EFF update

Austin organizers turned out to rebuke the city’s misguided contract with Flock Safety— and won. This successful pushback from the community means at the end of the month Austin police will no longer be able to use the surveillance network of automated license plate readers (ALPRs) across the city.

Two years ago Austin City Council approved this controversial contract, despite strong local opposition. We knew then that these AI-driven surveillance systems weren’t just creepy, they are prone to misuse and mistakes which have a real human toll.

In the years since, this concern has materialized time and time again, and now the risks have heightened with the potential of using the data against immigrants and people seeking trans or reproductive healthcare. Most recently Texas authorities were implicated in a 404 media report on the use of these cameras to target abortion seekers. 

Today's victory in Austin is a tribute to what happens when a coalition of activist groups come together in common cause

Just a few days before the scheduled vote, an audit of the Austin Police Department program also revealed that over 20% of ALPR database searches lacked proper documentation or justification, in violation of department policy. The audit also revealed contract language allowed for data retention beyond council-mandated limits on retention and potential sharing with outside agencies. 

Fortunately, more than 30 community groups, including Electronic Frontier Alliance member EFF-Austin,  joined forces to successfully prevent contract renewal.

EFF-Austin Executive Director Kevin Welch told us that, "Today's victory in Austin is a tribute to what happens when a coalition of activist groups come together in common cause and stand in solidarity against the expansion of the surveillance state.” He went on to say, “But the fight is not over. While the Flock contract has been discontinued, Austin still makes use of ALPRs via its contract with Axon, and [the] council may attempt to bring this technology back [...] That being said, real progress in educating elected officials on the dangers of these technologies has been made.” 

This win in a city as large as Austin lends momentum to the larger trend across the country where local communities are pushing back against ALPR surveillance. EFF continues to stand with these local efforts, and encourages other organizers to reach out at organizing [at] eff.org in the fight against local surveillance.

Speaking to this trend, Kevin added, “As late as Monday, it didn't look like we had the votes to make this victory happen. While these are dark times, there are still lights burning in the dark, and through collective action, we can burn bright."

EFF submitted comments to the Department of Homeland Security (DHS) and its subcomponent U.S. Citizenship and Immigration Services (USCIS), urging them to abandon a proposal to collect social media identifiers on forms for immigration benefits. This collection would mark yet a further expansion of the government’s efforts to subject immigrants to social media surveillance, invading their privacy and chilling their free speech and associational rights for fear of being denied key immigration benefits.

Specifically, the proposed rule would require applicants to disclose their social media identifiers on nine immigration forms, including applications for permanent residency and naturalization, impacting more than 3.5 million people annually. USCIS’s purported reason for this collection is to assist with identity verification, as well as vetting and national security screening, to comply with Executive Order 14161. USCIS separately announced that it would look for “antisemitic activity” on social media as grounds for denying immigration benefits, which appears to be related to the proposed rule, although not expressly included it.

Additionally, a day after the proposed rule was published, Axios reported that the State Department, the Department of Justice, and DHS confirmed a joint collaboration called “Catch and Revoke,” using AI tools to review student visa holders’ social media accounts for speech related to “pro-Hamas” sentiment or “antisemitic activity.”

If the proposed rule sounds familiar, it’s because this is not the first time the government has proposed the collection of social media identifiers to monitor noncitizens. In 2019, for example, the State Department implemented a policy requiring visa and visa waiver applicants to the United States to disclose the identifiers they used on some 20 social media platforms over the last five years—affecting over 14.7 million people annually. EFF joined a large contingent of civil and human rights organizations in objecting to that collection. That policy is now the subject of ongoing litigation in Doc Society v. Blinken, a case brought by two documentary film organizations, who argue that the rule affects the expressive and associational rights of their members by impeding their ability to collaborate and engage with filmmakers around the world. EFF filed two amicus briefs in that case.

What distinguishes this proposed rule from the State Department’s existing program is that most, if not all, of the noncitizens who would be affected currently legally reside in the United States, allowing them to benefit from constitutional protections.

In our comments, we explained that surveillance of even public-facing social media can implicate privacy interests by aggregating a wealth of information about both an applicant for immigration benefits, and also people in their networks, including U.S. citizens. This is because of the quantity and quality of information available on social media, and because of its inherent interconnected nature.

We also argued that the proposed rule appears to allow for the collection and consideration of First Amendment-protected speech, including core political speech, and anonymous and pseudonymous speech. This inevitably leads to a chilling effect because immigration benefits applicants will have to choose between potentially forgoing key benefits or self-censoring to avoid government scrutiny. That is, to help ensure that a naturalized citizenship application is not rejected, for example, an applicant may avoid speaking out on social media about American foreign policy or expressing views about other political topics that may be considered controversial by the federal government—even when other Americans are free to do so.

We urge DHS and USCIS to abandon this dangerous proposal.

Utah cannot stifle young people’s First Amendment rights to use social media to speak about politics, create art, discuss religion, or to hear from other users discussing those topics, EFF argued in a brief filed this week.

EFF filed the brief in NetChoice v. Brown, a constitutional challenge to the Utah Minor Protection in Social Media Act. The law prohibits young people from speaking to anyone on social media outside of the users with whom they are connected or those users’ connections. It also requires social media services to make young people’s accounts invisible to anyone outside of that same subgroup of users. The law requires parents to consent before minors can change those default restrictions.

To implement these restrictions, the law requires a social media service to verify every user’s age so that it knows whether to apply those speech-restricting settings.

The law therefore burdens the First Amendment rights of both young people and adults, the friend-of-the-court brief argued. The ACLU, Freedom to Read Foundation, LGBT Technology Institute, TechFreedom, and Woodhull Freedom Foundation joined EFF on the brief.

Utah, like many states across the country, has sought to significantly restrict young people’s ability to use social media. But “Minors enjoy the same First Amendment right as adults to access and engage in protected speech on social media,” the brief argues. As the brief details, minors use social media for to express political opinions, create art, practice religion, and find community.

Utah cannot impose such a severe restriction on minors’ ability to speak and to hear from others on social media without violating the First Amendment. “Utah has effectively blocked minors from being able to speak to their communities and the larger world, frustrating the full exercise of their First Amendment rights,” the brief argues.

Moreover, the law “also violates the First Amendment rights of all social media users—minors and adults alike—because it requires every user to prove their age, and compromise their anonymity and privacy, before using social media.”

Requiring internet users to provide their ID or other proof of their age could block people from accessing lawful speech if they don’t have the right form of ID, the brief argues. And requiring users to identify themselves infringes on people’s right to be anonymous online. That may deter people from joining certain social media services or speaking on certain topics, as people often rely on anonymity to avoid retaliation for their speech.

Finally, requiring users to provide sensitive personal information increases their risk of future privacy and security invasions, the brief argues.

If you run a site on the open web, chances are you've noticed a big increase in traffic over the past few months, whether or not your site has been getting more viewers, and you're not alone. Operators everywhere have observed a drastic increase in automated traffic—bots—and in most cases attribute much or all of this new traffic to AI companies.

Background

AI—in particular, Large Language Models (LLMs) and generative AI (genAI)—rely on compiling as much information from relevant sources (i.e., "texts written in English" or "photographs") as possible in order to build a functional and persuasive model that users will later interact with. While AI companies in part distinguish themselves by what data their models are trained on, possibly the greatest source of information—one freely available to all of us—is the open web.

To gather up all that data, companies and researchers use automated programs called scrapers (sometimes referred to by the more general term "bots") to "crawl" over the links available between various webpages and save the types of information they're tasked with as they go. Scrapers are tools with a long, and often beneficial, history: services like search engines, the Internet Archive, and all kinds of scientific research rely on them.

When scrapers are not deployed thoughtfully, however, they can contribute to higher hosting costs, lower performance, and even site outages, particularly when site operators see so many of them in operation at the same time. In the long run all this may lead to some sites shutting down rather than bearing the brunt of it.

For-profit AI companies must ensure they do not poison the well of the open web they rely on in a short-sighted rush for training data.

Bots: Read the Room

There are existing best practices those who use scrapers should follow. When bots and their operators ignore these guideposts it sends a signal to site operators, sometimes explicitly, that they can or should cut off their access, impede performance, and in the worst case it may take a site down for all users. Some companies appear to follow these practices most of the time, but we see increasing reports and evidence of new bots that don't.

First, scrapers should follow instructions given in a site's robots.txt file, whether those are to back off to a certain crawling rate, exclude certain paths, or not to crawl the site at all.

Second, bots should send their requests with a clearly labeled User Agent string which indicates their operator, their purpose, and a means of contact.

Third, those running scrapers should provide a process for site operators to request back-offs, rate caps, exclusions, and to report problematic behavior via the means of contact info or response forms linked via the User Agent string.

Mitigations for Site Operators

Of course, if you're running a website dealing with a flood of crawling traffic, waiting for those bots to change their behavior for the better might not be realistic. Here are a few suggested, if imperfect, mitigations based in part on our own sometimes frustrating experiences.

First, use a caching layer. In most cases a Content Delivery Network (CDN) or an "edge platform" (essentially a newer iteration of a CDN) can provide this for you, and some services offer a free tier for non-commercial users. There are also a number of great projects if you prefer to self-host. Some of the tools we've used for caching include varnish, memcached, and redis.

Second, convert to static content to prevent resource-intensive database reads. In some cases this may reduce the need for caching.

Third, use targeted rate limiting to slow down bots without taking your whole site down. But know this can get difficult when scrapers try to disguise themselves with misleading User Agent strings or by spreading a fleet of crawlers out across many IP addresses.

Other mitigations such as client-side validation (e.g. CAPTCHAs or proof-of-work) and fingerprinting carry privacy and usability trade-offs, and we warn against deploying them without careful forethought.

Where Do We Go From Here?

To reiterate, whatever one's opinion of these particular AI tools, scraping itself is not the problem. Automated access is a fundamental technique of archivists, computer scientists, and everyday users that we hope is here to stay—as long as it can be done non-destructively. However, we realize that not all implementers will follow our suggestions for bots above, and that our mitigations are both technically advanced and incomplete.

Because we see so many bots operating for the same purpose at the same time, it seems there's an opportunity here to provide these automated data consumers with tailored data providers, removing the need for every AI company to scrape every website, seemingly, every day.

And on the operators' end, we hope to see more web-hosting and framework technology that is built with an awareness of these issues from day one, perhaps building in responses like just-in-time static content generation or dedicated endpoints for crawlers.

