Sunday, December 29, 2025. The week between Christmas and New Year's. The surveillance state didn't take a holiday.

December 26 came and went. Now every non-citizen gets photographed at every U.S. border crossing. The FBI quietly revealed it's expanding biometric collection globally. The FCC banned all foreign-made drones. And Italy fined Apple nearly $100 million, for implementing a privacy feature.

Here's everything that happened while you were digesting holiday leftovers.

CBP Biometric Collection Goes Live: Every Non-Citizen, Every Crossing

Thursday, December 26 - The day arrived. U.S. Customs and Border Protection activated its mandatory biometric entry-exit program at every airport, seaport, and land crossing in the country [1].

What changed:

  • All non-citizens photographed on arrival AND departure
  • Children under 14 (previously exempt) now included
  • Adults over 79 (previously exempt) now included
  • Canadians (historically exempt) now included
  • Refuse? Denied boarding, denied entry, denied departure verification

The data retention: Your photo can be stored for up to 75 years. Not a typo. Seventy-five years. DHS says it's for "national security." Privacy advocates call it a permanent biometric database of everyone who's ever crossed a U.S. border.

The administration's justification: Citing the 2026 FIFA World Cup, America250 celebrations, and the 2028 Los Angeles Olympics, DHS says the system will "safeguard Americans and restore American airspace sovereignty."

What to know: U.S. citizens can still opt out, for now. But the infrastructure is built. The cameras are everywhere. The database is growing.

Full coverage: CBP Biometric Collection: What Changes December 26, 2025

FBI Director Reveals "Vast Expansion" of Overseas Biometrics

This week - FBI Director Kash Patel casually revealed on X that the bureau has "undertaken a project earlier this year to vastly expand our overseas biometrics program" [2].

What we know:

  • FBI is building a global biometric screening architecture
  • Goal: identify and disrupt people before they reach U.S. territory
  • FBI's Next Generation Identification (NGI) system contains hundreds of millions of fingerprints, palm prints, facial images, and iris scans
  • The expansion aims to screen people abroad, not just at the border

The context: This isn't just border security. This is the FBI building infrastructure to scan faces internationally before people ever get on a plane. Combined with the CBP program that just went live, the U.S. is assembling a global biometric dragnet.

What wasn't said: Patel didn't specify which countries, what agreements are in place, or what oversight exists. The announcement came in a social media post, not a formal policy document. That's concerning.

Deep dive: FBI Global Biometrics Expansion: Scanning Faces Before You Board

FCC Adds All Foreign-Made Drones to "Covered List": The DJI Ban

Sunday, December 22 - The FCC added all foreign-manufactured drones and foreign-produced drone components to its Covered List, citing national security risks [3].

What it means:

  • Chinese-made drones (DJI owns 70%+ of the market) effectively banned from U.S. government use
  • Covers complete drones AND critical components
  • Federal funds cannot be used to purchase covered equipment
  • Restrictions affect public safety agencies, not just consumers

The stated concerns:

  • Foreign entities could disable drone fleets used by U.S. public safety agencies
  • Coordinated swarms of privately-owned drones could be used for "disruptive or coercive effect"
  • Data collected by drones could be used for "surveillance or intelligence operations"

The irony: The U.S. government is worried about foreign surveillance through drones, while simultaneously building the world's most comprehensive domestic biometric surveillance system. The concern is who's doing the watching, not that the watching is happening.

Deep dive: The DJI Ban: FCC Blocks All Foreign-Made Drones

Italy Fines Apple €98.6 Million for a Privacy Feature

Sunday, December 22 - Italy's Competition Authority slapped Apple with a $116 million fine over its App Tracking Transparency feature [4].

What happened:

  • Apple's ATT requires apps to ask permission before tracking you
  • Italy's regulator says this is "disproportionate" and "harmful" to advertisers
  • Apple found to have "abused its dominant position"
  • The fine: €98.6 million

The absurdity: Apple gets fined for letting users choose not to be tracked. The regulator isn't mad that tracking happens, they're mad that Apple made it optional. The advertisers' right to track you apparently outweighs your right to say no.

Apple's defense: They argue ATT protects user privacy and gives people control over their data. Italy says the feature is "excessively burdensome for developers" because EU users now face both ATT prompts and GDPR consent requests.

The message: Privacy features can be punished as anti-competitive. In Europe, protecting users from tracking is apparently unfair to trackers.

Deep dive: Italy Fines Apple $116 Million for Letting You Block Tracking

ICE Surveillance Spending Hits $300 Million, Now With AI Bounty Hunters

This week - Federal records show ICE ramping up surveillance technology spending under the mass deportation push, with more than $300 million allocated for tracking tools [5].

