Reading view

Internet Age Gates Are a Growing Global Threat

The internet is an essential resource for young people and adults to access information, explore community, and find themselves—both inside countries and across continents. Yet governments around the world continue to introduce and implement legislation requiring all online users to verify their ages before accessing the digital space. In some cases, politicians are going further, putting forth proposals to ban social media for younger users.  

In late 2025, Australia’s government rolled out the first complete ban on users under 16 from having social media accounts. In this sweeping regime, platforms are required to introduce age assurance tools to block under-16s, demonstrate that they have taken “reasonable steps” to deactivate accounts used by under-16s, and prevent any new accounts being created, or face fines of up to 49.5 million Australian dollars ($32 million USD). The 10 banned platforms—Instagram, Facebook, Threads, Snapchat, YouTube, TikTok, Kick, Reddit, Twitch, and X—have each said they’ll comply with the legislation, which led to young people losing access to their accounts overnight. Reddit is currently challenging the law in Australian courts on constitutional grounds. Recent research notes how the ban is preventing teenagers from accessing news in the country. 

In the United Kingdom, rules took effect in mid-2025 under the Online Safety Act that require all online services available in the country to assess whether they host content considered harmful to children; if so, these services must introduce age checks to prevent children from accessing such content. Online services are also required to change their algorithms and moderation systems to ensure that content defined as harmful, like violent imagery, is not shown to young people. 

This approach is reckless, short-sighted, and we’ve already seen it introduce more harm to the young people that it is trying to protect. The UK’s scramble to find an effective age verification method shows us that there isn't one, and we’ve spent years urging UK politicians to abandon any measures that require platforms to collect data or remove privacy protections around users’ identities. 

Earlier this year, Indonesia’s Communications and Digital Affairs Minister, Meutya Hafid, announced that users under 16 would have their accounts on “high risk” platforms deactivated from 28 March. The platforms subject to this ban are YouTube, TikTok, Facebook, Instagram, Threads, X, Bigo Live, and Roblox; with Hafid noting how this policy would make Indonesia “the first non-Western country to delay children's access to digital spaces according to age.”

Similarly, the Malaysian government has recently pushed forward with plans to ban users under 16 from having accounts on social media platforms with at least 8 million users in Malaysia, including Facebook, Instagram, TikTok, and YouTube. Users under the age of 16 are being told to download or transfer their data from these platforms in one month before the restrictions are applied. Platforms failing to comply with the ban may face penalties of up to $2.5 million USD.

In Latin America, Brazil approved a new law in 2025 establishing that providers of information technology products and services directed to children and teenagers, or likely to be accessed by them, must conduct age checks when their products and services offer risks to underage users. Regulation requires age assurance for products and services that are not allowed for children and adolescents in accordance with Brazilian legislation. App stores and operating systems are required to provide age signals for other providers. 

While the law is already in force, full compliance with its obligations is expected for early 2027, after the approval of further regulations and a transition period, and the authority responsible for enforcing the law is the Brazilian National Data Protection Agency. The list of concerns regarding the implementation of the law include: the wide scope of products and services that may fall within age-check obligations, how these obligations can affect non-proprietary operating systems and free software projects, and how effective the law's crucial data protection safeguards will be in a context of likely widespread age checks for accessing content online.

Similarly, the European Union has taken large steps towards mandatory age verification that could undermine privacy, expression, and participation rights for everyone. Politicians are promoting an EU-wide approach to age verification through its age verification “app,” which will be fully interoperable with the Digital Identity Wallet. While this mini-app has been announced as technically ready to be rolled out “for citizens to use,” it comes with its own realm of potential privacy and security concerns, such as long-term identifiers (which could result in tracking) and over-exposure of personal information. 

The European Commission also supports age verification in various legislative initiatives, from proposals that would allow or mandate companies to scan our communication (“Chat Control”) to non-binding guidelines of existing laws, such as the Digital Services Act. The EU Parliament, too, has proposed an EU digital minimum age of 16 for access to social media, a move that aligns with EU Commission’s president Ursula von der Leyen’s recent public support for measures inspired by Australia’s model. To all these initiatives EFF has provided one consistent response: mandatory age verification measures are not the right way to protect young people. 

These proposals restrict the fundamental rights of young people to speak to each other and to access information. They also force all internet users, not just those under a certain age, to upload private data—like a face scan or passport—in order to access a website or service. In considering the vast scope of privacy issues pertaining to the collection, storage, and sharing of this personal information, the problems of age verification in restricting free speech are compounded by these reckless and harmful approaches to verification. 

