The federal government is using social media surveillance to target student visa holders living in the United States for online speech the Trump administration disfavors. The administration has initiated this new program, called “Catch and Revoke,” in an effort to revoke visas, and it appears to be a cross-agency collaboration between the State Department, the Department of Homeland Security (DHS), and the Department of Justice. It includes a dedicated task force and the use of AI and other data analytic tools to review the public social media accounts of tens of thousands of student visa holders. Though the full scope remains unclear, current reports indicate that the administration is surveilling for “pro-Hamas” sentiment, “antisemitic activity,” or even just “conduct that bears a hostile attitude toward U.S. citizens or U.S. culture.” At the time of publishing of this blog post, the federal government has already revoked over 1600 student visas for a variety of reasons.

This social media surveillance program is an alarming attack on freedom of speech and privacy—for both visa holders here in the United States and their American associates.

A Dangerous Erosion of Free Speech

While there is some nuance in the interplay between freedom of speech and immigration law, one principle is evident: foreign nationals who currently reside in the U.S.—including student visa holders—are protected by the First Amendment. The Supreme Court stated in Bridges v. Wixon (1945) that “[f]reedom of speech and of press is accorded aliens residing in this country.”

First Amendment-Protected Political Speech

Revoking student visas based, in part, on what students have said publicly on social media is especially constitutionally problematic given that the Trump administration is targeting core First Amendment-protected political speech. As the Supreme Court stated in Mills v. Alabama (1966), a central purpose of the First Amendment is to “protect the free discussion of governmental affairs,” whether on political issues, public officials, or how the government should operate.

The administration is targeting non-citizen students for “pro-Hamas,” antisemitic, and even just pro-Palestinian speech. Yet what falls under these categories is vague and not clearly defined. For example, the administration detained a Georgetown University researcher due to social media posts that are critical of Israel, but do not express support for Hamas.

More importantly, even controversial or offensive speech falls within the protections of the First Amendment. There are several categories of speech that do not enjoy First Amendment protection, including true threats of violence, inciting imminent violence, and providing material support for terrorism. However, short of rising to that level, the student speech targeted by the administration is protected by the First Amendment. Worse still, the administration is broadly going after students who simply appear to be “social activists” or are engaged in speech that is generically “anti-American.”

Such an overbroad social media surveillance and visa revocation program—one that sweeps in wholly lawful speech—strikes at the heart of what the First Amendment was intended to protect against.

Chilling Effect

Social media surveillance motivated by the government’s desire to punish political speech will chill (and certainly has already chilled) student visa holders from speaking out online.

The Supreme Court stated in Lamont v. Postmaster General (1965) that a government policy that causes individuals “to feel some inhibition” in freely expressing themselves “is at war with the ‘uninhibited, robust, and wide-open’ debate and discussion that are contemplated by the First Amendment.” More recently, Supreme Court Justice Sotomayor expressed in a concurring opinion that “[a]wareness that the Government may be watching chills associational and expressive freedoms” guaranteed by the First Amendment.

In other words, student visa holders are more likely to engage in self-censorship and refrain from expressing dissenting or controversial political views when they know they're being surveilled. Or they may choose to disengage from social media entirely, to avoid the risk that even seemingly harmless posts will affect their visa status and their ability to continue their education in the United States.

Student visa holders may also limit whom they connect with on social media, particularly if they fear those connections will have political views the current administration doesn’t like. The administration has not expressly stated that it will limit its surveillance only to the social media posts of student visa holders, which means it may also look at posts made by those in the students’ networks. This, too, undermines the First Amendment. The freedom to associate and express political views as a group—“particularly controversial ones”—is a fundamental aspect of freedom of speech, as the Supreme Court stated in its landmark NAACP v. Alabama (1958) decision.

American Citizens Impacted

Because student visa holders’ social networks undoubtedly include U.S. citizens, those citizens may also be subject to social media scrutiny, and therefore will also be chilled from freely speaking or associating online. Government agents have previously held visa holders responsible for the activity of their social media connections. Knowing this, a U.S. citizen who has a non-citizen friend or family member in the U.S. on a student visa might hesitate to post criticisms of the government—even if fully protected by the First Amendment—fearing the posts could negatively impact their loved one. A general climate of government surveillance may also lead U.S. citizens to self-censor on social media, even without any foreign national friends or family.

