Normal view

🔊 Mass Surveillance for… Loud Music? | EFFector 38.11

10 June 2026 at 19:29

Across the country, surveillance companies have spun a vast web of tens of thousands of license plate cameras. The people selling this tech want you to believe that it's for your safety, but how are authorities really using automated license plate readers (ALPR)? In this week's EFFector newsletter, we're looking at how these powerful surveillance networks have become universal people-trackers used for noise complaints and other low-level investigations.

JOIN OUR NEWSLETTER

For over 35 years, EFFector has been your guide to understanding the intersection of technology, civil liberties, and the law. This week's issue covers a victory for facial privacy, EFF's testimony to Congress about AI and surveillance, and troubling new examples of ALPR mission creep.

Prefer to listen in? EFFector is now available on all major podcast platforms. This week, we're chatting with EFF Associate Director of State Affairs Rindala Alajaji about what she uncovered about police use of ALPR. And don't miss the EFFector news quiz. You can find the episode and subscribe on your podcast platform of choice:

play
Privacy info. This embed will serve content from simplecast.com

Listen on Spotify Podcasts Badge Listen on Apple Podcasts Badge  Subscribe via RSS badge

Want to stay in the fight for privacy and free speech online? Sign up for EFF's EFFector newsletter for updates, ways to take action, and new merch drops. You can also fuel the fight against online surveillance when you support EFF today!

EFF Sues DHS and ICE For Records on Subpoenas Seeking to Unmask Online Critics

22 April 2026 at 17:51
Agencies Ignored EFF’s Public-Records Requests Regarding Unlawful Efforts to Locate People Who Criticized the Government or Attended Protests.

SAN FRANCISCO – The Electronic Frontier Foundation (EFF) sued the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE) today demanding public records about their use of administrative subpoenas to try to identify their online critics.

Court records and news reports show that in the past year, DHS has used administrative subpoenas to unmask or locate people who have documented ICE's activities in their community, criticized the government, or attended protests. The subpoenas are sent to technology companies to demand information about internet users who are often engaged in protected First Amendment activity.

These subpoenas are dangerous because they don’t require judges’ approval. But they are also unlawful, and the government knows it. When a few users challenged them in court with the help of American Civil Liberties Union affiliates in Northern California and Pennsylvania, DHS withdrew them rather than waiting for a decision.

DHS and ICE have ignored EFF’s public-records requests for documents about the processes behind these subpoenas, so EFF sued Wednesday in the U.S. District Court for the District of Columbia.

“DHS and ICE should not be able to first claim that they have the legal authority to unmask critics and then run from court when users challenge these administrative subpoenas,” said EFF Deputy Legal Director Aaron Mackey. “The public deserves to know what laws the agencies believe give them the power to issue these speech-chilling subpoenas.”

An administrative subpoena cannot be used to obtain the content of communications, but they have been used to try and obtain some basic subscriber information like name, address, IP address, length of service, and session times. If a technology company refuses to comply, an agency’s only recourse is to drop it or go to court and try to convince a judge that the request is lawful.

EFF and the ACLU of Northern California in February ​wrote to Amazon, Apple, Discord, Google, Meta, Microsoft, Reddit, SNAP, TikTok, and X​ to ask that they insist on court intervention and an order before complying with a DHS subpoena; give users as much notice as possible when they are the target of a subpoena, so the users can seek help; and resist gag orders that would prevent the companies from notifying users who are targets of subpoenas.

And EFF last week ​asked California’s and New York’s attorneys general to investigate Google​ for deceptive trade practices for breaking ​its promise​ to notify users before handing their data to law enforcement, citing the case of a doctoral student who was targeted with an ICE subpoena after briefly attending a pro-Palestine protest.

EFF in early March filed public-records requests with DHS and ICE for their policies, procedures, guidelines, directives, memos, and legal analyses supporting such use of administrative subpoenas. EFF also requested all Inspector General or oversight records, all approval and issuance procedures for the subpoenas, all records reflecting how many such subpoenas have been issued, all communications with technology companies concerning these demands, all communications regarding specific named targets or programs, and all communications with the Department of Justice regarding such subpoenas.

