TL;DR:
- Ring killed its Flock Safety deal after Super Bowl backlash. Amazon's doorbell company was going to let police request footage through license plate surveillance firm Flock. The EFF called it a "surveillance nightmare." Public pressure worked.
- California is investigating "surveillance pricing." AG Rob Bonta sent inquiry letters to retailers, grocers, and hotels about using your personal data to charge you different prices. Instacart showed up to 23% price variations between customers.
- CISA is running at 38% capacity. The DHS shutdown that started February 14 furloughed 62% of America's cyber defense agency. Critical infrastructure assessments cancelled. New cyber services delayed.
- Dutch telecom Odido exposed 6.2 million customers. Names, addresses, passport numbers, bank accounts. One of the largest breaches in Netherlands history.
- Federal judge blocked IRS from sharing taxpayer data with ICE. The agency had already sent data on 47,000+ matches from 1.28 million requested records. The deal violated federal privacy laws.
- Oklahoma is about to become the 21st state with a privacy law. The House passed SB 546 by a vote of 84-4.
Ring Kills Flock Safety Deal After Super Bowl Privacy Backlash
Amazon's Ring cancelled its partnership with surveillance company Flock Safety this week, and public outrage deserves the credit.
The deal, announced in October 2025, would have let police request doorbell camera footage through Flock's platform. Flock sells automated license plate readers and other surveillance tools to police departments across the country. The partnership would have connected millions of Ring cameras to that law enforcement network.
Then came the Super Bowl ad.
Ring ran a spot showcasing "Search Party," an AI feature that scans available cameras to help find lost pets. Viewers immediately recognized what that meant: Ring's surveillance web could track almost anyone, almost everywhere. The EFF called it a "surveillance nightmare."
Ring's official statement blamed the cancellation on technical complexity. "Following a comprehensive review, the companies determined the planned Flock Safety integration would require significantly more time and resources than anticipated."
The companies insist no video was ever shared. But the pattern matters. Amazon tested the waters, got pushback, and backed down. That only happens when enough people pay attention.
If you have a Ring camera, remember: requests for footage can still come through Ring's existing law enforcement partnerships. This was about blocking a new expansion, not rolling back existing surveillance. Check our Ring privacy guide for settings to review.
California Investigating "Surveillance Pricing": Using Your Data to Charge You More
California Attorney General Rob Bonta announced on Data Privacy Day (January 28) that he's investigating a practice most people don't know exists: companies using your personal data to determine what price you pay.
They call it "surveillance pricing." Here's how it works: A retailer tracks your browsing history, purchase patterns, location data, and demographics. Based on that profile, they show you a different price than the person next to you sees.
Think dynamic pricing is just for airlines and Uber? A 2025 Consumer Reports investigation found Instacart prices varying by up to 23% between customers: $2.56 differences on the same item.
Bonta's office sent inquiry letters to major retailers, grocery chains, and hotels demanding information about their pricing practices. The investigation focuses on potential CCPA violations: specifically, using personal data beyond what consumers would reasonably expect.
California also passed AB 325 and SB 763 in October 2025, expanding liability for algorithmic price-fixing. Companies caught manipulating prices using personal data face steeper penalties.
This is the first major state enforcement action targeting surveillance pricing. If California finds violations, expect other states to follow.
Full coverage: California Is Investigating Companies That Spy on You to Charge You More
Sources: California AG Press Release, Crowell & Moring, Troutman Privacy
America's Cyber Defense Agency Running at 38% Capacity
The DHS shutdown that began February 14 has gutted America's primary cyber defense organization. CISA is operating with 888 of its 2,341 employees: 38% of normal capacity.
The other 62% (1,453 people) were furloughed. None of them are getting paid.
What's cancelled: physical and cybersecurity assessments for critical infrastructure. Simulation exercises. Training. International engagements. Public presentations. Deployment of new cyber services to federal networks. Work on the landmark cyber incident reporting rule.
This isn't the first hit. CISA already lost roughly 1,000 staff (about a third of its workforce) under Trump administration reduction programs before the shutdown. Now they're down to barely a third of that reduced number.
The shutdown affects other DHS components too. FEMA's new disaster deployments are frozen. The Coast Guard is working without pay. Customs officers are processing travelers with skeleton crews.
The "excepted" CISA staff still working include those who "protect property or human life" or whose work is funded by non-lapsed appropriations. Everyone else goes home.
Critical infrastructure owners should expect delays on assessments and guidance. If you're waiting on a CISA engagement, you're waiting until funding resumes.
Sources: SecurityWeek, Federal News Network, Nextgov
Dutch Telecom Odido Breach Exposes 6.2 Million Customers
The Netherlands' largest mobile carrier disclosed a breach affecting 6.2 million people, roughly a third of the country's population.
