Tag: privacy

Global Cybercrime Treaty Draws Criticism from Rights Groups and Tech Companies Over Surveillance Fears

Sixty-five countries, including the United States and Canada, have signed a United Nations treaty on cybercrime that threatens privacy, online research, and free expression.

The agreement, known as the UN Convention against Cybercrime, was signed in Hanoi and will take effect once 40 member states have ratified it.

Each country must complete its own ratification process. In the United States, a two-thirds Senate vote is required for approval.

The UN Secretary-General António Guterres described the treaty as an essential step in combating cybercrime, saying that “cyberspace has become fertile ground for criminals…every day, sophisticated scams defraud families, steal livelihoods, and drain billions of dollars from our economies.”

He called the Convention “a powerful, legally binding instrument to strengthen our collective defenses against cybercrime” and insisted it “cannot be used for any forms of surveillance or others that could be linked to violations of human rights.”

The UN Office on Drugs and Crime (UNODC), which directed negotiations, has argued that the treaty includes protections for human rights and legitimate research.

But organizations such as Human Rights Watch (HRW) and the Electronic Frontier Foundation (EFF) disagree.

Before the signing, both groups urged governments not to endorse the treaty, warning that its vague definitions could allow governments to monitor citizens, prosecute security researchers, and suppress political speech.

Technology companies have also raised concerns. The Cybersecurity Tech Accord, whose members include Meta and Microsoft, described the treaty as a “surveillance treaty” that could promote government data sharing and criminalize ethical hacking.

Keep reading

Are Your Identification Photos in a Face Recognition Database?

A majority of Americans are in face recognition databases in use by the U.S. government. Are you one of them? The Electronic Frontier Foundation (EFF) has launched a new quiz called “Who Has Your Face” to help you find out.

“Your driver’s license picture and other ID photos are often shared with law enforcement and other agencies like Immigration and Customs Enforcement (ICE),” said EFF Digital Strategist Jason Kelley. “Those agencies use facial recognition technology to compare your face with those in mugshots and with other photos of people suspected of committing crimes—putting you at risk of being misidentified. So we created this quiz to help show people what we know about who has their face.”

To create the Who Has Your Face quiz, EFF and the Center on Privacy & Technology at Georgetown Law reviewed thousands of pages of public records to determine as much as possible which government photos of U.S. citizens, residents, and travelers are shared with which agencies for facial recognition purposes.

We learned that government agencies—including ICE, the Department of Homeland Security, and the FBI—could all have some access to these photos. However, despite hundreds of hours of research it’s nearly impossible to know precisely which agencies are sharing which photos, and with whom. For example, each state DMV shares access to their photos differently, depending on agreements with local police, other states, and federal agencies.  Our Who Has Your Face quiz asks you questions like what kind of ID you have and which state you live in to help you narrow down which agencies might have copies of your photos.

“These public records have shown us that biometric database sharing is widespread and completely unregulated—and this is still just a partial picture,” said Clare Garvie, senior associate with the Center on Privacy & Technology. “Americans deserve to know how their biometric information is being used, especially when it may put them at risk of being misidentified as a criminal suspect.”

“Here’s the truth: it should be easy to learn the full list of which entities have personal data that you’ve been required to hand over in exchange for a driver’s license or for re-entry into the country after visiting family abroad—especially when that’s a photo of your face,” said EFF Surveillance Litigation Director Jennifer Lynch. “Most people realize that their photos are scanned into a database, but they don’t realize this effectively makes them part of a perpetual police line-up. That’s what’s happening to millions of people, without their knowledge, and it’s practically impossible to opt out.”

Despite the proliferation of federal, state, and local face databases, we can fight back. Laws that ban government use of face recognition are increasingly passing around the country. Several states already don’t allow or don’t have face recognition at DMVs. Cities like San Francisco, Berkeley, and Oakland, California, as well as Somerville, Massachusetts have also passed bans on its use.  To help ban government use of face recognition in your city, visit our About Face campaign.

Keep reading

The Hidden Risks of the Digital Euro

The European Central Bank has presented the digital euro as a symbol of financial autonomy and modernization. But, much like the Chinese model that seems to inspire ECB President Christine Lagarde, what is at stake is not just technology: it is the risk of turning a payment instrument into a mechanism of control over every citizen’s transactions. Across the Atlantic, the United States took the opposite path: it legalized stablecoins and banned a centralized digital dollar, strengthening freedom and competition instead of state control.

On September 26, the European Central Bank announced what had long been anticipated: it will conduct new experiments on what can be achieved with the digital euro.

This project, presented as an achievement of financial autonomy, has now been accelerated after the United States Congress approved the so-called GENIUS (“Guiding and Establishing National Innovation for U.S. Stablecoins”) Act, which authorizes stablecoins currencies pegged to stable assets, usually the dollar. At the same time, Congress also approved a prohibition on the Federal Reserve from creating an official digital dollar, ensuring that innovation remains decentralized and outside the direct control of the State.

