EFF update

Interviewer: Jillian York

Laura Vidal is a Venezuelan researcher and writer focused on digital rights, community resilience, and the informal ways people learn and resist under authoritarian pressure. She holds a Doctorate in Education Sciences and intercultural communication, and her work explores how narratives, digital platforms, and transnational communities shape strategies of care, resistance, and belonging, particularly in Latin America and within the Venezuelan diaspora. She has investigated online censorship, disinformation, and digital literacy and is currently observing how regional and diasporic actors build third spaces online to defend civic space across borders. Her writing has appeared in Global Voices, IFEX, EFF, APC and other platforms that amplify underrepresented voices in tech and human rights.

Jillian York: Hi Laura, first tell me who you are. 

Laura Vidal: I am an independent researcher interested in digital security and how people learn about digital security. I'm also a consultant and a person of communications for IFEX and Digital Action. 

JY: Awesome. And what does free speech mean to you? 

LV: It means a responsibility. Free speech is a space that we all hold. It is not about saying what you want when you want, but understanding that it is a right that you have and others have. And that also means keeping the space as safe as possible and as free as possible for everybody to express themselves as much as possible safely. 

JY: We've known each other for nearly 20 years at this point. And like me, you have this varied background. You're a writer, you've shifted toward digital rights, you pursued a PhD. Tell me more about the path that led you to this work and why you do it. 

LV: Okay, so as you know well, we both started getting into these issues with Global Voices. I started at Global Voices as a translator and then as an author, then as an editor, and then as a community organizer. Actually, community organizer before editor, but anyways, because I started caring a lot about the representation of Latin America in general and Venezuela in particular. When I started with Global Voices, I saw that the political crisis and the narratives around the crisis were really prevalent. And it would bother me that there would be a portrait that is so simplistic. And at that time, we were monitoring the blogosphere, and the blogosphere was a reflection of this very interesting place where so many things happened. 

And so from there, I started my studies and I pursued a PhD in education sciences because I was very interested in observing how communities like Global Voices could be this field in which there was potential for intercultural exchange and learning about other cultures. At the end, of course, things were a lot more complicated than that. There are power imbalances and backgrounds that were a lot more complex, and there was this potential, but not in the way I thought it would be. Once my time in Global Voices was up and then I started pursuing research, I was very, very interested in moving from academia to research among communities and digital rights organizations and other non profits. I started doing consultancies with The Engine Room, with Tactical Tech, Internews, Mozilla and with other organizations in different projects. I've been able to work on issues that have to do with freedom of expression, with digital security and how communities are formed around digital security. And my big, big interest is how is it that we can think about security and digital rights as something that is ours, that is not something that belongs only to the super techies or the people that are super experts and that know very well this, because this is a world that can be a bit intimidating for some. It was definitely intimidating for me. So I really wanted to study and to follow up on the ways that this becomes more accessible and it becomes part of, becomes a good element to digital literacy for everyone. 

JY: That really resonates with me. I hadn't heard you articulate it that way before, but I remember when you were starting this path. I think we had that meeting in Berlin. Do you remember? 

LV: Yeah. In like 2017. Many meetings in Berlin, and we were talking about so many things. 

JY: Yeah, and I just, I remember like, because we've seen each other plenty of times over the past few years, but not as much as we used to….It's interesting, right, though, because we've both been in this space for so long. And we've seen it change, we've seen it grow. You know, I don't want to talk about Global Voices too much, but that was our entry point, right?

LV: It was. 

JY: And so that community—what did it mean for you coming from Venezuela? For me, coming from the US, we’ve both come from our home countries and moved to other countries…we have similar but different life paths. I guess I just see myself in you a little bit.

LV: That’s flattering to me. 

JY: I admire you so much. I've known you for 17 years.

LV: It's definitely mutual. 

JY: Thank you. But a lot of that comes from privilege, I recognize that.

LV: But it's good that you do, but it's also good that you use privilege for good things. 

JY: That's the thing: If you have privilege, you have to use it. And that's what I was raised with. My mother works for a non-profit organization. And so the idea of giving back has always been part of me. 

LV: I get it. And I also think that we are all part of a bigger chain. And it's very easy to get distracted by that. I definitely get distracted by those values, like the idea of being validated by a community. Coming from academia, that's definitely the case, that you really need to shine to be able to think that you're doing some work. And then also coming into the maturity of thinking, we're part of a chain. We're doing something bigger. Sometimes we are kind of going all places and we're making mistakes as a whole, but we're all part of a bigger system. And if you're part of the chain, if you have certain privileges and you can push forward the rest of the chain, that's what it is for. 

JY: Tell me about an experience that shaped your views on free expression, like a personal experience. 

LV: I'm thinking of the experience of writing about Venezuela while being abroad. That has been a very complicated, complex experience because I left Venezuela in 2008. 

JY: That's the year we met. 

LV: Exactly. I was in Budapest [for the Global Voices Summit] in 2008. And then I left Venezuela a few months later. So this experience about freedom of expression…when I left, it wasn't yet the time of the big exodus. This exodus translates today into a huge Venezuelan community all around the world that had to leave, not because they wanted to, but because they had basically no choice. It was very complicated to talk about the crisis because immediately you will get hit back. I will never forget that even in that summit that we keep discussing, the Budapest Summit of Global Voices, whenever I would talk about Venezuela, people would shut me down—people that were not Venezuelans. It was the big beginning of what we call the “Venezuelansplaining”. Because it was this political movement that was very much towards the left, that it was very much non-aligned…

JY: You had that in common with Syria. 

LV: Yeah. And so at the same time, they [the Venezuelan government] were so good at selling themselves as this progressive, non-aligned, global majority movement, feminist, you see…to me, it was shocking to see a lot of feminist groups aligning with the government, that it was a government led by a big, strong man, with a lot of discourse and very little policy change behind it. However, it was the ones that for the first time were talking about these issues from the side of the state. So from the outside, it really looked like this big government that was for the people and all the narratives of the 1960s, of the American interventions in the South that were definitely a reality, but in the case of Venezuela in the 2010s and now it is a lot more complex. And so whenever I would talk about the situation in Venezuela, it was very easy to shut me down. At first, I literally had somebody telling me, somebody who's not from Venezuela, telling me “You don't know what you're talking about. I cannot hear what you say about Venezuela because you're a privileged person.”

And I could totally take the idea of privilege, yes, but I did grow up in that country. He didn’t know it, and I did, and he definitely didn’t know anything about me. It was very easy to be shut down and very easy to self-censor because after that experience, plus writing about it or having opinions about it and constantly being told “you're not there, you cannot speak,” I just started not talking about it. And I think my way of responding to that was being able to facilitate conversations about that. 

