YunoBlog

Blog

  • The struggle to get hold of medication in England is set to get worse

    People living with conditions include heart problems, stroke risks, eye infections and bipolar are unable to get hold of the drugs they rely on.
  • Public Libraries Jump On Board the Our Future Memory Movement

    Public Libraries Jump On Board the Our Future Memory Movement

    The Our Future Memory movement was already building momentum with flagship library organizations like IFLA, ALA, and SPARC. But now, local and regional library systems from across the United States are leading the way in their own communities. From Wellesley Free Library in Massachusetts to St. Mary’s County Library in Maryland, all the way to the Minnesota Library Association, new signatories to the “Statement on Digital Rights” are demonstrating that the daily practices of libraries and other memory institutions need long-overdue legal protections. As the Statement lays out, those protections include four basic rights:

    1. to COLLECT MATERIALS IN DIGITAL FORM;
    2. to PRESERVE DIGITAL MATERIALS;
    3. to PROVIDE CONTROLLED ACCESS TO DIGITAL MATERIALS; and
    4. to COOPERATE WITH OTHER MEMORY INSTITUTIONS.

    Wellesley Free Library (WFL) became the first town library in the United States to endorse these rights and join the Our Future Memory movement. It first opened in the Fall of 1883 in the building that is now Wellesley Town Hall. Now, in addition to serving more than 18,000 card-holding patrons from its main library and two branches, WFL pursues its community-oriented mission in great part by collaborating with libraries in neighboring and nearby communities. Director Jamie Jurgensen serves on the Board of the Minuteman Library Network, a local consortium of over 40 libraries, whose leaders recently voted unanimously to encourage other member libraries to join the Our Future Memory movement.

    “The Wellesley Free Library is proud to sign the Statement on Digital Rights for Protecting Memory Institutions Online,” said Jurgensen and WFL Trustee Ann Howley. “In doing so, we continue to take a leadership role in raising awareness within our community and among peer libraries, in helping people to navigate the digital landscape and in advocating for equitable digital rights and access. Town libraries have always been spaces for learning, creativity, and exploration of new ideas. Digital literacy has become a huge part of our future. Through Wellesley Free Library’s endorsement, we are actively participating in conversations regarding the future of digital literacy, as well as reaffirming our commitment to stated values including promoting universal access to knowledge and ideas.”

    Taking the Our Future Memory movement from Massachusetts to Maryland, the St. Mary’s County Library serves its own local community through three branches in Leonardtown, Lexington Park, and Charlotte Hall—not to mention its mobile library for senior facilities, day care centers, and other remote communities. Last year, it celebrated 75 years of service, but looking ahead, Director Michael Blackwell has shown national and global leadership by stewarding and contributing regularly to Readers First, an organization of over 300 libraries advocating better practices and collaborative partnerships between libraries and their e-content providers.

    “St. Mary’s County Library is delighted to join the Our Future Memory coalition,” Blackwell remarked. “Libraries of all sizes and types have every reason to join this coalition, with small to medium sized libraries perhaps the most important reasons of all.”

    “First, we too, perhaps in a small way, serve as ‘memory institutions.’ We are charged with preserving the history and heritage of our county, and we wish to make our materials available digitally as much as we can, without hindrance, and to ensure their access and preservation.

    “Second, the budgets and staffing of smaller libraries make us utterly dependent upon a large community of digital providers to ensure free and fair access for our patrons. We do not have the wherewithal to navigate paywalls or create archives beyond our immediate purview. If memory institutions are unable to join together to ensure digital access to human heritage, we face being shut out of access to and participation in a larger whole. Just as ‘no man is an island,’ no library can now exist except as ‘part of the main.’ And increasingly, digital access and preservation are what make up that greater whole. They are the essence of library work today and into the future. Ownership of our physical materials in the digital world and continued access to those materials are fundamental to our mission.  Without these rights, we ultimately cannot engage in our work.”

    In the midwest, the Minnesota Library Association (MLA) undertakes its own impressive advocacy and public-service work. Now a chapter of the American Library Association, it has a history dating all the way back to December 29, 1891, when a small group of librarians met to organize a State Library Association for Minnesota. Early on, MLA played a major role in building support for the legislative bill establishing the first State Library Commission, and it continued that legislative advocacy throughout the 20th century. In 2022, it incorporated the professional organization of Information and Technology Educators of Minnesota (ITEM) as a division within its ranks. Most recently, MLA has been spearheading efforts to pass state legislation to keep publishers and commercial vendors from gouging tax-funded libraries with costly, short-term eBook licenses—which can be priced at levels three to five times higher than those facing other consumers. 