What they're buying:

  • Social media monitoring
  • Facial recognition
  • License plate readers
  • Location tracking services
  • AI agents from a company called AI Solutions 87

The new wrinkle, AI bounty hunting: AI Solutions 87 is providing ICE with "AI agents" that can autonomously track "people of interest and map out their family and other associates more quickly." Machine learning to find your relatives.

The contracts:

  • Palantir: $139+ million for ICE's Investigative Case Management system
  • Clearview AI: $3.75 million contract, potentially $9.2 million through 2027
  • Private bounty hunters: Corporate investigators using surveillance tools for monetary bonuses

The data access: ICE has signed agreements with Social Security Administration, IRS, and Health and Human Services. Under the SSA deal, ICE can request up to 50,000 records per month. They requested over a million IRS records in four months.

Related: The Complete ICE Surveillance Tech Stack and our guide to ICE's $8.5 billion surveillance arsenal

Deep dive: ICE Hired AI Bounty Hunters to Track Immigrants and Their Families

48 House Democrats Push Back on DHS Biometric Expansion

December 2025 - Nearly 50 House Democrats sent a letter to DHS demanding answers about a proposed rule that would expand biometric data collection across migration processes [6].

Their concerns:

  • The proposed rule provides "no meaningful detail" on how DHS will secure the data
  • New biometric datasets would be created with unclear oversight
  • Data could be reused across multiple migration and naturalization processes
  • Limited accountability for how biometrics are shared

The letter stated: "The proposed rule provides no meaningful detail on how DHS will secure, limit, or oversee the new and expansive datasets it would create."

The timing: This pushback comes the same week mandatory biometric collection went live at the border. Congress is concerned, but the collection is already happening.

Ring Familiar Faces Is Rolling Out Now

December 2025 - Amazon's facial recognition feature for Ring doorbells is now live across the United States, except in states with biometric privacy laws [7].

How it works:

  • Scans every face that appears at your door
  • Matches against a database you create
  • Stores biometric data in Amazon's cloud
  • Keeps untagged faces for 6 months
  • Off by default, requires Ring Protect subscription

Where it's NOT available: Illinois, Texas, and Portland, because those jurisdictions have biometric privacy laws with actual enforcement. Facebook paid $650 million in Illinois. Google paid $1.375 billion in Texas. Amazon knows the math.

EFF's response: Staff attorney Mario Trujillo said: "When you step in front of one of these cameras, your faceprint is taken and stored on Amazon's servers, whether you consent or not."

Deep dive: Ring Cameras Get Face Scanning: Your Mailman Never Consented

SEC Hosts "Financial Surveillance and Privacy" Roundtable

Monday, December 15 - The SEC's Crypto Task Force held a roundtable explicitly titled "Financial Surveillance and Privacy," possibly the first time a federal regulator used that phrase openly [8].

SEC Chair Paul Atkins stated: "Whether people can participate in modern finance without surrendering their privacy" is "profoundly American."

What was discussed:

  • Zero-knowledge proofs as privacy-preserving compliance tools
  • The tension between anti-money-laundering rules and financial privacy
  • Whether crypto forces a reconsideration of 21st-century surveillance

Commissioner Hester Peirce noted: Tools are being developed to "enable law-abiding citizens to live private lives and protect themselves from bad actors."

Related development: The Anti-CBDC Surveillance State Act passed the House 219-210, prohibiting Federal Reserve banks from issuing a central bank digital currency without explicit congressional approval.

Deep dive: The SEC Asked: Can You Use Money Without Being Watched?

South Korea: Facial Recognition for New Phone Numbers

December 27 - South Korea announced it will require facial recognition when signing up for a new mobile phone number, supposedly to fight scams [9].

The requirement:

  • Face scan mandatory for new mobile number registration
  • Ostensibly to prevent phone-based fraud
  • Implemented by Ministry of Science and ICT

The concern: Your face becomes your phone number verification. Biometrics as identity verification for basic communications. What happens when that database leaks?

The pattern: Governments worldwide are making biometrics mandatory for everyday activities. India wants always-on satellite tracking in phones. South Korea wants face scans for phone numbers. The U.S. wants photos of everyone crossing the border.

EFF Sues DOJ and DHS Over ICE App Removal Demands

December 2025 - EFF filed suit against the Department of Justice and Department of Homeland Security to uncover information about the federal government demanding tech companies remove apps that document immigration enforcement activities [10].