And so I was very happy to become the editor of the Americas of Global Voices back then, because if I couldn't write about it because of these reasons—which I guess I understand—I will push others to talk about it. And not only about Venezuela, but Latin America, there are so many narratives that are very reductive, really simplistic about the region that I really wanted to really push back against. So that's why I see freedom of expression as this really complex thing, this really, really complicated thing. And I guess that's why I also see it not only as a right too, but also as a responsibility. Because the space that we have today is so messy and polluted with so many things that you can claim freedom of expression just to say anything, and your goal is not to express yourself, but to harm other people, vulnerable people in particular. 

JY: What do you think is the ideal online environment for free expression? What are the boundaries or guardrails that should be put in place? What guides you? 

LV: I'm not even sure that something guides me completely. I guess that I'm guided by the organizations that observe and defend the space, because they're constantly monitoring, they're constantly explaining, they're talking to people, they have an ear on the ground. It is impossible to think of a space that can be structured and have certain codes. We are a really complicated species. We had these platforms that we started seeing as this hope for people to connect, and then they ended up being used to harm. 

I guess that's also why the conversations about regulations are always so complicated, because whenever we push for legislation or for different kinds of regulations, those regulations then take a life of their own and everybody's able to weaponize them or manipulate them. So yes, there are definitely guidelines and regulations, but I think it's a pendular movement. You know, it's recognizing that the space in which people communicate is always going to be chaotic because everybody will want to have their say. But at the same time, it's important to keep observing and having guidelines. I will go with you, having UN guidelines that translate from organizations that observe the space. I hate to answer saying that I have no guidelines, but at the same time, I guess it's also the idea of the acceptance that it's a chaotic space. And for it to be healthy, we need to accept that it's going to be. It cannot be very structured. It cannot function if it's too structured because there will not be free expression. 

JY: I get that. So ultimately then, where do you stand on regulation? 

LV: I think it's necessary; at some point we need rules to go by and we need some rules of the game. But it cannot be blindly, and we cannot think that regulations are going to stay the same over time. Regulations need to be discussed. They need to evolve. They need to be studied. Once they're in place, you observe how they're used and then how they can be adjusted. It's like they need to be as alive as the spaces of expression are. 

JY: Yes. What countries do you think or entities do you think are doing the best job of this right now? I feel that the EU is maybe trying its hardest, but it's not necessarily enough. 

LV: And I think it's also a little bit dangerous to think of whatever the European Union does as an example. There have been so many cases of copy-paste legislation that has nothing to do with the context. When we talk about privacy, for example, the way that Europe, the way that France and Germany understand privacy, it's not the way that Colombia, for example, understands privacy. It's very different. Culturally, it's different. You can see that people understand legislation, thinking about privacy very differently. And so this kind of way, which I think is like, I will even dare to say is a bit colonial, you know? Like, we set the example, we put the rules and you should follow suit. And why? I like the effort of the European Union as an entity. The fact that so many countries that have been at war for so long managed to create a community, I'm impressed. The jury's still out on how that's working, but I'm still impressed. 

JY: Do you think that because—maybe because of Global Voices or our experience of moving countries, or our friendships—having a global worldview and seeing all of these different regulations and different failures and different successes makes it more complex for us than, say, somebody who's working only on policy in the EU or in the US or in the UK? Do you think it's harder for us then to reconcile these ideas, because we see this broader picture?

LV: That's a really good point. I'm not sure. I do believe very strongly in the idea that we should be in contact. As with everything that has to do with freedom of expression, initiatives, and the fight for spaces and to protect journalists and to regulate platforms, we should be looking at each other's notes. Absolutely. Is there a way to look at it globally? I don't know. I don't think so. I think that I was very much a believer of the idea of a global world where we're all in contact and the whole thing of the global village. 

But then when you start exchanging and when you see how things play out—whenever we think about “globalities”—there's always one overpowering the rest. And that's a really difficult balance to get. Nothing will ever be [truly] global. It will not. We're still communicating in English, we're still thinking about regulations, following certain values. I'm not saying that's good or bad. We do need to create connections. I wouldn't have been able to make friendships and beautiful, beautiful relations that taught me a lot about freedom of expression and digital security had I not spoken this language, because I don't speak Arabic, and these Egyptian friends [that I learned from early on] don't speak Spanish. So those connections are important. They're very important. But the idea of a globality where everybody is the same…I see that as very difficult. And I think it goes back to this idea that we could have perfect regulation or perfect structures—like, if we had these perfect structures, everything would be fine. And I think that we're learning very painfully that is just not possible. 

Everything that we will come up with, every space that we will open, will be occupied by many other people's powers and interests. So I guess that the first step could be to recognize that there's this uneasy relation of things that cannot be global, that cannot be completely horizontal, that doesn't obey rules, it doesn't obey structures…to see what it is that we're going to do. Because so far, I believe that there's been so many efforts towards equalizing spaces. I have been thinking about this a lot. We tend to think so much about solutions and ways in which we all connect and everything. And at the end, it ends up emptying those words of their meaning, because we're reproducing imbalances, we reproduce power relations. So, I don't know how to go back to the question, because I don't think that there's an ideal space. If there was an ideal space, I don't think that we'd be human, you know? I think that part of what will make it realistic is that it moves along. So I guess the ideal place is, it will be one that is relatively safe for most, and especially that it will have special attention to protect vulnerable groups. 

If I could dream of a space with regulations and structures that will help, I think that my priority would be structures that at least favor the safety of the most vulnerable, and then the others will find their ground. I hope this makes sense. 

JY: No, it does. It does. I mean, it might not make sense to someone who is purely working on policy, but it makes sense to me because I feel the same way. 

LV: Yeah, I think a policy person will already be like looking away, you know, like really hoping to get away from me as soon as possible because this woman is just rambling. But they have this really tough job. They need to put straight lines where there are only curves. 

JY: Going back for a moment to something you mentioned, learning from people elsewhere in the world. That Global Voices meeting changed my life.

LV: It changed my life too. I was 26.

JY: I was 26 too! I’d been living in Morocco until just recently, and I remember meeting all of these people from other parts of the region, and beginning to understand through meeting people how different Morocco was from Syria, or Egypt. How the region wasn’t a monolith.

LV: And that’s so important. These are the things I feel that we might know intellectually, but when you actually “taste” them, there are no words you can express when you realize the complexity of people that you didn’t think of as complex as you. That was the year I met Mohamed El Gohary. I will never forget that as critical as I was of the government of Venezuela back then, never in a million years would I have imagined that they would be like they are now. I used to work in a ministry, which means that I was very much in contact with people that were really big believers of [Chavismo’s] project, and I would listen to them being really passionate and see how people changed their lives because they had employment and many other things they lacked before: representation in government among them. All of those projects ended up being really short-term solutions, but they changed the perspective of a lot of people and a lot of people that believed so wholeheartedly in it. I remember that most of the Latin America team, we were very shaken by the presentations coming from Advox, seeing the blogs and the bloggers were in prison. I remember Gohary asking me “have you had any platforms blocked, or shutdowns, or have any newspapers been closed?” I said no, and he said “that’s coming.”

