Monday, July 06, 2026

Be careful what you repost?

https://pogowasright.org/ices-internal-watchdog-is-now-investigating-online-critics/

ICE’s Internal Watchdog Is Now Investigating Online Critics

Maddie Varner reports:

Voting was already underway when the ICE agents arrived at a polling site in Syracuse, New York, during the state’s primaries in June. The agents were there to see Paigelynn Gonyea, a poll worker who says they were concerned about an Instagram post she had supposedly made in January “doxing” an ICE agent. The only post she could find was one she had made crediting the Minnesota Star Tribune for identifying Jonathan Ross, the ICE agent who shot and killed Renee Good during the federal incursion in Minneapolis this winter, and calling for his indictment.
The agents at the poll site asked Gonyea to sign a warning notice that said it was unlawful to “threaten to assault, kidnap and/or murder” federal officials or their immediate family members in an effort to impede that federal official’s work. The form also requested that she remove her post “and/or discontinue” her behavior.
My signature would have been an admission of guilt,” Gonyea says. “I refused to sign it.”

Read more at WIRED.



Sunday, July 05, 2026

Tip of an iceberg or a one time thing?

https://www.bloomberg.com/news/features/2026-07-03/google-and-meta-lost-a-landmark-trial-to-kaley-but-kept-her-as-a-user?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR2lmdGVkQXJ0aWNsZSIsImlhdCI6MTc4MzA4MjU5MywiZXhwIjoxNzgzNjg3MzkzLCJhcnRpY2xlSWQiOiJUSExGU01LR0NURlcwMCIsImJjb25uZWN0SWQiOiIyMkFCMzMwMjhGQTY0NjczOTYxNEE2RDFFMDk3QTkyMCJ9.hlUtsajBp9vE9j4Kt0jiky_2NmsAwH1Xi0BKXwcGmNQ&leadSource=uverify%20wall

At 17, She Sued Meta and Google, and Won. Now She’s Ready to Tell Her Story

When Kaley Glenn-Mills, at age 17, agreed to take on some of the world’s most powerful corporations — accusing them in court of addicting children to social media — she was afraid of only one thing. Her trepidation wasn’t over attorneys combing through her digital history, or her explicit photos being entered into evidence, or things she’d said in private therapy sessions being used against her, or her mom being villainized publicly, or potential corporate surveillance, or even having to testify. No. What kept her up at night was the possibility that the social media companies she was suing — Instagram, YouTube, TikTok and Snapchat — would banish her. “Are the companies going to get mad at me and delete my accounts?” she remembers thinking. “If they delete my accounts, what am I going to do with my life?”



Saturday, July 04, 2026

A point!

https://pogowasright.org/letter-urging-the-committee-of-conference-to-retain-the-private-right-of-action-in-the-massachusetts-consumer-data-privacy-act/

Letter Urging the Committee of Conference to Retain the Private Right of Action in the Massachusetts Consumer Data Privacy Act

Privacy law scholar Neil Richards writes:

A privacy right that you can’t enforce isn’t really a right – and that’s how Big Tech likes it. Massachusetts is close to passing a meaningful privacy law with a private right of action. So Woodrow Hartzog and I, along with 16 other privacy and technology legal scholars (with fantastic help from my former student and Duke 2L Lea Despotis ), wrote a letter to the Massachusetts legislature in support of the private right of action, substantive data minimization rules, and bright-line prohibitions on dangerous data practices.

[Letter follows...]



