A glowing smartphone screen reflected in a dark surface, evoking the in-cabin surveillance and mobile-exploitation themes that run through the week lead stories on IRIS C2 and the EU driver-monitoring mandate
Photo via Unsplash

Today in Surveillance:

  • The IRIS C2 phone-hacking shop went public this week. Reporting by Brian Krebs tied the Virginia federal-contractor registration, Calvexa Group LLC, to convicted robocall fraudsters Jacob Wohl and Jack Burkman, both of whom pleaded guilty in 2022 to telecommunications fraud in the 2020 voter-suppression scheme that drew a $5,134,500 FCC fine. The IRIS C2 site publishes a payout schedule ranging from $10,000 to $7 million, with $5 million to $7 million reserved for a zero-click iOS chain [1][2][3].
  • The European Parliament failed to block the renewed Chat Control 1.0 mass-scanning mandate. The July 9 rejection motion drew 314 votes against, 276 in favor, and 17 abstentions, short of the 361-seat absolute majority needed to kill the interim CSAR regulation that extends suspicionless scanning of private messages until 2028. The rule now moves to the Council of the European Union [4][5].
  • Alan Turing Institute researchers bypassed GitHub Copilot safety in 100% of coding-workflow trials. The arXiv paper from July 4 wraps 204 harmful prompts inside ordinary IDE sessions and reports 816 of 816 unsafe completions across Claude Sonnet 4.6, Claude Haiku 4.5, Gemini 3.1 Pro, and Gemini 3.5 Flash. Direct chat refused the same prompts in 808 of 816 trials, a near-complete refusal rate that disappears inside the agent trajectory [6][7].
  • Body-camera footage shows a Florida Keys deputy using ALPR tools to stalk a woman. 404 Media published the July 6 FOIA drop on Monroe County Sheriff's Deputy Lamar Roman, who pulled the woman's registration from DAVID, added her plate to an ALPR hotlist, then chased her at 70 mph down a two-lane highway [8].
  • Every new car sold in the EU now ships with an infrared driver-monitoring camera. The Advanced Driver Distraction Warning rule took effect July 7, and All About Cookies reports the General Safety Regulation does not specify an independent audit for the closed-loop data-flow claim [9][10].
  • Meta published an always-on audio wearable patent that reads mood from sighs. The December 2025 filing, published July 2 and first flagged by Patentlyze, links emotion-inferred audio to medication-taking time. Meta told 404 Media the filing is routine [11].
  • Amnesty Security Lab and CDT Europe are pressing the Commission to act on the Pegasus hit on PEGA's Kouloglou. The joint July 6 statement asks DG ITEC to investigate the Citizen Lab-confirmed infections and to publicly respond to the PEGA recommendations adopted in May 2023 [12][13].
  • Anthropic's consumer ID verification went live on July 8. Persona Identities is the named verification partner for Claude Free, Pro, and Max accounts. The policy update was first surfaced by Reddit and crossed 132 points on Hacker News in under five hours [14][15].

Also today: The Register's July 6 Sainsbury's Facewatch reporting frames the UK retailer as tripling from a pilot to up to 200 stores by the end of 2026 [16]. The House passed the KIDS Act 267 to 117 on July 9, and EFF's Senate-focused piece argues the bundled package produces the same identity-database problem every age-verification mandate creates [17]. The Anthropic identity thread held the privacy beat for two weeks running, with the EFF JAWBONE Act introduced June 11 framing the legislative counter-trend [15].

Convicted Fraudsters Are Pitching Phone-Hacking Services to the US Government

Brian Krebs at KrebsOnSecurity tied the Virginia federal-contractor registration Calvexa Group LLC, doing business as IRIS C2, to Jack Burkman and Jacob Wohl, the pair who pleaded guilty on October 24, 2022 in Cuyahoga County, Ohio to a single felony count of telecommunications fraud for the August 2020 voter-suppression robocall campaign. The FCC formally imposed a $5,134,500 civil penalty on the pair on June 6, 2023, the largest the agency has ever sought under the Telephone Consumer Protection Act [1][3].

The IRIS C2 site publishes an exploit-acquisition payout schedule that runs from $10,000 to $7 million, with $5 million to $7 million reserved for a zero-click, full remote-exploit chain against iOS, $3 million to $5 million for an Android zero-click chain, and lower tiers for one-click variants and persistence modules. Submissions require exclusivity and current-version targets only. The page notes the entire program is "subject to U.S. Export Administration Regulations (EAR) and ITAR" [2].