As part of multi-pronged effort towards deregulation, the Federal Trade Commission has asked the public to identify any and all “anti-competitive” regulations. Working with our friends at Authors Alliance, EFF answered, calling attention to a set of anti-competitive regulations that many don’t  recognize as such: the triennial exemptions to Section 1201 of the Digital Millennium Copyright Act, and the cumbersome process on which they depend.

Copyright grants exclusive rights to creators, but only as a means to serve the broader public interest. Fair use and other limitations play a critical role in that service by ensuring that the public can engage in commentary, research, education, innovation, and repair without unjustified restriction. Section 1201 effectively forbids fair uses where those uses require circumventing a software lock (a.k.a. technological protection measures) on a copyrighted work.

Congress realized that Section 1201 had this effect, so it adopted a safety valve—a triennial process by which the Library of Congress could grant exemptions. Under the current rulemaking framework, however, this intended safety valve functions more like a chokepoint. Individuals and organizations seeking an exemption to engage in lawful fair use must navigate a burdensome, time-consuming administrative maze. The existing procedural and regulatory barriers ensure that the rulemaking process—and Section 1201 itself—thwarts, rather than serves, the public interest.

The FTC does not, of course, control Congress or the Library of Congress. But we hope its investigation and any resulting report on anti-competitive regulations will recognize the negative effects of Section 1201 and that the triennial rulemaking process has failed to be the check Congress intended. Our comments urge the FTC to recommend that Congress repeal or reform Section 1201. At a minimum, the FTC should advocate for fundamental revisions to the Library of Congress’s next triennial rulemaking process, set for 2026, so that copyright law can once again fulfill its purpose: to support—rather than thwart—competitive and independent innovation.

You can find the full comments here.

The Trump administration has been heavily invested in consolidating all of the government’s information into a single searchable, or perhaps AI-queryable, super database. The compiling of all of this information is being done with the dubious justification of efficiency and modernization–however, in many cases, this information was originally siloed for important reasons: to protect your privacy, to prevent different branches of government from using sensitive data to punish or harass you, and to perserve the trust in and legitimacy of important civic institutions.

Attempts to Centralize All the Government’s Information About You

This process of consolidation has taken several forms. The purported Department of Government Efficiency (DOGE) has been seeking access to the data and computer systems of dozens of government agencies. According to one report, access to the data of these agencies has given DOGE, as of April 2025, hundreds of pieces of personal information about people living in the United States–everything ranging from financial and tax information, health and healthcare information, and even computer I.P. addresses. EFF is currently engaged in a lawsuit against the U.S. Office of Personnel Management (OPM) and DOGE for disclosing personal information about government employees to people who don’t need it in violation of the Privacy Act of 1974.

Another key maneuver in centralizing government information has been to steamroll the protections that were in place that keep this information away from agencies that don’t need, or could abuse, this information. This has been done by ignoring the law, like the Trump administration did when it ordered the IRS make tax information available for the purposes of immigration enforcement. It has also been done through the creation of new (and questionable) executive mandates that all executive branch information be made available to the White House or any other agency. Specifically, this has been attempted with the March 20, 2025 Executive Order, “Stopping Waste Fraud and Abuse by Eliminating Information Silos” which mandates that the federal government, as well as all 50 state governments, allow other agencies “full and prompt access to all unclassified agency records, data, software systems, and information technology systems.” But executive orders can’t override privacy laws passed by Congress.

Not only is the Trump administration trying to consolidate all of this data institutionally and statutorily, they are also trying to do it technologically. A new report revealed that the administration has contracted Palantir—the open-source surveillance and security data-analytics firm—to fuse data from multiple agencies, including the Department of Homeland Security and Health and Human Services.

Why it Matters and What Can Go Wrong 

The consolidation of government records equals more government power that can be abused. Different government agencies necessarily collect information to provide essential services or collect taxes. The danger comes when the government begins pooling that data and using it for reasons unrelated to the purpose it was collected.

Imagine, for instance, a scenario where a government employee could be denied health-related public services or support because of the information gathered about them by an agency that handles HR records. Or a person’s research topic according to federal grants being used to weigh whether or not that person should be allowed to renew a passport.

Marginalized groups are most vulnerable to this kind of abuse, including to locate individuals for immigration enforcement using tax records. Government records could also be weaponized against people who receive food subsidies, apply for student loans, or take government jobs. 

Congress recognized these dangers 50 years ago when it passed the Privacy Act to put strict limits on the government’s use of large databases. At that time, trust in the government eroded after revelations about White House enemies’ lists, misuse of existing government personality profiles, and surveillance of opposition political groups.

There’s another important issue at stake: the future of federal and state governments that actually have the information and capacity to help people. The more people learn to distrust the government because they worry the information they give certain government agencies may be used to hurt them in the future, the less likely people will be to participate or seek the help they need. The fewer people engage with these agencies, the less likely they will be to survive. Trust is a key part of any relationship between the governed and government and when that trust is abused or jettisoned, the long-term harms are irreparable.

EFF, like dozens of other organizations, will continue to fight to ensure personal records held by the government are only used and disclosed as needed and only for the purpose they were collected, as federal law demands. 

Related Cases: American Federation of Government Employees v. U.S. Office of Personnel Management

“Pernicious.”

“Unprecedented... cringe-worthy.”

“Egregious.”

“Shocking.” 

These are just some of the words that federal judges used in recent weeks to describe President Trump’s politically motivated and vindictive executive orders targeting law firms that have employed people or represented clients or causes he doesn’t like. 

But our favorite word by far is “unconstitutional.” 

EFF was one of the very first legal organizations to publicly come out in support of Perkins Coie when it became the first law firm to challenge the legality of President Trump’s executive order targeting it. Since then, EFF has joined four amicus briefs in support of targeted law firms, and in all four cases, judges from the U.S. District Court for the District of Columbia have indicated they’re having none of it. Three have issued permanent injunctions deeming the executive orders null and void, and the fourth seems to be headed in that same direction. 

Trump issued his EO against Perkins Coie on March 6. In a May 2 opinion finding the order unconstitutional and issuing a permanent injunction, Senior Judge Beryl A. Howell wrote:  

“By its terms, this Order stigmatizes and penalizes a particular law firm and its employees—from its partners to its associate attorneys, secretaries, and mailroom attendants—due to the Firm’s representation, both in the past and currently, of clients pursuing claims and taking positions with which the current President disagrees, as well as the Firm’s own speech,” Howell wrote. “In a cringe-worthy twist on the theatrical phrase ‘Let’s kill all the lawyers,’ EO 14230 takes the approach of ‘Let’s kill the lawyers I don’t like,’ sending the clear message: lawyers must stick to the party line, or else.” 

“Using the powers of the federal government to target lawyers for their representation of clients and avowed progressive employment policies in an overt attempt to suppress and punish certain viewpoints, … is contrary to the Constitution, which requires that the government respond to dissenting or unpopular speech or ideas with ‘tolerance, not coercion.’” 

 Trump issued a similar EO against Jenner & Block on March 25. In a May 23 opinion also finding the order unconstitutional and issuing a permanent injunction, Senior Judge John D. Bates wrote: 

“This order—which takes aim at the global law firm Jenner & Block—makes no bones about why it chose its target: it picked Jenner because of the causes Jenner champions, the clients Jenner represents, and a lawyer Jenner once employed. Going after law firms in this way is doubly violative of the Constitution. Most obviously, retaliating against firms for the views embodied in their legal work—and thereby seeking to muzzle them going forward—violates the First Amendment’s central command that government may not ‘use the power of the State to punish or suppress disfavored expression.’ Nat’l Rifle Ass’n of Am. v. Vullo, 602 U.S. 175, 188 (2024). More subtle but perhaps more pernicious is the message the order sends to the lawyers whose unalloyed advocacy protects against governmental viewpoint becoming government-imposed orthodoxy. This order, like the others, seeks to chill legal representation the administration doesn’t like, thereby insulating the Executive Branch from the judicial check fundamental to the separation of powers. It thus violates the Constitution and the Court will enjoin its operation in full.” 

 Trump issued his EO targeting WilmerHale on March 27. In a May 27 opinion finding that order unconstitutional, Senior Judge Richard J. Leon wrote: 

“The cornerstone of the American system of justice is an independent judiciary and an independent bar willing to tackle unpopular cases, however daunting. The Founding Fathers knew this! Accordingly, they took pains to enshrine in the Constitution certain rights that would serve as the foundation for that independence. Little wonder that in the nearly 250 years since the Constitution was adopted no Executive Order has been issued challenging these fundamental rights. Now, however, several Executive Orders have been issued directly challenging these rights and that independence. One of these Orders is the subject of this case. For the reasons set forth below, I have concluded that this Order must be struck down in its entirety as unconstitutional. Indeed, to rule otherwise would be unfaithful to the judgment and vision of the Founding Fathers!” 

“Taken together, the provisions constitute a staggering punishment for the firm’s protected speech! The Order is intended to, and does in fact, impede the firm’s ability to effectively represent its clients!” 

“Even if the Court found that each section could be grounded in Executive power, the directives set out in each section clearly exceed that power! The President, by issuing the Order, is wielding his authority to punish a law firm for engaging in litigation conduct the President personally disfavors. Thus, to the extent the President does have the power to limit access to federal buildings, suspend and revoke security clearances, dictate federal hiring, and manage federal contracts, the Order surpasses that authority and in fact usurps the Judiciary’s authority to resolve cases and sanction parties that come before the courts!” 

The fourth case in which EFF filed a brief involved Trump’s April 9 EO against Susman Godfrey. In that case, Judge Loren L. AliKhan is still considering whether to issue a permanent injunction, but on April 15 gave a fiery ruling from the bench in granting a temporary restraining order against the EO’s enforcement. 

“The executive order is based on a personal vendetta against a particular firm, and frankly, I think the framers of our Constitution would see this as a shocking abuse of power,” AliKhan said, as quoted by Courthouse News Service. "The government cannot hold lawyers hostage to force them to agree with it, allowing the government to coerce private business, law firms and lawyers solely on the basis of their view is antithetical to our constitutional republic and hampers this court, and every court’s, ability to adjudicate these cases.” 

And, as quoted by the New York Times: “Law firms across the country are entering into agreements with the government out of fear that they will be targeted next and that coercion is plain and simple. And while I wish other firms were not capitulating as readily, I admire firms like Susman for standing up and challenging it when it does threaten the very existence of their business. … The government has sought to use its immense power to dictate the positions that law firms may and may not take. The executive order seeks to control who law firms are allowed to represent. This immensely oppressive power threatens the very foundations of legal representation in our country.” 

