Today in Surveillance:
- The SECURE Data Act hearing is happening right now. H.R. 8413 would create a federal privacy framework, and preempt every state privacy law in America, including California's. The EFF calls it "not a serious piece of privacy legislation." The hearing started at 10:15 AM EDT.
- Trump signed an AI executive order yesterday. It asks tech companies to voluntarily submit their most powerful AI models for government testing 30 days before release. The key word is "voluntarily": the order explicitly bans mandatory licensing or preclearance.
- DeFlock has mapped 90,000 Flock Safety cameras. The EFF-backed crowdsourced project is fueling a nationwide revolt: 30+ cities have canceled Flock contracts after discovering police used the cameras for warrantless mass surveillance, including targeting Romani communities and tracking protesters.
- FISA Section 702 expires in 9 days. The Senate still hasn't voted. The warrant requirement remains the sticking point. June 12 is the deadline.
- Surveillance pricing bans are exploding. 24 states have introduced 40+ bills in 2026. New York AG Letitia James is pushing the most aggressive ban yet. Maryland's already signed into law.
- New data breaches keep rolling in. Healthcare leads all sectors with 526 breaches in 2026 so far. Average US breach cost: $10.22 million.
The SECURE Data Act Hearing: Congress Considers Killing Every State Privacy Law
At 10:15 AM EDT today, the House Subcommittee on Commerce, Manufacturing, and Trade opened a hearing on H.R. 8413, the "Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act." The name is a mouthful. The effect is simple: it would create a single federal privacy standard and override more than 20 state privacy laws [1][2].
That includes California's landmark CCPA, which gives residents the right to know what data companies collect, delete it, and opt out of its sale. It includes Connecticut's new data broker registry signed just last week. It includes every privacy protection your state has spent years fighting for [1].
The EFF has been blunt: the SECURE Data Act is "not a serious piece of privacy legislation." EPIC and the California Privacy Protection Agency have published critical analyses. The core problem is preemption: replacing strong state protections with a weaker federal floor. IAPP analysis notes the bill lacks meaningful enforcement mechanisms and creates broad exemptions for existing industry practices [3].
Chairmen Brett Guthrie and Gus Bilirakis framed the hearing as establishing "a comprehensive privacy and data security law," but privacy advocates see it differently. When Congress says "uniform," they mean "lower the bar to whichever level makes industry comfortable" [1].
We've been covering this bill closely. Here's the background:
- SECURE Data Act: What's Actually in the Bill That Could Kill State Privacy Laws
- EFF and EPIC Tear Apart the SECURE Data Act
- The Federal Privacy Preemption Play: How House Republicans Want to Override Your State's Privacy Law
What to watch: Witness testimony and committee reaction. If the bill advances out of subcommittee, it moves to markup, and every state privacy law in America is on the line.
Trump Signs AI Executive Order, But It's Voluntary, and Industry Already Weakened It
President Trump signed an executive order on June 2 titled "Promoting Advanced Artificial Intelligence Innovation and Security." The headline pitch: AI companies should submit their most powerful models to the government for testing 30 days before public release [4][5].
The catch? It's entirely voluntary. The order explicitly states: "Nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement" [5].
This is already a watered-down version. The original draft called for a 90-day review window. Then David Sacks (venture capitalist and former White House AI czar) led industry pushback. Companies like Anthropic, OpenAI, and Google were named as targets for the voluntary testing. Industry wanted two weeks. They got 30 days, with no teeth [4][5].
Trump was supposed to sign the tougher version in late May with Silicon Valley CEOs present. Instead, he delayed, weakened it, and signed privately. "I don't want to get in the way of that leading," Trump said, referring to the AI race against China [4].
The order also directs federal agencies to develop AI cybersecurity benchmarks and create an "AI cybersecurity clearinghouse." The Department of Justice will prioritize enforcement against AI-assisted crimes like hacking. These are real provisions, but the flagship voluntary review is exactly what it sounds like: optional [5].
From a surveillance angle, the order says nothing about restricting how the government itself uses AI for surveillance, facial recognition, or predictive policing. It's oversight of industry, not oversight of the state.
Related: Intelligence Agencies Are Quietly Shaping AI Policy Behind the Scenes
DeFlock: 90,000 Cameras Mapped, 30+ Cities Pulling the Plug on Flock Safety
The EFF published "Get the Flock Out of Here" on June 2, and the picture it paints is damning. DeFlock.me (a crowdsourced map created by Will Freeman) has now cataloged nearly 90,000 Flock Safety and ALPR cameras across the United States [6][7].
And cities are responding. More than 30 municipalities have canceled their Flock contracts after community pressure and revelations about how the cameras are actually being used. Since April 2025, people in at least five states have physically destroyed Flock cameras: cutting them down, smashing them, or disabling them [6].
The abuses documented by the EFF are specific and ugly:
- More than 80 law enforcement agencies used dehumanizing language about Romani people when searching Flock's ALPR database [6]
- Police used the cameras for school residency verification, background checks, and noise complaints, not just criminal investigations [6]
- Over 50 federal, state, and local agencies conducted hundreds of searches targeting protesters and activists [6]
- The EFF and ACLU-NC filed suit against San Jose for warrantless searches of millions of drivers' records [6]
When Flock Safety tried to shut down DeFlock with a cease-and-desist citing trademark law, Freeman fought back with EFF's lawyers. "Without them, free speech would be only for those wealthy enough to defend themselves," Freeman said [7].
Washington state has already passed new restrictions on Flock and similar camera systems. We've tracked how cities are pulling the plug on license plate surveillance. The New Republic is calling it a "nationwide revolt." That's not hyperbole: it's 90,000 cameras and counting [8].
