Setting the Record Straight on Net Neutrality

WASHINGTON – Over 80 organizations and prominent experts have come together to oppose a new surveillance feature of digital identity systems known as “Phone Home,” which allows the government to track individuals through their digital driver’s licenses or other identity documents. Signatories include the American Civil Liberties Union, notable privacy and civil liberties groups, as well as academics, state legislators, CEOs of digital identity companies, cryptographers, and other leading experts. This diverse group of experts issued a statement today focusing on a vital element of the identity system architecture: Whether it is designed to “phone home” to the issuer when somebody verifies their identity. Currently, when somebody presents a plastic driver’s license, that interaction is between the two parties, and the government is none the wiser. But digital driver licenses are being built so that the system notifies the government every time an identity card is used, giving it a bird’s-eye view of where, when, and to whom people are showing their identity. That “phone home” functionality becomes especially intrusive as people start having to use digial ID online, giving the government the ability to track your browsing history. “Creating a system through which the government can track us any time we use our driver’s license is an Orwellian nightmare,” said Jay Stanley, senior policy analyst with the ACLU’s Speech, Privacy, and Technology project. “There is a broad consensus among those who work, think, and innovate in the digital identity space that privacy needs to be built in to any digital identity system. This is not a partisan issue and it’s one states must act on before it’s too late.” Digital identity systems threaten to create serious civil liberties problems, including around privacy and accessibility, which is why digital ID systems must make use of all available privacy technologies and architectures — including but most certainly not limited to the “no phone home” highlighted in today’s letter. The ACLU has also published legislative recommendations for state legislatures outlining 12 technical characteristics and policy measures that must accompany any acceptable digital ID system. Unfortunately a number of states are adopting such systems without thinking through the potential ramifications of this technology, including 13 that have already created digital driver’s license systems, and another 21 that have passed enabling or study legislation. Identity systems with “phone home” capability not only create the potential for tracking of people’s lives and activities — such as those whose political beliefs certain government officials may not like — but also make it possible for an abusive government to block people from using their IDs for some or all uses. The experts are "call[ing] on authorities everywhere to favor identity solutions that have no phone home capability whatsoever, and to prioritize privacy and security over interoperability and ease of implementation.”

NEW ORLEANS — The American Civil Liberties Union and ACLU of Louisiana are raising urgent concerns following an investigation that shows the New Orleans Police Department has secretly used real-time face recognition technology to track and arrest residents without public oversight or City Council approval. This not only flouts local law, but endangers all of our civil liberties. This is the first known time an American police department has relied on live facial recognition technology cameras at scale, and is a radical and dangerous escalation of the power to surveil people as we go about our daily lives. According to The Washington Post, since 2023 the city has relied on face recognition-enabled surveillance cameras through the “Project NOLA” private camera network. These cameras scan every face that passes by and send real-time alerts directly to officers’ phones when they detect a purported match to someone on a secretive, privately maintained watchlist. The use of facial recognition technology by Project NOLA and New Orleans police raises serious concerns regarding misidentifications and the targeting of marginalized communities. Consider Randal Reid, for example. He was wrongfully arrested based on faulty Louisiana facial recognition technology, despite never having set foot in the state. The false match cost him his freedom, his dignity, and thousands of dollars in legal fees. That misidentification happened based on a still image run through a facial recognition search in an investigation; the Project NOLA real-time surveillance system supercharges the risks. “We cannot ignore the real possibility of this tool being weaponized against marginalized communities, especially immigrants, activists, and others whose only crime is speaking out or challenging government policies. These individuals could be added to Project NOLA's watchlist without the public’s knowledge, and with no accountability or transparency on the part of the police departments,” said Alanah Odoms, Executive Director of the ACLU of Louisiana. "Facial recognition technology poses a direct threat to the fundamental rights of every individual and has no place in our cities. We call on the New Orleans Police Department and the City of New Orleans to halt this program indefinitely and terminate all use of live-feed facial recognition technology. The ACLU of Louisiana will continue to fight the expansion of facial recognition systems and remain vigilant in defending the privacy rights of all Louisiana residents.” Key details revealed in the reporting include: Real-time tracking: More than 200 surveillance cameras across New Orleans, particularly around the French Quarter, are equipped with facial recognition software that automatically scans passersby and alerts police when someone on a “watch list” is detected. Privately run, publicly weaponized: The watch list is assembled by the head of Project NOLA and includes tens of thousands of faces scraped from police mugshot databases—without due process or any meaningful accuracy standards. Police use to justify stops and arrests: Alerts are sent directly to a phone app used by officers, enabling immediate stops and detentions based on unverified purported facial recognition matches. Searchable database: Project NOLA also has the capability to search stored video footage for a particular face or faces appearing in the past. So in other words, they could upload an image of someone’s face, and then search for all appearances of them across all the camera feeds over the last 30 days, thus retracing their movements, activities, and associations. Pervasive technological location tracking raises grave concerns under the Fourth Amendment to the Constitution. No retention, no oversight: NOPD reportedly does not retain records about the alerts it receives and officers rarely record their reliance on the Project NOLA FRT results in investigative reports, raising serious questions about compliance with constitutional requirements to preserve and turn over evidence to people accused of crimes and to courts, thus undermining accountability in criminal prosecutions. Violates city law: When the New Orleans City Council lifted the city’s ban on face recognition and imposed guardrails in 2022, it maintained a ban on use of facial recognition technology as a surveillance tool. This system baldly circumvents that ban. The system also circumvents transparency and reporting requirements imposed by City Council. Officials never disclosed the program in mandated public reports. In 2021, the ACLU of Louisiana sued the Louisiana State Police for information about secretly deploying facial recognition technology, despite years of officials assuring the public it wasn’t in use. Time and again, officials claim these tools are only used responsibly, but history proves otherwise. After the Washington Post began investigating this time around, city officials acknowledged the program and said they had “paused” it and that they “are in discussions with the city council” to change the city’s facial recognition technology law to permit this pervasive monitoring. The ACLU is now urging the New Orleans City Council to launch a full investigation and reimpose a moratorium on facial recognition use until robust privacy protections, due process safeguards, and accountability measures are in place. “Until now, no American police department has been willing to risk the massive public blowback from using such a brazen face recognition surveillance system,” said Nathan Freed Wessler, deputy director of ACLU’s Speech, Privacy, and Technology Project. “By adopting this system–in secret, without safeguards, and at tremendous threat to our privacy and security–the City of New Orleans has crossed a thick red line. This is the stuff of authoritarian surveillance states, and has no place in American policing.”

