websites subject to age verification laws started narrow as the earliest mandates targeted pornography sites. It has since expanded to social media platforms and a growing list of sites legislators consider likely to “harm” children in loosely defined ways. That list keeps getting longer and AB 1856 doesn’t define its own boundary. It piggybacks on whatever other laws exist, meaning every future expansion of age verification requirements automatically expands the reach of AB 1856’s browser-based data pipeline, too.

California has actually built an age-tracking infrastructure that scales itself.

Keep reading

DNI Gabbard presses to declassify secret but critical court opinion during FISA renewal debate

Director of National Intelligence Tulsi Gabbard is pushing to declassify a secret Foreign Intelligence Surveillance Court opinion expected to reveal major compliance failures in the government’s use of Section 702 surveillance powers, Just the News has learned.

The effort comes as Congress is debating whether to renew Section 702 of the Foreign Intelligence Surveillance Act, which permits the government to collect communications of foreign targets located abroad.

Civil liberties advocates and constitutional scholars have long argued the program also sweeps in large volumes of Americans’ communications without warrants, creating what critics describe as a loophole around Fourth Amendment protections.

At the center of the controversy is the government’s ability to conduct so-called backdoor searches, in which analysts query databases containing incidentally collected American communications. 

The pending court opinion is expected to detail concerns over how federal agencies have managed queries of Section 702 databases and whether internal guardrails designed to prevent abuse were circumvented, according to a senior intelligence official.

The Justice Department reportedly discovered in 2024 that the FBI had used a filtering mechanism that enabled personnel to query Section 702 data without fully complying with oversight requirements established under the Reforming Intelligence and Securing America Act. 

Investigators reportedly found the system lacked adequate counting, tracking, and approval procedures that are required under the law.

Although officials said the specific tool was later shut down, the still-classified court opinion reportedly indicates that similar tools may continue to exist elsewhere within the intelligence community, including at the National Security Agency and the Central Intelligence Agency.

Gabbard announced Friday she is stepping down June 30 to spend more time with her husband, Abraham, who was recently diagnosed with bone cancer.

Keep reading

South Carolina’s New Social Media Law Puts Every User Under Age Surveillance

South Carolina Governor Henry McMaster signed H.B. 4591 on May 19, turning the Stop Harm from Addictive Social Media Act into a law that will reshape how every resident of the state uses major social media platforms.

The bill passed with almost no opposition, clearing the House 115-0 and the Senate 42-1. It takes effect January 1, 2027, and it brings with it a surveillance apparatus aimed at all users.

We obtained a copy of the bill for you here.

The law, sponsored by Rep. Brandon Guffey (R-York), requires covered platforms to repeatedly estimate and verify the age of every South Carolina account holder.

The stated goal is child protection. The way it claims to do that is continuous behavioral analysis of anyone who spends enough time on a platform, combined with escalating confidence thresholds and penalties of ten thousand dollars per violation if platforms get it wrong.

Here’s how the age estimation system works. Once an account holder hits 25 cumulative hours on a platform within six months (the “first trigger date”), the platform has 14 days to estimate whether that person is over 15, with 80% confidence.

At 50 hours (the “second trigger date”), the confidence requirement jumps to 90%. After that, the platform must update its estimate every 100 hours of use, or whenever it runs data analytics on the user for any other reason, whichever comes sooner.

That last clause is easy to miss and it means any time a platform runs its profiling algorithms on you for ad targeting, content recommendations, or anything else, it also has to re-evaluate your estimated age. The law essentially piggybacks mandatory age surveillance onto whatever commercial surveillance platforms already conduct, expanding the scope of both.

Because platforms face significant liability if they can’t meet these confidence thresholds, the law creates powerful incentives to harvest far more sensitive data about users than they do today, including about minors.

A platform that guesses wrong faces $10,000 per violation. A platform that overinvests in behavioral profiling to avoid those fines faces no penalty at all. The incentive structure points in one direction.

The bill claims it “does not create any duty on the part of a covered social media platform to request, collect, or retain any information from or about any account holder” and that age estimates must be “derived based on information collected and retained by the covered social media platform in the ordinary course of operation.”

