Sunday, December 15, 2025. The surveillance state doesn't slow down for the holidays.
TSA is now feeding passenger manifests directly to ICE. Trump signed an executive order to sue states that regulate AI. A credit check company leaked 5.6 million people's Social Security numbers. Ring rolled out facial recognition to doorbells. And Chinese hackers are still inside American telecom networks, while the FCC rolled back the rules meant to stop them.
Here's everything that went down this week.
TSA Is Now ICE's Airport Informant
Thursday, December 12 - The New York Times reported that TSA is handing ICE complete passenger manifests several times per week as part of the mass deportation push [1].
How it works:
- TSA provides ICE with names of every airline traveler
- Lists include flight details, times, and airports
- ICE agents can then intercept targets at airports
- No warrant required: it's a "partnership"
The program already has victims. Any Lucía López Belloza, a college student in Boston, was arrested at the airport and deported to Honduras after TSA flagged her to ICE.
The bigger picture: Remember when TSA said facial recognition was about "security" and "convenience"? Now your face, your flight, and your travel patterns feed directly into deportation operations. Mission creep in real time.
What to know: Domestic flights are now immigration checkpoints. If you're at risk, consider alternatives. If you're not at risk, consider that this infrastructure doesn't stay targeted forever.
ICE Arrests Surge: One-Third Have No Criminal Record
Wednesday, December 11 - New data shows ICE is arresting roughly 1,100 people per day, still short of Trump's 3,000 daily goal, but a massive escalation from Biden-era enforcement [2].
The numbers that matter:
- 74,000+ people arrested with no criminal record (first 9 months of Trump 2.0)
- That's more than one-third of all ICE arrests
- Share of "convicted criminals" dropped from 46% to 30%
- 48% of arrests happen through local jails
Translation: Despite the "violent criminals" rhetoric, ICE is increasingly arresting people who've never been convicted of anything. The surveillance infrastructure (Palantir, Flock Safety, license plate readers, TSA data) is being used for mass arrests, not "targeted enforcement."
The resistance: State and local governments are why Trump's behind on deportation goals. Sanctuary policies work. Chicago forced 615 releases. A DC federal judge blocked warrantless immigration arrests this month.
Trump Signs Executive Order to Kill State AI Regulations
Wednesday, December 11 - Trump signed an executive order establishing what he calls "a minimally burdensome national policy framework for AI" [3]. Translation: states can't regulate AI anymore.
What it does:
- Creates an "AI Litigation Task Force" to sue states with AI laws
- Directs FTC and FCC to circumvent "onerous" state regulations
- Threatens to withhold federal broadband funding from states that regulate AI
- Puts David Sacks (PayPal mafia, Palantir investor) in charge of AI policy
California's SB 1047 (AI safety bill)? Under attack. Colorado's AI discrimination law? Target acquired. Illinois' biometric protections? We'll see.
Who wins: OpenAI, Google, Anthropic, Andreessen Horowitz. They lobbied hard against state regulation. Now they get a federal government that will sue states for trying to protect citizens.
Who loses: Everyone who wanted accountability before AI systems make decisions about their jobs, loans, housing, and freedom.
The irony: State attorneys general sent a letter to AI companies this same week demanding they fix "delusional" AI outputs [4]. Now those same AGs might get sued for trying to enforce consumer protection.
700Credit Breach: 5.6 Million SSNs Stolen
Thursday, December 12 - 700Credit, a company that runs credit checks for auto dealerships, disclosed a breach affecting nearly 6 million people [5].
What leaked:
- Full names and addresses
- Dates of birth
- Social Security numbers
- Data collected May-October 2025
If you bought a car or applied for auto financing in 2025, your identity is probably on the dark web now. The company you never heard of sold your data security for profit.
The pattern: You apply for a car loan. The dealer checks your credit through 700Credit. A hacker steals your SSN. You find out months later. Nobody goes to jail. This is the system working as designed.
Your move: Freeze your credit with all three bureaus. Now. Not after you get the breach notification letter.
Ring Adds Facial Recognition to Doorbells
Monday, December 9 - Amazon rolled out AI-powered facial recognition to Ring video doorbells [6]. Your doorbell now identifies visitors by face.