Attackers accessed Odido's customer contact system on February 7. Stolen data includes names, home addresses, email addresses, bank account numbers (IBANs), dates of birth, and passport or driver's license numbers.
Dutch security experts are calling the stolen data "worth gold" to criminals. That combination (government IDs plus bank details plus contact information) enables identity theft, phishing, and SIM-swap attacks.
Odido says no passwords, call details, or billing data were taken. They reported the breach to Dutch authorities and claim they "terminated unauthorized access as quickly as possible."
This is one of the largest data breaches in Netherlands history. Dutch residents: watch for phishing attempts referencing your mobile account. Don't click links in texts or emails claiming to be from Odido.
Scammers are already spinning up fake compensation websites targeting breach victims. Any site offering money for your Odido breach is a scam.
Sources: Bleeping Computer, The Record, NL Times
Federal Judge Blocks IRS-ICE Taxpayer Data Sharing
A federal judge temporarily blocked the IRS from sending taxpayer information to ICE for immigration enforcement. The ruling confirms what critics said from the start: the data-sharing deal violated federal privacy laws.
The scope of the violation: ICE requested data on 1.28 million taxpayers in August 2025. The IRS fulfilled that request and found more than 47,000 matches. Addresses of people with final deportation orders or under federal investigation were shared with immigration agents.
The deal was formalized April 7, 2025 as a memorandum of understanding. It was supposed to be limited. It wasn't. Acting IRS Commissioner Melanie Krause resigned in protest after the agreement was signed.
The Budget Lab at Yale estimates the deal will cost $25 billion in lost tax revenue in 2026 alone, and roughly $300 billion over the next decade. When immigrants fear the IRS reports to ICE, they stop filing taxes. Fewer filings means less revenue.
The legal fight continues. The IRS is defending the deal on appeal despite the court finding the disclosure "impermissibly used" taxpayer data.
If you or someone you know files taxes with an ITIN rather than a Social Security number, stay informed. The injunction provides temporary relief, but the underlying agreement remains challenged in court.
Sources: FedScoop, National Immigration Forum, Yale Budget Lab
Quick Hits
Oklahoma passes privacy law: The House voted 84-4 to pass SB 546, making Oklahoma poised to become the 21st state with comprehensive privacy legislation. The law applies to businesses processing data for 100,000+ consumers annually. Effective date moved to January 2027. [IAPP]
Louisville suing to keep surveillance records secret: Louisville Metro filed a lawsuit challenging an Attorney General decision that found the city broke open records law. The city denied requests for surveillance camera footage, claiming it would reveal camera locations. The footage they're fighting to protect reportedly no longer exists. [Louisville Public Media]
Chico schools pause AI cameras after backlash: Parents and teachers pushed back on a planned rollout of AI-powered surveillance cameras. The district will not use the cameras' AI features, including facial recognition. [NSPR]
Anthropic-Pentagon talks stall over surveillance guardrails: Anthropic wants to prevent Claude from being used for mass surveillance of Americans or developing autonomous weapons. The Pentagon wants fewer restrictions. Negotiations are reportedly close to collapse. [Bloomberg]
FISA 702 countdown, 57 days: Congress returns February 23. The SAFE Act reintroduction is expected. 57 days until Section 702 expires April 20. [Our explainer]
What to Watch
- California surveillance pricing inquiry: Watch for company responses to AG Bonta's letters. If major retailers are caught using personal data to set prices, expect enforcement actions and lawsuits.
- DHS shutdown resolution: Every day CISA operates at 38% capacity is a day critical infrastructure assessments don't happen. Watch for funding negotiations.
- Odido breach fallout: With 6.2 million records including bank details and passport numbers, phishing campaigns are inevitable. Dutch authorities investigating.
- IRS-ICE appeal: The injunction blocking data sharing is temporary. The government is appealing. Watch for rulings that could reverse course.
- Ring surveillance scope: The Flock deal is dead, but Ring's existing law enforcement partnerships remain. Watch for new partnership announcements.
References
- CNBC - Amazon's Ring Cancels Flock Partnership
- Ring Blog - Ring and Flock Cancel Partnership
- California AG - Surveillance Pricing Investigation
- SecurityWeek - CISA Navigates DHS Shutdown
- Federal News Network - DHS Shutdown Impacts
- Bleeping Computer - Odido Data Breach
- The Record - Dutch Phone Giant Odido Breach
- FedScoop - Judge Blocks IRS-ICE Data Sharing
- National Immigration Forum - IRS-ICE Agreement Explainer
- IAPP - Oklahoma Privacy Law
- Louisville Public Media - Surveillance Records Lawsuit
- Bloomberg - Anthropic Pentagon Talks