Today in Surveillance:
- LAPD's inspector general counted 161 innocent drivers pulled over on false stolen-vehicle flags. The Office of the Inspector General audited August and September 2025 and found 210.5 million plate reads, 5,911 distinct plates flagged, no action on 4,575 of them, and 74 arrests. LAPD let its Flock Safety contract expire over the weekend of July 11, 2026 [1][2].
- CISA pushed a fresh SharePoint advisory after three CVEs were caught under active exploitation. CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164 ride the same chain CISA warned about in August 2025: an authenticated user with Site Member permissions lands RCE, attackers steal the IIS machine key, and persist long after the patch [3][4][5].
- Anthropic removed a hidden Unicode tracker from Claude Code. The steganographic marker read the user's base URL and timezone, then rewrote a routine "Today's date is..." string so that an invisible apostrophe character and the date separator encoded a four-bit signal flagging Chinese AI labs, gateways, and Asia/Shanghai or Asia/Urumqi timezones. Anthropic engineer Thariq Shihipar called it "an experiment" [6][7][8].
- The House passed the KIDS Act 267-117. EFF, Senator Richard Blumenthal, and a coalition of more than 90 kids-safety organizations that backed the original KOSA are now urging the Senate to reject the package, arguing the duty-of-care provision was stripped and the age-verification language builds an ID database across the open web [9][10][11].
- The Register reported two more SharePoint bugs sitting in the "more likely to be exploited" bucket. CVE-2026-55040 (CVSS 9.1) and CVE-2026-58644 (CVSS 9.8) have not yet been seen in the wild, but Microsoft labeled exploitation "More Likely" on both [3].
Also today: The LAPD audit found that officers routinely treated a "hot list" alert as probable cause for a high-risk stop, with backup units, air support, a supervisor, and the driver ordered out of the car, in violation of the department's own policy that requires officers to "attempt to verify the accuracy of the ALPR alert prior to conducting a stop" [1][2]. CISA told organizations to threat hunt for signs of intrusion before rotating the IIS machine keys, since rotating first tips off the attacker and burns the forensic trail [3]. Microsoft patched a record 622 CVEs in July Patch Tuesday, more than tripling June's 206-CVE figure [12]. Anthropic's distillation-detection stack already names DeepSeek, Moonshot AI, and Zhipu as targets of large-scale extraction campaigns, with February 2026 figures of 150,000-plus exchanges at DeepSeek, more than 3.4 million at Moonshot, and more than 13 million at Zhipu [13]. The Senate's standalone KOSA passed 91-3 with bipartisan support, the margin Issue One and Blumenthal are measuring the House package against [11].
LAPD Let Its Flock Contract Expire After an Audit Counted 161 Innocent Stops
LAPD's Office of the Inspector General audited the department's automated license plate readers for August and September 2025 and counted 161 innocent drivers who were pulled over after the system flagged their cars as stolen. During the same two months the system captured 210.5 million plate reads, flagged 5,911 distinct plates, took no action on 4,575 of them, and produced 74 arrests and 337 stolen-vehicle recoveries [1][2]. LAPD allowed its Flock Safety contract to expire over the weekend of July 11, 2026, two days before 404 Media published the audit, and said it would not enter new ALPR contracts until completing a full audit process [1].
The audit report, numbered BPC 26-184, found that officers routinely treated a hot-list alert as probable cause to escalate the encounter into what the report describes as a high-risk stop, with backup units, air support, a supervisor, and the driver ordered out of the car [1][2]. Department policy requires officers to "attempt to verify the accuracy of the ALPR alert prior to conducting a stop" [1]. The audit found officers often did not verify. LAPD still runs roughly 2,000 ALPR cameras across Flock, Motorola static readers, and Axon in-car systems [1]. The Flock deal is the first of LAPD's ALPR contracts to fall.
