Daily Surveillance Briefing: May 14, 2026

Green digital data streaming down a dark screen in a matrix-style pattern

Today in Surveillance:

Texas sued Netflix for running "surveillance machinery." AG Ken Paxton says the company logs 5 petabytes of behavioral data daily — viewing habits, device info, household networks, children's activity — and sells it to Experian, Acxiom, and Google's ad exchange. A former Netflix engineer once described the company as "a logging company that occasionally streams movies."
DHS wants $7.5 million to build facial recognition smart glasses for ICE agents. Budget documents reveal a prototype program targeting September 2027 deployment. ICE agents have already been spotted wearing off-the-shelf Meta Ray-Bans during enforcement operations in at least six states — potentially violating DHS regulations on recording First Amendment activities.
A top House Democrat sent letters to 25 major retailers about surveillance pricing. Rep. Frank Pallone wants Target, Walmart, Amazon, CVS, Whole Foods, and 20 others to explain whether they use personal data to set individualized prices. Answers due May 26.
London's Met Police say permanent facial recognition cameras made 173 arrests in six months. The Croydon pilot used static cameras on lampposts — a first. Crime dropped 10.5%. Violence against women fell 21%. One false alert out of 470,000 people scanned. Critics have yet to weigh in on the permanent deployment model.
The FISA Court opinion declassification window closes tomorrow. Senator Wyden secured a 15-day commitment from Senate Intelligence Committee leaders on April 30. The classified ruling found intelligence agencies using "filtering tools" to circumvent restrictions on searching Americans' data.

Texas Says Netflix Built a Surveillance Machine. Then Pointed It at Kids.

Texas Attorney General Ken Paxton sued Netflix on May 11, accusing the streaming giant of secretly building what the lawsuit calls "surveillance machinery" — a data collection system that tracks viewing behavior, device fingerprints, household network details, and location data derived from IP addresses. The complaint, filed under the Texas Deceptive Trade Practices Act, alleges Netflix collects roughly 5 petabytes of behavioral logs every single day [1].

The data doesn't stay at Netflix. The lawsuit alleges the company shared user information with data brokers Experian and Acxiom, plus advertising platforms including Google Display & Video 360. This from a company that spent years marketing itself as the ad-free, privacy-respecting alternative to Big Tech [2].

The children's angle is particularly damaging. Texas alleges Netflix tracked behavioral patterns on kids' profiles — click rates, viewing duration, replays, skips — and designed features like autoplay to maximize engagement despite knowing the profiles were used by minors. The lawsuit seeks to force Netflix to disable autoplay by default on children's profiles, stop unauthorized data collection, and pay civil penalties [1].

Netflix called the lawsuit "lacking in merit" and said it "takes our members' privacy seriously." But the complaint cites a 2016 Netflix engineer who described the company as "a logging company that occasionally streams movies." That quote may be the single most damaging line in the filing [2].

Texas joins a growing list of states using consumer protection laws to go after tech companies on data practices. The state has also sued Meta and Google over biometric data collection in recent years.

ICE Wants Facial Recognition in Sunglasses. Some Agents Aren't Waiting.

DHS budget documents for fiscal year 2027 reveal a $7.5 million program to develop "operational prototypes of smart glasses" that would give ICE agents real-time facial recognition and biometric identification during field operations. The glasses would build on Mobile Fortify, an existing facial recognition app that cost $23.9 million to develop and has been used over 100,000 times since launching in June 2025 [3].

Mobile Fortify already lets agents photograph faces and fingerprints in the field, cross-referencing them against DHS's IDENT database of 270+ million records, FBI databases, and state driver's license registries. The smart glasses would move that capability from a handheld device to something agents can use by just looking at you. The person being scanned might never know it's happening [4].

But some agents aren't waiting for the official version. ICE agents have been spotted wearing Meta Ray-Ban smart glasses during enforcement operations in at least six states since Trump's second term began. In Evanston, Illinois, agents filmed protesters. In Maine, an agent told residents they were now in a "database." This potentially violates DHS regulations prohibiting the use of personal recording devices to capture First Amendment-protected activities without reasonable suspicion [3].

DHS says "no federal funds have been committed for any form of smart glasses," calling the budget line a research proposal. Senators Markey, Wyden, and Merkley have introduced the ICE Out of Our Faces Act to ban facial recognition use by ICE entirely. Rep. Bennie Thompson called Mobile Fortify "an unproven biometric" still in beta [4].

Background: ICE Smart Glasses Budget Leak · ICE Out of Our Faces Act · DHS $1.2B Face Database

Congress Wants to Know If Your Grocery Store Is Charging You More Based on Your Data

Rep. Frank Pallone (D-NJ), ranking member of the House Energy and Commerce Committee, sent letters to 25 major retailers on May 12 demanding they disclose whether they use customers' personal data to set individualized prices. The list includes Walmart, Target, Amazon, Whole Foods, CVS, Walgreens, Albertsons, Wegmans, Stop and Shop, and Family Dollar [5].

The letters ask each company to detail all customer data "elements" used in pricing decisions, whether they employ AI or machine learning algorithms for price-setting, whether third-party data sources feed into pricing, and whether customers can opt out. Responses are due by May 26 [5].

"Consumers deserve to know if businesses are using their personal information to manipulate the prices they pay or experiment with algorithms to set prices," Pallone wrote. He cited a January 2025 FTC report that documented companies charging different prices based on geolocation, demographics, shopping habits, and browsing behavior [6].

The inquiry lands at a moment when states are moving faster than Congress. Colorado passed a first-in-the-nation surveillance pricing ban last week. Connecticut's SB-4, which includes a similar ban, sits on Governor Lamont's desk. Pallone himself noted that the "lack of a strong federal privacy standard" has created a regulatory gray area that lets these practices spread unchecked [6].