A Threat to Digital Privacy

Social media surveillance, even of publicly available profiles and especially with automated tools, can invade personal privacy. The Supreme Court has repeatedly held that the government’s collection and aggregation of publicly available personal information—particularly when enhanced by technology—can implicate privacy interests. The government can obtain personal information it otherwise would not have access to or that would usually be difficult to find across disparate locations.

Social media aggregates personal information in one place, including some of the most intimate details of our lives, such as our health information, likes and dislikes, political views and religious beliefs, and people with whom we associate. And automated tools can easily search for and help find this information. Even people who choose not to post much personal information on social media might still be exposed by comments and tags made by other users.

Constitutional Harms are Exacerbated by Automated Tools

The Trump administration is reportedly deploying artificial intelligence and other automated tools to assist in its review of student visa holders’ social media posts. While facts are still coming to light, any form of automation is likely to amplify speech and privacy harms to student visa holders.

By the government’s own assessment in another context—evaluating the admissibility of visa applicants (discussed below)—social media surveillance has not proven effective at assessing security threats.

Human review of public social media posts is itself prone to problems. Social media posts are highly context-specific, and government officials often have trouble differentiating between sarcasm, parody, and exaggeration from unlawful support for controversial causes. This leads to mistakes and misinterpretations. For example, in 2012 an Irish citizen was turned back at the border because DHS agents misinterpreted two of his Twitter posts: one, that he was going to “destroy America” – slang for partying – and two, that he was going to “dig up Marilyn Monroe’s grave” – a joke. These mistakes are even more likely when the posts are not in English or when they contain cultural references .

Human review augmented by automated tools is just as bad. Automated tools also have difficulty understanding the nuances of language, as well as the broader context in which a statement was made. These algorithms are also designed to replicate patterns in existing datasets, but if the data is biased, the technology simply reinforces those biases. As such, automated tools are similarly prone to mistakes and misinterpretations. Yet people often defer to automated outputs thinking they are correct or fair simply because a computer was used to produce them. And in some cases, decision-makers may even use these tools to justify or cover their own biases.

Most concerning would be if automated systems were permitted to make final visa revocation decisions without any human review. As EFF has repeatedly stated, automated tools should never get the final say on whether a person should be policed, arrested, denied freedom, or, in this case, stripped of a student visa and forcibly barred from completing their education.

Government Social Media Surveillance is Not New—and is Expanding

That the Trump administration is using social media surveillance on student visa holders residing in the United States is a disturbing apparent escalation of a longstanding trend.

EFF has long sounded the alarm on the civil liberty harms of government social media surveillance. In particular, since 2019, visa applicants have been required to disclose all social media accounts they have used in the last five years to the U.S. government. That policy is the subject of an ongoing lawsuit, Doc Society v. Pompeo, in which EFF filed an amicus brief.

Secretary of State Marco Rubio recently upped the ante by ordering officials to deny visas to new or returning student applicants if their social media broadly demonstrates “a hostile attitude toward U.S. citizens or U.S. culture (including government, institutions, or founding principles).” Notably, Rubio indicated this standard could also apply to current student visa holders. The State Department also announced it will review the social media of any visa applicant who has been to Gaza since 2007.

The Trump administration has also proposed dramatically expanding social media scrutiny by requiring non-citizens already legally residing in the U.S. to disclose social media accounts on a variety of forms related to immigration benefits, such as people seeking lawful permanent residency or naturalization. U.S. Citizenship and Immigration Services (USCIS), a component of DHS, also announced it would look for “antisemitic activity” on social media to deny immigration benefits to individuals currently in the country.

Protecting Your Accounts

There are general steps you can take to better protect your social media accounts from surveillance. Understand, however, that the landscape is shifting rapidly and not all protections are foolproof. Law enforcement may be able to get a warrant for your private information and messages if a judge is convinced there is preliminary evidence supporting probable cause of criminal activity. And non-governmental individuals and groups have recently used other forms of technology like face recognition to identify and report student activists for potential deportation. You should conduct your own individualized risk assessment to determine what online activity is safe for you.

