Panic at the grocery store
Retail chains are joining the biometric surveillance dragnet
Welcome, readers! I’m Anna Baydakova and this is your weekly recap of the most interesting news in digital censorship and surveillance.
Biometrics-based surveillance is slowly but surely spreading around us, covering more spaces and becoming harder to avoid. In the U.S., it’s now part of everything related to immigration, it’s used in airports and schools. The new frontier is big retail chains, including popular grocery stores.
American retailers are increasingly adopting facial recognition technology to prevent theft. However, there is a greater-than-zero chance this data might become a treasure trove for various government agencies, including ICE.
Why care? I think it’s important to keep track of how areas of our privacy are shrinking, turning our lives into a constant stream of data – identifiable, searchable, archived somewhere for an unknown amount of time.
We’ll look into that, as well as into the nuances of AI surveillance in American schools, news of online censorship in Iran and Russia, and some useful information on how to document the activities of ICE safely.
If you’re enjoying this newsletter, please help me spread the word and share it with a friend who might like it as well.
Let’s get into it!
Biometrics briefing
Mobile Fortify, the infamous facial recognition app used by ICE, repeatedly misidentified an immigrant. – 404 Media
Mexico will use an AI platform for biometric identification and vehicle tracking during the 2026 FIFA World Cup. – Mexico Business
World (Worldcoin) has started deploying its iris-scanning Orb devices in Italy. – ID Tech Wire
India has mandated biometric verification for cryptocurrency exchanges. – The Hindu
Indian police will use AI-enabled smart glasses with facial recognition, along with CCTV and drone surveillance during the Republic Day (Jan. 26) in New Delhi. – Times Now
Grocery stores scan your face
Wegmans, a U.S. retail chain, has got embroiled in controversy recently, after it began notifying shoppers that AI recognition technology is used in its stores. Last week, the company issued an explanation saying it uses the technology to prevent incidents in stores and does not share facial recognition scan data with any third party.
However, human rights advocates point to a part of the disclosure mentioning collaboration with law enforcement agencies: “Persons of interest are determined by our asset protection team based on incidents occurring on our property and on a case-by-case basis, on information from law enforcement for criminal or missing persons cases.”
According to the American Civil Liberties Union, this might mean that facial recognition data gathered in stores might be used, among other agencies, by ICE to identify immigrants for deportation. And given that Wegmans is not the only American retailer who has recently started scanning customers’ faces, does this mean groceries are becoming a part of the rapidly expanding surveillance state?
It has been previously reported that Whole Foods, Fairway, Macy’s, Walmart, Kroger, Home Depot and ShopRite are also using facial recognition technology in their stores.
“If enough companies deploy this tech in enough stores, it could become a mass surveillance machine able to locate anyone who steps foot in a wide variety of establishments anywhere in the United States. Do we want our government to have that much power? Will we the public even have a say in the matter?” ACLU asks in this analytical article – and that is something to think about.
Home Depot, Flock’d
In the meantime, another U.S. retailer is facing questions about its role in immigration-related surveillance. A group of eighteen Home Depot investors is asking the company to review its partnership with Flock, makers of AI-powered license plate readers, Reuters reports.
The investors got disturbed by the reports that Flock data has been used by ICE – and by the fact that the deportation agency frequently conducts its raid in Home Depot parking lots, where immigrants often gather looking for work on construction projects.
The investors are calling for an “assessment of privacy and civil rights risks, including discrimination or wrongful detention from misuse of customer data.”
“The Company already faces reputational risks stemming from frequent immigration enforcement raids occurring near its stores and heightened public concerns regarding data privacy,” the investors’ proposal reads, as cited by Reuters.
Home Depot told reporters that it does not share data from the Flock cameras in stores and parking lots with federal agencies. However, ICE has earlier been able to use local police departments’ access to Flock and perform its own searches, 404 Media earlier found.
Home Depot has earlier advised employees to report immigration raids to the company, and when they happen, employees can home with pay, spokesperson told Reuters.
AI surveillance comes to schools
In case you missed it: I interviewed Sal Mani, head of safety and security strategic initiatives at VOLT AI, which provides an AI-driven surveillance system to U.S. schools. We talked about the tricky task of automated weapon detection, dealing with false positives, the role of human evaluation and whether being watched is a deterrent factor.
It was interesting to learn how AI detection works, step by step, and at what times human involvement can correct the course. However, according to our conversation, both makers and users of such systems expect them to become as fast and autonomous as possible, liberating humans from having to keep the algorithm in check.
Sounds worrisome for a privacy nerd like me: are we making ourselves safer or are we relinquishing more and more control to algorithms that soon will become smarter than us?
The technology showed some hiccups over the past years, when AI hallucinated guns and called the police on students who were holding other, completely innocuous objects. So is it possible to make it flawless? Read my interview with VOLT if you’re curious what developers of such systems have to say about this.
And just for context: one of the interesting things Mani said was that sometimes, it’s parents who try to walk into their kids’ school with a firearm – and not everyone is keen to be reminded they can’t do that.
As my colleague noted: “What’s wild to me is that gun control is never the answer.” But that’s a completely different story, isn’t it?..
