Public Policy & Governance

The Center for Democracy & Technology joined multiple organisations in filing comments objecting to the U.S. Department of Treasury's System of Records Notice (SORN) that would consolidate personal information of individuals associated with Treasury-administered financial assistance programs. CDT argues the consolidation is "arguably illegal" and would create a vast database of Americans' personal information without clear statutory authority. The proposed SORN would link data across programs including pandemic relief, housing assistance, and other financial aid schemes — effectively creating centralised surveillance infrastructure that civil liberties groups argue exceeds Treasury's mandate.

The objections highlight a pattern of federal agencies attempting to expand data collection and retention capabilities through administrative rulemaking rather than explicit congressional authorisation. This approach allows agencies to circumvent legislative debate about privacy trade-offs whilst building systems that could be repurposed for mass surveillance or enforcement beyond their stated purpose.

The Electronic Frontier Foundation published analyses opposing age verification mandates in Minnesota (HF1434) and California (A.B. 1043), arguing these measures create "unnecessary and unconstitutional barriers for adults and young people to access information and express themselves online." EFF emphasised that available age verification technologies all involve privacy trade-offs — requiring identity document uploads, biometric scanning, or third-party verification services that create new surveillance points and data breach risks. Minnesota Representative Leigh Finke testified that HF1434 represents control rather than protection, EFF reported, highlighting how these bills won't actually protect children whilst imposing speech restrictions on adults.

The opposition reflects a broader pattern across U.S. states where legislatures, frustrated by federal inaction on tech regulation, are passing overlapping and sometimes contradictory mandates. This creates compliance chaos for platforms whilst failing to address the underlying business model incentives that drive harmful content recommendation systems. The focus on age gates rather than systemic design changes suggests these bills serve political theatre more than child safety.

Angela Lipps, a 50-year-old Tennessee grandmother, spent nearly six months in jail after Fargo police used AI facial recognition software to identify her as a suspect in a North Dakota bank fraud investigation, The Guardian reported. The case represents another documented instance of AI misidentification leading to wrongful arrest and extended detention — following similar incidents in Detroit, New Orleans, and other U.S. cities. Lipps now faces the challenge of rebuilding her life after the extended incarceration based on algorithmic error.

The incident highlights the persistent gap between law enforcement adoption of facial recognition technology and the implementation of safeguards to prevent wrongful identification. Despite mounting evidence of error rates — particularly for women and people of colour — and documented cases of wrongful arrest, most U.S. jurisdictions lack binding regulations on police use of facial recognition. The technology is treated as merely another investigative tool rather than one requiring heightened procedural protections given its opacity and error potential.

Microsoft filed an amicus brief supporting Anthropic's legal challenge against the Department of Defense's designation of the AI company as a "supply chain risk," The Guardian reported. The Pentagon designation effectively bars Anthropic from government contracts — a significant restriction given the company's Claude AI is integrated into Microsoft systems used by federal agencies. Anthropic filed both a civil complaint in the Northern District of California and a petition with the D.C. Circuit Court of Appeals. Microsoft's intervention signals that the dispute extends beyond one company to broader questions about DOD authority to exclude AI providers based on opaque security determinations.

The case reflects tension between Pentagon efforts to control AI supply chains for national security and the commercial reality that frontier AI models are developed by private companies with diverse customer bases including foreign entities. DOD's designation authority was originally designed for traditional defence contractors and equipment suppliers — its application to general-purpose AI models raises novel questions about how security screening applies to software that can be accessed via API rather than physically controlled. Microsoft's brief likely argues that excluding Anthropic would force it to replace Claude throughout its federal systems, disrupting existing contracts.

Elon Musk's X agreed to alter its verification mechanism in the European Union following a €120 million fine from the European Commission, Bloomberg reported. The fine and subsequent agreement represent concrete enforcement of the Digital Services Act's provisions requiring platforms to prevent their design features from misleading users. X's paid verification system, which allows anyone to purchase a checkmark without identity verification, was deemed to violate DSA requirements that verification badges indicate actual identity confirmation rather than simply payment.

The enforcement action demonstrates the Commission's willingness to impose significant fines and mandate design changes — not merely issue warnings or open investigations. However, the specifics of X's agreed changes remain unclear, as does the timeline for implementation and how the Commission will verify compliance. The case establishes precedent that platform design choices traditionally considered product decisions are subject to regulatory override when deemed to mislead users or facilitate harm.