Still, it never hurts to better secure your online privacy. For your current social media accounts, consider locking them down:

• Make public accounts private and ensure only approved connections can see your content. Note that if your past public posts have already been copied and saved by an outside party, making your account private will not undo this. It will, however, better protect your future posts.
• Some platforms make certain information publicly viewable, even if you’ve made your account private. Other information may be public by default, but can be made private. Review each platform’s privacy settings to limit what information is shared publicly, including friend lists, contact information, and location information.
• You should also review your friends or followers list to ensure you know every person you’ve approved, especially when making a once-public account private.

If you create a new social media account:

• Query whether you want to attach your legal name to it. Many platforms allow you to have a pseudonymous account.
• When setting up the account, don’t provide more personal information than is necessary.

EFF’s Surveillance Self-Defense guide provides additional information on protecting your social media accounts from a variety of actors. If you're not sure what information is publicly available about you on social networks or other sites, consider doing some research to see what, if anything, others would find.

By targeting international students for broad categories of online speech, this administration is fostering a climate of fear, making students anxious that a single post or errant “like” could cost them their U.S. visa or even lead to detention and deportation. This will, ultimately, stifle political debate and silence dissent–for non-citizens and citizens alike–undermining the open dialogue crucial to democracy.

In an unprecedented move, the U.S. Department of Treasury and the U.S. Department of Homeland Security (DHS) recently reached an agreement allowing the IRS to share with Immigration and Customs Enforcement (ICE) taxpayer information of certain immigrants. The redacted 15-page memorandum of understanding (MOU) was exposed in a court case, Centro de Trabajadores Unidos v. Bessent, which seeks to prevent the IRS from unauthorized disclosure of taxpayer information for immigration enforcement purposes. Weaponizing government data vital to the functioning and funding of public goods and services by repurposing it for law enforcement and surveillance is an affront to a democratic society. In addition to the human rights abuses this data-sharing agreement empowers, this move threatens to erode trust in public institutions in ways that could bear consequences for decades. 

Specifically, the government justifies the MOU by citing Executive Order 14161, which was issued on January 20, 2025. The Executive Order directs the heads of several agencies, including DHS, to identify and remove individuals unlawfully present in the country. Making several leaps, the MOU states that DHS has identified “numerous” individuals who are unlawfully present and have final orders of removal, and that each of these individuals is “under criminal investigation” for violation of federal law—namely, “failure to depart” the country under 8 U.S.C. § 1253(a)(1). The MOU uses this basis for the IRS disclosing to ICE taxpayer information that is otherwise confidential under the tax code.  

In practice, this new data-sharing process works like this: ICE makes a request for an individual’s name and address, taxable periods for which the return information pertains, the federal criminal statute being investigated, and reasons why disclosure of this information is relevant to the criminal investigation. Once the IRS receives this request from ICE, the agency reviews it to determine whether it falls under an exception to the statutory authority requiring confidentiality and provides an explanation if the request cannot be processed. 

But there are two big reasons why this MOU fails to pass muster. 

First, as the NYU Tax Law Center identified:

“While the MOU references criminal investigations, DHS recently reportedly told IRS officials that ‘they would hope to use tax information to help deport as many as seven million people.’ That is far more people than the government could plausibly investigate, or who are plausibly subject to criminal immigration penalties, and suggests DHS’s actual reason for pursuing the tax data is to locate people for civil deportation, making any ‘criminal investigation’ a false pretext to get around the law.” 

Second, it’s unclear how the IRS would verify the accuracy of ICE’s requests. Recent events have demonstrated that ICE’s deportation mandate trumps all else—with ICE obfuscating, ignoring, or outright lying about how they conduct their operations and who they target. While ICE has fueled narratives about deporting “criminals” to a notorious El Salvador prison, reports have repeatedly shown that most of those deported had no criminal histories. ICE has even arrested U.S. citizens based on erroneous information and blatant racial profiling. But ICE’s lack of accuracy isn’t new—in fact, a recent settlement in the case Gonzalez v. ICE bars ICE from relying on its network of erroneous databases to issue detainer requests. In that case, EFF filed an amicus brief identifying the dizzying array of ICE’s interconnected databases, many of which were out of date and incomplete and yet were still relied upon to deprive people of their liberty. 