DOGE, SSNs and lost elections
Remember when Elon Musk’s Department of Government Efficiency (DOGE) was allowed into the Social Security Administration, wreaked cybersecurity havoc on operations and touted false fraud claims? Turns out, that was not all they did.
According to new documents in a lawsuit against the Social Security Administration (SSA), two DOGE employees working at the SSA were secretly in touch with an unidentified advocacy group, which wanted to access social security data to “overturn election results in certain states,” Politico reported.
The group, which is not named in the filing, was seeking the data to match it with state voter rolls. The information came up as a part of a testimony by Elizabeth Shapiro, a top Justice Department official. In the document, she said SSA referred the DOGE employees for potential violations of the Hatch Act, which prohibits using government employees’ positions for political purposes. The employees are not named in the filing.
Shapiro also revealed that even after a court banned the SSA from sharing private Social Security profiles with DOGE, Musk’s team still was briefly granted access.
This story weirdly rhymes with another one, not about DOGE but about election integrity. In 2025, the Department of Homeland Security (DHS) pushed for consolidating databases from different agencies, so it could check whether everyone who votes in U.S. elections is a citizen. The result? Eligible voters getting kicked off the voter rolls, Wired reports.
Last spring, DHS began encouraging states to check their voter rolls against the immigration data using Systematic Alien Verification for Entitlements (SAVE) system. SAVE, run by US Citizenship and Immigration Services (USCIS), was previously used to check whether immigrants applying for government services were eligible to receive them.
Now, SAVE has access to a wealth of data from across different agencies, effectively turning into a citizenship database. However, not every piece of data by every agency is suitable for voter verification – the repurposing of SAVE has already led to people being removed from the voter rolls based on outdated information, according to Wired.
On the one hand, coming from a country where not having a national ID (passport) has never even been an option, it’s still baffling for me how tricky it is to check whether someone is a citizen in the U.S. On the other hand, the current U.S. government data grab has been officially proclaimed as an effort to weed out fraud and abuse… Wonder how that is going.
No more flying over ICE
In the meantime, it has become harder for citizens to film ICE raids with drones: the Federal Aviation Administration put a drone no-fly zone within 3,000 feet of both facilities and vehicles of the Department of Homeland Security (DHS). The directive, first reported by 404 Media, expands a rule that normally protects the skies above military bases and Department of Energy (DOE) facilities.
The order essentially makes it illegal to fly private and commercial drones within 3,000 feet (~914 meters) around DHS buildings and cars, and up to 1,000 feet (~300 meters) above them – this area is being classified as “national defense airspace.”
Blackout forever?
Iran is on its way to a permanent internet shutdown, The Guardian writes. The country has been isolated from the World Wide Web since January 8 as the government has been trying to quell continuous protests. According to IranWire, a government spokesperson said the global internet would remain inaccessible until Nowruz, the Persian new year, which is March, 20.
Filterwatch, an organization tracking internet censorship in Iran, issued a report pointing to several signs of a longer or permanent shutdown. For one, Iranian companies are developing methods to detect Starlink terminals, which are not allowed to operate in Iran but have been increasingly smuggled into the country for the past three years.
Another symptom: foreign partners of Iranian telecom companies have left Iran in recent days. The country has been developing its isolated domestic internet for over a decade now, allowing the regime to shut down global communications but still keep key electronic services operational.
And we still don’t know the full scale of violence and the number of deaths in Iran, where protests against the government have been met with a brutal crackdown, leaving thousands of people killed.
Russia to train AI censors
Meanwhile in Russia, further evidence of a big global trend: the future of censorship is AI algorithms watching over internet users’ shoulders.
The country’s internet censorship agency is seeking to use artificial intelligence for more efficient filtering of web traffic. Roskomnadzor, the agency maintaining the register of banned websites and forbidden content, is seeking to enhance its deep packet inspection technology (DPI) with AI, Russian Forbes reports.
DPI allows checking data packets users and websites send each other over the internet and seeing whether they comply with the online censorship rules. The technology helps detect the use of virtual private networks (VPNs) – a tool for accessing blocked websites. Iran also uses DPI to isolate the country from the global internet, by the way.
DPI is a pretty powerful technology, however, obviously still can’t catch 100% of censorship circumvention, so now AI is expected to make it even more efficient.
Tips and Tricks: Filming ICE raids
If you want to film ICE agents and share what you’ve seen, you need to think of the privacy implications both for yourself and people on your video. The Conversation shares tips on how to minimize sharing your personal data, avoid being tracked and doxxing others:
Protect your phone: use a long passcode, disable biometric unlock, turn off message previews, log out of sensitive accounts and remove unnecessary apps. As a radical option, leave your primary phone at home.
Secure your recording: send it to a trusted person or yourself through an encrypted app or, on the contrary, do not upload it online until you feel safe.
While filming, keep your phone locked using the camera-from-lock-screen feature.
Avoid livestreaming as it can expose your location in real time.
Consider the privacy of people in your video: blur faces, tattoos and license plates, remove metadata.
“Think strategically about distribution because sometimes it’s safer to provide footage to journalists, lawyers or civil rights groups who can authenticate it without exposing everyone to mass identification,” The Conversation’s director of digital strategy Joel Abrams adds.
***
And that’s all from me this week, folks.
Stay vigilant!
Anna