As we wrote when we began filing amicus briefs in these cases, an independent legal profession is a cornerstone of democracy and the rule of law. As a nonprofit legal organization that frequently sues the federal government, EFF understands the value of this bedrock principle and how it–and First Amendment rights more broadly–are threatened by President Trump’s executive orders. It is especially important that the whole legal profession speak out against these actions, particularly in light of the silence or capitulation of a few large law firms. 

We’re glad the courts agree.

In the wake of the California State Senate’s passage of S.B. 690, the Electronic Frontier Foundation (EFF), TechEquity, Consumer Federation of California, Tech Oversight California, ACLU California Action, Privacy Rights Clearinghouse, and the California Low Income Consumers Coalition issued a joint statement warning that the bill would put the safety and privacy of millions of Californians at serious risk:

“SB 690 gives the green-light to dystopian big tech surveillance practices which will endanger the privacy and safety of all Californians. SB 690 would allow companies to spy on us to get our sensitive personal information, such as our immigration status or what healthcare we’ve received. And once they have our sensitive personal information, SB 690 places no limits on how that business can use or share that information, allowing them to share it with data brokers, immigration officials, or law enforcement officials in states that restrict reproductive or gender-affirming care.

“At a time where agencies of the federal government are actively targeting individuals based on information collected from businesses about their political beliefs, religious affiliations, or health decisions, we cannot risk sharing even more sensitive information with them. The legislature should be doing all it can to protect Californians, not make it easier for the federal government to secretly obtain our sensitive information.”

Update: This post has been updated to reflect additional signers. 

Background

Coalition Floor Alert Opposing SB 690

Take Action Against SB 690

Many in Silicon Valley, and in U.S. business at large, seem to believe innovation springs only from competition, a race to build the next big thing first, cheaper, better, best. But what if collaboration and community breeds innovation just as well as adversarial competition?

%3Ciframe%20height%3D%2252px%22%20width%3D%22100%25%22%20frameborder%3D%22no%22%20scrolling%3D%22no%22%20seamless%3D%22%22%20src%3D%22https%3A%2F%2Fplayer.simplecast.com%2Ffb16baef-bf64-4c2b-9069-ad1dfaade04b%3Fdark%3Dtrue%26amp%3Bcolor%3D000000%22%20allow%3D%22autoplay%22%3E%3C%2Fiframe%3E Privacy info. This embed will serve content from simplecast.com

    

(You can also find this episode on the Internet Archive and on YouTube.)

Isabela Fernandes believes free, open-source software has helped build the internet, and will be key to improving it for all. As executive director of the Tor Project – the nonprofit behind the decentralized, onion-routing network providing crucial online anonymity to activists and dissidents around the world – she has fought tirelessly for everyone to have private access to an uncensored internet, and Tor has become one of the world's strongest tools for privacy and freedom online.  

Fernandes joins EFF’s Cindy Cohn and Jason Kelley to discuss the importance of not just accepting technology as it’s given to us, but collaboratively breaking it, tinkering with it, and rebuilding it together until it becomes the technology that we really need to make our world a better place. 

In this episode you’ll learn about:

• How the Tor network protects the anonymity of internet users around the world, and why that’s so important 
• Why online privacy is NOT only for “people who have something to hide” 
• The importance of making more websites friendly and accessible to Tor and similar systems 
• How Tor can actually benefit law enforcement  
• How free, open-source software can power economic booms 

Isabela Fernandes has been executive director of the Tor Project since 2018; she had been a project manager there since 2015.  She also has served since 2023 as a board member of both European Digital Rights – an association of civil and human rights organizations aimed at building a people-centered, democratic society – and The Engine Room, a nonprofit that supports social justice movements to use technology and data in safe, responsible and strategic ways, while actively mitigating the vulnerabilities created by digital systems. Earlier, Fernandes worked as a product manager for Twitter; Latin America project manager for North by South, which offered open-source technology integration to companies using  expertise of Latin American free software specialists; as a project manager for Brazil’s President, overseeing migration of the IT department to free software; and as a technical advisor to Brazil’s Ministry of Communications, creating and implementing new features and free-software tools for the National Digital Inclusion Program serving 3,500 communities. She’s a former member of the board of the Calyx Institute, an education and research organization devoted to studying, testing and developing and implementing privacy technology and tools to promote free speech, free expression, civic engagement and privacy rights on the internet and in the mobile telephone industry. And she was a cofounder and longtime volunteer with Indymedia Brazil, an independent journalism collective. 

Resources: 

• “We Are Making the Tech We Want” panel discussion at The Tech We Want online summit (Oct. 17, 2024) 
• Help Net Security: “Delivering privacy in a world of pervasive digital surveillance: Tor Project’s Executive Director speaks out” (Aug. 2, 2023) 
• EFF: “EFF Now Has Tor Onions” (Apr. 26, 2023)
• Marco Civil Law of the Internet in Brazil 
• EFF’s Tor University Challenge

What do you think of “How to Fix the Internet?” Share your feedback here.

Transcript

ISABELA FERNANDES: If Tor is successful, the internet would be built by its heart, right? Like the elements that Tor carries, which is community, which is decentralization. Instead of having everything focused on a few small companies would be more distributed. I come from the free software world, so I am always excited with, and I have lived at moments.
In my life where I saw I could touch it, I could touch the moment where the source code would be shared and multiple areas of society would benefit from it. Collaboration allows amazing innovation. We are here today because of free software. If it wasn't for that, we would not be here today.

CINDY COHN: That's Isabela Fernandes, head of the Tor Project, describing the beautiful promise of collaboration, community and innovation that is instilled in the free software world – and the important role it plays as we look forward to that better future we’re always talking about on this show.
I'm Cindy Cohn, the executive director of the Electronic Frontier Foundation.

JASON KELLEY: And I'm Jason Kelley, EFF's Activism Director. This is our podcast series, How to Fix the Internet.

CINDY COHN: The idea behind this show is that we're trying to make our digital lives BETTER. You know, a big part of our job at EFF is to envision the ways things can go wrong online-- and then of course jumping into action to help when things then DO go wrong.
But this show is about optimism, hope and solutions – we want to share visions of what it looks like when we start to get it right.

JASON KELLEY: And our guest today is someone whose vision of getting it right is stronger than most.

CINDY COHN: Isabela Fernandes has been an important presence in the security and free software communities for a really long time now.
She's been the executive director at the Tor project since 2018, and before that she was a product manager there. And I'm happy to say that when I was on the board of the Tor project, I was one of the board members that strongly recommended Isa for the executive director role.
She was and continues to be not only a brilliant mind, but a skilled executor. With the Tor Project providing a model for an open source tool that works, is trusted and literally saves lives around the world. We are so thrilled to have her here. Welcome, Isa.

ISABELA FERNANDES: Hi. Thank you.

JASON KELLEY: We're really excited to talk to you and I wanted to start, if I could, with some basics. I think a lot of our audience, you know, has heard of Tor. Maybe they know what the Tor browser is. But some of these things pop up and I think, you know, some people don't know the difference between. A torrent and a tour browser and like what the tour project actually works on. So what is the Tor Project? What are the tools that you’re sort of responsible for creating and maintaining there?

ISABELA FERNANDES: So the Tor Project is actually a non-profit. And our mission is to advance human rights through the technology that we build, right?
So Tor is very similar to a VPN, but much better. We have a decentralized network that is run by volunteers, that whenever you are making a connection to a service or a website, our network will route you through three servers and it's gonna encrypt it every step of the way. And because of this architecture, it's not centralized on anyone or any entity.
It's completely decentralized to thousands of servers around the world. And we also have the Tor browser, which is a fork of Firefox, and what the Tor browser does besides making it easier for you to connect to the to network, it protects your privacy on the device level, so it blocks third party cookies, it also protects you against fingerprinting tracking and other ways that your device identity can leak.

JASON KELLEY: Okay, so just to dig in and make sure I understand, if I'm on a VPN I'm, you know, basically connecting to another server. And all of my connections are going through that. And usually I can, like, pick where they are from a short list of, you know, potential servers in cities and countries.
But with Tor, I don't choose where I'm going or what those three connections are, but it adds that extra layer of protection because three is better than one. But, but why is that? I'm just like, I wonder for the audience who might not know, you know, why three, why not five, or why not two?

ISABELA FERNANDES: Right, so, three, mainly because, so it works like this, right? Like the first server will know who you are because you're connecting to Tor –

JASON KELLEY: Sure, ok.

ISABELA FERNANDES: But it does not know what you are requesting. The middle one does not know who you are and have no idea about what you are requesting, and the exit one, the third one, only knows that someone on the internet is requesting to open a website,

JASON KELLEY: Got it.

ISABELA FERNANDES: So that count is great because if it was only two, that information you, you would still have some way to discover it and to understand where the information is coming from and where it is going.
So three, it is indeed a sweet number for you to have the level of privacy and that we want without building more latency to the connection.

JASON KELLEY: Okay. And then I'm gonna ask one more question. Um. About the technical aspect. Over the last like decade plus, most of the web has become encrypted. The HTTP level has become HTTPS, and that's something that EFF has worked on with our Certbot project, and Let's Encrypt. And if I'm not super familiar with the difference between, you know, how HTTPS is encrypted versus what TOR is doing.
Why do I still need to use Tor? What is it saving? What, how is it protecting my privacy if, if, quote unquote, the web is already encrypted?

ISABELA FERNANDES: Um, let's give this example, right? Like HTTPS would be encrypting your connection to the website. So when you do, you type your username or password, that information is encrypted. However, the server who is watching still would know who you are and where you're coming from. With Tor, you gain that other layer of protection, right? Like, nobody would know who you are and where you like, uh, and what you are requesting except for the website. So it protects you from outside watchers who might be surveilling your connection, also protects you from other tracking mechanisms on the internet.
So the ideal scenario is for you to use both. Right, like it's for you to not only use Tor, but make sure that you're connected to a website that has HTTPS as well.

JASON KELLEY: Wow. Okay. That's really helpful. Thank you so much. I feel like I'm getting tech tech support from the literal executive director of the Tor Project, but I think a lot of people you know that come to us at EFF for privacy or security recommendations really do not understand some of these, you know, somewhat basic things that you're describing about the difference between proxies and encrypted sites and VPNs and Tor, and, um, I think it's just really important for people to know how these different tools work, because they're always, you know, different tools function for different purposes, right.

