TL;DR:

  • School security cameras are feeding data to ICE. A new investigation found over 100 school districts use Flock Safety cameras connected to a national police database. In one month, 3,100+ police agencies ran 733,000 searches on school camera data, including 620 immigration-related queries. Parents dropping kids off at school are being tracked.
  • CBP just bought Clearview AI access to 60 billion face images. Customs and Border Protection signed a contract for 15 Clearview AI licenses at its National Targeting Center. The database scrapes photos from social media, news sites, and the open web. Your vacation selfie is in there.
  • DHS shutdown hits Day 2. Congress left for recess without a deal. CISA still has two-thirds of its cybersecurity staff furloughed. ICE enforcement continues with full funding. The pattern holds: surveillance stays on, protection gets cut.
  • WhatsApp encryption is facing its biggest credibility test. A class action lawsuit alleges Meta employees can read your WhatsApp messages through an internal system. US authorities are now investigating. Cryptographers say the claims are unlikely, but Meta won't open-source the code to prove it.
  • Apple patched a state-sponsored zero-day. CVE-2026-20700 was used in "extremely sophisticated" attacks targeting specific individuals. Google's Threat Analysis Group found it. If you haven't updated iOS, do it now.

Your Kid's School Camera Is Connected to a National Police Surveillance Network. ICE Has Access.

The 74, an education news outlet, published an investigation on February 14 that should alarm every parent in America. Police departments across the country are using school security cameras to help ICE track immigrant families, and the schools may not even know it.

Here's how it works: Over 100 public school districts have installed cameras made by Flock Safety, an Atlanta-based surveillance company that makes AI-powered license plate readers. Those cameras capture plate numbers, timestamps, and vehicle details, then upload everything to a cloud server. Flock customers can choose to share their data with other police agencies through a national network. The result: 90,000 cameras across 7,000 networks, all searchable by any connected law enforcement agency.

The investigation analyzed audit logs from six Texas school districts, including Alvin Independent School District (30,000 students, 8 Flock cameras). In a single month (December 2025 through early January 2026) more than 3,100 police agencies conducted over 733,000 searches on those school district cameras. Of those, 620 searches cited immigration-related reasons, conducted by 30 law enforcement agencies across Florida, Georgia, Indiana, and Tennessee.

Civil immigration searches (finding people who are "unlawfully present") occurred more than twice as often as criminal immigration investigations. One Georgia police lieutenant told The 74 his department would assist federal immigration requests "no questions asked."

Think about what this means. A parent drives their 5-year-old to school. The school's security camera reads their plate. That data flows into a national database. A police department three states away searches it on behalf of ICE. The school built a surveillance system to protect students and accidentally created a deportation pipeline. We published a full investigation with the numbers, the audit logs, and what schools aren't telling parents.

"This is an egregious end run around the Constitution," said Randi Weingarten, president of the American Federation of Teachers.

We've been tracking Flock Safety's expanding surveillance network and its connections to ICE enforcement for months. This investigation confirms the worst-case scenario: school cameras aren't just watching hallways. They're watching families.

Sources: The 74, District Administration, Piedmont Exedra

CBP Signs Clearview AI Deal: 60 Billion Scraped Face Images for "Tactical Targeting"

U.S. Customs and Border Protection signed a contract this week to buy 15 Clearview AI software licenses for agents at its National Targeting Center. The deal gives CBP access to Clearview's database of more than 60 billion images scraped from social media, news sites, and the open internet.

CBP says the tool will enhance "tactical targeting" and "counter-network analysis": bureaucratic language for identifying people at borders and tracking their connections. The one-year contract is expected to kick off in September 2026. CBP piloted Clearview's technology in 2025 and apparently liked what it saw.

The agency insists "no enforcement action is taken based solely on the leads generated by this tool" and that all identifications undergo "thorough investigation and validation." But that's a thin reassurance when the underlying database was built by scraping billions of photos without consent. Clearview has been fined by privacy regulators in the UK, France, Italy, and Australia. None of that stopped CBP from signing on. This isn't even ICE's first Clearview deal: we covered the original ICE contract last year.