    MLA President Liza Shafto explained the decision to sign the Statement and join the Our Future Memory movement not only as a natural extension of traditional library work, but as encouragement for these ambitious legislative efforts: “For libraries across Minnesota,” she said, “the four digital rights reflect core functions carried out every day. Libraries must be able to collect digital materials, preserve them, provide appropriate online access, and work with other institutions to ensure ongoing availability. These responsibilities extend long-standing library practices into the digital environment.

    “These rights also reinforce the Minnesota Library Association’s advocacy for fair and sustainable access to digital content, including efforts to ensure that Minnesota libraries can provide reliable and equitable access to ebooks for all residents.

    “The Minnesota Library Association supports these rights because they enable libraries to continue serving their communities with dependable and equitable access to information.”

    Ready to Join?

    The process is simple, and we encourage memory institutions and their allies to sign the Statement and join the movement. Just go to the Our Future Memory website, download and sign the statement, and send that copy back to campaigns@internetarchive.eu.

    Looking for Other Ways to Participate?

    If you’re going to the Rare Book and Manuscript Section conference in Milwaukee, be sure to sign up for our workshop, “Protect Our Future Memory: Developing Digital Rights for Special Collections.”

  • Utah’s New Law Targeting VPNs Goes Into Effect Next Week

    For the last couple of years, we’ve watched the same predictable cycle play out across the globe: a state (or country) passes a clunky age-verification mandate, and, without fail, Virtual Private Network (VPN) usage surges as residents scramble to maintain their privacy and anonymity. We’ve seen this everywhere—from states like Florida, Missouri, Texas, and Utah, to countries like the United Kingdom, Australia, and Indonesia

    Instead of realizing that mass surveillance and age gates aren’t exactly crowd favorites, Utah lawmakers have decided that VPNs themselves are the real issue.

    Next week, on May 6, 2026, Utah will become, to EFF’s knowledge, the first state in the nation to target the use of VPNs to avoid legally mandated age-verification gates. While advocates in states like Wisconsin successfully forced the removal of similar provisions due to constitutional and technical concerns, Utah is proceeding with a mandate that threatens to significantly undermine digital privacy rights. 

    What the Bill Does

    Formally known as the “Online Age Verification Amendments,” Senate Bill 73 (SB 73) was signed by Governor Spencer Cox on March 19, 2026. While the majority of the bill consists of provisions related to a 2% tax on revenues from online adult content that is set to take effect in October, one of the more immediate concerns for EFF is the section regulating VPN access, which goes into effect this coming Wednesday.

    The VPN Provisions

    The new law explicitly addresses VPN use in Section 14, which amends Section 78B-3-1002 of existing Utah statutes in two primary ways:

    1. Regulation based on physical location: Under the law, an individual is considered to be accessing a website from Utah if they are physically located there, regardless of whether they use a VPN, proxy server, or other means to disguise their geographic location.
    2. Ban on sharing VPN instructions: Commercial entities that host “a substantial portion of material harmful to minors” are now prohibited from facilitating or encouraging the use of a VPN to bypass age checks. This includes providing instructions on how to use a VPN or providing the means to circumvent geofencing.

    By holding companies liable for verifying the age of anyone physically in Utah, even those using a VPN, the law creates a massive “liability trap.” Just like we argued in the case of the Wisconsin bill, if a website cannot reliably detect a VPN user’s true location and the law requires it to do so for all users in a particular state, then the legal risk could push the site to either ban all known VPN IPs, or to mandate age verification for every visitor globally. This would subject millions of users to invasive identity checks or blocks to their VPN use, regardless of where they actually live. 

    “Don’t Ask, Don’t Tell”

    In practice, SB 73 is different from the Wisconsin proposal in that it stops short of a total VPN ban. Instead, it discourages using VPNs by imposing the liability described above and by muzzling the websites themselves from sharing information about VPNs. This raises significant First Amendment concerns, as it prevents platforms from providing basic, truthful information about a lawful privacy tool to their users. 

    Unlike previous drafts seen in other states, SB 73 doesn’t explicitly ban the use of a VPN. Under a “don’t ask, don’t tell” style of enforcement, websites likely only have an obligation to ask for proof of age if they actually learn that a user is physically in Utah and using a VPN. If a site doesn’t know a user is in Utah, their broader obligation to police VPNs remains murky. So, while SB 73 isn’t as extreme as the discarded Wisconsin proposal, it remains a dangerous precedent.

    Technical Feasibility

    Then there is also the question of technical feasibility: Blocking all known VPN and proxy IP addresses is a technical whack-a-mole that likely no company can win. Providers add new IP addresses constantly, and no comprehensive blocklist exists. Complying with Utah’s requirements would require impossible technical feats.