CINDY COHN: Yeah. And it's, you know, security is hard. It actually requires, I mean, it would be great if there was a one size fits all security. And I think that if you look at all the pieces that Tor’s building, they're, they're moving towards that.
I want us to talk a little bit more about the why of Tor, 'cause we've really outlined the how of Tor, and I wanna give you a chance to kind of debunk one of the arguments that we hear all the time at EFF, which is, you know, why do people need all this security? If you're not doing anything wrong, you know, why should you worry? Um, or is it all just hopeless and shouldn't I just give up?
But let's start with the first one, and I know that you've done a lot of work at Tor trying to really think hard about who needs these tools, who uses these tools in a way that's privacy protective. So I wonder if you could outline a little bit of kind of what you guys know about who uses Tor and why.

ISABELA FERNANDES: There is a spectrum, and I always like to give examples from the two sides of this spectrum. We collect a lot of anonymous stories from users, and let's call this one Brian. So we have Brian. He’s a father and he has two teenage kids at home.
And, uh, you know, as teenagers, they have questions about everything, right? Like about sex, gender, drugs, everything. So he recommends his kids to use Tor when they're searching for those topics on the internet. And sometimes he needs to search some topics himself. You know, like the kids bring a topic that he had no idea what it is about.
So they use Tor to make sure that those searches does not follow those teenage kids for the rest of their lives. Right. Like it's not tagged to them for the rest of their life. So we recommend his kids to use Tor. And then you have on the other side of the spectrum, um, let's call her Carolina.
Carolina is a woman in Uganda. Uh, she's a lesbian. And in Uganda, you can face criminal charge for that. So Carolina just wants to have a normal social online life. And because it's so dangerous in Uganda for her, she really needs to make sure that she's protected and anonymous online when she's interacting with her friends or just looking for topics that is related to her lifestyle. So she used Tor to be safe online, uh, to just have a normal social life on the internet. We did a research, which I thought was very interesting. We put a question on a browser, it was anonymous and anyone could answer.
And we had like a, almost like a 55,000 people answering that question and was how often you use Tor, the Tor browser. And actually more than half of that said that they use one, uh, a few times a day or a few times a week. And that for me says a lot, right? Like it's for those moments where you're like, okay, this, I will want to do on Tor. I don't want the rest of the internet to collect this information and restore it and attach that to my behavior profile.
And that for me, it's what is important, right? Like if people may think that everything is lost and there is no reason to do that. And I think the other way around, I think, uh, it is possible for you to create black spots about your behavior online. And that's what tools like Tor can allow you to do, right? Like you can, uh, create some black spots about you on the internet that protects your privacy.
I think today people do care a lot about their privacy and one example about, which is related to privacy that I always bring to people, it's how dangerous it is to compare the need and the right to be anonymous. With the need to hide something that you don't want others to know or some illegal activity, because anonymity is actually one of the pillars of our democracy. Your vote is anonymous for a reason. So for you to exercise your citizen rights, you need to have privacy.

CINDY COHN: Yep. I think that's exactly right. And I also think we're living in times when things are moving so fast about who's at risk and who's not at risk, that a lot of people are waking up to the fact that just because you might not need privacy in one zone of your life or in one time that we're living in, doesn't mean that that can't change really quickly.
And having the tools available and ready and working is one of the things that we can do – we meaning people in tech – to make sure that as times change, people have the tools that they need to stay safe and to stay protected, and to, to organize, you know, opposition, to organize for change.

Musical transition

CINDY COHN: I think that this is happening a lot, but I'm wondering how you think about helping people reclaim the idea that privacy isn't something we should be ashamed of, that privacy is something that we should be proud of.
I hear you say, and I think that's totally right, it's a pillar of an open and self-governing world. How do you help convince people about that?

ISABELA FERNANDES: Let me step by for a second. Every time, like you might have like heard this from multiple people, right? Like they complain about ads following them, or give an example. Oh, I, I was talking with my friend about bicycles and now all these bicycles ads are showing up, my phone is listening to me.
Right? Like, so I think those are the perfect moment for you to go deeper into the matter of privacy, right? Like, imagine if it was not bicycles, imagine if it was about a government decision that you were talking about, right? That is the moment, right? Like you need to connect with people when they are presenting to you the problem.
So it's, it's fundamental, right? Like that makes super, super easy for someone to understand. But the next step in it is like they ask you how, how do I protect myself. And sometimes I feel like, uh, our work at Tor is not only to create tools. But to make it easier for people to use, it needs to be friendly, it needs to be familiar, right?
Like, uh, that's why the Tor browser is super nice because it's just like any other browser. People hear about Tor and they think it's like, oh, it is this hacker tool that I need to have a special excuse to use. No, it's just like any other browser that you open and you use and you can use on your phone, you can use anywhere.
So it is extremely important to bring awareness when people are identifying the problem, even if it is in an informal conversation or in a more, uh, global conversation, right? Like sometimes those problems arise in global news. Uh, we have multiple, uh, examples of that. Cambridge Analytica was one of it.
And, um, at those, those moments, we need to learn how to connect. But when we connect, we need to also be able to provide solutions that it's easy and familiar to people so they can have hope. They can look at it and they can say, okay, I can control this, right? Like, I can control, I can protect myself, I can protect my privacy.
And those elements come in altogether, right? Like it's not, uh, a one, uh, catchphrase that will make it happen. You need to combine all those elements in the process, right? So it's doesn't seem too hard and people feel empowered to have agency to take action.

CINDY COHN: Yep. I think that's right. So what we try to do in this podcast is kind of flip the script and think about what would the world look like if we got it. All right. So what would the world look like if Tor was immensely successful? What's your vision of the world where we get this right.

ISABELA FERNANDES: In the case of Tor, I think, uh, one thing would be that service and websites, they are friendly to Tor. So if a user is coming to connect to an application, or to a website, that website would know it and would be friendly to it. This is one of the biggest problems right now, right? Like some websites are not friendly to Tor or solutions like Tor. So that would be number one, right?

CINDY COHN: Yep.

ISABELA FERNANDES: So if Tor is successful, we would have an internet or a world with technology, right? Like, to go a little bit the on internet where technology is driven by sharing, by collaboration and the model of it. It's not about the data. And the business model of it would, it can be unique to each case of services, but would not necessarily be the typical one That is the easy one between quotes of let's collect all the data, either to use it for advertise or sell it to, uh, data brokers so we can make some money out of it. Right?
Like, uh, I think that if Tor would be successful, we would have the philosophy of Tor being part of the heart of what it's building, the technology worldwide.

CINDY COHN: Yeah, I think that's great. Um, in some ways, you know, Tor wouldn't need to exist as a separate project because the Tor values would be built into everything. And what I hear there is that that also includes the way Tor has been developed, the open source collaborative, transparent process by which tools were developed would be part of what gets baked in - it's a good vision.

Music transition

JASON KELLEY: Let’s take a quick moment to say thank you to our sponsor.
How to Fix the Internet is supported by The Alfred P. Sloan Foundation’s Program in Public Understanding of Science and Technology. Enriching people’s lives through a keener appreciation of our increasingly technological world and portraying the complex humanity of scientists, engineers, and mathematicians.
We also want to thank EFF members and donors. You are the reason we exist. We will talk a little later in this episode about how important funding from the community is to the work that we do. You can become a member of EFF’s community for just $25.
The more members we have, the more power we have - in statehouses, courthouses, and on the streets. EFF has been fighting for digital rights for decades, and that fight is bigger than ever, so please, if you like what we do, go to eff.org/pod to donate.
And now, back to our conversation with Isabela Fernandes and the impact that free software and the community of people making it has had on her life.

ISABELA FERNANDES: I was raised by free software. Everything I know comes from this, from not only the software itself but the community. So all my skills come from it. So, uh, in the early 2000s, I joined a volunteer network, Colored in the Media was an independent news website, globe-wide. Uh, I built the one for Brazil and we did everything, uh, with free software, right?
Like it was an open publish website. When I explain to people nowadays about it, like you didn't need a username or password to publish your article on that platform, and we have hundreds of those sites around the world, and I did this work for 10 years because I really believe in the democratization of information, and I saw the internet as the root of it. And I saw how powerful that was because it was the beginning of the internet in many parts of the world, here in Brazil was just starting, and not everybody had a connection, and here we were with this powerful tool to democratize, uh, communication in Brazil.
And through that experience, I was invited to work for the federal government in, uh, series of free software initiatives being one of them, in digital inclusion, we would build solutions to communities, um, was a basket of solutions and that was from online stores, uh, they could sell their own products online, uh, to Voiceover IP. At the time it was like there was no cell phones. I'm talking about 2003, uh, like 2004. There was no cell phone.
I arrived to a community one month after they had power for the first time in their life, and I was bringing internet, you know, like, and I'm like, okay, you have internet. What do you want? They didn't have a phone number, a phone line, so I created Voiceover IP. I was like, you can call anywhere in Brazil with this computer. And there was a line with 20 people right away to make phone calls. But that's, we were doing this, we were like going to, uh, the favelas in Brazil and collecting all the teenagers and saying ‘what do you want?’ Like, ‘oh, I wanna record my music.’ And we were recording the music on CDs using everything, free software. Some communities were like, we wanna, uh, document because they have a lot of, uh, folklore stories that is only oral and they wanted to document it. We created a wiki for them to document it. So, education, go to public schools – we did a lot of that with free software. And at the same time, why this was possible, right? Like was because of the culture that was changing. The culture was, okay, we are not gonna use proprietary software anymore. We are not gonna use the money from the country that we barely have to pay for this big, super expensive license.
Instead, we are gonna use this money to invest on the people, to invest on computer science, the students to invest on conventions, free software meetups, uh, to invest on InstallFest. And we start to do that. And we had like a huge technology boom in Brazil from the private sector, like I said, from the government, from universities, everybody was collaborating.
There was a lot of companies being created to provide different types of service or to maintain software, there was a lot of different business being generated out of it as well.
So I could touch it, I could see it. It is possible. We could like we can do it. Right? Like I actually am always very excited when I, and right now I'm seeing a movement again in Brazil, it's not too public yet, but that is a movement like this, with hundreds of organizations debating and building a strategy to recreate that inside of the country.
So it is possible to build a better world with technology, right? Like better versions of technology for us. It's not a mission impossible thing. It is totally possible.

