Category: Ethics
ID.me expands reach of digital identity wallet for healthcare management
U.S. patient access and healthcare records management provider Flexpa has signed on to use ID.me’s digital identity wallet to give Americans an interoperable way to securely and easily access and share their medical records.
Patients perform identity verification with ID.me to receive their trusted credential, which they can then use to sign in wherever ID.me is accepted. The company says its reusable, privacy-preserving credential makes access easier and raises pass rates for legitimate users while reducing process abandonment and fraud.
Flexpa’s platform connects to any patient access network through the TEFCA framework, according to the announcement. The company provides patient consent management and credentials including smart cards and QR codes to streamline healthcare workflows. Data provided by Flexpa is formatted according to Fast Healthcare Interoperability Resources (FHIR) standard.
“Trust is the foundation of interoperability,” says Blake Hall, founder and CEO of ID.me. “Patients, providers, practice administrators, and payers all need confidence that health data is being accessed by the right person. By pairing ID.me’s digital identity network with Flexpa’s APIs, we’re creating a secure and seamless way for patients to take control of their records while protecting everyone against the surge of AI-driven fraud.”
For ID.me, the deal continues a steady push into the healthcare sector that also includes participation in an interoperability initiative from the U.S. Centers for Medicare and Medicaid Services (CMS). The partners say they will align their joint solution with the Interoperability Framework CMS is expected to launch later this year.
There are already 154 million people with the ID.me digital identity wallet, and 78 million of them are verified to the NIST AAL2/IAL2 standards used by the federal government for secure user authentication.
Some of those users joined through the Department of Veterans Affairs’ adoption of ID.me (or Login.gov) last year for access to benefits and healthcare services. ID.me also powers identity verification and consent processes for OtisHealth, another app for access to medical records, in a 2024 deal that marked the first connection between a digital credential service provider and the TEFCA framework.
Surveillance shadows No Kings protests
On October 18, seven million Americans poured into streets and public squares across the nation to take part in what became the largest protest ever of a sitting U.S. president. The No Kings protests spanned more than 2,600 locations in all fifty states, billed as a collective declaration that no president should rule unchecked.
But as citizens exercised their right to assemble, many worried that they were being quietly observed – watched by drones, tracked by algorithms, or profiled in digital dossiers built far from the streets they marched upon.
Three months earlier, a group of Democratic senators led by Massachusetts’s Ed Markey had written to Department of Homeland Security (DHS) Secretary Kristi Noem demanding transparency about the department’s use of surveillance technologies at public demonstrations.
The lawmakers sought details about drones, cellphone-exploitation tools, facial recognition systems, and DHS’s increasingly routine monitoring of social media activity around protests.
The senators never received a reply.
“Donald Trump has shown he’ll aggressively weaponize government powers to squelch dissent,” Markey said in a statement ahead of the protests. “At this weekend’s No Kings demonstrations, the administration must refrain from surveilling Americans who are exercising their constitutional rights.”
The warning echoed years of unease about DHS and its intelligence branch, the Office of Intelligence and Analysis (I&A). Civil liberties advocates and journalists have accused I&A of blurring the line between situational awareness and political surveillance.
Internal records released in recent years show that I&A analysts have monitored social-media posts, hashtags, and livestreams related to protest movements and forwarded summaries to law-enforcement partners through the nation’s network of “fusion centers.”
DHS maintains that its collection is limited to “publicly available information,” what is called open source intelligence, but critics say that widespread social-media scraping of protest content can still chill free expression and association.
Those concerns deepened when Property of the People, a government-transparency organization, obtained a bulletin from the Central California Intelligence Center – one of seventy-nine federally supported fusion centers – flagging No Kings rallies as subjects of ongoing intelligence reports.
The memo identified Sacramento, Fresno, and Stockton among dozens of protest sites nationwide. While acknowledging that the events were billed as “non-violent,” analysts wrote that “additional intelligence products” were being prepared. The center did not respond to questions about the bulletin.
When asked about October 18 monitoring, the National Fusion Center Association declined to comment directly, instead pointing reporters to a 2011 federal guidance document titled, Recommendations for First Amendment-Protected Events.
The document outlines how agencies may gather and share data about protests while “respecting constitutional protections,” language civil liberties lawyers say is so vague that it effectively authorizes continuous data collection under the banner of public safety.