DHS and ICE have not responded, even though EFF requested expedited processing of its requests, which requires agencies to get back to requesters within 10 days.

The policies, directives, and authorization records governing the program have not been disclosed,” the complaint notes. “The legal basis asserted by DHS and ICE for using a customs statute to compel disclosure of information about persons engaged in constitutionally protected speech and association has not been made public.”

For the complaint: https://www.eff.org/document/eff-v-dhs-ice-administrative-subpoenas-complaint

For EFF’s letter urging tech companies to protect users: ​https://www.eff.org/deeplinks/2026/02/open-letter-tech-companies-protect-your-users-lawless-dhs-subpoenas​

For EFF’s letter urging state probes of Google: ​https://www.eff.org/press/releases/eff-state-ags-investigate-googles-broken-promise-users-targeted-government​

Contact: 
Aaron
Mackey
Deputy Legal Director/Free Speech and Transparency Litigation Director

EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government

14 April 2026 at 18:00
Google's Failure to Warn Users About Law Enforcement Demands for Data Is Deceptive

SAN FRANCISCO – The Electronic Frontier Foundation sent complaints today to the attorneys general of California and New York urging them to investigate Google for deceptive trade practices, related to the company's broken promise to give users prior notice before disclosing their information to law enforcement. 

The letters were sent on behalf of Amandla Thomas-Johnson, whose information was disclosed to U.S. Immigration and Customs Enforcement (ICE) without prior notice from Google. 

For nearly a decade, Google has promised billions of users that it will notify them before disclosing their personal data to law enforcement. Many times, the company has done just that. But through a hidden and systematic practice, Google has likely violated that promise numerous times over the years. This was the case for Thomas-Johnson, a Ph.D. candidate who was targeted by ICE after briefly attending a protest, effectively preventing him from contesting an invalid subpoena for his data. 

"Google should answer the question: How many other times has it broken its promise to users?” said EFF Senior Staff Attorney F. Mario Trujillo. "Advance notice is especially important now, when agencies like ICE are unconstitutionally targeting users for First Amendment-protected activity. State attorneys general should investigate Google for this deception." 

On Google’s Privacy & Terms page, it promises its users that “When we receive a request from a government agency, we send an email to the user account before disclosing information.” This promise ensures that users can protect their own privacy and decide to challenge overbroad or illegal demands on their own behalf. The company lists a handful of exceptions to this policy (such as if Google receives a gag order from a court) that do not apply to Thomas-Johnson's case. While ICE “requested” that Google not notify Thomas-Johnson, the request was not enforceable or mandated by a court. 

But on May 8, 2025, Google complied with an administrative subpoena from ICE seeking Thomas-Johnson’s subscriber information, including his name, address, IP address, and other personal identifiers. Later that same day, the company sent Thomas-Johnson a message telling him it had already complied with the subpoena, which he would have successfully challenged had he been given advance notice. Google received the subpoena in April and had more than a month to alert Thomas-Johnson. 

Communication between EFF and Google later revealed that this is a systematic issue, not an isolated one. When Google does not fulfill a subpoena within a government-provided artificial deadline, the company's outside counsel explained, Google will sometimes comply with the request and provide notice to a user on the same day. The company calls this practice “simultaneous notice.” 

"What this experience has made clear is that anyone can be targeted by law enforcement," said Thomas-Johnson. "And with their massive stores of data, technology companies can facilitate those arbitrary investigations. Who, exactly, can I hold accountable?" 

Google must commit to ending this deception and pay for its past mistakes. The attorneys general of California and New York are empowered to stop deceptive business practices and seek financial restitution stemming from those practices. As EFF writes in its complaints, they should investigate, hold Google to its public promise to give users advanced notice of law enforcement demands, and take appropriate action if necessary.

Update: This press release has been updated to include more information about Google's exceptions to their notification policy, none of which applied to the subpoena targeting Thomas-Johnson. 
 