This is the bill’s central fiction. Platforms that can’t achieve 80% or 90% confidence from existing data will need to collect more data, or face financial ruin from accumulated violations. The law doesn’t mandate new data collection in the same way that holding a knife to your wallet doesn’t mandate you hand over cash.

For users classified as children (under 16), the restrictions are extensive. Accounts require verifiable parental consent, with privacy settings locked to the most restrictive levels by default.

Platforms cannot show children profile-based feeds, profile-based advertising, or any “addictive interface features,” a category that includes infinite scrolling, auto-play video, push notifications, and display of personal metrics like reaction counts.

Keep reading

Canada’s Military Punished Whistleblowers Who Flagged Illegal COVID Speech Monitoring

The Canadian Armed Forces reprimanded soldiers who warned that an order to spy on citizens during COVID-19 could violate intelligence-gathering rules. The soldiers were right. The military punished them anyway.

Internal records and emails obtained by CBC News show that on March 11, 2020, a team called Joint Operational Effects (JOE) was ordered to create anonymous social media accounts and scour the internet for information about Canadians.

Under the direction of Col. Chris Henderson, the team produced dozens of reports between March 19 and June 5, tracking what the federal Conservative, NDP, and Bloc Québécois parties were saying about the pandemic.

The Canadian military was monitoring opposition political parties using anonymous accounts created specifically for surveillance.

At least two JOE team members pushed back. They emailed their chain of command, warning that creating anonymous accounts without authorization, while working from home on personal computers, could breach intelligence directives.

One soldier wrote to Maj. John Zwicewicz on March 12, 2020: “Given the sensitivity around social media and military use I have concerns about this.”

They added: “My concern is that by creating these accounts without following proper procedure would come close to, or cross the line set out in the policy.” Another asked to go into the office because they felt it “represented a serious risk” to do the work at home.

Zwicewicz claimed a legal adviser had approved the activities and ordered the group to “cease barrack room lawyering” and get back to work. The team was formally reprimanded more than a week after raising concerns. A source told CBC News that within months, some members quit or were medically released.

The people who raised alarms about potentially illegal surveillance of Canadian citizens got punished. The people who ordered the surveillance kept their positions.

Keep reading

Open Records Laws Reveal ALPRs’ Sprawling Surveillance. Now States Want to Block What the Public Sees.

Reporters, community advocates, EFF, and others have used public records laws to reveal and counteract abuse, misuse, and fraudulent narratives around how law enforcement agencies across the country use and share data collected by automated license plate readers (ALPRs). EFF is alarmed by recent laws in several states that have blocked public access to data collected by ALPRs, including, in some cases, information derived from ALPR data. We do not support pending bills in Arizona and Connecticut that would block the public oversight capabilities that ALPR information offers.

Every state has laws granting members of the public the right to obtain records from state and local governments. These are often called “freedom of information acts” (FOIAs) or “public records acts” (PRAs). They are a powerful check by the people on their government, and EFF frequently advocates for robust public access and uses the laws to scrutinize government surveillance

But lawmakers across the country, often in response to public scrutiny of police ALPRs, are introducing or enacting measures aimed at excluding broad swaths of ALPR information from disclosure under these public records laws. This could include whole categories of important information: general information about the extent of law enforcement use; details on ALPR sharing across policing agencies; data on the number of license plate scans conducted, where they happened, and how many “hits” for license plates of interest actually occur; analyses on how many false matches or other errors occur; and images taken of individuals’ own vehicles. 

No thanks. Public records and public scrutiny of ALPR programs have shown that people are harmed by these systems and that retained ALPR data violates people’s privacy. In this moment, lawmakers should not be completely cutting off access to public records that document the abuses perpetuated by ALPRs.

Keep reading

ICE Agents Have List of 20 Million People on Their iPhones Thanks to Palantir

Immigration and Customs Enforcement’s (ICE) use of Palantir systems now means agency officials effectively have a list of 20 million people readily accessible on their iPhones, increasing the speed at which ICE can find houses to raid and people to arrest, according to comments made by a senior ICE official last week during a border security conference.

While ICE and the Department of Homeland Security (DHS) generally won’t answer questions from journalists about how the agency is using Palantir’s technology, senior officials were much more talkative during the Border Security Expo which took place in Phoenix, Arizona, last week. 404 Media spoke to four people who attended the conference. Here companies looking to sell their technology to ICE or other agencies gathered for two days of speeches, Q&As, and product pitches.