The problem of censorship and surveillance goes far beyond the borders of the internet. EFF continues to explore support for legislative and litigation challenges that recognize how these laws harm everyone’s rights to privacy, free expression and due process.

  •  

LGBT Q&A Season 1 Recap: Staying Safer Online

Last year during LGBTQ+ Pride month, we launched an LGBT Q&A where we answered your most pressing digital rights questions on EFF’s Instagram and TikTok  accounts. 

Ahead of LGBT Q&A Season 2 launching next week, we’re posting a recap with some of the questions we answered. Check them out below.

  1. You wanted to know: How to stay safe when dating online.
  2. You asked: I'm a 17 year old trans woman and my address is public on the Internet. What steps can I take to mitigate this risk? 
  3. You wondered about: Tips for staying safe at Budapest Pride.
  4. You questioned: Why does homophobic content I report on social media not get removed?  
  5. You asked: What pictures are safe to use on dating apps?
  6. You wanted to know: Is it safe to have gay, trans, and Palestinian flags in my bio? 

We’re here to help build an online space where you get to decide what aspects of yourself you share with others, how you present to the world, and what things you keep private. Join us to make the internet private, safe, and full of pride.

  •  

California’s AB 412 Still Demands Developers Do The Impossible

California lawmakers are again considering A.B. 412, a bill that would require AI developers to identify and disclose copyrighted works used to train generative AI systems.

The problem this year is the same as last year: it’s practically impossible to comply with this law. The bill demands information that often does not exist, and cannot realistically be obtained. 

EFF submitted an opposition letter to the California Senate Privacy Committee explaining why we continue to believe A.B. 412 is simply unworkable. To the extent developers do follow this law, it will have the effect of locking in the power of the largest companies in AI. 

A Burden That Can’t Be Met

A.B. 412 sounds simple: just have AI developers create and keep a list of all the registered copyrighted works they use in AI training. 

That may seem straightforward. In practice, it’s anything but. 

There is no machine-readable “list” of copyrighted works at the U.S. Copyright Office. And many copyright holders can get a copyright without even depositing a publicly viewable sample of the work—for example, software companies may register copyright on proprietary code without revealing it to the public. 

And on the open internet, copyright information is often incomplete, unavailable, or impossible to verify. One image may be registered with the copyright office, while the next is licensed under a free Creative Commons license (like the images that EFF creates), and the next is public domain. A message forum user might post an original story, photograph, or poem without any indication of ownership or registration status. 

The bill effectively asks developers to continuously cross-reference massive batches of online data against a copyright system that simply wasn’t designed to do so. If California passes A.B. 412, its impact will go far beyond the large AI companies we read about in the headlines. 

Not Just Big Tech

Supporters often frame this bill as a way to help creative workers have some leverage against Big Tech, but the bill reaches much further than the big AI companies. 

Its definition of “developer” extends to anyone who makes a generative AI model available to Californians. That includes indie developers tinkering with an existing model, open-source initiatives, nonprofits, and other non-commercial efforts. Recent amendments added exemptions for universities and government entities, which is important, but that still leaves out a vast swathe of non-commercial tech work that’s done by people without full-time jobs in government or academia. 

Large companies will hire compliance teams and lawyers to navigate these requirements. Smaller organizations and independent developers usually can’t. The result will be fewer opportunities for startups and new entrants. Faced with this massive compliance burden, some won’t even try. 

Courts Are Already Deciding These Questions

The bill is premised on the idea that copyright owners currently don’t have good remedies if they’re mistreated by AI companies. That simply isn’t true. And the growing wave of federal court filings in this space prove it. Content companies that want to sue tech companies, large or small, have no problem doing so. Those courts are still working through important questions about fair use and transformative use. Some courts have already concluded that many AI training activities qualify as fair use. Others continue to evaluate the issue.

California lawmakers should not rush to impose new state regulation while those questions remain unresolved. This is why copyright is governed at the federal level: both creators and fair users benefit from a single set of nationwide rules. 

At this point, the bill remains a solution in search of a problem. Rights holders already have powerful tools to protect their interests under existing federal law. What this bill adds isn’t clarity or transparency, but a costly and essentially impossible compliance burden that will discourage small developers and researchers. 

