Mobile Fortify, the new app used by Immigration and Customs Enforcement (ICE) to use face recognition technology (FRT) to identify people during street encounters, is an affront to the rights and dignity of migrants and U.S. citizens alike. That's why a coalition of privacy, civil liberties and civil rights organizations are demanding the Department of Homeland Security (DHS) shut down the use of Mobile Fortify, release the agency's privacy analyses of the app, and clarify the agency's policy on face recognition. 

As the organizations, including EFF, Asian Americans Advancing Justice and the Project on Government Oversight, write in a letter sent by EPIC: 

ICE’s reckless field practices compound the harm done by its use of facial recognition. ICE does not allow people to opt-out of being scanned, and ICE agents apparently have the discretion to use a facial recognition match as a definitive determination of a person’s immigration status even in the face of contrary evidence.  Using face identification as a definitive determination of immigration status is immensely disturbing, and ICE’s cavalier use of facial recognition will undoubtedly lead to wrongful detentions, deportations, or worse.  Indeed, there is already at least one reported incident of ICE mistakenly determining a U.S. citizen “could be deported based on biometric confirmation of his identity.”

As if this dangerous use of nonconsensual face recognition isn't bad enough, Mobile Fortify also queries a wide variety of government databases. Already there have been reports that federal officers may be using this FRT to target protesters engaging in First Amendment-protected activities. Yet ICE concluded it did not need to conduct a new Privacy Impact Assessment, which is standard practice for proposed government technologies that collect people's data. 

While Mobile Fortify is the latest iteration of ICE’s mobile FRT, EFF has been tracking this type of technology for more than a decade. In 2013, we identified how a San Diego agency had distributed face recognition-equipped phones to law enforcement agencies across the region, including federal immigration officers. In 2019, EFF helped pass a law temporarily banning collecting biometric data with mobile devices, resulting in the program's cessation. 

We fought against handheld FRT then, and we will fight it again today. 

Interviewer: Jillian York

Laura Vidal is a Venezuelan researcher and writer focused on digital rights, community resilience, and the informal ways people learn and resist under authoritarian pressure. She holds a Doctorate in Education Sciences and intercultural communication, and her work explores how narratives, digital platforms, and transnational communities shape strategies of care, resistance, and belonging, particularly in Latin America and within the Venezuelan diaspora. She has investigated online censorship, disinformation, and digital literacy and is currently observing how regional and diasporic actors build third spaces online to defend civic space across borders. Her writing has appeared in Global Voices, IFEX, EFF, APC and other platforms that amplify underrepresented voices in tech and human rights.

Jillian York: Hi Laura, first tell me who you are. 

Laura Vidal: I am an independent researcher interested in digital security and how people learn about digital security. I'm also a consultant and a person of communications for IFEX and Digital Action. 

JY: Awesome. And what does free speech mean to you? 

LV: It means a responsibility. Free speech is a space that we all hold. It is not about saying what you want when you want, but understanding that it is a right that you have and others have. And that also means keeping the space as safe as possible and as free as possible for everybody to express themselves as much as possible safely. 

JY: We've known each other for nearly 20 years at this point. And like me, you have this varied background. You're a writer, you've shifted toward digital rights, you pursued a PhD. Tell me more about the path that led you to this work and why you do it. 

LV: Okay, so as you know well, we both started getting into these issues with Global Voices. I started at Global Voices as a translator and then as an author, then as an editor, and then as a community organizer. Actually, community organizer before editor, but anyways, because I started caring a lot about the representation of Latin America in general and Venezuela in particular. When I started with Global Voices, I saw that the political crisis and the narratives around the crisis were really prevalent. And it would bother me that there would be a portrait that is so simplistic. And at that time, we were monitoring the blogosphere, and the blogosphere was a reflection of this very interesting place where so many things happened. 

And so from there, I started my studies and I pursued a PhD in education sciences because I was very interested in observing how communities like Global Voices could be this field in which there was potential for intercultural exchange and learning about other cultures. At the end, of course, things were a lot more complicated than that. There are power imbalances and backgrounds that were a lot more complex, and there was this potential, but not in the way I thought it would be. Once my time in Global Voices was up and then I started pursuing research, I was very, very interested in moving from academia to research among communities and digital rights organizations and other non profits. I started doing consultancies with The Engine Room, with Tactical Tech, Internews, Mozilla and with other organizations in different projects. I've been able to work on issues that have to do with freedom of expression, with digital security and how communities are formed around digital security. And my big, big interest is how is it that we can think about security and digital rights as something that is ours, that is not something that belongs only to the super techies or the people that are super experts and that know very well this, because this is a world that can be a bit intimidating for some. It was definitely intimidating for me. So I really wanted to study and to follow up on the ways that this becomes more accessible and it becomes part of, becomes a good element to digital literacy for everyone. 

JY: That really resonates with me. I hadn't heard you articulate it that way before, but I remember when you were starting this path. I think we had that meeting in Berlin. Do you remember? 

LV: Yeah. In like 2017. Many meetings in Berlin, and we were talking about so many things. 

JY: Yeah, and I just, I remember like, because we've seen each other plenty of times over the past few years, but not as much as we used to….It's interesting, right, though, because we've both been in this space for so long. And we've seen it change, we've seen it grow. You know, I don't want to talk about Global Voices too much, but that was our entry point, right?

LV: It was. 

JY: And so that community—what did it mean for you coming from Venezuela? For me, coming from the US, we’ve both come from our home countries and moved to other countries…we have similar but different life paths. I guess I just see myself in you a little bit.

LV: That’s flattering to me. 

JY: I admire you so much. I've known you for 17 years.

LV: It's definitely mutual. 

JY: Thank you. But a lot of that comes from privilege, I recognize that.

LV: But it's good that you do, but it's also good that you use privilege for good things. 

JY: That's the thing: If you have privilege, you have to use it. And that's what I was raised with. My mother works for a non-profit organization. And so the idea of giving back has always been part of me. 

LV: I get it. And I also think that we are all part of a bigger chain. And it's very easy to get distracted by that. I definitely get distracted by those values, like the idea of being validated by a community. Coming from academia, that's definitely the case, that you really need to shine to be able to think that you're doing some work. And then also coming into the maturity of thinking, we're part of a chain. We're doing something bigger. Sometimes we are kind of going all places and we're making mistakes as a whole, but we're all part of a bigger system. And if you're part of the chain, if you have certain privileges and you can push forward the rest of the chain, that's what it is for. 

JY: Tell me about an experience that shaped your views on free expression, like a personal experience. 

LV: I'm thinking of the experience of writing about Venezuela while being abroad. That has been a very complicated, complex experience because I left Venezuela in 2008. 

JY: That's the year we met. 

LV: Exactly. I was in Budapest [for the Global Voices Summit] in 2008. And then I left Venezuela a few months later. So this experience about freedom of expression…when I left, it wasn't yet the time of the big exodus. This exodus translates today into a huge Venezuelan community all around the world that had to leave, not because they wanted to, but because they had basically no choice. It was very complicated to talk about the crisis because immediately you will get hit back. I will never forget that even in that summit that we keep discussing, the Budapest Summit of Global Voices, whenever I would talk about Venezuela, people would shut me down—people that were not Venezuelans. It was the big beginning of what we call the “Venezuelansplaining”. Because it was this political movement that was very much towards the left, that it was very much non-aligned…

JY: You had that in common with Syria. 

LV: Yeah. And so at the same time, they [the Venezuelan government] were so good at selling themselves as this progressive, non-aligned, global majority movement, feminist, you see…to me, it was shocking to see a lot of feminist groups aligning with the government, that it was a government led by a big, strong man, with a lot of discourse and very little policy change behind it. However, it was the ones that for the first time were talking about these issues from the side of the state. So from the outside, it really looked like this big government that was for the people and all the narratives of the 1960s, of the American interventions in the South that were definitely a reality, but in the case of Venezuela in the 2010s and now it is a lot more complex. And so whenever I would talk about the situation in Venezuela, it was very easy to shut me down. At first, I literally had somebody telling me, somebody who's not from Venezuela, telling me “You don't know what you're talking about. I cannot hear what you say about Venezuela because you're a privileged person.”

And I could totally take the idea of privilege, yes, but I did grow up in that country. He didn’t know it, and I did, and he definitely didn’t know anything about me. It was very easy to be shut down and very easy to self-censor because after that experience, plus writing about it or having opinions about it and constantly being told “you're not there, you cannot speak,” I just started not talking about it. And I think my way of responding to that was being able to facilitate conversations about that. 

And so I was very happy to become the editor of the Americas of Global Voices back then, because if I couldn't write about it because of these reasons—which I guess I understand—I will push others to talk about it. And not only about Venezuela, but Latin America, there are so many narratives that are very reductive, really simplistic about the region that I really wanted to really push back against. So that's why I see freedom of expression as this really complex thing, this really, really complicated thing. And I guess that's why I also see it not only as a right too, but also as a responsibility. Because the space that we have today is so messy and polluted with so many things that you can claim freedom of expression just to say anything, and your goal is not to express yourself, but to harm other people, vulnerable people in particular. 

JY: What do you think is the ideal online environment for free expression? What are the boundaries or guardrails that should be put in place? What guides you? 

LV: I'm not even sure that something guides me completely. I guess that I'm guided by the organizations that observe and defend the space, because they're constantly monitoring, they're constantly explaining, they're talking to people, they have an ear on the ground. It is impossible to think of a space that can be structured and have certain codes. We are a really complicated species. We had these platforms that we started seeing as this hope for people to connect, and then they ended up being used to harm. 

I guess that's also why the conversations about regulations are always so complicated, because whenever we push for legislation or for different kinds of regulations, those regulations then take a life of their own and everybody's able to weaponize them or manipulate them. So yes, there are definitely guidelines and regulations, but I think it's a pendular movement. You know, it's recognizing that the space in which people communicate is always going to be chaotic because everybody will want to have their say. But at the same time, it's important to keep observing and having guidelines. I will go with you, having UN guidelines that translate from organizations that observe the space. I hate to answer saying that I have no guidelines, but at the same time, I guess it's also the idea of the acceptance that it's a chaotic space. And for it to be healthy, we need to accept that it's going to be. It cannot be very structured. It cannot function if it's too structured because there will not be free expression. 

JY: I get that. So ultimately then, where do you stand on regulation? 

LV: I think it's necessary; at some point we need rules to go by and we need some rules of the game. But it cannot be blindly, and we cannot think that regulations are going to stay the same over time. Regulations need to be discussed. They need to evolve. They need to be studied. Once they're in place, you observe how they're used and then how they can be adjusted. It's like they need to be as alive as the spaces of expression are. 

JY: Yes. What countries do you think or entities do you think are doing the best job of this right now? I feel that the EU is maybe trying its hardest, but it's not necessarily enough. 

LV: And I think it's also a little bit dangerous to think of whatever the European Union does as an example. There have been so many cases of copy-paste legislation that has nothing to do with the context. When we talk about privacy, for example, the way that Europe, the way that France and Germany understand privacy, it's not the way that Colombia, for example, understands privacy. It's very different. Culturally, it's different. You can see that people understand legislation, thinking about privacy very differently. And so this kind of way, which I think is like, I will even dare to say is a bit colonial, you know? Like, we set the example, we put the rules and you should follow suit. And why? I like the effort of the European Union as an entity. The fact that so many countries that have been at war for so long managed to create a community, I'm impressed. The jury's still out on how that's working, but I'm still impressed. 

JY: Do you think that because—maybe because of Global Voices or our experience of moving countries, or our friendships—having a global worldview and seeing all of these different regulations and different failures and different successes makes it more complex for us than, say, somebody who's working only on policy in the EU or in the US or in the UK? Do you think it's harder for us then to reconcile these ideas, because we see this broader picture?

LV: That's a really good point. I'm not sure. I do believe very strongly in the idea that we should be in contact. As with everything that has to do with freedom of expression, initiatives, and the fight for spaces and to protect journalists and to regulate platforms, we should be looking at each other's notes. Absolutely. Is there a way to look at it globally? I don't know. I don't think so. I think that I was very much a believer of the idea of a global world where we're all in contact and the whole thing of the global village. 

But then when you start exchanging and when you see how things play out—whenever we think about “globalities”—there's always one overpowering the rest. And that's a really difficult balance to get. Nothing will ever be [truly] global. It will not. We're still communicating in English, we're still thinking about regulations, following certain values. I'm not saying that's good or bad. We do need to create connections. I wouldn't have been able to make friendships and beautiful, beautiful relations that taught me a lot about freedom of expression and digital security had I not spoken this language, because I don't speak Arabic, and these Egyptian friends [that I learned from early on] don't speak Spanish. So those connections are important. They're very important. But the idea of a globality where everybody is the same…I see that as very difficult. And I think it goes back to this idea that we could have perfect regulation or perfect structures—like, if we had these perfect structures, everything would be fine. And I think that we're learning very painfully that is just not possible. 

Everything that we will come up with, every space that we will open, will be occupied by many other people's powers and interests. So I guess that the first step could be to recognize that there's this uneasy relation of things that cannot be global, that cannot be completely horizontal, that doesn't obey rules, it doesn't obey structures…to see what it is that we're going to do. Because so far, I believe that there's been so many efforts towards equalizing spaces. I have been thinking about this a lot. We tend to think so much about solutions and ways in which we all connect and everything. And at the end, it ends up emptying those words of their meaning, because we're reproducing imbalances, we reproduce power relations. So, I don't know how to go back to the question, because I don't think that there's an ideal space. If there was an ideal space, I don't think that we'd be human, you know? I think that part of what will make it realistic is that it moves along. So I guess the ideal place is, it will be one that is relatively safe for most, and especially that it will have special attention to protect vulnerable groups. 

If I could dream of a space with regulations and structures that will help, I think that my priority would be structures that at least favor the safety of the most vulnerable, and then the others will find their ground. I hope this makes sense. 

JY: No, it does. It does. I mean, it might not make sense to someone who is purely working on policy, but it makes sense to me because I feel the same way. 