JASON KELLEY: And it's not the distant past really. I mean, sometimes when you talk about it, like I'm, I was alive at the time, but not, you know, not old enough to be involved in that. And it does sometimes sound like a kind of golden era that's lost forever to people. And it's, it's really great to hear that it's, maybe it's something that's cyclical and, or it's something that, you know, we lost for a brief period and we can get back to. How did that movement that's happening now in Brazil, get sort of reignited?

ISABELA FERNANDES: We're bringing some respect from that time. At that time we have, uh, Linux. Linux Install Fest. So you would bring your machine and you would install Linux. We want to combine any, anytime that you have an event that you're talking about the internet, that you're talking about regulation to have install fests – let's say install Mastodon, let's install Signal. Let's have everybody come out of this event and open for the population, right? Like, because sometimes when you offer those options to people. They don't have a network within that option, so they don't tend to stay.
But if you're doing this at an event and you like, let's say let's install Mastodon and everybody can have their account on different Mastadon instance, but we all following each other and I'm seeing the content and I can see it for real, what that means? And I will leave the event already with a network of people that I can follow on MAs on. Same thing. Every time I do a Signal training, I tell people now they're young, solid, let's copy each other's contact. So we have each other on our Signal account, right? Like, so we have a community. So we are thinking about that combination.

Music transition

JASON KELLEY: I wonder how, you know, again, you talk about some of this and I feel so jealous of, you know, being in this movement, I, I've never really been, you know, an engineer, so I'm sort of looking at the free software and open source communities at a distance. How did you end up sort of getting involved in them and, and do you have any advice for other people you know, today that want to be helpful or, um, want to connect with other people to help build the kind of internet you're talking about?

ISABELA FERNANDES: I end up on this out of necessity. When I was a teenager, I hated school, but I love to learn. I got kicked out of, uh, school multiple times until my dad put me in a technical high school to learn computers, but at the same time, uh, in my house, my parents had to work from 7:00 AM to 11:00 PM. So, you know, the strong survive in the house, it was me and my siblings.
And, uh, I could not touch the computer because my older brother would not let me. So I had to write code with a pen and paper and I hate it. And I start to go to my dad’s office to connect to at night when he would leave at 11, I would arrive and stay till 7:00 AM and that's how I start to learn about Linux.
We didn't have money for a license, so the more I wanted to do with the computer, the more I had to go to free software, you know? And like I said, after that, I joined this media network where we did everything. I learned how to build websites. I learned how to build data centers. We had to have security.
We had to build new products for journalists because we wanted to use free software, but sometimes we didn't have everything, or the solutions we had was not good enough, so we had to improve them to edit an audio or a video, right? Like things like that. So I went through this whole phase because I would not accept the technology that the normal, uh, business model wanted to offer me, I didn't accept that as it is, and I thought something else could happen. And like, uh, every time I talk with young people, I tell them this: Don't accept the technology that is being offered to you as it is. Don't accept it. It is possible. The reason we have free software was because people did not accept it, the technology that it was given to them. And I think that's the spirit.

Music transition

CINDY COHN: Thank you so much, Isa, for coming, and sharing your stories with us and your hope. Um, what a, what a hopeful conversation this was.

ISABELA FERNANDES: Thank you so much, Cindy and Jason. It was great to be here. Thank you.

JASON KELLEY: Well now I know how Tor works, which is great because I've been trying to figure that out for years. Um, three steps. I understand why there are three. This makes a lot more sense to me. And I'm honestly just a lot more hopeful than I was, which is always nice. It doesn't happen every time, but I feel like she's describing a future that actually not only is she, she and the Tor folks helping to build, but that other people can be a part of too, which is great.

CINDY COHN: Yeah, I think sometimes people envision privacy tools as the domain of people who are dark and worried and, and wanting to be self-protective all the time. And what was so refreshing about this, and refreshing about the way Isa and Tor operate in the world, is they're working with some pretty serious issues for people, but they're hopeful, they're building a future, they're very positive, and they have a vision of what the world looks like if we build privacy and security into everything. And, and in some ways it was a really light interview about something that protects people from very dangerous situations.

JASON KELLEY: Yeah. Yeah. And she talked a lot about, you know, what got her into free software. For her, it was kind of the necessity of having to write code on paper and not being able to buy software.
But I think we're coming to have that, for some people, that same necessity, again, for a lot of different reasons, you know, the software is bloated, it's enshittified, as Cory would say. Um, it's, you know, often monopolied in some way and, not that these are good things, but if it gets people back to the point she made where you realize that you can build the things yourself, that you don't have to accept the software that you're given and, and the tech that you're given, you can make your own and edit it and things like that. I think that would be a great outcome, and it sounds like that's already happening.

CINDY COHN: I think the other pieces were just, you know, really emphasizing the community, the need for community and how important community is, both in terms of entry into this, but also in the supporting and maintaining and developing of things and in, in how people use Tor. Right. You know, the Tor project operates because of nodes all across the country that volunteer to hold, you know, to carry other people's things. EFF has has done a Tor challenge a few times where we've tried to get more people to run nodes, whether they're in the middle or in the end. But that community is kind of infused in the way Tor works and it's infused in the vision that she has for a better future too. And that's just so consistent with, you know, what we've heard from people over and over again about how we, how we fix the internet.

JASON KELLEY: And that’s our episode for today – thanks so much for joining us.
If you have feedback or suggestions, we'd love to hear from you. Visit EFF dot org slash podcast and click on listener feedback. While you're there, you can become a member, donate, maybe even pick up some merch and just see what's happening in digital rights this week and every week.
Our theme music is by Nat Keefe of BeatMower with Reed Mathis
And How to Fix the Internet is supported by the Alfred P. Sloan Foundation's program in public understanding of science and technology.
We’ll see you next time.
I’m Jason Kelley…

CINDY COHN: And I’m Cindy Cohn.

MUSIC CREDITS: This podcast is licensed creative commons attribution 4.0 international, and includes the following music that is licensed creative commons attribution 3.0 unported by its creators: Recreation by Airtone. Additional beds and alternate theme remixes by Gaetan Harris.

Approaching San Diego’s first annual review of the city's controversial Flock Safety contract, a local coalition is calling on the city council to roll back this dangerous and costly automated license plate reader (ALPR) program.

The TRUST Coalition—a grassroots alliance including Electronic Frontier Alliance members Tech Workers Coalition San Diego and techLEAD—has rallied to stop the unchecked spread of ALPRs in San Diego. We’ve previously covered the coalition’s fight for surveillance oversight, a local effort kicked off by a “smart streetlight” surveillance program five years ago. 

In 2024, San Diego installed hundreds of AI-assisted ALPR cameras throughout the city to document what cars are driving where and when, then making that data accessible for 30 days.

ALPRs like Flock’s don’t prevent crime—they just vacuum up data on everyone who drives past. The resulting error-prone dragnet can then chill speech and be weaponized against marginalized groups, like immigrants and those seeking trans or reproductive healthcare. 

Despite local and state restrictions barring the sharing of ALPR with federal and out of state agencies, San Diego Police have reportedly disclosed license plate data to federal agencies—including Homeland Security Investigations and Customs and Border Patrol.

Also, despite a local ordinance requiring city council approval before deployment of surveillance technology, San Diego police have reportedly deployed ALPRs and smart streetlights at Comic-Con and Pride without the required approval.

The local coalition is not alone in these concerns. The San Diego Privacy Board recently recommended the city reject the Surveillance Use Policy for this technology. All of this costs the community over $3.5 million last year alone. That is why the TRUST coalition is calling on the city to reject this oppressive surveillance system, and, instead, invest in other essential services which improve day-to-day life for residents.

San Diegans who want to push back can get involved by signing the TRUST Coalition’s  petition, follow the campaign online, and contact their council members to demand the city end its contract with Flock and start respecting the privacy rights of everyone who lives, works, or visits through their community.

New reporting has revealed that the Office of the Director of National Intelligence (ODNI) is attempting to create the Intelligence Community’s Data Consortium–a centralized online marketplace where law enforcement and spy agencies can peruse and buy very personal digital data about you collected by data brokers. Not only is this a massive escalation of the deeply unjust data broker loophole: it’s also another repulsive signal that your privacy means nothing to the intelligence community.

Imagine a mall where every store is run by data brokers whose goods include your information that has been collected by smartphone applications. Depending on your permissions and what applications are on your phone, this could include contacts, behavioral data, financial information, and even your constant geolocation. Now imagine that the only customers in this mall are federal law enforcement officers and intelligence agents who should be going to a judge, presenting their evidence, and hoping the judge grants a warrant for this information. But now, they don’t need evidence or to justify the reason why they need your data. Now they just need taxpayer money, and this newly centralized digital marketplace provides the buying opportunities.

This is what the Office of the Director of National Intelligence wants to build according to recently released contract documents.

Across the country, states are trying desperately to close the loophole that allows the government to buy private data it would otherwise need a warrant to get. Montana just became the first state to make it illegal for police to purchase data, like geolocation data harvested by apps on smartphones. At the federal level, EFF has endorsed Senator Ron Wyden’s Fourth Amendment is Not for Sale Act, which closes this data broker loophole. The bill passed the House last year, but was rejected by the Senate.

And yet, the federal government is doubling down on this very obviously unjust and unpopular policy.

An ODNI that wants to minimize harms against civil liberties would be pursuing the opposite tact. They should not be looking for ways to formalize and institutionalize surveillance loopholes. That is why we not only call on the ODNI to reverse course and scrap the Intelligence Community’s Data Consortium–we also call on lawmakers to finish what they started and pass the Fourth Amendment is Not for Sale Act and close the databroker loophole at the federal level once and for all. We urge all of our supporters to do the same and help us keep the government accountable.

Thanks in part to your support, the right to repair is now law in Washington.

Gov. Bob Ferguson signed two bills guaranteeing Washingtonians' right to access tools, parts, and information so they can fix personal electronics, appliances, and wheelchairs. This is the epitome of common-sense legislation. When you own something, you should have the final say about who fixes, adapts, or modifies it—and how.

When you own something, you should have the final say about who fixes, adapts, or modifies it—and how.

Advocates in Washington have worked for years to pass a strong right-to-repair law in the state. In addition to Washington’s Public Interest Research Group, the consumer electronics bill moved forward with a growing group of supporting organizations, including environmental advocates, consumer advocates, and manufacturers such as Google and Microsoft. Meanwhile, advocacy from groups including  Disability Rights Washington and the Here and Now Project made the case for the wheelchair's inclusion in the right-to-repair bill, bringing their personal stories to Olympia to show why this bill was so important.

