Tag: privacy

Florida Attorney Sues Roku Over Failure to Implement Age Verification, Privacy Concerns

Florida’s attorney general has filed a lawsuit against Roku, drawing attention to the growing privacy risks tied to smart devices that quietly track user behavior.

The case, brought by Attorney General James Uthmeier under the Florida Digital Bill of Rights, accuses the streaming company of collecting and selling the personal data of children without consent while refusing to take reasonable steps to determine which users are minors.

We obtained a copy of the lawsuit for you here.

The lawsuit portrays Roku as a company that profits from extensive data collection inside homes, including data from children. According to the complaint, Roku “collected, sold and enabled reidentification of sensitive personal data, including viewing habits, voice recordings and other information from children, without authorization or meaningful notice to Florida families.”

It continues, “Roku knows that some of its users are children but has consciously decided not to implement industry-standard user profiles to identify which of its users are children.”

Another passage states, “Roku buries its head in the sand so that it can continue processing and selling children’s valuable personal and sensitive data.”

The growing push for digital ID–based age verification is being framed as a way to protect children online, but privacy advocates warn it would do the opposite.

Keep reading

Microsoft OneDrive Limits How Often Users Can Restrict Facial Recognition Setting

Microsoft is quietly testing a new facial-recognition feature in OneDrive that automatically sorts photos based on who appears in them.

The experimental version is being rolled out to some early-access users, and it turns on by default while placing strict limits on how often it can be disabled.

Those with access will see a new privacy notice in the app stating: “OneDrive uses AI to recognize faces in your photos.”

Microsoft’s support page, which still labels the option as “coming soon,” explains that “Microsoft collects, uses, and stores facial scans and biometric information from your photos through the OneDrive app for facial grouping technologies.”

The company says this is intended to “help you quickly and easily organize photos of friends and family.”

Microsoft insists that the face groupings remain private even when users share albums. It also claims that “Microsoft does not use any of your facial scans and biometric information to train or improve the AI model overall.”

When asked why the system is enabled by default instead of requiring consent first, a company spokesperson told Slashdot that “Microsoft OneDrive inherits privacy features and settings from Microsoft 365 and SharePoint, where applicable.”

Keep reading

Australia Advances National Facial Recognition Network Despite Privacy Concerns

Australia is moving forward with a national facial recognition network that will link millions of citizens’ identity documents, despite ongoing uncertainty about privacy safeguards.

The National Driver Licence Facial Recognition Solution (NDLFRS) will merge biometric data from driver’s licenses and passports so that both government departments and private businesses can verify individuals’ identities.

The proposal dates back eight years but has recently accelerated. The Digital Transformation Agency confirmed that the Department of Home Affairs will host the system, while each state and territory will continue to manage its own data.

The agency stated that the project aims “to protect Australian people from identity theft, to manage and prevent crime, to increase road safety and to improve identity verification.”

It also noted that “Tasmania, Victoria and South Australia have provided data to the NDLFRS, with other states and territories to follow.”

Although the initiative remains marked as “unendorsed,” the government is preparing to activate key components.

The Attorney-General’s Department has announced that the accompanying Face Verification Service (FVS), which checks whether a person’s facial image matches the photo held in official records, is expected to begin operation in 2025.

Keep reading

Canada Bill Sponsor Says Age Verification, Blocking Powers, Could Apply to Any Site, Even Social Media

A new Canadian Senate proposal on age verification has raised serious questions about the future of free expression and online access.

The bill’s sponsor has confirmed that the government would have the authority to decide which websites fall under its control, including platforms that have nothing to do with pornography.

Senator Julie Miville-Dechêne, who introduced Bill S-209, told a Senate committee that enforcement would ultimately be at the discretion of the federal government. “The government will decide on the scope, so the government could decide to include social media like X in its choices,” she said.

That statement cuts to the core of the controversy. The Protecting Young Persons from Exposure to Pornography Act was introduced as a measure aimed at sites that make adult content available for commercial purposes.

Yet, according to its sponsor, the government could extend it to any platform where some form of explicit content can be found, even if it is incidental or user-generated.

Bill S-209 completed its second reading in the Senate on June 12, 2025, and is now under committee review, which last met on October 9.

If passed, it would empower the government to impose mandatory age ID verification requirements across a wide range of online services. Those who fail to comply could face court-ordered blocking by Canadian internet service providers.

Although the proposal is framed as protecting minors, its broad wording leaves the door open for the government to demand compliance from social media companies, search engines, or discussion forums where adult material may appear in isolated cases.

Under Section 12, the Cabinet is granted full regulatory authority to determine which sites are covered and to set the rules for verification technologies.

Keep reading

Texas Is Sued Over Digital ID Age Verification Bill

A major technology association is suing the State of Texas over a new law that threatens both privacy and free expression.

The Computer & Communications Industry Association (CCIA) has filed a federal lawsuit challenging Senate Bill 2420, which is set to take effect on January 1, 2026.

We obtained a copy of the lawsuit for you here.

The group argues that the law forces both app stores and developers to impose invasive ID age checks, obtain parental consent, and label content in state-approved ways that violate the First Amendment.

Under SB 2420, anyone with an app store account would need to complete an age-verification process before downloading or updating applications.

If an app store determines that a user is under 18, that user would be blocked from downloading most apps or making in-app purchases unless a parent gives consent and assumes control of the account.

Minors who cannot link their profiles to a parent or guardian would lose access to app store content entirely.

App developers would also face new rules.

They must classify their apps into multiple age categories and provide written explanations for each rating. Every update, feature addition, or design change would require written notice to the app store.