WASHINGTON – The American Civil Liberties Union, the Autistic Self Advocacy Network (ASAN), and 80 other disability rights, civil rights, and public health organizations sent a letter to Secretary of Health and Human Services Robert F. Kennedy, Jr. today raising significant concerns with the National Institutes of Health’s (NIH) proposal to create a national autism “registry.” The registry was detailed during an April 21 presentation by NIH Director Jay Bhattacharya, which he described as a “real-world data platform” for “developing national disease registries, including a new one for autism.” The Department of Health and Human Services (HHS) has since claimed it is not creating an “autism registry,” but the department has failed to engage with autistic people and advocates, exacerbating the lack of clarity. “Instead of engaging with the communities this proposal would impact most, federal health agencies have taken every opportunity to shut disabled and autistic people out of the conversation, leaving unanswered questions, a sense of alarm, and deepening mistrust,” said Vania Leveille, ACLU senior legislative counsel. “Trust in federal health data requires affirmative, good faith engagement with autistic people, appropriate safeguards for privacy, and ensuring any proposal helps – not hurts – the communities impacted.” The letter outlines the many unanswered questions left by NIH’s data platform proposal, including what data it will collect, what sources it will rely on, how it will anonymize and secure the data. It also highlights the increased risk of surveillance, stigmatization, and marginalization from data collection, particularly for disabled people – who have a long and troubled history with government efforts to find and track disability for the purpose of eliminating it. “It’s no secret that this proposal has created a lot of fear and confusion in the autistic community.” said Colin Killick, executive director of the Autistic Self Advocacy Network. “We continue to advocate and support research into autism that autistic people want conducted, but it is critical that autistic people’s private data not be shared without our consent. We hope the administration answers our questions to shine light on how autistic people and our rights will be protected.” The letter also establishes three key steps NIH and HHS must take to establish trust in its proposed data platform: Meaningful communication with autistic people and advocates; fundamental privacy safeguards to prevent misuse and abuse; and ensuring the data platform advances the well-being of autistic people, people with disabilities, and the public health while minimizing potential harms. The letter is here: https://www.aclu.org/documents/letter-to-hhs-secretary-robert-f-kennedy-jr-on-concerns-with-proposed-autism-registry

WASHINGTON — The American Civil Liberties Union today urged the U.S. District Court for the District of Columbia to grant a preliminary injunction and order expedited processing of a Freedom of Information Act (FOIA) request sent to the Social Security Administration (SSA). The FOIA request, originally filed in February, seeks urgent transparency about the so-called Department of Government Efficiency’s (DOGE) secretive efforts to access and analyze Americans’ sensitive personal information controlled by the Social Security Administration. In its FOIA request, the ACLU asked for any records that reveal whether DOGE or its representatives have sought or obtained access to databases containing personally identifiable information, financial records, health care data, or other sensitive government-held records of Americans. The request also sought information on DOGE’s use of artificial intelligence (AI) to analyze government data. Despite the urgency of the situation, the SSA declined ACLU’s request for expedited processing and has so far failed to respond to the ACLU’s appeal. Also concerning is the recent news that DOGE has already started removing some protections around personal data, such as Social Security numbers, birth dates, employment history, disability records, and medical documentation. “Today’s filing marks a critical step in uncovering the full extent of DOGE’s access to the U.S. Social Security Administration’s database,” said Michelle Fraling, Skadden Fellow with the ACLU’s Center for Liberty. “Recent reports that DOGE intends to consolidate federal data into a centralized system only heighten the need to obtain this information. The public has a right to know, now, who is accessing their Social Security numbers, financial records, and medical history.” This comes amidst DOGE’s obsessive race to build a single centralized database with vast troves of personal information about millions of U.S. citizens and residents, a campaign that seriously implicates individuals’ privacy rights. One major concern is that the data consolidated by DOGE could be used against political foes or for targeted decisions about funding or basic government services. There is also concern about the risk of exposing data to hackers and other adversaries. A new report from the ACLU analyzes the vast array of surveillance, privacy, and cybersecurity risks of data consolidation, and the technical issues and legal implications those efforts pose. “As DOGE embarks on unprecedented efforts to consolidate federal data, the American people have a right to understand exactly what it is they are doing,” said Cody Venzke, senior policy counsel at ACLU. “For decades, agencies have been required by federal law to give access to our data only if it was necessary for federal employees to carry out their duties. Failure to meet those requirements increases the risk that our data will be mishandled, misused, or exfiltrated in a data breach.”