LV: Yeah, I think a policy person will already be like looking away, you know, like really hoping to get away from me as soon as possible because this woman is just rambling. But they have this really tough job. They need to put straight lines where there are only curves. 

JY: Going back for a moment to something you mentioned, learning from people elsewhere in the world. That Global Voices meeting changed my life.

LV: It changed my life too. I was 26.

JY: I was 26 too! I’d been living in Morocco until just recently, and I remember meeting all of these people from other parts of the region, and beginning to understand through meeting people how different Morocco was from Syria, or Egypt. How the region wasn’t a monolith.

LV: And that’s so important. These are the things I feel that we might know intellectually, but when you actually “taste” them, there are no words you can express when you realize the complexity of people that you didn’t think of as complex as you. That was the year I met Mohamed El Gohary. I will never forget that as critical as I was of the government of Venezuela back then, never in a million years would I have imagined that they would be like they are now. I used to work in a ministry, which means that I was very much in contact with people that were really big believers of [Chavismo’s] project, and I would listen to them being really passionate and see how people changed their lives because they had employment and many other things they lacked before: representation in government among them. All of those projects ended up being really short-term solutions, but they changed the perspective of a lot of people and a lot of people that believed so wholeheartedly in it. I remember that most of the Latin America team, we were very shaken by the presentations coming from Advox, seeing the blogs and the bloggers were in prison. I remember Gohary asking me “have you had any platforms blocked, or shutdowns, or have any newspapers been closed?” I said no, and he said “that’s coming.”

JY: I remember this. I feel like Tunisia and Egypt really served as examples to other countries of what states could do with the internet. And I think that people without a global view don’t recognize that as clearly.

LV: That's very true. And I think we still lack this global view. And in my opinion, we lack a global view that doesn't go through the United States or Europe. Most of the conveners and the people that put us in contact have been linked or rooted in Western powers. And connections were made, which is good. I would have never understood these issues of censorship had it not been for these Egyptian friends that were at Global Voices. That's very important. And ever since, I am convinced that you can grow through people from backgrounds that are very different from yours, because you align on one particular thing. And so I've always been really interested in South, quote unquote, “South-South” relationships, the vision Latin America has of Africa. And I really dislike saying Africa as if it was one thing. 

But the vision that we need to have is...I love, there's a writer that I love, Ryszard Kapuściński, and he wrote a book about Africa. He's a Polish journalist and he wrote about the movements of independence because he was the only journalist that the newspaper had for internationals. He would go to every place around, and it was the 60s. So there were like independence movements all around. And at the end, he wrote this big summary of his experiences in “Africa.” And the first page says, other than for the geographic name that we put to it, Africa doesn't exist. This is a whole universe. This is a whole world. And so the vision, this reductionist vision that a lot of us in Latin America have come through these, you know, glasses that come from the West. So to me, when I see cases in which you have groups from Venezuela, collaborating with groups in Senegal because the shutdowns that happen in both countries rhyme, I am passionately interested in these connections, because these are connections of people that don't think are similar, but they're going through similar, very similar things, and they realize how similar they are in the process. That was my feeling with [other friends from Egypt] and Gohary. The conversations that we had, the exchanges that we had, let's say at the center of our table, our excuse was this idea of freedom on the internet and how digital security will work. But that was the way that we could dialogue. And to me, it was one proof of how you grow through the experiences of people that you mistakenly think are not like you. 

JY: Yes. Yeah, no, exactly, And that was really, that was my experience too, because in the U.S. at the time, obviously there were no restrictions on the internet, but I moved to Morocco and immediately on my first day there, I had a LiveJournal. I think I've written about this many times. I had LiveJournal, which was my blogging platform at the time, and I went to log in and the site was blocked. And LiveJournal was blocked because there had been a lot of blogs about the Western Sahara, which was a taboo topic at the time, still is in many ways. And so I had to, I had to make a decision. Do I figure out a circumvention tool? I had an American friend who was emailing me about how to get around this, or maybe we had a phone call. And so I ended up, I ended up becoming a public blogger because of censorship. 

LV: That's so interesting because it is the reaction. Somebody says, I like, I didn't want to talk, but now that you don't want me to, now I will. 

JY:  Yeah, now I will. And I never crossed the red lines while I was living there because I didn't want to get in trouble. And I wrote about things carefully. But that experience connected me to people. That's how I found Global Voices. 

I want to ask you another question. When we met in Portugal in September, we discussed the idea that what’s happening in the U.S. has made it easier for people there to understand repression in other countries…that some Americans are now more able to see creeping authoritarianism or fascism elsewhere because they’re experiencing it themselves. What are your thoughts on that?

LV: So what pops in my mind is this, because I always find this fantasy very interesting that things cannot happen in certain countries, even if they've already happened. There are a lot of ideas of, we were talking about having the European Union as an example. And yes, the United States were very much into, you know, this idea of freedom of the press, freedom of expression. But there was also this idea, this narrative that these kinds of things will never happen in a place like the United States, which I think is a very dangerous idea, because it gets you to not pay attention. And there are so many ways in which expression can be limited, manipulated, weaponized, and it was a long time coming, that there were a lot of pushes to censor books. When you start seeing that, you push for libraries to take certain books out, you really start seeing like the winds blowing in that direction. And so now that it has become probably more evident, with the case of the Jimmy Kimmel show and the ways that certain media have been using their time to really misinform, you really start seeing parallels with other parts of the continent. I think it's very important, this idea that we look at each other. I will always defend the idea that we need to be constantly in dialogue and not necessarily look for examples.

Let’s say from Mexico downward, this idea of “look at this thing that people are doing in the States”—I don’t think that has ever served us, and it won’t serve us now. It is very important that we remain in dialogue. Because one thing that I found beautiful and fascinating that is happening among Venezuelan journalists is that you will see media that would  be competing with one in other circumstances are  now working together. They wouldn't survive otherwise. And also countries in the region that wouldn't look at each other before, they are working together as well. So you have Venezuelan journalists working with Nicaraguan journalists and also human rights defenders really looking at each other's cases because authoritarian regimes look at each other. We were talking about Egypt as an example before. And we keep seeing this but we're not paying enough attention. When we see events, for example, how they are regional, and that is really important. We need to talk amongst ourselves. We understand the realities of our regions, but it is so important that there's always somebody invited, somebody looking at other regions, how is it playing out, what are people doing. Latin America is a really great place where people should be looking at when thinking about counter-power and looking for examples of different ways of resistance. And unfortunately, also where things can go. How are technologies being used to censor? 

In the case of Venezuela, you had newspapers being progressively harassed. Then they wouldn't find paper. Then they had to close down. So they pushed them online where they're blocking them and harassing them. So it is a slow movement. It's very important to understand that this can happen anywhere. Everyone is at risk of having an authoritarian regime. This idea, these regressive ideas about rights, they are happening globally and they're getting a lot of traction. So the fact that we need to be in contact is crucial. It is crucial to really go beyond the narratives that we have of other countries and other cultures and to think that is particular to that place because of this and that. I think if there's a moment in which we can understand all of us as a whole group, as a region, like from the whole of the Americas, it is now. 

JY: That's such a good point. I agree. And I think it's important both to look at it on that semi-local scale and then also scale it globally, but understand like the Americas in particular, yeah, have so much in common. 

LV: No. I really believe that if there was something that I will be pushing forward, it's this idea that, first of all, these borders that are imagined, they're artificial, we created it to protect things that we have accumulated. And we, like the whole of the continent, have this history of people that came to occupy other people's lands. That's their origin story. All of the continent. Yeah. So maybe trying to understand that in terms of resistance and in terms of communities, we should be aware of that and really think about communities of counter power, resistance and fight for human rights should be, I guess they should have its own borders, you know, like not American groups or Nicaraguan groups or Colombian groups, like really create some sort of I guess, way to understand that these national borders are, they're not serving us. We really need to collaborate in ways that go really beyond that. Fully understanding the backgrounds and the differences and everything, but really connecting in things in ways that make sense. I don't think that one human rights defense community can go against its own state. They are outnumbered. The power imbalance is too big. But these groups in combination, looking at each other and learning from each other, being in contact, collaborating, it makes, well, you know, it's just simple math. It will make for more of us working together. 

JY: Absolutely. At EFF, we have a team that works on issues in Latin America, and some are based in Latin America. And it’s been interesting, because I came to EFF from having worked in a Middle East perspective, and my colleague Katitza Rodriguez, who started just a year or two before me came from a Latin American perspective, and apart from our EU work, those remain the two regional strongholds of EFF’s international work. And we’ve bridged that. I remember a couple of years ago having calls between Colombians and Palestinians because they were experiencing the same censorship issues online.

LV: That’s what I dream of.

JY: That's the sort of bridging work that you and I kind of came up in. And I think that like that experience for me, and similarly for Katitza, and then bringing that to EFF. And so we had these ties. And I think of everything you’ve said, one of the things that struck me the most is that this is a generational thing. We’re all Gen X, or early Millennials, or whatever you want to call it. I know it differs globally, but we all grew up under similar circumstances in terms of the information age, and I think that shaped our worldview in a way that—if we’re open to it—our generation thinks uniquely from the ones before and after us, because we lived a little bit in both worlds. I think it’s a really unique experience.

LV: I feel really excited to hear you say this because at times I feel that I'm thinking about this and it looks like it sounds like very weird ideas, but we are definitely part of this generation that lived the transition to online worlds and we are living in these—I love to call them digital third spaces. We're constantly negotiating our identities. We are creating new ones. We're creating homes that are “in the air.” Because yes, you are in Berlin now and I'm in France and other friends are in Venezuela, others are in Colombia and so on. But we are in this kind of commonplace, in this space where we meet that is neither nor. And it is a place that has let me understand borders very differently and understand identity very differently. And I think that is the door that we have to go through to understand how community and collaboration cross regionally and beyond borders. It's not only necessary, it's more realistic. 

JY: Absolutely, I agree. Let me ask you the last question: Who's your free expression hero? Or somebody who's inspired you. Somebody who really changed your world. 

LV: I am so proud of the Venezuelan community. So proud. They're all people that are inspiring, intelligent, dynamic. And if I had to pick one with a lot of pain, I would say Valentina Aguana. She works with Connexion Segura y Libre. She's like twenty-something. I love to see this person in her twenties. And very often, especially now that you see younger generations going to places that we don't understand. I love that she's a young person in this space, and I love how well she understands a lot of these things. I love very much how she integrates this idea of having the right to do things. That was very hard for me when I was growing up. It was very hard when I was her age to understand I had the right to do things, that I had the right to express myself. Not only does she understand that her work is devoted to ensuring that other people have the right as well, and they have the space to do that safely. 

JY: I love that. Thank you so much Laura.

One of our favorite—and most important—things that we do at EFF is to work toward a better future. It can be easy to get caught up in all the crazy things that are happening in the moment, especially with the fires that need to be put out. But it’s just as important to keep our eyes on new technologies, how they are impacting digital rights, and how we can ensure that our rights and freedoms expand over time.

That's why EFF is excited to spotlight two free book events this December that look ahead, providing insight on how to build this better future. Featuring EFF’s Executive Director Cindy Cohn, we’ll be exploring how stories, technology, and policy shape the world around us. Here’s how you can join us this year and learn more about next year’s events:

Exploring Progressive Social Change at The Booksmith - We Will Rise Again 

December 2 | 7:00 PM Pacific Time | The Booksmith, San Francisco 

We’re celebrating the release of We Will Rise Again, a new anthology of speculative stories from writers across the world, including Cindy Cohn, Annalee Newitz, Charlie Jane Anders, Reo Eveleth, Andrea Dehlendorf, and Vida Jame. This collection explores topics ranging from disability justice and environmental activism to community care and collective worldbuilding to offer tools for organizing, interrogating the status quo, and a blueprint for building a better world.

Join Cindy Cohn and her fellow panelists at this event to learn how speculative fiction helps us think critically about technology, civil liberties, and the kind of world we want to create. We hope to see some familiar faces there! 

RSVP AND LEARN MORE

AI, Politics, and the Future of Democracy - Rewiring Democracy

December 3 | 6:00 PM Pacific Time | Virtual

We’re also geared up to join an online discussion with EFF Board Member Bruce Schneier and Nathan E. Sanders about their new book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship. In this time when AI is taking up every conversation—from generative AI tools to algorithmic decision-making in government—this book cuts through the hype to examine the ways that the technology is transforming every aspect of democracy, for good and bad. 

Cindy Cohn will join Schneier and Sanders for a forward-looking conversation about what’s possible, and what’s at stake, as AI weaves itself into our governments and how to steer it in the right direction. We’ll see you online for this one! 

RSVP AND LEARN MORE

Announcing Cindy Cohn's New Book, Privacy's Defender

In March we’ll be kicking off the celebration for Cindy Cohn’s new book, Privacy’s Defender, chronicling her thirty-year battle to protect everyone’s right to digital privacy and offering insights into the ongoing fight for our civil liberties online. Stay tuned for more information about our first event at City Lights on Tuesday, March 10!

The celebration doesn’t stop there. Look out for more celebrations for Privacy’s Defender throughout the year, and we hope we’ll see you at one of them. Plus, you can learn more about the book and even preorder it today! 

PREORDER PRIVACY'S DEFENDER

You can keep up to date on these book events, and more EFF happenings when you sign up for our EFFector newsletter and check out our full event calendar.

 

A California judge ordered the end of a dragnet law enforcement program that surveilled the electrical smart meter data of thousands of Sacramento residents.

The Sacramento County Superior Court ruled that the surveillance program run by the Sacramento Municipal Utility District (SMUD) and police violated a state privacy statute, which bars the disclosure of residents’ electrical usage data with narrow exceptions. For more than a decade, SMUD coordinated with the Sacramento Police Department and other law enforcement agencies to sift through the granular smart meter data of residents without suspicion to find evidence of cannabis growing.