In the wake of the MOU’s signing, several top IRS officials have resigned. For decades, the agency expressed interest in only collecting tax revenue and promised to keep that information confidential. Undocumented immigrants were encouraged to file taxes, despite being unable to reap benefits like Social Security because of their status. Many did, often because any promise of a future pathway to legalizing their immigration status hinged on having fulfilled their tax obligations. Others did because as part of mixed-status families, they were able to claim certain tax benefits for their U.S. citizen children. The MOU weaponizes that trust and puts immigrants in an impossible situation—either fail to comply with tax law or risk facing deportation if their tax data ends up in ICE’s clutches. 

This MOU is also sure to have a financial impact. In 2023, it was estimated that undocumented immigrants contributed $66 billion in federal and payroll taxes alone. Experts anticipate that due to the data-sharing agreement, fewer undocumented immigrants will file taxes, resulting in over $313 billion in lost tax revenue over 10 years. 

This move by the federal government not only betrays taxpayers and erodes vital trust in necessary civic institutions—it also reminds us of how little we have learned from U.S. history. After all, it was a piece of legislation passed in a time of emergency, the Second War Powers Act, that included the provision that allowed once-protected census data to assist in the incarceration of Japanese Americans during World War II. As the White House wrote in a report on big data in 2014, “At its core, public-sector use of big data heightens concerns about the balance of power between government and the individual. Once information about citizens is compiled for a defined purpose, the temptation to use it for other purposes can be considerable.” Rather than heeding this caution, this data-sharing agreement seeks to exploit it. This is yet another attempt by the current administration to sweep up and disclose large amounts of sensitive and confidential data. Courts must put a stop to these efforts to destroy data privacy, especially for vulnerable groups.

The Constitution prohibits dragnet device searches, especially when those searches are designed to uncover political speech, EFF explained in a friend-of-the-court brief filed in the U.S. Court of Appeals for the Tenth Circuit.

The case, Armendariz v. City of Colorado Springs, challenges device and data seizures and searches conducted by the Colorado Springs police after a 2021 housing rights march that the police deemed “illegal.” The plaintiffs in the case, Jacqueline Armendariz and a local organization called the Chinook Center, argue these searches violated their civil rights.

The case details repeated actions by the police to target and try to intimidate plaintiffs and other local civil rights activists solely for their political speech. After the 2021 march, police arrested several protesters, including Ms. Armendariz. Police alleged Ms. Armendariz “threw” her bike at an officer as he was running, and despite that the bike never touched the officer, police charged her with attempted simple assault. Police then used that charge to support warrants to seize and search six of her electronic devices—including several phones and laptops. The search warrant authorized police to comb through these devices for all photos, videos, messages, emails, and location data sent or received over a two-month period and to conduct a time-unlimited search of 26 keywords—including for terms as broad and sweeping as “officer,” “housing,” “human,” “right,” “celebration,” “protest,” and several common names. Separately, police obtained a warrant to search all of the Chinook Center’s Facebook information and private messages sent and received by the organization for a week, even though the Center was not accused of any crime.

After Ms. Armendariz and the Chinook Center filed their civil rights suit, represented by the ACLU of Colorado, the defendants filed a motion to dismiss the case, arguing the searches were justified and, in any case, officers were entitled to qualified immunity. The district court agreed and dismissed the case. Ms. Armendariz and the Center appealed to the Tenth Circuit.

As explained in our amicus brief—which was joined by the Center for Democracy & Technology, the Electronic Privacy Information Center, and the Knight First Amendment Institute at Columbia University—the devices searched contain a wealth of personal information. For that reason, and especially where, as here, political speech is implicated, it is imperative that warrants comply with the Fourth Amendment.

The U.S. Supreme Court recognized in Riley v. California that electronic devices such as smartphones “differ in both a quantitative and a qualitative sense” from other objects. Our electronic devices’ immense storage capacities means that just one type of data can reveal more than previously possible because they can span years’ worth of information. For example, location data can reveal a person’s “familial, political, professional, religious, and sexual associations.” And combined with all of the other available data—including photos, video, and communications—a device such as a smartphone or laptop can store a “digital record of nearly every aspect” of a person’s life, “from the mundane to the intimate.” Social media data can also reveal sensitive, private information, especially with respect to users' private messages.