What Ring can do now:
- Recognize and tag people approaching your door
- Build facial profiles over time
- Integrate with Flock Safety's police surveillance network
- Share footage with law enforcement on request
Remember: Ring already partnered with Flock Safety in October (a deal it would later cancel after public outrage). Flock's cameras are used by ICE, federal agencies, and 5,000+ police departments. Now Ring's 10+ million cameras can feed that same network.
The Ring-Flock-ICE pipeline: Someone approaches your neighbor's Ring doorbell. Facial recognition tags them. If they're in Flock's network, cops get alerted. If ICE is watching, they get the alert too. All from a $100 doorbell.
Senator Wyden's warning: Flock showed "little ability to prevent data misuse" and is "unable and uninterested" in stopping overreach. Now they're connected to Amazon's doorbell empire.
December 26: Facial Recognition Mandatory for All Non-Citizens
Coming in 11 days - Starting December 26, CBP will photograph every non-U.S. citizen entering or leaving the country [7].
What changes:
- Children under 14 and adults over 79 now included (previously exempt)
- Canadians now included (historically exempt)
- All land, sea, and air ports of entry
- U.S. citizens can opt out. Non-citizens cannot.
The justification is finding people on fraudulent documents or overstayed visas. The reality is building a comprehensive biometric database of everyone who crosses the border. That's 400+ million crossings per year.
What happens to the photos? They go to DHS databases. ICE can access them. [Clearview AI scraped 30 billion images](/articles/surveillance/ice-facial-recognition-real-time-deportation), including from government sources. The database grows forever.
UK Government Wants More Facial Recognition
Thursday, December 5 - The UK Home Office launched a 10-week consultation on expanding live facial recognition powers [8].
What they want:
- "Biggest breakthrough since DNA matching" for policing
- New legal framework for live facial recognition
- A dedicated oversight body (that they control)
- Permission to use it more broadly
Metropolitan Police made 1,300 arrests using facial recognition in two years. They want more. The "consultation" is asking how to expand it, not whether to.
The opposition: Big Brother Watch director Silkie Carlo warned the country would be "turned into an open prison" under these proposals. The government's response: launch the consultation anyway.
Salt Typhoon: Chinese Hackers Still Inside Telecom Networks
This week, the Senate Commerce Committee heard testimony that U.S. telecommunications networks remain vulnerable to Chinese state hackers [9].
The uncomfortable truth:
- Salt Typhoon hacked at least 9 major telecoms (AT&T, Verizon, T-Mobile, Lumen, others)
- They accessed the CALEA wiretapping system, the backdoor law enforcement uses
- They tracked millions of Americans' locations in real time
- They recorded calls of Trump, Vance, and Harris campaign staff
- They're still in the networks
Telecom companies have failed to prove the hackers are fully removed. Experts agree remediation is incomplete. The FCC admits "vulnerabilities are still being exploited."
The insane part: On November 20, FCC Chairman Brendan Carr voted to roll back rules put in place after Salt Typhoon to protect networks. Senator Cantwell strongly objected. The rules got rolled back anyway.
Chinese spies are inside American telecom networks. The government response is to weaken protections. Make it make sense.
Signal and WhatsApp Tracking Flaw Still Unpatched
Security researchers publicly released a tool demonstrating that 3 billion WhatsApp and Signal users can be tracked in real time using just their phone number [10].
How it works:
- Delivery receipts reveal when your phone is active
- Attackers can map your activity patterns without your knowledge
- The same technique can drain your battery (14-18% per hour)
- Can consume 13.3 GB of data per hour through reaction payloads
The problem: Researchers notified Meta and Signal Foundation in 2024. Neither has patched the flaw at the protocol level. Signal has stricter rate limits. WhatsApp has none.
CISA also warned this week that state-backed actors are actively targeting Signal and WhatsApp accounts through phishing, fake QR codes, and zero-click exploits [11]. High-value targets include current and former government officials.
The advice: End-to-end encryption is still important. But it's not magic. Metadata (who you talk to, when, for how long) is still exposed. The apps themselves are targets.
Palantir Lands $448 Million Navy Contract
Monday, December 9 - The US Navy awarded Palantir $448 million for "ShipOS," a system to speed submarine production using AI [12].