JY: I remember this. I feel like Tunisia and Egypt really served as examples to other countries of what states could do with the internet. And I think that people without a global view don’t recognize that as clearly.

LV: That's very true. And I think we still lack this global view. And in my opinion, we lack a global view that doesn't go through the United States or Europe. Most of the conveners and the people that put us in contact have been linked or rooted in Western powers. And connections were made, which is good. I would have never understood these issues of censorship had it not been for these Egyptian friends that were at Global Voices. That's very important. And ever since, I am convinced that you can grow through people from backgrounds that are very different from yours, because you align on one particular thing. And so I've always been really interested in South, quote unquote, “South-South” relationships, the vision Latin America has of Africa. And I really dislike saying Africa as if it was one thing. 

But the vision that we need to have is...I love, there's a writer that I love, Ryszard Kapuściński, and he wrote a book about Africa. He's a Polish journalist and he wrote about the movements of independence because he was the only journalist that the newspaper had for internationals. He would go to every place around, and it was the 60s. So there were like independence movements all around. And at the end, he wrote this big summary of his experiences in “Africa.” And the first page says, other than for the geographic name that we put to it, Africa doesn't exist. This is a whole universe. This is a whole world. And so the vision, this reductionist vision that a lot of us in Latin America have come through these, you know, glasses that come from the West. So to me, when I see cases in which you have groups from Venezuela, collaborating with groups in Senegal because the shutdowns that happen in both countries rhyme, I am passionately interested in these connections, because these are connections of people that don't think are similar, but they're going through similar, very similar things, and they realize how similar they are in the process. That was my feeling with [other friends from Egypt] and Gohary. The conversations that we had, the exchanges that we had, let's say at the center of our table, our excuse was this idea of freedom on the internet and how digital security will work. But that was the way that we could dialogue. And to me, it was one proof of how you grow through the experiences of people that you mistakenly think are not like you. 

JY: Yes. Yeah, no, exactly, And that was really, that was my experience too, because in the U.S. at the time, obviously there were no restrictions on the internet, but I moved to Morocco and immediately on my first day there, I had a LiveJournal. I think I've written about this many times. I had LiveJournal, which was my blogging platform at the time, and I went to log in and the site was blocked. And LiveJournal was blocked because there had been a lot of blogs about the Western Sahara, which was a taboo topic at the time, still is in many ways. And so I had to, I had to make a decision. Do I figure out a circumvention tool? I had an American friend who was emailing me about how to get around this, or maybe we had a phone call. And so I ended up, I ended up becoming a public blogger because of censorship. 

LV: That's so interesting because it is the reaction. Somebody says, I like, I didn't want to talk, but now that you don't want me to, now I will. 

JY:  Yeah, now I will. And I never crossed the red lines while I was living there because I didn't want to get in trouble. And I wrote about things carefully. But that experience connected me to people. That's how I found Global Voices. 

I want to ask you another question. When we met in Portugal in September, we discussed the idea that what’s happening in the U.S. has made it easier for people there to understand repression in other countries…that some Americans are now more able to see creeping authoritarianism or fascism elsewhere because they’re experiencing it themselves. What are your thoughts on that?

LV: So what pops in my mind is this, because I always find this fantasy very interesting that things cannot happen in certain countries, even if they've already happened. There are a lot of ideas of, we were talking about having the European Union as an example. And yes, the United States were very much into, you know, this idea of freedom of the press, freedom of expression. But there was also this idea, this narrative that these kinds of things will never happen in a place like the United States, which I think is a very dangerous idea, because it gets you to not pay attention. And there are so many ways in which expression can be limited, manipulated, weaponized, and it was a long time coming, that there were a lot of pushes to censor books. When you start seeing that, you push for libraries to take certain books out, you really start seeing like the winds blowing in that direction. And so now that it has become probably more evident, with the case of the Jimmy Kimmel show and the ways that certain media have been using their time to really misinform, you really start seeing parallels with other parts of the continent. I think it's very important, this idea that we look at each other. I will always defend the idea that we need to be constantly in dialogue and not necessarily look for examples.

Let’s say from Mexico downward, this idea of “look at this thing that people are doing in the States”—I don’t think that has ever served us, and it won’t serve us now. It is very important that we remain in dialogue. Because one thing that I found beautiful and fascinating that is happening among Venezuelan journalists is that you will see media that would  be competing with one in other circumstances are  now working together. They wouldn't survive otherwise. And also countries in the region that wouldn't look at each other before, they are working together as well. So you have Venezuelan journalists working with Nicaraguan journalists and also human rights defenders really looking at each other's cases because authoritarian regimes look at each other. We were talking about Egypt as an example before. And we keep seeing this but we're not paying enough attention. When we see events, for example, how they are regional, and that is really important. We need to talk amongst ourselves. We understand the realities of our regions, but it is so important that there's always somebody invited, somebody looking at other regions, how is it playing out, what are people doing. Latin America is a really great place where people should be looking at when thinking about counter-power and looking for examples of different ways of resistance. And unfortunately, also where things can go. How are technologies being used to censor? 

In the case of Venezuela, you had newspapers being progressively harassed. Then they wouldn't find paper. Then they had to close down. So they pushed them online where they're blocking them and harassing them. So it is a slow movement. It's very important to understand that this can happen anywhere. Everyone is at risk of having an authoritarian regime. This idea, these regressive ideas about rights, they are happening globally and they're getting a lot of traction. So the fact that we need to be in contact is crucial. It is crucial to really go beyond the narratives that we have of other countries and other cultures and to think that is particular to that place because of this and that. I think if there's a moment in which we can understand all of us as a whole group, as a region, like from the whole of the Americas, it is now. 

JY: That's such a good point. I agree. And I think it's important both to look at it on that semi-local scale and then also scale it globally, but understand like the Americas in particular, yeah, have so much in common. 

LV: No. I really believe that if there was something that I will be pushing forward, it's this idea that, first of all, these borders that are imagined, they're artificial, we created it to protect things that we have accumulated. And we, like the whole of the continent, have this history of people that came to occupy other people's lands. That's their origin story. All of the continent. Yeah. So maybe trying to understand that in terms of resistance and in terms of communities, we should be aware of that and really think about communities of counter power, resistance and fight for human rights should be, I guess they should have its own borders, you know, like not American groups or Nicaraguan groups or Colombian groups, like really create some sort of I guess, way to understand that these national borders are, they're not serving us. We really need to collaborate in ways that go really beyond that. Fully understanding the backgrounds and the differences and everything, but really connecting in things in ways that make sense. I don't think that one human rights defense community can go against its own state. They are outnumbered. The power imbalance is too big. But these groups in combination, looking at each other and learning from each other, being in contact, collaborating, it makes, well, you know, it's just simple math. It will make for more of us working together. 