    The internet is built to, and will always, route around censorship. If Utah successfully hampers commercial VPN providers, motivated users will transition to non-commercial proxies, private tunnels through cloud services like AWS, or residential proxies that are virtually indistinguishable from standard home traffic. These workarounds will emerge within hours of the law taking effect. Meanwhile, the collateral damage will fall on businesses, journalists, and survivors of abuse who rely on commercial VPNs for essential data security.

    These provisions won’t stop a tech-savvy teenager, but they certainly will impact the privacy of every regular Utah resident who just wants to keep their data out of the hands of brokers or malicious actors.

    Uncharted Territory

    Lawmakers have watched age-verification mandates fail and, instead of reconsidering the approach, have decided to wage war on privacy itself. As the Cato Institute states: 

    “The point is that when an internet policy can be avoided by a relatively common technology that often provides significant privacy and security benefits, maybe the policy is the problem. Age verification regimes do plenty of damage to online speech and privacy, but attacking VPNs to try to keep them from being circumvented is doubling down on this damaging approach.”

    Attacks on VPNs are, at their core, attacks on the tools that enable digital privacy. Utah is setting a precedent that prioritizes government control over the fundamental architecture of a private and secure internet, and it won’t stop at the state’s borders. Regulators in countries outside the U.S. are still eyeing VPN restrictions, with the UK Children’s Commissioner calling VPNs a “loophole that needs closing” and the French Minister Delegate for Artificial Intelligence and Digital Affairs saying VPNs are “the next topic on my list” after the country enacted a ban on social media for kids under 15.

    As this law goes into effect next week, we are entering uncharted territory. Lawmakers who can’t distinguish between a security tool and a “loophole” are now writing the rules for one of the most complex infrastructures on Earth. And we can assure that the result won’t be a safer internet, only an increasingly less private one.

  • 1,000 NHS staff call Martha’s Rule helplines in first 18 months

    More than 1,000 NHS staff across England have used Martha’s Rule helplines to help identify rapid deterioration of a patient’s condition in the first 18 months of the scheme, new figures show. Latest NHS England data shows that between September 2024 and February 2026, 1,781 calls were made by hospital staff to Martha’s Rule helplines […]

  • Two Poems by Kyle Carrero Lopez

     

  • Kyrgyz President’s Longtime Ally Charged With Plotting to Seize Power

    Kyrgyz authorities have charged Kamchybek Tashiev, the former head of the State Committee for National Security (GKNB), with abuse of office and the violent seizure of power, according to a report Wednesday by independent outlet Kaktus Media. Citing Tashiev’s defense attorney, Ikramidin Aitkulov, the report noted that the ex-official maintains his innocence and has been placed under a court-ordered travel ban as a preventive measure. 

    Tashiev confirmed that a criminal case was opened against him, though he appealed to his supporters to remain calm and refrain from taking any action.

    “I have the opportunity to fully defend myself in this criminal case, and, God willing, I will be acquitted on all charges,” he said in a statement published by his close supporter Otkurbek Rakhmanov on Facebook.

    Government officials have not yet issued a formal comment on the proceedings, and specific details regarding the investigation remain undisclosed.

    The charges follow the unexpected dismissal of Tashiev from the GKNB in early February, while he was undergoing medical treatment in Germany. His removal triggered a broader restructuring of both the GKNB and parliament.

    The dismissal followed the emergence of the “Letter of 75,” an open appeal signed by former officials and politicians to the president and speaker of parliament calling for early presidential elections. Several signatories were subsequently detained by authorities.

    Since Tashiev assumed leadership of the GKNB in October 2020, the security service emerged as the nation’s most powerful government institution. Frequently described as the “second person” in the country, Tashiev’s influence was often viewed as equal to that of President Sadyr Japarov.

    In a recent interview with Kaktus Media, Japarov stated that the investigation and subsequent trial would determine the extent of his former ally’s involvement in the alleged plot.

    “Since coming to power, I have repeatedly said the concepts of ‘friend,’ ‘relative,’ or ‘close person’ do not exist for me—the interests of the state and the people always come first,” Japarov said. “If the law is violated, no one will escape responsibility.”

    The current charges mark a stark departure from the long-standing political partnership between Japarov and Tashiev, which dates back to the early 2010s. In 2012, they were detained after attempting to climb the White House fence during a rally calling for the nationalization of Kyrgyzstan’s Kumtor gold deposit. Japarov was later freed from prison in October 2020 by supporters, including Tashiev, amid protests following the parliamentary elections. 

    Despite the political fallout, Japarov maintained in February that they would “remain friends” following Tashiev’s removal from public office. Tashiev himself has frequently stated since 2020 that “only death” could separate his friendship with the president.

