Congress is preparing to vote on the KIDS Act, a sweeping internet bill that would pressure websites and apps to determine users’ ages before allowing them to read websites, send private messages, or participate in online communities.
This week marks four years since Dobbs v. Jackson Women’s Health Organization overturned Roe v. Wade’s constitutional protections for people seeking abortion care. Anniversaries are a moment to take stock, and over the last four years, EFF has seen firsthand how digital rights and reproductive rights have become increasingly intertwined. One major way this has happened: the fight over abortion has also become a fight over online speech and government censorship as a steady stream of proposed laws, cease-and-desist letters, lawsuits, and government investigations have targeted the websites and online resources that help people find and learn about reproductive healthcare.
This is an effort by anti-abortion government officials to mold the information ecosystem, restrict what people can read, and cut off the ways people communicate with one another. We’ve watched this build for years, and the encouraging news is that many of these efforts have failed. The worrying news is that they keep coming. And if they’re allowed to succeed, this could have repercussions for freedom of expression online beyond reproductive rights.
Targeting Sites That Just Share InformationThe clearest tell that this is also a war on speech is that officials have aimed their efforts not just at abortion providers or the entities that prescribe and sell medication abortion, but also at websites that do nothing more than tell people what their options are, how to find a doctor, and where abortion remains legal.
Cease-and-Desists & Takedown DemandsState attorneys general have been hitting these online information hubs with cease-and-desist letters and takedown demands. Just this month, for example, Alabama Attorney General Steve Marshall sent cease-and-desist letters to multiple groups with abortion-related websites, including Plan C, a public health campaign that provides educational resources and research on abortion access. Plan C doesn’t sell or ship abortion pills. It simply provides information. Marshall’s office nonetheless claimed Plan C’s website “facilitates, aids, and abets” illegal abortion. The Arkansas attorney general similarly sent out cease-and-desists to several organizations regarding their websites, including Mayday Health, which, like Plan C, provides only information and does not directly prescribe or mail pills.
What’s especially concerning is that the state doesn’t have to win, or even file, a lawsuit to get what it wants.
In another example from earlier this year, North Dakota Attorney General Drew Wrigley threatened legal action and ordered the Prairie Abortion Fund to scrub information off of its website, not because the fund sold pills, but because its site linked to several outside informational resources. The Attorney General primarily focused on the fund’s link to Plan C, meaning the biggest alleged issue was a link to a website that links to other websites where pills can be accessed.
What’s especially concerning is that the state doesn’t have to win, or even file, a lawsuit to get what it wants. Especially for smaller organizations and funds, a letter threatening legal action can be enough to chill their speech, causing them to remove important content and go quiet.
Censorship MandatesLegislators in multiple states have also attempted to make it illegal to share resources on how to obtain an abortion, including on purely informational websites with a national or global audience. South Dakota recently passed a law making it a felony to “advertise” anything “described in a manner calculated to lead another to use or apply it for producing an abortion.” Language this broad can easily apply to websites that simply engage in First Amendment-protected advocacy or provide educational resources. Mayday Health, which operates one such website, has since sued the state in federal court to block the law. The lawsuit argues the law could reach something as small as wearing a sweatshirt that carries Mayday’s web address.
Other state legislatures have made similar efforts. Last year, for example, Texas introduced a bill that would have made it illegal to “provide information” on how to obtain an abortion-inducing drug. If you exchanged emails, had an online chat, or created a website that shared information about legal abortion services in other states, you could have violated this bill. Luckily this particular bill did not pass, but Texas has attempted to pass similar laws for several years now.
Dressing Censorship Up as Consumer ProtectionA major way anti-abortion officials are targeting online speech is by weaponizing consumer protection and deceptive advertising laws, claiming that providing information about abortion violates them. This tactic is a threat to free speech rights. The First Amendment protects publishing truthful information on a public issue, and the Supreme Court has expressly said that includes providing information about legal abortion in a state where it is illegal.
Yet states like South Dakota have continued to use deceptive advertising claims to go after abortion speech. Last year, South Dakota sent a cease-and-desist and then filed a lawsuit against Mayday Health for running ads that simply read: “Pregnant? Don’t want to be?” with a link to Mayday’s website. The state claimed the ads were “deceptive.” Mayday then counter-sued in federal court, challenging South Dakota’s actions under the First Amendment. Though the federal judge ultimately declined to step in while the parallel state case was pending, she made a point of saying she believed Mayday’s website constitutes “speech subject to protection under the First Amendment.”
Other states have attempted to run the same play. Missouri sued Planned Parenthood in 2025 under its consumer-protection statute, calling a webpage that says abortion pills are safe an “unfair and deceptive” trade practice. Florida went even further, invoking its RICO law—a law typically used for organized crime—over the same kind of statement. Florida leaned heavily on a single study funded by an anti-abortion think tank, even as major medical organizations and decades of research put the serious-complication rate below half a percent. States should not be able to cherry-pick studies in order to erase online speech.