California has been able to support both artistic creativity and tech innovation for decades now.  But A.B. 412 does not strike the right balance. 

If you are a California resident and interested in speaking out about this bill, you can find and contact your representatives through this website

  •  

Pulte Appointment Underscores Need to Reform Section 702 Spying

President Trump’s highly politicized appointment of an entirely unqualified acting Director of National Intelligence (DNI) underscores why the government’s warrantless mass spying power must be reformed. 

Congress now faces a deadline of Friday, June 12 to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, an unconstitutional program rife with problems, loopholes, and compliance issues. Section 702 allows the National Security Agency to collect communications from targets overseas – including communications with Americans in the U.S. – and stores them in massive databases. The NSA then allows other agencies, including the Federal Bureau of Investigation, to access untold amounts of that information.  

Under current practice, the FBI can query and even read the U.S. side of that communication without a warrant. What’s more, victims won’t even know and have very few ways of finding out that their communications have been surveilled. EFF and other civil liberties advocates have been trying for years to know how data collected through Section 702 is used in domestic investigations and prosecutions.  

Our advocacy to reform Section 702 has been consistent across administrations, including when the federal Intelligence Community was run by people with experience in the relevant agencies. In fact, the 2004 law creating the position of DNI – which coordinates America’s 18 spy agencies – requires those who hold it to have “extensive national security expertise.” 

Enter Bill Pulte. 

Trump on Tuesday named Pulte – currently director of the Federal Housing Finance Agency (FHFA) and chairman of Fannie Mae and Freddie Mac – to replace current DNI Tulsi Gabbard, who announced her resignation last month. Pulte lacks any intelligence, military, or congressional experience 

“William has deep experience managing the most sensitive matters in America, the safety and soundness of the Markets, and over 10 Trillion Dollars at Fannie Mae/Freddie Mac, a substantial increase from where it was just 12 months ago,” Trump wrote on his Truth Social platform.

Pulte isn't a qualified intelligence administrator. He does, however, seem to be unquestioningly loyal to President Trump and willing to use his position to attack and smear the President’s political foes.   

Because Trump named him acting DNI, Pulte isn’t subject to Senate confirmation. And under the Vacancies Act, Pulte could remain in the role for about seven months. 

This is particularly concerning because of Pulte’s history of using private information held by the government as a political weapon. In his FHFA role, he has accused several of the President’s political foes and targets – including New York State Attorney General Letitia James, U.S. Sen. Adam Schiff, D-Calif., and Federal Reserve governor Lisa Cook – of mortgage fraud based on private data held by his agency.  

All these targets and others have denied wrongdoing. A federal criminal complaint filed against James in Virginia imploded after a judge found prosecutor Lindsey Halligan had been unlawfully appointed, and prosecutors twice failed to convince a grand jury to indict James. Pulte’s accusations against Schiff, Cook, and others have not led to criminal charges. 

Pulte also used his FHFA pulpit to attack then-Federal Reserve Chair Jerome Powell and dismantle internal oversight. 

Pulte isn't a qualified intelligence administrator. He does, however, seem to be unquestioningly loyal to President Trump and willing to use his position to attack and smear the President’s political foes. As acting DNI, Pulte would have access to every scrap of classified information the Intelligence Community holds, and under Section 702, that includes massive amounts of information about Americans. 

Even lawmakers who are typically friendly to the intelligence community acknowledge that this is a disaster in the making. U.S. Sen. Mark Warner, D-Va., who is the Senate Intelligence Committee’s ranking Democrat, told NPR that Pulte has "no experience in the military, no experience in Congress, no experience in the intel community or law enforcement" and was chosen because he is "100% loyal to doing anything and everything President Trump demands." 

And Senate Majority Leader John Thune, R-S.D., told reporters “we don’t need a weaponized” national intelligence director. Asked about fears that Pulte might pursue Trump’s political opponents, Thune said: “We need professionals there.” 

Congress already has had trouble reauthorizing Section 702 as Freedom Caucus Republicans and many Democrats joined forces to demand reforms including the common-sense requirement that federal agencies get a probable cause warrant from a judge before searching any data involving Americans. Pulte’s appointment exemplifies why no administration should have the power granted by Section 702 without the independent judicial review required in seeking a warrant. 