EFF and its co-counsel represent three petitioners in the case: the Asian American Liberation Network, Khurshid Khoja, and Alfonso Nguyen. They argued that the program created a host of privacy harms—including criminalizing innocent people, creating menacing encounters with law enforcement, and disproportionately harming the Asian community.

The court ruled that the challenged surveillance program was not part of any traditional law enforcement investigation. Investigations happen when police try to solve particular crimes and identify particular suspects. The dragnet that turned all 650,000 SMUD customers into suspects was not an investigation.

“[T]he process of making regular requests for all customer information in numerous city zip codes, in the hopes of identifying evidence that could possibly be evidence of illegal activity, without any report or other evidence to suggest that such a crime may have occurred, is not an ongoing investigation,” the court ruled, finding that SMUD violated its “obligations of confidentiality” under a data privacy statute.

Granular electrical usage data can reveal intimate details inside the home—including when you go to sleep, when you take a shower, when you are away, and other personal habits and demographics.

The dragnet turned 650,000 SMUD customers into suspects.

In creating and running the dragnet surveillance program, according to the court, SMUD and police “developed a relationship beyond that of utility provider and law enforcement.” Multiple times a year, the police asked SMUD to search its entire database of 650,000 customers to identify people who used a large amount of monthly electricity and to analyze granular 1-hour electrical usage data to identify residents with certain electricity “consumption patterns.” SMUD passed on more than 33,000 tips about supposedly “high” usage households to police.

While this is a victory, the Court unfortunately dismissed an alternate claim that the program violated the California Constitution’s search and seizure clause. We disagree with the court’s reasoning, which misapprehends the crux of the problem: At the behest of law enforcement, SMUD searches granular smart meter data and provides insights to law enforcement based on that granular data.

Going forward, public utilities throughout California should understand that they cannot disclose customers’ electricity data to law enforcement without any “evidence to support a suspicion” that a particular crime occurred.

EFF, along with Monty Agarwal of the law firm Vallejo, Antolin, Agarwal, Kanter LLP, brought and argued the case on behalf of Petitioners.

Related Cases: Asian American Liberation Network v. SMUD, et al.

It's no secret that 2025 has given Americans plenty to protest about. But as news cameras showed protesters filling streets of cities across the country, law enforcement officers—including U.S. Border Patrol agents—were quietly watching those same streets through different lenses: Flock Safety automated license plate readers (ALPRs) that tracked every passing car. 

Through an analysis of 10 months of nationwide searches on Flock Safety's servers, we discovered that more than 50 federal, state, and local agencies ran hundreds of searches through Flock's national network of surveillance data in connection with protest activity. In some cases, law enforcement specifically targeted known activist groups, demonstrating how mass surveillance technology increasingly threatens our freedom to demonstrate. 

Flock Safety provides ALPR technology to thousands of law enforcement agencies. The company installs cameras throughout their jurisdictions, and these cameras photograph every car that passes, documenting the license plate, color, make, model and other distinguishing characteristics. This data is paired with time and location, and uploaded to a massive searchable database. Flock Safety encourages agencies to share the data they collect broadly with other agencies across the country. It is common for an agency to search thousands of networks nationwide even when they don't have reason to believe a targeted vehicle left the region. 

Via public records requests, EFF obtained datasets representing more than 12 million searches logged by more than 3,900 agencies between December 2024 and October 2025. The data shows that agencies logged hundreds of searches related to the 50501 protests in February, the Hands Off protests in April, the No Kings protests in June and October, and other protests in between. 

The Tulsa Police Department in Oklahoma was one of the most consistent users of Flock Safety's ALPR system for investigating protests, logging at least 38 such searches. This included running searches that corresponded to a protest against deportation raids in February, a protest at Tulsa City Hall in support of pro-Palestinian activist Mahmoud Khalil in March, and the No Kings protest in June. During the most recent No Kings protests in mid-October, agencies such as the Lisle Police Department in Illinois, the Oro Valley Police Department in Arizona, and the Putnam County (Tenn.) Sheriff's Office all ran protest-related searches. 

While EFF and other civil liberties groups argue the law should require a search warrant for such searches, police are simply prompted to enter text into a "reason" field in the Flock Safety system. Usually this is only a few words–or even just one.

In these cases, that word was often just “protest.” 

Crime does sometimes occur at protests, whether that's property damage, pick-pocketing, or clashes between groups on opposite sides of a protest. Some of these searches may have been tied to an actual crime that occurred, even though in most cases officers did not articulate a criminal offense when running the search. But the truth is, the only reason an officer is able to even search for a suspect at a protest is because ALPRs collected data on every single person who attended the protest. 

Search and Dissent 

2025 was an unprecedented year of street action. In June and again in October, thousands across the country mobilized under the banner of the “No Kings” movement—marches against government overreach, surveillance, and corporate power. By some estimates, the October demonstrations ranked among the largest single-day protests in U.S. history, filling the streets from Washington, D.C., to Portland, OR. 

EFF identified 19 agencies that logged dozens of searches associated with the No Kings protests in June and October 2025. In some cases the "No Kings" was explicitly used, while in others the term "protest" was used but coincided with the massive protests.

Law Enforcement Agencies that Ran Searches Corresponding with "No Kings" Rallies

• Anaheim Police Department, Calif.
• Arizona Department of Public Safety
• Beaumont Police Department, Texas
• Charleston Police Department, SC
• Flagler County Sheriff's Office, Fla.
• Georgia State Patrol
• Lisle Police Department, Ill.
• Little Rock Police Department, Ark.
• Marion Police Department, Ohio
• Morristown Police Department, Tenn.
• Oro Valley Police Department, Ariz.
• Putnam County Sheriff's Office, Tenn.
• Richmond Police Department, Va.
• Riverside County Sheriff's Office, Calif.
• Salinas Police Department, Calif.
• San Bernardino County Sheriff's Office, Calif.
• Spartanburg Police Department, SC
• Tempe Police Department, Ariz.
• Tulsa Police Department, Okla.
• US Border Patrol

For example: 

• In Washington state, the Spokane County Sheriff's Office listed "no kings" as the reason for three searches on June 13, 2025. The agency queried 95 camera networks, looking for vehicles matching the description of "work van," "bus" or "box truck." 
• In Texas, the Beaumont Police Department ran six searches related to two vehicles on June 14, 2025, listing "KINGS DAY PROTEST" as the reason. The queries reached across 1,774 networks. 
• In California, the San Bernardino County Sheriff's Office ran a single search for a vehicle across 711 networks, logging "no king" as the reason. 
• In Arizona, the Tempe Police Department made three searches for "ATL No Kings Protest" on June 15, 2025 searching through 425 networks. "ATL" is police code for "attempt to locate." The agency appears to not have been looking for a particular plate, but for any red vehicle on the road during a certain time window.

But the No Kings protests weren't the only demonstrations drawing law enforcement's digital dragnet in 2025. 

For example:

• In Nevada's state capital, the Carson City Sheriff's Office ran three searches that correspond to the February 50501 Protests against DOGE and the Trump administration. The agency searched for two vehicles across 178 networks with "protest" as the reason.
• In Florida, the Seminole County Sheriff's Office logged "protest" for five searches that correspond to a local May Day rally.
• In Alabama, the Homewood Police Department logged four searches in early July 2025 for three vehicles with "PROTEST CASE" and "PROTEST INV." in the reason field. The searches, which probed 1,308 networks, correspond to protests against the police shooting of Jabari Peoples.
• In Texas, the Lubbock Police Department ran two searches for a Tennessee license plate on March 15 that corresponds to a rally to highlight the mental health impact of immigration policies. The searches hit 5,966 networks, with the logged reason "protest veh."
• In Michigan, Grand Rapids Police Department ran five searches that corresponded with the Stand Up and Fight Back Rally in February. The searches hit roughly 650 networks, with the reason logged as "Protest."

Some agencies have adopted policies that prohibit using ALPRs for monitoring activities protected by the First Amendment. Yet many officers probed the nationwide network with terms like "protest" without articulating an actual crime under investigation.

In a few cases, police were using Flock’s ALPR network to investigate threats made against attendees or incidents where motorists opposed to the protests drove their vehicle into crowds. For example, throughout June 2025, an Arizona Department of Public Safety officer logged three searches for “no kings rock threat,” and a Wichita (Kan.) Police Department officer logged 22 searches for various license plates under the reason “Crime Stoppers Tip of causing harm during protests.”

Even when law enforcement is specifically looking for vehicles engaged in potentially criminal behavior such as threatening protesters, it cannot be ignored that mass surveillance systems work by collecting data on everyone driving to or near a protest—not just those under suspicion.

Border Patrol's Expanding Reach 

As U.S. Border Patrol (USBP), ICE, and other federal agencies tasked with immigration enforcement have massively expanded operations into major cities, advocates for immigrants have responded through organized rallies, rapid-response confrontations, and extended presences at federal facilities. 

USBP has made extensive use of Flock Safety's system for immigration enforcement, but also to target those who object to its tactics. In June, a few days after the No Kings Protest, USBP ran three searches for a vehicle using the descriptor “Portland Riots.” 

USBP has made extensive use of Flock Safety's system for immigration enforcement, but also to target those who object to its tactics.

USBP also used the Flock Safety network to investigate a motorist who had “extended his middle finger” at Border Patrol vehicles that were transporting detainees. The motorist then allegedly drove in front of one of the vehicles and slowed down, forcing the Border Patrol vehicle to brake hard. An officer ran seven searches for his plate, citing "assault on agent" and "18 usc 111," the federal criminal statute for assaulting, resisting or impeding a federal officer. The individual was charged in federal court in early August. 

USBP had access to the Flock system during a trial period in the first half of 2025, but the company says it has since paused the agency's access to the system. However, Border Patrol and other federal immigration authorities have been able to access the system’s data through local agencies who have run searches on their behalf or even lent them logins. 

Targeting Animal Rights Activists

Law enforcement's use of Flock's ALPR network to surveil protesters isn't limited to large-scale political demonstrations. Three agencies also used the system dozens of times to specifically target activists from Direct Action Everywhere (DxE), an animal-rights organization known for using civil disobedience tactics to expose conditions at factory farms.

Delaware State Police queried the Flock national network nine times in March 2025 related to DxE actions, logging reasons such as "DxE Protest Suspect Vehicle." DxE advocates told EFF that these searches correspond to an investigation the organization undertook of a Mountaire Farms facility. 

Additionally, the California Highway Patrol logged dozens of searches related to a "DXE Operation" throughout the day on May 27, 2025. The organization says this corresponds with an annual convening in California that typically ends in a direct action. Participants leave the event early in the morning, then drive across the state to a predetermined but previously undisclosed protest site. Also in May, the Merced County Sheriff's Office in California logged two searches related to "DXE activity." 

As an organization engaged in direct activism, DxE has experienced criminal prosecution for its activities, and so the organization told EFF they were not surprised to learn they are under scrutiny from law enforcement, particularly considering how industrial farmers have collected and distributed their own intelligence to police.

The targeting of DxE activists reveals how ALPR surveillance extends beyond conventional and large-scale political protests to target groups engaged in activism that challenges powerful industries. For animal-rights activists, the knowledge that their vehicles are being tracked through a national surveillance network undeniably creates a chilling effect on their ability to organize and demonstrate.

Fighting Back Against ALPR 

ALPR systems are designed to capture information on every vehicle that passes within view. That means they don't just capture data on "criminals" but on everyone, all the time—and that includes people engaged in their First Amendment right to publicly dissent. Police are sitting on massive troves of data that can reveal who attended a protest, and this data shows they are not afraid to use it. 

Our analysis only includes data where agencies explicitly mentioned protests or related terms in the "reason" field when documenting their search. It's likely that scores more were conducted under less obvious pretexts and search reasons. According to our analysis, approximately 20 percent of all searches we reviewed listed vague language like "investigation," "suspect," and "query" in the reason field. Those terms could well be cover for spying on a protest, an abortion prosecution, or an officer stalking a spouse, and no one would be the wiser–including the agencies whose data was searched. Flock has said it will now require officers to select a specific crime under investigation, but that can and will also be used to obfuscate dubious searches. 

For protestors, this data should serve as confirmation that ALPR surveillance has been and will be used to target activities protected by the First Amendment. Depending on your threat model, this means you should think carefully about how you arrive at protests, and explore options such as by biking, walking, carpooling, taking public transportation, or simply parking a little further away from the action. Our Surveillance Self-Defense project has more information on steps you could take to protect your privacy when traveling to and attending a protest.

For local officials, this should serve as another example of how systems marketed as protecting your community may actually threaten the values your communities hold most dear. The best way to protect people is to shut down these camera networks.  

Everyone should have the right to speak up against injustice without ending up in a database. 

Widespread news reports indicate that President Donald Trump’s administration has prepared an executive order to punish states that have passed laws attempting to address harms from artificial intelligence (AI) systems. According to a draft published by news outlets, this order would direct federal agencies to bring legal challenges to state AI regulations that the administration deems “onerous,”  to restrict funding to those states that have these laws, and to adopt new federal law that overrides state AI laws.

This approach is deeply misguided.

As we’ve said before, the fact that states are regulating AI is often a good thing. Left unchecked, company and government use of automated decision-making systems in areas such as housing, health care, law enforcement, and employment have already caused discriminatory outcomes based on gender, race, and other protected statuses.

While state AI laws have not been perfect, they are genuine attempts to address harms that people across the country face from certain uses of AI systems right now. Given the tone of the Trump Administration’s draft order, it seems clear that the preemptive federal legislation backed by this administration will not stop ways that automated decision making systems can result in discriminatory decisions.

For example, a copy of the draft order published by Politico specifically names the Colorado AI Act as an example of supposedly “onerous” legislation. As we said in our analysis of Colorado’s law, it is a limited but crucial step—one that needs to be strengthened to protect people more meaningfully from AI harms. It is possible to guard against harms and support innovation and expression. Ignoring the harms that these systems can cause when used in discriminatory ways is not the way to do that.