  • Old People Aren’t The Problem

    Old People Aren’t The Problem

    “How old am I? Just made 90 in November,” said Air Force veteran Dillon McCormick to a local Louisiana news anchor in 2024, after she saw him working in a grocery store parking lot pushing carts. McCormick didn’t want to be pushing carts in triple-digit heat, but he did it because his Social Security gave him less than half of the $2,500 a month he needed to pay his basic living expenses.

  • In Ukraine, Contract Saboteurs Fuel Propaganda About a Pro-Moscow Resistance

    Last April, a young man with light brown hair entered a small railway station in central Ukraine, where he loitered for an hour before approaching a metal cabinet.

    The nondescript gray box housed electrical equipment that controls critical railway functions, including traffic signals and track switching. Damage to the unit could cause a collision — or at the very least, paralyze train activity in the Vinnytsia region.

    Standing in front of the cabinet, 26-year-old Victor Gherus pulled out a bottle of lighter fluid and doused it over a duffle bag. He then set fire to the bag and wedged it into the top of the cabinet’s door.

    He recorded his handiwork with his phone and sent the video to a handler who was directing the sabotage remotely over Telegram.

    The reply was swift: the visuals weren’t good enough.

    “Pour it in the cracks! The fire’s gotta burn, man,” the handler texted in broken Russian, according to messages intercepted by the Security Service of Ukraine (SSU). “This is some bullshit, it’s just a rag smoldering. We’re not getting paid for this shit,” he added.

    This type of vandalism-for-hire has become increasingly common since Russia’s 2022 full-scale invasion of Ukraine. Across Europe, arson attacks, bombs, railway disruptions, and more complex spying and assassination plots have been carried out by recruits found on social networks like Telegram. 

    European officials suspect the campaign is ultimately directed by Russian intelligence, which the Kremlin has consistently denied. While the physical damage from these operations can be limited, analysts say the goal is to undermine a sense of security and order on the continent, spreading fear, discontent, and division in its place. 

    In Ukraine, several recent cases have pointed to a more specific and insidious goal: Though the fire set by Gherus in the Vinnytsia train station did not ultimately lead to any major train disruption, the act was used to fuel a misinformation narrative about a violent resistance movement opposing the government and embracing Russia.

    Per his handler’s instructions, Gherus filmed the fire while holding a sheet of paper with the words “Ukraine Against” written in Russian alongside the date, April 4, 2025. The video was later published on a pro-Russian Telegram channel, with a caption claiming it was carried out by members of a Ukrainian dissident movement. 

    Yet Gherus is not even Ukrainian. 

    He and another young man — both of whom were caught by authorities within 48 hours of the fire — had traveled by bus from neighboring Moldova to carry out the act. The two men were convicted of sabotage and sentenced to 10 years in prison this February. 

    Court records show they cited financial compensation — about $300 total — as their motive.

    Speaking to OCCRP from the Vinnytsia detention center where he is serving his sentence, Gherus said it wasn’t until he was asked to write the sign that he realized “this was somehow connected to the war.”

    “That’s when it dawned on me that something wasn’t right. Especially the message — it immediately triggered some kind of disturbing association in my mind. And I realized that something bad was happening.”

    He is not alone. Ukrainian prosecutors told OCCRP 18 other foreigners have been convicted on sabotage-related charges since 2024, joining a list of hundreds of Ukrainians who have been convicted of similar acts since Russia’s 2022 invasion.

    The country’s security services told OCCRP they suspect the work is ultimately directed by Russian intelligence, noting that there has been a ramp-up of such attacks since 2023. 

    “They involve minors, people with drug or alcohol addiction, and other individuals vulnerable to recruitment, who are easier to manipulate into illegal activities,” the SSU said in a statement.

    Some of these sabotage acts — including those carried out by foreigners like Gherus — are being used by pro-Russian propaganda networks to create the impression of an “underground movement” that is “awaiting some sort of liberation” from Moscow, prosecutors told OCCRP.  

    The narrative “was planted from the very beginning of the full-scale invasion to serve as a pretext and justification for the war,” said Kostiantyn Gozdup, head of the Compliance Monitoring Department at the Vinnytsia Prosecutor’s Office.

    A tiny minority of Ukrainians feel positively toward Russia, according to a poll from October. But there is no evidence of a nationwide or violent movement against the government.  

    “A resistance movement requires coordination; it implies some kind of unity among these forces,” said Liubov Tsybulska, an expert on hybrid warfare who leads Join Ukraine, an NGO that advises the government on information and security matters.

    “These are all sporadic cases where Russian special services recruit individual people via social media,” she said, adding that the saboteurs are typically motivated by a financial reward.  

    Moscow’s goal, she said, is “to create a rift between the people and the political and military leadership.”

    The Russian government’s press office did not respond to requests to comment.

