Digital network visualization with glowing blue data points connected across a dark globe

Today's Headlines:

  • 23 days until Section 702 expires. Trump reversed course and now backs a "clean" 18-month extension. SAVE Act poison pill still looms.
  • NYC hospitals boot Palantir. Health + Hospitals CEO says $4 million contract won't be renewed after public outcry.
  • Judge blocks Pentagon's Anthropic blacklist. Federal judge called the supply chain risk designation "Orwellian."
  • Retail facial recognition goes mainstream. Wegmans, Walmart, Kroger, and Home Depot all scanning shoppers' faces.
  • Data broker bill hits 130+ org coalition. Groups demand Congress close the surveillance loophole in FISA.

23 Days: Trump Now Backs Section 702 After "KILL FISA" Flip-Flop

The FISA countdown hits 23 days, and the politics just got stranger.[1]

President Trump—the same guy who posted "KILL FISA" during the 2024 reauthorization fight—now wants a clean 18-month extension. "When used properly, FISA is an effective tool to keep Americans safe," Trump posted on Truth Social this week. The about-face came after intelligence officials showed him classified briefings on ongoing operations that rely on Section 702 collection.[2]

But Trump's backing creates new problems. He also insists he won't sign any legislation until Congress passes the SAVE Act—a voter ID bill requiring documentary proof of citizenship to register. Rep. Anna Paulina Luna (R-FL) is trying to attach the SAVE Act to FISA reauthorization. Senate Democrats won't vote for it. House progressives won't vote for it. The surveillance bill is now hostage to election politics.[1]

Meanwhile, reform bills are stalled everywhere. Senator Wyden's Government Surveillance Reform Act would require warrants for American queries and ban data broker purchases. The SAFE Act from Lee and Durbin adds warrant protections. Neither has moved out of committee. A coalition of 130+ civil rights organizations sent a letter demanding Congress close the data broker loophole before reauthorization. FBI Director Kash Patel, at a Senate hearing, refused to commit to not buying Americans' location data from brokers.[3]

The EFF's take: "Congress is dropping the ball with a clean extension of FISA." The Brennan Center is tracking daily developments. April 20 is the cliff. We're watching the government argue over whether to reform its spying powers or hand them to an administration that has already shown enthusiasm for domestic surveillance.

Our Section 702 explainer | Wyden-Lee reform analysis

NYC Hospitals Drop Palantir After Public Outcry

New York City's public hospital system won't renew its contract with Palantir Technologies. The company that helped ICE track immigrants won't handle New Yorkers' health data anymore.[4]

NYC Health + Hospitals CEO Mitchell Katz made the announcement at a March 16 City Council meeting. The $4 million contract expires in October 2026 and won't be renewed. Katz said data analysis previously conducted with Palantir's help will be brought in-house.[5]

The decision came after The Intercept reported on the contract in February, revealing Palantir had been paid nearly $4 million since 2023 to analyze patient health notes—automating the scanning of medical records to boost Medicaid billing efficiency. The American Friends Service Committee had uncovered the contract while mapping institutions with Palantir ties.[4]

Privacy advocates celebrated the win. But the broader pattern remains: Palantir is expanding its healthcare footprint in the UK even as it loses New York. The company's health data contracts now span multiple countries—it's just one city that pushed back hard enough to end the relationship.

This is what accountability looks like: investigative reporting, community pressure, public officials forced to answer questions. October is seven months away—plenty of time for Palantir to handle patient data. But at least there's an end date.

Judge Calls Pentagon's Anthropic Blacklist "Orwellian"

A federal judge in San Francisco blocked the Pentagon's attempt to label Anthropic a "supply chain risk" and cut all government contracts with the AI company. The ruling was scathing.[6]

"Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government," wrote US District Judge Rita Lin in a 43-page ruling.[7]

Here's the backstory: Anthropic signed a $200 million Pentagon contract in July and was the first AI lab to deploy its Claude system across the agency's classified networks. But Anthropic had two red lines—no autonomous weapons, no domestic mass surveillance. The Defense Department wanted "unfettered access to Claude for all lawful purposes." When Anthropic refused, the Pentagon invoked an obscure statute aimed at protecting military systems from foreign sabotage to blacklist an American company for having ethics.[8]

Judge Lin's preliminary injunction means Anthropic can keep its government contracts—for now. The case continues. But the precedent is troubling either way: the government tried to punish a company for refusing to enable mass surveillance. OpenAI, which dropped its own weapons prohibitions, just got a new Pentagon deal.[9]

The EFF summed it up: "Privacy protections shouldn't depend on the decisions of a few powerful people." True. They should be law. They're not.

Related: Trump's AI surveillance database plans

Your Groceries Are Watching You: Retail Facial Recognition Goes Mainstream

Wegmans, Walmart, Kroger, and Home Depot are scanning your face when you shop. You probably didn't know that.[10]

Wegmans posted signs near its Manhattan and Brooklyn stores in January—required by New York City's biometric disclosure law—notifying customers that facial recognition cameras are in use "to help identify individuals who pose a risk to our people, customers, or operation." CNN's investigation found Wegmans is just one of many major retailers using the technology.[11]

How many? "Probably virtually every large and medium-sized retailer is using biometrics," one attorney told WRAL. Companies don't advertise it because "Americans are pretty universally squeamish about facial recognition."[10]

The FTC has called biometric surveillance "a threat to privacy and civil rights." But the federal government doesn't regulate it. Most states don't either. New York City at least requires disclosure—which is how we know about Wegmans. In most of the country, stores can scan your face without telling you.

