TL;DR:

  • Meta timed facial recognition glasses to exploit "political turmoil." An internal document reveals the company planned to launch "Name Tag" (a feature that identifies strangers in real time) while Americans are too distracted to push back. The ACLU calls it a "uniquely dire threat."
  • AI deepfakes are flooding the 2026 midterms. No one's stopping them. FEC deadlocked. Congress paralyzed. Virginia Republicans debated an AI deepfake of their opponent. The Cuomo campaign posted one targeting his rival with racist stereotypes. Regulators call it the "Wild West."
  • 70% of data breach victims won't be told what happened. The ITRC's annual report landed: "transparency is on life support." 3,322 breaches in 2025. Only 30% disclosed the attack method. Companies are hiding how they got hacked.
  • Salt Typhoon hit all four major Singapore telecoms. Singtel, StarHub, M1, and Simba. The Chinese espionage group now confirmed in 80+ countries. Norway disclosed last week. Senator Cantwell demands AT&T and Verizon CEOs "come clean."
  • FISA 702 countdown: 58 days. Section 702 expires April 20. The SAFE Act reintroduction is expected when Congress returns Sunday. The warrant requirement fight resumes.
  • 225,000+ Californians signed up for DROP. The data broker deletion tool keeps growing. One click, 500+ brokers, your data gone.

Meta Timed Facial Recognition Glasses to Exploit "Political Turmoil"

Meta wants to turn Ray-Ban smart glasses into a real-time facial recognition system. That's not the alarming part. The alarming part is when they planned to do it.

According to a New York Times report based on internal documents dated May 2025, Meta executives discussed launching "Name Tag" (a feature that identifies strangers and pulls up information about them via Meta AI) during a period of "political turmoil" when civil liberties advocates would be too overwhelmed to fight back.

The documents show Meta originally planned to test Name Tag at a conference for the blind before rolling it out to the general public. That didn't happen. Now the feature is reportedly in internal testing and could launch this year.

The ACLU called it a "uniquely dire threat to privacy" that could "effectively end anonymity in public spaces."

Here's how it works: Look at someone. The glasses scan their face. Meta AI cross-references it against public Meta profiles (potentially Instagram and Facebook) and tells you who they are. Meta says they're exploring who should be "recognizable": people you know through Meta platforms, or anyone with a public account.

We saw a preview of this threat in 2024 when Harvard students built I-XRAY: a similar system using Meta Ray-Bans and PimEyes. Meta claimed that project violated their terms. Now they're building the same thing themselves.

The timing calculation in those documents matters. Meta looked at the political landscape and decided chaos would be cover. That's not paranoia. That's their strategy.

Sources: TechCrunch, Futurism, MacRumors

AI Deepfakes Are Flooding the 2026 Midterms. No One's Stopping Them.

The 2026 midterms have become the "Wild West" of AI disinformation, and regulators admit they have no weapons to fight it.

The FEC has deadlocked on issuing guidance about AI in political advertising, according to CampaignNow. Congress hasn't passed legislation prohibiting deepfake content that could mislead voters. The result: candidates are using AI fabrications against opponents with no consequences.

In Virginia, Republican lieutenant governor candidate John Reid debated an AI-generated deepfake of his Democratic opponent. In New York, former Governor Andrew Cuomo briefly posted, then deleted, a deepfake ad targeting his rival with racist stereotypes. Neither faced meaningful penalties.

Thirty-eight states passed AI legislation in 2025, including rules on election deepfakes. But with Trump's administration actively challenging state regulations and no federal framework, enforcement is spotty at best.

"It will be much more sophisticated going into the 2026 midterms and then the 2028 election," warned one researcher quoted in the WLRN report.

We wrote about deepfake detection tools last year. The problem isn't technology. It's political will.

Sources: CampaignNow, WLRN, NBC News

70% of Data Breach Victims Won't Be Told What Happened

The Identity Theft Resource Center just released its 20th annual data breach report. The headline number (3,322 breaches in 2025) isn't the worst part. The worst part is what companies aren't telling you.

In 2020, almost 100% of breach notifications disclosed the root cause: how the attackers got in. In 2025, that number dropped to 30%. Seven out of ten breach victims now receive notifications that don't explain what happened or how to protect themselves, according to Insurance Journal.

"Transparency is on life support," ITRC stated in their report.

This isn't accidental. Companies discovered that vague breach notifications face less scrutiny. If you don't tell people it was a phishing attack, they can't ask why you didn't have phishing protection. If you don't mention the exposed password database was unencrypted, regulators might not dig deeper.

The result: 46% of breach victims report feeling "powerless to protect themselves," what ITRC calls "breach fatigue." When you don't know what was stolen or how, you can't take meaningful defensive action.

The 3,322 breach count represents a 79% increase over five years, the third consecutive year with more than 3,000 incidents. Banks remain the most-breached sector.

Our breach resilience guide explains what to do when companies won't tell you what happened.

Sources: Insurance Journal, ITRC, American Banker

Salt Typhoon Hit All Four Major Singapore Telecoms

Singapore confirmed what everyone suspected: the Chinese espionage campaign that compromised AT&T, Verizon, and dozens of other telecoms worldwide also breached all four of the country's largest phone companies.

