This Week:

  • ICE agent kills Minneapolis woman — Renee Good, 37, shot during immigration raid. Federal claims disputed by video evidence. Nationwide protests erupt.
  • BreachForums gets breached — 324,000 cybercriminal user records leaked, exposing hackers to law enforcement.
  • Wegmans facial recognition exposed — Grocery chain admits to scanning shoppers' faces. Erie County moves to ban it.
  • What to watch: TikTok sale deadline January 22. UK facial recognition expansion consultation. California CCPA automated decision-making rules now in effect.

The Big Story

ICE Agent Fatally Shoots Minneapolis Woman During Immigration Raid

This week's surveillance story isn't about technology. It's about what happens when surveillance-powered enforcement meets American streets.

On January 7, 2026, ICE agent Jonathan Ross shot and killed Renee Good, a 37-year-old U.S. citizen and mother of three, during an immigration enforcement operation in Minneapolis. The shooting occurred amid DHS's "Operation Metro Surge"—the agency's self-described "largest operation ever"—which deployed up to 2,000 federal agents to the Minneapolis-St. Paul area.[1][2]

Federal officials claim Good was "impeding" agents and attempted to ram her vehicle into them. They called her actions "domestic terrorism."

Local officials tell a different story. Minneapolis Mayor Jacob Frey and Minnesota Governor Tim Walz have publicly disputed the federal narrative. Bystander video and footage from inside Good's vehicle show her speaking calmly moments before gunshots. The FBI is investigating—but rejected partnership with Minnesota state authorities, raising questions about investigative independence.

The shooting has sparked nationwide protests. Civil liberties and immigrant-rights organizations are calling for accountability. Minnesota has filed suit against the federal government seeking to halt the enforcement surge.

The surveillance connection is crucial: ICE's $28 billion budget funds the data systems, facial recognition tools, and social media monitoring that enable mass enforcement operations. The activists who monitor ICE activities—whether Good was one or not—exist because communities have no other way to protect themselves from surveillance-powered raids. Now one of those community members is dead.

This is what happens when you combine surveillance infrastructure with militarized enforcement and zero accountability.

Read more:


🏛️ Government Watch

State Lawsuits Against Federal Immigration Enforcement

Minnesota, Minneapolis, and St. Paul have sued the federal government over "Operation Metro Surge." The lawsuit alleges the deployment violates federal law and is politically motivated.[3]

Governor Tim Walz called it a "war being waged against Minnesota." The Minnesota National Guard has been put on alert. With over 2,000 immigration arrests reported since December, the conflict between state and federal authorities is escalating.

This sets precedent for future surveillance-powered enforcement operations. If states can sue to stop mass deployments, other governors may follow. If they can't, expect similar operations in other cities.

UK Launches Facial Recognition Expansion Consultation

The UK Home Office announced a public consultation on dramatically expanding police use of facial recognition technology. The government wants a "significantly greater scale" of deployment, replacing the current "patchwork" of laws with a single framework—and a dedicated regulator.[4]

Translation: they want to normalize mass facial surveillance and make it harder to challenge legally.

Civil liberties groups are already preparing legal challenges. Concerns about algorithmic bias—earlier systems showed higher false-alert rates for Black and Asian individuals—remain unaddressed despite Home Office claims of improved accuracy. Meanwhile, a group of lawyers and activists are expected to file suit over the government's covert searching of 150 million UK passport photos using facial recognition.

The UK continues its march toward becoming the world's facial recognition leader—and not in a good way.


🏢 Corporate Surveillance

Wegmans Admits to Facial Recognition in Grocery Stores

Your local grocery store might be scanning your face. Wegmans confirmed on January 5 that it uses facial recognition cameras in a "small fraction" of its stores.[5]

The system checks shoppers against watchlists of people previously flagged for "misconduct" or matching active law enforcement investigations. Wegmans won't say which stores have the cameras, how long they keep data, or how accurate the system is. Only NYC locations have signage—because NYC law requires it.

The backlash was immediate. Erie County Executive Mark Poloncarz is drafting legislation to ban retailers from collecting biometric data. New York and Connecticut lawmakers are proposing statewide regulations. This could become a template for challenging retail facial recognition nationwide.

If Wegmans is doing this, who else is? The retail industry sees facial recognition as a theft-prevention tool. But the implementation treats every customer as a suspect.

Read more: Wegmans Is Scanning Your Face at the Grocery Store

17.5 Million Instagram Users Exposed in Data Leak

A hacker calling themselves "Solonik" dumped 17.5 million Instagram user records on BreachForums January 7. The data includes full names, emails, phone numbers, and partial location data—traced to an Instagram API vulnerability from late 2024.[6]

Meta hasn't said a word. No acknowledgment. No guidance. Just silence from the company that knows more about you than your family does.

Users are reporting waves of unprompted password reset emails—attackers testing the leaked credentials in real time. If you're on Instagram: enable MFA with an authenticator app (not SMS), change your password, and watch for phishing.

Read more: Instagram Breach: 17.5 Million Users on the Dark Web


🔧 Technology & Tools

BreachForums Gets Breached: 324,000 Hackers Exposed

In the most ironic story of the week, BreachForums—one of the internet's most notorious cybercrime forums—got hacked itself.[7]

On January 9, someone using the handle "James" published the forum's user database on a site called shinyhunte.rs. The leak includes nearly 324,000 user records: usernames, Argon2-hashed passwords, email addresses, IP addresses, registration dates, and PGP keys.