CCIA says these mandates compel developers to describe their products in ways dictated by the state and pressure companies to collect personal data that users should not have to disclose.

Keep reading

California Court Blocks Trump Admin’s Access to SNAP Recipients’ Data

A San Francisco district court temporarily blocked the U.S. Department of Agriculture (USDA) on Oct. 15 from accessing information about food stamp recipients in several states.

California Attorney General Rob Bonta filed a lawsuit jointly with 20 other states against the USDA in July, alleging the agency violated several federal laws and the U.S. Constitution by asking for detailed information about Supplemental Nutrition Assistance Program (SNAP) recipients.

“The Trump Administration can try all it wants to strong arm states into illegally handing over data, but we know the rule of law is on our side,” Bonta said in a statement.

“We will continue to vigorously litigate this lawsuit and defend our communities, protect privacy, and ensure that remains a tool for fighting hunger—not a weapon for political targeting.”

The USDA has threatened to cut off some federal funding to states that don’t hand over SNAP data.

California receives more than $1 billion a year to administer the program.

Keep reading

How the Military Exposed the Tools That Let Authorities Break Into Phones

Immigration and Customs Enforcement (ICE) really doesn’t want the public to know what it’s doing with Cellebrite devices, a company that helps law enforcement break into a locked phone. When it announced an $11 million contract with Cellebrite last month, ICE completely redacted the justification for the purchase.

The U.S. Marine Corps has now done the opposite. It published a justification to a public contracting platform, apparently by mistake, for a no-bid contract to continue putting Cellebrite’s UFED/InsEYEts system in the hands of military police. The document is marked “controlled unclassified information” with clear instructions not to distribute it publicly. UFED/InsEYEts “includes capabilities exclusive to Cellebrite and not available from any other company or vendor,” the document claims, before going on to list specific capabilities for breaking into specific devices.

Reason is posting the document below, with phone numbers redacted.

Keep reading

Canada’s Privacy Watchdog Not Consulted on Bill C-8, Enabling Secret Internet & Phone Shutdowns

Legislation that would allow federal ministers to secretly order telecom providers to cut off a Canadian’s phone or internet access is advancing without any input from the country’s top privacy authority.

Privacy Commissioner Philippe Dufresne told a Commons committee that his office was never asked to review Bill C-8 before it was introduced.

The bill would authorize the cabinet to compel telecom companies to block services to individuals considered a security threat, without needing a judge’s approval or any public disclosure.

“The issue never came up,” Dufresne said during testimony before the House of Commons ethics committee. He confirmed, “We are not consulted on specific pieces of legislation before they are tabled.”

Bill C-8 would allow the federal cabinet to direct a telecom provider to deny all services to a specific person, based solely on the government’s assessment of a threat. No warrant would be required. No independent body would be tasked with reviewing the decision.

Conservative MP Michael Barrett raised an alarm over what he described as a dangerous overreach. He said the bill would allow the government to quietly seize control of individuals’ communications, with no transparency and no legal checks.

“Without meaningful limits, bills like C-8 can hand the government secret powers over Canadians’ communications,” said Barrett. “It’s a serious setback for privacy and for democracy.”

He pressed Dufresne on whether Parliament should be required to conduct privacy assessments before passing legislation with such broad surveillance potential.

“Isn’t Parliament simply being asked to grant sweeping powers of surveillance to the government without a formal review?” Barrett asked.

Dufresne responded, “It’s not a legal obligation under the Privacy Act.”

While acknowledging the importance of national security, Dufresne warned that such measures must not override core privacy protections. “We need to make sure that by protecting national security, we are not doing so at the expense of privacy,” he said.

A previous version of the idea, Bill C-26, failed in an earlier Parliament after concerns over its civil liberties implications.

Keep reading

Supreme Court Won’t Hear Project Veritas Challenge to State Law Blocking Secret Recording

The Supreme Court has decided against hearing an investigative journalism organization’s First Amendment-based challenge to a decades-old Oregon law prohibiting most secret recordings of oral conversations.

Undercover journalism group Project Veritas had argued that the state’s conversational privacy statute violated the First Amendment. The U.S. Court of Appeals for the Ninth Circuit ruled 9–2 in January that the law did not violate the group’s free speech rights.

The Supreme Court dismissed the petition in Project Veritas v. Vasquez without comment in an unsigned order on Oct. 6. No justices dissented.

The respondents were sued in their official capacities. One is Nathan Vasquez, district attorney for Multnomah County, Oregon; the other is Dan Rayfield, attorney general of Oregon.

In its April 7 petition, Project Veritas described Oregon’s audio recording law as “a national outlier” because it requires that “anyone in almost any conversation [be informed] that their words are being recorded.”

This requirement “severely hampers modern investigative journalism” and undermines the First Amendment “by effectively prohibiting the use of today’s most powerful reporting tools—discreet audio recordings,” the petition states.

Keep reading

Roughly 70,000 Government ID Photos Potentially Stolen in Discord Hack

Government ID photos of around 70,000 Discord users, collected for age verification purposes, may have been stolen in a hack, the company said in an Oct. 9 update. Discord is a group chat app used largely by programmers and gamers.

Initially announced on Oct. 3, the data breach occurred on the systems of third-party vendor 5CA, which Discord uses for customer support efforts. The malicious actor aimed to extort a financial ransom from Discord, the company stated.

According to Discord, the unauthorized party “gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”

“No messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents,” the company said.

“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.”

Age-related appeals refer to instances when users were locked out of the app due to being reported as underage and then had to submit photo IDs to verify their age and unlock their accounts.

Keep reading