TL;DR:

  • California AG launches surveillance pricing investigation. Attorney General Rob Bonta sent investigative letters to retail, grocery, and hotel companies using your personal data to set individualized prices. Getting charged more because an algorithm thinks you’ll pay? California says that may violate CCPA.
  • ICE tripled its Microsoft Azure storage to 1,400TB. The equivalent of 490 million images. ICE is using Azure AI Video Indexer for facial recognition and emotion detection. Microsoft says it "does not believe" ICE is engaged in mass surveillance.
  • Congress demands answers on Penlink phone tracking. Rep. Shontel Brown sent DHS a letter demanding a briefing by March 5 on ICE’s use of Webloc, the tool that tracks phones without warrants by buying location data from apps.
  • Deepfakes flood 2026 midterms, FEC does nothing. The Federal Election Commission remains deadlocked on AI rules. The FCC banned AI robocalls but not digital ads. Regulators call it the "Wild West."
  • Oklahoma becomes 20th state with privacy law. The House passed SB 546 by 84-4. Governor Stitt has 5 days to sign.

California Investigates "Surveillance Pricing"

You search for a product. You click around. Then you get a price, but it’s not the same price everyone else sees. It’s higher because an algorithm decided you’d pay more.

California Attorney General Rob Bonta announced on Data Privacy Day (January 28) that the Department of Justice is sending investigative letters to businesses using "surveillance pricing": the practice of setting individualized prices based on your personal data.

The targets: retail, grocery, and hotel companies with significant online presence. The concern: companies are using browsing history, location data, and purchase patterns to charge certain customers more than others for identical products.

Under the California Consumer Privacy Act (CCPA), businesses can only use personal information for purposes consistent with consumer expectations. If you didn’t expect a company to use your data to inflate your prices, they may be breaking the law.

A pending bill (AB 446) would go further, explicitly defining surveillance pricing and adding requirements for disclosure. But even without new legislation, the AG’s office is using existing tools to investigate whether dynamic pricing crosses legal lines.

The irony: companies have spent years collecting your data "to improve your experience." Now they’re using it to extract more money from you. California is finally asking whether that’s fraud.

Sources: CA Attorney General, Pillsbury Law

ICE’s Microsoft Cloud Storage Tripled to 1,400TB

Between July 2025 and January 2026, Immigration and Customs Enforcement tripled its Microsoft Azure data usage, from 400 terabytes to 1,400 terabytes. That’s enough storage for approximately 490 million images.

What’s ICE storing? Leaked files obtained by 972 Magazine and analyzed by tech reporters show ICE is using Azure AI Video Indexer and Azure Vision, Microsoft’s AI tools for analyzing multimedia. These services can detect faces, identify individuals, read emotions, transcribe audio, and analyze objects in video footage.

Microsoft’s response: "Our policies and terms of service do not allow our technology to be used for the mass surveillance of civilians, and we do not believe ICE is engaged in such activity."

Translation: Microsoft doesn’t actually know what ICE is doing with 1,400TB of cloud storage and AI analysis tools. They just "believe" it’s fine.

The files don’t specify whether ICE is storing surveillance footage on Azure or using the platform for other operations like coordinating deportation flights. But the combination of facial recognition AI and a data explosion during the immigration crackdown is exactly what critics warned about.

This is the same ICE that uses Mobile Fortify to access 1.2 billion face photos. The same ICE that scans observers and calls them domestic terrorists. Now they’re tripling their cloud AI infrastructure.

Sources: WinBuzzer, 972 Magazine, Windows Central

2026 Midterms: Deepfakes Everywhere, Regulators Nowhere

AI-generated deepfakes are flooding the 2026 election cycle. And the federal agencies responsible for election integrity? Deadlocked, divided, or simply refusing to act.

The Federal Election Commission remains split along partisan lines on AI disclosure rules. No guidelines on deepfake ads. No requirements to label synthetic content. Nothing.

The FCC banned AI-generated voices in robocalls after a fake Biden audio targeted New Hampshire voters in 2024. But that rule doesn’t cover digital ads, television, or social media, where most deepfakes actually spread.

States are filling the void. At least 26 states have passed laws addressing election deepfakes, with many taking effect this year. But enforcement varies wildly. Some laws only cover candidates. Others require disclosure but have no teeth. The patchwork creates opportunities for bad actors to route around restrictions.

Meanwhile, actual deepfakes are appearing. In Maryland, the "No Moore" social media campaign has been accused of using AI to create racist images targeting Governor Wes Moore. In Ecuador’s February 2025 election, deepfake newscasters with fake CNN and France 24 logos spread false scandals about candidates.

Experts warn that the goal isn’t just deception. It’s erosion of trust. When voters can’t tell real from fake, they stop believing anything. That’s the deeper damage.

Sources: CampaignNow, WMAR, MyRGV

Quick Hits

Oklahoma becomes 20th state with privacy law: The state House passed SB 546 by an 84-4 vote on February 24. Governor Kevin Stitt has five days to sign or veto. If signed, Oklahoma joins 19 other states with comprehensive consumer data privacy protections. [LegiScan]

Britain fines Reddit £14.5 million for violating children’s privacy: The UK’s Information Commissioner’s Office says Reddit unlawfully processed children’s personal information and failed to protect young users. Reddit called the fine "a blunt instrument" and disputed the findings. [ICO] [Full coverage]

Nvidia can’t escape cookie lawsuit: A federal judge ruled that Nvidia must face a class action alleging it secretly installed third-party tracking cookies even after users clicked "decline all" on its website banner. The company argued users consented by continuing to browse. The judge disagreed. [Law360]

Russia opens criminal case against Telegram’s Durov: Russian authorities charged founder Pavel Durov with "facilitating terrorism" on February 24, claiming Telegram was used in 153,000 crimes since 2022. This comes while Durov still faces charges in France. Moscow appears to be using his legal vulnerability to pressure Telegram compliance. [Meduza]

FISA Section 702, 54 days to sunset: The warrantless surveillance law expires April 20. Senators Durbin and Lee are expected to reintroduce the SAFE Act this week, requiring warrants for searches of US person communications. [Our explainer]

What to Watch

  • California surveillance pricing responses: Companies have until early March to respond to the AG’s investigative letters. Watch for compliance scrambles or legal challenges.
  • March 5 Penlink briefing deadline: Congress wants answers on ICE’s warrantless phone tracking. DHS may stonewall or redact heavily.
  • Oklahoma governor’s decision: Five days to sign SB 546. If approved, 20 states will have consumer privacy laws.
  • DHS lawsuit response: The federal class action over ICE labeling observers "domestic terrorists" is pending. Watch for government motion to dismiss or preliminary injunction fights.
  • Super Tuesday AI monitoring: March 4 primaries will be the first major test of 2026 deepfake detection. Researchers are watching for synthetic content spread.

References

  1. California Attorney General - Surveillance Pricing Investigation
  2. WinBuzzer - ICE Azure Usage Triples
  3. 972 Magazine - ICE Microsoft Azure Files
  4. Rep. Brown - Penlink Oversight Letter
  5. Flatwater Free Press - Nebraska Surveillance Company
  6. CampaignNow - Midterm Deepfakes
  7. Meduza - Russia Charges Durov