Court to Decide Scope of Injunction Later This Week

NEW YORK–In a victory for personal privacy, a New York federal district court judge today granted a preliminary injunction in a lawsuit challenging the U.S. Office of Personnel Management’s (OPM) disclosure of records to DOGE and its agents.

Judge Denise L. Cote of the U.S. District Court for the Southern District of New York found that OPM violated the Privacy Act and bypassed its established cybersecurity practices under the Administrative Procedures Act. The court will decide the scope of the injunction later this week. The plaintiffs have asked the court to halt DOGE agents’ access to OPM records and for DOGE and its agents to delete any records that have already been disclosed. OPM’s databases hold highly sensitive personal information about tens of millions of federal employees, retirees, and job applicants.

“The plaintiffs have shown that the defendants disclosed OPM records to individuals who had no legal right of access to those records,” Cote found. “In doing so, the defendants violated the Privacy Act and departed from cybersecurity standards that they are obligated to follow. This was a breach of law and of trust. Tens of millions of Americans depend on the Government to safeguard records that reveal their most private and sensitive affairs.”

The Electronic Frontier Foundation (EFF), Lex Lumina LLP, Democracy Defenders Fund, and The Chandra Law Firm requested the injunction as part of their ongoing lawsuit against OPM and DOGE on behalf of two labor unions and individual current and former government workers across the country. The lawsuit’s union plaintiffs are the American Federation of Government Employees AFL-CIO and the Association of Administrative Law Judges, International Federation of Professional and Technical Engineers Judicial Council 1 AFL-CIO. 

The lawsuit argues that OPM and OPM Acting Director Charles Ezell illegally disclosed personnel records to DOGE agents in violation of the Administrative Procedures Act and the federal Privacy Act of 1974, a watershed anti-surveillance statute that prevents the federal government from abusing our personal information. In addition to seeking to permanently halt the disclosure of further OPM data to DOGE, the lawsuit asks for the deletion of any data previously disclosed by OPM to DOGE.

The federal government is the nation’s largest employer, and the records held by OPM represent one of the largest collections of sensitive personal data in the country. In addition to personally identifiable information such as names, social security numbers, and demographic data, these records include work information like salaries and union activities; personal health records and information regarding life insurance and health benefits; financial information like death benefit designations and savings programs; nondisclosure agreements; and information concerning family members and other third parties referenced in background checks and health records.

OPM holds these records for tens of millions of Americans, including current and former federal workers and those who have applied for federal jobs. OPM has a history of privacy violations—an OPM breach in 2015 exposed the personal information of 22.1 million people—and its recent actions make its systems less secure. 

With few exceptions, the Privacy Act limits the disclosure of federally maintained sensitive records on individuals without the consent of the individuals whose data is being shared. It protects all Americans from harms caused by government stockpiling of our personal data. This law was enacted in 1974, the last time Congress acted to limit the data collection and surveillance powers of an out-of-control President. 

A number of courts have already found that DOGE’s activities at other agencies likely violate the law, including at the Social Security Administration and the Treasury Department.

For the preliminary injunction: https://www.eff.org/document/afge-v-opm-opinion-and-order-granting-preliminary-injunction
For the complaint: https://www.eff.org/document/afge-v-opm-complaint
For more about the case: https://www.eff.org/cases/american-federation-government-employees-v-us-office-personnel-management

Contacts:
Electronic Frontier Foundation: press@eff.org
Lex Lumina LLP: Managing Partner Rhett Millsaps, rhett@lex-lumina.com

Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught.

The details are interesting, and worth reading in detail:

>Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to surreptitiously send unique identifiers to native apps installed on a device, researchers have discovered. Google says it’s investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities...

Firings, forced retirements and voluntary departures have left the U.S. at risk of more deaths from the nation’s top weather-related killer.

The justices could rule soon to limit district court judges' ability to issue orders that apply nationwide — with major implications for climate and energy programs.

Hung over from a failed push into offshore wind, Democrats are pitching alternatives while Republicans hope to weaponize rising electricity bills.

Supersonic jets have been prohibited from flying over U.S. land for a half-century. The president says it’s "stifling American ingenuity."

Global investments in zero-emission power is expected to lap fossil fuel spending, the IEA said.

Opposition to these reports first surfaced about three years ago when GOP lawmakers and activists began pressing companies to scale back such efforts.

A recently inaugurated underground metro line in the commercial hub of Mumbai was flooded after the city was lashed by record-heavy rains.

As the planet heats up and weather whiplash spreads, compound weather events are raising risks across the world.

The proposal still needs be approved by Parliament.

Nature Climate Change, Published online: 09 June 2025; doi:10.1038/s41558-025-02360-8

Conflicting selection on flowering time

Nature Climate Change, Published online: 09 June 2025; doi:10.1038/s41558-025-02359-1

Lost along the way

Nature Climate Change, Published online: 09 June 2025; doi:10.1038/s41558-025-02357-3

Plant processes matter

Nature Climate Change, Published online: 09 June 2025; doi:10.1038/s41558-025-02358-2

International gender inequality

Nature Climate Change, Published online: 09 June 2025; doi:10.1038/s41558-025-02366-2

There can be a disconnect between everyday life and the natural world, but a healthy diverse environment, where humanity can thrive, requires collective action to address the threats from climate change and development.