The officials’ comments may need to be taken with a pinch of salt, but still reflect ICE’s position that Palantir is allowing the agency to identify people to arrest and locations to raid faster. Although the Trump administration has attempted to step back from its mass deportation rhetoric and city wide raids, especially in the wake of killing multiple people, ICE continues to violently and wrongfully detain peopleData from April showed that 70.8 percent, or 42,722, of people held in ICE detention have no criminal conviction.

The four people who attended the Border Security Expo saw Matthew Elliston, assistant director of Law Enforcement Systems & Analysis at ICE, and other DHS officials speak.

At one point, Elliston made the comment about ICE agents having 20 million targets, or potential people to detain, on their iPhones. This list can lead ICE agents to an individual and a house; they can then see if another target might be next door. This target may be a lower priority, but ICE can now use that information to arrest more people.

At another point, Elliston said that Palantir’s technology has increased ICE’s rate of successfully locating a target from around 27 percent to just under 80 percent.

Keep reading

Fox News Crew Snared by China’s Massive Surveillance System While Covering Trump Visit: ‘They See Everything’

George Orwell’s “Big Brother” is alive and well in Communist China, and Fox News host Bret Baier’s crew got an up-close experience with it on Wednesday during President Donald Trump’s visit to Beijing.

“Big Brother is watching. There are literally cameras everywhere … I can count at least 20 on this corner. In fact, in Beijing, they’ve added 1,500 cameras just this year alone. They see everything,” Baier said during a segment about China’s surveillance system.

“There’s nobody jaywalking here, because they could get a ticket right away,” he continued.

“In fact, our driver parked illegally for two minutes, and he got a message on his phone that he got a ticket for about $40 US, because they saw it,” the Fox News anchor recounted.

Baier concluded, “Now, there are real questions what the CCP’s goal is about citizen tracking and social scoring. They say it’s to make everybody feel safe. These cameras are watching every minute. They’re everywhere.”

Keep reading

Amid UK Turmoil, Push For Digital ID and Cellphone Surveillance Continues

The floundering left-wing Labour Party government in Britain appears intent on imposing as much authoritarianism as possible on the public while it still remains in power, with Prime Minister Sir Keir Starmer using the King’s Speech on Wednesday to confirm plans to introduce a Digital ID system while plans for deep surveillance of private digital devices are revealed.

When in doubt, break glass for more Blairism appears to be the order of the day. Fighting for his political life following a disastrous performance in last week’s local elections, Prime Minister Starmer has not only turned to major figures from the previous Labour government, tapping Blairite veterans former PM Gordon Brown and Deputy leader Harriet Harman to come on board as advisors, he now seems intent on fulfilling his predecessor’s unfulfilled aims, introducing a Digital ID.

Although the Brown government began to introduce such a system, it was eventually scrapped following the 2010 general election, which the Conservative Party made a referendum on the idea. While long classified as fundamentally un-British — with the UK abandoning national identity cards following the Second World War in contrast to many other European nations — the project of a Digital ID has remained a key goal of the scheme’s architect, Former PM Tony Blair, who remains a key power broker in the background of the Labour Party.

On Wednesday, amid ongoing rumours of potential leadership challenges, Starmer’s government outlined its plans for the upcoming parliament in the King’s Speech, in which the Monarch reads a list of priorities written for him by Downing Street.

“My Ministers will also proceed with the introduction of Digital ID that will modernise how citizens interact with public services [Digital Access to Services Bill],” King Charles III told the State Opening of Parliament.

The government has previously pitched the concept as a cure-all for illegal immigration, saying it could be used to ensure that anyone seeking a job or renting a flat has their citizenship or immigration status instantly verified. Other potential uses put forward include accessing government services and collecting health records.

However, opponents have long raised concerns about Digital IDs, particularly regarding privacy and creeping state intervention. The British government has not showered itself in glory in recent years in terms of keeping digital secrets safe, with it recently accidentally leaking a list of thousands of spies, soldiers, and allies on the ground in Afghanistan to the Taliban, undercutting the notion that it would protect the much less sensitive data of average Britons.

Keep reading