Going After Intermediaries & Erasing Whole WebsitesSome officials aren’t content to restrict only certain abortion-related content—they want the websites gone entirely.
Take, for example, the cease-and-desist letters sent by the Arkansas attorney general last year. Letters were sent directly to internet intermediaries (entities that facilitate use of the internet, such as internet service providers, web-hosting providers, or things like search engines and social media platforms). The letters demanded that both a domain registry company and a web host stop supporting a site that discusses abortion drugs. But as we know, if we cut off the host or the domain, the speech disappears for everyone—not just for people in Arkansas.
Likewise, Texas’s 2025 bill would have required intermediaries to take down abortion-related content. It’s worth remembering that the imposition of civil and criminal liability on intermediaries also conflicts with a federal law that protects online intermediaries’ ability to host user-generated speech, 47 U.S.C. § 230 (“Section 230”), including speech about abortion medication.
The push has gone federal, too. In March 2026, Senator Bill Cassidy and colleagues on the Senate Health, Education, Labor and Pensions Committee pressed the FDA to use every tool it has against online sellers, including leaning on the domain registrars that keep these sites online.
Why This Should Worry EveryoneIt’s tempting to see this as limited to the fight over reproductive rights. That would be a mistake. For people seeking care, the immediate harm is obvious: the internet is often the only place to find accurate, potentially life-saving information, and every letter, lawsuit, and takedown threat makes that information harder to find and riskier to share.
But the damage doesn’t stop there. We’re witnessing a live experiment in how to use consumer-protection laws, criminal statutes, and pressure on intermediaries to suppress a disfavored viewpoint, pull information offline, and make websites disappear. To think these tactics can only be used against abortion speech would be naïve.
We hope courts and legislatures will continue to protect free speech online. But the continued drumbeat of threatening letters, lawsuits, and investigations is its own kind of harm. Here at EFF, we’ll keep defending the right to share and read information online—about abortion, and about everything else.
The Federal Communications Commission wants to require telecommunications providers to collect vast amounts of personal information from every person who wants a phone number in the name of combatting scam and spam calls. This plan will fail to combat the deluge of unwanted calls people in the United States receive every day while giving untrustworthy companies a gold mine of information that would harm everyday consumer’s privacy, access to communications, and ability to speak freely.
The requirement to provide ID and an address would completely cut off the ability to have an anonymous phone line, which would mean many people in the most precarious situations imaginable: domestic violence and human trafficking survivors, unhoused people, and children without stable homes, would not be able to gain access to a crucial lifeline. EFF, along with ACLU, has submitted comments advising the FCC to abandon this proposal entirely.
This Rule Will Not Decrease Spam Calls
Requiring phone providers to collect consumers’ information will not appreciably decrease or eliminate unwanted calls. The FCC knows this because it confesses in its own rulemaking that “the most effective way to prevent unwanted calls from reaching American consumers is by ensuring they never enter the network.” Further, the Federal Trade Commission found that “a significant proportion, if not the majority, of unwanted robocalls originate from overseas.” Collecting the personal information of everyone who wants to make a phone call will not put a dent in fraudulent calls.
What will address unwanted calls is the FCC’s STIR/SHAKEN technical standards, which already exist. While STIR/SHAKEN is not perfect, it is actually a technical solution to the problem of spam calls. And where less than 50% of American telecommunication providers have fully implemented the protocol, the FCC should put its energy toward 100% compliance to reduce the scale of unwanted calls, instead of collecting consumer’s private information.
The FCC gives away the true reason for this proposal in their own comments: this is a move to shut down the very existence of anonymous phones, aka burner phones. FCC says in their comments:
“Enhanced KYC information can assist law enforcement to more easily identify callers that use the network to perpetuate crimes by ensuring that voice providers have accurate and complete customer information. The KYC information gathered and verified would help ensure that law enforcement gets accurate information in response to subpoenas when investigating crimes. For example, can enhanced KYC rules assist law enforcement in investigating organized criminal groups that use the network to facilitate illegal activities? Can they be used to deter or detect trafficking operations that use communication networks to buy and sell illicit goods?”
Anonymous phones are not just used by people to break the law, they are also used by activists who wish to remain anonymous, privacy conscious consumers, people escaping domestic violence, people escaping human trafficking, journalists who need to reach out to confidential sources, and other people in desperate situations. Anonymous phone lines are a lifeline to many, one which this proposal would cut off without any alternative.
Mass Data Collection Makes Us All Less Safe
Mass data collection of individuals does not address unwanted calls, but it does
make us all less safe online. The telecommunications industry has proven time and again that they’re poor stewards of personal information. They’ve been at the center of several large-scale data breaches in recent years and their data practices leave much to be desired.