In Brussels, the reaction was the opposite. The fear that these dollar-linked digital currencies could trigger a “digital dollarization” of the European economy served as justification to accelerate the digital euro. But instead of strengthening the diversity of existing solutions, the European Union is moving forward with a project directly controlled by the ECB. The narrative is one of “financial sovereignty,” but in practice it risks increasing citizens’ dependence on central power and undermines competition in the financial sector, especially when the Chinese model appears to serve as reference.

The ECB insists that the digital euro will be just another payment option, coexisting with cash. But President Lagarde has repeatedly praised the Chinese model, which looks very much like a declaration of intent. Even if it begins with promises of voluntarism, the reality is that models of this kind rarely remain optional for long. China’s case is illustrative: the digital yuan was presented as a complement to physical cash and a voluntary choice, but it quickly became a mass-use instrument, encouraged by the State and integrated into nearly all daily transactions.

In 2023, in cities such as Shanghai and Shenzhen, public salaries and subsidies were being paid through the digital yuan. After the 2022 Beijing Winter Olympics, its use expanded to such an extent that it became virtually impossible to avoid. In just five years, the digital yuan became unavoidable in many Chinese cities, with public wages, subsidies, and taxes processed exclusively this way.

By recording in real time all transactions through the People’s Bank of China, the government monitors in detail who buys, what, where, and when. This level of surveillance opens the door to direct conditioning of citizens’ behavior. Features such as “programmable money,” with an expiration date that forces people to spend within a certain timeframe instead of saving, have already been tested.

Added to this is the risk of social exclusion: those who do not join the system or lack access to the necessary digital tools are, in practice, shut out from a growing part of the economy. State incentives make adhesion inevitable if public salaries, subsidies, and even transport are processed via digital money; the space for private alternatives shrinks progressively.

In such a model, financial freedom ceases to exist: every payment ultimately depends on state approval.

Although official EU platforms highlight numerous advantages of the digital euro, such as lower cost payments, privacy protected by European law, and structures to prevent cyberattacks. One unavoidable question remains: Why is this system necessary at all? At present, the private sector offers multiple secure and reliable digital payment options.

Since the market already provides safe and efficient alternatives, the only possible incentive to develop this system lies in control through the centralization of power, at the expense of privacy while weakening the private banking system. In essence, the digital euro is not a technological advance, but a serious step backward in terms of freedom and privacy.

Keep reading

Florida Attorney Sues Roku Over Failure to Implement Age Verification, Privacy Concerns

Florida’s attorney general has filed a lawsuit against Roku, drawing attention to the growing privacy risks tied to smart devices that quietly track user behavior.

The case, brought by Attorney General James Uthmeier under the Florida Digital Bill of Rights, accuses the streaming company of collecting and selling the personal data of children without consent while refusing to take reasonable steps to determine which users are minors.

We obtained a copy of the lawsuit for you here.

The lawsuit portrays Roku as a company that profits from extensive data collection inside homes, including data from children. According to the complaint, Roku “collected, sold and enabled reidentification of sensitive personal data, including viewing habits, voice recordings and other information from children, without authorization or meaningful notice to Florida families.”

It continues, “Roku knows that some of its users are children but has consciously decided not to implement industry-standard user profiles to identify which of its users are children.”

Another passage states, “Roku buries its head in the sand so that it can continue processing and selling children’s valuable personal and sensitive data.”

The growing push for digital ID–based age verification is being framed as a way to protect children online, but privacy advocates warn it would do the opposite.

Keep reading

Microsoft OneDrive Limits How Often Users Can Restrict Facial Recognition Setting

Microsoft is quietly testing a new facial-recognition feature in OneDrive that automatically sorts photos based on who appears in them.

The experimental version is being rolled out to some early-access users, and it turns on by default while placing strict limits on how often it can be disabled.

Those with access will see a new privacy notice in the app stating: “OneDrive uses AI to recognize faces in your photos.”

Microsoft’s support page, which still labels the option as “coming soon,” explains that “Microsoft collects, uses, and stores facial scans and biometric information from your photos through the OneDrive app for facial grouping technologies.”

The company says this is intended to “help you quickly and easily organize photos of friends and family.”

Microsoft insists that the face groupings remain private even when users share albums. It also claims that “Microsoft does not use any of your facial scans and biometric information to train or improve the AI model overall.”

When asked why the system is enabled by default instead of requiring consent first, a company spokesperson told Slashdot that “Microsoft OneDrive inherits privacy features and settings from Microsoft 365 and SharePoint, where applicable.”

Keep reading

Australia Advances National Facial Recognition Network Despite Privacy Concerns

Australia is moving forward with a national facial recognition network that will link millions of citizens’ identity documents, despite ongoing uncertainty about privacy safeguards.

The National Driver Licence Facial Recognition Solution (NDLFRS) will merge biometric data from driver’s licenses and passports so that both government departments and private businesses can verify individuals’ identities.