For the complaints:
https://www.eff.org/document/eff-letter-re-google-notice-california 
https://www.eff.org/document/eff-letter-re-google-notice-new-york 
https://www.eff.org/document/eff-letter-re-google-notice-exhibits
 
For Thomas-Johnson's account of his ordeal: https://www.eff.org/deeplinks/2026/04/google-broke-its-promise-me-now-ice-has-my-data 

For more information on lawless DHS subpoenas: https://www.eff.org/deeplinks/2026/02/open-letter-tech-companies-protect-your-users-lawless-dhs-subpoenas 

Contact: press@eff.org 

EFF Sues for Answers About Medicare's AI Experiment

25 March 2026 at 18:20
Little Is Known About AI That Could Affect Millions of Seniors' Care

SAN FRANCISCO – The Electronic Frontier Foundation (EFF) today filed a Freedom of Information Act (FOIA) lawsuit against the Centers for Medicare & Medicaid Services (CMS) seeking records about a multi-state program that is using AI to evaluate requests for medical care.

"Tasking an algorithm with making determinations about treatment can create unwarranted—and even discriminatory—delays or denials of necessary medical care," said Kit Walsh, EFF’s Director of AI and Access-to-Knowledge Legal Projects. "Given these serious risks, the public requires transparency that it hasn't gotten. We're suing to get badly needed answers about how Medicare's AI experiment works."

Announced by CMS Administrator Dr. Mehmet Oz last year, the pilot program known as WISeR (Wasteful and Inappropriate Service Reduction) uses AI to assess prior authorization requests from Medicare beneficiaries. Previously rare in original Medicare, prior authorization requires medical providers to obtain advance approval from a patient’s health insurer before delivering certain treatments or services as a condition of coverage.

Unfortunately, there is little information about how the AI algorithms used in WISeR work, including what training data they rely on. It remains unclear whether WISeR has any safeguards against systemic flaws such as algorithmic bias, privacy violations, and wrongful denials of care.

Healthcare experts, care providers, and lawmakers have all raised alarms that WISeR may cause serious harm to patients by relying on AI unless it has the necessary safeguards. Despite this widespread criticism, WISeR was rolled out in six states in January, potentially affecting as many as 6.4 million Medicare beneficiaries, according to one estimate.

By design, WISeR incentivizes contracted companies to deny prior approval against the best interests of patients. Vendors are compensated, in part, on the volume of healthcare services they deny and are entitled to as much as 20 percent of the associated savings. Just weeks after WISeR's launch, hospitals and other health care providers started reporting delays in care approval, communication gaps, and administrative strain.

Earlier this year, EFF submitted a FOIA request to CMS asking for records related to WISeR. Among other records, the request sought agreements with software vendors participating in WISeR; records related to any tests for accuracy, bias, or hallucinations in vendors' technology; and records related to any audits, monitoring, or evaluation of WISeR and participating vendors. To date, CMS has not provided any of these records to EFF. EFF's FOIA lawsuit asks for their immediate processing and release.

"The public has a right to know more about the algorithms driving decisions around their healthcare," said Tori Noble, Staff Attorney at EFF. "Without greater transparency, patients, providers, and policymakers will continue to be left in the dark.”

EFF thanks Stanford Law School's Juelsgaard Intellectual Property & Innovation Clinic for their help in preparing this lawsuit.

For the complaint: https://www.eff.org/document/complaint-eff-v-cms-medicare-wiser-foia

Contact: 
Tori
Noble
Staff Attorney

👓 Who's Really Watching What Smartglasses See? | EFFector 38.6

25 March 2026 at 16:38

After years of tech industry experiments, smartglasses with embedded cameras and microphones have finally gone mainstream. And, disturbingly, sometimes it's not just their owners who are watching what these devices record. In this week's EFFector newsletter, we're taking a closer look at the privacy implications of Meta Ray-Bans, and sharing all the latest in the fight for privacy and free speech online.

JOIN OUR NEWSLETTER

For over 35 years, EFFector has been your guide to understanding the intersection of technology, civil liberties, and the law. This week's issue covers EFF's new executive director; how publishers blocking the Internet Archive threaten the web's historical record; and why you should think twice before buying or using Meta’s Ray-Bans.