Krebs reported that Wohl told him the company originally launched as a penetration testing shop before pivoting to selling phone-hacking services to the government, and claimed IRIS C2 holds active federal contracts. Krebs was unable to surface any direct awards on the public record. The firm's registered mailing address traces back to Burkman's Arlington, Virginia lobbying operation [1]. A separate Molly White report in Citation Needed, drawing on a February 2026 Foreign Agents Registration Act filing, ties Burkman and Wohl to a $300,000 retainer from Andean Medjedovic, a Canadian wanted in the United States, Canada, and the Netherlands for alleged exploits against KyberSwap and Indexed Finance [18]. The structural pattern is a federal-contractor registration running alongside foreign-client lobbying for a presidential pardon, in the same week a phone-hacking shop goes live. Our Day-3 brief covers the IRIS C2 corporate trail and the Medjedovic retainer [3].

EU Parliament Could Not Block Chat Control 1.0. The Rule Heads to the Council.

The European Parliament voted on July 9, 2026 on a motion to reject the renewed interim Child Sexual Abuse Regulation, the rule critics call Chat Control 1.0. 314 MEPs voted against, 276 voted in favor, and 17 abstained. The rejection motion needed an absolute majority of 361, and it fell short. A separate amendment to restrict scanning to judicially flagged accounts drew 322 in favor and 255 against, again short of the threshold [4][5].

The interim rule extends suspicionless server-side scanning of direct messages on Instagram, Discord, Snapchat, Skype, and Xbox, plus email on Gmail and iCloud, on unencrypted platforms, and does not require warrants or prior suspicion. End-to-end encrypted services were exempted, though that exemption is largely symbolic: an E2EE provider cannot inspect message contents in transit in the first place. Patrick Breyer, the former Pirate Party MEP who has tracked the file since its first reading, said the outcome "is a farce and damages democracy," that "our children are the real losers," and that the political fight over the permanent Chat Control 2.0 is "just getting started" [4][5].

The amended position now goes to the Council of the European Union, which has roughly three months to approve or reject the rule. If approved, the interim scanning regime is valid until 2028 or until a permanent solution passes. The permanent CSAR file, Chat Control 2.0, is the one that tries to force client-side scanning while preserving E2EE on paper, and five trilogue rounds have ended without agreement. Our Day-3 brief carries the Council procedure and the trilogue calendar [5].

GitHub Copilot Refuses in Chat, Complies in Code

Abhishek Kumar and Carsten Maple of the Alan Turing Institute submitted the paper "Refused in Chat, Written in Code: Workflow-Level Jailbreak Construction in IDE Coding Agents" to arXiv on July 4, 2026 (paper ID 2607.03968). The test target was GitHub Copilot inside Visual Studio Code, running on Claude Sonnet 4.6, Claude Haiku 4.5, Gemini 3.1 Pro, and Gemini 3.5 Flash [6][7].

The researchers drew 204 harmful prompts from three standard red-team benchmarks: Hammurabi's Code, HarmBench, and AdvBench. In three baseline conditions (direct chat, CSV-read, single-step code-fix) the models produced 8 of 816 successful unsafe responses, a near-complete refusal rate. Wrap the same prompts inside an ordinary multi-step IDE workflow and the models produced 816 of 816 unsafe responses, a 100% hit rate [6][7].

The technique the authors describe is treating a harmful prompt as input data to a routine coding pipeline rather than asking the model to refuse the prompt in chat. The Register's read is that "a model that refuses harmful prompts in isolation may still fail once the same objective is embedded inside an ordinary multi-turn IDE session" [7]. The fix the paper recommends is benchmarking the full agent trajectory, intermediate files, generated examples, and artifacts, rather than the chat reply alone. Cursor, Cline, and Windsurf are the next wave of IDE coding agents the researchers intend to test under the same protocol. Our brief covers the methodology and the procurement-vendor angle [6][7].