JY: Absolutely. At EFF, we have a team that works on issues in Latin America, and some are based in Latin America. And it’s been interesting, because I came to EFF from having worked in a Middle East perspective, and my colleague Katitza Rodriguez, who started just a year or two before me came from a Latin American perspective, and apart from our EU work, those remain the two regional strongholds of EFF’s international work. And we’ve bridged that. I remember a couple of years ago having calls between Colombians and Palestinians because they were experiencing the same censorship issues online.

LV: That’s what I dream of.

JY: That's the sort of bridging work that you and I kind of came up in. And I think that like that experience for me, and similarly for Katitza, and then bringing that to EFF. And so we had these ties. And I think of everything you’ve said, one of the things that struck me the most is that this is a generational thing. We’re all Gen X, or early Millennials, or whatever you want to call it. I know it differs globally, but we all grew up under similar circumstances in terms of the information age, and I think that shaped our worldview in a way that—if we’re open to it—our generation thinks uniquely from the ones before and after us, because we lived a little bit in both worlds. I think it’s a really unique experience.

LV: I feel really excited to hear you say this because at times I feel that I'm thinking about this and it looks like it sounds like very weird ideas, but we are definitely part of this generation that lived the transition to online worlds and we are living in these—I love to call them digital third spaces. We're constantly negotiating our identities. We are creating new ones. We're creating homes that are “in the air.” Because yes, you are in Berlin now and I'm in France and other friends are in Venezuela, others are in Colombia and so on. But we are in this kind of commonplace, in this space where we meet that is neither nor. And it is a place that has let me understand borders very differently and understand identity very differently. And I think that is the door that we have to go through to understand how community and collaboration cross regionally and beyond borders. It's not only necessary, it's more realistic. 

JY: Absolutely, I agree. Let me ask you the last question: Who's your free expression hero? Or somebody who's inspired you. Somebody who really changed your world. 

LV: I am so proud of the Venezuelan community. So proud. They're all people that are inspiring, intelligent, dynamic. And if I had to pick one with a lot of pain, I would say Valentina Aguana. She works with Connexion Segura y Libre. She's like twenty-something. I love to see this person in her twenties. And very often, especially now that you see younger generations going to places that we don't understand. I love that she's a young person in this space, and I love how well she understands a lot of these things. I love very much how she integrates this idea of having the right to do things. That was very hard for me when I was growing up. It was very hard when I was her age to understand I had the right to do things, that I had the right to express myself. Not only does she understand that her work is devoted to ensuring that other people have the right as well, and they have the space to do that safely. 

JY: I love that. Thank you so much Laura.

Update: Cindy's conversation with Bruce Schneier and Nathan E. Sanders on their book "Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship" has been moved to January 24, 2026 at 11 AM PT. More info below!

One of our favorite—and most important—things that we do at EFF is to work toward a better future. It can be easy to get caught up in all the crazy things that are happening in the moment, especially with the fires that need to be put out. But it’s just as important to keep our eyes on new technologies, how they are impacting digital rights, and how we can ensure that our rights and freedoms expand over time.

That's why EFF is excited to spotlight two free book events this December that look ahead, providing insight on how to build this better future. Featuring EFF’s Executive Director Cindy Cohn, we’ll be exploring how stories, technology, and policy shape the world around us. Here’s how you can join us this year and learn more about next year’s events:

Exploring Progressive Social Change at The Booksmith - We Will Rise Again 

December 2 | 7:00 PM Pacific Time | The Booksmith, San Francisco 

We’re celebrating the release of We Will Rise Again, a new anthology of speculative stories from writers across the world, including Cindy Cohn, Annalee Newitz, Charlie Jane Anders, Reo Eveleth, Andrea Dehlendorf, and Vida Jame. This collection explores topics ranging from disability justice and environmental activism to community care and collective worldbuilding to offer tools for organizing, interrogating the status quo, and a blueprint for building a better world.

Join Cindy Cohn and her fellow panelists at this event to learn how speculative fiction helps us think critically about technology, civil liberties, and the kind of world we want to create. We hope to see some familiar faces there! 

RSVP AND LEARN MORE

AI, Politics, and the Future of Democracy - Rewiring Democracy (NEW DATE!)

January 24, 2026 | 11:00 AM Pacific Time | Virtual

We’re also geared up to join an online discussion with EFF Board Member Bruce Schneier and Nathan E. Sanders about their new book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship. In this time when AI is taking up every conversation—from generative AI tools to algorithmic decision-making in government—this book cuts through the hype to examine the ways that the technology is transforming every aspect of democracy, for good and bad. 

Cindy Cohn will join Schneier and Sanders for a forward-looking conversation about what’s possible, and what’s at stake, as AI weaves itself into our governments and how to steer it in the right direction. We’ll see you online for this one! 

RSVP AND LEARN MORE

Announcing Cindy Cohn's New Book, Privacy's Defender

In March we’ll be kicking off the celebration for Cindy Cohn’s new book, Privacy’s Defender, chronicling her thirty-year battle to protect everyone’s right to digital privacy and offering insights into the ongoing fight for our civil liberties online. Stay tuned for more information about our first event at City Lights on Tuesday, March 10!

The celebration doesn’t stop there. Look out for more celebrations for Privacy’s Defender throughout the year, and we hope we’ll see you at one of them. Plus, you can learn more about the book and even preorder it today! 

PREORDER PRIVACY'S DEFENDER

You can keep up to date on these book events, and more EFF happenings when you sign up for our EFFector newsletter and check out our full event calendar.

 

A California judge ordered the end of a dragnet law enforcement program that surveilled the electrical smart meter data of thousands of Sacramento residents.

The Sacramento County Superior Court ruled that the surveillance program run by the Sacramento Municipal Utility District (SMUD) and police violated a state privacy statute, which bars the disclosure of residents’ electrical usage data with narrow exceptions. For more than a decade, SMUD coordinated with the Sacramento Police Department and other law enforcement agencies to sift through the granular smart meter data of residents without suspicion to find evidence of cannabis growing.

EFF and its co-counsel represent three petitioners in the case: the Asian American Liberation Network, Khurshid Khoja, and Alfonso Nguyen. They argued that the program created a host of privacy harms—including criminalizing innocent people, creating menacing encounters with law enforcement, and disproportionately harming the Asian community.

The court ruled that the challenged surveillance program was not part of any traditional law enforcement investigation. Investigations happen when police try to solve particular crimes and identify particular suspects. The dragnet that turned all 650,000 SMUD customers into suspects was not an investigation.