And it’s not just states that recognize the need for people to be able to fix their own stuff.  Earlier this month, U.S. Secretary of Defense Pete Hegseth issued a memo stating that the Army should “[identify] and propose contract modifications for right to repair provisions where intellectual property constraints limit the Army's ability to conduct maintenance and access the appropriate maintenance tools, software, and technical data – while preserving the intellectual capital of American industry.” The memo said that the Army should seek this in future procurement contracts and also to amend existing contracts to include the right to repair.

This is a bedrock of sound procurement with a long history in America. President Lincoln only bought rifles with standardized tooling to outfit the Union Army, for the obvious reason that it would be a little embarrassing for the Commander in Chief to have to pull his troops off the field because the Army’s sole supplier had decided not to ship this week’s delivery of ammo and parts. Somehow, the Department of Defense forgot this lesson over the ensuing centuries, so that today, billions of dollars in public money are spent on material and systems that the US military can only maintain by buying service from a “beltway bandit.”

This recognizes what millions of people have said repeatedly: limiting people’s ability to fix their own stuff stands in the way of needed repairs and maintenance. That’s true whether you’re a farmer with a broken tractor during harvest, a homeowner with a misbehaving washing machine or a cracked smartphone screen, a hospital med-tech trying to fix a ventilator, or a soldier struggling with a broken generator.

The right to repair is gaining serious momentum. All 50 states have now considered some form of right-to-repair legislation. Washington is the eighth state to pass one of these bills into law—let’s keep it up.

Correction: An earlier version of this post misstated that Secretary of the Army Dan Driscoll issued the memo, rather than U.S. Secretary of Defense Pete Hegseth. This post has been corrected.

Last month, the U.S. Department of Agriculture issued a troubling order to all state agency directors of Supplemental Nutrition Assistance Programs (SNAP): hand over your data.

This is part of a larger effort by the Trump administration to gain “unfettered access to comprehensive data from all state programs that receive federal funding,” through Executive Order 14243. While the order says this data sharing is intended to cut down on fraud, it is written so broadly that it could authorize almost any data sharing. Such an effort flies in the face of well-established data privacy practices and places people at considerable risk. 

A group SNAP recipients and organizations have thankfully sued to try and block the data sharing granted through the Executive Order.  And the state of New Mexico has even refused to comply with the order, “due to questions and concerns regarding the legality of USDA’s demand for the information,” according to Source NM.

The federal government has said very little about how they will use this information. Several populations targeted by the Trump Administration are eligible to be on the SNAP program, including asylum seekers, refugees, and victims of trafficking. Additionally, although undocumented immigrants are not eligible for SNAP benefits, their household members who are U.S. citizens or have other eligible immigration statuses may be—raising the distinct concern that SNAP information could be shared with immigration or other enforcement authorities.

We all deserve privacy rights. Accessing public benefits to feed yourself shouldn't require you to give those up.

EFF has long advocated for privacy policies that ensure that information provided in one context is not used for other reasons. People who hand over their personal information should do so freely and with full information about how their information will be used. Whether you're seeking services from the government or a company, we all deserve privacy rights. Accessing public benefits to feed yourself shouldn't require you to give those up.

It's particularly important to respect privacy for government programs that provide essential support services to vulnerable populations such as SNAP.  SNAP supports people who need assistance buying food—arguably the most basic need. Often, fear of reprisal and inappropriate government data sharing, such as immigration status of household members not receiving benefits, prevents eligible people from enrolling in food assistance despite need.  Discouraging eligible people from enrolling in SNAP benefits runs counterproductive to the goals of the program, which aim to reduce food insecurity, improve health outcomes, and benefit local economies.

This is just the latest government data-sharing effort that raises alarm bells for digital rights. No one should worry that asking their government for help with hunger will get them in trouble. The USDA must promise it will not weaponize programs that put food on the table during times of need. 

Two dangerous bills have been reintroduced in Congress that would reverse over a decade of progress in fighting patent trolls and making the patent system more balanced. The Patent Eligibility Restoration Act (PERA) and the PREVAIL Act would each cause significant harm on their own. Together, they form a one-two punch—making it easier to obtain vague and overly broad patents, while making it harder for the public to challenge them.

These bills don’t just share bad ideas—they share sponsors, a coordinated rollout, and backing from many of the same lobbying groups. Congress should reject both.

TAKE ACTION

Tell Congress: Don't Bring Back The Worst Patents

PERA Would Legalize Patents on Basic Software—and Human Genes

PERA would overturn long-standing court decisions that have helped keep some of the worst patents out of the system. This includes the Supreme Court’s Alice v. CLS Bank decision, which bars patents on abstract ideas, and Myriad v. AMP, which correctly ruled that naturally occurring human genes cannot be patented.

Thanks to the Alice decision, courts have invalidated a rogue’s gallery of terrible software patents—such as patents on online photo contests, online bingo, upselling, matchmaking, and scavenger hunts. These patents didn’t describe real inventions—they merely applied old ideas to general-purpose computers.

PERA would wipe out the Alice framework and replace it with vague, hollow exceptions. For example: it would ban patents on “dance moves” and “marriage proposals,” but would allow nearly anything involving a computer or machine—even if it only mentions the use of a computer. This is the same language used in many bad software patents that patent trolls have wielded for years. If PERA passes, patent claims  that are currently seen as weak will become much harder to challenge. 

Adding to that, PERA would bring back patents on human genes—exactly what was at stake in the Myriad case. EFF joined that fight, alongside scientists and patients, to prevent patents that interfered with essential diagnostic testing. Congress should not undo that victory. Some things just shouldn’t be patented. 

PERA’s requirement that living genes can constitute an invention if they are “isolated” is meaningless; every gene used in science is “isolated” from the human body. This legal wordplay was used to justify human gene patents for decades, and it’s deeply troubling that some U.S. Senators are on board with bringing them back. 

PREVAIL Weakens the Public’s Best Defense Against Patent Abuse

While PERA makes it easier to obtain a bad patent, the PREVAIL Act makes it harder to get rid of one.

PREVAIL would severely limit inter partes review (IPR), the most effective process for challenging wrongly granted patents. This faster, more affordable process—administered by the U.S. Patent and Trademark Office—has knocked out thousands of invalid patents that should never have been issued.

EFF has used IPR to protect the public. In 2013, we challenged and invalidated a patent on podcasting, which was being used to threaten creators across the internet. Thousands of our supporters chipped in to help us bring that case. Under PREVAIL, that challenge wouldn’t have been allowed. The bill would significantly limit IPR petitions unless you’ve been directly sued or threatened—a major blow to nonprofits, open source advocates, and membership-based defense groups that act in the public interest. 

PREVAIL doesn’t stop at limiting who can file an IPR. It also undermines the fairness of the IPR process itself. It raises the burden of proof, requiring challengers to overcome a presumption that the patent is valid—even when the Patent Office is the one reviewing it. The bill forces an unfair choice: anyone who challenges a patent at the Patent Office would have to give up the right to fight the same patent in court, even though key legal arguments (such as those involving abstract subject matter) can only be made in court.

It gets worse. PREVAIL makes it easier for patent owners to rewrite their claims during review, taking advantage of hindsight about what’s likely to hold up. And if multiple parties want to challenge the same patent, only the first to file may get heard. This means that patents used to threaten dozens or even hundreds of targets could get extra protection, just because one early challenger didn’t bring the best arguments.

These changes aren’t about improving the system. They’re about making it easier for a small number of patent owners to extract settlements, and harder for the public to push back.

A Step Backward, Not Forward

Supporters of these bills claim they’re trying to restore balance to the patent system. But that’s not what PERA and PREVAIL do. They don’t fix what’s broken—they break what’s working.

Patent trolling is still a severe problem. In 2024, patent trolls filed a stunning 88% of all patent lawsuits in the tech sector. 

At the same time, patent law has come a long way over the past decade. Courts can now reject abstract software patents earlier and more easily. The IPR process has become a vital tool for holding the Patent Office accountable and protecting real innovators. And the Myriad decision has helped keep essential parts of human biology in the public domain.

PERA and PREVAIL would undo all of that.

These bills have support from a variety of industry groups, including those representing biotech firms, university tech transfer offices, and some tech companies that rely on aggressive patent licensing. While those voices deserve to be heard, the public deserves better than legislation that makes it easier to secure a 20-year monopoly on an idea, and harder for anyone else to challenge it.

Instead of PERA and PREVAIL, Congress should focus on helping developers, creators, and small businesses that rely on technology—not those who exploit it through bad patents.

Some of that legislation is already written. Congress should consider making end-users immune from patent threats, closing loopholes that allow certain patent-holders to avoid having their patents reviewed, and adding transparency requirements so that people accused of patent infringement can at least figure out who’s making the allegations. 

But right now, EFF is fighting back, and we need your help. These bills may be dressed up as reform, but we’ve seen them before—and we know the damage they’d do.

TAKE ACTION

Tell Congress: Reject PERA and PREVAIL

In criminal prosecutions, electronic monitoring (EM) is pitched as a “humane alternative" to incarceration – but it is not. The latest generation of “e-carceration” tools are burdensome, harsh, and often just as punitive as imprisonment. Fortunately, criminal defense attorneys have options when shielding their clients from this over-used and harmful tech.

Framed as a tool that enhances public safety while reducing jail populations, EM is increasingly used as a condition of pretrial release, probation, parole, or even civil detention. However, this technology imposes serious infringements on liberty, privacy, and due process for not only those placed on it but also for people they come into contact with. It can transform homes into digital jails, inadvertently surveil others, impose financial burdens, and punish every misstep—no matter how minor or understandable.

Even though EM may appear less severe than incarceration, research and litigation reveal that these devices often function as a form of detention in all but name. Monitored individuals must often remain at home for long periods, request permission to leave for basic needs, and comply with curfews or “exclusion zones.” Violations, even technical ones—such as a battery running low or a dropped GPS signal—can result in arrest and incarceration. Being able to take care of oneself and reintegrate into the world becomes a minefield of compliance and red tape. The psychological burden, social stigma, and physical discomfort associated with EM are significant, particularly for vulnerable populations.   