    ‘Join Our Ranks’

    In their order authorizing Gherus’ detention, judges framed his act of arson as part of “a significant increase in the sabotage activities of the special services of the aggressor state.”

    Russia’s security structures have recruited saboteurs through “intimidation, blackmail or material incentives,” the order said. 

    It noted that investigators were unable to determine the identity of Gherus’ handler, by the name Denis Stanciu, who delivered payments via cryptocurrency.

    Reporters could not independently confirm Russia’s direct involvement, and Stanciu, a name that Ukraine authorities said they believe to be an alias, did not respond to requests to comment sent to his Telegram account. 

    The Telegram channel that later shared the video, and which has more than 19,000 subscribers, was created in April 2024 and lists a Russian phone number as a contact person. The channel regularly publishes videos and photos of what appear to be sabotage acts in Ukraine, and attributes them to members of its so-called movement — often invoking the phrase “Ukraine against mobilization.” 

    “Join our ranks. We will teach, guide, and support! Everyone can help,” the Russian-language posts regularly add.  

    On July 23, 2024 the channel shared two videos of fires that were described as “the results of a night sortie in the city of Odesa.”

    “This is not everything we did during the night, but some things we film, some we don’t, and some things we post after a long pause,” the post reads. 

    Reporters found other similar Telegram channels that circulate anti-government rhetoric, and call on people to support and join the movement, sometimes promising money for their work.

    Andrei Curăraru, a Moldovan expert in security and public policy, said that online messaging apps have become a cheap — and low-risk — recruitment tool for Russian intelligence. 

    “You can identify vulnerable individuals, give them a narrow task, request a video as proof, and pay them without direct contact,” he said. “This type of sabotage increasingly resembles a clandestine gig-economy marketplace rather than traditional espionage networks.”

    Those who carry out the vandalism “often do not even understand whose interests they are serving,” he added.

    “These people are expendable, and everyone in the chain of command knows this — except for the recruits themselves.” 

    ‘I Didn’t Want to Harm Ukraine’

    Both Gherus and an accomplice, a 26-year-old Moldovan named Iurie Lupu who was also sentenced to 10 years for the sabotage, had the type of vulnerable profile recruiters search for: the young men were short on cash and had troubled histories with drugs and the law.

    Lupu confirmed to reporters that he first received a Telegram message from a user named “Denis Stanciu,” offering a chance to “make some money.”

    Reserved and speaking with reluctance, Lupu said he didn’t know why he was contacted or who the man really was, but that he brought in his friend Gherus because he also needed cash.

    Gherus had been released from a Moldovan prison just a few months earlier, after serving four years for a drug conviction.

    “After I got out, it was hard to find a job,” he told OCCRP, adding that he was only able to earn some 10-15 euros a day loading goods at a market. “That’s only enough to buy some food in the evening, and that’s it.”

    Gherus’ mother told RISE Moldova that he had gotten caught up in synthetic drugs but was a “timid” young man, who mostly stayed home on his computer or phone. He lived with his mother, grandmother, and younger brother in a two-bedroom apartment in the center of Chisinau, but wanted to find a place with his girlfriend.

    She said he told her he was going to Ukraine to look for work because many houses needed rebuilding due to the war.

    “My health has already suffered,” she said tearfully of the anguish she has experienced over her son’s imprisonment.

    Lupu’s mother said her son didn’t want her to know why he was going to Ukraine.

    He had also spent time in prison for drug-related offenses, records confirm. According to his mother, he suffered from epilepsy, which made it difficult to hold down a job. Employers would fire him as soon as they learned of his diagnosis or witnessed his seizures, she said. 

    The young men planned to split the money they would receive from the job in Ukraine, according to court documents. Stanciu sent Lupu $200 through a crypto wallet to cover their travel to Ukraine, and promised an additional $100 for the work.

    Gherus told reporters he didn’t know the significance of the railway cabinet before setting it alight. 

    “I didn’t want to harm Ukraine, to be honest,” he said. “I am against the war. I am for world peace in general.”

    “I would do anything to start living my life completely from scratch,” he added. 

    More Moldovan Recruits

    Though other foreign saboteurs in Ukraine have come from farther afield, like the Balkans, Middle East countries, and Russia itself, at least two more also hailed from Moldova — an impoverished neighbor that, according to Curăraru, is an unsurprising source of recruits.

    “Moldova concentrates several conditions favorable for recruitment: economic vulnerability, regional mobility, relatively easy access to Ukrainian territory, and linguistic compatibility with the environments in which Russian coordinators operate,” he said. 

    Last October, a Moldovan citizen received an offer via WhatsApp to burn Ukrainian military vehicles in exchange for money, according to court records. 