The proposal dates back eight years but has recently accelerated. The Digital Transformation Agency confirmed that the Department of Home Affairs will host the system, while each state and territory will continue to manage its own data.

The agency stated that the project aims “to protect Australian people from identity theft, to manage and prevent crime, to increase road safety and to improve identity verification.”

It also noted that “Tasmania, Victoria and South Australia have provided data to the NDLFRS, with other states and territories to follow.”

Although the initiative remains marked as “unendorsed,” the government is preparing to activate key components.

The Attorney-General’s Department has announced that the accompanying Face Verification Service (FVS), which checks whether a person’s facial image matches the photo held in official records, is expected to begin operation in 2025.

Keep reading

Canada Bill Sponsor Says Age Verification, Blocking Powers, Could Apply to Any Site, Even Social Media

A new Canadian Senate proposal on age verification has raised serious questions about the future of free expression and online access.

The bill’s sponsor has confirmed that the government would have the authority to decide which websites fall under its control, including platforms that have nothing to do with pornography.

Senator Julie Miville-Dechêne, who introduced Bill S-209, told a Senate committee that enforcement would ultimately be at the discretion of the federal government. “The government will decide on the scope, so the government could decide to include social media like X in its choices,” she said.

That statement cuts to the core of the controversy. The Protecting Young Persons from Exposure to Pornography Act was introduced as a measure aimed at sites that make adult content available for commercial purposes.

Yet, according to its sponsor, the government could extend it to any platform where some form of explicit content can be found, even if it is incidental or user-generated.

Bill S-209 completed its second reading in the Senate on June 12, 2025, and is now under committee review, which last met on October 9.

If passed, it would empower the government to impose mandatory age ID verification requirements across a wide range of online services. Those who fail to comply could face court-ordered blocking by Canadian internet service providers.

Although the proposal is framed as protecting minors, its broad wording leaves the door open for the government to demand compliance from social media companies, search engines, or discussion forums where adult material may appear in isolated cases.

Under Section 12, the Cabinet is granted full regulatory authority to determine which sites are covered and to set the rules for verification technologies.

Keep reading

Texas Is Sued Over Digital ID Age Verification Bill

A major technology association is suing the State of Texas over a new law that threatens both privacy and free expression.

The Computer & Communications Industry Association (CCIA) has filed a federal lawsuit challenging Senate Bill 2420, which is set to take effect on January 1, 2026.

We obtained a copy of the lawsuit for you here.

The group argues that the law forces both app stores and developers to impose invasive ID age checks, obtain parental consent, and label content in state-approved ways that violate the First Amendment.

Under SB 2420, anyone with an app store account would need to complete an age-verification process before downloading or updating applications.

If an app store determines that a user is under 18, that user would be blocked from downloading most apps or making in-app purchases unless a parent gives consent and assumes control of the account.

Minors who cannot link their profiles to a parent or guardian would lose access to app store content entirely.

App developers would also face new rules.

They must classify their apps into multiple age categories and provide written explanations for each rating. Every update, feature addition, or design change would require written notice to the app store.

CCIA says these mandates compel developers to describe their products in ways dictated by the state and pressure companies to collect personal data that users should not have to disclose.

Keep reading

California Court Blocks Trump Admin’s Access to SNAP Recipients’ Data

A San Francisco district court temporarily blocked the U.S. Department of Agriculture (USDA) on Oct. 15 from accessing information about food stamp recipients in several states.

California Attorney General Rob Bonta filed a lawsuit jointly with 20 other states against the USDA in July, alleging the agency violated several federal laws and the U.S. Constitution by asking for detailed information about Supplemental Nutrition Assistance Program (SNAP) recipients.

“The Trump Administration can try all it wants to strong arm states into illegally handing over data, but we know the rule of law is on our side,” Bonta said in a statement.

“We will continue to vigorously litigate this lawsuit and defend our communities, protect privacy, and ensure that remains a tool for fighting hunger—not a weapon for political targeting.”

The USDA has threatened to cut off some federal funding to states that don’t hand over SNAP data.

California receives more than $1 billion a year to administer the program.

Keep reading

How the Military Exposed the Tools That Let Authorities Break Into Phones

Immigration and Customs Enforcement (ICE) really doesn’t want the public to know what it’s doing with Cellebrite devices, a company that helps law enforcement break into a locked phone. When it announced an $11 million contract with Cellebrite last month, ICE completely redacted the justification for the purchase.

The U.S. Marine Corps has now done the opposite. It published a justification to a public contracting platform, apparently by mistake, for a no-bid contract to continue putting Cellebrite’s UFED/InsEYEts system in the hands of military police. The document is marked “controlled unclassified information” with clear instructions not to distribute it publicly. UFED/InsEYEts “includes capabilities exclusive to Cellebrite and not available from any other company or vendor,” the document claims, before going on to list specific capabilities for breaking into specific devices.

Reason is posting the document below, with phone numbers redacted.

Keep reading