Singtel, StarHub, M1, and Simba Telecom were all targeted by the group Singapore's government identified as UNC3886, the same hackers multiple governments have linked to Salt Typhoon, according to TechCrunch.

The attackers used rootkits to gain long-term access to systems. Singapore says they didn't disrupt services or access personal information, but that's what they always say at first.

This comes days after Norway became the first European government to publicly confirm Salt Typhoon targeted its infrastructure. US officials now describe the campaign as an "epoch-defining threat" spanning 80+ countries with 200+ targets.

Senator Maria Cantwell is demanding AT&T and Verizon CEOs "come clean" about the extent of Salt Typhoon breaches in their networks, and what data was actually accessed, including congressional emails.

We've covered Salt Typhoon extensively. The scope keeps growing. The telecom industry's decades of security neglect is being exploited by nation-states.

Sources: TechCrunch, TechCrunch (Norway), Senate Commerce Committee

Brookings: DOGE Building a "Digital Watchtower" Over Americans

Brookings Institution published an analysis of DOGE's data consolidation efforts, and they didn't mince words: the administration is building a "digital watchtower" with access to nearly every American's sensitive information.

Over the past 100 days, DOGE teams have grabbed personal data from dozens of federal databases (Social Security records, IRS tax returns, Medicare claims, OPM personnel files) and are reportedly merging it into a master database at the Department of Homeland Security, according to Brookings.

The new development: Elon Musk announced Medicaid data from 2018-2024 has been "open sourced" so the "level of fraud is easy to identify." That's medical procedure data. Claims. Payments. Years of healthcare records now available for DOGE analysis.

Meanwhile, a DOGE employee reportedly emailed Social Security data to a political group seeking "voter fraud evidence," exactly the kind of misuse critics predicted when warning about centralized access to government data.

The 19-state lawsuit challenging DOGE's Treasury data access continues. Harvard's Ash Center has published resources explaining what data DOGE can access and what protections apply (spoiler: fewer than you'd hope).

Our earlier coverage tracked DOGE's Palantir connections and cross-agency surveillance plans. The "digital watchtower" framing captures what they're building: total information awareness, rebranded.

Sources: Brookings, Harvard Ash Center, Axios

Quick Hits

FISA 702 countdown, 58 days: Section 702 expires April 20. Congress returns February 23. Senators Durbin and Lee are expected to reintroduce the SAFE Act, which would require a warrant for searching Americans' communications collected under 702. The fight that failed by one vote in 2024 restarts in three days. [Our explainer]

225,000 Californians using DROP: California's data broker deletion platform keeps growing. One request, 500+ brokers, your information deleted. Brokers start processing requests August 1. If you're in California and haven't signed up, here's our guide. [CalMatters]

UK Lords voted to ban VPNs for minors: The House of Lords passed an amendment 207-159 requiring age verification for VPN services, mandatory device-scanning software on phones and tablets, and a social media ban for under-16s. VPN providers must verify ages via government ID or facial biometrics, defeating the privacy purpose of VPNs. [Our coverage]

ICE Out of Our Faces Act introduced: Democratic lawmakers introduced legislation banning ICE and CBP from acquiring and using facial recognition technology. The bill responds to ICE's expanding surveillance arsenal: now including Palantir ELITE scoring, $4.5M iris scanners, cell-site simulators, and social media monitoring of US citizens. [Jayapal press release]

Disney's $2.75M CCPA fine sticks: California's largest privacy settlement remains in place after Disney failed to honor opt-out requests across devices. Opt out on your phone, still tracked on your TV. Attorney General Bonta is also investigating "surveillance pricing": using personal data to charge different prices. [Blank Rome]

What to Watch

  • Meta Name Tag launch timing: The facial recognition glasses feature is in internal testing. Watch for beta announcements or conference demos. Meta's own documents show they're calculating how much pushback they can avoid.
  • SAFE Act reintroduction: Congress returns February 23. State of the Union February 24. Expect Durbin-Lee to drop the SAFE Act bill that week. 58 days until Section 702 expires.
  • Midterm deepfake incidents: Primary season heats up. With no federal rules and FEC gridlock, expect more AI-generated content targeting candidates. State attorneys general may be the only enforcers.
  • Salt Typhoon disclosures: Singapore and Norway confirmed. Who's next? Senator Cantwell's demands for AT&T/Verizon accountability could force more revelations about congressional communications accessed.
  • DOGE database lawsuit progress: The 19-state lawsuit challenging Treasury data access continues. Watch for emergency motions as more data grabs emerge.

References

  1. TechCrunch - Meta Plans Facial Recognition for Smart Glasses
  2. Futurism - Meta Adding Facial Recognition Hoping Public Too Distracted
  3. CampaignNow - Regulators Scramble as AI Deepfakes Flood Midterms
  4. Insurance Journal - ITRC: Data Breach Transparency on Life Support
  5. TechCrunch - Singapore Confirms Salt Typhoon
  6. Senate Commerce - Cantwell Demands AT&T/Verizon Answers
  7. Brookings - Privacy Under Siege: DOGE's Database
  8. Brookings - FISA Section 702 Expires in April
  9. Rep. Jayapal - ICE Out of Our Faces Act
  10. CalMatters - California DROP Platform Guide