LAPD's defense, in a statement to 404 Media, was that the false positives come from data the department does not control: "the timing of record updates outside of the Department's control, such as delays by another jurisdiction or a vehicle owner in clearing a plate from a Hot List after a vehicle has been recovered or is no longer wanted" [1]. That is the structural risk the national Flock network creates: a stolen-vehicle plate entered by a department in California can surface as a hit to a patrol car in Minnesota, Tennessee, or Florida within minutes, and the originating department is responsible for clearing the entry once the car is recovered. If the originating department is slow to update, the alert keeps firing on innocent drivers for as long as it sits in the hot list. The audit called this out as a structural risk of networking different surveillance systems together. The Drive's Joel Feder spent a week as a moving target after a similar mix-up sent four squad cars into a Kohl's parking lot in Plymouth, Minnesota, in June 2026 [14]. The most serious documented case so far is Lindsey Isaacs, a 23-year-old Volusia County, Florida woman held in solitary confinement for 13 days on vehicular-homicide charges after a single Flock ping placed her black 2025 Dodge Durango near an October 4, 2025 crash that killed three people. State investigators had told a Florida Highway Patrol trooper her SUV had collision damage; her attorney, former traffic homicide investigator Patrick McGeehan, said the vehicle was "in immaculate condition" with "not a scratch on it." All charges were dropped after the actual suspect, 47-year-old Alisa Montalvo, was arrested [15]. The LAPD full brief carries the audit details and the OIG recommendations [2].
Anthropic Removed a Hidden Unicode Tracker From Claude Code
An independent developer writing as Thereallo found that Anthropic had embedded a steganographic classifier inside Claude Code, the company's command-line agent. The code inspected the user's ANTHROPIC_BASE_URL environment variable, parsed the hostname, read the system timezone, and silently rewrote a routine "Today's date is..." string in the system prompt so that the apostrophe character, and the date separator, encoded a four-bit signal: whether the hostname matched a known Chinese AI lab, whether it matched a known proxy or gateway, whether the timezone was Asia/Shanghai or Asia/Urumqi, and whether the lab keyword list matched [6][7]. Anthropic engineer Thariq Shihipar confirmed the mechanism on X and described it as "an experiment we launched in March" meant to prevent "account abuse from unauthorized resellers" and "distillation." The removal pull request was merged by July 1, 2026 [6].
There are four bits. The first is the apostrophe. A plain ASCII apostrophe (') means neither the host nor the lab-keyword list matched. A right single quotation mark (U+2019) means the host matched. A modifier letter apostrophe (U+02BC) means the lab-keyword list matched. A modifier letter prime (U+02B9) means both matched [7]. The second bit is the date separator. If the system timezone was Asia/Shanghai or Asia/Urumqi, the hyphens in the date were replaced with slashes, so "2026-06-30" became "2026/06/30" [7][8]. The blocklists were hidden too. The list of hostnames and the list of lab keywords were base64-encoded and XOR-scrambled with the key 91, then split on commas inside the bundle [7]. Thereallo's decoded lab-keyword list, pulled from the binary, included deepseek, moonshot, zhipu, bigmodel, baichuan, stepfun, 01ai, dashscope, and volces [7].
The political frame is the same one the existing Anthropic-Alibaba distillation case covers: a White House Executive Order on protecting U.S. AI from foreign adversaries issued in June 2026, and a Senate amendment to must-pass defense legislation from Senators Bill Hagerty (R-TN) and Andy Kim (D-NJ) that would let the executive branch blacklist or sanction Chinese firms found improperly accessing U.S. AI model outputs [6][13]. Anthropic's distillation-detection stack already names DeepSeek, Moonshot AI, and Zhipu as targets. Anthropic's account: DeepSeek ran more than 150,000 exchanges targeting reasoning capabilities. Moonshot AI ran more than 3.4 million exchanges targeting agentic reasoning, coding, and computer-use agent development. Zhipu ran more than 13 million exchanges targeting agentic coding and tool use [13]. The marker is, in effect, the client-side piece of a much larger architecture that pairs server-side classifiers with federal policy pressure on Chinese AI labs. The Claude Code full brief covers the disclosure and the binary SHA256 hash [18].
The House Passed the KIDS Act. The Senate Coalition Wants It Killed.