The technology connects to databases of "known shoplifters" that retailers share. Get flagged once—wrongly or not—and your face goes on a list visible to every store using that network. The grandmother in Fargo spent four months in jail because facial recognition flagged the wrong person. Retail systems operate on the same principle with even less oversight.

What to do: Look for biometric disclosure signs. In states like Illinois with biometric privacy laws, you may have legal recourse. For everyone else, the surveillance is legal. Welcome to shopping in 2026.

UK Facial Recognition Fleet Quintuples: 50 Vans Coming Nationwide

Home Secretary Shabana Mahmood announced plans to expand the UK's live facial recognition fleet from 10 vans to 50+, deployed to every police force across England and Wales.[12]

The vans scan crowds in real-time, comparing faces against police watchlists. Mahmood cited a Croydon deployment that "contributed to over 100 arrests." Her defense: "There is no true liberty if you are unsafe in your own country."[13]

Campaigners have a different view. Civil liberties groups say the expansion risks creating a surveillance state. Al Jazeera reported that the technology is linked to Israeli surveillance tech used in Gaza—the same facial recognition systems deployed against Palestinians are coming to British high streets.[14]

A 10-week public consultation on the technology launched in December and closed February 12. The expansion is moving forward anyway. This is the largest rollout of live facial recognition in UK history, sold as a policing reform.

We've covered the UK's facial recognition creep extensively—from Essex Police suspending use after bias audits to the technology's expansion into emotion detection. This is acceleration, not caution. The vans are coming.

Our UK facial recognition coverage

Breach Roundup: Healthcare Still Getting Hit

The breach pipeline keeps flowing:

  • TriZetto Provider Solutions: 3.4 million patients exposed. Attackers had access from November 2024 to October 2025—nearly a year. Names, SSNs, Medicare IDs, medical records. Cognizant-owned TriZetto is facing class actions.[15]
  • Navia Benefit Solutions: 2.7 million people affected. SSNs, addresses, benefit plan data exposed between December 2025 and January 2026.[16]
  • Crunchyroll (via TELUS): Sony's anime streaming service breached through a TELUS employee. 100GB of data including IP addresses, emails, and credit card details.[17]
  • Ericsson US: 15,000+ employees and customers had data stolen through a compromised service provider.
  • Infutor: 676.8 million records—SSNs, addresses, DOBs. One of the largest breaches ever disclosed.[18]

Healthcare keeps taking the hardest hits. Medical records sell for more than credit cards on the dark web. TriZetto's almost-a-year dwell time is alarming but not unusual—attackers lurk in healthcare systems because detection is so weak.

TriZetto breach details | Navia breach coverage

What to Watch

  • IAPP Global Privacy Summit (March 30 - April 2): Privacy professionals gather in DC. Prince Harry keynoting. Section 702 and AI governance dominate.
  • Meta smart glasses deadline (April 6): Senators Markey, Wyden, and Merkley demanded answers about facial recognition "Name Tag" feature. 9 days left.
  • Section 702 (April 20): 23 days. Trump backs extension but SAVE Act drama complicates passage.
  • Palantir NYC (October 2026): Contract expires. Seven months of patient data handling remaining.
  • Anthropic case: Preliminary injunction granted. Full case continues. Could set precedent for AI ethics in government contracts.

Sources

  1. American Prospect - "Warrantless Spying Reform Just Got a Whole Lot More Interesting" (March 23, 2026)
  2. Reason - "Trump reverses course, backs Section 702 reauthorization" (March 27, 2026)
  3. EFF - "Congress Is Dropping the Ball with a Clean Extension of FISA" (March 2026)
  4. The Intercept - "Palantir Will No Longer Profit Off of New Yorkers' Health Data" (March 24, 2026)
  5. Becker's Hospital Review - "NYC Health + Hospitals to end $4M Palantir contract"
  6. CNN - "Judge blocks Pentagon's effort to 'punish' Anthropic by labeling it a supply chain risk" (March 26, 2026)
  7. CNBC - "Judge presses DOD on why Anthropic was blacklisted" (March 24, 2026)
  8. Al Jazeera - "Anthropic's case against the Pentagon could open space for AI regulation" (March 25, 2026)
  9. NPR - "OpenAI announces Pentagon deal after Trump bans Anthropic" (February 27, 2026)
  10. WRAL - "Wegmans is scanning your face at some stores. It's not the only company" (January 2026)
  11. CNN - "Wegmans is scanning your face at some stores" (January 12, 2026)
  12. Biometric Update - "UK announces largest ever facial recognition rollout" (January 2026)
  13. BBN Times - "UK Home Secretary announces largest-ever national rollout of live facial recognition"
  14. Al Jazeera - "UK police to use AI facial recognition tech linked to Israel's war on Gaza" (January 28, 2026)
  15. TechCrunch - "TriZetto confirms 3.4M people's health and personal data was stolen" (March 6, 2026)
  16. HIPAA Journal - "Trizetto Data Breach: PHI of 3.4 Million Individuals Exposed"
  17. Cybernews - "Sony anime streamer Crunchyroll was breached"
  18. BreachSense - "Recent Data Breaches in 2026"