Again: stopping states from acting on AI will stop progress. Proposals such as the executive order, or efforts to put a broad moratorium on state AI laws into the National Defense Authorization Act (NDAA), will hurt us all. Companies that produce AI and automated decision-making software have spent millions in state capitals and in Congress to slow or roll back legal protections regulating artificial intelligence. If reports about the Trump administration’s executive order are true, those efforts are about to get a supercharged ally in the federal government.

And all of us will pay the price.

Potential Government Coercion Raises First Amendment Concerns

SAN FRANCISCO – The Electronic Frontier Foundation (EFF) sued the departments of Justice (DOJ) and Homeland Security (DHS) today to uncover information about the federal government demanding that tech companies remove apps that document immigration enforcement activities in communities throughout the country. 

Tech platforms took down several such apps (including ICE Block, Red Dot, and DeICER) and webpages (including ICE Sighting-Chicagoland) following communications with federal officials this year, raising important questions about government coercion to restrict protected First Amendment activity.

"We're filing this lawsuit to find out just what the government told tech companies," said EFF Staff Attorney F. Mario Trujillo. "Getting these records will be critical to determining whether federal officials crossed the line into unconstitutional coercion and censorship of protected speech."

In October, Apple removed ICEBlock, an app that allows users to report Immigration and Customs Enforcement (ICE) activity in their area, from its App Store. Attorney General Pamela Bondi publicly took credit for the takedown, telling reporters, “We reached out to Apple today demanding they remove the ICEBlock app from their App Store—and Apple did so.” In the days that followed, Apple removed several similar apps from the App Store. Google and Meta removed similar apps and webpages from platforms they own as well. Bondi vowed to “continue engaging tech companies” on the issue. 

People have a protected First Amendment right to document and share information about law enforcement activities performed in public. If government officials coerce third parties into suppressing protected activity, this can be unconstitutional, as the government cannot do indirectly what it is barred from doing directly.

Last month, EFF submitted Freedom of Information Act (FOIA) requests to the DOJ, DHS and its component agencies ICE and Customs and Border Protection. The requests sought records and communications about agency demands that technology companies remove apps and pages that document immigration enforcement activities. So far, none of the agencies have provided these records. EFF's FOIA lawsuit demands their release.

For the complaint: https://www.eff.org/document/complaint-eff-v-doj-dhs-ice-tracking-apps

For more about the litigation: https://www.eff.org/cases/eff-v-doj-dhs-ice-tracking-apps

Tags: ICEContact:  F. Mario TrujilloStaff Attorneymario@eff.org

The U.S. Patent and Trademark Office (USPTO) has proposed new rules that would effectively end the public’s ability to challenge improperly granted patents at their source—the Patent Office itself. If these rules take effect, they will hand patent trolls exactly what they’ve been chasing for years: a way to keep bad patents alive and out of reach. People targeted with troll lawsuits will be left with almost no realistic or affordable way to defend themselves.

We need EFF supporters to file public comments opposing these rules right away. The deadline for public comments is December 2. The USPTO is moving quickly, and staying silent will only help those who profit from abusive patents. 

TAKE ACTION

Tell USPTO: The public has a right to challenge bad patents

We’re asking supporters who care about a fair patent system to file comments using the federal government’s public comment system. Your comments don’t need to be long, or use legal or technical vocabulary. The important thing is that everyday users and creators of technology have  the chance to speak up, and be counted. 

Below is a short, simple comment you can copy and paste. Your comment will carry more weight if you add a personal sentence or two of your own. Please note that comments should be submitted under your real name and will become part of the public record. 

Sample comment: 

I oppose the USPTO’s proposed rule changes for inter partes review (IPR), Docket No. PTO-P-2025-0025. The IPR process must remain open and fair. Patent challenges should be decided on their merits, not shut out because of legal activity elsewhere. These rules would make it nearly impossible for the public to challenge bad patents, and that will harm innovation and everyday technology users.

Why This Rule Change Matters

Inter partes review, (IPR), isn’t perfect. It hasn’t eliminated patent trolling, and it’s not available in every case. But it is one of the few practical ways for ordinary developers, small companies, nonprofits, and creators to challenge a bad patent without spending millions of dollars in federal court. That’s why patent trolls hate it—and why the USPTO’s new rules are so dangerous.

IPR isn’t easy or cheap, but compared to years of litigation, it’s a lifeline. When the system works, it removes bogus patents from the table for everyone, not just the target of a single lawsuit. 

IPR petitions are decided by the Patent Trial and Appeal Board (PTAB), a panel of specialized administrative judges inside the USPTO. Congress designed  IPR to provide a fresh, expert look at whether a patent should have been granted in the first place—especially when strong prior art surfaces. Unlike  full federal trials, PTAB review is faster, more technical, and actually accessible to small companies, developers, and public-interest groups.

Here are three real examples of how IPR protected the public: 

• The “Podcasting Patent” (Personal Audio)

Personal Audio claimed it had “invented” podcasting and demanded royalties from audio creators using its so-called podcasting patent. EFF crowdsourced prior art, filed an IPR, and ultimately knocked out the patent—benefiting  the entire podcasting world.

Under the new rules, this kind of public-interest challenge could easily be blocked based on procedural grounds like timing, before the PTAB even examines the patent. 

• SportBrain’s “upload your fitness data” patent

SportBrain sued more than 80 companies over a patent that claimed to cover basic gathering of user data and sending it over a network. A panel of PTAB judges canceled every claim.

Under the new rules, this patent could have survived long enough to force dozens more companies to pay up.

• Shipping & Transit: a troll that sued hundreds of businesses

For more than a decade, Shipping & Transit sued companies over extremely broad “delivery notifications”patents. After repeated losses at PTAB and in court (including fee awards), the company finally collapsed. 

Under the new rules, a troll like this could keep its patents alive and continue carpet-bombing small businesses with lawsuits.

IPR hasn’t ended patent trolling. But when a troll waves a bogus patent at hundreds or thousands of people, IPR is one of the only tools that can actually fix the underlying problem: the patent itself. It dismantles abusive patent monopolies that never should have existed,   saving entire industries from predatory litigation. That’s exactly why patent trolls and their allies have fought so hard to shut it down. They’ve failed to dismantle IPR in court or in Congress—and now they’re counting on the USPTO’s own leadership to do it for them. 

What the USPTO Plans To Do

First, they want you to give up your defenses in court. Under this proposal, a defendant can’t file an IPR unless they promise to never challenge the patent’s validity in court. 

For someone actually being sued or threatened with patent infringement, that’s simply not a realistic promise to make. The choice would be: use IPR and lose your defenses—or keep your defenses and lose IPR.

Second, the rules allow patents to become “unchallengeable” after one prior fight. That’s right. If a patent survives any earlier validity fight, anywhere, these rules would block everyone else from bringing an IPR, even years later and even if new prior art surfaces. One early decision—even one that’s poorly argued, or didn’t have all the evidence—would block the door on the entire public.

Third, the rules will block IPR entirely if a district court case is projected to move faster than PTAB. 

So if a troll sues you with one of the outrageous patents we’ve seen over the years, like patents on watching an ad, showing picture menus, or clocking in to work, the USPTO won’t even look at it. It’ll be back to the bad old days, where you have exactly one way to beat the troll (who chose the court to sue in)—spend millions on experts and lawyers, then take your chances in front of a federal jury. 

The USPTO claims this is fine because defendants can still challenge patents in district court. That’s misleading. A real district-court validity fight costs millions of dollars and takes years. For most people and small companies, that’s no opportunity at all. 

Only Congress Can Rewrite IPR

IPR was created by Congress in 2013 after extensive debate. It was meant to give the public a fast, affordable way to correct the Patent Office’s own mistakes. Only Congress—not agency rulemaking—can rewrite that system.

The USPTO shouldn’t be allowed to quietly undermine IPR with procedural traps that block legitimate challenges.

Bad patents still slip through every year. The Patent Office issues hundreds of thousands of new patents annually. IPR is one of the only tools the public has to push back.

These new rules rely on the absurd presumption that it’s the defendants—the people and companies threatened by questionable patents—who are abusing the system with multiple IPR petitions, and that they should be limited to one bite at the apple. 

That’s utterly upside-down. It’s patent trolls like Shipping & Transit and Personal Audio that have sued, or threatened, entire communities of developers and small businesses.

When people have evidence that an overbroad patent was improperly granted, that evidence should be heard. That’s what Congress intended. These rules twist that intent beyond recognition. 

In 2023, more than a thousand EFF supporters spoke out and stopped an earlier version of this proposal—your comments made the difference then, and they can again. 

Our principle is simple: the public has a right to challenge bad patents. These rules would take that right away. That’s why it’s vital to speak up now. 

TAKE ACTION

Sample comment: 

I oppose the USPTO’s proposed rule changes for inter partes review (IPR), Docket No. PTO-P-2025-0025. The IPR process must remain open and fair. Patent challenges should be decided on their merits, not shut out because of legal activity elsewhere. These rules would make it nearly impossible for the public to challenge bad patents, and that will harm innovation and everyday technology users.

Powerful institutions are using automated decision-making against us. Landlords use it to decide who gets a home. Insurance companies use it to decide who gets health care. ICE uses it to decide who must submit to location tracking by electronic monitoring. Bosses use it to decide who gets fired, and to predict who is organizing a union or planning to quit. Bosses even use AI to assess the body language and voice tone of job candidates. And these systems often discriminate based on gender, race, and other protected statuses.

Fortunately, workers, patients, and renters are resisting.

In 2024, Colorado enacted a limited but crucial step forward against automated abuse: the AI Act (S.B. 24-205). We commend the labor, digital rights, and other advocates who have worked to enact and protect it. Colorado recently delayed the Act’s effective date to June 30, 2026.

EFF looks forward to enforcement of the Colorado AI Act, opposes weakening or further delaying it, and supports strengthening it.

What the Colorado AI Act Does

The Colorado AI Act is a good step in the right direction. It regulates “high risk AI systems,” meaning machine-based technologies that are a “substantial factor” in deciding whether a person will have access to education, employment, loans, government services, healthcare, housing, insurance, or legal services. An AI-system is a “substantial factor” in those decisions if it assisted in the decision and could alter its outcome. The Act’s protections include transparency, due process, and impact assessments.

The Act is a solid foundation. Still, EFF urges Colorado to strengthen it

Transparency. The Act requires “developers” (who create high-risk AI systems) and “deployers” (who use them) to provide information to the general public and affected individuals about these systems, including their purposes, the types and sources of inputs, and efforts to mitigate known harms. Developers and deployers also must notify people if they are being subjected to these systems. Transparency protections like these can be a baseline in a comprehensive regulatory program that facilitates enforcement of other protections.

Due process. The Act empowers people subjected to high-risk AI systems to exercise some self-help to seek a fair decision about them. A deployer must notify them of the reasons for the decision, the degree the system contributed to the decision, and the types and sources of inputs. The deployer also must provide them an opportunity to correct any incorrect inputs. And the deployer must provide them an opportunity to appeal, including with human review.

Impact assessments. The Act requires a developer, before providing a high-risk AI system to a deployer, to disclose known or reasonably foreseeable discriminatory harms by the system, and the intended use of the AI. In turn, the Act requires a deployer to complete an annual impact assessment for each of its high-risk AI systems, including a review of whether they cause algorithmic discrimination. A deployer also must implement a risk management program that is proportionate to the nature and scope of the AI, the sensitivity of the data it processes, and more. Deployers must regularly review their risk management programs to identify and mitigate any known or reasonably foreseeable risks of algorithmic discrimination. Impact assessment regulations like these can helpfully place a proactive duty on developers and deployers to find and solve problems, as opposed to doing nothing until an individual subjected to a high-risk system comes forward to exercise their rights.

How the Colorado AI Act Should Be Strengthened

The Act is a solid foundation. Still, EFF urges Colorado to strengthen it, especially in its enforcement mechanisms.

Private right of action. The Colorado AI Act grants exclusive enforcement to the state attorney general. But no regulatory agency will ever have enough resources to investigate and enforce all violations of a law, and many government agencies get “captured” by the industries they are supposed to regulate. So Colorado should amend its Act to empower ordinary people to sue the companies that violate their legal protections from high-risk AI systems. This is often called a “private right of action,” and it is the best way to ensure robust enforcement. For example, the people of Illinois and Texas on paper have similar rights to biometric privacy, but in practice the people of Illinois have far more enjoyment of this right because they can sue violators.

Civil rights enforcement. One of the biggest problems with high-risk AI systems is that they recurringly have an unfair disparate impact against vulnerable groups, and so one of the biggest solutions will be vigorous enforcement of civil rights laws. Unfortunately, the Colorado AI Act contains a confusing “rebuttable presumption” – that is, an evidentiary thumb on the scale – that may impede such enforcement. Specifically, if a deployer or developer complies with the Act, then they get a rebuttable presumption that they complied with the Act’s requirement of “reasonable care” to protect people from algorithmic discrimination. In practice, this may make it harder for a person subjected to a high-risk AI system to prove their discrimination claim. Other civil rights laws generally do not have this kind of provision. Colorado should amend its Act to remove it.

Next Steps

Colorado is off to an important start. Now it should strengthen its AI Act, and should not weaken or further delay it. Other states must enact their own laws. All manner of automated decision-making systems are unfairly depriving people of jobs, health care, and more.

EFF has long been fighting against such practices. We believe technology should improve everyone’s lives, not subject them to abuse and discrimination. We hope you will join us.

EFF and the ACLU of Northern California Sue on Behalf of Local Nonprofits

Contact: Josh Richman, EFF, jrichman@eff.org;  Carmen King, ACLU of Northern California, cking@aclunc.org

SAN JOSE, Calif. – San Jose and its police department routinely violate the California Constitution by conducting warrantless searches of the stored records of millions of drivers’ private habits, movements, and associations, the Electronic Frontier Foundation (EFF) and American Civil Liberties Union of Northern California (ACLU-NC) argue in a lawsuit filed Tuesday. 