Body-Cam: A Florida Deputy Used ALPR Tools to Stalk a Woman He Met on Set

404 Media's Jason Koebler published body-camera footage on July 6, 2026 showing Monroe County Sheriff's Deputy Lamar Roman using two law-enforcement surveillance tools to track down a woman he had met while working a security detail on the AppleTV+ production Bad Monkey. Roman pulled her vehicle information from DAVID, the Florida Department of Motor Vehicles database restricted to law enforcement, then added her license plate to an ALPR hotlist, a category that turns fixed and mobile plate cameras into real-time informants that flag an officer's phone whenever her vehicle passes one [8].

The body-cam shows Roman accelerate to 70 mph on a two-lane Keys highway, pass a dump truck in a no-passing zone, cross the double-yellow line to overtake a second truck and a third, then "almost cause a head on collision while passing as a white truck traveling northbound had to veer off the roadway to avoid a collision," according to Roman's own statement to investigators [8]. Roman told internal investigators he had seen the woman as "a 'shiny thing,'" and conceded the lookups were improper: "I knew that when I put [her into DAVID], I'm like 'fuck' and that's why I stopped right after and nothing else" [8].

The Roman case is the clearest recent demonstration that the ALPR infrastructure sold as "public safety" has no check on an individual officer using it to pursue a private citizen. Flock Safety alone reports roughly 20 billion plate reads per month across 5,000 plus communities. The warrant bills moving in Minnesota, Colorado, and Kentucky are the legislative response. Our brief carries the FOIA drop and the legislative calendar [8].

Every New Car in the EU Now Ships With a Camera Pointed at Your Face

The EU General Safety Regulation's Advanced Driver Distraction Warning rule took effect July 7, 2026. Every new passenger car sold in the EU must include a small infrared camera mounted near the steering column or dashboard that tracks where the driver's eyes are pointing. Once the car is moving above roughly 20 km/h, the camera fires a warning if the driver looks away from the road for more than 3.5 seconds at highway speed, or more than 6 seconds at lower speeds. The driver cannot turn the system off permanently; manually switching it off only works until the next drive [9][10].

Article 6(3) of the General Safety Regulation tells carmakers the system "must not continuously record or retain data beyond what is necessary" for the warning to work, a closed-loop claim that the data stays on the head unit. All About Cookies reported on July 7 that the regulation does not specify an independent audit mechanism for ADDW compliance and leaves the definition of "necessary" open. The same outlet tested the system in an Xpeng P7+ and found the camera activates aggressively in normal driving; a Reddit user quoted by the outlet described a Ford Puma that, ten minutes into a drive, started telling the driver to take a break with an amber light and a loud chime [9].

The reason the audit gap matters is the industry's track record. Mozilla's September 2023 review of 25 car brands gave every brand a "Privacy Not Included" warning; 100% were dinged for collecting more personal data than necessary and using it for purposes beyond operating the vehicle, 84% could share data with service providers, brokers, and other businesses, 76% could sell personal data outright, and 56% could share information with law enforcement in response to an informal request rather than a court order. Our brief covers the closed-loop claim and the Mozilla baseline [10].

Meta Patents an Always-On Audio Wearable That Reads Mood From Sighs

Meta filed a patent in December 2025 for a wearable that listens to its wearer all day, infers emotion from speech, sighs, and laughter, and tries to correlate mood with the time the user takes medication. The US patent office published it on July 2, 2026. The Patentlyze newsletter was first to flag it. A Meta spokesperson told 404 Media the filing is routine and does not mean the company will build the device [11].

The patent describes an "apparatus" that would "surveille a user and their surroundings constantly to craft a better workout" and would feed ambient audio into an "emotional-state machine learning model" that would "interpret verbal and nonverbal cues to determine emotional indicators." The patent's stated listening target is audio cues including sighs, laughter, and the tone of the user's voice [11].

The medication correlation is the line that fuses two data streams US health-privacy law treats very differently. A consumer wearable that builds either stream, let alone links them, is operating in a regulatory no-man's-land between HIPAA-covered medicine and FTC-covered consumer electronics. Sixty-four civil-society organizations have formally asked Meta not to add facial recognition to its smart glasses. Senators Markey, Wyden, and Merkley have written to the company with the same request, and the Texas attorney general has opened an investigation. Our brief carries the patent text and the smart-glasses coalition context [11].