What Palantir is building:
- AI platform for shipyard operations
- Integration with Palantir's Foundry platform
- Artificial Intelligence Platform (AIP) deployment
- "Visibility" across the submarine production process
Palantir's stock is up 144% this year. Their government contracts keep growing: [ICE](/articles/surveillance/palantir-immigration-machine-277-million), [Army](/articles/surveillance/palantir-government-surveillance-ecosystem-billions), now Navy. The surveillance company that started with CIA money is now embedded in every branch of government, including its work on a cross-agency master database.
Fun fact: The Economist called Palantir "possibly the most overvalued firm of all time," trading at 600x earnings. Investors don't care. Government contracts are forever.
Border Patrol Built Nationwide License Plate Dragnet
ACLU and the Associated Press revealed that Border Patrol has built a nationwide driver surveillance system using automated license plate readers [13].
How it works:
- License plate readers deployed far beyond border zones
- Border Patrol "intelligence" operatives monitor movements
- Anyone they deem "suspicious" gets tracked
- Data shared across agencies
This isn't border security. It's domestic surveillance under a border security label. The same infrastructure that tracks "suspicious" drivers today can track protesters, journalists, or political opponents tomorrow. See how ICE tracks phones without a warrant through the Webloc system.
The Week in Breaches
For a full breakdown of 2025's worst data breaches, see The Breachies 2025: The Worst Data Breaches of the Year.
Marquis Software: 788,000 Bank Customers
Ransomware attack hit 74 banks and credit unions through their software vendor. Names, SSNs, account numbers exposed. The company waited until December to notify victims [14].
Renesas Electronics: Ransomware Claim
CoinbaseCartel claims to have attacked the semiconductor manufacturer. Renesas is "reviewing systems." Details unclear, but a major chip company potentially compromised.
What's Coming
December 26: CBP facial recognition goes mandatory for all non-citizens
January: State AI laws face federal legal challenges
2026: TSA plans facial recognition at 400+ airports
Immediate Actions
Do this week:
- Freeze your credit - 700Credit breach affects 5.6M. Don't wait for the letter.
- Review Ring settings - Disable facial recognition if you have Ring. Better: disable Ring.
- Check app permissions - WhatsApp/Signal tracking uses delivery receipts. Consider disabling read receipts.
- Document your travel - If you're at risk and flying, TSA shares manifests with ICE.
- Support sanctuary cities - They're why deportation goals aren't being met. That's resistance working.
The Pattern
Every story this week follows the same arc:
- TSA collected biometrics for "security." Now it feeds ICE.
- Ring sold doorbells for "safety." Now it does facial recognition for police.
- AI companies promised "innovation." Now they lobby to block accountability.
- Telecoms promised secure networks. Chinese hackers are still inside.
- Credit companies promised data protection. 5.6 million SSNs leaked.
The surveillance infrastructure isn't being built for the purpose they claim. It's being built because once it exists, it can be used for anything.
TSA's facial recognition wasn't supposed to be for deportations. Ring wasn't supposed to feed ICE databases. License plate readers weren't supposed to track Americans nationwide.
But here we are.
The infrastructure exists. The safeguards don't. The week before Christmas, the surveillance state is working overtime.
Happy holidays. They're watching.
References
- CNBC - TSA giving airline passenger data to ICE for deportation push (December 12, 2025)
- NPR - About a third of people arrested by ICE had no criminal record (December 10, 2025)
- CNBC - Trump signs executive order for single national AI regulation standard (December 11, 2025)
- TechCrunch - State AGs warn AI giants to fix 'delusional' outputs (December 10, 2025)
- TechCrunch - Data breach at 700Credit affects at least 5.6 million (December 12, 2025)
- TechCrunch - Amazon's Ring rolls out AI-powered facial recognition (December 9, 2025)
- Berardi Immigration Law - Facial recognition required for all non-US travelers Dec 26
- Emergency Services Times - UK government launches facial recognition consultation (December 5, 2025)
- Senate Commerce Committee - Networks remain vulnerable following Salt Typhoon (December 2025)
- CyberNews - WhatsApp and Signal users can be tracked in real time
- The Register - CISA: Spyware crews breaking into Signal, WhatsApp accounts
- Bloomberg - US Navy turns to Palantir for $448M ShipOS deal (December 9, 2025)
- ACLU - Border Patrol ALPR dragnet report (December 2025)
- BreachSense - Marquis Software Solutions breach affecting 788K customers