“[T]he process of making regular requests for all customer information in numerous city zip codes, in the hopes of identifying evidence that could possibly be evidence of illegal activity, without any report or other evidence to suggest that such a crime may have occurred, is not an ongoing investigation,” the court ruled, finding that SMUD violated its “obligations of confidentiality” under a data privacy statute.

Granular electrical usage data can reveal intimate details inside the home—including when you go to sleep, when you take a shower, when you are away, and other personal habits and demographics.

The dragnet turned 650,000 SMUD customers into suspects.

In creating and running the dragnet surveillance program, according to the court, SMUD and police “developed a relationship beyond that of utility provider and law enforcement.” Multiple times a year, the police asked SMUD to search its entire database of 650,000 customers to identify people who used a large amount of monthly electricity and to analyze granular 1-hour electrical usage data to identify residents with certain electricity “consumption patterns.” SMUD passed on more than 33,000 tips about supposedly “high” usage households to police.

While this is a victory, the Court unfortunately dismissed an alternate claim that the program violated the California Constitution’s search and seizure clause. We disagree with the court’s reasoning, which misapprehends the crux of the problem: At the behest of law enforcement, SMUD searches granular smart meter data and provides insights to law enforcement based on that granular data.

Going forward, public utilities throughout California should understand that they cannot disclose customers’ electricity data to law enforcement without any “evidence to support a suspicion” that a particular crime occurred.

EFF, along with Monty Agarwal of the law firm Vallejo, Antolin, Agarwal, Kanter LLP, brought and argued the case on behalf of Petitioners.

Related Cases: Asian American Liberation Network v. SMUD, et al.

It's no secret that 2025 has given Americans plenty to protest about. But as news cameras showed protesters filling streets of cities across the country, law enforcement officers—including U.S. Border Patrol agents—were quietly watching those same streets through different lenses: Flock Safety automated license plate readers (ALPRs) that tracked every passing car. 

Through an analysis of 10 months of nationwide searches on Flock Safety's servers, we discovered that more than 50 federal, state, and local agencies ran hundreds of searches through Flock's national network of surveillance data in connection with protest activity. In some cases, law enforcement specifically targeted known activist groups, demonstrating how mass surveillance technology increasingly threatens our freedom to demonstrate. 

Flock Safety provides ALPR technology to thousands of law enforcement agencies. The company installs cameras throughout their jurisdictions, and these cameras photograph every car that passes, documenting the license plate, color, make, model and other distinguishing characteristics. This data is paired with time and location, and uploaded to a massive searchable database. Flock Safety encourages agencies to share the data they collect broadly with other agencies across the country. It is common for an agency to search thousands of networks nationwide even when they don't have reason to believe a targeted vehicle left the region. 

Via public records requests, EFF obtained datasets representing more than 12 million searches logged by more than 3,900 agencies between December 2024 and October 2025. The data shows that agencies logged hundreds of searches related to the 50501 protests in February, the Hands Off protests in April, the No Kings protests in June and October, and other protests in between. 

The Tulsa Police Department in Oklahoma was one of the most consistent users of Flock Safety's ALPR system for investigating protests, logging at least 38 such searches. This included running searches that corresponded to a protest against deportation raids in February, a protest at Tulsa City Hall in support of pro-Palestinian activist Mahmoud Khalil in March, and the No Kings protest in June. During the most recent No Kings protests in mid-October, agencies such as the Lisle Police Department in Illinois, the Oro Valley Police Department in Arizona, and the Putnam County (Tenn.) Sheriff's Office all ran protest-related searches. 

While EFF and other civil liberties groups argue the law should require a search warrant for such searches, police are simply prompted to enter text into a "reason" field in the Flock Safety system. Usually this is only a few words–or even just one.

In these cases, that word was often just “protest.” 

Crime does sometimes occur at protests, whether that's property damage, pick-pocketing, or clashes between groups on opposite sides of a protest. Some of these searches may have been tied to an actual crime that occurred, even though in most cases officers did not articulate a criminal offense when running the search. But the truth is, the only reason an officer is able to even search for a suspect at a protest is because ALPRs collected data on every single person who attended the protest. 

Search and Dissent 

2025 was an unprecedented year of street action. In June and again in October, thousands across the country mobilized under the banner of the “No Kings” movement—marches against government overreach, surveillance, and corporate power. By some estimates, the October demonstrations ranked among the largest single-day protests in U.S. history, filling the streets from Washington, D.C., to Portland, OR. 

EFF identified 19 agencies that logged dozens of searches associated with the No Kings protests in June and October 2025. In some cases the "No Kings" was explicitly used, while in others the term "protest" was used but coincided with the massive protests.

Law Enforcement Agencies that Ran Searches Corresponding with "No Kings" Rallies

• Anaheim Police Department, Calif.
• Arizona Department of Public Safety
• Beaumont Police Department, Texas
• Charleston Police Department, SC
• Flagler County Sheriff's Office, Fla.
• Georgia State Patrol
• Lisle Police Department, Ill.
• Little Rock Police Department, Ark.
• Marion Police Department, Ohio
• Morristown Police Department, Tenn.
• Oro Valley Police Department, Ariz.
• Putnam County Sheriff's Office, Tenn.
• Richmond Police Department, Va.
• Riverside County Sheriff's Office, Calif.
• Salinas Police Department, Calif.
• San Bernardino County Sheriff's Office, Calif.
• Spartanburg Police Department, SC
• Tempe Police Department, Ariz.
• Tulsa Police Department, Okla.
• US Border Patrol

For example: 

• In Washington state, the Spokane County Sheriff's Office listed "no kings" as the reason for three searches on June 15, 2025 [Note: date corrected]. The agency queried 95 camera networks, looking for vehicles matching the description of "work van," "bus" or "box truck." 
• In Texas, the Beaumont Police Department ran six searches related to two vehicles on June 14, 2025, listing "KINGS DAY PROTEST" as the reason. The queries reached across 1,774 networks. 
• In California, the San Bernardino County Sheriff's Office ran a single search for a vehicle across 711 networks, logging "no king" as the reason. 
• In Arizona, the Tempe Police Department made three searches for "ATL No Kings Protest" on June 15, 2025 searching through 425 networks. "ATL" is police code for "attempt to locate." The agency appears to not have been looking for a particular plate, but for any red vehicle on the road during a certain time window.

But the No Kings protests weren't the only demonstrations drawing law enforcement's digital dragnet in 2025. 

For example:

• In Nevada's state capital, the Carson City Sheriff's Office ran three searches that correspond to the February 50501 Protests against DOGE and the Trump administration. The agency searched for two vehicles across 178 networks with "protest" as the reason.
• In Florida, the Seminole County Sheriff's Office logged "protest" for five searches that correspond to a local May Day rally.
• In Alabama, the Homewood Police Department logged four searches in early July 2025 for three vehicles with "PROTEST CASE" and "PROTEST INV." in the reason field. The searches, which probed 1,308 networks, correspond to protests against the police shooting of Jabari Peoples.
• In Texas, the Lubbock Police Department ran two searches for a Tennessee license plate on March 15 that corresponds to a rally to highlight the mental health impact of immigration policies. The searches hit 5,966 networks, with the logged reason "protest veh."
• In Michigan, Grand Rapids Police Department ran five searches that corresponded with the Stand Up and Fight Back Rally in February. The searches hit roughly 650 networks, with the reason logged as "Protest."