We have a full breakdown of the CBP Clearview contract: what's in it, what's missing, and why the accuracy problems matter. This contract lands the same week that lawmakers introduced the ICE Out of My Face Act to ban ICE and CBP from using facial recognition entirely. CBP's response to a bipartisan push to restrict biometric surveillance? Buy more of it.

Sources: FedScoop, WebProNews

DHS Shutdown Day 2: Same Story, Worse Math

The DHS shutdown entered its second day on Saturday with Congress on a weeklong recess and no deal in sight. Lawmakers aren't scheduled back until February 23, meaning at minimum nine more days of this.

The pattern from our Day 1 coverage hasn't changed: the parts of DHS that surveil you are fully operational. The parts that defend against cyberattacks are running on fumes. CISA still has 1,453 of its 2,341 employees furloughed. No new cybersecurity guidance, no security assessments, no training exercises.

And the timing keeps getting worse. Apple just disclosed a state-sponsored zero-day (more on that below). Microsoft's six actively exploited zero-days from Tuesday's Patch Tuesday are still being deployed. The federal agency tasked with coordinating patch deployments across government sent most of its staff home three days ago.

About 90% of DHS's 260,000+ employees continue working without pay. TSA agents screen travelers. Coast Guard sailors patrol waters. ICE agents conduct raids, funded through the One Big Beautiful Bill, they're the one component that doesn't feel the shutdown at all.

The core dispute: Democrats want ICE body cameras, warrant requirements for home entries, and restrictions on roving patrols, demands that intensified after ICE agents fatally shot two U.S. citizens in Minneapolis. House Speaker Mike Johnson called those "non-starters."

Sources: NPR, Federal News Network, ABC News

WhatsApp's Encryption Faces Its Biggest Test: A Lawsuit, Whistleblowers, and a Federal Investigation

A class action lawsuit filed in January alleges that Meta employees can read your WhatsApp messages whenever they want, through an internal tasking system that bypasses the app's end-to-end encryption. US authorities are now investigating the claims.

According to the complaint, unnamed whistleblowers say a Meta worker needs only to send a "task" to an engineer with an explanation for why they need access. Once approved, messages can allegedly be viewed in near real-time, including deleted messages going back to account creation. If true, the "end-to-end encryption" promise that 3 billion WhatsApp users rely on would be a marketing fiction.

But there's reason for skepticism. Johns Hopkins cryptography professor Matthew Green published a detailed analysis arguing the claims are unlikely. His reasoning: the scheme would be detectable in decompiled app code, massive fraud involving 3 billion users would inevitably leak, and the legal exposure makes it irrational for Meta to attempt. "You get to communicate with the three billion people who use WhatsApp" in exchange for trusting the encryption, Green wrote, a reasonable trade-off absent concrete evidence.

The problem is that Meta could settle this instantly by open-sourcing WhatsApp's encryption implementation. Signal's code is fully open. WhatsApp uses the Signal protocol but the actual implementation is proprietary. Until Meta opens it up, the question remains: trust us, but we won't show you the code. We have a full analysis of the lawsuit, the cryptographer's rebuttal, and what you can do. If you're staying on WhatsApp, at least lock down your account settings.

Sources: 9to5Mac, A Few Thoughts on Cryptographic Engineering, eSecurity Planet

Apple Patches State-Sponsored Zero-Day Used in "Extremely Sophisticated" Attacks

Apple released updates for iOS, iPadOS, macOS, and other platforms on February 11 to fix CVE-2026-20700, a memory corruption vulnerability in dyld, Apple's Dynamic Link Editor. The company says the flaw was exploited in an "extremely sophisticated attack against specific targeted individuals."

Translation: someone, almost certainly a nation-state, used this bug to hack specific people's iPhones. Google's Threat Analysis Group (TAG) discovered the vulnerability. TAG is the same team that tracks commercial spyware like Pegasus and Predator. The zero-day was linked to two earlier WebKit vulnerabilities patched in December 2025, suggesting a chained exploit that gave attackers deep device access.

This is Apple's first actively exploited zero-day of 2026. The "specific targeted individuals" language is Apple's standard wording for government-backed spyware attacks. If you're a journalist, activist, lawyer, or anyone else who might be targeted by state surveillance: update everything. Settings > General > Software Update. Now.

