TL;DR:

  • ICE's facial recognition app identified the same woman as two different people during a single interaction, and ICE still treats these matches as "definitive"
  • California's DROP platform is live: you can now submit one request to delete your data from 500+ data brokers
  • Wegmans admits to scanning customers' faces at select stores, joining CVS, Home Depot, Macy's, Target, and Walmart
  • Rep. Thompson introduced legislation to ban DHS from using mobile facial recognition outside ports of entry
  • Trump administration building consolidated database from voter rolls, DMV records, and benefit programs for immigration enforcement

ICE's Facial Recognition Can't Keep Its Story Straight

Here's a confidence booster for anyone worried about being misidentified by immigration enforcement: ICE's Mobile Fortify app scanned one woman twice during the same interaction and returned two different names.

According to court documents reported by 404 Media on January 19, a woman identified as "MJMA" was subject to facial recognition scans that produced conflicting results. Two scans. Same face. Different identities.

This should disqualify the technology. Instead, ICE treats Mobile Fortify matches as "definitive" proof of immigration status. In testimony, an ICE deportation officer admitted he couldn't speak to the app's error rate. But here's the kicker: ICE has told lawmakers that officers may disregard documentary evidence, including birth certificates, if the app indicates otherwise.

Mobile Fortify connects to federal databases holding over 270 million biometric records. Images and fingerprints captured by the app are stored for up to 15 years, even when no match is found, even when the person is a U.S. citizen.

The Electronic Frontier Foundation put it bluntly: "Using face identification as a definitive determination of immigration status is immensely disturbing."

Sources: Biometric Update, EFF

Congress Moves to Limit Mobile Biometric Surveillance

Rep. Bennie G. Thompson (D-MS), ranking member on the House Committee on Homeland Security, introduced the Realigning Mobile Phone Biometrics for American Privacy Protection Act. We covered the Thompson bill and Mobile Fortify in detail.

The bill would:

  • Prohibit DHS from using mobile biometric apps like Mobile Fortify outside of ports of entry
  • Require destruction of biometric data collected from U.S. citizens
  • Force actual oversight of these surveillance tools

This comes after ICE expanded Mobile Fortify beyond border checkpoints into interior enforcement, meaning any encounter with ICE anywhere in the country could result in your face being scanned against federal databases.

With a Republican-controlled Congress, the bill faces long odds. But it establishes a legislative marker for what reasonable limits should look like.

Source: House Homeland Security Committee

California's DROP Platform: Delete Your Data From 500+ Brokers

Something useful, for once. California's Delete Request and Opt-Out Platform (DROP) went live on January 1, 2026. You can now send a single authenticated request to every registered data broker in California (over 500 of them) demanding they delete your personal information.

How it works:

  1. Go to privacy.ca.gov
  2. Create an account and verify your identity
  3. Submit your deletion request
  4. All registered data brokers receive your request automatically

Important timeline: Data brokers don't have to start processing requests until August 1, 2026. So submit now, but don't expect instant results. Once the deadline hits, brokers must process requests every 45 days.

Non-compliance penalties are real: $200 per request, per day. CalPrivacy has already launched a Data Broker Enforcement Strike Force to go after companies that ignore the law.

The catch? This only applies to data brokers registered in California. But California is the biggest market, so most major brokers are covered. And you don't need to be a California resident to use it, though the law was designed with Californians in mind.

Sources: CalPrivacy, CalMatters

Your Grocery Store Is Scanning Your Face

Shoppers at Wegmans locations in New York City noticed new signs this month: the store is using facial recognition technology on customers.

Wegmans says it's only at "a small fraction" of stores, targeting people "previously flagged for misconduct." The company cites "elevated risk" at its NYC locations. What they don't mention: they're building a biometric database of everyone who walks through the door.

Wegmans isn't alone. CNN reports that CVS, Home Depot, Macy's, Target, and Walmart also use facial recognition. Most customers have no idea.

The technology is marketed as loss prevention, identifying known shoplifters before they can steal. But facial recognition systems are notoriously inaccurate, especially for people with darker skin tones. False positives can lead to wrongful accusations, confrontations with security, and bans from stores based on algorithmic error.

New York City actually has a law requiring stores to post signs about biometric data collection. That's why Wegmans posted the notice. In most states, you'd never know.

Sources: CNN, Gothamist

The Administration's Digital Watchtower

The Center for American Progress published a detailed analysis of how the Trump administration is building a consolidated surveillance infrastructure from data already held by state and federal agencies.

The pieces being combined:

  • Voter registration data from state rolls
  • Driver's license records from DMVs
  • Medicaid and food stamp enrollment data
  • Tax records
  • Social media monitoring results

The stated purpose is immigration enforcement. The concern: this same infrastructure could identify political opponents, track critics, or intimidate voters, especially with midterm elections approaching.

States are already pushing back. Montana passed a law requiring warrants for electronic communications access. Other states are restricting license plate reader data sharing with federal agencies.

But the trend is clear: separate databases that were once siloed are being linked into something much more powerful.

Sources: Center for American Progress, Stateline

What to Watch

  • Section 702 FISA sunset: The warrantless surveillance authority expires in April 2026 unless Congress reauthorizes it. Watch for reauthorization fights.
  • TSA facial recognition expansion: Touchless ID is rolling out to 65 airports this spring. The opt-out process is unclear.
  • DROP enforcement: August 2026 is when data brokers must start processing deletion requests. Watch for compliance challenges and enforcement actions.
  • State privacy laws: Indiana, Kentucky, and Rhode Island privacy laws took effect January 1. Watch for early enforcement signals.

What You Can Do Today

  • Submit a DROP request: Go to privacy.ca.gov and get in the queue before August
  • Check your grocery stores: Look for biometric collection notices at entrances. NYC requires them; other cities may not
  • Lock down social media: If you're not a U.S. citizen, DHS is reviewing public social media posts. Make accounts private
  • Opt out of TSA facial recognition: You can still use standard ID verification at PreCheck lanes. Ask the agent