Some agencies have adopted policies that prohibit using ALPRs for monitoring activities protected by the First Amendment. Yet many officers probed the nationwide network with terms like "protest" without articulating an actual crime under investigation.

In a few cases, police were using Flock’s ALPR network to investigate threats made against attendees or incidents where motorists opposed to the protests drove their vehicle into crowds. For example, throughout June 2025, an Arizona Department of Public Safety officer logged three searches for “no kings rock threat,” and a Wichita (Kan.) Police Department officer logged 22 searches for various license plates under the reason “Crime Stoppers Tip of causing harm during protests.”

Even when law enforcement is specifically looking for vehicles engaged in potentially criminal behavior such as threatening protesters, it cannot be ignored that mass surveillance systems work by collecting data on everyone driving to or near a protest—not just those under suspicion.

Border Patrol's Expanding Reach 

As U.S. Border Patrol (USBP), ICE, and other federal agencies tasked with immigration enforcement have massively expanded operations into major cities, advocates for immigrants have responded through organized rallies, rapid-response confrontations, and extended presences at federal facilities. 

USBP has made extensive use of Flock Safety's system for immigration enforcement, but also to target those who object to its tactics. In June, a few days after the No Kings Protest, USBP ran three searches for a vehicle using the descriptor “Portland Riots.” 

USBP has made extensive use of Flock Safety's system for immigration enforcement, but also to target those who object to its tactics.

USBP also used the Flock Safety network to investigate a motorist who had “extended his middle finger” at Border Patrol vehicles that were transporting detainees. The motorist then allegedly drove in front of one of the vehicles and slowed down, forcing the Border Patrol vehicle to brake hard. An officer ran seven searches for his plate, citing "assault on agent" and "18 usc 111," the federal criminal statute for assaulting, resisting or impeding a federal officer. The individual was charged in federal court in early August. 

USBP had access to the Flock system during a trial period in the first half of 2025, but the company says it has since paused the agency's access to the system. However, Border Patrol and other federal immigration authorities have been able to access the system’s data through local agencies who have run searches on their behalf or even lent them logins. 

Targeting Animal Rights Activists

Law enforcement's use of Flock's ALPR network to surveil protesters isn't limited to large-scale political demonstrations. Three agencies also used the system dozens of times to specifically target activists from Direct Action Everywhere (DxE), an animal-rights organization known for using civil disobedience tactics to expose conditions at factory farms.

Delaware State Police queried the Flock national network nine times in March 2025 related to DxE actions, logging reasons such as "DxE Protest Suspect Vehicle." DxE advocates told EFF that these searches correspond to an investigation the organization undertook of a Mountaire Farms facility. 

Additionally, the California Highway Patrol logged dozens of searches related to a "DXE Operation" throughout the day on May 27, 2025. The organization says this corresponds with an annual convening in California that typically ends in a direct action. Participants leave the event early in the morning, then drive across the state to a predetermined but previously undisclosed protest site. Also in May, the Merced County Sheriff's Office in California logged two searches related to "DXE activity." 

As an organization engaged in direct activism, DxE has experienced criminal prosecution for its activities, and so the organization told EFF they were not surprised to learn they are under scrutiny from law enforcement, particularly considering how industrial farmers have collected and distributed their own intelligence to police.

The targeting of DxE activists reveals how ALPR surveillance extends beyond conventional and large-scale political protests to target groups engaged in activism that challenges powerful industries. For animal-rights activists, the knowledge that their vehicles are being tracked through a national surveillance network undeniably creates a chilling effect on their ability to organize and demonstrate.

Fighting Back Against ALPR 

ALPR systems are designed to capture information on every vehicle that passes within view. That means they don't just capture data on "criminals" but on everyone, all the time—and that includes people engaged in their First Amendment right to publicly dissent. Police are sitting on massive troves of data that can reveal who attended a protest, and this data shows they are not afraid to use it. 

Our analysis only includes data where agencies explicitly mentioned protests or related terms in the "reason" field when documenting their search. It's likely that scores more were conducted under less obvious pretexts and search reasons. According to our analysis, approximately 20 percent of all searches we reviewed listed vague language like "investigation," "suspect," and "query" in the reason field. Those terms could well be cover for spying on a protest, an abortion prosecution, or an officer stalking a spouse, and no one would be the wiser–including the agencies whose data was searched. Flock has said it will now require officers to select a specific crime under investigation, but that can and will also be used to obfuscate dubious searches. 

For protestors, this data should serve as confirmation that ALPR surveillance has been and will be used to target activities protected by the First Amendment. Depending on your threat model, this means you should think carefully about how you arrive at protests, and explore options such as by biking, walking, carpooling, taking public transportation, or simply parking a little further away from the action. Our Surveillance Self-Defense project has more information on steps you could take to protect your privacy when traveling to and attending a protest.

For local officials, this should serve as another example of how systems marketed as protecting your community may actually threaten the values your communities hold most dear. The best way to protect people is to shut down these camera networks.  

Everyone should have the right to speak up against injustice without ending up in a database. 

Widespread news reports indicate that President Donald Trump’s administration has prepared an executive order to punish states that have passed laws attempting to address harms from artificial intelligence (AI) systems. According to a draft published by news outlets, this order would direct federal agencies to bring legal challenges to state AI regulations that the administration deems “onerous,”  to restrict funding to those states that have these laws, and to adopt new federal law that overrides state AI laws.

This approach is deeply misguided.

As we’ve said before, the fact that states are regulating AI is often a good thing. Left unchecked, company and government use of automated decision-making systems in areas such as housing, health care, law enforcement, and employment have already caused discriminatory outcomes based on gender, race, and other protected statuses.

While state AI laws have not been perfect, they are genuine attempts to address harms that people across the country face from certain uses of AI systems right now. Given the tone of the Trump Administration’s draft order, it seems clear that the preemptive federal legislation backed by this administration will not stop ways that automated decision making systems can result in discriminatory decisions.

For example, a copy of the draft order published by Politico specifically names the Colorado AI Act as an example of supposedly “onerous” legislation. As we said in our analysis of Colorado’s law, it is a limited but crucial step—one that needs to be strengthened to protect people more meaningfully from AI harms. It is possible to guard against harms and support innovation and expression. Ignoring the harms that these systems can cause when used in discriminatory ways is not the way to do that.