The lawsuit, filed in Santa Clara County Superior Court on behalf of the Services, Immigrant Rights and Education Network (SIREN) and the Council on American-Islamic Relations – California (CAIR-CA), challenges San Jose police officers’ practice of searching for location information collected by automated license plate readers (ALPRs) without first getting a warrant.  

ALPRs are an invasive mass-surveillance technology: high-speed, computer-controlled cameras that automatically capture images of the license plates of every driver that passes by, without any suspicion that the driver has broken the law. 

“A person who regularly drives through an area subject to ALPR surveillance can have their location information captured multiple times per day,” the lawsuit says. “This information can reveal travel patterns and provide an intimate window into a person’s life as they travel from home to work, drop off their children at school, or park at a house of worship, a doctor’s office, or a protest. It could also reveal whether a person crossed state lines to seek health care in California.”

The San Jose Police Department has blanketed the city’s roadways with nearly 500 ALPRs – indiscriminately collecting millions of records per month about people’s movements – and keeps this data for an entire year. Then the department permits its officers and other law enforcement officials from across the state to search this ALPR database to instantly reconstruct people’s locations over time – without first getting a warrant. This is an unchecked police power to scrutinize the movements of San Jose’s residents and visitors as they lawfully travel to work, to the doctor, or to a protest. 

San Jose’s ALPR surveillance program is especially pervasive: Few California law enforcement agencies retain ALPR data for an entire year, and few have deployed nearly 500 cameras.  

The lawsuit, which names the city, its Police Chief Paul Joseph, and its Mayor Matt Mahan as defendants, asks the court to stop the city and its police from searching ALPR data without first obtaining a warrant. Location information reflecting people’s physical movements, even in public spaces, is protected under the Fourth Amendment according to U.S. Supreme Court case law. The California Constitution is even more protective of location privacy, at both Article I, Section 13 (the ban on unreasonable searches) and Article I, Section 1 (the guarantee of privacy). “The SJPD’s widespread collection and searches of ALPR information poses serious threats to communities’ privacy and freedom of movement."

“This is not just about data or technology — it’s about power, accountability, and our right to move freely without being watched,” said CAIR-San Francisco Bay Area Executive Director Zahra Billoo. “For Muslim communities, and for anyone who has experienced profiling, the knowledge that police can track your every move without cause is chilling. San Jose’s mass surveillance program violates the California Constitution and undermines the privacy rights of every person who drives through the city. We’re going to court to make sure those protections still mean something." 

"The right to privacy is one of the strongest protections that our immigrant communities have in the face of these acts of violence and terrorism from the federal government," said SIREN Executive Director Huy Tran. "This case does not raise the question of whether these cameras should be used. What we need to guard against is a surveillance state, particularly when we have seen other cities or counties violate laws that prohibit collaborating with ICE. We can protect the privacy rights of our residents with one simple rule: Access to the data should only happen once approved under a judicial warrant.”  

For the complaint: https://www.eff.org/files/2025/11/18/siren_v._san_jose_-_filed_complaint.pdf

For more about ALPRs: https://sls.eff.org/technologies/automated-license-plate-readers-alprs 

Tags: SIREN and CAIR-CA v. San JoseAutomated License Plate Readers (ALPRs)Street Level Surveillance

Interviewer: Jillian York

Benjamin Ismail is the Campaign and Advocacy Director for GreatFire, where he leads efforts to expose the censorship apparatus of authoritarian regimes worldwide. He also runs/oversees the App Censorship Project, including the AppleCensorship.com and GoogleCensorship.org platforms, which track mobile app censorship globally. From 2011 to 2017, Benjamin headed the Asia-Pacific desk at Reporters Without Borders (RSF).

Jillian York: Hi Benjamin, it's great to chat with you. We got to meet at the Global Gathering recently and we did a short video there and it was wonderful to get to know you a little bit. I'm going to start by asking you my first basic question: What does free speech or free expression mean to you?

Benjamin Ismail: Well, it starts with a very, very big question. What I have in mind is a cliche answer, but it's what I genuinely believe. I think about all freedoms. So when you say free expression, free speech, or freedom of information or Article 19, all of those concepts are linked together, I immediately think of all human rights at once. Because what I have seen during my current or past work is how that freedom is really the cornerstone of all freedom. If you don’t have that, you can’t have any other freedom. If you don’t have freedom of expression, if you don't have journalism, you don't have pluralism of opinions—you have self-censorship.

You have realities, violations, that exist but are not talked about, and are not exposed, not revealed, not tackled, and nothing is really improved without that first freedom. I also think about Myanmar because I remember going there in 2012, when the country had just opened after the democratic revolution. We got the chance to meet with many officials, ministers, and we got to tell them that they should start with that because their speech was “don’t worry, don’t raise freedom of speech, freedom of the press will come in due time.”

And we were saying “no, that’s not how it works!” It doesn’t come in due time when other things are being worked on. It starts with that so you can work on other things. And so I remember very well those meetings and how actually, unfortunately, the key issues that re-emerged afterwards in the country were precisely due to the fact that they failed to truly implement free speech protections when the country started opening.

JY: What was your path to this work?

BI: This is a multi-faceted answer. So, I was studying Chinese language and civilization at the National Institute of Oriental Languages and Civilizations in Paris along with political science and international law. When I started that line of study, I considered maybe becoming a diplomat…that program led to preparing for the exams required to enter the diplomatic corps in France.

But I also heard negative feedback on the Ministry of Foreign Affairs and, notably, first-hand testimonies from friends and fellow students who had done internships there. I already knew that I had a little bit of an issue with authority. My experience as an assistant at Reporters Without Borders challenged the preconceptions I had about NGOs and civil society organizations in general. I was a bit lucky to come at a time when the organization was really trying to find its new direction, its new inspiration. So it a brief phase where the organization itself was hungry for new ideas.

Being young and not very experienced, I was invited to share my inputs, my views—among many others of course. I saw that you can influence an organization’s direction, actions, and strategy, and see the materialization of those strategic choices. Such as launching a campaign, setting priorities, and deciding how to tackle issues like freedom of information, and the protection of journalists in various contexts.

That really motivated me and I realized that I would have much less to say if I had joined an institution such as the Ministry of Foreign Affairs. Instead, I was part of a human-sized group, about thirty-plus employees working together in one big open space in Paris.

After that experience I set my mind on joining the civil society sector, focusing on freedom of the press. on journalistic issues, you get to touch on many different issues in many different regions, and I really like that. So even though it’s kind of monothematic, it's a single topic that's encompassing everything at the same time.

I was dealing with safety issues for Pakistani journalists threatened by the Taliban. At the same time I followed journalists pressured by corporations such as TEPCO and the government in Japan for covering nuclear issues. I got to touch on many topics through the work of the people we were defending and helping. That’s what really locked me onto this specific human right.

 I already had my interest when I was studying in political and civil rights, but after that first experience, at the end of 2010, I went to China and got called by Reporters Without Borders. They told me that the head of the Asia desk was leaving and invited me to apply for the position. At that time, I was in Shanghai, working to settle down there. The alternative was accepting a job that would take me back to Paris but likely close the door on any return to China. Once you start giving interviews to outlets like the BBC and CNN, well… you know how that goes—RSF was not viewed favorably in many countries. Eventually, I decided it was a huge opportunity, so I accepted the job and went back to Paris, and from then on I was fully committed to that issue.

 JY: For our readers, tell us what the timeline of this was.

 BI: I finished my studies in 2009. I did my internship with Reporters Without Borders that year and continued to work pro bono for the organization on the Chinese website in 2010. Then I went to China, and in January 2011, I was contacted by Reporters without Borders about the departure of the former head of the Asia Pacific Desk.

I did my first and last fact-finding mission in China, and went to Beijing. I met the artist Ai Weiwei in Beijing just a few weeks before he was arrested, around March 2011, and finally flew back to Paris and started heading the Asia desk. I left the organization in 2017. 

JY: Such an amazing story. I’d love to hear more about the work that you do now.

 BI: The story of the work I do now actually starts in 2011. That was my first year heading the Asia Pacific Desk. That same year, a group of anonymous activists based in China started a group called GreatFire. They launched their project with a website where you can type any URL you want and that website will test the connection from mainland China to that URL and tell you know if it’s accessible or blocked. They also kept the test records so that you can look at the history of the blocking of a specific website, which is great. That was GreatFire’s first project for monitoring web censorship in mainland China.

We started exchanging information, working on the issue of censorship in China. They continued to develop more projects which I tried to highlight as well. I also helped them to secure some funding. At the very beginning, they were working on these things as a side job. And progressively they managed to get some funding, which was very difficult because of the anonymity.

One of the things I remember is that I helped them get some funding from the EU through a mechanism called “Small Grants”, where every grant would be around €20- 30,000. The EU, you know, is a bureaucratic entity and they were demanding some paperwork and documents. But I was telling them that they wouldn’t be able to get the real names of the people working at GreatFire, but that they should not be concerned about that because, what they wanted was to finance that tool. So if we were to show them that the people they were going to send the money to were actually the people controlling that website, then it would be fine. And so we featured a little EU logo just for one day, I think on the footer of the website so they could check that. And that’s how we convinced the EU to support GreatFire for that work. Also, there's this tactic called “Collateral Freedom” that GreatFire uses very well.

The idea is that you host sensitive content on HTTPS servers that belong to companies which also operate inside China and are accessible there. Because it’s HTTPS, the connection is encrypted, so the authorities can’t just block a specific page—they can’t see exactly which page is being accessed. To block it, they’d have to block the entire service. Now, they can do that, but it comes at a higher political and economic cost, because it means disrupting access to other things hosted on that same service—like banks or major businesses. That’s why it’s called “collateral freedom”: you’re basically forcing the authorities to risk broader collateral damage if they want to censor your content.

When I was working for RSF, I proposed that we replicate that tactic on the 12th of March—that's the World Day against Cyber Censorship. We had the habit of publishing what we called the “enemies of the Internet” report, where we would highlight and update the situation on the countries which were carrying out the harshest repression online; countries like Iran, Turkmenistan, North Korea, and of course, China. I suggested in a team meeting: “what if we highlighted the good guys? Maybe we could highlight 10 exiled media and use collateral freedom to uncensor those. And so we did: some Iranian media, Egyptian media, Chinese media, Turkmen media were uncensored using mirrors hosted on https servers owned by big, and thus harder to block, companies...and that’s how we started to do collateral freedom and it continued to be an annual thing.

I also helped in my personal capacity, including after I left Reporters Without Borders. After I left RSF, I joined another NGO focusing on China, which I knew also from my time at RSF. I worked with that group for a year and a half; GreatFire contacted me to work on a website specifically. So here we are, at the beginning of 2020, they had just started this website called Applecensorship.com that allowed users to test availability of any app in any of Apple’s 175 App Stores worldwide They needed a better website—one that allowed advocacy content—for that tool.

The idea was to make a website useful for academics doing research, journalists investigating app store censorship and control and human rights NGOs, civil society organizations interested in the availability of any tools. Apple’s censorship in China started quickly after the company entered the Chinese market, in 2010.

In 2013, one of the projects by GreatFire which had been turned into an iOS app was removed by Apple 48 hours after its release on the App Store, at the demand of the Chinese authorities. That project was Free Weibo, which is a website which features censored posts from Weibo, the Chinese equivalent of Twitter—we crawl social media and detect censored posts and republish them on the site. In 2017 it was reported that Apple had removed all VPNs from the Chinese app store.

So between that episode in 2013, and the growing censorship of Apple in China (and in other places too) led to the creation of AppleCensorship in 2019. GreatFire asked me to work on that website. The transformation into an advocacy platform was successful. I then started working full time on that project, which has since evolved into the App Censorship Project, which includes another website, googlecensorship.org (offering features similar to Applecensorship.com but for the 224 Play Stores worldwide). In the meantime, I became the head of campaigns and advocacy, because of my background at RSF.  

 JY: I want to ask you, looking beyond China, what are some other places in the world that you're concerned about at the moment, whether on a professional basis, but also maybe just as a person. What are you seeing right now in terms of global trends around free expression that worry you?

BI: I think, like everyone else, that what we're seeing in Western democracies—in the US and even in Europe—is concerning. But I'm still more concerned about authoritarian regimes than about our democracies. Maybe it's a case of not learning my lesson or of naive optimism, but I'm still more concerned about China and Russia than I am about what I see in France, the UK, or the US.

There has been some recent reporting about China developing very advanced censorship and surveillance technologies and exporting them to other countries like Myanmar and Pakistan. What we’re seeing in Russia—I’m not an expert on that region, but we heard experts saying back in 2022 that Russia was trying to increase its censorship and control, but that it couldn’t become like China because China had exerted control over its internet from the very beginning: They removed Facebook back in 2009, then Google was pushed away by the authorities (and the market). And the Chinese authorities successfully filled the gaps left by the absence of those foreign Western companies.

Some researchers working on Russia were saying that it wasn’t really possible for Russia to do what China had done because it was unprepared and that China had engineered it for more than a decade. What we are seeing now is that Russia is close to being able to close its Internet, to close the country, to replace services by its own controlled ones. It’s not identical, but it’s also kind of replicating what China has been doing. And that’s a very sad observation to make.

 Beyond the digital, the issue of how far Putin is willing to go in escalating concerns. As a human being and an inhabitant of the European continent, I’m concerned by the ability of a country like Russia to isolate itself while waging a war. Russia is engaged in a real war and at the same time is able to completely digitally close down the country. Between that and the example of China exporting censorship, I’m not far from thinking that in ten or twenty years we’ll have a completely splintered internet.

JY: Do you feel like having a global perspective like this has changed or reshaped your views in any way?

BI: Yes, in the sense that when you start working with international organizations, and you start hearing about the world and how human rights are universal values, and you get to meet people and go to different countries, you really get to experience how universal those freedoms and aspirations are. When I worked RSF and lobbied governments to pass a good law or abolish a repressive one, or when I worked on a case of a jailed journalist or blogger, I got to talk to authorities and to hear weird justifications from certain governments (not mentioning any names but Myanmar and Vietnam) like “those populations are different from the French” and I would receive pushback that the ideas of freedoms I was describing were not applicable to their societies. It’s a bit destabilizing when you hear that for the first time. But as you gain experience, you can clearly explain why human rights are universal and why different populations shouldn’t be ruled differently when it comes to human rights.