For many, EM still evokes bulky wrist or ankle “shackles” that can monitor a subject’s location, and sometimes even their blood alcohol levels. These devices have matured with digital technology however,  increasingly imposed through more sophisticated devices like smartwatches or mobile phones applications. Newer iterations of EM have also followed a trajectory of collecting much more data, including biometrics and more precise location information.

This issue is more pressing than ever, as the 2020 COVID pandemic led to an explosion in EM adoption. As incarceration and detention facilities became superspreader zones, judges kept some offenders out of these facilities by expanding the use of EM; so much so that some jurisdictions ran out of classic EM devices like ankle bracelets.

Today the number of people placed on EM in the criminal system continues to skyrocket. Fighting the spread of EM requires many tactics, but on the front lines are the criminal defense attorneys challenging EM impositions. This post will focus on the main issues for defense attorneys to consider while arguing against the imposition of this technology.

PRETRIAL ELECTRONIC MONITORING

We’ve seen challenges to EM programs in a variety of ways, including attacking the constitutionality of the program as a whole and arguing against pretrial and/or post-conviction imposition. However, it is likely that the most successful challenges will come from individualized challenges to pretrial EM.

First, courts have not been receptive to arguments that entire EM programs are unconstitutional. For example, in Simon v. San Francisco et.al, 135 F.4th 784 (9 Cir. 2025), the Ninth Circuit held that although San Francisco’s EM program constituted a Fourth Amendment search, a warrant was not required. The court explained their decision by stating that the program was a condition of pretrial release, included the sharing of location data, and was consented to by the individual (with counsel present) by signing a form that essentially operated as a contract. This decision exemplifies the court’s failure to grasp the coercive nature of this type of “consent” that is pervasive in the criminal legal system.

Second, pretrial defendants have more robust rights than they do after conviction. While a person’s expectation of privacy may be slightly diminished following arrest but before trial, the Fourth Amendment is not entirely out of the picture. Their “privacy and liberty interests” are, for instance, “far greater” than a person who has been convicted and is on probation or parole. United States v. Scott, 450 F.3d 863, 873 (9th Cir. 2006). Although individuals continue to retain Fourth Amendment rights after conviction, the reasonableness analysis will be heavily weighted towards the state as the defendant is no longer presumed innocent. However, even people on probation have a “substantial” privacy interest. United States v. Lara, 815 F.3d 605, 610 (9th Cir. 2016). 

THE FOURTH AMENDMENT

The first foundational constitutional rights threatened by the sheer invasiveness of EM are those protected by the Fourth Amendment. This concern is only heightened as the technology improves and collects increasingly detailed information. Unlike traditional probation or parole supervision, EM often tracks individuals with no geographic limitations or oversight, and can automatically record more than just approximate location information.

Courts have increasingly recognized that this new technology poses greater and more novel threats to our privacy than earlier generations. In Grady v. North Carolina, 575 U.S. 306 (2015), the Supreme Court, relying on United States v. Jones, 565 U.S. 400 (2012) held that attaching a GPS tracking device to a person—even a convicted sex offender—constitutes a Fourth Amendment search and is thus subject to the inquiry of reasonableness. A few years later, the monumental decision in Carpenter v. United States, 138 S. Ct. 2206 (2018), firmly established that Fourth Amendment analysis is affected by the advancement of technology, holding that that long-term cell-site location tracking by law enforcement constituted a search requiring a warrant.

As criminal defense attorneys are well aware, the Fourth Amendment’s ostensibly powerful protections are often less effective in practice. Nevertheless, this line of cases still forms a strong foundation for arguing that EM should be subjected to exacting Fourth Amendment scrutiny.

DUE PROCESS

Three key procedural due process challenges that defense attorneys can raise under the Fifth and Fourteenth Amendments are: inadequate hearing, lack of individualized assessment, and failure to consider ability to pay.

Many courts impose EM without adequate consideration of individual circumstances or less restrictive alternatives. Defense attorneys should demand evidentiary hearings where the government must prove that monitoring is necessary and narrowly tailored. If the defendant is not given notice, hearing, or the opportunity to object, that could arguably constitute a violation of due process. For example, in the previously mentioned case, Simon v. San Francisco, the Ninth Circuit found that individuals who were not informed of the details regarding the city’s pretrial EM program in the presence of counsel had their rights violated.

Second, imposition of EM should be based on an individualized assessment rather than a blanket rule. For pretrial defendants, EM is frequently used as a condition of bail. Although under both federal and state bail frameworks, courts are generally required to impose the least restrictive conditions necessary to ensure the defendant’s court appearance and protect the community, many jurisdictions have included EM as a default condition rather than individually assessing whether EM is appropriate. The Bail Reform Act of 1984, for instance, mandates that release conditions be tailored to the individual’s circumstances. Yet in practice, many jurisdictions impose EM categorically, without specific findings or consideration of alternatives. Defense counsel should challenge this practice by insisting that judges articulate on the record why EM is necessary, supported by evidence related to flight risk or danger. Where clients have stable housing, employment, and no history of noncompliance, EM may be more restrictive than justified.

Lastly, financial burdens associated with EM may also implicate due process where a failure to pay can result in violations and incarceration. In Bearden v. Georgia, 461 U.S. 660 (1983), the Supreme Court held that courts cannot revoke probation for failure to pay fines or restitution without first determining whether the failure was willful. Relying on Bearden, defense attorneys can argue that EM fees imposed on indigent clients amount to unconstitutional punishment for poverty. Similarly, a growing number of lower courts have agreed, particularly where clients were not given the opportunity to contest their ability to pay. Defense attorneys should request fee waivers, present evidence of indigence, and challenge any EM orders that functionally condition liberty on wealth.

STATE LAW PROTECTIONS

State constitutions and statutes often provide stronger protections than federal constitutional minimums. In addition to state corollaries to the Fourth and Fifth Amendment, some states have also enacted statutes to govern pretrial release and conditions. A number of states have established a presumption in favor of release on recognizance or personal recognizance bonds. In those jurisdictions, the state has to overcome this presumption before the court can impose restrictive conditions like EM. Some states require courts to impose the least restrictive conditions necessary to achieve legitimate purposes, making EM appropriate only when less restrictive alternatives are inadequate.

Most pretrial statutes list specific factors courts must consider, such as community ties, employment history, family responsibilities, nature of the offense, criminal history, and risk of flight or danger to community. Courts that fail to adequately consider these factors or impose generic monitoring conditions may violate statutory requirements.

For example, Illinois's SAFE-T Act includes specific protections against overly restrictive EM conditions, but implementation has been inconsistent. Defense attorneys in Illinois and states with similar laws should challenge monitoring conditions that violate specific statutory requirements.

TECHNOLOGICAL ISSUES

Attorneys should also consider the reliability of EM technology. Devices frequently produce false violations and alerts, particularly in urban areas or buildings where GPS signals are weak. Misleading data can lead to violation hearings and even incarceration. Attorneys should demand access to raw location data, vendor records, and maintenance logs. Expert testimony can help demonstrate technological flaws, human error, or system limitations that cast doubt on the validity of alleged violations.

In some jurisdictions, EM programs are operated by private companies under contracts with probation departments, courts, or sheriffs. These companies profit from fees paid by clients and have minimal oversight. Attorneys should request copies of contracts, training manuals, and policies governing EM use. Discovery may reveal financial incentives, lack of accountability, or systemic issues such as racial or geographic disparities in monitoring. These findings can support broader litigation or class actions, particularly where indigent individuals are jailed for failing to pay private vendors.

Recent research provides compelling evidence that EM fails to achieve its stated purposes while creating significant harms. Studies have not found significant relationships between EM of individuals on pretrial release and their court appearance rates or likelihood of arrest. Nor do they show that law enforcement is employing EM on individuals they would otherwise put in jail.

To the contrary, studies indicate that law enforcement is using EM to surveil and constrain the liberty of those who wouldn't otherwise be detained, as the rise in the number of people placed on EM has not coincided with a decrease in detention. This research demonstrates that EM represents an expansion of government control rather than a true alternative to detention.

Additionally, EM devices may be rife with technical issues as described above. Communication system failures that prevent proper monitoring, and device malfunctions that cause electronic shocks. Cutting of ankle bracelets is a common occurrence among users, especially when the technology is malfunctioning or hurting them. Defense attorneys should document all technical issues and argue that unreliable technology cannot form the basis for liberty restrictions or additional criminal charges.

CREATING A RECORD FOR APPEAL

Attorneys should always make sure they are creating a record on which the EM imposition can be appealed, should the initial hearing be unsuccessful. This will require lawyers to include the factual basis for challenge and preserve the appropriate legal arguments. The modern generation of EM has yet to undergo the extensive judicial review that ankle shackles have been subjected to, making it integral to make an extensive record of the ways in which it is more invasive and harmful, so that it can be properly argued to an appellate court that the nature of the newest EM requires more than perfunctory application of decades-old precedence. As we saw with Carpenter, the rapid advancement of technology may push the courts to reconsider older paradigms for constitutional analysis and find them wanting. Thus, a comprehensive record would be critical to show EM as it is—an extension of incarceration—rather than a benevolent alternative to detention. 

Defeating electronic monitoring will require a multidimensional approach that includes litigating constitutional claims, contesting factual assumptions, exposing technological failures, and advocating for systemic reforms. As the carceral state evolves, attorneys must remain vigilant and proactive in defending the rights of their clients.

EFF has joined more than 80 civil society organizations, companies, and cybersecurity experts in signing a letter urging the European Commission to change course on its recently announced “Technology Roadmap on Encryption.” The roadmap, part of the EU’s ProtectEU strategy, discusses new ways for law enforcement to access encrypted data. That framing is dangerously flawed. 

Let’s be clear: there is no technical “lawful access” to end-to-end encrypted messages that preserves security and privacy. Any attempt to circumvent encryption—like client-side scanning—creates new vulnerabilities, threatening the very people governments claim to protect.

This letter is significant in not just its content, but in who signed it. The breadth of the coalition makes one thing clear: civil society and the global technical community overwhelmingly reject the idea that weakening encryption can coexist with respect for fundamental rights.

Strong encryption is a pillar of cybersecurity, protecting everyone: activists, journalists, everyday web users, and critical infrastructure. Undermining it doesn’t just hurt privacy. It makes everyone’s data more vulnerable and weakens the EU’s ability to defend against cybersecurity threats.

EU officials should scrap any roadmap focused on circumvention and instead invest in stronger, more widespread use of end-to-end encryption. Security and human rights aren’t in conflict. They depend on each other.