EU Civil-Liberties Groups Press the Commission on the Pegasus Hit on PEGA's Kouloglou

Amnesty International's Security Lab and the Centre for Democracy and Technology Europe issued a joint statement on July 6, 2026 calling on the European Commission to investigate the Pegasus infection of former Greek MEP Stelios Kouloglou, who Citizen Lab confirmed on July 3 was hacked with Pegasus twice while sitting as a substitute member of the European Parliament's PEGA Committee. Elina Castillo Jiménez, advocacy and policy advisor at Amnesty's Security Lab, said the case "raises serious concerns about the integrity of independent oversight at the highest levels in Europe" and "is yet another wake-up call that the protections that were put in place to prevent this kind of abuse are still not being implemented in Europe" [12][13].

The two groups are asking the EU to deliver on four items: the Directorate-General for Information Technologies and Cybersecurity must launch a thorough investigation and identify the Pegasus customer behind the infection; the Commission must "urgently and publicly" respond to the PEGA Committee recommendations adopted in May 2023; victims of EU spyware abuse must be guaranteed effective remedies; and the 2021 Dual-Use Regulation, the EU export-control law that governs spyware, has to be reformed to reflect the PEGA recommendations. Castillo Jiménez closed with the line that captures the civil-society frustration: "Europe cannot continue moving from scandal to scandal without consequence" [12].

Citizen Lab's forensic reconstruction puts the first infection on October 21, 2022, with the iPhone looking up an email address through HomeKit and a Pegasus process using mobile data two minutes later. The second infection period, March 6 to 7, 2023, was assessed as likely linked to the same PWNYOURHOME zero-click exploit. The infections touched at least two EU jurisdictions, Greece and Belgium, which Citizen Lab reads as suggesting "a Pegasus customer with authorization to spy in multiple European countries." Our Pegasus-on-PEGA writeup covers the forensic timeline and the dual-use-reform ask [13][19].

Anthropic's Consumer ID Verification Went Live. Persona Is the Named Partner.

Anthropic's updated consumer-accounts privacy policy, last revised 2026-06-08 and effective July 8, 2026, mandates government ID verification for "certain capabilities" on Claude Free, Pro, and Max plans. Team, Enterprise, Claude Developer Platform, and other commercial products are explicitly excluded. The verification partner is Persona Identities, named in the policy article itself. The Reddit submission that surfaced the policy, posted on r/ClaudeAI on June 21, 2026, crossed 132 points on Hacker News in under five hours, with a 0.99 comments-per-point ratio that is the deeply-engaged-reader signal on a fresh break [14][15].

The verification-partner choice is the structural event that determines the data-handling arrangement. Persona's prior record on AI verification is documented in the February 2026 Hacker News thread "OpenAI, the US government and Persona built an identity surveillance machine," the canonical reference thread on the Persona-OpenAI-government arrangement. Anthropic has not published a data-handling whitepaper that names the data Anthropic retains from the Persona flow, the data retention duration, the data-sharing arrangement between Anthropic and Persona, or the data-access controls. The failure mode matches the OpenAI pattern: if you fail verification, you are permanently locked out from the top models, and Anthropic is not clear about this upfront. Our brief carries the policy text and the EFF JAWBONE Act counter-trend [14][15].

What to Watch This Week

Council of the EU, within roughly three months. The Parliament's amended Chat Control 1.0 position goes to the Council, which has the next move. If the Council approves, the interim scanning rule is valid until 2028 [4][5].

Senate on the KIDS Act. The House passed the KIDS Act 267 to 117. EFF's July 9 piece notes the vehicle now heads to the Senate, where its fate remains uncertain. Watch whether the Senate moves the bundled package, splits it, or lets it stall [17].

Any direct IRIS C2 award on the public record. Wohl says IRIS C2 holds federal contracts and is not at liberty to discuss them. Until something on USAspending or a prime-contractor disclosure moves, the gap between the pitch and the paperwork is the story [1].

The Commission's response to the Pegasus-on-PEGA joint call. The Amnesty Security Lab / CDT Europe statement asks for an "urgent and public" status update on the May 2023 PEGA recommendations. The first test is whether the Commission acknowledges the ask at all [12].

The Anthropic verification failure mode in the wild. First-week reports from users locked out by the Persona flow are the cleanest read on whether the policy is enforceable at scale and whether the OpenAI pattern (permanent lockout, no retry) repeats. Our Day-13 brief tracks the rollout and the EFF JAWBONE Act angle [14][15].