Check the map: Visit DeFlock.me to see if Flock cameras are in your neighborhood.
FISA 702: 9 Days Until the Warrantless Surveillance Deadline
Section 702 of the Foreign Intelligence Surveillance Act expires on June 12. The 45-day clean extension that passed by unanimous consent in the Senate on April 30 bought time. That time is almost up [9].
The House passed a 3-year extension on a 235-191 vote. But the Senate stalled over a CBDC rider and, more importantly, the warrant requirement. Reform coalitions from both parties keep pushing for a requirement that the FBI get a warrant before searching Americans' communications collected under Section 702. The Intercept has profiled four swing Democrats who could determine the outcome [9][10].
Here's what Section 702 actually does: it lets intelligence agencies target foreigners outside the US for surveillance and compel companies like Google, AT&T, and Verizon to hand over communications. But in practice, the FBI has used it to search Americans' data without warrants, including communications of Black Lives Matter protesters, journalists, political commentators, and 19,000 donors to a single congressional campaign [10].
Three scenarios for the next nine days: Congress passes a long-term extension (with or without warrant reform), Congress passes another short-term extension to buy more time, or Section 702 lapses, at least briefly. A lapse wouldn't immediately shut down surveillance operations, but it would stop the government from compelling new data from tech companies [9].
Our full coverage: FISA 702 Extension: Reform Is Dead, the Clock Is Ticking
Surveillance Pricing: 24 States, 40+ Bills, and Growing Rage
The surveillance pricing backlash is accelerating faster than any privacy movement in recent memory. Twenty-four states have now introduced more than 40 bills to ban or regulate algorithmic pricing in 2026, already outpacing all of 2025 [11][12].
Maryland became the first state to sign a surveillance pricing ban into law when Governor Wes Moore signed HB 895 on April 28. Connecticut followed. Colorado is in the mix. California's AB 2564 would slap civil penalties of up to $12,500 per violation, or triple that for intentional violations [11][12].
In New York, Attorney General Letitia James is rallying across the state for her "One Fair Price Package": two bills that would ban surveillance pricing outright and prohibit electronic shelf labels that enable dynamic pricing in grocery stores and pharmacies [13].
The documented abuses are specific: Instacart charged different prices to hundreds of shoppers in the same store simultaneously in December 2025. Target paid $5 million settling a location-based pricing suit. Hotel booking sites charged Bay Area residents $500 more per night than users from less affluent areas. Price-fixing algorithms cost apartment renters $3.8 billion in 2023 [12].
June Data Breaches: Healthcare Still Bleeding
The breach wave continues into June. Multiple incidents disclosed on June 2 alone: Champaign-Urbana Public Health District hit by INC_RANSOM, Schneebeli AG in Zurich attacked by AiLock ransomware, Hightower Communications breached by the Play group, and Limburg-Weilburg County Administration in Germany lost 132 GB of data to the Abyss ransomware crew [14].
Healthcare leads all sectors in 2026 with 526 breaches, that's 20.4% of all incidents. The average US data breach now costs $10.22 million. And the HIPAA 2026 Security Rule (which would make encryption and multi-factor authentication mandatory for all healthcare entities) is expected to be finalized any day. The new rule eliminates the old "addressable" loophole that let organizations skip encryption if they documented a reason [14][15].
PARCA Beauty, Panorama BPO, LCNet, and Plex Supply round out the early June disclosures. Most are still under investigation for the scope of compromised data [14].
What to Watch
- SECURE Data Act hearing fallout: Watch for witness testimony, committee member reactions, and any vote to advance the bill. If it moves to markup, state privacy laws nationwide are at risk.
- FISA 702, 9 days: Senate action (or inaction) this week will signal whether we're heading for a long-term extension, another punt, or a lapse.
- Trump AI order implementation: Which companies volunteer for the 30-day review? The order has no enforcement mechanism, so early compliance signals will tell us whether this is governance or theater.
- DeFlock momentum: More city councils are reviewing Flock contracts. Washington state's new restrictions could be a model for other states.
- Vermont privacy bill: Governor Phil Scott will decide on S.71, which includes a geofencing ban near health facilities and mandatory Global Privacy Control support.
References
- Chairmen Guthrie and Bilirakis Announce Hearing on Establishing a Federal Data Privacy Law - House Energy and Commerce Committee
- H.R.8413 - SECURE Data Act - Congress.gov
- Taking Stock of US House Republicans' Proposed SECURE Data Act - IAPP
- Trump's New AI Safety Order Seeks Voluntary Review of New Models - NPR, June 2, 2026
- Trump Signs Narrower Executive Order on AI Oversight After Industry Objections - TechCrunch, June 2, 2026
- We're Fighting Mass Surveillance Tech, and Winning - EFF, June 2, 2026
- Anti-Surveillance Mapmaker Refuses Flock Safety's Cease and Desist Demand - EFF
- What to Know About the New Restrictions on Flock and Similar Camera Systems - MRSC
- Section 702 of FISA: 2026 Resource Page - Brennan Center for Justice
- Reform FISA Section 702 to Stop Government Surveillance - 5 Calls
- Why Surveillance Pricing Bans Are Suddenly Gaining Traction - CalMatters, May 2026
- Surveillance Pricing and Algorithmic Pricing: U.S. Regulatory Developments - Paul, Weiss
- Attorney General James Rallies in the Bronx to Ban Surveillance Pricing - NY AG Office
- June 2026 Data Breaches: List of Major Incidents - SharkStriker
- 2026 HIPAA Security Rule Update: New Requirements - Medcurity