Everyone wants to be free. This notion of “universality” is comforting because when you’re working for something universal, the argument is there. The freedoms you defend can’t be challenged in principle, because everyone wants them. If governments and authorities really listened to their people, they would hear them calling for those rights and freedoms.

Or that’s what I used to think. Now we hear this growing rhetoric that we (people from the West) are exporting democracy, that it’s a western value, and not a universal one. This discourse, notably developed by Xi Jinping in China, “Western democracy” as a new concept— is a complete fallacy. Democracy was invented in the West, but democracy is universal. Unfortunately, I now believe that, in the future, we will have to justify and argue much more strongly for the universality of concepts like democracy, human rights and fundamental freedoms. 

JY: Thank you so much for this insight. And now for our final question: Do you have a free speech hero?

BI: No.

JY: No? No heroes? An inspiration maybe.

BI: On the contrary, I’ve been disappointed so much by certain figures that were presented as human rights heroes…Like Aung San Suu Kyi during the Rohingya crisis, on which I worked when I was at RSF.

Myanmar officially recognizes 135 ethnic groups, but somehow this one additional ethnic minority (the Rohingya) is impossible for them to accept. It’s appalling. It’s weird to say, but some heroes are not really good people either. Being a hero is doing a heroic action, but people who do heroic actions can also do very bad things before or after, at a different level. They can be terrible persons, husbands or friends and be a “human rights” hero at the same time.

Some people really inspired me but they’re not public figures. They are freedom fighters, but they are not “heroes”. They remain in the shadows. I know their struggles; I see their determination, their conviction, and how their personal lives align with their role as freedom fighters. These are the people who truly inspire me.

A new bill sponsored by Sen. Hawley (D-MO), Sen. Blumenthal (D-CT), Sen. Britt (R-AL), Sen. Warner (D-VA), and Sen. Murphy (D-CT) would require AI chatbots to verify all users’ ages, prohibit minors from using AI tools, and implement steep criminal penalties for chatbots that promote or solicit certain harms. That might sound reasonable at first, but behind those talking points lies a sprawling surveillance and censorship regime that would reshape how people of all ages use the internet.

The GUARD Act may look like a child-safety bill, but in practice it’s an age-gating mandate that could be imposed on nearly every public-facing AI chatbot.

The GUARD Act may look like a child-safety bill, but in practice it’s an age-gating mandate that could be imposed on nearly every public-facing AI chatbot—from customer-service bots to search-engine assistants. The GUARD Act could force countless AI companies to collect sensitive identity data, chill online speech, and block teens from using the digital tools that they rely on every day.

EFF has warned for years that age-verification laws endanger free expression, privacy, and competition. There are legitimate concerns about transparency and accountability in AI, but the GUARD Act’s sweeping mandates are not the solution.

TAKE ACTION

TELL CONGRESS: The guard act won't keep us safe

Young People's Access to Legitimate AI Tools Could Be Cut Off Entirely. 

The GUARD Act doesn’t give parents a choice—it simply blocks minors from AI companions altogether. If a chat system’s age-verification process determines that a user is under 18, that user must then be locked out completely. The GUARD Act contains no parental consent mechanism, no appeal process for errors in age estimation, and no flexibility for any other context.

The bill’s definition of an AI “companion” is ambiguous enough that it could easily be interpreted to extend beyond general-use LLMs like ChatGPT, causing overcautious companies to block young people from other kinds of AI services too. In practice, this means that under the GUARD Act, teenagers may not be able to use chatbots to get help with homework, seek customer service assistance for a product they bought, or even ask a search engine a question. It could also cut off all young people’s access to educational and creative tools that have quickly become a part of everyday learning and life online.

The GUARD Act’s sponsors claim these rules will keep our children safe, but that’s not true.

By treating all young people—whether seven or seventeen—the same, the GUARD Act threatens their ability to explore their identities, get answers to questions free from shame or stigma, and gradually develop a sense of autonomy as they mature into adults. Denying teens’ access to online spaces doesn’t make them safer, it just keeps them uninformed and unprepared for adult life.  

The GUARD Act’s sponsors claim these rules will keep our children safe, but that’s not true. Instead, it will undermine both safety and autonomy by replacing parental guidance with government mandates and building mass surveillance infrastructure instead of privacy controls.

All Age Verification Systems Are Dangerous. This Is No Different. 

Teens aren’t the only ones who lose out under the GUARD Act. The bill would require platforms to confirm the ages of all users—young and old—before allowing them to speak, learn, or engage with their AI tools.

Under the GUARD Act, platforms can’t rely on a simple “I’m over 18” checkbox or self-attested birthdate. Instead, they must build or buy a “commercially reasonable” age-verification system that collects identifying information (like a government ID, credit record, or biometric data) from every user before granting them access to the AI service. Though the GUARD Act does contain some data minimization language, its mandate to periodically re-verify users means that platforms must either retain or re-collect that sensitive user data as needed. Both of those options come with major privacy risks.  

EFF has long documented the dangers of age-verification systems:

• They create attractive targets for hackers. Third-party services that collect users’ sensitive ID and biometric data for the purpose of age verification have been repeatedly breached, exposing millions to identity theft and other harms.
• They implement mass surveillance systems and ruin anonymity. To verify your age, a system must determine and record who you are. That means every chatbot interaction could feasibly be linked to your verified identity.
• They disproportionately harm vulnerable groups. Many people—especially activists and dissidents, trans and gender-nonconforming folks, undocumented people, and survivors of abuse—avoid systems that force identity disclosure. The GUARD Act would entirely cut off their ability to use these public AI tools.
• They entrench Big Tech. Only the biggest companies can afford the compliance and liability burden of mass identity verification. Smaller, privacy-respecting developers simply can’t compete.

As we’ve said repeatedly, there’s no such thing as “safe” age verification. Every approach—whether it’s facial or biometric scans, government ID uploads, or behavioral or account analysis—creates new privacy, security, and expressive harms.

Vagueness + Steep Fines = Censorship. Full Stop. 

Though mandatory age-gates provide reason enough to oppose the GUARD Act, the definitions of “AI chatbot” and “AI companion” are also vague and broad enough to raise alarms. In a nutshell, the Act’s definitions of these two terms are so expansive that they could cover nearly any system capable of generating “human-like” responses—including not just general-purpose LLMs like ChatGPT, but also more tailored services like those used for customer service interactions, search-engine summaries, and subject-specific research tools.

The bill defines an “AI chatbot” as any service that produces “adaptive” or “context-responsive” outputs that aren’t fully predetermined by a developer or operator. That could include Google’s search summaries, research tools like Perplexity, or any AI-powered Q&A tool—all of which respond to natural language prompts and dynamically generate conversational text.

Meanwhile, the GUARD Act’s definition of an “AI companion”—a system that both produces “adaptive” or “context-responsive” outputs and encourages or simulates “interpersonal or emotional interaction”—will easily sweep in general-purpose tools like ChatGPT. Courts around the country are already seeing claims that conversational AI tools manipulate users’ emotions to increase engagement. Under this bill, that’s enough to trigger the “AI companion” label, putting AI developers at risk even when they do not intend to cause harm.

Both of these definitions are imprecise and unconstitutionally overbroad. And, when combined with the GUARD Act’s incredibly steep fines (up to $100,000 per violation, enforceable by the federal Attorney General and every state AG), companies worried about their legal liability will inevitably err on the side of prohibiting minors from accessing their chat systems. The GUARD Act leaves them these options: censor certain topics en masse, entirely block users under 18 from accessing their services, or implement broad-sweeping surveillance systems as a prerequisite to access. No matter which way platforms choose to go, the inevitable result for users is less speech, less privacy, and less access to genuinely helpful tools.

How You Can Help

While there may be legitimate problems with AI chatbots, young people’s safety is an incredibly complex social issue both on- and off-line. The GUARD Act tries to solve this complex problem with a blunt, dangerous solution.

In other words, protecting young people’s online safety is incredibly important, but to do so by forcing invasive ID checks, criminalizing AI tools, and banning teens from legitimate digital spaces is not a good way out of this.

The GUARD Act would make the internet less free, less private, and less safe for everyone.

The GUARD Act would make the internet less free, less private, and less safe for everyone. It would further consolidate power and resources in the hands of the bigger AI companies, crush smaller developers, and chill innovation under the threat of massive fines. And it would cut off vulnerable groups’ ability to use helpful everyday AI tools, further stratifying the internet we know and love.

Lawmakers should reject the GUARD Act and focus instead on policies that provide transparency, more options for users, and comprehensive privacy for all. Help us tell Congress to oppose the GUARD Act today.

TAKE ACTION

TELL CONGRESS: OPPOSe THE GUARD ACT

Remember when you thought age verification laws couldn't get any worse? Well, lawmakers in Wisconsin, Michigan, and beyond are about to blow you away.

It's unfortunately no longer enough to force websites to check your government-issued ID before you can access certain content, because politicians have now discovered that people are using Virtual Private Networks (VPNs) to protect their privacy and bypass these invasive laws. Their solution? Entirely ban the use of VPNs. 

Yes, really.

As of this writing, Wisconsin lawmakers are escalating their war on privacy by targeting VPNs in the name of “protecting children” in A.B. 105/S.B. 130. It’s an age verification bill that requires all websites distributing material that could conceivably be deemed “sexual content” to both implement an age verification system and also to block the access of users connected via VPN. The bill seeks to broadly expand the definition of materials that are “harmful to minors” beyond the type of speech that states can prohibit minors from accessing—potentially encompassing things like depictions and discussions of human anatomy, sexuality, and reproduction. 

This follows a notable pattern: As we’ve explained previously, lawmakers, prosecutors, and activists in conservative states have worked for years to aggressively expand the definition of “harmful to minors” to censor a broad swath of content: diverse educational materials, sex education resources, art, and even award-winning literature. 

Wisconsin’s bill has already passed the State Assembly and is now moving through the Senate. If it becomes law, Wisconsin could become the first state where using a VPN to access certain content is banned. Michigan lawmakers have proposed similar legislation that did not move through its legislature, but among other things, would force internet providers to actively monitor and block VPN connections. And in the UK, officials are calling VPNs "a loophole that needs closing."

This is actually happening. And it's going to be a disaster for everyone.

Here's Why This Is A Terrible Idea 

VPNs mask your real location by routing your internet traffic through a server somewhere else. When you visit a website through a VPN, that website only sees the VPN server's IP address, not your actual location. It's like sending a letter through a P.O. box so the recipient doesn't know where you really live. 

So when Wisconsin demands that websites "block VPN users from Wisconsin," they're asking for something that's technically impossible. Websites have no way to tell if a VPN connection is coming from Milwaukee, Michigan, or Mumbai. The technology just doesn't work that way.

Websites subject to this proposed law are left with this choice: either cease operation in Wisconsin, or block all VPN users, everywhere, just to avoid legal liability in the state. One state's terrible law is attempting to break VPN access for the entire internet, and the unintended consequences of this provision could far outweigh any theoretical benefit.

Almost Everyone Uses VPNs

Let's talk about who lawmakers are hurting with these bills, because it sure isn't just people trying to watch porn without handing over their driver's license.

1. Businesses run on VPNs. Every company with remote employees uses VPNs. Every business traveler connecting through sketchy hotel Wi-Fi needs one. Companies use VPNs to protect client and employee data, secure internal communications, and prevent cyberattacks. 
2. Students need VPNs for school. Universities require students to use VPNs to access research databases, course materials, and library resources. These aren't optional, and many professors literally assign work that can only be accessed through the school VPN. The University of Wisconsin-Madison’s WiscVPN, for example, “allows UW–‍Madison faculty, staff and students to access University resources even when they are using a commercial Internet Service Provider (ISP).” 
3. Vulnerable people rely on VPNs for safety. Domestic abuse survivors use VPNs to hide their location from their abusers. Journalists use them to protect their sources. Activists use them to organize without government surveillance. LGBTQ+ people in hostile environments—both in the US and around the world—use them to access health resources, support groups, and community. For people living under censorship regimes, VPNs are often their only connection to vital resources and information their governments have banned. 
4. Regular people just want privacy. Maybe you don't want every website you visit tracking your location and selling that data to advertisers. Maybe you don't want your internet service provider (ISP) building a complete profile of your browsing history. Maybe you just think it's creepy that corporations know everywhere you go online. VPNs can protect everyday users from everyday tracking and surveillance.

It’s A Privacy Nightmare

Here's what happens if VPNs get blocked: everyone has to verify their age by submitting government IDs, biometric data, or credit card information directly to websites—without any encryption or privacy protection.

We already know how this story ends. Companies get hacked. Data gets breached. And suddenly your real name is attached to the websites you visited, stored in some poorly-secured database waiting for the inevitable leak. This has already happened, and is not a matter of if but when. And when it does, the repercussions will be huge.

Forcing people to give up their privacy to access legal content is the exact opposite of good policy. It's surveillance dressed up as safety.

"Harmful to Minors" Is Not a Catch-All 

Here's another fun feature of these laws: they're trying to broaden the definition of “harmful to minors” to sweep in a host of speech that is protected for both young people and adults.

Historically, states can prohibit people under 18 years old from accessing sexual materials that an adult can access under the First Amendment. But the definition of what constitutes “harmful to minors” is narrow — it generally requires that the materials have almost no social value to minors and that they, taken as a whole, appeal to a minors’ “prurient sexual interests.” 

Wisconsin's bill defines “harmful to minors” much more broadly. It applies to materials that merely describe sex or feature descriptions/depictions of human anatomy. This definition would likely encompass a wide range of literature, music, television, and films that are protected under the First Amendment for both adults and young people, not to mention basic scientific and medical content.

