Daily Surveillance Briefing: June 28, 2026

The FCC's Anti-Robocall Proposal Is a Federal KYC Mandate on Every Phone Number

The Federal Communications Commission's proposal to curb illegal robocalls would require every US telecom to collect a customer's government-issued ID and physical address before issuing a phone number, under an enhanced Know Your Customer rule. EFF's Chao Liu and Cooper Quintin published the structural critique on June 25 in a Deeplinks post titled "The FCC's Spam Call Proposal Is Just a Data Collection Scheme." The post is joined by ACLU and a coalition of 17 state attorneys general, all urging the FCC to abandon the rule. Reply comments are due to the FCC's Electronic Comment Filing System by July 26 ^[1][2][3].

The EFF argument runs in three directions. First, the rule will not reduce unwanted calls, because a significant proportion originate overseas and the technical fix is full STIR/SHAKEN call-authentication deployment, currently under 50%. Second, the rule kills anonymous phone service. "This is a move to shut down the very existence of anonymous phones, aka burner phones." Anonymous lines are a lifeline to survivors of domestic violence and trafficking, to people without stable housing, to undocumented immigrants, and to the roughly 15 million US adults who do not hold a driver's license. None of those groups would get a number under the proposed rule. Third, the rule hands carriers a fresh identity-verification cache. EFF's framing is direct: "If telecoms can't even protect the most sensitive communications infrastructure in the nation how can we expect that they will protect our identities?" ^[1][2]

The surveillance angle is the data-broker angle. The 17-state attorneys general letter running through June on the federal data-broker loophole, and the companion FISA 702 reform track, are the structural prediction for what happens to the FCC's new ID cache once it is built. The cache is the prize. The carriers will be the legal layer between the cache and the law-enforcement and intelligence requests that follow. Our brief tracks the EFF and ACLU filings and the comment-window deadlines ^[3][14].

EFF, TEDIC and CEJIL Filed an IACHR Petition Over Paraguay's Secret Asunción Facial-Recognition System

EFF, TEDIC (Asociación de Tecnología, Educación, Desarrollo, Investigación, Comunicación) and CEJIL (Centre for Justice and International Law) filed a petition on Friday June 19, 2026 with the Inter-American Commission on Human Rights against the State of Paraguay. EFF's Karen Gullo and Veridiana Alimonti published the writeup on June 25. The originating request came from Maricarmen Sequera, TEDIC's executive director, after Paraguay's Ministry of the Interior and National Police denied her 2019-era freedom-of-information request for details on the live facial-recognition system installed in Asunción ^[4][5][6].

The petition asks for four remedies. First, recognition that Paraguay violated access-to-information and privacy rights. Second, an order requiring Paraguay to deliver the originally requested implementation, protocol, and personal-data processing details. Third, mandatory permanent active-transparency mechanisms on the acquisition, contracting, implementation, financing, functioning, and use of any surveillance technology that processes biometric data or uses AI. Fourth, mandatory human-rights and data-protection impact assessments before any future procurement. The State had classified most of the requested information as "confidential security information," and domestic court challenges upheld the denial. Gullo's structural read is direct: "Opacity in matters of security and surveillance is the unsettling rule," and the IACHR action is "a case that can set a crucial precedent for the region" ^[4][5].

This is the first major cross-border IACHR action on a Latin American live facial-recognition deployment. The Asunción system has been running since 2019 without published DPIAs, without published audit logs, and without a transparency mechanism of any kind. The petition converts the secrecy question from a domestic FOIA fight into a regional human-rights precedent. Our brief tracks the four remedies and the domestic case history ^[6].

California's AB 2047 Heads to the Senate Over EFF Objections

The California State Assembly passed AB 2047, the California Firearm Printing Prevention Act, on June 25, 2026 and the bill now heads to the state Senate. EFF's Rory Mir and Cliff Braun published the structural analysis on June 26 in a Deeplinks post titled "We Can Still Stop California's 3D Printer Surveillance Scheme." EFF is asking California residents to call their state senators through the EFF action page before the bill moves through Senate Appropriations and reaches a floor vote ^[7][8].