This is Christmas for law enforcement. Those IP addresses and emails can be correlated with other breached datasets to identify actual humans behind hacker pseudonyms. BreachForums administrators claim the data is "old" and resulted from an unsecured directory during a system restoration last August—but the damage is done. Cybersecurity firm Resecurity confirmed the data is authentic.

The lesson for criminals: if you build a house on stolen data, don't be surprised when someone steals from you.

pcTattletale Stalkerware Founder Pleads Guilty

Bryan Fleming, founder of the stalkerware application pcTattletale, pleaded guilty in U.S. federal court this week. He faces up to five years in prison.[8]

pcTattletale marketed itself as a "monitoring" tool for parents and employers. In practice, it was used to spy on intimate partners, tracking keystrokes, capturing screenshots, and monitoring location without consent. The company was breached in 2024, exposing victims' data and accelerating its downfall.

This is a rare win. Stalkerware companies usually operate with impunity—marketed as legitimate software while enabling domestic abuse. Fleming's conviction sends a message that building spy tools has legal consequences.



🌍 International

TikTok Sale Deadline: January 22 Is the Final Date

The TikTok saga approaches its conclusion. January 22, 2026, is the deadline for ByteDance to complete its sale to an American-led consortium—or watch the app go dark for 170 million U.S. users.[11]

A deal is signed. Oracle, Silver Lake, and MGX will own 45% of the new U.S. entity, with ByteDance retaining a non-controlling 19.9% stake. It just needs to close before the deadline.

The Supreme Court unanimously upheld the divestiture law in January 2025, finding that national security concerns justified forcing the sale. Critics argue this sets a dangerous precedent—if TikTok can be forced to divest over potential threats, what about other apps? But for now, the law stands.

If you're a TikTok creator: back up your content now. Don't wait to find out if the deal goes through.

Read more: TikTok Sale Deadline: January 22, 2026

UK Encryption Pressure Continues

The UK government is intensifying its campaign against end-to-end encryption. Ofcom, the communications regulator, is expected to announce recommendations for implementing Online Safety Act provisions that could require message scanning before encryption.[12]

Signal has threatened to pull its service from the UK rather than implement "backdoors." WhatsApp may follow. The UK government claims client-side scanning is necessary to detect child abuse material—but cryptographers warn it would fundamentally break encryption security for everyone.

If Ofcom proceeds, the UK could become the first Western democracy to effectively ban secure messaging. Watch this space.


What You Can Do This Week

If You're in Minneapolis

Know your rights during ICE encounters. You don't have to answer questions about immigration status. You don't have to let agents into your home without a judicial warrant. Document everything—but keep your distance.

If You're on Instagram

Enable MFA with an authenticator app (not SMS). Change your password to something unique. Check Settings → Security → Login Activity for unfamiliar sessions. Don't click password reset emails you didn't request.

If You're in a New Privacy Law State

Submit data access and deletion requests. Test what companies have on you. Exercise your new opt-out rights for targeted advertising and data sales. Use the California DROP platform as a model.

If You Shop at Wegmans

Ask your store manager directly: is facial recognition active here? Support Erie County's biometric ban legislation. Consider shopping at stores that don't scan your face—and tell Wegmans why you left.

Coming Up

January 22, 2026: TikTok sale deadline. Either the deal closes or the app goes dark for Americans.

UK Encryption: Ofcom expected to announce Online Safety Act scanning recommendations. Privacy groups preparing legal challenges.

Minneapolis Investigation: FBI probe into Renee Good shooting continues. State-federal tensions escalating. Expect more protests.

Retail Facial Recognition: Erie County biometric legislation advancing. New York and Connecticut considering statewide action. Watch for copy-cat efforts.

References

  1. MPR News - What We Know About Fatal Shooting of Minneapolis Woman by ICE Agent (January 2026)
  2. PBS - Minneapolis Immigration Operation Deploys 2,000 Agents (January 2026)
  3. LA Times - Minnesota Sues Over ICE Operation (January 2026)
  4. UK Government - Facial Recognition Consultation (January 2026)
  5. CBS News - Wegmans Using Facial Recognition (January 2026)
  6. Cyber Press - Instagram Data Breach 17.5 Million Users (January 2026)
  7. CSO Online - BreachForums Database Leaked (January 2026)
  8. Malwarebytes - pcTattletale Stalkerware Founder Pleads Guilty (January 2026)
  9. IAPP - State Privacy Legislation Tracker (January 2026)
  10. IAPP - California CCPA ADMT Regulations (January 2026)
  11. Tech Policy Press - TikTok Deadline Approaches (January 2026)
  12. Computer Weekly - UK Privacy and Encryption Challenges 2026

Suggested Topics for Further Research

Based on this week's news, here are topics worth deeper exploration:

  • Algorithmic Targeting in Immigration Enforcement — How Palantir's ImmigrationOS and similar tools determine who ICE targets, and the bias implications
  • Retail Biometric Bans: State-by-State Guide — Mapping where retail facial recognition is banned, restricted, or unregulated
  • API Security Failures and Mass Data Exposure — Technical deep-dive into how Instagram-style scraping attacks work and why they keep happening
  • The Stalkerware Industry in 2026 — Beyond pcTattletale: who's still selling spy tools and who's using them
  • UK vs. Encryption: Legal Challenge Tracker — Monitoring Privacy International, Open Rights Group, and other organizations fighting client-side scanning
  • State Privacy Law Enforcement Tracker — Which attorney generals are actually enforcing new privacy laws? Who's getting fined?
  • The BreachForums Users: Who Got Exposed? — Investigative potential in correlating leaked forum data with known threat actors
  • Surveillance Tech in Federal Lawsuits — How states are using discovery in suits against DHS to expose surveillance capabilities