It’s because our devices and the data they contain can be so revealing that warrants for this information must rigorously adhere to the Fourth Amendment’s requirements of probable cause and particularity.

Those requirements weren’t met here. The police’s warrants failed to establish probable cause that any evidence of the crime they charged Ms. Armendariz with—throwing her bike at an officer—would be found on her devices. And the search warrant, which allowed officers to rifle through months of her private records, was so overbroad and lacking in particularity as to constitute an unconstitutional “general warrant.” Similarly, the warrant for the Chinook Center’s Facebook messages lacked probable cause and was especially invasive given that access to these messages may well have allowed police to map activists who communicated with the Center and about social and political advocacy.

The warrants in this case were especially egregious because they appear designed to uncover First Amendment-protected activity. Where speech is targeted, the Supreme Court has recognized that it’s all the more crucial that warrants apply the Fourth Amendment’s requirements with “scrupulous exactitude” to limit an officer’s discretion in conducting a search. But that failed to happen here, and thus affected several of Ms. Armendariz and the Chinook Center’s First Amendment rights—including the right to free speech, the right to free association, and the right to receive information.

Warrants that fail to meet the Fourth Amendment’s requirements disproportionately burden disfavored groups. In fact, the Framers adopted the Fourth Amendment to prevent the “use of general warrants as instruments of oppression”—but as legal scholars have noted, law enforcement routinely uses low-level, highly discretionary criminal offenses to impose order on protests. Once arrests are made, they are often later dropped or dismissed—but the damage is done, because protesters are off the streets, and many may be chilled from returning. Protesters undoubtedly will be further chilled if an arrest for a low-level offense then allows police to rifle through their devices and digital data, as happened in this case.

The Tenth Circuit should let this case to proceed. Allowing police to conduct a virtual fishing expedition of a protester’s devices, especially when justification for that search is an arrest for a crime that has no digital nexus, contravenes the Fourth Amendment’s purposes and chills speech. It is unconstitutional and should not be tolerated.

Special thanks to legal intern Alissa Johnson, who was the lead author of this post.

EFF recently filed an amicus brief in the U.S. Court of Appeals for the D.C. Circuit urging the court to reverse a lower court decision upholding a State Department rule that forces visa applicants to the United States to disclose their social media identifiers as part of the application process. If upheld, the district court ruling has severe implications for free speech and privacy not just for visa applicants, but also the people in their social media networks—millions, if not billions of people, given that the “Disclosure Requirement” applies to 14.7 million visa applicants annually.

Since 2019, visa applicants to the United States have been required to disclose social media identifiers they have used in the last five years to the U.S. government. Two U.S.-based organizations that regularly collaborate with documentary filmmakers around the world sued, challenging the policy on First Amendment and other grounds. A federal judge dismissed the case in August 2023, and plaintiffs filed an appeal, asserting that the district court erred in applying an overly deferential standard of review to plaintiffs’ First Amendment claims, among other arguments.

Our amicus brief lays out the privacy interests that visa applicants have in their public-facing social media profiles, the Disclosure Requirement’s chilling effect on the speech of both applicants and their social media connections, and the features of social media platforms like Facebook, Instagram, and X that reinforce these privacy interests and chilling effects.

Social media paints an alarmingly detailed picture of users’ personal lives, covering far more information that that can be gleaned from a visa application. Although the Disclosure Requirement implicates only “public-facing” social media profiles, registering these profiles still exposes substantial personal information to the U.S. government because of the number of people impacted and the vast amounts of information shared on social media, both intentionally and unintentionally. Moreover, collecting data across social media platforms gives the U.S. government access to a wealth of information that may reveal more in combination than any individual question or post would alone. This risk is even further heightened if government agencies use automated tools to conduct their review—which the State Department has not ruled out and the Department of Homeland Security’s component Customs and Border Protection has already begun doing in its own social media monitoring program. Visa applicants may also unintentionally reveal personal information on their public-facing profiles, either due to difficulties in navigating default privacy setting within or across platforms, or through personal information posted by social media connections rather than the applicants themselves.