In 2024, AT&T disclosed two large data breaches. One in which 7.6 million existing account holders and more than 65 million former customers had their information leaked onto the dark web, and another in which more than 100 million customer account call and text logs were downloaded. Another large provider, Comcast, suffered a data breach in 2023 where nearly 36 million account holder’s information was stolen, including the last four digits of their Social Security Number and date of birth.
In 2024, the nation’s CALEA infrastructure, which law enforcement uses to tap and trace calls, was breached in the Salt Typhoon attacks. Experts maintain that U.S. communications networks remain vulnerable, and even this administration acknowledges these attacks as an ongoing threat.
If telecoms can’t even protect the most sensitive communications infrastructure in the nation how can we expect that they will protect our identities?
In addition to their poor cybersecurity practice, these providers themselves abuse the information in their possession. In Scott v AT&T, AT&T, among others, made consumer information available to hundreds of third parties without the consumer’s express consent. Though the case was dismissed because AT&T forces its consumers to sign arbitration agreements, it shows the complete lack of care for their consumers' privacy.
A Lack of Anonymity Silences People
Mass data collection of individuals just to have a phone number will also harm and silence people. Anonymity in calls provides people the safety they may require to organize themselves, speak freely, and seek services. Anonymous phone calls give people the courage to participate in politics, organize themselves, reach out to a suicide or sexual-assault hotline, an addiction-recovery sponsor, seek medical care, seek escape from a violent and coercive situation, and do much more. Without this anonymity, people may otherwise not do any of these things.
It will prevent many from obtaining phone numbers at all.
Not everyone has all the information the FCC wants to require. The FCC wants people’s physical addresses, defined so narrowly that it’s essentially a home address. Not everyone has a stable home address, so those individuals would be not able to get phone service.
FCC suggests that a government-issued identification should be required for any phone service. About 15 million adult U.S. citizens do not have a driver’s license, while about 2.6 million do not have any form of government-issued photo ID. Others don’t have access to their identifying documents, they may be controlled by an abusive spouse or parent, human trafficker, cult, or someone else from whom a secondary phone line could help a person escape. Estimates show another 21 million adult U.S. citizens do not have a non-expired driver’s license, and over 34.5 million adult citizens have neither a driver’s license nor a state ID card with their current name or address.
These numbers do not include non-U.S. citizens who do not have current government-issued identification, including undocumented immigrants who cannot obtain a state ID or driver’s license. Black American and Hispanic Americans are disproportionately less likely to have current drivers’ licenses, and Americans with disabilities and Americans with lower annual incomes are also less likely to have current driver’s licenses.
The FCC’s proposal will not decrease the amount of unwanted calls. All it will do is set up a data collection regime that harms everyday, law abiding Americans. This proposal makes us less secure online, strips away our right to anonymous speech in calls, and actively disconnects those Americans who are already at the margins. EFF recommends the FCC discard this proposal in its entirety.
The window for reply comments can still be filed until July 26th. Express comments, which are appropriate for most individuals, can be filed on the FCC website. See the suggested language below to help you get started.
When a car passes an automated license plate reader (ALPR), its plate is captured and instantly compared against a list of vehicles that police are actively looking for or that police have identified for real-time surveillance. These are called “hotlists,” and EFF has learned that one used by agencies across the country targets immigrants on behalf of Immigration and Customs Enforcement (ICE).
Agencies using Flock Safety ALPR systems commonly allow the plates their cameras collect to be compared against the FBI's National Crime Information Center (NCIC) hotlists. These hotlists are broken into "topics," such as "Gang or Suspected Terrorist," "Stolen Vehicle," and "Missing Person."
Flock Safety told EFF via email: "Local agencies add/remove license plates from the NCIC list. The FBI curates the NCIC list, and pushes it out to local agencies. Once the list leaves the FBI, they do not see any agency alerts. They only see when a local agency adds or removes plates from the list."
But one list is different: The "Immigration Violator" hotlist is populated exclusively by ICE, and it is the only agency authorized to enter or maintain records in this system, according to the NCIC operator manual. It includes license plates associated with administrative warrants, which are issued by ICE agents without judicial review. The manual further describes the data:
The Immigration Violator File contains records on criminal aliens who have been deported for drug trafficking, firearms trafficking, or serious violent crimes and on foreign-born individuals who have violated some section of the Immigration and Nationality Act.
And:
If the ICE has reasonable grounds to believe that the subject may be operating a particular vehicle or a vehicle bearing a particular license plate, the vehicle and/or license data may be included in the record.
Buried in the Flock Safety administrative interface, there is a drop-down menu where agencies select which NCIC topics to subscribe to. If Immigration Violator is selected, the local agency will receive an alert that a vehicle ICE is looking for has been sighted. According to Flock Safety, ICE itself does not get an alert, although the local agency may contact ICE to let them know. Many agencies also participate or collaborate with immigration enforcement (through, for example, 287(g) agreements) and may take steps to stop a vehicle based on one of these alerts.