Again: stopping states from acting on AI will stop progress. Proposals such as the executive order, or efforts to put a broad moratorium on state AI laws into the National Defense Authorization Act (NDAA), will hurt us all. Companies that produce AI and automated decision-making software have spent millions in state capitals and in Congress to slow or roll back legal protections regulating artificial intelligence. If reports about the Trump administration’s executive order are true, those efforts are about to get a supercharged ally in the federal government.

And all of us will pay the price.

Potential Government Coercion Raises First Amendment Concerns

SAN FRANCISCO – The Electronic Frontier Foundation (EFF) sued the departments of Justice (DOJ) and Homeland Security (DHS) today to uncover information about the federal government demanding that tech companies remove apps that document immigration enforcement activities in communities throughout the country. 

Tech platforms took down several such apps (including ICE Block, Red Dot, and DeICER) and webpages (including ICE Sighting-Chicagoland) following communications with federal officials this year, raising important questions about government coercion to restrict protected First Amendment activity.

"We're filing this lawsuit to find out just what the government told tech companies," said EFF Staff Attorney F. Mario Trujillo. "Getting these records will be critical to determining whether federal officials crossed the line into unconstitutional coercion and censorship of protected speech."

In October, Apple removed ICEBlock, an app that allows users to report Immigration and Customs Enforcement (ICE) activity in their area, from its App Store. Attorney General Pamela Bondi publicly took credit for the takedown, telling reporters, “We reached out to Apple today demanding they remove the ICEBlock app from their App Store—and Apple did so.” In the days that followed, Apple removed several similar apps from the App Store. Google and Meta removed similar apps and webpages from platforms they own as well. Bondi vowed to “continue engaging tech companies” on the issue. 

People have a protected First Amendment right to document and share information about law enforcement activities performed in public. If government officials coerce third parties into suppressing protected activity, this can be unconstitutional, as the government cannot do indirectly what it is barred from doing directly.

Last month, EFF submitted Freedom of Information Act (FOIA) requests to the DOJ, DHS and its component agencies ICE and Customs and Border Protection. The requests sought records and communications about agency demands that technology companies remove apps and pages that document immigration enforcement activities. So far, none of the agencies have provided these records. EFF's FOIA lawsuit demands their release.

For the complaint: https://www.eff.org/document/complaint-eff-v-doj-dhs-ice-tracking-apps

For more about the litigation: https://www.eff.org/cases/eff-v-doj-dhs-ice-tracking-apps

Tags: ICEContact:  F. Mario TrujilloStaff Attorneymario@eff.org

The U.S. Patent and Trademark Office (USPTO) has proposed new rules that would effectively end the public’s ability to challenge improperly granted patents at their source—the Patent Office itself. If these rules take effect, they will hand patent trolls exactly what they’ve been chasing for years: a way to keep bad patents alive and out of reach. People targeted with troll lawsuits will be left with almost no realistic or affordable way to defend themselves.

We need EFF supporters to file public comments opposing these rules right away. The deadline for public comments is December 2. The USPTO is moving quickly, and staying silent will only help those who profit from abusive patents. 

TAKE ACTION

Tell USPTO: The public has a right to challenge bad patents

We’re asking supporters who care about a fair patent system to file comments using the federal government’s public comment system. Your comments don’t need to be long, or use legal or technical vocabulary. The important thing is that everyday users and creators of technology have  the chance to speak up, and be counted. 

Below is a short, simple comment you can copy and paste. Your comment will carry more weight if you add a personal sentence or two of your own. Please note that comments should be submitted under your real name and will become part of the public record. 

Sample comment: 

I oppose the USPTO’s proposed rule changes for inter partes review (IPR), Docket No. PTO-P-2025-0025. The IPR process must remain open and fair. Patent challenges should be decided on their merits, not shut out because of legal activity elsewhere. These rules would make it nearly impossible for the public to challenge bad patents, and that will harm innovation and everyday technology users.

Why This Rule Change Matters

Inter partes review, (IPR), isn’t perfect. It hasn’t eliminated patent trolling, and it’s not available in every case. But it is one of the few practical ways for ordinary developers, small companies, nonprofits, and creators to challenge a bad patent without spending millions of dollars in federal court. That’s why patent trolls hate it—and why the USPTO’s new rules are so dangerous.

IPR isn’t easy or cheap, but compared to years of litigation, it’s a lifeline. When the system works, it removes bogus patents from the table for everyone, not just the target of a single lawsuit. 

IPR petitions are decided by the Patent Trial and Appeal Board (PTAB), a panel of specialized administrative judges inside the USPTO. Congress designed  IPR to provide a fresh, expert look at whether a patent should have been granted in the first place—especially when strong prior art surfaces. Unlike  full federal trials, PTAB review is faster, more technical, and actually accessible to small companies, developers, and public-interest groups.

Here are three real examples of how IPR protected the public: 

• The “Podcasting Patent” (Personal Audio)

Personal Audio claimed it had “invented” podcasting and demanded royalties from audio creators using its so-called podcasting patent. EFF crowdsourced prior art, filed an IPR, and ultimately knocked out the patent—benefiting  the entire podcasting world. Under the new rules, this kind of public-interest challenge could easily be blocked based on procedural grounds like timing, before the PTAB even examines the patent. 

• SportBrain’s “upload your fitness data” patent

SportBrain sued more than 80 companies over a patent that claimed to cover basic gathering of user data and sending it over a network. A panel of PTAB judges canceled every claim. Under the new rules, this patent could have survived long enough to force dozens more companies to pay up.

• Shipping & Transit: a troll that sued hundreds of businesses

For more than a decade, Shipping & Transit sued companies over extremely broad “delivery notifications”patents. After repeated losses at PTAB and in court (including fee awards), the company finally collapsed. Under the new rules, a troll like this could keep its patents alive and continue carpet-bombing small businesses with lawsuits.

IPR hasn’t ended patent trolling. But when a troll waves a bogus patent at hundreds or thousands of people, IPR is one of the only tools that can actually fix the underlying problem: the patent itself. It dismantles abusive patent monopolies that never should have existed,   saving entire industries from predatory litigation. That’s exactly why patent trolls and their allies have fought so hard to shut it down. They’ve failed to dismantle IPR in court or in Congress—and now they’re counting on the USPTO’s own leadership to do it for them. 

What the USPTO Plans To Do

First, they want you to give up your defenses in court. Under this proposal, a defendant can’t file an IPR unless they promise to never challenge the patent’s validity in court. 

For someone actually being sued or threatened with patent infringement, that’s simply not a realistic promise to make. The choice would be: use IPR and lose your defenses—or keep your defenses and lose IPR.

Second, the rules allow patents to become “unchallengeable” after one prior fight. That’s right. If a patent survives any earlier validity fight, anywhere, these rules would block everyone else from bringing an IPR, even years later and even if new prior art surfaces. One early decision—even one that’s poorly argued, or didn’t have all the evidence—would block the door on the entire public.