The American Civil Liberties Union (ACLU) has warned that fusion centers, originally built after 9/11 to coordinate counterterrorism, have evolved into domestic intelligence pipelines that treat political activism as potential threat intelligence.
“Under previous administrations, law enforcement surveillance of peaceful demonstrations was already commonplace and corrosive of free expression … [now] such surveillance poses an existential threat to what remains of American democracy,” said Ryan Shapiro, executive director of Property of the People told Reuters. “Given Trump’s open hostility to even minor dissent, such surveillance now poses an existential threat to what remains of American democracy and only underscores the need for mass protest.”
Don Bell of The Constitution Project at POGO added, “There are virtually no legal guardrails in place to prevent mass surveillance, and what did exist has been bulldozed.”
In Chicago, where one of the largest gatherings drew roughly 100,000 people to Grant Park, journalists found their aerial coverage restricted.
For roughly ten days leading up to the protest, the Federal Aviation Administration (FAA) imposed a Temporary Flight Restriction at DHS’s request, grounding all non-government drones while leaving government aircraft exempt.
The order, which expired less than a week before the demonstration, cited “security concerns.”
Though the restriction was lifted before October 18, its effects lingered. Independent pilots and media outlets remained uncertain of their legal standing, while DHS and local police retained aerial access. Press freedom advocates called the situation a one-sided visibility regime.
Aerial precedent also fed public unease. Earlier in the summer, Customs and Border Protection had acknowledged deploying Predator-class drones over Los Angeles in support of federal operations near protest zones.
DHS said the flights were not directed at demonstrators, but released video later included close-range footage of protest marches. Civil rights attorneys warn that such aircraft and their sophisticated imaging payloads could easily be retasked for domestic crowd observation elsewhere in the country.
In Portland, reporters from Oregon Public Broadcasting documented official videographers and drones filming crowds near the federal immigration complex.
In Austin, Governor Greg Abbott ordered a “multi-agency posture” that activated Texas National Guard and Department of Public Safety assets before the marches began, a move state officials described as precautionary but that protesters saw as intimidation.
Just before the demonstrations, Amazon’s Ring doorbell network announced an integration with Flock Safety’s automated license-plate reader system, enabling police to issue geofenced “Community Requests” for user-submitted footage. Shared videos are routed into Axon’s digital-evidence cloud, linking neighborhood cameras directly to police databases.
Privacy groups warn that the arrangement effectively transforms residential areas into auxiliary surveillance grids, especially when marches pass through business districts or streets blanketed with Ring devices.
The legal terrain governing protest surveillance remains unsettled. In 2024, the Fifth Circuit Court of Appeals ruled that “geofence warrants” – court orders demanding data on every mobile device within a geographic area – violate the Fourth Amendment.
Other circuits have upheld narrower versions, creating a patchwork of standards that means a protester’s phone might be swept into a dragnet in one jurisdiction but protected in another.
Drone-surveillance statutes differ just as sharply. The Illinois Freedom from Drone Surveillance Act bars most police deployments absent warrants or emergencies, while Oregon requires judicial authorization for sustained observation.
Yet those state limits stop at the edge of federal authority. When DHS, the Federal Bureau of Investigation, or the FAA invoke national-security powers, local restrictions fall away, leaving protesters unsure which laws apply and who, if anyone, can be held accountable.
DHS’s continued social-media monitoring adds another layer of uncertainty. The department’s intelligence analysts conduct “open-source situational awareness” by scanning protest-related posts across major platforms, compiling keyword and geotag summaries shared with partner agencies.
Officials defend the practice as necessary for public safety, but civil liberties groups argue it edges into political profiling. For protesters organizing under the No Kings banner, the line between publicity and exposure blurred the moment a hashtag could summon a federal analyst’s attention.
Whether or not specific technologies were deployed against marchers on October 18, the perception of surveillance changed behavior. Many participants left smartphones at home, used encrypted messaging, or wore hats and masks to foil facial-recognition algorithms.
For organizers, the uncertainty itself became a form of control. The government no longer needs to announce observation; the suspicion of it is deterrent enough.
The No Kings demonstrations ended peacefully, but they revealed how thoroughly digital surveillance now shadows civic life. Protest in the United States increasingly unfolds in two spaces – physical and informational – where every chant and banner can generate a data point stored in systems the public rarely sees.