Friday, July 03, 2026

Clearly not limited to the legal profession…

https://www.bespacific.com/exposing-the-risk-surface-of-agentic-ai-in-the-practice-of-law/

Exposing the Risk Surface of Agentic AI in the Practice of Law

Murray, Michael D., Exposing the Risk Surface of Agentic AI in the Practice of Law (April 14, 2026). Available at SSRN: https://ssrn.com/abstract=6576480  or http://dx.doi.org/10.2139/ssrn.6576480

This article examines how the legal profession’s shift from passive generative AI tools to autonomous or semi-autonomous agentic AI systems dramatically expands the “risk surface” of AI in law practice. It argues that once AI systems can plan, use tools, access files, interact with other agents, and take actions in the world, the ethical and professional risks move far beyond confidentiality and fabricated output to include unauthorized acts, tool misuse, memory leakage, cross-agent cascading failures, shadow AI, and compromised permissions. The article explains how these risks implicate a wide range of duties under the Model Rules of Professional Conduct, including competence, confidentiality, candor, scope of representation, supervision, fees, and unauthorized practice of law. It concludes by outlining practical governance responses for law firms and courts, including secure deployment environments, zero-trust architecture, human-in-the-loop review, and least-privilege access, while emphasizing that the human lawyer remains ultimately responsible for the actions of digital agents in legal practice.





New Jersey did this? Amazing.

https://pogowasright.org/new-jersey-enacts-broad-data-broker-law-with-costly-fees-and-severe-fines/

New Jersey Enacts Broad Data Broker Law with Costly Fees and Severe Fines

A newly enacted law is causing shock waves. David Stauss of Stauss Law writes:

The risks and costs of being a data broker in the United States just went up — again. On 30 June 2026, Gov. Mikie Sherrill, D-N.J., signed A 5328 into law, making New Jersey the seventh state to enact a data broker law, and the second this year, following Connecticut.
New Jersey’s data broker law stands out for its breadth and cost. It covers not just data brokers but also “data collectors” – entities with a direct relationship to consumers who sell their data to data brokers. Its biggest impact is a tiered annual registration fee: up to $1.5 million for the largest data brokers/collectors. Registration failures or outdated filings also carry significant fines. The law also bans sale of sensitive data – both directly and via an amendment to New Jersey’s general consumer privacy law – with violations carrying a steep $50,000-per-record penalty.
In this article for the IAPP, David Stauss and Cobun Zweifel-Keegan examine the new law and its potential impact on businesses

Expect to see a lot more coverage of this law.





Evolving surveillance. (Next? Facial recognition without the face.)

https://www.schneier.com/blog/archives/2026/07/flock-cameras-can-surveil-cars-without-license-plates.html

Flock Cameras Can Surveil Cars Without License Plates

This is from a 2024 company presentation:

Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags.
Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law enforcement officials to get more information “even when you don’t have full plate information,” the company’s presentation shows.
The company gives police officers the ability to search that data as well, to “build stronger cases with less information upfront.” That includes being able to locate multiple vehicles law enforcement officials believe are moving together and what Flock calls a “multi geo search.”

This kind of thing is older than AI; I wrote about it in my 2014 book Beyond Fear. Edward Snowden revealed that the NSA was using cell phone location data to track phones that were habitually near each other.

As bad as Flock is, remember that anyone with broad access to cell phone location data can do the same thing.





Imagine thousands of copies…

https://thenextweb.com/news/ai-agent-first-end-to-end-ransomware-attack

Researchers say an AI agent just ran a ransomware attack from start to finish, with no human at the keyboard

Ransomware has always needed a skilled human somewhere in the loop. Security firm Sysdig says that just changed. It has documented what it calls the first ransomware attack run from start to finish by an AI agent, with no human at the keyboard.

The researchers named the attacker JADEPUFFER, and say a large language model handled the entire job. It broke in, stole credentials, moved deeper into the network, planted a backdoor, then encrypted and destroyed a company’s production database. Sysdig’s Threat Research Team laid out the case in a detailed write-up.