  •  

EFF Testifies to Congress on Protecting Americans’ Rights from Government AI

Governments must not adopt emerging and powerful AI technologies without also adopting strong and clear safeguards to protect Constitutional rights, EFF Senior Policy Analyst Dr. Matthew Guariglia testified today to the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection. 

During the hearing on “The AI Security Landscape: How Frontier Models, Agentic AI, and AI Coding Tools Are Reshaping Cybersecurity and Critical Infrastructure Resilience,” he explained that the use of generative AI for the purposes of mass government surveillance would supercharge unconstitutional violations of civil liberties. He also highlighted how government secrecy, in addition to the black box of for-profit proprietary technology, prevents the public and lawmakers from knowing when AI models make mistakes, including errors that seriously impact the cybersecurity of critical infrastructure and the lives of individuals.  

“AI also has a track record of getting things wrong—from false citations on legal briefs to a major AI mistake that sent DHS recruits to the field without proper training. There are likely more consequential examples that we do not even know about because of classification that would prevent a more thorough accounting," he said in his opening remarks.

play
Privacy info. This embed will serve content from youtube.com

 

“At this level the question is not how do we rein in AI, it’s how do we rein in the agencies that would unleash AI on the American public,” Matthew said in response to a question by Subcommittee Ranking Member Delia Ramirez, D-Ill.  

You can read his full testimony as prepared here. 

  •  

Move Fast, Surveil Things

Update, June 8, 2026: Following widespread public scrutiny and WIRED’s critical reporting, Meta has stripped the unactivated facial recognition code from its latest Meta AI app update.

Meta has deployed facial recognition code to millions of their always-on surveillance glasses, according to new reporting by Wired. EFF’s Threat Lab was able to confirm that the facial recognition code is present through static analysis of the application. 

This dangerous new Meta functionality stores faceprints as a series of 2,048 numbers uniquely representing the positioning of a person’s facial features. When this feature is activated, it will convert every new face in the sightlines of the surveillance glasses into a series of numbers, and compare it to all the existing faceprints in the user’s database.

Wired and EFF confirmed that the code is present and active, though not yet exposed to consumers. Another researcher confirmed that when they manually added a face to the app database by connecting the phone to a computer in debug mode and issuing a few commands, the glasses would subsequently detect that face when it came into view. 

Meta has already paid $650 million to settle a BIPA lawsuit challenging mass facial recognition of every photo posted to its platform, a feature which it has since shut down

Despite the billions of reasons not to, Meta seems to have created the capacity to turn their customers into a distributed surveillance machine. This is just one more reason to think twice before buying or using Meta’s surveillance glasses. 

Considering that Meta previously wrote in an internal document that they want to launch facial recognition “during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns," this invasive new feature doesn't come as a surprise. But Meta's surveillance plans won't escape public scrutiny that easily, and we'll be watching if this feature is rolled out to the public. 

  •  

We're Fighting Mass Surveillance Tech—and Winning

EFF is on the front lines of the fight against tech-enabled tyranny, but we aren't alone. Our team depends on your help to fight back against the surveillance state.

JOIN EFF

People around the world are pushing back against the mass surveillance that undermines privacy and free expression for everyone. You can help during EFF's spring membership drive.

One of the people who joined the fight for digital rights is EFF client Will Freeman. Will created the website DeFlock.me to reveal the dangers of automated license plate readers (ALPRs)—cameras that collect location data on every vehicle they see and upload that to a massive nationwide police database. Deflock.me turns the tables by enlisting ordinary people to track the locations of tens of thousands of ALPR cameras.

But when the police spy-tech company Flock Safety went after Will's website with legal threats citing trademark law, he saw it for what it was: an attempt to silence critics and dim the light on mass surveillance.

The company will try everything it can to downplay the criticism, but EFF will be right there demanding accountability.

"I was totally unprepared to receive a cease & desist letter. I can see how most people would be bullied into submission by a threat like that. That's when I remembered Dave Maass from the EFF introduced himself via email several weeks before, so I reached out for help," Freeman says.

And that's when EFF stepped in. Recognizing DeFlock.me as a quintessential expression of grassroots advocacy and a form of criticism protected by the U.S. First Amendment, EFF's lawyers helped Will fight back. And the Big Surveillance Tech flinched.

But these battles against Flock's Spying tools rage on. In cities around the country, privacy advocates are pressuring officials to block or end contracts for ALPRs—and winning. The company will try everything it can to downplay the criticism, but EFF will be right there demanding accountability.

