Electronic Frontier Foundation

Millions of people around the world use EFF's Privacy Badger. This browser extension blocks the hidden trackers that twist your web browsing into a commodity for Big Tech, advertisers, scammers, and data brokers. But did you know that we’re trying to solve an issue that’s even bigger than creepy ads and user profiling? You can help.

JOIN EFF

Online tracking isn't just creepy and unethical. It also enables government surveillance. Widespread commercial surveillance and weak privacy laws allow data brokers to harvest your data and sell it to law enforcement agencies including the FBI, CBP, and ICE. The government exploits this system to buy sensitive information about you that they would ordinarily need a warrant to collect, like your location over time. 

With your help, EFF is fighting back. Our team is working to enact stronger laws to uphold your privacy. We’re advocating for consumer rights in the courts. We’re investigating how these technologies affect our communities. And we’re cutting off surveillance advertising at the source with tools like Privacy Badger for everyone. You can support this work as an EFF member.

End Mass Surveillance

Privacy is a human right because it gives you a fundamental measure of security and freedom. That is why we at EFF focus on your ability to have private conversations and interact with the world using technologies that you choose. But when tools that many of us must rely on serve corporate surveillance, they also feed government surveillance. We owe it to ourselves to fight the mass spying used to control and intimidate people. Let’s do this.

For a limited time, you can join EFF as a monthly or one-time donor and pick up a new Privacy Badger Crewneck sweatshirt. The embroidered Privacy Badger mascot appears above Traditional Chinese for "privacy” because human rights are universal.

You can also get a set of puffy stickers as a token of thanks. Our little Ghostie protects privacy in Arabic, English, Japanese, Persian, Russian, and Spanish.

Claw Back! This year’s member t-shirt is hot off the press featuring an orange cat swatting at the street-level surveillance equipment multiplying in our communities. You might empathize with him, but there’s a better way. Let’s end the law enforcement contracts, harmful practices, and twisted logic that enable mass spying in the first place.

You can support our mission for technology in the public interest today. Join the movement and become an EFF member.

____________________

EFF is a member-supported U.S. 501(c)(3) organization. We've received top ratings from the nonprofit watchdog Charity Navigator since 2013! Your donation is tax-deductible as allowed by law.

As statehouses ramp up for 2026, we’re seeing a familiar and concerning trend of lawmakers rushing to regulate the internet based on shockingly shaky science. From the California State Assembly to the Massachusetts and Minnesota legislatures, a wave of bills is crashing against the digital lives of young people, with proponents of these measures framing social media access as a "public health epidemic," or a "mental health crisis," even though we have yet to see any of the settled science that those labels usually invoke.

As a digital rights organization dedicated to the civil liberties of all users, EFF’s expertise lies in reminding lawmakers that young people enjoy largely the same free speech and privacy rights as adults. EFF is not a social science research shop, but we can read the emerging research. What that research shows is much more nuanced than what is claimed by those proposing to ban young people from social media, and it is clear that research and theories used to justify these sweeping bans is far from settled. The rush to ban access to digital platforms is being fueled by "pop psychology" narratives and a collection of statistically flawed studies that do not meet the rigorous standards required for such a massive infringement on youth autonomy and constitutional rights.

The Lie of A "Settled" Consensus

The current legislative push relies heavily on a specific, media-friendly narrative that the "great rewiring" of the adolescent brain is a proven fact. This theory suggests that smartphones and social media are the primary, if not sole, drivers of a global uptick in teen anxiety, depression, eating disorders, self harm, etc. While this narrative makes for a compelling airport-bookstore read, it quickly collapses under the scrutiny of the broader scientific community.

Independent researchers, including developmental psychologists from institutions like the University of California, Irvine, and Brown University, have repeatedly found that the evidence for such claims is mixed, blurry, and often contradictory. Large-scale meta-analyses covering dozens of countries have failed to show a consistent, measurable association between the rollout of social media and a decline in global well-being. In reality, we are seeing a classic case of what many of our middle school science teachers warned us about: "correlation" being sold as “causation."  

Additionally, the studies used to support these measures often fail to account for or exclude significant alternative explanations for rising teen anxiety and depression, such as the lasting impact of pandemic-era isolation, the persistent threat of school gun violence, and mounting economic or climate-related stress. By focusing narrowly on social media, these findings frequently overlook the broader societal factors that also impact youth mental health.

The Cult of the "Anxious" Expert

The current push for blanket social media bans relies almost exclusively on the work of Jonathan Haidt, particularly his book The Anxious Generation. While Haidt is an amiable and brilliant storyteller, he is not a clinical psychologist or a specialist in child development. He is a social psychologist who writes about moral psychology at a business school. Nonetheless, the book has made it to every Best Seller list, and with Haidt revered as an expert on podcasts with massive reach, like Oprah, Joe Rogan, Michelle Obama, and Trevor Noah—his message has been heard by a large subset of society, which primarily relies on: no smartphones or social media before age 16, phone-free schools, and more “unsupervised, real-world independence.”

To highlight Haidt’s reach when it comes to legislation banning social media: the California committee analysis for the proposed California social media ban mentions Haidt 20 times; the Governor of Utah promoted the book as a “must-read” months before signing the nation’s first social media ban; Haidt is cited in bill analysis for the bill banning social media in Florida; his work is mentioned in a federal bill aiming to ban phones in schools; and he provided formal testimony before the U.S. Senate Judiciary Committee (Subcommittee on Technology, Privacy, and the Law) in May 2022. 