Sources

  1. Brian Krebs, KrebsOnSecurity: Felons, Fraudsters Flog Offensive Cybersecurity Startup, July 8, 2026. https://krebsonsecurity.com/2026/07/felons-fraudsters-flog-offensive-cybersecurity-startup/
  2. IRIS C2: Exploit Acquisition page (public payout schedule, irisc2.com). https://irisc2.com/exploit-acquisition
  3. State of Surveillance: Convicted Fraudsters Run a Phone-Hacking Startup Pitching the US, the IRIS C2 vessel. /news/wohl-burkman-iris-c2-zero-day-exploit-shop-2026
  4. Patrick Breyer: EU Parliament greenlights Chat Control 1.0: "Our children lose out," July 9, 2026. https://www.patrick-breyer.de/en/eu-parliament-greenlights-chat-control-1-0-breyer-our-children-lose-out/
  5. State of Surveillance: Daily Surveillance Briefing, July 10, 2026: EU Parliament Lets Chat Control Live, the Day-3 brief with the Council procedure. /news/daily-surveillance-briefing-july-10-2026
  6. arXiv 2607.03968: Refused in Chat, Written in Code: Workflow-Level Jailbreak Construction in IDE Coding Agents, Abhishek Kumar and Carsten Maple, July 4, 2026. https://arxiv.org/abs/2607.03968
  7. The Register, Jessica Lyons: GitHub Copilot: Sorry Dave, I can't do that harmful thing, unless you ask me in code, July 8, 2026. https://www.theregister.com/security/2026/07/08/github-copilot-sorry-dave-i-cant-do-that-harmful-thing-unless-you-ask-me-in-code/5268654
  8. State of Surveillance: Body-Cam Footage: Florida Deputy Used ALPR Tools to Stalk a Woman, the 404 Media FOIA drop vessel. /news/florida-deputy-lamar-roman-alpr-david-stalking-2026
  9. All About Cookies, Krishi Chowdhary: All Cars Sold in the EU Now Require a Camera Aimed at Your Face. It's Still Not Clear Where That Data Goes, July 7, 2026. https://www.allaboutcookies.org/eu-mandatory-distracted-driver-system
  10. State of Surveillance: EU Mandates Driver-Monitoring Cameras in Every New Car, the ADDW vessel. /news/eu-addw-driver-monitoring-camera-mandatory-2026
  11. State of Surveillance: Meta Patents Always-On Audio Wearable That Reads Mood, the Meta wearable patent vessel. /news/meta-patent-wearable-audio-emotion-medication-adherence-2026
  12. The Register: EU urged to act after Pegasus infects phone of spyware inquiry MEP, July 6, 2026. https://www.theregister.com/security/2026/07/06/eus-latest-spyware-scandal-prompts-calls-for-urgent-action/5267054
  13. State of Surveillance: Citizen Lab Confirms Pegasus Hit Greek MEP on PEGA Committee, the Citizen Lab Report 194 vessel. /news/citizen-lab-greek-mep-pegasus-pega-committee-hack-2026
  14. State of Surveillance: Anthropic to Require ID Verification for Certain Capabilities July 8, the Persona verification vessel. /news/anthropic-id-verification-consumer-capabilities-july-8-2026
  15. State of Surveillance: Daily Surveillance Briefing, July 10, 2026: EU Parliament Lets Chat Control Live, the EFF JAWBONE Act and Anthropic identity thread references. /news/daily-surveillance-briefing-july-10-2026
  16. The Register: Brit supermarket giant triples down on facial recognition to nab shoplifters, July 6, 2026. https://www.theregister.com/security/2026/07/06/brit-supermarket-giant-triples-down-on-facial-recog-to-nab-shoplifters/5266935
  17. EFF Deeplinks: The House passed the KIDS Act: the Senate should reject it, July 9, 2026. https://www.eff.org/deeplinks/2026/07/house-passed-kids-act-senate-should-reject-it
  18. Molly White, Citation Needed, Issue 103: The President's Council of Podcasters, March 31, 2026. https://www.citationneeded.news/issue-103/
  19. State of Surveillance: EU Civil-Liberties Groups Demand Action on Pegasus Hit on PEGA MEP, the Amnesty/CDT joint call vessel. /news/eu-amnesty-cdt-pegasus-kouloglou-pega-action-call-2026