Thursday, July 02, 2026

If not the answer, perhaps a baseline?

https://www.bespacific.com/un-unchecked-ai-progress-may-pose-catastrophic-risks/

UN – Unchecked AI progress may pose catastrophic risks

The Preliminary Report of the Independent International Scientific Panel on AI: Evidence-based assessment of opportunities, risks and impacts of AI  is a first-of-its-kind independent scientific assessment of the capabilities, emerging opportunities and risks of artificial intelligence. The Panel, composed of independent scientists and experts from all 5 UN regions, outlines trends in AI. It’s central warning: current safeguards cannot keep pace with the growth of AI’s capabilities. It identifies a crucial evidence challenge for decision-makers around the world: policymakers need scientific evidence to effectively govern AI, but by the time the evidence is clear, it may be too late to act on it. In the report, the Panel outlines its findings across seven key domains:

  • AI science, advances & trajectories

  • Societal applications: science, health, education & agriculture

  • Economic implications

  • Security, systems & environmental implications

  • Human rights, information & democracy

  • Cultural & individual flourishing, autonomy and child safety

  • Management, governance & reliability

This Preliminary Report marks the beginning of the Panel’s work. The Panel will continue to deepen its evidence base through consultations, engagement with the scientific community, and thematic briefs on emerging or fast-moving issues. Its next annual report will inform the second Global Dialogue in May 2027 in New York. The preliminary report will inform the inaugural Global Dialogue on AI Governance, to be held on 6 and 7 July 2026 in Geneva, providing a common scientific starting point for discussion.





Curious…

https://www.schneier.com/blog/archives/2026/07/cybersecurity-mission-creep-in-the-us.html

Cybersecurity Mission Creep in the US

Interesting paper: “Cybersecurity Mission Creep.”

Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what this Article calls “cybersecuritized.” Before this reframing, these issues present as important but not existential. But once cybersecuritization positions the issues as threats intensified by their technological nature, they gain access to the politics and law of urgency and exceptionalism and invite troubling governance responses.
Positioned as security threats, cybersecuritized issues become endowed with the apparent normative power to override countervailing considerations, oversimplifying the problem. Cybersecuritization’s oversimplification similarly risks unidimensional solutions and invites use of argumentative trump cards, like First Amendment challenges. Cybersecuritization also invites deference to purported specialists and their proposed solutions. Together, the reductive tendencies of cybersecuritization and the deference it prompts to specialists renders ultimate governance choices more opaque. And this opacity can erode public trust and political legitimacy.
This Article surfaces the phenomenon of cybersecuritization and offers a novel framework for analyzing and critiquing it. Mining cases from across criminal and civil domains, the account also demonstrates the insidiousness of cybersecuritization and the likelihood that it will continue to expand. Confronting cybersecuritization is crucial. If we continue to ignore it, we risk abdicating further responsibility for difficult choices to the trump card of cybersecurity. This Article’s analysis and critique aim to help reclaim the hard work of governance for our hands.





I don’t quite get the economic benefits. Political benefits seem obvious.

https://thenextweb.com/news/openai-5-percent-stake-trump-administration

OpenAI has reportedly offered Washington a 5% stake worth $42.6bn

OpenAI has proposed handing the US government a 5% equity stake in the company, according to the Financial Times, as the White House and Silicon Valley’s best-funded startup edge closer to a deal that has been under discussion for more than a year.

The politics around the idea are messier than the mechanics. Senator Bernie Sanders has pushed a competing and considerably more aggressive plan, the American AI Sovereign Wealth Fund Act, which would impose a one-time 50% stock tax on large AI companies to seed a fund the senator’s office projects could reach $7 trillion.

Palantir’s Alex Karp has argued that OpenAI’s voluntary 5% offer will look modest next to Sanders’ proposal, and that full nationalisation of frontier AI companies is coming regardless of which version wins first.