EFF's read on the Assembly-amended version is that it is "a mix of silver linings and broken carveouts." One carveout is real: the resale carveout for individuals who bought their 3D printer before the mandated censorship software existed. Three are partial fixes that do not change the underlying structure. The open-source carveout applies only to tools that ship with compliant censorship software. The performance standard for the scanning algorithm was downgraded from "effectively prevent" to "substantially reduce the likelihood of foreseeable circumvention." The entertainment-industry carveout protects big studios and leaves indie filmmakers and cosplayers out. The bill now leaves a self-policing standard with non-governmental third parties. EFF's structural read is that the bill is no longer pretending to be effective, only to be active. The scanning infrastructure that reports firearm patterns also reports every other pattern. The DOJ database is one access-control failure or one data-broker sale away from becoming a registry of every print run on every California 3D printer ^[7][8].

California is not alone. New York's parallel budget bill would create felony charges for design-file possession and would require print-blocking censorware on every 3D printer sold in the state. The combined track is the structural event: 3D-printer surveillance legislation is no longer a one-state story. Our brief tracks the four amendments and the New York parallel ^[8].

Ten Days Until Anthropic Starts Asking for Your Government ID

Anthropic's updated consumer-accounts privacy policy takes effect July 8, 2026, ten days from today. The policy mandates government ID verification for "certain capabilities" on Claude Free, Pro and Max plans through Persona Identities. Team, Enterprise, Claude Developer Platform, and other commercial products are excluded. Anthropic's Day-10 update brief ran the structural anchors: the OpenAI failure mode from February 2026, which produced permanent lockout with no retry, is the documented UX record on the same verification vendor for the same use case ^[9][10][11].

Three structural anchors now converge on July 8. The EFF JAWBONE Act (Senators Cruz R-TX and Wyden D-OR, introduced June 11, 2026) creates a federal private cause of action for harms caused by biometric identification requirements in AI systems, and it names the Anthropic July 8 pattern as the practice the bill is designed to halt. The Illinois Biometric Information Privacy Act grants every Illinois Claude user a private right of action with damages from $1,000 per negligent violation to $5,000 per intentional or reckless one, and Anthropic's policy does not specify a retention period for verification data. The EU General Data Protection Regulation treats facial-geometry templates as a special category under Article 9, requiring a data protection impact assessment that Anthropic has not publicly confirmed has been completed ^[9][10][11].

The Day-10 brief covers the convergence in detail, including the HN comment-record failure mode, the BIPA practitioner exposure, and the GDPR Article 9 hook. For European, Indian (DPDP Act 2023), and other international Claude users, the next ten days are the structural countdown before the verification flow goes live with no confirmed DPIA on the public record. Our brief tracks the three anchors and the remediation-path gap ^[11].

The US Government Decides Who Gets the Frontier Models

Two structurally identical frontier-AI access frameworks landed in the same 24-hour window on June 26. The Trump administration asked OpenAI to limit GPT-5.6 to "a small group of trusted partners whose participation has been shared with the government." TechCrunch reported OpenAI's framing: the company does not believe this kind of government access process should become the long-term default, but is working with the administration to develop a "repeatable process for future model releases." The same day, Commerce Secretary Howard Lutnick signed a letter to Anthropic releasing Claude Mythos 5 to "more than 100 US institutions, including major companies and government agencies." Semafor, citing the Lutnick letter text, called the release "the beginnings of a new regulatory regime that gives the US government control over the release of frontier AI models" ^[18][19].