Two people wear EFF Claw Back member t-shirts. The front shows a cat swatting at spy cameras and the back says “Mass Surveillance” with red claw marks through it

Get the new Claw Back member t-shirt featuring a fierce feline swatting at community surveillance. You might empathize with him, but there’s a better way. Let’s end the law enforcement contracts, harmful practices, and twisted logic that enable mass spying in the first place.

"I'm really grateful the EFF was able to step in and help. Without them, free speech would be only for those wealthy enough to defend themselves against billion dollar companies. We've grown a lot since then and are expanding our efforts to expose and push back against mass surveillance on our streets," Freeman says.

Support the movement

stop mass surveillance tech today when you join EFF

____________________

EFF is a member-supported U.S. 501(c)(3) organization. We've received top ratings from the nonprofit watchdog Charity Navigator since 2013! Your donation is tax-deductible as allowed by law.

  •  

Welcome New EFF Executive Director Nicole Ozer

EFF welcomes our new Executive Director Nicole Ozer today! 

Nicole is a legal expert on privacy and surveillance, artificial intelligence, and digital speech who previously served as the inaugural executive director of the Center for Constitutional Democracy at UC Law San Francisco. From 2004-2025, she was founding director of the Technology and Civil Liberties Program at the American Civil Liberties Union of Northern California. 

Nicole has long been a partner of EFF’s in the fight to defend civil liberties in the digital world. Many of us already know her, and she’s basically as close to EFF “family” as someone can be without actually having worked here.   

Over her more than two decades leading public interest technology work, Nicole has:  

  • spearheaded passage of the California Electronic Communications Privacy Act – working with EFF to enact the nation’s strongest electronic surveillance law, requiring a warrant for government access to electronic information; 
  • modernized California law to protect reading records in the digital age by helping, along with EFF, to craft the Reader Privacy Act, requiring a “super warrant” for government access; 
  • created a groundbreaking model law for local democratic oversight of surveillance systems which inspired 25 laws across the country that help safeguard the rights and safety of more than 17 million people; 
  • litigated civil liberties cases, including work with EFF on the NSA cases, and drafted influential amicus briefs on technology issues at all levels of state and federal court, including the U.S. Supreme Court and California Supreme Court; and 
  • developed multi-year campaigns to strengthen the anti-surveillance policies related to social media surveillance and face recognition of major technology companies and foster stronger privacy and free expression protection for billions of people worldwide. 

And that's just the TL;DR! You can read more about her bona fides here. 

EFF’s work to ensure technology supports freedom, justice, and innovation is more urgent than ever. And with Nicole’s decades of leadership in public interest technology work, EFF is poised to be stronger than ever to meet this moment and build for the fights ahead. 

Nicole succeeds Cindy Cohn, who has been with EFF for more than 25 years and served as executive director since 2015. Cindy is leaving EFF later this month – not to retire, but to find a role that puts her back in the courtroom doing what she does best: suing the government! She’ll still be part of the EFF community. 

We are living digital lives, using technology to connect, communicate, and mobilize for change. And we need you in these critical fights to defend and advance rights in the digital world – so join EFF today, and sign up for our EFFector newsletter to make sure you’re updated on the latest EFF news including upcoming events to help you get to know Nicole. 

Welcome Nicole! 

  •  

One Step Forward, Two Steps Back: CA's AB 1856 Exempts Open Source But Expands Age-Gating

After public outrage, California lawmakers are moving closer to exempting open-source operating systems from the sweeping age-bracketing regime mandated by last year’s Digital Age Assurance Act (AB 1043). Nonetheless, the current bill still jeopardizes internet users’ speech, privacy, and security.

While the open source exemption, if passed, would improve the law, the remaining amendments proposed by AB 1856 would require all web browsers and websites to request and collect users’ ages. This is an expansion of last year's AB 1043's age-bracketing system that compounds its constitutional harms to users’ speech, privacy, and security. As AB 1856 moves on to the Senate, EFF will continue fighting for amendments that reduce those harms.

AB 1856 Extends AB 1043’s Age-Gating Regime

Last year, California passed AB 1043, which requires all operating systems and app stores to create age-bracketing systems that segment users based on their ages. As we’ve written, that regime is a recipe for censorship: it creates unnecessary and unconstitutional barriers to accessing lawful online speech, threatens our right to anonymity, and pressures online services to collect troves of valuable and sensitive user data. On top of that, A.B. 1043’s wide-sweeping compliance burdens impose disproportionate harms on the open-source ecosystem that underpins much of the modern web. 