In many places, using ALPRs for immigration enforcement is against city or state law–or at minimum, against agency policy. But using this hotlist is immigration enforcement.
For example, Sparks Police Department's ALPR transparency portal lists immigration enforcement among the "prohibited uses." Yet, records show Sparks utilizes ICE's Immigration Violator hotlist.
Many agencies publicly acknowledge using NCIC hotlists, but don't publish which ones. So, EFF filed public records requests with agencies around the country to figure how to identify at least which agencies may be using the Immigration Violator hotlist. Here are links to the documents from the 13 agencies that have responded so far.
Agencies with the Immigration Violators Hotlist Enabled
Agencies Using NCIC Hotslists, But Immigration Violators Is Disabled
Knowing whether your agency has this box checked isn't just useful information—it's the kind of evidence that can change how officials vote when a contract comes up for renewal. So, how can you find out if your local agency is using the Immigration Violator list? It takes some digging, and you may not be successful. But here's what has worked for us in some instances.
STEP 1: Conduct background research.The first questions you want to try to answer are:
To answer the first question, here are two sites to try:
Once you're on the transparency portal, you'll want to look for two things.
Not all agencies disclose this information, so even if you don't find anything, you can move on to these next steps.
STEP 2: File a public records request.Every state has a law that allows the public to request information from the government. This can often be done by emailing the police department or sheriff’s office, using the agency's online public records portal. You can usually find these emails or portals quickly online by searching for the agency's website and contact information. You can also subscribe to a service like MuckRock, which is how we filed these requests.
We have developed language to request the hotlist topics. It doesn't always work, due to differences in how agencies interpret public records laws, but it is still worth a shot.
Note: This is template language. A Google doc version is available here (Google's Privacy Policy applies).
To Whom It May Concern:
Pursuant to the [INSERT LOCAL PUBLIC RECORDS LAW - FIND THAT HERE], I hereby request the following information:
- The NCIC topics that the agency has selected.
Within the Flock Safety ALPR administrative controls for hotlists, there is an NCIC drop-down menu to allow an agency to choose which NCIC "Topics" it will alert on. For example, "Gang or Suspected Terrorist" or "Missing Person."
You may provide this as a print out or a screen grab, or simply copy-paste the selected items. If you'd prefer to do a full CSV export, that is also acceptable but may take more effort.
I leave the format at your discretion, but I would prefer to use as little of your agency's resources as possible for this request. You can see an example here: https://www.documentcloud.org/documents/28277589-20260414084201725/
The requested documents will be made available to the general public, and this request is not being made for commercial purposes.
In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
Thank you in advance for your anticipated cooperation in this matter. Please do not hesitate to contact me with any questions at [CONTACT DETAILS].
Sincerely,
[Your Name]
STEP 3: Wait for a response.Depending on the agency and the state law, it may take anywhere from days to weeks to receive a response.
If the agency provides the records, they might look something like this:
If "Immigration Violator" is checked, then yes–police are scanning vehicles for immigration enforcement.
You can then put this information to work, sharing it with local reporters or bringing it directly to city officials who have the authority to modify, restrict, or cancel your agency's Flock contract. This is especially important if the agency has the box checked but also claims ALPR data is not used for immigration enforcement. Government officials like easy fixes, and "uncheck the box" is about as easy as it gets. But remember: If that's where it stops, the infrastructure for immigration surveillance stays fully intact, and the system is one policy, personnel change, or error away from being switched back on.
In many cases, you will not receive records. The agency may claim it's protected under legal exemptions or that it is not actually a public record under state law. For example, we received rejections from the Abington Police Department in Massachusetts and the Akron Police Department in Ohio.
If that happens, push back politely. You can explain that many other agencies across the country have produced this information and that it would greatly help inform the public. You can try contacting the police department's public information officer. Another option is alerting local press that the agency is refusing to disclose basic information about a public surveillance system, shutting residents out of decisions about how that system is being used. If you have the resources and time, you may also consider litigating a denial or lack of response.
You can also email your city council or board of supervisors member. Explain why this matters: The law enforcement agency may be facilitating immigration enforcement in secret, potentially in violation of its own policies. Ask them to use their oversight authority to demand answers from the agency, including pressing the vendor directly. Elected officials hold real leverage here: In most cities, either the council or the city manager controls the contract, and both are accountable to the public. If your agency's contract is up for renewal—or if a new pilot program is on the horizon—this is exactly the kind of information that should be part of that public debate before officials sign anything.
While we have filed dozens of these requests, we need locals to help gather even more. Drop us a line with the records you receive (or don't) at aos@eff.org.