Prefer to listen in? EFFector is now available on all major podcast platforms. This week, we're chatting with EFF Security and Privacy Activist Thorin Klosowski about smartglasses and privacy. And don't miss the EFFector news quiz. You can find the episode and subscribe on your podcast platform of choice

play
Privacy info. This embed will serve content from simplecast.com

Listen on Spotify Podcasts Badge Listen on Apple Podcasts Badge  Subscribe via RSS badge

Want to stay in the fight for privacy and free speech online? Sign up for EFF's EFFector newsletter for updates, ways to take action, and new merch drops. You can also fuel the fight against online surveillance when you support EFF today!

The Government Uses Targeted Advertising to Track Your Location. Here's What We Need to Do.

5 March 2026 at 15:00

We've all had the unsettling experience of seeing an ad online that reveals just how much advertisers know about our lives. You're right to be disturbed. Those very same online ad systems have been used by the government to warrantlessly track peoples' locations, new reporting has confirmed.

For years, the internet advertising industry has been sucking up our data, including our location data, to serve us "more relevant ads." At the same time, we know that federal law enforcement agencies have been buying up our location data from shady data brokers that most people have never heard of.

Now, a new report gives us direct evidence that Customs and Border Protection (CBP) has used location data taken from the internet advertising ecosystem to track phones. In a document uncovered by 404 Media, CBP admits what we’ve been saying for years: The technical systems powering creepy targeted ads also allow federal agencies to track your location.

The document acknowledges that a program by the agency to use "commercially available marketing location data" for surveillance drew from the process used to select the targeted ads shown to you on nearly every website and app you visit. In this blog post, we'll tell you what this process is, how it can and is being used for state surveillance, and what can be done about it—by individuals, by lawmakers, and by the tech companies that enable these abuses.

Advertising Surveillance Enables Government Surveillance

The online advertising industry has built a massive surveillance machine, and the government can co-opt it to spy on us. 

In the absence of strong privacy laws, surveillance-based advertising has become the norm online. Companies track our online and offline activity, then share it with ad tech companies and data brokers to help target ads. Law enforcement agencies take advantage of this advertising system to buy information about us that they would normally need a warrant for, like location data. They rely on the multi-billion-dollar data broker industry to buy location data harvested from people’s smartphones.

We’ve known for years that location data brokers are one part of federal law enforcement's massive surveillance arsenal, including immigration enforcement agencies like CBP and Immigration and Customs Enforcement (ICE). ICE, CBP and the FBI have purchased location data from the data broker Venntell and used it to identify immigrants who were later arrested. Last year, ICE purchased a spy tool called Webloc that gathers the locations of millions of phones and makes it easy to search for phones within specific geographic areas over a period of time. Webloc also allows them to filter location data by the unique advertising IDs that Apple and Google assign to our phones.

But a document recently obtained by 404 Media is the first time CBP has acknowledged the location data it buys is partially sourced from the system powering nearly every ad you see online: real-time bidding (RTB). As CBP puts it, “RTB-sourced location data is recorded when an advertisement is served.” 

Even though this document is about a 2019-2021 pilot use of this data, CBP and other federal agencies have continued to purchase and use commercially obtained location data. ICE has purchased location tracking tools since then and recently requested information on “Ad Tech” tools it could use for investigations. 

The CBP document acknowledges two sources of location data that it relies on: software development kits (SDKs) and RTB, both methods of location-tracking that EFF has written about before. Apps for weather, navigation, dating, fitness, and “family safety” often request location permissions to enable key features. But once an app has access to your location, it could share it with data brokers directly through SDKs or indirectly (and often without the app developers' knowledge) through RTB. Data brokers can collect location data from SDKs that they pay developers to put in their apps. When relying on RTB, data brokers don’t need any direct relationship with the apps and websites they’re collecting location data from. RTB is facilitated by ad companies that are already plugged into most websites and apps. 

Donate to Support EFF's Work

Your donations empower EFF to do even more.

