The Overflow
Surveillance has to start somewhere but does it end?
Hey privacy-minded people and welcome to all new subscribers – good to see you here! I’m Anna Baydakova and every week I’m keeping tabs on the latest news in digital censorship and surveillance.
I’ve been thinking a lot about how technologies of digital control find their way into the mainstream and quietly pop up in everyday lives of people who never gave such things much thought. In different countries, it takes different trajectories.
In Russia, the common denominator has been the war in Ukraine. Naturally, you can’t have freedom of expression or a right to go about your life without being watched when the entire economy – and the current political regime – has become vitally dependent on that war. There must be no deviation and no dissent.
In the United States, the leading motif these days is immigration control and deportations. But technology has a tendency to overflow whatever initial container it’s placed into and spread around, spreading into as many realms of human life as it can.
Take the surveillance measures the Department of Homeland Security is taking to keep track of immigrants – turns out, U.S. citizens are increasingly swept up by them, too. And now, you’re left with uneasy thoughts: what if a Ring camera on your porch and a facial recognition app on an ICE agent’s phone are about to merge into one omnipresent, omnipotent surveillance system that watches everyone?
On another note – it just so happens that this week, there has been more online censorship news than usual, and again from these two worlds, the U.S. and Russia. Not the same, not even very similar, but each has lessons the other could learn.
Let’s get into it!
Please share this newsletter with friends and colleagues who might enjoy it too! The more of us, the merrier – even though sometimes it might feel like joining a 24/7 horror movie watching party… But hey, we’ll hold each other’s hands and find ways to protect our privacy, won’t we?
Subscribe to stay aware.
Biometrics briefing
UK’s Home Office will trial live facial-recognition tech to identify people who have been deported from the UK but try to return. – Public Technology
Also in the UK, live facial recognition will be deployed in West Yorkshire next week to help identify people wanted by the courts, subject to arrest, or posing a risk to the public. – Yorkshire Evening Post
Kyrgyzstan is launching biometric passports. – ID Tech Wire
More biometrics for the U.S. govt
The U.S. immigration authorities are looking to expand their biometric data collection practices – and not only for migrants, but for citizens as well. U.S. Citizenship and Immigration Services (USCIS) has proposed a new rule, which will oblige not only migrants themselves, but also any “petitioner, sponsor, supporter, derivative, dependent, beneficiary, or individual” associated with a petition, regardless of age, to submit biometric data.
The proposal, reported by The Register, also expands the definition of biometrics as “measurable biological (anatomical, physiological or molecular structure) or behavioural characteristics of an individual,” which might include DNA samples, iris scans, and voice prints. It’s not clear why U.S. citizens should get swept under the new surveillance requirements.
Importantly, the proposed update would eliminate the age limit, exposing children under 14 years old to the new requirements, too. The DHS says it needs this to protect minors from being trafficked across the U.S. border. This latest expansion of biometrics collection practices might cost taxpayers $288.7 million annually, according to DHS estimates. DHS has already tried to expand its biometric collection practices in 2020 but met opposition from Democratic senators, Ars Technica reminds.
I’ve already written in this newsletter about how the U.S. law enforcement is actively developing its biometric surveillance system, and this latest DHS proposal seems like a logical step and should be no surprise.
More importantly, these days, no government database is an isolated entity with restricted use – all government data is becoming increasingly interconnected, while the boundaries between agencies and the information they have on citizens are growing blurrier.
For example, in September, Wired found that the U.S. immigration authorities have been quietly funnelling DNAs of both U.S. citizens and immigrants into an FBI database. The database was initially created to track convicted offenders, but it now contains DNA samples from multiple people who were never charged with any crime or only faced civil penalties, including U.S. citizens and minors.
As for the DHS new proposal, the agency is expecting public comments on the rule change by January 2, 2026.
Facial recognition for police
Speaking of the actual use cases for biometric data – remember the facial recognition app ICE was using to scan people’s faces on the streets? The Department of Home Security’s Customs and Border Protection (CBP) decided to share with friends and launched Mobile Identify, an app available to sheriff offices, police departments, and other local or regional law enforcement agencies. It’s designed “to identify and process individuals who may be in the country unlawfully,” according to its page on the Google Play Store.
However, this version is less powerful than Mobile Fortify, the app CBP is using, according to the sources who spoke to 404 Media. Unlike the product for ICE, the police version doesn’t return names after a face search, but instead tells users to either contact ICE or to not detain the person, depending on the result.