The Disclosure Requirement’s infringements on applicants’ privacy are further heightened because visa applicants are subject to social media monitoring not just during the visa vetting process, but even after they arrive in the United States. The policy also allows for public social media information to be stored in government databases for upwards of 100 years and shared with domestic and foreign government entities.  

Because of the Disclosure Requirement’s potential to expose vast amounts of applicants’ personal information, the policy chills First Amendment-protected speech of both the applicant themselves and their social media connections. The Disclosure Requirement allows the government to link pseudonymous accounts to real-world identities, impeding applicants’ ability to exist anonymously in online spaces. In response, a visa applicant might limit their speech, shut down pseudonymous accounts, or disengage from social media altogether. They might disassociate from others for fear that those connections could be offensive to the U.S. government. And their social media connections—including U.S. persons—might limit or sever online connections with friends, family, or colleagues who may be applying for a U.S. visa for fear of being under the government’s watchful eye.  

The Disclosure Requirement hamstrings the ability of visa applicants and their social media connections to freely engage in speech and association online. We hope that the D.C. Circuit reverses the district court’s ruling and remands the case for further proceedings.

A new report reveals that in just three months, from July 1 to September 30, 2023,  the San Francisco Police Department (SFPD) racked up 193 hours and 19 minutes of live access to non-city surveillance cameras. That means for the equivalent of 8 days, police sat behind a desk and tapped into hundreds of cameras, ostensibly including San Francisco’s extensive semi-private security camera networks, to watch city residents, workers, and visitors live. An article by the San Francisco Chronicle analyzing the report also uncovered that the SFPD tapped into these cameras to watch 42 hours of live footage during the Outside Lands music festival.

The city’s Board of Supervisors granted police permission to get live access to these cameras in September 2022 as part of a 15-month pilot program to see if allowing police to conduct widespread, live surveillance would create more safety for all people. However, even before this legislation’s passage, the SFPD covertly used non-city security cameras to monitor protests and other public events. In fact, police and the rich man who funded large networks of semi-private surveillance cameras both claimed publicly that the police department could easily access historic footage of incidents after the fact to help build cases, but could not peer through the cameras live. This claim was debunked by EFF and other investigators who revealed that police requested live access to semi-private cameras to monitor protests, parades, and public events—despite being the type of activity protected by the First Amendment.

When the Board of Supervisors passed this ordinance, which allowed police live access to non-city cameras for criminal investigations (for up to 24 hours after an incident) and for large-scale events, we warned that police would use this newfound power to put huge swaths of the city under surveillance—and we were unfortunately correct.

The most egregious example from the report is the 42 hours of live surveillance conducted during the Outside Lands music festival, which yielded five arrests for theft, pickpocketing, and resisting arrest—and only one of which resulted in the District Attorney’s office filing charges. Despite proponents’ arguments that live surveillance would promote efficiency in policing, in this case, it resulted in a massive use of police resources with little to show for it.

There still remain many unanswered questions about how the police are using these cameras. As the Chronicle article recognized:

…nearly a year into the experiment, it remains unclear just how effective the strategy of using private cameras is in fighting crime in San Francisco, in part because the Police Department’s disclosures don’t provide information on how live footage was used, how it led to arrests and whether police could have used other methods to make those arrests.

The need for greater transparency—and at minimum, for the police to follow all reporting requirements mandated by the non-city surveillance camera ordinance—is crucial to truly evaluate the impact that access to live surveillance has had on policing. In particular, the SFPD’s data fails to make clear how live surveillance helps police prevent or solve crimes in a way that footage after the fact does not. 

Nonetheless, surveillance proponents tout this report as showing that real-time access to non-city surveillance cameras is effective in fighting crime. Many are using this to push for a measure on the March 5, 2024 ballot, Proposition E, which would roll back police accountability measures and grant even more surveillance powers to the SFPD. In particular, Prop E would allow the SFPD a one-year pilot period to test out any new surveillance technology, without any use policy or oversight by the Board of Supervisors. As we’ve stated before, this initiative is bad all around—for policing, for civil liberties, and for all San Franciscans.