Given these flaws, lawmakers introduced AB 1856 this year as a supposed “clean-up” bill for AB 1043. But instead of sticking to fixing AB 1043’s unique and serious harms (like its impact on open-source operating systems), AB 1856 also expanded the regime even further—extending its age-bracketing requirements beyond operating systems and app stores to browsers and websites. 

EFF opposed AB 1856 on two grounds, which we explained in our opposition letter to the Assembly: 

  1. The harms that age-gating regimes pose to users’ speech, privacy, and anonymity; and
  2. The disproportionate harms that this particular regime imposes on open-source developers. 

Open Source Concerns Somewhat Alleviated By Amendment

On May 28th, AB 1856 passed the Assembly in a nearly unanimous vote (68-1). 

Before that vote, however, AB 1856 was amended to relieve the compliance burden on open-source operating systems. This is a meaningful improvement and a welcome relief for open-source developers, who have been loud and clear about how much of an existential threat A.B. 1043’s age-gating mandate would pose.

The new exception reads:

Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.

EFF understands this amendment to exempt open-source operating systems from the requirement to collect and transmit users’ age-bracket data. That is a definite win for open-source developers. The bill is narrower now than it was before, and lawmakers clearly responded to concerns raised by EFF and the broader open-source community. 

Some important questions still remain—for example, it is unclear how the law would apply when an open-source operating system is incorporated into a commercial product or service. And, given the structure of where the exemption is placed under the “operating system provider” definition, lawmakers could stand to clarify that the exemption applies to open-source operating systems and applications.

Nonetheless, that ambiguity aside, this amendment does substantially reduce the threat that AB 1043 could have on many open-source developers. 

AB 1856 Still Expands the Problematic Age-Bracketing Regime

Don’t get us wrong—if this bill passes, we will be very happy that AB 1043 does not pose nearly the amount of harm to our friends behind open-source operating systems. But even after these amendments, EFF remains opposed to AB 1856 because it ultimately expands California’s sweeping age-bracketing framework far beyond the original scope of AB 1043. 

In AB 1856 and its amendments, the Assembly failed to address the core problem with AB 1043’s age-bracketing regime: mandated age-gating systems threaten users’ speech, privacy, anonymity, and security. 

Even after these amendments, EFF remains opposed to AB 1856 because it ultimately expands California’s sweeping age-bracketing framework far beyond the original scope of AB 1043. 

Even though AB 1043 does not explicitly require companies to perform age verification, it nonetheless imposes a liability structure that strongly pressures companies to verify users’ ages anyway. In practice, that could lead to more ID checks, more biometric scanning, more invasive data collection and risk of breach, and more barriers to adults’ and young people’s lawful speech.

In fact, instead of narrowing AB 1043’s wide net, AB 1856 expanded it to add browser providers and website operators to the list of entities that must comply with its age-bracketing requirements. This dramatically broadens the scope of AB 1043 and pulls more services, developers, and users into an anonymity- and privacy-destroying data collection framework that has not yet been implemented or evaluated. The result would make it nearly impossible for regular internet users to avoid AB 1043’s age gates.

The Fight Moves to the Senate

On those grounds, EFF will continue to oppose AB 1856. Though it has passed the Assembly, the fight is not over. As the bill moves through the Senate, we’ll continue to push for amendments that actually “clean up” and narrow the scope of AB 1043, and offer more protection to users from the harms of age-gating systems.

  •  

Age Verification is a Privacy Nightmare

In the rush to block young people from certain parts of the internet, lawmakers are creating a privacy and security nightmare for everyone. This scenario is already playing out globally. Help us stop it and keep the web open and accessible for all.

JOIN EFF

Protect the web for everyone

Even with the best intentions, every online age verification scheme has the same result: users are forced to reveal sensitive personal information to third parties simply to access the web. Once that valuable data is centralized, it becomes an immediate target for leaks, hacks, and misuse. This isn’t hypothetical: it has already happened several times.

By age gating the web, we serve up a honeypot of private info ripe for bad actors. But you can help us stop this when you join EFF.

A person wears an EFF Claw Back member t-shirt on the left. A person on the right wears a black sweatshirt with the Privacy Badger mascot on the chest.

