TL;DR:

  • Congress introduced the ICE Out of My Face Act on February 5 to ban ICE and CBP from buying or using facial recognition, backed by the ACLU, EFF, and EPIC
  • FISA Section 702 expires in 73 days and Congress can't agree on whether warrantless domestic searches should continue. The warrant requirement lost by a single vote last time
  • Substack confirmed a breach affecting 697,313 users: names, emails, phone numbers, and Stripe IDs exposed after an October 2025 intrusion went undetected for four months
  • DHS announced body cameras for ICE agents. Secretary Noem's order comes as agents face mounting legal challenges over raid conduct
  • Hinge now requires facial age estimation for all users. UK and Australian laws force biometric liveness checks through FaceTec, and the feature is rolling out globally

Congress Introduces Bill to Ban ICE Facial Recognition

Four members of Congress finally said what privacy advocates have been screaming for years: ICE shouldn't have facial recognition. Period.

On February 5, Senators Edward Markey, Jeff Merkley, and Ron Wyden, along with Representative Pramila Jayapal, introduced the ICE Out of My Face Act. The bill would ban ICE and CBP from buying, building, or using facial recognition and other biometric identification systems. It would also force the agencies to delete all biometric data already collected.

The bill isn't a polite suggestion. It gives individuals and state attorneys general the power to seek civil penalties when agencies violate the ban. Senators Angela Alsobrooks and Bernie Sanders signed on as co-sponsors.

"This has become a surveillance state with militarized federal troops on our streets to terrorize and intimidate US citizens and residents alike," Representative Jayapal said in the announcement.

The timing is pointed. ICE has used its Mobile Fortify app more than 100,000 times since June 2025, scanning faces against a 1.2 billion image database. Agents regularly scan people without their knowledge or consent. The ACLU, EFF, EPIC, Fight for the Future, and Human Rights First all backed the bill.

Will it pass in this Congress? Almost certainly not. But it puts the surveillance apparatus on the record, and it gives the next Congress a ready-made framework if the political winds shift.

We covered the broader ICE OUT Act targeting qualified immunity last month. This bill targets the tech itself.

Sources: Rep. Jayapal Press Release, Sen. Markey Press Release, Daily Hampshire Gazette

FISA Section 702: 73 Days Until the Biggest Surveillance Fight of the Year

The clock is ticking on the government's most powerful warrantless surveillance authority, and this time the politics are a mess on both sides.

Section 702 of FISA lets spy agencies vacuum up communications of foreign targets without a warrant. The problem: it sweeps in millions of Americans' texts, emails, and phone calls when they communicate with anyone abroad. The FBI has used this "incidental collection" to search for data on racial justice protesters, political officials, campaign donors, and a state court judge.

Congress last reauthorized the program in April 2024. An amendment requiring warrants for searches of Americans' data lost 212-212 in the House by a single vote. The law expires April 19.

Senator Dick Durbin told Nextgov/FCW that "the issue is timely because of current awareness of the Fourth Amendment," pointing to warrantless raids in Chicago and Minneapolis. Senator Ron Wyden accused the administration of "secretly deciding that agents can break into homes without a judicial warrant."

The ACLU's Kia Hamadanchy warned that "reauthorizing 702 without meaningful reforms would double down on systemic abuses."

Even ODNI Director Tulsi Gabbard said during her confirmation that warrants "should generally be required" before searching Americans' 702 data. Whether the administration actually pushes for that reform is another question entirely.

We've been tracking this fight. Read our full breakdown of what's at stake.

Sources: Nextgov/FCW, EPIC, Lawfare

Substack Breach Exposes 700,000 Users, Four Months After It Happened

Substack, the platform independent journalists trust with their subscriber lists, got breached in October 2025. They didn't notice until February 3, 2026.

A threat actor using the handle "w1kkid" posted a file containing 697,313 user records on BreachForums. The dump includes full names, email addresses, phone numbers, Stripe customer IDs, profile pictures, biographies, account creation dates, and social media handles.

Passwords and payment data weren't compromised. But phone numbers are the real danger here. They're the key to SIM-swapping attacks, which let hackers bypass two-factor authentication and take over accounts. For a platform full of journalists, activists, and people with opinions that make them targets, exposed phone numbers are a serious problem.

CEO Chris Best acknowledged the breach in a direct email to affected users, calling it "unauthorized third party" access to "limited user data." The attacker described their method as "noisy" scraping that Substack eventually detected and blocked.

The four-month gap between the intrusion and discovery is the real story. October to February. If you use Substack, assume your email and phone number are public now.

Sources: Cyber Insider, SecurityWeek, The Record

ICE Agents Getting Body Cameras, But Who Controls the Footage?

Homeland Security Secretary Kristi Noem announced that ICE agents will start wearing body cameras during enforcement operations.