    He arrived in Odesa, where one evening he torched a vehicle belonging to a non-governmental organization of military chaplains. He then traveled to the Kyiv region, where he gave the same treatment to a vehicle used by a man who worked as a driver and electrician for a military unit.

    As with the relay cabinet incident, the actions were filmed with a sign bearing the phrase “Ukraine Against.” The videos were then published on the same Telegram channel and framed as an act of Ukrainian resistance. 

    “Movement members burned an SUV of the Armed Forces of Ukraine,” reads the caption of his Odesa video. 

    In February, the Moldovan was convicted by a district court in Kyiv of unlawful acts against Ukraine’s military and intentional damage to property, and sentenced to five years in prison.

    In 2024, Russian media outlets covered acts carried out by another Moldovan citizen as evidence of Ukrainians revolting against their government. 

    Contacted by an anonymous handler via Telegram, this one was promised $1,000 in July 2024 to burn military vehicles in the Vinnytsia region. He too was detained and sentenced to seven years in prison.

    “Ordinary Ukrainians continue to protest the arbitrary actions of the Kyiv regime,” an article published by a Russian news site wrote after his arson attacks.

    Kinga Redlowska, a finance and security analyst at the London-based think tank RUSI, noted these sabotage operations are organized in a way that reinforces the perception they are “local and spontaneous, even when it’s being directed from outside.”

    “You have loosely connected individuals, small payments, often in crypto, and very little traceable structure,” she said. “It provides deniability, but more importantly, it shapes perception – making it look like instability is coming from within.”

  • Open Records Laws Reveal ALPRs’ Sprawling Surveillance. Now States Want to Block What the Public Sees.

    Reporters, community advocates, EFF, and others have used public records laws to reveal and counteract abuse, misuse, and fraudulent narratives around how law enforcement agencies across the country use and share data collected by automated license plate readers (ALPRs). EFF is alarmed by recent laws in several states that have blocked public access to data collected by ALPRs, including, in some cases, information derived from ALPR data. We do not support pending bills in Arizona and Connecticut that would block the public oversight capabilities that ALPR information offers.

    Every state has laws granting members of the public the right to obtain records from state and local governments. These are often called “freedom of information acts” (FOIAs) or “public records acts” (PRAs). They are a powerful check by the people on their government, and EFF frequently advocates for robust public access and uses the laws to scrutinize government surveillance

    But lawmakers across the country, often in response to public scrutiny of police ALPRs, are introducing or enacting measures aimed at excluding broad swaths of ALPR information from disclosure under these public records laws. This could include whole categories of important information: general information about the extent of law enforcement use; details on ALPR sharing across policing agencies; data on the number of license plate scans conducted, where they happened, and how many “hits” for license plates of interest actually occur; analyses on how many false matches or other errors occur; and images taken of individuals’ own vehicles. 

    No thanks. Public records and public scrutiny of ALPR programs have shown that people are harmed by these systems and that retained ALPR data violates people’s privacy. In this moment, lawmakers should not be completely cutting off access to public records that document the abuses perpetuated by ALPRs. 

    Transparency with privacy

    To be sure, there are legitimate concerns about wholesale public disclosure of raw ALPR data. After all, many of the harms people experience from these systems are based on the government’s collection, retention, and use of this information. Public transparency rights should not exacerbate the privacy harms suffered by people subjected to ALPR surveillance. But many current proposals do not address legitimate privacy concerns in a measured way, much less seek to harmonize people’s privacy with the public’s right to know.

    There is a better path to balancing privacy and transparency rights than outright bans or total disclosure. 

    Any legislative proposal concerning public access to ALPR data must start with this reality: ALPR data is deeply revealing about where a person goes, and thus about what they are doing and who they are doing it with. That’s a reason why EFF opposes ALPRs. It is dangerous that the police have so much of our ALPR information. Even worse for our privacy would be for police to disclose our ALPR information to our bosses, political opponents, and ex-friends. Or to surveillance-oriented corporations that would use our ALPR information to send us targeted ads, or monetize it by selling it to the highest bidder.

    On the other hand, EFF’s firsthand experience using public records from ALPR systems demonstrates the strong accountability value of public access to many kinds of ALPR data, including information like data-sharing reports and network audits. For example, in our “Data Driven” series, we used ALPR data-sharing and hit ratio reports to investigate the extent of ALPR data sharing between police departments and to analyze the number of ALPR scans that are ultimately associated with a crime-related vehicle. We have also identified racist uses of ALPR systems, ALPR surveillance of protestors, and ALPR tracking of a person who sought an abortion. Across the country, municipalities have been shutting down their contracts for ALPR use, often citing concerns with data sharing with federal and immigration agents. 

    These records are not just informational—they are leverage. Communities, journalists, and local officials have used ALPR disclosures to block new deployments, refuse contract renewals, and terminate existing agreements with surveillance vendors whose practices proved too dangerous to continue. Without this evidentiary record, it is far harder for cities to exercise their procurement power to say no.