Support digital rights in EFF's new Claw Back member t-shirt and Privacy Badger Crewneck.

Thanks to our members, EFF is on the front lines fighting against online age gating and identity verification online. We’re working with lawmakers to pass better policies, educating the public, and fighting the wildfire of age verification proposals around the world. Now all we need is you.

🐝 No, It’s Not a Bug

We all want young people to be safe online, but we don’t need to trade everyone's digital rights to achieve it. These new restrictive mandates are used to justify government-led censorship and expanded surveillance. That's no accident.

Whether you trust today’s lawmakers or not, handing anyone keys to new forms of censorship and surveillance is a serious risk. Because history shows us that these powers are always abused. It’s time to demand better.

Join EFF today

Help us claw back your privacy

____________________

EFF is a member-supported U.S. 501(c)(3) organization. We've received top ratings from the nonprofit watchdog Charity Navigator since 2013! Your donation is tax-deductible as allowed by law.

  •  

More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints

An EFF analysis of millions of searches of Flock Safety automated license plate reader (ALPR) data by police has uncovered a troubling pattern: in the absence of a warrant requirement to search ALPR databases, law enforcement agencies have moved beyond specific investigations to use these surveillance networks for virtually any whim.

Our findings suggest that the absence of a warrant requirement has fostered a culture of unrestricted access to sensitive location data, allowing agencies to leverage that data beyond the scope of specific criminal investigations.

As a refresher: Law enforcement agencies lease or purchase camera systems from Flock Safety and then mount them by the side of the road and at intersections to document every vehicle that passes, including the plate, make, model, color and distinguishing characteristics, along with the date, time and location of where it was seen. 

Law enforcement's talking points—often scripted by the company itself—trumpet their role in solving high-stakes crimes. But the data reveals a different story. What they're not saying is that ALPRs are also frequently used for extremely low-level investigations, such as verifying whether a student lives within a particular school zone. In some cases, police have even used this tech to conduct employment background checks and investigations into loud music complaints. Recently, a motorcyclist was even targeted for simply holding a cell phone while riding.

The reach of this ALPR surveillance is amplified by the nature of the indiscriminate sharing these technologies encourage. Most agencies choose to share broadly, often as part of a nationwide pool, making it common for a single city's system to be searched hundreds of thousands of times each month. By analyzing these "network audit logs," privacy advocates and journalists have uncovered evidence of the technology being used to surveil protesters, abortion-seekers, immigrants, and even ethnic Roma populations

While these high-profile abuses are shocking, the more mundane uses are also problematic, signaling a massive, unchecked mission creep that has turned an alleged “crime-fighting” tool into a universal tracker of everyone’s movements. 

Residency Checks

School systems in the U.S. conduct "residency verification" investigations of their parents or guardians to ensure enrolled children live in the district. To carry out these checks, some school districts have enlisted law enforcement officers for help, leveraging ALPR databases to track the comings and goings of families across the region. 

Buford City Schools in Georgia, which serves only about 6,000 students, illustrates the scale of this prying. Between January 2025 and March 2026, school police ran more than 375 searches where officers listed school residency verification, or simply "RV," as the reason for the search. That accounts for more than half of all ALPR searches in that period, and in those three months of 2026, three-quarters of all searches were related to residency verification. 

School officials stand by the searches. "[B]ecause Buford City Schools is a highly sought-after district, we experience ongoing challenges with residency fraud," a spokesperson told Appen Media, which shared the email with EFF. "Flock Safety is one of the tools we use to verify residency and protect the integrity of the Buford City School System for families who live within the district."

A search of ALPR data will show a lot more than whether a family lives within the right zone. In these Buford cases, officers ran some searches across more than 5,800 different networks nationwide. Every time a plate is searched, it can reveal personal information about a family: when they go to the doctor, when they go to worship, when they go out at night, and where they travel on vacation. None of that is the school district's business, and these searches are a huge invasion of privacy. 

While Buford was by the far the most prolific, it wasn't the only agency to run school residency checks. For example, Delhi Township Police Department (DTPD) in Ohio ran 35 searches related to students in five schools in a three-month period during spring 2025, and similarly stood by the practice, citing a warning given to parents that submitting a false statement of residency may be a felony. 

After EFF sent an inquiry to DTPD, the agency conducted a brief investigation and found that "these searches were not done to verify residency upon submission, but to investigate cases where it was believed the form was filled out with false information." DTPD did not say what kind of evidence was required to establish suspicion before an ALPR query, nor did it offer information on how many of these investigations turned out to be justified. 