The arc is two weeks from the June 12, 2026 export-control directive that forced Anthropic to disable Fable 5 and Mythos 5 for every customer, foreign national or not, to the June 26 Lutnick letter that released Mythos 5 to 100+ vetted US institutions. The export-control authority has been repurposed, in 14 days, into a release-license authority. The Semafor piece quoted European officials expressing frustration at the new Washington dependency: the EU does not have a comparable frontier model, the EU does not have a comparable export-control authority, and the EU does not have a comparable licensing letter. European access to GPT-5.6 and Mythos 5 is now gated by an arrangement the EU cannot replicate, audit, or contest. Our brief tracks the two frameworks and the European dependency angle ^[18][19].

EFF: Lawmakers Must Act Now to Prevent Armed Police Drones

EFF's Matthew Guariglia published a June 26 Deeplinks post titled "Lawmakers Must Act Now to Prevent Armed Police Drones," arguing that cities and states should not procure weaponized drones or robots and that the restrictions must be statutory, not corporate. Guariglia's trigger was a public walkback by Skydio CEO Adam Bry, who told attendees at a June industry event that "we're going to write a policy or ban people from doing it. I think that's ultimately misguided," and added, "This is an area where I've gotten some things wrong" ^[12][13].

Skydio is one of the most prolific vendors of police drones in the US, holding numerous police contracts including Drone as First Responder (DFR) fleet supply. EFF's structural read: "Whether police arm drones domestically is currently based more on the internal ethical commitments of companies than it is any laws created by elected officials." EFF wants policies that cover both drones and robots, explicitly preventing deployment of bodily harm including deadly force and less-lethal measures such as kinetic strikes, pepper spray, rubber bullets, or tasers. Guariglia's closing framing: "We cannot continue to rely solely on the good will of companies that make their money selling technology to police departments to protect us from dangerous police technology" ^[12][13].

The Skydio walkback is the inflection point. The Drone as First Responder architecture is already running in US cities as a 911-overlay dispatch. Adding weapons to that overlay, even as a corporate-policy decision, converts the DFR drone into a deadly-force-on-launch tool. EFF wants the statutory line drawn before the next Skydio contract closes. Our brief tracks the Skydio contracts and the legislative ask ^[13].

What to Watch This Week

Sunday July 26. Reply comments on the FCC Know Your Customer robocall proposal are due to the FCC's Electronic Comment Filing System. The comment window is the only federal action moment on the rule. EFF, ACLU and the 17-state attorneys general coalition have already filed opening comments. Expect consumer-privacy and domestic-violence advocate filings in the reply window ^[1][2][3].

Wednesday July 8. Anthropic's Persona ID verification goes live for consumer Claude Free, Pro and Max accounts. The first wave of users who fail verification will face the OpenAI failure mode: permanent lockout from "certain capabilities" with no documented remediation path. EFF's JAWBONE Act (Cruz R-TX, Wyden D-OR, introduced June 11, 2026) and the Illinois BIPA private right of action are the structural litigation architecture that lights up on this date ^[9][10][11].

Senate Appropriations and floor. California AB 2047, the 3D printer surveillance bill, heads to the Senate Appropriations Committee before a floor vote. EFF is asking California residents to call their state senators through the EFF action page. Watch whether the open-source carveout, the performance standard downgrade, and the self-policing regime survive the Senate committee markup ^[7][8].

The IACHR process. The Inter-American Commission on Human Rights will docket the EFF/TEDIC/CEJIL petition against Paraguay over the secret Asunción facial-recognition system. The Commission's admissibility decision is the first major regional precedent on Latin American live facial-recognition transparency ^[4][5][6].