On the surface, this sounds like accountability. Body cameras on police have produced mixed results. They can deter misconduct, but only if the footage is actually accessible. The key questions: Who stores the recordings? Who gets to see them? Can defense attorneys subpoena the footage? What happens when a camera "malfunctions" during a controversial raid?

The announcement comes as ICE faces multiple lawsuits over agent conduct during raids in Minneapolis, Chicago, and Newark. The ACLU has documented agents filming protesters and immigrants alike. Adding body cameras could just as easily create another surveillance database as it could protect civil rights.

DHS hasn't published a policy on footage retention, access, or oversight. Until that exists, body cameras on ICE agents are a PR move, not a reform.

Sources: FOX 9, WBUR Here & Now, MPR News

Hinge Wants Your Face Now, For Your Own Protection

Looking for love? First, let a company scan your face.

Match Group (which owns Hinge, OkCupid, and Match.com) is rolling out FaceTec biometric liveness detection for all Hinge users worldwide. In the UK and Australia, users must now complete facial age estimation to comply with the UK's Online Safety Act and Australia's Social Media Minimum Age Act.

FaceTec's system uses 3D face mapping to verify that a real human is holding the phone, not a photo or deepfake. Match Group says this prevents catfishing and underage access. The company claims no facial data is stored permanently.

But here's what this actually means: a dating app company now has the technical infrastructure to perform biometric verification on millions of users. Even if Match Group keeps its promise on data deletion today, that infrastructure exists. And Match Group was just hit by ShinyHunters, who leaked 10 million records from Hinge, OkCupid, and Match.com. Trusting them with your face data the same week their user data got dumped is a big ask.

This is the pattern: laws meant to protect children become the justification for biometric surveillance of everyone. The FTC held an age verification workshop on January 28 exploring exactly this tension.

Sources: Biometric Update, AdExchanger, FTC

Milwaukee Facial Recognition: Fire and Police Commission Meets

The Milwaukee Fire and Police Commission held its meeting on February 5 to discuss the MPD's proposed facial recognition policy, the deal where police would trade 2.5 million mugshots to Biometrica for "free" face-matching access.

Community opposition showed up in force, organized by the Wisconsin Bail Out the People Movement and backed by the ACLU of Wisconsin and the League of Women Voters. Eleven of Milwaukee's 15 council members had already signed a letter opposing facial recognition expansion last May.

The Equal Rights Commission also took a formal stand against the technology. We're monitoring for the official outcome and will update with results.

Sources: WI Bail Out the People, Milwaukee NNS, WJI

Palantir's ELITE: The App That Turns Medicaid Data Into Deportation Targets

Palantir's ICE targeting app keeps getting worse the more we learn about it.

ELITE (Enhanced Leads Identification and Targeting for Enforcement) populates a map with potential deportation targets, shows a dossier on each person, and assigns an "address confidence score" predicting where they'll be. Sources feeding the system include HHS (Medicaid data), USCIS records, and the commercial database CLEAR.

An EFF report in January documented that the tool feeds on Medicaid data, meaning health care information people gave the government in good faith is being weaponized for immigration enforcement. Palantir pushed back on the EFF's characterization but hasn't denied the data flows.

404 Media published the actual ELITE user guide, and NPR, PBS, and multiple outlets covered the surveillance toolkit this week. The picture keeps getting clearer: ICE's $28.7 billion surveillance apparatus runs on Palantir's software, and it's pointed at neighborhoods, not just individuals.

Sources: EFF, 404 Media, PBS Amanpour

What to Watch

  • FISA 702 countdown: 73 days until the surveillance authority expires on April 19. Expect hearings to accelerate this month.
  • Milwaukee vote outcome: The Fire and Police Commission's decision on facial recognition should be public soon. We'll update when it lands.
  • COPPA compliance deadline: The FTC's updated children's privacy rules take effect April 22. Companies are scrambling (or not) to comply.
  • Substack fallout: With 697K records in the wild, expect SIM-swapping attacks targeting journalists and high-profile Substack creators in coming weeks.
  • ICE Out of My Face Act: The bill's odds are slim in this Congress, but watch for it to become a litmus test in 2026 campaigns.

References

  1. Rep. Jayapal - ICE Out of My Face Act
  2. Nextgov/FCW - FISA Section 702 Debate
  3. Cyber Insider - Substack Breach
  4. SecurityWeek - Substack Disclosure
  5. The Record - Substack Notification
  6. Biometric Update - Hinge FaceTec
  7. WI Bail Out the People - Milwaukee FRT Opposition
  8. EFF - Palantir ELITE Medicaid Data
  9. 404 Media - ELITE User Guide
  10. FOX 9 - ICE Body Cameras
  11. EPIC - FISA 702 Reform
  12. Sen. Markey - ICE Face Recognition Ban