How Real-Time Bidding Works

RTB is the process by which most websites and apps auction off their ad space. Unfortunately, the milliseconds-long auctions that determine which ads you see also expose your information, including location data, to thousands of companies a day. At a high-level, here’s how RTB works:

  1. The moment you visit a website or app with ad space, it asks an ad tech company to determine which ads to display for you. 
  2. This ad tech company packages all the information they can gather about you into a “bid request” and broadcasts it to thousands of potential advertisers. 
  3. The bid request may contain information like your unique advertising ID, your GPS coordinates, IP address, device details, inferred interests, demographic information, and the app or website you’re visiting. The information in bid requests is called “bidstream data” and typically includes identifiers that can be linked to real people. 
  4. Advertisers use the personal information in each bid request, along with data profiles they’ve built about you over time, to decide whether to bid on the ad space. 
  5. The highest bidder gets to display an ad for you, but advertisers (or the adtech companies that represent them) can collect your bidstream data regardless of whether or not they bid on the ad space.   

A key vulnerability of real-time bidding is that while only one advertiser wins the auction, all participants receive data about the person who would see their ad. As a result, anyone posing as an ad buyer can access a stream of sensitive data about billions of individuals a day. Data brokers have taken advantage of this vulnerability to harvest data at a staggering scale. For example, the FTC found that location data broker Mobilewalla collected data on over a billion people, with an estimated 60% sourced from RTB auctions. Leaked data from another location data broker, Gravy Analytics, referenced thousands of apps, including Microsoft apps, Candy Crush, Tinder, Grindr, MyFitnessPal, pregnancy trackers and religious-focused apps. When confronted, several of these apps’ developers said they had never heard of Gravy Analytics. 

As Venntel, one of the location data brokers that has sold to ICE, puts it, “Commercially available bidstream data from the advertising ecosystem has long been one of the most comprehensive sources of real-time location and device data available.” But the privacy harms of RTB are not just a matter of misuse by individual data brokers. RTB auctions broadcast the average person’s data to thousands of companies, hundreds of times per day, with no oversight of how this information is ultimately exploited. Once your information is broadcast through RTB, it’s almost impossible to know who receives it or control how it’s used. 

What You Can Do To Protect Yourself

Revelations about the government's exploitation of this location data shows how dangerous online tracking has become, but we’re not powerless. Here are two basic steps you can take to better protect your location data:

  1. Disable your mobile advertising ID (see instructions for iPhone/Android). Apple and Google assign unique advertising IDs to each of their phones. Location data brokers use these advertising IDs to stitch together the information they collect about you from different apps. 
  2. Review apps you’ve granted location permissions to. Apps that have access to your location could share it with other companies, so make sure you’re only granting location permission to apps that really need it in order to function. If you can’t disable location access completely for an app, limit it to only when you have the app open or only approximate location instead of precise location. 

For more tips, check out EFF’s guide to protecting yourself from mobile-device based location tracking. Keep in mind that the security plan that’s best for you will vary in different situations. For example, you may want to take stronger steps to protect your location data when traveling to a sensitive location, like a protest. 

What Tech Companies and Lawmakers Must Do

Legislators and tech companies must act so that individuals don’t bear the burden of defending their data every time they use the internet.

Ad tech companies must reckon with their role in warrantless government surveillance, among other privacy harms. The systems they built for targeted advertising are actively used to track people’s location. The best way to prevent online ads from fueling surveillance is to stop targeting ads based on detailed behavioral profiles. Ads can still be targeted contextually—based on the content people are viewing—without collecting or exposing their sensitive personal information. Short of moving to contextual advertising, tech companies can limit the use of their systems for government location tracking by:

  • Stopping the use of precise location data for targeted advertising. Ad tech companies facilitating ad auctions can and should remove precise location data from bid requests. Ads can be targeted based on people’s coarse location, like the city they’re in, without giving data brokers people’s exact GPS coordinates. Precise location data can reveal where we work, where we live, who we meet, where we protest, where we worship, and more. Broadcasting it to thousands of companies a day through RTB is dangerous.
  • Removing advertising IDs from devices, or at minimum, disabling them by default. Advertising IDs have become a linchpin of the data broker economy and are actively used by law enforcement to track people’s location. Advertising IDs were added to phones in 2012 to let companies track you, and removing them is not a far-fetched idea. When Apple forced apps to request access to people’s advertising IDs starting in 2021 (if you have an iPhone you’ve probably seen the "Ask App Not to Track" pop-ups), 96% of U.S. users opted out, essentially disabling advertising IDs on most iOS devices. One study found that iPhone users were less likely to be victims of financial fraud after Apple implemented this change. Google should follow Apple’s lead and disable advertising IDs by default.