Drones, fusion centers, social-media monitoring, and smart-camera networks together form a distributed observatory whose reach dwarfs anything imagined in earlier protest eras.
The No Kings movement sought to affirm that no leader stands above the people. Yet its participants confronted the sobering truth that in the age of pervasive surveillance, even dissent itself has become an object of observation.
Great global age assurance show plays out from New Zealand to Texas
New Zealand’s Privacy Commissioner isn’t convinced that Australia’s incoming prohibition on social media accounts for users under 16 is a good idea. In a recent webinar hosted by IAPP, “Conversations on privacy in Aotearoa,” New Zealand Privacy Commissioner Michael Webster and Deputy Privacy Commissioner Liz MacPherson talk about the challenges facing regulators in the AI age, and weigh in on its neighbor’s controversial and closely-watched age verification law.
Webster raises privacy concerns about the so-called social media ban, noting that they impact everyone. “It’s not just children who are affected by something like an under-16 social media ban,” he says. “To prove your age, it affects every user.” It’s a fair point, which some appear to have struggled with in the rollout of the UK’s Online Safety Act: age assurance is intended to protect children, but adults have to do it, too.
Webster says New Zealand has the luxury of observing what policy work has already been done in other countries – Australia and elsewhere. He believes there should probably be more questions directed at the providers of social media platforms, “in terms of both the self-policing function and the undoubted need for some regulation around what happens with social media.”
Don’t make cigarettes out of free speech, says NetChoice
Across the pond in the U.S., tech lobby NetChoice continues to rattle its chains at legislators and their pesky age assurance laws. Its latest missive calls California’s AB 56, “a censorship provision requiring that online services become ‘roving censors for the state’ and display government-approved warning messages on their sites.”
The post also lashes out at AB 1043, which requires app stores to perform identity verification.
“NetChoice urged Gov. Newsom to veto AB 56 and AB 1043 and cautioned the legislature before passage that these bills are unconstitutional,” it says. However, it also lauds Newsom for vetoing three other provisions it didn’t like.
The group is also mounting active opposition in Colorado, where it has urged a federal judge to block a Colorado law set to take effect next year. HB 24-1136 is similar to California’s AB 56, in that it requires platforms to provide users under 18 with “information about social media that helps the user understand the impact of social media use on the developing brain and the mental and physical health of youth.”
MLex quotes lawyers for NetChoice, who say “Colorado wants to apply a cigarette-style warning to speech,” and argue that the compelled speech provision will not withstand judicial scrutiny.
Representatives for Colorado Attorney General Philip Weiser say the statute “only asks social media platforms to provide evidence-based research in the form of notices to its users that can be tailored to each platform.”
CCIA challenges Texas app store age check law
NetChoice is not the only industry group dealing out lawsuits. In Texas, the Computer & Communications Industry Association (CCIA) is challenging Senate Bill 2420, which imposes age assurance requirements on app stores.
Specifically, says a report from KXAN, the bill says app stores must use “a commercially reasonable method to verify” a user’s age, and would “allow software to access age verification documents stored by an app store, provided it deletes them after verifying the user’s age.” Downloads and in-app purchases would require parental consent for those under 18.
In her statement of intent, the bill’s author, Senator Angela Paxton, writes that “app stores have touted that they already employ age verification, so this simply provides additional framework, transparency, and enforcement to protect the children of Texas.”
The CCIA says SB 2420 is a “misguided attempt to protect minors” and says a requirement on developers to set an age-rating for their product is “onerous.”
“Our Constitution forbids this,” says the lawsuit, dismissing the analogy with age verification in brick-and-mortar stores. “None of our laws require businesses to ‘card’ people before they can enter bookstores and shopping malls. The First Amendment prohibits such oppressive laws as much in cyberspace as it does in the physical world.”
The First Amendment has been a major crutch for NetChoice in its litigation blitz. The argument that age assurance technology is unconstitutional because it stifles free speech is easy to exploit, given the central role the First Amendment plays in the American psyche (and in current political discourse). It has been mustered to oppose age verification laws for pornographic websites and social media platforms. Now it’s being used to beat on warning labels and app store age checks.