The House passed H.R. 7757, the Kids Internet and Digital Safety (KIDS) Act, on June 29, 2026 by 267-117 [9][11]. EFF, Senator Richard Blumenthal (D-Conn.), and a coalition of more than 90 kids-safety organizations that previously backed KOSA are now urging the Senate to reject the package, arguing the duty-of-care provision was stripped and the age-verification language builds an ID database across the open web [9][10][11]. India McKinney, an EFF policy analyst, framed the bill on July 9 as a "disjointed package of legislation that seeks to control Americans' web browsing and private messaging" that "pressures companies to police lawful speech online" [9]. The structural problem, EFF argues: "There is no way to determine a user's age online that is both privacy protective and accurate" [9].
Blumenthal's published statement: "KOSA without a duty of care isn't KOSA. It is a blank check to Mark Zuckerberg to exploit children. The House's toothless and tepid capitulation is dead in the Senate and a betrayal of families suffering from Big Tech's greed" [10]. Issue One summarized the change bluntly: "the bill cuts the Senate's duty of care" and replaces "enforceable rules with a vague requirement to 'maintain policies'" [11]. Issue One, "along with more than 90 other kids' safety organizations who have worked on the bill for years, urges Congress to vote NO" [11]. The Senate's standalone KOSA passed 91-3 with bipartisan support, the margin Issue One and Blumenthal are measuring the House package against.
The substantive provisions lift COPPA's protections above age 13 to cover teenagers, ban targeted advertising to minors, restrict dark-pattern features (push notifications, autoplay, infinite scrolling), and add obligations around AI chatbots accessible to minors [10]. What is not in the bill is the duty-of-care provision the Senate's standalone KOSA carried. To avoid liability under the KOSA section's "knows or should have known" knowledge standard, platforms will collect proof of age up front, and the practical methods are "driver's licenses or passports" plus "age-estimation systems that attempt to guess users' ages by looking at existing activity or doing facial scans" [19]. Age-estimation tools "fail more frequently" for people of color, people with disabilities, and trans and nonbinary users, and routinely misclassify children, the population the law is supposed to protect [19]. The KIDS Act full brief covers the Senate referral and the duty-of-care amendment math [20].
What to Watch This Week
The Board of Police Commissioners vote on the OIG recommendations. LAPD said it would not enter new ALPR contracts until completing a full audit process, but roughly 2,000 ALPR cameras remain in service across the department under the Flock, Motorola static, and Axon in-car systems [1]. The inspector general's recommendations have not yet been voted on by the Board of Police Commissioners, and the OIG did not call for the existing Flock, Motorola, or Axon hardware to be turned off while the audit plays out. The structural fix the OIG pointed at, alerts generated by one jurisdiction's stale hot-list entries propagating to a patrol car in another jurisdiction, is the part to watch [2].
AMSI coverage gaps in federal SharePoint farms. CISA's checklist hinges on AMSI integration for SharePoint web applications, but several older SharePoint farm configurations do not have it enabled by default. The first agency post-mortem showing AMSI was off, and that off-state was the difference between detection and compromise, will be the most useful data point in the next 30 days [3].
Anthropic's postmortem on the hidden tracker. Shihipar described the marker as "an experiment we launched in March" and said the team "had been meaning to take this down for a while." The Register asked Anthropic to specify what the "stronger mitigations" are and got no answer [6]. A formal postmortem that names the marker, the dates it ran, the data it sent, and the retention policy for the collected signal is the next obvious document.
The Senate Commerce Committee on the KIDS Act. H.R. 7757 went to the Senate the week of July 6. The first procedural test is whether the Senate Commerce Committee takes up the House text or builds a new vehicle around the 91-3 KOSA. Blumenthal's "dead in the Senate" line is the loudest version of the latter scenario [10][11]. Watch for a duty-of-care amendment if the House text reaches the floor.