Police in San Francisco still don’t get it. They can continue to heap more time, money, and resources into fighting oversight and amassing all sorts of surveillance technology—but at the end of the day, this still won’t help combat the societal issues the city faces. Technologies touted as being useful in extreme cases will just end up as an oversized tool for policing misdemeanors and petty infractions, and will undoubtedly put already-marginalized communities further under the microscope. Just as it’s time to continue asking questions about what live surveillance helps the SFPD accomplish, it’s also time to oppose the erosion of existing oversight by voting NO on Proposition E on March 5. 

The U.S.-Mexico border continues to be one of the most politicized spaces in the country, with leaders in both political parties supporting massive spending on border security, including technological solutions such as the so-called "virtual wall." We spent the year documenting surveillance technologies at the border and the impacts on civil liberties and human rights of those who live in the borderlands.

In early 2023, EFF staff completed the last of three trips to the U.S.-Mexico border, where we met with the residents, activists, humanitarian organizations, law enforcement officials, and journalists whose work is directly impacted by the expansion of surveillance technology in their communities.

Using information from those trips, as well as from public records, satellite imagery, and exploration in virtual reality, we released a map and dataset of more than 390 surveillance towers installed by Customs and Border Protection (CBP) along the U.S.-Mexico border. Our data serves as a living snapshot of the so-called "virtual wall," from the California coast to the lower tip of Texas. The data also lays the foundation for many types of research ranging from border policy to environmental impacts.

We also published an in-depth report on Plataforma Centinela (Sentinel Platform), an aggressive new surveillance system developed by Chihuahua state officials in collaboration with a notorious Mexican security contractor. With tentacles reaching into 13 Mexican cities and a data pipeline that will channel intelligence all the way to Austin, Texas, the monstrous project is unlike anything seen before along the U.S.-Mexico border. The strategy adopts nearly every cutting-edge technology system marketed at law enforcement: 10,000 surveillance cameras, face recognition, automated license plate recognition, real-time crime analytics, a fleet of mobile surveillance vehicles, drone teams and counter-drone teams, and more. It also involves a 20-story high-rise in downtown Ciudad Juarez, known as the Torre Centinela (Sentinel Tower), that will serve as the central node of the surveillance operation. We’ll continue to keep a close eye on the development of this surveillance panopticon.

Finally, we weighed in on the dangers of border surveillance on civil liberties by filing an amicus brief in the U.S. Court of Appeals for the Ninth Circuit. The case, Phillips v. U.S. Customs and Border Protection, was filed after a 2019 news report revealed the federal government was conducting surveillance of journalists, lawyers, and activists thought to be associated with the so-called “migrant caravan” coming through Central America and Mexico. The lawsuit argues, among other things, that the agencies collected information on the plaintiffs in violation of their First Amendment rights to free speech and free association, and that the illegally obtained information should be “expunged” or deleted from the agencies’ databases. Unfortunately, both the district court and a three-judge panel of the Ninth Circuit ruled against the plaintiffs. The plaintiffs urged the panel to reconsider, or for the full Ninth Circuit to rehear the case. In our amicus brief, we argued that the plaintiffs have privacy interests in personal information compiled by the government, even when the individual bits of data are available from public sources, and especially when the data collection is facilitated by technology. We also argued that, because the government stored plaintiffs’ personal information in various databases, there is a sufficient risk of future harm due to lax policies on data sharing, abuse, or data breach.

Undoubtedly, next year’s election will only heighten the focus on border surveillance technologies in 2024. As we’ve seen time and again, increasing surveillance at the border is a bipartisan strategy, and we don’t expect that to change in the new year.

This blog is part of our Year in Review series. Read other articles about the fight for digital rights in 2023.

EFF filed an amicus brief in the U.S. Court of Appeals for the Ninth Circuit in a case that has serious implications for people’s First Amendment rights to engage in cross-border journalism and advocacy.

In 2019, the local San Diego affiliate for NBC News broke a shocking story: components of the federal government were conducting surveillance of journalists, lawyers, and activists thought to be associated with the so-called “migrant caravan” coming through Central America and Mexico.

The Inspector General for the Department of Homeland Security, the agency’s watchdog, later reported that the U.S. government shared sensitive information with the Mexican government, and U.S. officials had improperly asked Mexican officials to deny entry into Mexico to Americans to prevent them from doing their jobs.