Walk through the door, Familiar Face
The trend is very clear: facial recognition will be everywhere pretty soon – from street cameras to police officers’ phones to random stranger’s smart glasses.
Bringing that future closer, Amazon recently announced that it will add a facial recognition feature to its Ring cameras in December. The Electronic Frontier Foundation explains why that is not the best idea for privacy.
The new feature, called “Familiar Faces,” identifies people who approach the camera and then tries to match them with a list of pre-saved faces. “This will include many people who have not consented to a face scan, including friends and family, political canvassers, postal workers, delivery drivers, children selling cookies, or maybe even some people passing on the sidewalk,” the EFF says.
What can be wrong with that? First of all, think of potential security breaches. Everything gets hacked these days, from government databases to casinos. It might be only a matter of time before Ring’s cloud video storage gets hacked, too, and the biometric data of millions of people could get stolen and used by cybercriminals for identity theft. Tellingly, Amazon said the new feature won’t be available in places with the strongest privacy regulation, including Illinois, Texas, and the city of Portland.
Also, Amazon has recently made significant efforts to become a key provider of surveillance tools to the U.S. law enforcement. In September, the company rolled out a new feature allowing local public safety agencies to request videos from Ring cameras with owners’ consent.
This raises a logical question: will turning on the facial recognition function on your Ring camera eventually put you and anyone coming to your home under automatic police surveillance – and whether you’re ok with that.
Change your password, watcher
Speaking of cybersecurity at surveillance companies – here is a fresh example of what can go wrong.
Russian cybercriminals got their hands on credentials for Flock, a surveillance system for license plate readers with contracts across the U.S. law enforcement agencies. 404 Media found that data from multiple accounts, including some from the government, police department, and sheriff offices in Atlanta, Missouri, Michigan, Ohio, Oklahoma, and Texas were exposed on the darknet.
It’s not clear whether any cybercriminals actually used the stolen credentials to get access to Flock’s cameras. Senator Ron Wyden and Congressman Raja Krishnamoorthi asked the FTC to investigate Flock’s security practices.
By the way, in case you missed last week’s selection of spyware screw-up stories, check the previous issue of this newsletter – some of those anecdotes are scary, some are hilarious. But definitely there is more to come.
YouTube purge for Gaza documentarians
This week, we have a whole bunch of new (and sad) developments in online censorship.
For starters, YouTube deleted hundreds of videos from the channels of three organizations that documented human rights violations during the war in Gaza, The Intercept reports. The channels were purged in early October.
Al-Haq, Al Mezan Center for Human Rights, and the Palestinian Centre for Human Rights were sanctioned by the U.S. as they contributed to the work of the International Criminal Court, which issued arrest warrants and charged Israeli Prime Minister Benjamin Netanyahu and former Israeli Defense Secretary Yoav Gallant with war crimes in Gaza.
Search no more
The U.S. might be still making baby steps in its online speech censorship journey, but let me tell you about a country where you can face punishment for merely trying to read something banned.
Russia has started prosecuting people for searching “extremist materials” online, Meduza reports. Recently, a new law was passed prohibiting the search of materials listed as extremist. Since its invasion of Ukraine, Russia has ramped up online censorship, effectively outlawed any public criticism of the war and labeled numerous journalists, artists, and pundits as “foreign agents” for speaking against the bloodshed.
This week, the law showed its teeth: the police of the city in the Ural Mountains region charged a citizen with a misdemeanour for searching information about Ukrainian volunteer battalions fighting Russian troops. How did they know about the search? An internet provider told the FSB, Russia’s domestic security agency (the name of the provider was not disclosed). The punishment is a fine of $30 to $50.
But think about this! Someone googled “Azov” and “Russian Volunteer Corps”. Their internet provider saw that (are they monitoring their users’ every step?) and notified the FSB. The police took action. Sounds like something from Orwell’s “1984” but in Russia, it’s reality now.
Free online archives? No, thanks
And now, some updates on the fallen dream of a Free Internet: Internet Archive had to remove more than 500,000 books from its “Open Library” due to copyright lawsuits, Ars Technica reports.
Meanwhile, the FBI has been trying to unmask the owner of another archiving service, archive.today – the agency sent them a subpoena saying it was part of a criminal investigation but giving no details on what it was about, 404 Media reports.
Tips and Tricks: Opt out of TSA face scans
In this pretty thorough explainer, HuffPost provides instructions for travellers who don’t want to go through a biometric photoshoot at airport security – and why you might want to avoid it.
That’s all for this week, guys.
Stay vigilant!
Anna