However, the official told EFF: "in response to your inquiry, the department will be implementing a change to how these queries are documented in the Flock system and internally, to increase accountability and help avoid any confusion moving forward."

Other agencies that ran school residency searches include Cortland Police Department in Ohio and Lincoln Police Department in Alabama. Several agencies also ran searches with "residency," "residency investigation" or "residency verification" as the reason, but that could refer to a number of public services. These agencies include Ridgeland Police Department in Mississippi, Fairfield County Sheriff's Office in South Carolina, Manteno Police Department in Illinois, Illinois Department of Natural Resources, and Mora County Sheriff's Office in New Mexico. 

Background Checks

Few people would imagine that applying for a government job would open you up to an ALPR search. Yet, several law enforcement agencies ran searches through the Flock network related to employment. 

For example:

  • Jefferson County Sheriff's Office in Missouri ran six searches across 2,853 networks, documenting "employment" in the reason field.
  • Little Elm Police Department in Texas ran 10 searches across 6,306 networks, documenting "EMPLOYMENT" in the reason field.
  • Ridgeland Police Department in Mississippi ran two searches across more than 6,000 networks documenting "employment background inv" in the reason field.
  • Texas City Police Department, Texas ran three searches across 728 networks, documenting "pre employment background" in the reason field. 
  • Zion Police Department in Illinois ran a research across 585 networks documenting "Employee Background" in the reason field. 

Davidson Police Department in North Carolina logged a search listed as "Employment Background," but in response to an inquiry from EFF, the chief described this as "poor choice of words by our investigator." He further stated that the agency does not use ALPRs as part of employment background checks, but in this case, the agency shared that a potential violation of a protective order came to light during a background check, hence the reference to it in the search log.

In addition to the agencies mentioned, several agencies ran searches that simply referred to "background check" or "background checks," which could be related to employment or perhaps some other issue, such as a concealed weapons permit, for example. These include Avon Police Department in Indiana, Rockford Police Department in Illinois, San Bernardino County Sheriff's Office in California, and Seaford Police Department in Delaware.

Noise Complaints

Many people have probably been irritated at some point or another by a car blasting a deep bassline or even the infamous "whistle tip." Some may have even called the cops to complain about a neighbor’s house party. But that's a far cry from the types of serious crimes that Flock and its customers have claimed that the ALPR systems would be used to solve. 

Yet, EFF identified 26 agencies where officers felt it was appropriate to pry into a driver's life because of a noise complaint, ranging from house parties to loud exhausts to just "music": 

A table of agencies and their searches that relate to noise complaints.

Some of these agencies searched upwards of 6,500 networks’ cameras—the equivalent of launching a nationwide goose chase over a booming subwoofer or a busted muffler. 

When Mission Creep Is Just Plain Creepy

An observant reader of this report may have noticed that Ridgeland Police Department in Mississippi ran searches in all three of the categories we reported above.

However, after the city first installed the Flock Safety cameras, the then-police chief told the press that the technology helps solve cases that range from "theft to crimes of violence"—without disclosing that the range would extend much further.

When police and salespeople trot out cherry-picked cases to argue that a mass surveillance technology is an "important" tool,  they obfuscate that it's a convenient shortcut around due process. For serious crimes, police can already go through the standard legal process: making the case to a judge on why they should get a search warrant for location data, whether it's from cell phones or service providers. But police treat ALPR databases as if no such threshold exists, giving them free rein to track a person’s movements without a sliver of judicial oversight.

When police and salespeople trot out cherry-picked cases to argue that a mass surveillance technology is an "important" tool,  they obfuscate that it's a convenient shortcut around due process.

"This is the same as if I put a police officer on the side of the road with a pen and a notepad and he writes down every license plate number that drives by,” the former chief said, repeating a commonly circulated talking point. 

That rhetoric may sound reasonable if we were just talking about a single camera on a street corner, but Ridgeland now operates more than 50 cameras—the equivalent of one for every 500 residents—and maintains access to tens of thousands more. 

If the chief had stood in front of the city’s aldermen and asked for permission to search more than 20,000 cameras so his officers could investigate the high crime of "music," it’s quite unlikely that they would have been nodding their heads along. 

Ridgeland Police Department did not respond to EFF’s requests for comment.

  •  
❌