The ACLU of Southern California, representing three of these individuals, sued Customs & Border Protection (CBP), Immigration & Customs Enforcement (ICE), and the FBI, in a case called Phillips v. CBP. The lawsuit argues, among other things, that the agencies collected information on the plaintiffs in violation of their First Amendment rights to free speech and free association, and that the illegally obtained information should be “expunged” or deleted from the agencies’ databases.

Unfortunately, both the district court and a three-judge panel of the Ninth Circuit ruled against the plaintiffs.

The panel held that the plaintiffs don’t have standing to bring the lawsuit because they don’t have sufficient privacy interests in the personal information the government collected about them, in part because the data was gleaned from public sources such as social media. The panel also held there is no standing because there isn’t a sufficient risk of future harm from the government’s retention of the information.

The plaintiffs recently asked the three-judge panel to reconsider its decision, or alternatively, for the full Ninth Circuit to conduct an en banc review of the panel’s decision. 

In our amicus brief, we argued that the plaintiffs have privacy interests in the personal information the government collected about them, which included details about their First Amendment-protected “political views and associations.” We cited to Supreme Court precedent that has found privacy interests in personal information compiled by the government, even when the individual bits of data are available from public sources, and especially when the data collection is facilitated by technology.

We also argued that, because the government stored plaintiffs’ personal information in various databases, there is a sufficient risk of future harm. These risks include sharing data across agencies or even with other governments due to lax or nonexistent policies on data sharing; government employees abusing individuals’ data; and CBP’s poor track record of keeping digital data safe from data breaches.

We hope that the panel reconsiders its erroneous decision and holds that the plaintiffs have standing to seek expungement of the information the government collected about them; or that the full Ninth Circuit agrees to review the panel’s original decision, to protect Americans’ free speech and privacy rights.

The FBI recently released its proposed budget for 2024, and its request for a massive increase in funding for its DNA database should concern us all. The FBI is asking for an additional $53 million in funding to aid in the collection, organization, and maintenance of its Combined DNA Index System (CODIS) database in the wake of a 2020 Trump Administration rule that requires the Department of Homeland Security to collect DNA from anyone in immigration detention. The database approximately houses the genetic information on over 21 million people, adding an average of 92,000 DNA samples a month in the last year alone–over 10 times the historical sample volume. The FBI’s increased budget request demonstrates that the federal government has, in fact, made good on its projection of collecting over 750,000 new samples annually from immigrant detainees for CODIS. This type of forcible DNA collection and long-term hoarding of genetic identifiers not only erodes civil liberties by exposing individuals to unnecessary and unwarranted government scrutiny, but it also demonstrates the government’s willingness to weaponize biometrics in order to surveil vulnerable communities.

After the Supreme Court’s decision in Maryland v. King (2013), which upheld a Maryland statute to collect DNA from individuals arrested for a violent felony offense, states have rapidly expanded DNA collection to encompass more and more offenses—even when DNA is not implicated in the nature of the offense. For example, in Virginia, the ACLU and other advocates fought against a bill that would have added obstruction of justice and shoplifting as offenses for which DNA could be collected. The federal government’s expansion of DNA collection from all immigrant detainees is the most drastic effort to vacuum up as much genetic information as possible, based on false assumptions linking crime to immigration status despite ample evidence to the contrary.

As we’ve previously cautioned, this DNA collection has serious consequences. Studies have shown that increasing the number of profiles in DNA databases doesn’t solve more crimes. A 2010 RAND report instead stated that the ability of police to solve crimes using DNA is “more strongly related to the number of crime-scene samples than to the number of offender profiles in the database.” Moreover, inclusion in a DNA database increases the likelihood that an innocent person will be implicated in a crime. 

Lastly, this increased DNA collection exacerbates the existing racial disparities in our criminal justice system by disproportionately impacting communities of color. Black and Latino men are already overrepresented in DNA databases. Adding nearly a million new profiles of immigrant detainees annually—who are almost entirely people of color, and the vast majority of whom are Latine—will further skew the 21 million profiles already in CODIS.

We are all at risk when the government increases its infrastructure and capacity for collecting and storing vast quantities of invasive data. With the resources to increase the volume of samples collected, and an ever-broadening scope of when and how law enforcement can collect genetic material from people, we are one step closer to a future in which we all are vulnerable to mass biometric surveillance.