Additionally, the bill’s definition would apply to any websites where more than one third of the site’s material is "harmful to minors." Given the breadth of the definition and its one-third trigger, we anticipate that Wisconsin could argue that the law applies to most social media websites. And it’s not hard to imagine, as these topics become politicised, Wisconsin claiming it applies to websites containing LGBTQ+ health resources, basic sexual education resources, and reproductive healthcare information. 

This breadth of the bill’s definition isn't a bug, it's a feature. It gives the state a vast amount of discretion to decide which speech is “harmful” to young people, and the power to decide what's "appropriate" and what isn't. History shows us those decisions most often harm marginalized communities. 

It Won’t Even Work

Let's say Wisconsin somehow manages to pass this law. Here's what will actually happen:

People who want to bypass it will use non-commercial VPNs, open proxies, or cheap virtual private servers that the law doesn't cover. They'll find workarounds within hours. The internet always routes around censorship. 

Even in a fantasy world where every website successfully blocked all commercial VPNs, people would just make their own. You can route traffic through cloud services like AWS or DigitalOcean, tunnel through someone else's home internet connection, use open proxies, or spin up a cheap server for less than a dollar. 

Meanwhile, everyone else (businesses, students, journalists, abuse survivors, regular people who just want privacy) will have their VPN access impacted. The law will accomplish nothing except making the internet less safe and less private for users.

Nonetheless, as we’ve mentioned previously, while VPNs may be able to disguise the source of your internet activity, they are not foolproof—nor should they be necessary to access legally protected speech. Like the larger age verification legislation they are a part of, VPN-blocking provisions simply don't work. They harm millions of people and they set a terrifying precedent for government control of the internet. More fundamentally, legislators need to recognize that age verification laws themselves are the problem. They don't work, they violate privacy, they're trivially easy to circumvent, and they create far more harm than they prevent.

A False Dilemma

People have (predictably) turned to VPNs to protect their privacy as they watched age verification mandates proliferate around the world. Instead of taking this as a sign that maybe mass surveillance isn't popular, lawmakers have decided the real problem is that these privacy tools exist at all and are trying to ban the tools that let people maintain their privacy. 

Let's be clear: lawmakers need to abandon this entire approach.

The answer to "how do we keep kids safe online" isn't "destroy everyone's privacy." It's not "force people to hand over their IDs to access legal content." And it's certainly not "ban access to the tools that protect journalists, activists, and abuse survivors.”

If lawmakers genuinely care about young people's well-being, they should invest in education, support parents with better tools, and address the actual root causes of harm online. What they shouldn't do is wage war on privacy itself. Attacks on VPNs are attacks on digital privacy and digital freedom. And this battle is being fought by people who clearly have no idea how any of this technology actually works. 

If you live in Wisconsin—reach out to your Senator and urge them to kill A.B. 105/S.B. 130. Our privacy matters. VPNs matter. And politicians who can't tell the difference between a security tool and a "loophole" shouldn't be writing laws about the internet.

Cozy up next to the fireplace and we'll catch you up on the latest digital rights news with EFF's EFFector newsletter.

In our latest issue, we’re exposing surveillance logs that reveal racist policing; explaining the harms of Google’s plan for Android app gatekeeping; and continuing our new series, Gate Crashing, exploring how the internet empowers people to take nontraditional paths into the traditional worlds of journalism, creativity, and criticism.

Prefer to listen in? Check out our audio companion, where EFF Staff Attorney Mario Trujillo explains why Ring's upcoming facial recognition tool could violate the privacy rights of millions of people. Catch the conversation on YouTube or the Internet Archive.

LISTEN TO EFFECTOR

EFFECTOR 37.16 - 🔔 RING'S FACE SCAN PLAN

Since 1990 EFF has published EFFector to help keep readers on the bleeding edge of their digital rights. We know that the intersection of technology, civil liberties, human rights, and the law can be complicated, so EFFector is a great way to stay on top of things. The newsletter is chock full of links to updates, announcements, blog posts, and other stories to help keep readers—and listeners—up to date on the movement to protect online privacy and free expression. 

Thank you to the supporters around the world who make our work possible! If you're not a member yet, join EFF today to help us fight for a brighter digital future.

A Washington state trial court has shot down local municipalities’ effort to keep automated license plate reader (ALPR) data secret.

The Skagit County Superior Court in Washington rejected the attempt to block the public’s right to access data gathered by Flock Safety cameras, protecting access to information under the Washington Public Records Act (PRA). Importantly, the ruling from the court makes it clear that this access is protected even when a Washington city uses Flock Safety, a third-party vendor, to conduct surveillance and store personal data on behalf of a government agency.

"The Flock images generated by the Flock cameras...are public records," the court wrote in its ruling. "Flock camera images are created and used to further a governmental purpose. The Flock images created by the cameras located in Stanwood and Sedro-Woolley were paid for by Stanwood and Sedro Wooley [sic] and were generated for the benefit of Stanwood and Sedro-Woolley."

The cities’ move to exempt the records from disclosure was a dangerous attempt to deny transparency and reflects another problem with the massive amount of data that police departments collect through Flock cameras and store on Flock servers: the wiggle room cities seek when public data is hosted on a private company’s server.

Flock Safety's main product is ALPRs, camera systems installed throughout communities to track all drivers all the time. Privacy activists and journalists across the country recently have used public records requests to obtain data from the system, revealing a variety of controversial uses. This has included agencies accessing data for immigration enforcement and to investigate an abortion, the latter of which may have violated Washington law. A recent report from the University of Washington found that some cities in the state are also sharing the ALPR data from their Flock Safety systems with federal immigration agents. 

In this case, a member of the public in April filed a records request with a Flock customer, the City of Stanwood, for all footage recorded during a one-hour period in March. Shortly afterward, Stanwood and another Flock user, the City of Sedro-Woolley requested the local court rule that this data is not a public record, asserting that “data generated by Flock [automated license plate reader cameras (ALPRs)] and stored in the Flock cloud system are not public records unless and until a public agency extracts and downloads that data." 

If a government agency is conducting mass surveillance, EFF supports individuals’ access to data collected specifically on them, at the very least. And to address legitimate privacy concerns, governments can and should redact personal information in these records while still disclosing information about how the systems work and the data that they capture. 

This isn’t what these Washington cities offered, though. They tried a few different arguments against releasing any information at all. 

The contract between the City of Sedron-Woolley and Flock Safety clearly states that "As between Flock and Customer, all right, title and interest in the Customer Data, belong to and are retained solely by Customer,” and “Customer Data” is defined as "the data, media, and content provided by Customer through the Services. For the avoidance of doubt, the Customer Data will include the Footage." Other Flock-using police departments across the country have also relied on similar contract language to insist that footage captured by Flock cameras belongs to the jurisdiction in question. 

The contract language notwithstanding, officials in Washington attempted to restrict public access by claiming that video footage stored on Flock’s servers and requests for that information would constitute the generation of a new record. This part of the argument claimed that any information that was gathered but not otherwise accessed by law enforcement, including thousands of images taken every day by the agency’s 14 Flock ALPR cameras, had nothing to do with government business, would generate a new record, and should not be subject to records requests. The cities shut off their Flock cameras while the litigation was ongoing.

If the court had ruled in favor of the cities’ claim, police could move to store all their data — from their surveillance equipment and otherwise — on private company servers and claim that it's no longer accessible to the public. 

The cities threw another reason for withholding information at the wall to see if it would stick, claiming that even if the court found that data collected on Flock cameras are in fact public record, the cities should still be able to block the release of the requested one hour of footage either because all of the images captured by Flock cameras are sensitive investigation material or because they should be treated the same way as automated traffic safety cameras. 

EFF is particularly opposed to this line of reasoning. In 2017, the California Supreme Court sided with EFF and ACLU in a case arguing that “the license plate data of millions of law-abiding drivers, collected indiscriminately by police across the state, are not ‘investigative records’ that law enforcement can keep secret.” 

Notably, when Stanwood Police Chief Jason Toner made his pitch to the City Council to procure the Flock cameras in April 2024, he was adamant that the ALPRs would not be the same as traffic cameras. “Flock Safety Cameras are not ‘red light’ traffic cameras nor are they facial recognition cameras,” Chief Toner wrote at the time, adding that the system would be a “force multiplier” for the department. 

If the court had gone along with this part of the argument, cities could have been able to claim that the mass surveillance conducted using ALPRs is part of undefined mass investigations, pulling back from the public huge amounts of information being gathered without warrants or reason.

The cities seemed to be setting up contradictory arguments. Maybe the footage captured by the cities’ Flock cameras belongs to the city — or maybe it doesn’t until the city accesses it. Maybe the data collected by the cities’ taxpayer-funded cameras are unrelated to government business and should be inaccessible to the public — or maybe it’s all related to government business and, specifically, to sensitive investigations, presumably of every single vehicle that goes by the cameras. 

The requester, Jose Rodriguez, still won’t be getting his records, despite the court’s positive ruling. 

“The cities both allowed the records to be automatically deleted after I submitted my records requests and while they decided to have their legal council review my request. So they no longer have the records and can not provide them to me even though they were declared to be public records,” Rodriguez told 404 Media — another possible violation of that state’s public records laws. 

Flock Safety and its ALPR system have come under increased scrutiny in the last few months, as the public has become aware of illegal and widespread sharing of information. 

The system was used by the Johnson County Sheriff’s Office to track someone across the country who’d self-administered an abortion in Texas. Flock repeatedly claimed that this was inaccurate reporting, but materials recently obtained by EFF have affirmed that Johnson County was investigating that individual as part of a fetal death investigation, conducted at the request of her former abusive partner. They were not looking for her as part of a missing person search, as Flock said. 

In Illinois, the Secretary of State conducted an audit of Flock use within the state and found that the Flock Safety system was facilitating Customs and Border Protection access, in violation of state law. And in California, the Attorney General recently sued the City of El Cajon for using Flock to illegally share information across state lines.

Police departments are increasingly relying on third-party vendors for surveillance equipment and storage for the terabytes of information they’re gathering. Refusing the public access to this information undermines public records laws and the assurances the public has received when police departments set these powerful spying tools loose in their streets. While it’s great that these records remain public in Washington, communities around the country must be swift to reject similar attempts at blocking public access.

Generative AI is like a Rorschach test for anxieties about technology–be they privacy, replacement of workers, bias and discrimination, surveillance, or intellectual property. Our panelists discuss how to address complex questions and risks in AI while protecting civil liberties and human rights online.

Join EFF Director of Policy and Advocacy Katharine Trendacosta, EFF Staff Attorney Tori Noble, Berkeley Center for Law & Technology Co-Director Pam Samuelson, and Icarus Salon Artist Şerife Wong for a live discussion with Q&A. 

EFFecting Change Livestream Series:
This Title Was Written by a Human
Thursday, November 13th (New Date!)
10:00 AM - 11:00 AM Pacific
This event is LIVE and FREE!

Accessibility

This event will be live-captioned and recorded. EFF is committed to improving accessibility for our events. If you have any accessibility questions regarding the event, please contact events@eff.org.

Event Expectations

EFF is dedicated to a harassment-free experience for everyone, and all participants are encouraged to view our full Event Expectations.

Upcoming Events

Want to make sure you don’t miss our next livestream? Here’s a link to sign up for updates about this series: eff.org/ECUpdates. If you have a friend or colleague that might be interested, please join the fight for your digital rights by forwarding this link: eff.org/EFFectingChange. Thank you for helping EFF spread the word about privacy and free expression online. 

Recording

We hope you and your friends can join us live! If you can't make it, we’ll post the recording afterward on YouTube and the Internet Archive!

EFF has, for many years, raised the alarm about the proliferation of stalkerware—commercially-available apps designed to be installed covertly on another person’s device and exfiltrate data from that device without their knowledge. In particular, we have urged the makers of anti-virus products for Android phones to improve their detection of stalkerware and call it out explicitly to users when it is found. In 2020  and 2021, AV Comparatives ran tests to see how well the most popular anti-virus products detected stalkerware from many different vendors. The results were mixed, with some high-scoring companies and others that had alarmingly low detection rates. Since malware detection is an endless game of cat and mouse between anti-virus companies and malware developers, we felt that the time was right to take a more up-to-date snapshot of how well the anti-virus companies are performing. We’ve teamed up with the researchers at AV Comparatives to test the most popular anti-virus products for Android to see how well they detect the most popular stalkerware products in 2025.

Here is what we found:

Stalkerware detection is still a mixed bag. Notably, Malwarebytes detected 100% of the stalkerware products we tested for. ESET, Bitdefender, McAfee, and Kaspersky detected all but one sample. This is a marked improvement over the 2021 test, which also found only one app with a 100% detection rate (G Data), but the next-best performing products had detect rates of 80-85%. Google Play Protect and Trend Micro had the lowest detection rates in the 2025 test, at 53% and 59% respectively. The poor performance of Google Play Protect is unsurprising: because it is the anti-virus solution on so many Android phones by default, some stalkerware includes specific instructions to disable detection by Google Play Protect as part of the installation process.

There are fewer stalkerware products out there. In 2020 and 2021, AV Comparatives tested 20 unique stalkerware products from different vendors. In 2025, we tested 17. We found that many stalkerware apps are essentially variations on the same underlying product and that the number of unique underlying products appears to have decreased in recent years. We cannot be certain about the cause of this decline, but we speculate that increased attention from regulators may be a factor. The popularity of small, cheap, Bluetooth-enabled physical trackers such as Apple AirTags and Tiles as an alternative method of location-tracking may also be undercutting the stalkerware market. 

We hope that these tests will help survivors of domestic abuse and others who are concerned about stalkerware on their Android devices make informed choices about their anti-virus apps. We also hope that exposing the gaps that these products have in stalkerware detection will renew interest in this problem at anti-virus companies.

You can find the full results of the test here (PDF). 

Amazon Ring’s upcoming face recognition tool has the potential to violate the privacy rights of millions of people and could result in Amazon breaking state biometric privacy laws.