Lawmakers also need to step up to protect their constituents' privacy. We need strong, federal privacy laws to stop companies from spying on us and selling our personal information. EFF advocates for data privacy legislation with teeth and a ban on ad targeting based on online behavioral profiles, as it creates a financial incentive for companies to track our every move.

Legislators can and must also close the "data broker loophole" on the Fourth Amendment. Instead of obtaining a warrant signed by a judge, law enforcement agencies can just buy location data from private brokers to find out where you've been. Last year, Montana became the first state in the U.S. to pass a law blocking the government from buying sensitive data it would otherwise need a warrant to obtain. And in 2024, Senator Ron Wyden's EFF-endorsed Fourth Amendment is Not for Sale Act passed the House before dying in the Senate. Others should follow suit to stop this end-run around constitutional protections.

Online behavioral advertising isn’t just creepy–it’s dangerous. It's wrong that our personal information is being silently harvested, bought by shadow-y data brokers, and sold to anyone who wants to invade our privacy. This latest revelation of warrantless government surveillance should serve as a frightening wakeup call of how dangerous online behavioral advertising  has become.

Donate to Support EFF's Work

Your donations empower EFF to do even more.

EFF to Supreme Court: Shut Down Unconstitutional Geofence Searches

3 March 2026 at 16:54
Digital Dragnets Violate Fourth Amendment, Brief Argues

WASHINGTON, D.C. – The Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU), the ACLU of Virginia, and the Center on Privacy & Technology at Georgetown Law filed a brief Monday urging the U.S. Supreme Court to rule that invasive geofence warrants are unconstitutional.

The brief argues that geofence warrants—which compel companies to provide information on every electronic device in a given area during a given time period—are the digital version of the exploratory rummaging that the drafters of the Fourth Amendment specifically intended to prevent. 

Unlike typical warrants, geofence warrants do not name a suspect or even target a specific individual or device. Instead, police cast a digital dragnet, demanding location data on every device in a geographic area during a certain time period, regardless of whether the device owner has any connection to the crime under investigation. These searches simultaneously impact the privacy of millions and turn innocent bystanders into suspects, just for being in the wrong place at the wrong time. 

The Supreme Court agreed earlier this year to hear Chatrie v. United States, in which a 2019 geofence warrant  compelled Google to search the accounts of all its hundreds of millions of users to see if any one of them was within a radius police drew around a Northern Virginia crime scene. This area amounted to several football fields in size and encompassed numerous homes, businesses, and a church. In an amicus brief filed Monday, the brief argues that allowing this sweeping power to go unchecked is inconsistent with the basic freedoms of a democratic society. 

"This is not traditional police work, but rather the leveraging of new and powerful technology to claim a novel and formidable power over the people," the brief states. "By their very nature, geofence searches turn innocent bystanders into suspects and leverage even purportedly limited searches into larger dragnets, causing intrusions at a scale far beyond those held unconstitutional in the physical world." 

The brief also cautioned the Court not to authorize future geofence warrants based on the facts of the Chatrie case, which reflect how such searches were conducted in 2019. Since July 2025, mass geofence searches of Google users’ location data have not been possible. However, Google is not the only company collecting location data, nor the only way for police to access mass amounts of data on people with no connection to a crime. All suspicionless searches drag a net through vast swaths of information in hopes of identifying previously unknown suspects—ensnaring innocent bystanders along the way. 

"To courts, to lawmakers, and to tech companies themselves, EFF has repeatedly argued that these high-tech efforts to pull suspects out of thin air cannot be constitutional, even with a warrant," said EFF Surveillance Litigation Director Andrew Crocker. "The Supreme Court should find once and for all that geofence searches are just the kind of impermissible general warrants that the Framers of the Constitution so reviled."