Sources

1. EFF Deeplinks, Chao Liu and Cooper Quintin: The FCC's Spam Call Proposal Is Just a Data Collection Scheme, June 25, 2026. https://www.eff.org/deeplinks/2026/06/fccs-spam-call-proposal-just-data-collection-scheme
2. EFF: Joint comments with ACLU and allied organizations on the FCC Know Your Customer robocall proposal, June 2026. https://www.eff.org/
3. State of Surveillance: FCC Know Your Customer Robocall Proposal Forces Phone ID, the structural coverage of the EFF and ACLU filings and the July 26 comment-window deadline. /news/17-attorneys-general-congress-mass-surveillance-data-broker-loophole-2026
4. EFF Deeplinks, Karen Gullo and Veridiana Alimonti: EFF, TEDIC and CEJIL Challenge Secrecy in the Use of Face Recognition in Paraguay, June 25, 2026. https://www.eff.org/deeplinks/2026/06/eff-tedic-and-cejil-challenge-secrecy-use-face-recognition-paraguay
5. TEDIC: IACHR petition filing on the Asunción facial-recognition system, June 19, 2026. https://www.tedic.org/
6. TEDIC: IACHR petition filing on the Asunción facial-recognition system, June 19, 2026, with EFF and CEJIL as co-petitioners. https://www.tedic.org/
7. EFF Deeplinks, Rory Mir and Cliff Braun: We Can Still Stop California's 3D Printer Surveillance Scheme, June 26, 2026. https://www.eff.org/deeplinks/2026/06/we-can-still-stop-californias-3d-printer-surveillance-scheme
8. State of Surveillance: California 3D Printer Surveillance AB 2047 Senate EFF, the Day-2 vessel on the four amendments and the New York parallel. /news/california-3d-printer-surveillance-ab-2047-senate-stage-eff-2026
9. Anthropic: Updates to our Privacy Policy (effective July 8, 2026, last updated June 8, 2026). https://privacy.claude.com/en/articles/10301952-updates-to-our-privacy-policy
10. State of Surveillance: Anthropic ID Verification 11 Day Countdown Persona Failure Mode, the Day-10 vessel on the verification partner and the OpenAI failure mode. /news/anthropic-id-verification-11-day-countdown-persona-failure-mode-2026
11. State of Surveillance: Anthropic Claude ID Verification 500 Points Persona BIPA, the structural brief on the FedRAMP-endpoint exposure, BIPA, and GDPR Article 9. /news/anthropic-id-verification-500-points-persona-bipa-2026
12. EFF Deeplinks, Matthew Guariglia: Lawmakers Must Act Now to Prevent Armed Police Drones, June 26, 2026. https://www.eff.org/deeplinks/2026/06/lawmakers-must-act-now-prevent-armed-police-drones
13. Skydio: DFR fleet contracts and Adam Bry public statements on customer drone weaponization, June 2026. https://www.skydio.com/
14. State of Surveillance: 17 Attorneys General Congress Mass Surveillance Data Broker Loophole, the structural brief on the 17-state letter. /news/17-attorneys-general-congress-mass-surveillance-data-broker-loophole-2026
15. EFF Deeplinks, Alexis Hancock: Primed for Malware: Stop Selling Compromised Android Devices, June 25, 2026. https://www.eff.org/deeplinks/2026/06/primed-malware-stop-selling-compromised-android-devices
16. Human Security: BADBOX 2.0 report on the 10 million AOSP-device scheme sold through Amazon and Walmart, 2026. https://www.humansecurity.com/
17. EFF Deeplinks, Lena Cohen and Paige Collings: Grindr, Put Queer Safety and Privacy Over Profits, June 2026. https://www.eff.org/deeplinks/2026/06/grindr-put-queer-safety-and-privacy-over-profits
18. TechCrunch, Rebecca Bellan: OpenAI limits GPT-5.6 rollout after government request, says restrictions shouldn't be the norm, June 26, 2026. https://techcrunch.com/2026/06/26/openai-limits-gpt-5-6-rollout-after-government-request/
19. State of Surveillance: US Government Decides Who Gets Frontier AI, the Day-2 vessel on the Lutnick letter, the Semafor regime framing, and the European dependency angle. /news/government-vets-frontier-ai-gpt-56-mythos-licensing-regime-2026
20. EFF Deeplinks, Lisa Femia: Four years after Dobbs, anti-abortion lawmakers keep coming for online speech, June 2026. https://www.eff.org/deeplinks/2026/06/four-years-after-dobbs-anti-abortion-lawmakers-keep-coming-online-speech