Ring plans to introduce a feature to its home surveillance cameras called “Familiar Faces,” to identify specific people who come into view of the camera. When turned on, the feature will scan the faces of all people who approach the camera to try and find a match with a list of pre-saved faces. This will include many people who have not consented to a face scan, including friends and family, political canvassers, postal workers, delivery drivers, children selling cookies, or maybe even some people passing on the sidewalk.

When turned on, the feature will scan the faces of all people who approach the camera.

Many biometric privacy laws across the country are clear: Companies need your affirmative consent before running face recognition on you. In at least one state, ordinary people with the help of attorneys can challenge Amazon’s data collection. Where not possible, state privacy regulators should step in.

Sen. Ed Markey (D-Mass.) has already called on Amazon to abandon its plans and sent the company a list of questions. Ring spokesperson Emma Daniels answered written questions posed by EFF, which can be viewed here.

What is Ring’s “Familiar Faces”?

Amazon describes “Familiar Faces” as a tool that “intelligently recognizes familiar people.” It says this tool will provide camera owners with “personalized context of who is detected, eliminating guesswork and making it effortless to find and review important moments involving specific familiar people.” Amazon plans to release the feature in December.

The feature will allow camera owners to tag particular people so Ring cameras can automatically recognize them in the future. In order for Amazon to recognize particular people, it will need to perform face recognition on every person that steps in front of the camera. Even if a camera owner does not tag a particular face, Amazon says it may retain that biometric information for up to six months. Amazon said it does not currently use the biometric data for “model training or algorithmic purposes.”

In order to biometrically identify you, a company typically will take your image and extract a faceprint by taking tiny measurements of your face and converting that into a series of numbers that is saved for later. When you step in front of a camera again, the company takes a new faceprint and compares it to a list of previous prints to find a match. Other forms of biometric tracking can be done with a scan of your fingertip, eyeball, or even your particular gait.

Amazon has told reporters that the feature will be off by default and that it would be unavailable in certain jurisdictions with the most active biometric privacy enforcement—including the states of Illinois and Texas, and the city of Portland, Oregon. The company would not promise that this feature will remain off by default in the future.

Why is This a Privacy Problem?

Your biometric data, such as your faceprint, are some of the most sensitive pieces of data that a company can collect. Associated risks include mass surveillance, data breach, and discrimination.

Today’s feature to recognize your friend at your front door can easily be repurposed tomorrow for mass surveillance. Ring’s close partnership with police amplifies that threat. For example, in a city dense with face recognition cameras, the entirety of a person’s movements could be tracked with the click of a button, or all people could be identified at a particular location. A recent and unrelated private-public partnership in New Orleans unfortunately shows that mass surveillance through face recognition is not some far flung concern.

Amazon has already announced a related tool called “search party” that can identify and track lost dogs using neighbors’ cameras. A tool like this could be repurposed for law enforcement to track people. At least for now, Amazon says it does not have the technical capability to comply with law enforcement demanding a list of all cameras in which a person has been identified. Though, it complies with other law enforcement demands.

In addition, data breaches are a perpetual concern with any data collection. Biometrics magnify that risk because your face cannot be reset, unlike a password or credit card number. Amazon says it processes and stores biometrics collected by Ring cameras on its own servers, and that it uses comprehensive security measure to protect the data.

Face recognition has also been shown to have higher error rates with certain groups—most prominently with dark-skinned women. Similar technology has also been used to make questionable guesses about a person’s emotions, age, and gender.

Will Ring’s “Familiar Faces” Violate State Biometric Laws?

Any Ring collection of biometric information in states that require opt-in consent poses huge legal risk for the company. Amazon already told reporters that the feature will not be available in Illinois and Texas—strongly suggesting its feature could not survive legal scrutiny there. The company said it is also avoiding Portland, Oregon, which has a biometric privacy law that similar companies have avoided.

Its “familiar faces” feature will necessarily require its cameras to collect a faceprint from of every person who comes into view of an enabled camera, to try and find a match. It is impossible for Amazon to obtain consent from everyone—especially people who do not own Ring cameras. It appears that Amazon will try to unload some consent requirements onto individual camera owners themselves. Amazon says it will provide in-app messages to customers, reminding them to comply with applicable laws. But Amazon—as a company itself collecting, processing, and storing this biometric data—could have its own consent obligations under numerous laws.

Lawsuits against similar features highlight Amazon’s legal risks. In Texas, Google paid $1.375 billion to settle a lawsuit that alleged, among other things, that Google’s Nest cameras "indiscriminately capture the face geometry of any Texan who happens to come into view, including non-users." In Illinois, Facebook paid $650 million and shut down its face recognition tools that automatically scanned Facebook photos—even the faces of non-Facebook users—in order to identify people to recommend tagging. Later, Meta paid another $1.4 billion to settle a similar suit in Texas.

Many states aside from Illinois and Texas now protect biometric data. While the state has never enforced its law, Washington in 2017 passed a biometric privacy law. In 2023, the state passed an ever stronger law that protects biometric privacy, which allows individuals to sue on their own behalf. And at least 16 states have recently passed comprehensive privacy laws that often require companies to obtain opt-in consent for the collection of sensitive data, which typically includes biometric data. For example, in Colorado, a company that jointly with others determines the purpose and means of processing biometric data must obtain consent. Maryland goes farther, and such companies are essentially prohibited from collecting or processing biometric data from bystanders.

Many of these comprehensive laws have numerous loopholes and can only be enforced by state regulators—a glaring weakness facilitated in part by Amazon lobbyists.

Nonetheless, Ring’s new feature provides regulators a clear opportunity to step up to investigate, protect people’s privacy, and test the strength of their laws.

It’s not news that Apple and Google use their app stores to shape what apps you can and cannot have on many of your devices. What is new is more governments—including the U.S. government—using legal and extralegal tools to lean on these gatekeepers in order to assert that same control. And rather than resisting, the gatekeepers are making it easier than ever. 

Apple’s decision to take down the ICEBlock app at least partially in response to threats from the U.S. government—with Google rapidly and voluntarily following suit—was bad enough. But it pales in comparison with Google’s new program, set to launch worldwide next year, requiring developers to register with the company in order to have their apps installable on Android certified devices—including paying a fee and providing personal information backed by government-issued identification. Google claims the new program of “is an extra layer of security that deters bad actors and makes it harder for them to spread harm,” but the registration requirements are barely tied to app effectiveness or security. Why, one wonders, does Google need to see your driver’s license to evaluate whether your app is safe?  Why, one also wonders, does Google want to create a database of virtually every Android app developer in the world? 

Those communities are likely to drop out of developing for Android altogether, depriving all Android users of valuable tools. 

F-Droid, a free and open-source repository for Android apps, has been sounding the alarm. As they’ve explained in an open letter, Google’s central registration system will be devastating for the Android developer community. Many mobile apps are created, improved, and distributed by volunteers, researchers, and/or small teams with limited financial resources. Others are created by developers who do not use the name attached to any government-issued identification. Others may have good reason to fear handing over their personal information to Google, or any other third party. Those communities are likely to drop out of developing for Android altogether, depriving all Android users of valuable tools. 

Google’s promise that it’s “working on” a program for “students and hobbyists” that may have different requirements falls far short of what is necessary to alleviate these concerns. 

It’s more important than ever to support technologies which decentralize and democratize our shared digital commons. A centralized global registration system for Android will inevitably chill this work. 

The point here is not that all the apps are necessarily perfect or even safe. The point is that when you set up a gate, you invite authorities to use it to block things they don’t like. And when you build a database, you invite governments (and private parties) to try to get access to that database. If you build it, they will come.  

Imagine you have developed a virtual private network (VPN) and corresponding Android mobile app that helps dissidents, journalists, and ordinary humans avoid corporate and government surveillance. In some countries, distributing that app could invite legal threats and even prosecution. Developers in those areas should not have to trust that Google would not hand over their personal information in response to a government demand just because they want their app to be installable by all Android users. By the same token, technologists that work on Android apps for reporting ICE misdeeds should not have to worry that Google will hand over their personal information to, say, the U.S. Department of Homeland Security. 

It’s easy to see how a new registration requirement for developers could give Google a new lever for maintaining its app store monopoly

Our tech infrastructure’s substantial dependence on just a few platforms is already creating new opportunities for those platforms to be weaponized to serve all kinds of disturbing purposes, from policing to censorship. In this context, it’s more important than ever to support technologies which decentralize and democratize our shared digital commons. A centralized global registration system for Android will inevitably chill this work. 

Not coincidentally, the registration system Google announced would also help cement Google’s outsized competitive power, giving the company an additional window—if it needed one, given the company’s already massive surveillance capabilities—into what apps are being developed, by whom, and how they are being distributed. It’s more than ironic that Google’s announcement came at the same time the company is fighting a court order (in the Epic Games v. Google lawsuit) that will require it to stop punishing developers who distribute their apps through app stores that compete with Google’s own. It’s easy to see how a new registration requirement for developers, potentially enforced by technical measures on billions of Android certified mobile devices, could give Google a new lever for maintaining its app store monopoly.  

EFF has signed on to F-Droid’s open letter. If you care about taking back control of tech, you should too. 

When the independent Tunisian online media collective Nawaat announced that the government had suspended its activities for one month, the news landed like a punch in the gut for anyone who remembers what the Arab uprisings promised: dignity, democracy, and a free press.

But Tunisia’s October 31 suspension of Nawaat—delivered quietly, without formal notice, and justified under Decree-Law 2011-88—is not just a bureaucratic decision. It’s a warning shot aimed at the very idea of independent civic life.

The silencing of a revolutionary media outlet

Nawaat’s statement, published last week, recounts how the group discovered the suspension: not through any official communication, but by finding the order slipped under its office door. The move came despite Nawaat’s documented compliance with all the legal requirements under Decree 88, the 2011 law that once symbolized post-revolutionary openness for associations.

Instead, the Decree, once seen as a safeguard for civic freedom, is now being weaponized as a tool of control. Nawaat’s team describes the action as part of a broader campaign of harassment: tax audits, financial investigations, and administrative interrogations that together amount to an attempt to “stifle all media resistance to the dictatorship.”

For those who have followed Tunisia’s post-2019 trajectory, the move feels chillingly familiar. Since President Kais Saied consolidated power in 2021, civil society organizations, journalists, and independent voices have faced escalating repression. Amnesty International has documented arrests of reporters, the use of counter-terrorism laws against critics, and the closure of NGOs. And now, the government has found in Decree 88 a convenient veneer of legality to achieve what old regimes did by force.

Adopted in the hopeful aftermath of the revolution, Decree-Law 2011-88 was designed to protect the right to association. It allowed citizens to form organizations without prior approval and receive funding freely—a radical departure from the Ben Ali era’s suffocating controls.

But laws are only as democratic as the institutions that enforce them. Over the years, Tunisian authorities have chipped away at these protections. Administrative notifications, once procedural, have become tools for sanction. Financial transparency requirements have turned into pretexts for selective punishment.

When a government can suspend an association that has complied with every rule, the rule of law itself becomes a performance.

Bureaucratic authoritarianism

What’s happening in Tunisia is not an isolated episode. Across the region, governments have refined the art of silencing dissent without firing a shot. But whether through Egypt’s NGO Law, Morocco’s press code, or Algeria’s foreign-funding restrictions, the outcome is the same: fewer independent outlets, and fewer critical voices.

These are the tools of bureaucratic authoritarianism…the punishment is quiet, plausible, and difficult to contest. A one-month suspension might sound minor, but for a small newsroom like Nawaat—which operates with limited funding and constant political pressure—it can mean disrupted investigations, delayed publications, and lost trust from readers and sources alike.

A decade of resistance

To understand why Nawaat matters, remember where it began. Founded in 2004 under Zine El Abidine Ben Ali’s dictatorship, Nawaat became a rare space for citizen journalism and digital dissent. During the 2011 uprising, its reporting and documentation helped the world witness Tunisia’s revolution.

Over the past two decades, Nawaat has earned international recognition, including an EFF Pioneer Award in 2011, for its commitment to free expression and technological empowerment. It’s not just a media outlet; it’s a living archive of Tunisia’s struggle for dignity and rights.

That legacy is precisely what makes it threatening to the current regime. Nawaat represents a continuity of civic resistance that authoritarianism cannot easily erase.

The cost of silence

Administrative suspensions like this one are designed to send a message: You can be shut down at any time. They impose psychological costs that are harder to quantify than arrests or raids. Journalists start to self-censor. Donors hesitate to renew grants. The public, fatigued by uncertainty, tunes out.

But the real tragedy lies in what this means for Tunisians’ right to know. Nawaat’s reporting on corruption, surveillance, and state violence fills the gaps left by state-aligned media. Silencing it deprives citizens of access to truth and accountability.

As Nawaat’s statement puts it:

“This arbitrary decision aims to silence free voices and stifle all media resistance to the dictatorship.”

The government’s ability to pause a media outlet, even temporarily, sets a precedent that could be replicated across Tunisia’s civic sphere. If Nawaat can be silenced today, so can any association tomorrow.

So what can be done? Nawaat has pledged to challenge the suspension in court, but litigation alone won’t fix a system where independence is eroding from within. What’s needed is sustained, visible, and international solidarity.

Tunisia’s government may succeed in pausing Nawaat’s operations for a month. But it cannot erase the two decades of documentation, dissent, and hope the outlet represents. Nor can it silence the networks of journalists, technologists, and readers who know what is at stake.

EFF has long argued that the right to free expression is inseparable from the right to digital freedom. Nawaat’s suspension shows how easily administrative and legal tools can become weapons against both. When states combine surveillance, regulatory control, and economic pressure, they don’t need to block websites or jail reporters outright—they simply tighten the screws until free expression becomes impossible.

That’s why what happens in Tunisia matters far beyond its borders. It’s a test of whether the ideals of 2011 still mean anything in 2025.

And Nawaat, for its part, has made its position clear:

“We will continue to defend our independence and our principles. We will not be silenced.”