What EFF discovered:

  • Government agencies demanded removal of apps used to document ICE activity
  • The demands targeted tools used by immigration advocates and journalists
  • Details about which apps and which platforms remain classified

Why it matters: If the government can pressure tech companies to remove documentation tools, it becomes harder to hold enforcement accountable. The lawsuit seeks transparency about these demands.

Also from EFF this month: They're suing to stop the Office of Personnel Management from sharing millions of Americans' private information with Elon Musk's "Department of Government Efficiency."

The Week in Breaches

Goldman Sachs: Third-Party Law Firm Breach

Some Goldman Sachs client data may have been exposed through a cybersecurity incident at one of the bank's law firms. Details are limited: neither Goldman nor the law firm has specified what data leaked or how many clients were affected [11].

Under Armour: 343 Gigabytes Stolen

The Everest ransomware group claims to have stolen 343 GB of internal Under Armour data in November, including personal information of "millions" of people worldwide. A class action lawsuit has been filed [12].

WIRED Magazine: 2.3 Million Records

2.3 million records from WIRED magazine users, allegedly obtained from parent company Condé Nast, were published online. Data includes email addresses and display names [13].

Artisans' Bank: Ransomware via Third-Party Vendor

Artisans' Bank learned in October that its vendor, Marquis Software Solutions, was hit with ransomware. Customer data including Social Security numbers and addresses was compromised. Investigations are ongoing [14].

What's Coming

January 1, 2026: California's DELETE platform (DROP) launches: one-click data broker opt-out for California residents

January 1, 2026: Apple and Google's new age verification APIs required for App Store Accountability Act compliance

January 31, 2026: Deadline for data broker registration with California or face $200/day fines

2026: Section 702 FISA expires unless Congress reauthorizes

2026: TSA facial recognition expansion to 400+ airports

Immediate Actions

Do this week:

  1. Prepare for California's DELETE platform - Launches January 1. Start documenting which data brokers have your info now. See how the data broker loophole lets the government buy your data.
  2. Freeze your credit at all three bureaus - Goldman Sachs, Under Armour, Artisans' Bank. The breaches keep coming. Freeze before they get to you.
  3. Know your rights for ICE encounters - $300 million in new surveillance tech. AI bounty hunters. Mobile biometric apps. Know what to say and what not to say.
  4. Check your Ring settings - If you have Ring cameras, review all facial recognition and sharing settings. Don't enable Familiar Faces.
  5. Review facial recognition countermeasures - The biometric border is live. Ring is scanning faces. Know your options.

The Pattern

This was the week the infrastructure went live.

December 26 wasn't just a policy change, it was activation. Now every non-citizen who crosses a U.S. border gets photographed, databased, tracked. Children. Elderly. Everyone. The 75-year retention means your grandchildren could still be in the system.

Meanwhile, the FBI is building the same infrastructure overseas. ICE is deploying AI that autonomously tracks families. Ring cameras are scanning faces in neighborhoods across America. The components are connecting.

Italy fining Apple for a privacy feature tells you where things are headed. Privacy is anti-competitive. Opting out hurts advertisers. Your choice to not be tracked is someone else's lost revenue.

But there's pushback. 48 House Democrats demanding answers about biometric expansion. Courts requiring warrants for FISA searches. California's DELETE platform launching in three days. EFF suing to expose government pressure on tech companies.

The surveillance infrastructure is growing faster than the resistance. But the resistance is growing.

Happy New Year. They're still watching.


References

  1. VisaHQ - Nationwide Biometric Entry-Exit Program Launches (December 26, 2025)
  2. Biometric Update - FBI director hints at bureau's quiet expansion of global biometrics reach (December 2025)
  3. Holland & Knight - FCC Adds All Foreign-Made Drones to Covered List (December 22, 2025)
  4. MacRumors - Italy Fines Apple Over App Tracking Transparency (December 22, 2025)
  5. The Intercept - 10 Companies Have Already Made $1 Million as ICE Bounty Hunters (December 23, 2025)
  6. FedScoop - Lawmakers push back on proposed DHS data collection expansion (December 2025)
  7. Fox News - Amazon Ring gets AI upgrade with controversial facial recognition feature (December 2025)
  8. SEC.gov - Crypto Task Force Roundtable on Financial Surveillance and Privacy (December 15, 2025)
  9. The Record - South Korea to require facial recognition for new mobile numbers (December 2025)
  10. EFF - 2025 in Review (December 2025)
  11. PYMNTS - Goldman Sachs Third-Party Data Breach (December 2025)
  12. ClassAction.org - Under Armour Data Breach Class Action (December 2025)
  13. Have I Been Pwned - WIRED Data Breach (December 2025)
  14. GlobeNewswire - Artisans' Bank Data Breach Alert (December 28, 2025)