Austin organizers turned out to rebuke the city’s misguided contract with Flock Safety— and won. This successful pushback from the community means at the end of the month Austin police will no longer be able to use the surveillance network of automated license plate readers (ALPRs) across the city.

Two years ago Austin City Council approved this controversial contract, despite strong local opposition. We knew then that these AI-driven surveillance systems weren’t just creepy, they are prone to misuse and mistakes which have a real human toll.

In the years since, this concern has materialized time and time again, and now the risks have heightened with the potential of using the data against immigrants and people seeking trans or reproductive healthcare. Most recently Texas authorities were implicated in a 404 media report on the use of these cameras to target abortion seekers. 

Today's victory in Austin is a tribute to what happens when a coalition of activist groups come together in common cause

Just a few days before the scheduled vote, an audit of the Austin Police Department program also revealed that over 20% of ALPR database searches lacked proper documentation or justification, in violation of department policy. The audit also revealed contract language allowed for data retention beyond council-mandated limits on retention and potential sharing with outside agencies. 

Fortunately, more than 30 community groups, including Electronic Frontier Alliance member EFF-Austin,  joined forces to successfully prevent contract renewal.

EFF-Austin Executive Director Kevin Welch told us that, "Today's victory in Austin is a tribute to what happens when a coalition of activist groups come together in common cause and stand in solidarity against the expansion of the surveillance state.” He went on to say, “But the fight is not over. While the Flock contract has been discontinued, Austin still makes use of ALPRs via its contract with Axon, and [the] council may attempt to bring this technology back [...] That being said, real progress in educating elected officials on the dangers of these technologies has been made.” 

This win in a city as large as Austin lends momentum to the larger trend across the country where local communities are pushing back against ALPR surveillance. EFF continues to stand with these local efforts, and encourages other organizers to reach out at organizing [at] eff.org in the fight against local surveillance.

Speaking to this trend, Kevin added, “As late as Monday, it didn't look like we had the votes to make this victory happen. While these are dark times, there are still lights burning in the dark, and through collective action, we can burn bright."

Southern New England is having the best squid run in years.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

EFF submitted comments to the Department of Homeland Security (DHS) and its subcomponent U.S. Citizenship and Immigration Services (USCIS), urging them to abandon a proposal to collect social media identifiers on forms for immigration benefits. This collection would mark yet a further expansion of the government’s efforts to subject immigrants to social media surveillance, invading their privacy and chilling their free speech and associational rights for fear of being denied key immigration benefits.

Specifically, the proposed rule would require applicants to disclose their social media identifiers on nine immigration forms, including applications for permanent residency and naturalization, impacting more than 3.5 million people annually. USCIS’s purported reason for this collection is to assist with identity verification, as well as vetting and national security screening, to comply with Executive Order 14161. USCIS separately announced that it would look for “antisemitic activity” on social media as grounds for denying immigration benefits, which appears to be related to the proposed rule, although not expressly included it.

Additionally, a day after the proposed rule was published, Axios reported that the State Department, the Department of Justice, and DHS confirmed a joint collaboration called “Catch and Revoke,” using AI tools to review student visa holders’ social media accounts for speech related to “pro-Hamas” sentiment or “antisemitic activity.”

If the proposed rule sounds familiar, it’s because this is not the first time the government has proposed the collection of social media identifiers to monitor noncitizens. In 2019, for example, the State Department implemented a policy requiring visa and visa waiver applicants to the United States to disclose the identifiers they used on some 20 social media platforms over the last five years—affecting over 14.7 million people annually. EFF joined a large contingent of civil and human rights organizations in objecting to that collection. That policy is now the subject of ongoing litigation in Doc Society v. Blinken, a case brought by two documentary film organizations, who argue that the rule affects the expressive and associational rights of their members by impeding their ability to collaborate and engage with filmmakers around the world. EFF filed two amicus briefs in that case.

What distinguishes this proposed rule from the State Department’s existing program is that most, if not all, of the noncitizens who would be affected currently legally reside in the United States, allowing them to benefit from constitutional protections.

In our comments, we explained that surveillance of even public-facing social media can implicate privacy interests by aggregating a wealth of information about both an applicant for immigration benefits, and also people in their networks, including U.S. citizens. This is because of the quantity and quality of information available on social media, and because of its inherent interconnected nature.

We also argued that the proposed rule appears to allow for the collection and consideration of First Amendment-protected speech, including core political speech, and anonymous and pseudonymous speech. This inevitably leads to a chilling effect because immigration benefits applicants will have to choose between potentially forgoing key benefits or self-censoring to avoid government scrutiny. That is, to help ensure that a naturalized citizenship application is not rejected, for example, an applicant may avoid speaking out on social media about American foreign policy or expressing views about other political topics that may be considered controversial by the federal government—even when other Americans are free to do so.

We urge DHS and USCIS to abandon this dangerous proposal.

On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.”

The other speakers mostly talked about how cool AI was—and sometimes about how cool their own company was—but I was asked by the Democrats to specifically talk about DOGE and the risks of exfiltrating our data from government agencies and feeding it into AIs.

My written testimony is here. Video of the hearing is here.