For everyone else: the risk of being personally targeted is low, but the patches fix other vulnerabilities too. There's no good reason to delay. We published a full breakdown of the attack chain, who's behind it, and what to do.

Sources: SecurityWeek, CyberScoop, The Hacker News, BleepingComputer

Quick Hits

DOGE lawsuits hit 11 and counting: The pile of federal lawsuits against DOGE over unauthorized access to Americans' personal data keeps growing. A court filing revealed a DOGE employee secretly agreed to share sensitive Social Security data with a political group seeking to overturn election results. Multiple DOGE employees have gained access to Treasury payment systems processing trillions in transactions. A federal court blocked most IRS-to-ICE data sharing, but DOGE keeps finding workarounds. We've been tracking this from the Social Security breach through the Palantir master database plan. [Rep. Raskin] [Brookings]

Flickr data breach exposes user information: Flickr disclosed on February 6 that a vulnerability in a third-party email provider exposed member names, email addresses, usernames, IP addresses, and platform activity. Passwords and payment data weren't compromised. The company shut down access to the affected system within hours. If you have a Flickr account, watch for phishing emails. [The Register]

Google kills dark web monitoring tomorrow: Google is discontinuing its dark web monitoring tool on February 16, citing "limited actionable insights" from user feedback. One fewer free tool for checking whether your data has been leaked. [Privacy Daily]

Michigan fights off DOJ voter data grab: A federal judge dismissed a DOJ lawsuit demanding Michigan turn over sensitive voter data, ruling that none of the three federal laws the DOJ cited gave it authority to demand the information. Small win for voter privacy. [IAPP]

FTC workshop on data economy harms set for February 26: The FTC will host "Measuring Injuries and Benefits in the Data-Driven Economy" to examine how the agency can better understand consumer harms from data collection. Comments from industry and advocates expected to shape enforcement priorities. [IAPP]

What to Watch

  • DHS shutdown clock: Congress returns February 23 at the earliest. That's nine more days of CISA operating at one-third capacity while nation-state hackers exploit fresh zero-days. Meanwhile, ICE has full funding and is tapping school cameras.
  • School surveillance fallout: The 74's investigation just dropped. Watch for school districts to scramble. Some will claim they didn't know how broadly Flock shared their data. Others will quietly leave the network. The American Federation of Teachers is pushing back hard.
  • FISA 702 countdown, 64 days: Congress is on recess, so no legislative movement until late February. Senators Durbin and Lee are expected to reintroduce the SAFE Act with a warrant requirement when they return. The administration still hasn't taken an official position.
  • Meta Name Tag: Internal documents say the facial recognition feature for Ray-Ban smart glasses could launch "as soon as this year." We're watching for a quiet announcement timed to a busy news cycle. That's literally their strategy.
  • WhatsApp investigation: US authorities are now looking into the encryption claims. If they find anything, it affects 3 billion users. If they don't, it's still a reminder that closed-source encryption requires trust you can't verify. Use Signal.

References

  1. The 74 - ICE Taps into School Security Cameras to Aid Trump's Immigration Crackdown
  2. FedScoop - CBP to Strengthen Tactical Targeting with Clearview AI
  3. NPR - 5 Things to Know About the DHS Shutdown
  4. Federal News Network - DHS Officials Warn About Shutdown Impacts
  5. 9to5Mac - Lawsuit Claims WhatsApp Encryption Is a Lie
  6. A Few Thoughts on Cryptographic Engineering - WhatsApp Encryption Lawsuit Analysis
  7. SecurityWeek - Apple Patches Zero-Day Exploited in Sophisticated Attack
  8. CyberScoop - Apple Discloses First Actively Exploited Zero-Day of 2026
  9. The Hacker News - Apple Fixes Exploited Zero-Day
  10. The Register - Flickr Emails Users About Data Breach
  11. Rep. Raskin - DOGE and the Privacy Act
  12. Brookings - Privacy Under Siege: DOGE's One Big Beautiful Database
  13. District Administration - Local Police Aid ICE by Tapping School Cameras
  14. WebProNews - CBP's New Clearview AI Deal
  15. BleepingComputer - Apple Fixes Zero-Day Flaw
  16. eSecurity Planet - WhatsApp Encryption Lawsuit