Where the two plans agree is on the underlying premise, that a handful of AI companies are about to become extraordinarily large and that the public should hold some claim on that value before it fully accrues to private shareholders. [Why? Bob]





Wednesday, July 01, 2026

What was the goal of this surveillance?

https://pogowasright.org/ca11-yahoo-not-a-govt-actor-in-scanning-emails-for-csam/

CA11: Yahoo not a govt actor in scanning emails for CSAM

Seen on FourthAmendment.com:

Yahoo and NCMEC didn’t act as government agents when they scanned defendant’s email account for hash values of CSAM. They were not required to do so, but did so and warned customers they would. NCMEC passed on the information to the local police who got a search warrant.  United States v. Williamson, 2026 U.S. App. LEXIS 18972 (11th Cir. June 30, 2026)





Would you like to play a game?

https://thenextweb.com/news/bioshocking-ai-browser-credential-leak-layerx

BioShocking” tricks AI browsers into leaking your passwords

Security researchers convinced six AI browsers they were playing a game. The browsers then handed over their users’ passwords and treated it as a win.

The firm behind it, LayerX, calls the technique BioShocking, and says it worked on every agent it tried. The list reads like a roll-call of the new AI browser market: OpenAI’s ChatGPT Atlas, Perplexity’s Comet, Anthropic’s Claude extension for Chrome, and three smaller players, Fellou, Genspark, and Sigma.

The attack starts on a booby-trapped web page built as a puzzle. To fit its dystopian theme, the puzzle rewards wrong answers, insisting that two plus two equals five. Once the agent accepts that “wrong” is the winning move, it switches from safety logic to game logic. From there, the researchers simply made stealing credentials the next level.





The law is what you make it…

https://www.reuters.com/world/china/china-says-it-has-right-target-people-overseas-with-new-ethnic-unity-law-2026-06-24/

China says it has a right to target people overseas with new ethnic unity law

The new law, which goes into effect on July 1, includes a clause saying people and groups beyond the borders of the People's Republic of China can be held legally accountable for undermining "ethnic unity and progress or inciting ethnic separatism".

That has sparked alarm in Chinese-claimed Taiwan in particular that it could give Beijing another legal basis to go after Taiwanese it views as separatists. Rights groups have also complained that China has tried to used Interpol "red notices" to try and get foreign governments to arrest people abroad it wants for political offences at home.



Tuesday, June 30, 2026

When technology runs amok…

https://sloanreview.mit.edu/article/the-real-question-to-ask-about-ai-governance/

The Real Question to Ask About AI Governance

When an AI model does something it shouldn’t, who in your organization has the authority to stop it? If you can’t answer that question, you’re performing AI governance theater.





Think of it as “Moneyball for politicians.”

https://www.nytimes.com/2026/06/29/us/politics/political-campaigns-ai-tech.html?unlocked_article_code=1.t1A.0BIa.SrowQDfeMYAi&smid=bs-share

How A.I. Is Changing the Way Politicians Run for Office

A.I.-generated images are the public face of this election overhaul. Behind the scenes, campaigns are using the technology to analyze voter data, craft campaign materials and write custom messages.





How common are health care hallucinations?

https://www.zdnet.com/article/us-adults-use-ai-for-health-information-now/

61% of US adults use AI for health information now - up from 2% in 2024

Only 2% of U.S. adults turned to AI for healthcare information in 2024, and today the number is 61%, according to Salesforce's Connected Health Consumer report, a survey of 3,200 consumers worldwide aimed at better understanding how the rise of agentic AI is reshaping consumer expectations, attitudes, and demands within healthcare -- specifically patient experience. 





Electronic search is still search… What a concept!

https://www.theguardian.com/us-news/2026/jun/29/supreme-court-geofence-warrants-case-decision

US supreme court rules geofence warrants require constitutional privacy protections

The US supreme court has ruled that law enforcement’s use of sprawling warrants that sweep up smartphone location data requires privacy protections under the fourth amendment, in a boost to critics who view their use as an unconstitutional dragnet.

Justice Elena Kagan wrote the majority opinion, which held that the sensitive data scooped up by “geofence warrants” counts as a fourth amendment search, and offers individuals a “reasonable expectation of privacy”, even if they may be in a public area.