Indeed, in its embrace of the First Amendment as a lobbying tool, NetChoice is an apt embodiment of the U.S. at this moment in time: an organization, backed by Silicon Valley, for which the only more sacred right in America than freedom of speech is the right to sue those you disagree with.
Corsight AI strikes new partnership for retail facial recognition in the Philippines
Corsight AI will offer its facial recognition software to retailers in the Philippines through a new partnership with Roxas Management Consultancy of the RXS Meta Group.
Among the Israeli firm’s offerings is technology that catches shoplifters through watchlists, reduces burglaries through access control and detects suspicious patterns and behaviors through AI vision analytics.
“Together, we’ll bring cutting-edge AI technology to the Philippines to empower businesses, communities, and institutions, driving both innovation and positive social impact,” says Corsight AI’s CEO, Shai Toren.
Corsight AI has also been pitching other retail-related features, including offering deeper insights into customer behavior and streamlined retail processes. The company says facial intelligence is superior to existing customer counting methods such as pressure mats and infrared beam counters, which don’t account for unique visitors, repeat entries, staff movements and other anomalies.
The company has been present on the Philippine market for some time, albeit in the security industry. Last year, the firm landed a deal to supply real-time and retrospective biometric surveillance to the Safe City project of Santa Rosa for tracking wanted individuals and missing persons.
Corsight was certified for compliance with ISO/IEC 42001 standard for ethical and transparent governance earlier this year. The firm also completed the British Standards Institution’s (BSI) Algorithm Auditing & Dataset Testing service (AA&DT).
Ring’s partnership with Flock raises privacy alarms
Amazon’s home-security subsidiary Ring is joining forces with Flock Safety, the Atlanta-based maker of automated license-plate readers (ALPR) and networked surveillance cameras.
The partnership, announced in mid-October, creates a direct bridge between the country’s largest consumer doorbell-camera network and one of law enforcement’s fastest-growing data-collection platforms. Civil liberties advocates say the partnership could expand government surveillance under the guise of neighborhood safety.
Under the deal, agencies that use Flock’s Nova or FlockOS investigative platforms will soon be able to post Community Requests through Ring’s Neighbors app, asking nearby residents to share doorbell footage relevant to an investigation.
Each request includes a case ID, time window, and map of the affected area. Ring says participation is voluntary and that residents can choose whether to respond, and agencies cannot see who declines. Users can also disable the feature entirely in their account settings.
Ring emphasized that the integration “simply streamlines” how local police seek community help, but privacy researchers counter that it blurs the boundary between voluntary cooperation and crowd-sourced surveillance.
Flock, which says its systems operate in over 6,000 communities and capture billions of license-plate scans monthly, has marketed the partnership as an efficiency upgrade for investigators.
Law-enforcement agencies using Flock’s tools will now be able to aggregate road-facing plate-reader data with residential video within a single digital workflow.
The companies have not specified whether Ring uploads pass through Flock’s servers or separate evidence repositories. Privacy experts note that once footage is submitted, users have no clear mechanism to retract it from law enforcement case files.
Investigations have revealed that agencies including U.S. Immigration and Customs Enforcement, the U.S. Secret Service, and the U.S. Navy had pilot or data-sharing access to Flock’s camera system, contradicting earlier company assurances that its data were limited to local policing.
Reports have suggested that Flock reassessed or paused certain federal pilot programs, including those involving immigration and homeland security components, amid scrutiny over compliance with state privacy laws and data-retention limits.
At the same time, Flock has promoted new features such as Nova, an AI-assisted interface that searches across plate reads, conventional video, records-management systems, and even open-source or data-broker feeds.
Another product, FreeForm, offers natural-language search capabilities that let investigators query video networks using descriptive phrases such as clothing or vehicle details. Civil rights experts say those capabilities invite dragnet searches based on vague descriptors, increasing the risk of racial or behavioral profiling without judicial oversight.
On Capitol Hill, Senator Ron Wyden has emerged as Flock’s most persistent critic.
Wyden says the company failed to honor its commitment to shield reproductive-health and immigration-related data from out-of-state or federal queries and misled local governments about sharing their data with the Department of Homeland Security.
In an October letter to Flock CEO Garrett Langley, Wyden wrote that “abuse of Flock cameras is inevitable, and Flock has made it clear it takes no responsibility to prevent or detect that.” He urged local officials to “remove Flock from their communities.”