Background: Colorado Surveillance Pricing Ban · Connecticut SB-4 Analysis · California Pricing Investigation

London Put Permanent Facial Recognition Cameras on Lampposts. Here Are the Numbers.

The Metropolitan Police released results from its six-month live facial recognition pilot in Croydon, south London — and the numbers are going to make the surveillance expansion debate much harder for both sides [7].

Between October 2025 and March 2026, static LFR cameras mounted on lampposts at the north and south ends of Croydon's high street produced 173 arrests across 24 separate deployments. That's one arrest every 35 minutes the cameras were active. Overall crime in the area dropped 10.5% compared to the same period the prior year. Violence against women and girls fell 21% [7].

The accuracy claims are striking. More than 470,000 people walked past the cameras during the pilot. One false alert. One. The person was spoken to by officers and released. The Met says "no one has ever been arrested as a result of a false alert from LFR." Each deployment used a bespoke watchlist created within 24 hours and deleted immediately after [8].

Among those arrested: a woman unlawfully at large for more than 20 years, wanted for an assault charge from 2004. A voyeurism suspect. A man wanted for rape. Another 37 arrests involved people breaching court-imposed conditions [8].

The catch: this is the first time the Met has used permanent, static cameras rather than mobile van-based units. That's a meaningful escalation — from occasional deployments to embedded surveillance infrastructure. Civil liberties organizations haven't yet responded to the Croydon results. The Met scanned more than 1.7 million faces with LFR in 2026 so far — an 87% increase over the same period in 2025 [7].

Background: UK Met Police LFR Expansion · Harrow LFR Arrests · EHRC: Met LFR Unlawful

The FISA Court Opinion Window Closes Tomorrow

Senator Ron Wyden negotiated a commitment from Senate Intelligence Committee leaders: declassify a secret Foreign Intelligence Surveillance Court (FISC) opinion within 15 days of the April 30 extension vote. That window closes around May 15 — tomorrow [9].

The March 17, 2026 FISC ruling is significant. The judge who authorized Section 702's annual recertification found that intelligence agencies have been using "filtering tools" to process Americans' communications in ways that circumvent existing query restrictions. The court found this problem exists "across the intelligence community" — not just at the FBI. The ruling requires agencies to "re-engineer the filter tools to comply with rules for queries for Americans' information" [10].

If the opinion goes public, it could reshape the reform debate with 29 days left before the June 12 deadline. The American Prospect's May 11 analysis identified a core problem: nobody in Congress agrees on what counts as a "query." Elizabeth Goitein of the Brennan Center is pushing a definition that covers "any search performed for the purposes of accessing or locating U.S. person information no matter where it lives or how it's retrieved" [10].

The bipartisan Government Surveillance Reform Act (S. 4082) — sponsored by Wyden, Lee, Warren, and Lummis — sits in committee. GovTrack gives it a 3% chance of passage [9].

Background: Congress Returns — 32 Days Left · 45-Day Extension Explainer

Canvas Breach: The Lawsuits Are Coming

Three days after Instructure announced it paid ShinyHunters to destroy 3.65 terabytes of stolen Canvas data, the legal machinery is spinning up. Chimicles Schwartz Kriner & Donaldson-Smith LLP and Schubert Jonckheer & Kolbe are actively investigating class action claims. ClassAction.org lists the Instructure breach as under investigation. Multiple law firms are seeking plaintiffs [11].

No formal class action complaint has been filed in federal court yet, but the pattern from similar breaches suggests it's a matter of weeks, not months. The breach affected 275 million users across 8,809 institutions. Instructure confirmed stolen data included names, email addresses, student IDs, and private messages [12].

The "shred logs" Instructure received from ShinyHunters — their proof the data was destroyed — remain a promise from criminals, not a guarantee. ShinyHunters' track record includes the Medtronic breach (9 million medical records, at least six federal class actions already filed), the Cushman & Wakefield leak (50GB published when negotiations failed), and the Vimeo breach through a third-party vendor [11].

Background: Ransom Settlement Analysis · Second Breach & May 12 Deadline

Quick Hits

New York Assembly passed the AI Training Data Transparency Act. The bill (A 6578) requires AI developers to publicly disclose datasets used to train generative AI models. It heads to the Senate. New York already signed a broader AI safety bill in December 2025 [13].

Meta's New Mexico trial enters week two. The Phase 2 bench trial in Santa Fe continues, with New Mexico seeking $3.7 billion in penalties and court-ordered algorithm redesign to protect children on Instagram and Facebook. Judge Biedscheid warned he won't "overreach" but hasn't ruled out structural changes. The trial runs another two weeks [14].

U.S. military surged surveillance flights off Cuba. The Navy and Air Force have conducted at least 25 intelligence-gathering flights off Cuba's coast since February, using the same surveillance aircraft active in the lead-up to U.S. strikes on Iran [15].

UK survey: 69% want a say in how facial recognition is deployed. But 80% are "comfortable" with police using it for watchlists. Only 10% feel confident they understand how the technology is actually used [16].

What to Watch

FISC opinion tomorrow. If Wyden's declassification deal holds, we could see the classified ruling on Section 702 filtering tools as early as May 15. That would be the biggest transparency win in the FISA reform fight this cycle.

Canvas class action filings. With multiple firms investigating and 275 million affected users, expect the first federal complaints within weeks.

Pallone response deadline: May 26. Watch for whether retailers cooperate or stonewall. Target already added algorithm disclosure pop-ups after New York's pricing disclosure law last November — a preview of what compliance might look like.

Meta NM trial testimony. Week two may include expert witnesses on algorithm design. If the judge signals willingness to order platform changes, that's a precedent with global implications.