    It is not always easy to harmonize transparency and privacy when one person wishes to use a public records law to obtain government records that reveal people’s personal information. The best approach is for public records laws to contain a privacy exemption that requires balancing, on a case-by-case basis, of the transparency benefits versus the privacy costs of disclosure. Many do. These provisions of public records laws already accommodate similar concerns about disclosing personal information of private individuals whose information the government may have collected, government employee’s private data, and other personal information. 

    The balancing provisions in these laws are often flexible and allow for nuance. For example, if a government record contains a mix of information that does not reveal people’s private information and some that does, agencies and courts can disclose the non-private information while withholding the truly private information. This is often accomplished with blacking out, or redacting, the private information.

    Applying this privacy-and-transparency balancing to ALPR records, it will often be appropriate for the government to disclose some information and withhold other information. Everybody should generally have access to records showing their own movements and other information captured by ALPRs, but the privacy protections in public records laws should foreclose a single person’s ability to get a copy of similar records about everyone else. And even with accessing your own data, there are complications with shared vehicles that should be considered when balancing privacy and transparency.

    An example of where it may be appropriate to release unredacted data and images would be vehicles engaged in non-sensitive government business. For example, a member of the public might use ALPR scans of garbage trucks to identify gaps in service, which would not reveal private information. On other hand, it would be inappropriate to release the scans of a government social worker visiting their clients. 

    Public records laws should allow a requester to obtain some ALPR information about government surveillance of everyone else, in a manner that accommodates the public transparency interest in disclosure and people’s privacy interests. For example, the best public records laws would disclose the times and places that plate data was collected, but not plate data itself. This can be done, for example, by an agency or court finding that disclosing aggregated and/or deidentified ALPR data protects the privacy or other interests of individuals captured within the data. The best laws recognize that aggregation or de-identification of databases are redactions in service of individual privacy (which responding agencies must do), and are not creating new public records (which responding agencies sometimes need not do). 

    Likewise, in a government audit log of police searches of stored ALPR data, it will often be appropriate to disclose an officer’s investigative purposes to conduct a search, and the officer’s search terms – but not the search term if it is a license plate number. Many people do not want the world to know that they are under police investigation, and many public records laws generally limit the disclosure of such sensitive facts because of the reputational and privacy harm inherent in that disclosure.

    Aggregate ALPR information about, for example, the amount of data collected and error rates can have important transparency value and impact government policy. Requiring the public release of that kind of data contributes to informed public discussion of how our policing agencies do their jobs. This kind of information has been used to study, critique, and provide oversight of ALPR use.

    Thus, the wholesale exemption of ALPR information from disclosure under state public records laws would stymie the public’s ability to monitor how their government is using powerful and controversial surveillance technology. EFF cannot support such laws.

    Blocking transparency

    In Connecticut, SB 4 is a pending bill that would exclude, from that state’s public records law, information “gathered by” an ALPR or “created through an analysis of the information gathered by” an ALPR. This could ultimately harm individual civilians, who would have less ability to protect themselves from law enforcement that indiscriminately collect vehicle information. Other provisions of this bill would limit government use of ALPRs, and regulate data brokers.

    In Arizona, SB 1111 would restrict public access to ALPR data “collected by” an ALPR. The bill would even make it a felony to access or use data from an ALPR (or disseminate it) in violation of this article, which apparently might apply to a member of the public who obtained ALPR data with a public records request. The bill’s author claims it adds “guardrails” for ALPR use.

    Earlier this year, Washington state enacted a law that will exempt data “collected by” ALPRs from the state’s public records law. While “bona fide research” will still be a way for some people to obtain ALPR data, this may not include journalists and activists who analyze aggregate data to identify policy flaws. Notably, Washington courts found last year that information generated by ALPR, including images of an individual’s own vehicle, are public records; this new legislation will override that decision, blocking the ability for people to see what photos police have taken of their own vehicles. Other provisions of this new law will limit government use of ALPRs.

    A year ago, Illinois’ HB 3339 ended use of that state’s public records law to obtain ALPR information used and collected by the Illinois State Police (ISP), including both information “gathered by an ALPR” and information “created from the analysis of data generated by an ALPR.” This Illinois language for just the ISP is very similar to what is now being considered in Connecticut for all state and local agencies. 

    Sadly, the list goes on. Georgia exempted ALPR data (both “captured by or derived from” ALPRs) of any government agency from its open records law. Adding insult to injury, Georgia also made it a misdemeanor to knowingly request, use, or obtain law enforcement’s plate data for any purpose other than law enforcement. Maryland exempted “information gathered by” an ALPR from its public information act. Oklahoma exempted from its open records act the ALPR data “collected, retained or shared” by District Attorneys under that state’s Uninsured Vehicle Enforcement Program.