You can read the full letter here.

Laila Soueif has now been on hunger strike for 245 days. On Thursday night, she was taken to the hospital once again. Soueif’s hunger strike is a powerful act of protest against the failures of two governments. The Egyptian government continues to deny basic justice by keeping her son, Alaa Abd el-Fattah, behind bars—his only “crime” was sharing a Facebook post about the torture of a fellow detainee. Meanwhile, the British government, despite Alaa’s citizenship, has failed to secure even a single consular visit. Its muted response reflects an unacceptable unwillingness to stand up for the rights of its own citizens.

This is the second time this year that Soueif’s health has collapsed due to her hunger strike. Now, her condition is dire. Her blood sugar is dangerously low, and every day, her family fears it could be her last. Doctors say it’s a miracle she’s still alive.

Her protest is a call for accountability—a demand that both governments uphold the rule of law and protect human rights, not only in rhetoric, but through action.

Late last week, after an 18-month investigation, the United Nations Working Group on Arbitrary Detention (UNWGAD) issued its Opinion on Abd el-Fattah’s case, stating that he is being held unlawfully by the Egyptian government. That Egypt will not provide the United Kingdom with consular access to its citizen further violates the country’s obligations under international law. 

As stated in a letter to British Prime Minister Keir Starmer by 21 organizations, including EFF, the UK must now use every tool it has at its disposal to ensure that Alaa Abd el-Fattah is released immediately.

EFF has long advocated for affordable, accessible, and future-proof internet access for all. Digital equity, the condition in which everyone has access to technology that allows them to participate in society, is an issue that I’ve been proud to organize around. So, it’s awesome to connect with a group that's doing something to address it in their community.

Recently I got the chance to catch up with Maritza Grooms, Director of Community Relations at EFA member CCTV Cambridge, who told me about the results of their work and the impact it's having on their local community.

How’s your digital inclusion work going and what's been the results within the community?

CCTV has had a year of transition and change. One of the biggest was the establishing of the Digital Navigator Pilot Program in collaboration with multiple partners funded in part by Masshire Metro North Workforce Investment Board through the Mass Broadband Institute. This program has already had a great impact in Cambridge since its official launch in August 2024, serving 492 community members! This program demonstrates the clear need for digital navigator services in Cambridge and beyond. Our community has used this service to get devices that have allowed them restart their career journey or go back to school, and take digital literacy classes to gain new skills to help them along the way.

The Electronic Frontier Alliance works to uphold the principles of free expression, information security, privacy, creativity, and access to knowledge. What guides your organization and how does digital equity tie into it?

CCTV's mission is to nurture a strong, equitable, and diverse community by providing tools and training to foster free speech, civic engagement, access to knowledge, and creative expression. The Digital Navigator program fulfills this mission not only for the community we serve, but in the ripple effects that generate from our community members having the tools to participate in our society. The Digital Navigator Pilot Program aims to bridge the digital divide in Cambridge, specifically supporting BIPOC, immigrant, and low-income communities to enhance economic mobility.

How can people support and plug-in to what you’re doing?

We cannot do this alone. It takes a village, from partners in the work like our friends at EFF, and supporters alike. We encourage anyone to reach out to maritza@cctvcambridge.org to find out how you can support this program or visit cctvcambridge.org/support to support today and invite donations at your convenience. Follow us on social media @cctvcambridge!

Thanks again to Maritza for speaking with us. If you're inspired by CCTV Cambridge's work, consider joining a local EFA ally, or bringing your own group into the alliance today!

In a chilling sign of how far law enforcement surveillance has encroached on personal liberties, 404 Media recently revealed that a sheriff’s office in Texas searched data from more than 83,000 automated license plate reader (ALPR) cameras to track down a woman suspected of self-managing an abortion. The officer searched 6,809 different camera networks maintained by surveillance tech company Flock Safety, including states where abortion access is protected by law, such as Washington and Illinois. The search record listed the reason plainly: “had an abortion, search for female.”

screenshot_2025-05-30_at_11.08.40_am.png

Screenshot of data

After the U.S. Supreme Court’s 2022 Dobbs v. Jackson Women’s Health Organization decision overturned Roe v. Wade, states were given sweeping authority to ban and even criminalize abortion. In Texas—where the officer who conducted this search is based—abortion is now almost entirely banned. But in Washington and Illinois, where many of the searched Flock cameras are located, abortion remains legal and protected as a fundamental right up to fetal viability.

The post-Dobbs legal landscape has also opened the door for law enforcement to exploit virtually any form of data—license plates, phone records, geolocation data—to pursue individuals across state lines. EFF’s Atlas of Surveillance has documented more than 1,800 agencies have deployed ALPRs, but at least 4,000 agencies are able to run searches through some agencies in Flock's network. Many agencies share the data freely with other agencies across the country, with little oversight, restriction, or even standards for accessing data. 

While this particular data point explicitly mentioned an abortion, scores of others in the audit logs released through public records requests simply list "investigation" as the reason for the plate search, with no indication of the alleged offense. That means other searches targeting someone for abortion, or another protected right in that jurisdiction, could be effectively invisible.

This case underscores our growing concern: that the mass surveillance infrastructure—originally sold as a tool to find stolen cars or missing persons—is now being used to target people seeking reproductive healthcare. This unchecked, warrant-less access that allows law enforcement to surveil across state lines blurs the line between “protection” and persecution.

From Missing Cars to Monitoring Bodies

EFF has long warned about the dangers of ALPRs, which scan license plates, log time and location data, and build a detailed picture of people's movements. Companies like Flock Safety and Motorola Solutions offer law enforcement agencies access to nationwide databases of these readers, and in some cases, allow them to stake out locations like abortion clinics, or create “hot lists” of license plates to track in real time. Flock's technology also allows officers to search for a vehicle based on attributes like color, make and model, even without a plate number.

The threat is compounded by how investigations often begin. A report published by If/When/How on the criminalization of self-managed abortion found that about a quarter of adult cases (26%) were reported to law enforcement by acquaintances entrusted with information, such as “friends, parents, or intimate partners” and another 18% through “other” means. This means that with ALPR tech, a tip from anyone can instantly escalate into a nationwide manhunt. And as Kate Bertash of the Digital Defense Fund explained to 404 Media, anti-abortion activists have long been documenting the plates of patients and providers who visit reproductive health facilities—data that can now be easily cross-referenced with ALPR databases.

The 404 Media report proves that this isn’t a hypothetical concern. In 2023, a months-long EFF investigation involving hundreds of public records requests uncovered that many California police departments were sharing records containing detailed driving profiles of local residents with out-of-state agencies, despite state laws explicitly prohibiting this. This means that even in so-called “safe” states, your data might end up helping law enforcement in Texas or Idaho prosecute you—or your doctor. 

That’s why we demanded that 75 California police departments stop sharing ALPR data with anti-abortion states, an effort that has largely been successful.

Surveillance and Reproductive Freedom Cannot Coexist

We’ve said it before, and we’ll say it again: Lawmakers who support reproductive rights must recognize that abortion access and mass surveillance are incompatible. 

The systems built to track stolen cars and issue parking tickets have become tools to enforce the most personal and politically charged laws in the country. What began as a local concern over privacy has escalated into a national civil liberties crisis.

Yesterday’s license plate readers have morphed into today’s reproductive dragnet. Now, it’s time for decisive action. Our leaders must roll back the dangerous surveillance systems they've enabled. We must enact strong, enforceable state laws to limit data sharing, ensure proper oversight, and dismantle these surveillance pipelines before they become the new normal–or even just eliminate the systems altogether.

Donate

Help protect privacy online & offline for everyone

“The right to privacy is being threatened by the indiscriminate collection, maintenance, and dissemination of personal information and the lack of effective laws and legal remedies,” some astute California lawmakers once wrote. “The increasing use of computers and other sophisticated information technology has greatly magnified the potential risk to individual privacy that can occur from the maintenance of personal information.”

Sound familiar? These words may sound like a recent push back on programs that want to slurp up the information sitting in ever-swelling government databases. But they’re not. They come from a nearly 50-year-old California law.

The “Information Practices Act of 1977”—or the IPA for short—is a foundational state privacy law and one of several privacy laws directly responding to the Watergate scandal, such the federal Privacy Act of 1974 and California’s own state constitutional right to privacy.

Now, as we confront a new era of digital surveillance and face our own wave of concern about government demands for data, it's time to revisit and update the IPA.

TAKE ACTION

The IPA puts a check on government use of personal information by establishing guardrails for how state agencies maintain, collect, and disseminate data. It also gives people the right to access and correct their information.

While the need for the law has not changed, the rest of the world has. Particularly, since the IPA passed in 1977, far more data collection is now done at the county and city level. Yet local and county government entities have no standard protections in the state of California. And those entities have troves of data, whether it’s the health data collected from vaccine programs or held by county-administered food programs.

As demand for this type of local data grows, we need to tap back into the energy of the ‘70s. It’s time to update the IPA so it can respond to the world we live in today. That’s why EFF is proud to co-sponsor A.B. 1337, authored by Assemblymember Chris Ward (D-San Diego), with our close friends at Oakland Privacy.

Specifically, A.B. 1337, also known as the IPA Reform Act:

• Expands the definition of covered entities in the IPA to include local agencies, offices, departments and divisions.
• Prevents information collected from being used for unintended or secondary purposes without consent.
• Makes harmful negligent and improper release of personal information punishable as a misdemeanor.
• Requires that IPA disclosure records be kept for three years and cannot be destroyed prior to that period.
• Aligns the definition of personal information and sensitive personal information with the California Privacy Rights Act to include location data, online browsing records, IP addresses, citizenship status, and genetic information.

Privacy is foundational to trust in government. That’s part of the lesson we learned from the 1970s. (And trust in government is lower today than it was then.)

We need to be confident that the government is respecting our personal information and our privacy. More than ever, California residents face imminent danger of being targeted, persecuted, or prosecuted for seeking reproductive healthcare, their immigration status, practicing a particular religion, being of a particular race, gender identity, or sexual orientation—or simply for exercising their First Amendment rights.

California is a national leader on consumer privacy protections, having passed a landmark comprehensive privacy law and established the nation’s first state privacy agency. Now, its local governments must catch up.

We cannot afford to wait for these protections any longer. Passing A.B. 1337 is good governance, good policy, and just good sense. If you’re a California resident, tell your Assemblymember to support the bill today.

TAKE ACTION