Wyden’s office has said most Flock-using agencies participate in its National Lookup feature, which is a cross-jurisdictional search tool that many municipalities may not have realized enabled other departments to query their local data.
Flock, in a written response, disputed Wyden’s characterization, calling misuse “exceedingly rare” and maintaining that its data practices comply with applicable law.
Meanwhile, several cities have begun reevaluating their contracts with Flock. The City of Eugene, Oregon recently voted to deactivate its Flock cameras pending a privacy review.
In California, lawmakers advanced a bill that would have shortened ALPR data-retention periods, required case-number tracking, and limited vendor access. Governor Gavin Newsom vetoed the measure in early October, saying tighter restrictions could impede investigations.
Ring’s move to re-engage police partners comes less than two years after the company shuttered its Request for Assistance portal in January 2024, following years of backlash over secretive data-sharing with law enforcement.
Under the new system, police must post public, geofenced requests instead of privately contacting individual users. The company also now requires warrants for footage access except in emergency situations, a carve-out civil-liberties advocates say is vulnerable to abuse.
Ring’s own security practices have drawn federal penalties. In 2023, it paid $5.8 million to settle Federal Trade Commission (FTC) allegations that employees and contractors had unfettered access to customer videos and that lax safeguards led to account breaches.
The FTC ordered Ring to pay $5.8 million to settle allegations of lax security and unauthorized employee access.
Privacy and equity advocates warn that combining Flock’s vehicle-tracking grid with Ring’s residential footage creates an ecosystem of continuous visibility that lowers the friction for police to identify, pursue, or stop a “vehicle of interest” based on incomplete or biased data.
The concern is especially acute in communities of color, where studies show disproportionate targeting when algorithms flag ambiguous matches. Cross-jurisdictional data-sharing also raises fears that local data could be repurposed for abortion or immigration enforcement, even in sanctuary or privacy-protected states.
Flock’s marketing describes its operations as a nationwide, fixed network of automated license plate readers that captures billions of scans each month. The company promotes tools that let investigators trace a vehicle’s movements, identify possible associates, and pivot from one subject to another through patterns of shared sightings across its interconnected camera grid.
When paired with Ring’s consumer cameras critics argue it enables warrant-less surveillance by consent, eroding meaningful privacy under social pressure to “help” an investigation.
In Washington, Wyden and other Democrats have hinted at renewed federal oversight if voluntary promises continue to fall short. In statehouses, lawmakers are testing retention caps, audit mandates, and warrant or case-number requirements that could set de-facto national standards.
Both Ring and Flock insist that participation is voluntary and bounded by law, but without independent audits, deletion protocols, and cross-jurisdictional safeguards, privacy experts warn that these private surveillance webs risk evolving beyond public control.
Juniper forecasts $80B in revenue for digital identity globally by 2030
User verification and authentication with digital identity is increasingly required by global regulations and credentials like mobile driver’s licenses (mDLs) and digital travel IDs are providing a market tailwind, according to Juniper Research. The latest report from the firm on the “Digital Identity Market 2025-2030” forecasts revenues of $80.5 billion by the end of the decade.
Digital identity is a $51.5 billion market this year, according to the report, and expected to grow at an impressive 56 percent compound annual growth rate.
Issuing digital IDs alongside physical credentials in a hybridized approach will help encourage their adoption over the forecast period, Juniper says.
The ability of governments to make digital identities accessible and explain how they work will be important to their acceptance and ultimate adoption by the public, Juniper argues.
These pull factors are a major part of “How Digital Identity is Going Mainstream,” as explained in a whitepaper accompanying the market forecast. The 10-page whitepaper explores eIDAS 2.0, single sign-on (SSO) access control, zero trust and self-sovereign identity (SSI) as major trends impacting the market.
“The EU Digital Identity Wallet (EUDI), which all Member States are expected to have in place by the end of 2026, will have a transformative effect on identity in the region; however, digital identity is already socially acceptable in mainland Europe,” says Juniper Research Analyst Louis Atkin. “Adoption of the proposed UK scheme will require significant user benefits to overcome public scepticism. Focusing on self-sovereign principles, which give citizens control of their own data, will go a long way in improving support.”
The European Commission published a slate of new grant opportunities for EUDI Wallets and mDLs this month, while no-one seems quite sure what principles the UK’s digital ID will follow.