Sources
- 404 Media: "LAPD Regularly Pulled Over Innocent People Because License Plate Readers Flagged Their Cars as Stolen" (July 13, 2026). https://www.404media.co/lapd-regularly-pulled-over-innocent-people-because-license-plate-readers-flagged-their-cars-as-stolen/
- State of Surveillance: "LAPD Flock Audit: 161 Innocent Stops Drop ALPR Contract," the brief on the BPC 26-184 audit. /news/lapd-flock-161-innocent-stops-audit-2026
- The Register, Connor Jones: "CISA sounds alarm over trio of exploited SharePoint flaws" (July 15, 2026). https://www.theregister.com/security/2026/07/15/cisa-sounds-alarm-over-trio-of-exploited-sharepoint-flaws/5271814
- The Register, Connor Jones: "Microsoft said exploitation was 'less likely' but CISA just added SharePoint RCE to KEV list" (July 2, 2026). https://www.theregister.com/security/2026/07/02/microsoft-said-exploitation-was-less-likely-but-cisa-just-added-sharepoint-rce-to-kev-list/5265886
- CISA: "CISA Urges SharePoint Hardening After New Exploitations" (July 14, 2026). https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations
- The Register, Thomas Claburn: "Anthropic is removing its covert code for catching Chinese competitors" (July 1, 2026). https://www.theregister.com/ai-and-ml/2026/07/01/anthropic-is-removing-its-covert-code-for-catching-chinese-competitors/5265366
- Thereallo: "Claude Code Is Steganographically Marking Requests" (researcher disclosure, June/July 2026). https://thereallo.dev/blog/claude-code-prompt-steganography
- Malwarebytes, Pieter Arntz: "Claude Code's hidden tracker was an 'experiment,' says Anthropic" (July 7, 2026). https://www.malwarebytes.com/blog/news/2026/07/claude-codes-hidden-tracker-was-an-experiment-says-anthropic
- EFF Deeplinks, India McKinney: "The House Passed the KIDS Act. The Senate Should Reject It" (July 9, 2026). https://www.eff.org/deeplinks/2026/07/house-passed-kids-act-senate-should-reject-it
- Crowell: "House Advances Bipartisan Kids' Online Safety Bill, But Senate Showdown Looms" (June 29, 2026). https://www.crowell.com/en/insights/client-alerts/house-advances-bipartisan-kids-online-safety-bill-but-senate-showdown-looms
- Issue One, Isabel Sunderland: "Vote Recommendation: VOTE NO on the KIDS Act" (June 29, 2026). https://issueone.org/articles/vote-recommendation-vote-no-on-the-kids-act/
- The Register: "Patchpocalypse now: Microsoft tops last month's record with 622 Patch Tuesday CVEs" (July 14, 2026). https://www.theregister.com/security/2026/07/14/patchpocalypse-now-microsoft-tops-last-months-record-with-622-patch-tuesday-cves/5271434
- Anthropic: "Detecting and Preventing Distillation Attacks" (February 23, 2026). https://www.anthropic.com/news/detecting-and-preventing-distillation-attacks
- The Drive: "How Flock Cameras Wrongly Tracked Me for Days Over Stolen Plates and Sent Police After Me" (June 2026). https://www.thedrive.com/news/how-flock-cameras-wrongly-tracked-me-for-days-over-stolen-plates-and-sent-police-after-me
- MotorBiscuit: "Innocent 23-Year-Old Jailed for Fatal Crash Because She Drove a Dodge Durango" (July 13, 2026). https://www.motorbiscuit.com/innocent-23-year-old-jailed-for-fatal-crash-because-she-drove-a-dodge-durango/
- Microsoft Security Blog: "Disrupting active exploitation of on-premises SharePoint vulnerabilities" (July 22, 2025). https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
- State of Surveillance: "SharePoint ToolShell Returns: Three CVEs Under Active Attack," the brief on the chain, the CISA hardening list, and the federal-civilian deadline. /news/cisa-sharepoint-toolshell-active-exploit-chain-2026
- State of Surveillance: "Anthropic Hid a Steganographic Tracker in Claude Code," the Thereallo disclosure and SHA256 hash brief. /news/anthropic-claude-code-steganographic-tracker-discovery-2026
- EFF Deeplinks, Joe Mullin: "The KIDS Act Would Require Age Checks to Get Online" (June 24, 2026). https://www.eff.org/deeplinks/2026/06/kids-act-would-require-age-checks-get-online
- State of Surveillance: "KIDS Act: Age Verification Bill the Senate Must Reject, EFF Says," the brief on the Senate referral and the duty-of-care amendment math. /news/kids-act-house-passed-eff-senate-reject-2026