For the brief: https://www.eff.org/document/chatrie-v-united-states-eff-supreme-court-amicus-brief

Contact: 
Andrew
Crocker
Surveillance Litigation Director

EFFector Audio Speaks Up for Our Rights: 2025 Year in Review

28 December 2025 at 23:57

This year, you may have heard EFF sounding off about our civil liberties on NPR, BBC Radio, or any number of podcasts. But we also started sharing our voices directly with listeners in 2025. In June, we revamped EFFector, our long-running electronic newsletter, and launched a new audio edition to accompany it.

Providing a recap of the week's most important digital rights news, EFFector's audio companion features exclusive interviews where EFF's lawyers, activists, and technologists can dig deeper into the biggest stories in privacy, free speech, and innovation. Here are just some of the best interviews from EFFector Audio in 2025.

Unpacking a Social Media Spying Scheme

Earlier this year, the Trump administration launched a sprawling surveillance program to spy on the social media activity of millions of noncitizens—and punish those who express views it doesn't like. This fall, EFF's Lisa Femia came onto EFFector Audio to explain how this scheme works, its impact on free speech, and, importantly, why EFF is suing to stop it.

"We think all of this is coming together as a way to chill people's speech and make it so they do not feel comfortable expressing core political viewpoints protected by the First Amendment," Femia said.


Challenging the Mass Surveillance of Drivers

But Lisa was hardly the only guest talking about surveillance. In November, EFF's Andrew Crocker spoke to EFFector about Automated License Plate Readers (ALPRs), a particularly invasive and widespread form of surveillance. ALPR camera networks take pictures of every passing vehicle and upload the location information of millions of drivers into central databases. Police can then search these databases—typically without any judicial approval—to instantly reconstruct driver movements over weeks, months, or even years at a time.

"It really is going to be a very detailed picture of your habits over the course of a long period of time," said Crocker, explaining how ALPR location data can reveal where you work, worship, and many other intimate details about your life. Crocker also talked about a new lawsuit, filed by two nonprofits represented by EFF and the ACLU of Northern California, challenging the city of San Jose's use of ALPR searches without a warrant.

Similarly, EFF's Mario Trujillo joined EFFector in early November to discuss the legal issues and mass surveillance risks around face recognition in consumer devices.

Simple Tips to Take Control of Your Privacy

Online privacy isn’t dead. But tech giants have tried to make protecting it as annoying as possible. To help users take back control, we celebrated Opt Out October, sharing daily privacy tips all month long on our blog. In addition to laying down some privacy basics, EFF's Thorin Klosowski talked to EFFector about how small steps to protect your data can build up into big differences.

"This is a way to kind of break it down into small tasks that you can do every day and accomplish a lot," said Klosowski. "By the end of it, you will have taken back a considerable amount of your privacy."

User privacy was the focus of a number of EFFector interviews. In July, EFF's Lena Cohen spoke about what lawmakers, tech companies, and individuals can do to fight online tracking. That same month, Matthew Guariglia talked about precautions consumers can take before bringing surveillance devices like smart doorbells into their homes.

Digging Into the Next Wave of Internet Censorship

One of the most troubling trends of 2025 was the proliferation of age verification laws, which require online services to check, estimate, or verify users’ ages. Though these mandates claim to protect children, they ultimately create harmful censorship and surveillance regimes that put everyone—adults and young people alike—at risk.

This summer, EFF's Rin Alajaji came onto EFFector Audio to explain how these laws work and why we need to speak out against them.

"Every person listening here can push back against these laws that expand censorship," she said. "We like to say that if you care about internet freedom, this fight is yours."

This was just one of several interviews about free speech online. This year, EFFector also hosted Paige Collings to talk about the chaotic rollout of the UK's Online Safety Act and Lisa Femia (again!) to discuss the abortion censorship crisis on social media.

You can hear all these episodes and future installments of EFFector's audio companion on YouTube or the Internet Archive. Or check out our revamped EFFector newsletter by subscribing at eff.org/effector!

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2025.

❌