Third, the rules will block IPR entirely if a district court case is projected to move faster than PTAB. 

So if a troll sues you with one of the outrageous patents we’ve seen over the years, like patents on watching an ad, showing picture menus, or clocking in to work, the USPTO won’t even look at it. It’ll be back to the bad old days, where you have exactly one way to beat the troll (who chose the court to sue in)—spend millions on experts and lawyers, then take your chances in front of a federal jury. 

The USPTO claims this is fine because defendants can still challenge patents in district court. That’s misleading. A real district-court validity fight costs millions of dollars and takes years. For most people and small companies, that’s no opportunity at all. 

Only Congress Can Rewrite IPR

IPR was created by Congress in 2013 after extensive debate. It was meant to give the public a fast, affordable way to correct the Patent Office’s own mistakes. Only Congress—not agency rulemaking—can rewrite that system.

The USPTO shouldn’t be allowed to quietly undermine IPR with procedural traps that block legitimate challenges.

Bad patents still slip through every year. The Patent Office issues hundreds of thousands of new patents annually. IPR is one of the only tools the public has to push back.

These new rules rely on the absurd presumption that it’s the defendants—the people and companies threatened by questionable patents—who are abusing the system with multiple IPR petitions, and that they should be limited to one bite at the apple. 

That’s utterly upside-down. It’s patent trolls like Shipping & Transit and Personal Audio that have sued, or threatened, entire communities of developers and small businesses.

When people have evidence that an overbroad patent was improperly granted, that evidence should be heard. That’s what Congress intended. These rules twist that intent beyond recognition. 

In 2023, more than a thousand EFF supporters spoke out and stopped an earlier version of this proposal—your comments made the difference then, and they can again. 

Our principle is simple: the public has a right to challenge bad patents. These rules would take that right away. That’s why it’s vital to speak up now. 

TAKE ACTION

Sample comment: 

I oppose the USPTO’s proposed rule changes for inter partes review (IPR), Docket No. PTO-P-2025-0025. The IPR process must remain open and fair. Patent challenges should be decided on their merits, not shut out because of legal activity elsewhere. These rules would make it nearly impossible for the public to challenge bad patents, and that will harm innovation and everyday technology users.

Powerful institutions are using automated decision-making against us. Landlords use it to decide who gets a home. Insurance companies use it to decide who gets health care. ICE uses it to decide who must submit to location tracking by electronic monitoring. Bosses use it to decide who gets fired, and to predict who is organizing a union or planning to quit. Bosses even use AI to assess the body language and voice tone of job candidates. And these systems often discriminate based on gender, race, and other protected statuses.

Fortunately, workers, patients, and renters are resisting.

In 2024, Colorado enacted a limited but crucial step forward against automated abuse: the AI Act (S.B. 24-205). We commend the labor, digital rights, and other advocates who have worked to enact and protect it. Colorado recently delayed the Act’s effective date to June 30, 2026.

EFF looks forward to enforcement of the Colorado AI Act, opposes weakening or further delaying it, and supports strengthening it.

What the Colorado AI Act Does

The Colorado AI Act is a good step in the right direction. It regulates “high risk AI systems,” meaning machine-based technologies that are a “substantial factor” in deciding whether a person will have access to education, employment, loans, government services, healthcare, housing, insurance, or legal services. An AI-system is a “substantial factor” in those decisions if it assisted in the decision and could alter its outcome. The Act’s protections include transparency, due process, and impact assessments.

The Act is a solid foundation. Still, EFF urges Colorado to strengthen it

Transparency. The Act requires “developers” (who create high-risk AI systems) and “deployers” (who use them) to provide information to the general public and affected individuals about these systems, including their purposes, the types and sources of inputs, and efforts to mitigate known harms. Developers and deployers also must notify people if they are being subjected to these systems. Transparency protections like these can be a baseline in a comprehensive regulatory program that facilitates enforcement of other protections.

Due process. The Act empowers people subjected to high-risk AI systems to exercise some self-help to seek a fair decision about them. A deployer must notify them of the reasons for the decision, the degree the system contributed to the decision, and the types and sources of inputs. The deployer also must provide them an opportunity to correct any incorrect inputs. And the deployer must provide them an opportunity to appeal, including with human review.

Impact assessments. The Act requires a developer, before providing a high-risk AI system to a deployer, to disclose known or reasonably foreseeable discriminatory harms by the system, and the intended use of the AI. In turn, the Act requires a deployer to complete an annual impact assessment for each of its high-risk AI systems, including a review of whether they cause algorithmic discrimination. A deployer also must implement a risk management program that is proportionate to the nature and scope of the AI, the sensitivity of the data it processes, and more. Deployers must regularly review their risk management programs to identify and mitigate any known or reasonably foreseeable risks of algorithmic discrimination. Impact assessment regulations like these can helpfully place a proactive duty on developers and deployers to find and solve problems, as opposed to doing nothing until an individual subjected to a high-risk system comes forward to exercise their rights.

How the Colorado AI Act Should Be Strengthened

The Act is a solid foundation. Still, EFF urges Colorado to strengthen it, especially in its enforcement mechanisms.

Private right of action. The Colorado AI Act grants exclusive enforcement to the state attorney general. But no regulatory agency will ever have enough resources to investigate and enforce all violations of a law, and many government agencies get “captured” by the industries they are supposed to regulate. So Colorado should amend its Act to empower ordinary people to sue the companies that violate their legal protections from high-risk AI systems. This is often called a “private right of action,” and it is the best way to ensure robust enforcement. For example, the people of Illinois and Texas on paper have similar rights to biometric privacy, but in practice the people of Illinois have far more enjoyment of this right because they can sue violators.

Civil rights enforcement. One of the biggest problems with high-risk AI systems is that they recurringly have an unfair disparate impact against vulnerable groups, and so one of the biggest solutions will be vigorous enforcement of civil rights laws. Unfortunately, the Colorado AI Act contains a confusing “rebuttable presumption” – that is, an evidentiary thumb on the scale – that may impede such enforcement. Specifically, if a deployer or developer complies with the Act, then they get a rebuttable presumption that they complied with the Act’s requirement of “reasonable care” to protect people from algorithmic discrimination. In practice, this may make it harder for a person subjected to a high-risk AI system to prove their discrimination claim. Other civil rights laws generally do not have this kind of provision. Colorado should amend its Act to remove it.

Next Steps

Colorado is off to an important start. Now it should strengthen its AI Act, and should not weaken or further delay it. Other states must enact their own laws. All manner of automated decision-making systems are unfairly depriving people of jobs, health care, and more.

EFF has long been fighting against such practices. We believe technology should improve everyone’s lives, not subject them to abuse and discrimination. We hope you will join us.