    These laws and bills in seven states are an unwelcome national trend.

    Next steps

    We urge legislators to reject efforts to amend state public records laws to wholly exempt ALPR information. This would diminish meaningful oversight over these controversial technologies. Public disclosure of some ALPR information is important. 

    There is a better approach for states that want to harmonize privacy and transparency in the context of ALPR data: 

    1. Open records laws should cover, and not exclude, information collected by ALPRs, and also any public records derived from that information.
    2. Open records laws should have a privacy exemption that applies to all records, including information collected or derived from ALPRs. That exemption should require a case-by-case balancing of the transparency benefits and privacy costs of disclosure. These provisions work best when agencies and courts can analyze the context of the particular records, the weight of the privacy interests and public interests at stake, and other specific facts to fashion the best balance between these competing values. 
    3. When a document contains both exempt and non-exempt information, open records laws should require disclosure of the latter and withholding of the former. The best public records laws allow agencies to black out, or redact, specific private information while disclosing non-private information in the same records, threading the privacy and transparency needle.
    4. Finally, in the context of a law enforcement ALPR database (including both data collected by ALPRs and audit logs of police searches of stored ALPR data), the law should permit agencies to disclose aggregated and/or deidentified data, while withholding personally identifiable data. Importantly, the law should recognize that the steps an agency takes to protect individual privacy in ALPR databases should not be construed as creating a new public record. 

    FOIA balancing standards are one layer in a larger governance stack, and work best alongside strong guardrails on whether and how governments procure ALPR systems in the first place: public debate over vendor contracts, binding surveillance ordinances, strict data‑retention limits, and clear pathways to end ALPR programs entirely where the risks prove too great.

  • Civil Society Groups Urge EU to Tighten Kyrgyzstan Sanctions Following Export Ban

    International civil society organizations published an open letter Thursday to the EU Council calling for an expansion of banned exports to Kyrgyzstan, alleging the current trade route empowers the Russian war machine.

    In the appeal, seen by OCCRP, the State Capture Accountability Project (SCAP) and Freedom for Eurasia (FFE) argued that the bloc’s “previous strategy of ramping up sanctions in incremental steps has proven ineffective.”

    The organizations urged the EU Council to swiftly tighten sanctions by imposing a total export ban on “all key high-priority items for which there is no historically proven domestic market” within the Central Asian nation.

    The appeal follows the EU’s April 23 decision to ban the export of computer numerical control machines and radio equipment to Kyrgyzstan, amid allegations that these goods are funneled to Russia for the manufacture of drones and missiles.

    According to SCAP, an analysis of trade data revealed an abnormal “spike” in high-priority EU exports to Kyrgyzstan in 2025. The watchdog noted that items such as turbo-jet turbines, electronic integrated circuits, and lasers “continue to flow into the Russian military-industrial complex via Kyrgyzstan.”

    “As long as the Kyrgyzstan route is open to these items, Russia will continue to terrorize Ukrainian civilians and occupy Ukrainian land,” the letter stated. 

    OCCRP reached out to the office of EU Sanctions Envoy David O’Sullivan for comment, but did not receive a response by the time of publication.

    In a statement issued Monday, the Kyrgyz Ministry of Foreign Affairs expressed bewilderment at the EU’s measures, claiming the decision “leaves the position of the Kyrgyz side unaccounted.” Officials emphasized that Kyrgyzstan maintains regular negotiations with European partners and provides all requested documentation.

    “Of particular concern is that such unilateral decisions not only undermine the atmosphere of trust that has been built within the framework of bilateral cooperation, but also clearly contradict the repeatedly stated intentions of the European Union to develop comprehensive cooperation with the Kyrgyz Republic,” the ministry said.

    While the EU embargo represents the first instance of country-level sanctions, it follows a series of Western actions against Kyrgyz entities. In July 2023, the U.S. sanctioned four private Kyrgyz firms for re-exporting electronic components and dual-use goods to Russian defense industry companies.

    Last year, the UK and the U.S. designated four Kyrgyz banks and the crypto-exchange Grinex. In October 2025, the EU further increased economic pressure by sanctioning Tolubai Bank and Eurasian Savings Bank over providing payment services and supplying crypto assets to Russia.

    Kyrgyz President Sadyr Japarov has previously dismissed the allegations. In an August 2025 interview, Japarov accused local NGOs of providing false information to the West, which then imposes sanctions without any facts or evidence.

    “We are developing the country’s economy on our own. And steps that are not in keeping with the spirit of partnership can be seen as interference in the state’s internal affairs”, the president said.