While Haidt’s research has been paramount to legislation stripping millions of young people of their rights to expression and connection, his conclusions are not without challenge, and many experts in the field argue that the evidence is less than ironclad. 

The “Bad Science” Fueling Social Media Bans

While we can admit that Jonathan Haidt’s "great rewiring" theory makes for a gripping narrative, we cannot ignore that independent researchers and statisticians have identified significant flaws in the data used to justify it. Which means we are currently watching policymakers legislate blanket bans based on evidence that would be rejected in almost any other field of public health.

The reality is that research has consistently disproven the oft-assumed link between social media use and poor mental health in youth, and actually indicates that moderate internet use is a net positive for teens’ development, and negative outcomes are usually due to either lack of access or excessive use. In one major study of 100,000 adolescents, a “U-shaped association emerged where moderate social media use was associated with the best well-being outcomes, while both no use and highest use were associated with poorer well-being.” We also know that young people’s relationship with social media is complex, as it provides them essential spaces for civic engagement, identity exploration, and community building—particularly for LGBTQ+ and marginalized youth who may lack support in their physical environments. 

But again, the image Haidt presents in his book is increasingly at odds with the broader academic consensus. As mentioned, critics argue that the evidence for the mental health impacts of social media is mixed, blurry, and often misinterpreted. NYU statistics expert Aaron Brown, writing for Reason, notes that many of the studies in Haidt’s exhaustive reference list are statistically unreliable or fail to show a strong causal link. Prof. Candace Odgers, a leading voice in psychological science, explains the "selection effect" that legislators often ignore:

“Hundreds of researchers, myself included, have searched for the kind of large effects suggested by Haidt. Our efforts have produced a mix of no, small and mixed associations. Most data are correlative. When associations over time are found, they suggest not that social-media use predicts or causes depression, but that young people who already have mental-health problems use such platforms more often or in different ways from their healthy peers.”

This raises a fundamental question of legislative responsibility: If the science is not settled, how can legislators confidently declare a “public health crisis” to justify stripping away young people’s First Amendment rights? By bypassing the rigorous, nuanced findings of the scientific community in favor of a more convenient narrative, legislators are choosing emotion over evidence. Before imposing such draconian restrictions on young people’s access to information, policymakers have an obligation to do the heavy lifting: to dig into the actual research and listen to the experts who are sounding the alarm on oversimplified conclusions.

The Dangers of "Social Contagion" Narrative

Perhaps the most troubling aspect of Haidt’s crusade is its overlap with ideological rhetoric that pathologizes the identities of marginalized youth, and how that makes its way through efforts to ban social media for youth. A recurring theme in the literature favored by proponents of social media bans is the idea of "social contagion"—specifically regarding the rise in young people identifying as transgender or non-binary. Haidt dedicates an entire chapter of his book to this (ch.6, pt 3, p. 165), talking about “Why Social Media Harms Girls More Than Boys,” stating that: 

“The recent growth in diagnoses of gender dysphoria may also be related in part to social media trends, [...] the fact that gender dysphoria is now being diagnosed among many adolescents who showed no signs of it as children all indicate the social influence and sociogenic transmission may be at work as well.”

These harmful theories suggesting that social media is "infecting" young people with gender dysphoria are false and not supported by peer-reviewed clinical research. But by legitimizing "experts" who promote these debunked theories, legislators—especially those in states like California who pride themselves on being a sanctuary for LGBTQ+ youth—are inadvertently platforming the same rhetoric used in other states to ban gender affirming care for youth. This "social contagion" narrative is a tool of exclusion, not a scientific reality, and we must be wary of any "public health" argument that treats community-building and self-discovery among marginalized young people as a "purported mental illness" spread via TikTok.

A Better Path: Digital Wellness, Not Bans

Fortunately, there is a measured, evidence-based alternative already emerging. California's A.B. 2071, for instance, is a student-authored "digital wellness" bill that offers a measured, evidence-based alternative rather than prohibition. The bill advocates for a curriculum that teaches students how to manage algorithms, recognize cyberbullying, and regulate their own relationship with technology. Instead of trying to completely shield young people from social media, education-based approaches empower young people and have the benefit of providing skills that stay with a young person long after they leave the classroom. 

JustLeadershipUSA, a criminal justice organization, has a slogan that rings true in this instance too: “Those closest to the problem are closest to the solution.” So let’s start listening to what our young people are asking us for—more education—instead of imposing paternalistic, disempowering bans.

Legislating With Precision instead of Emotion 

Adolescent mental health struggles are a complex, multifaceted crisis. It is a crisis that has existed for as long as time, and has been driven by economic instability, the opioid epidemic, the threat of school violence, amongst other issues. To pin all of society's woes on a smartphone app is not just a scientific error; it is a policy failure that ignores the real, material needs of young people both online and off.

Legislators must stop legislating as "anxious parents" and start acting as measured policymakers. Because for some youth, social media platforms are a lifeline. UNICEF and other global human rights organizations have warned that age-related restrictions and blanket bans can backfire in three critical ways: isolating marginalized youth (like LGBTQ+ youth, students in rural areas, foster youth, or those with disabilities) who social media is often the only place they can find a supportive community; necessitating invasive mass collection of biometric data or government-issued IDs from all users, including adults; and pushing young people toward less-regulated, "darker" corners of the web where content moderation is non-existent and the risks of actual exploitation are significantly higher.

Legislators have a valid interest in protecting children, but that interest must be pursued through tailored, measured approaches. We cannot allow emotions or a collection of flawed data sets to justify a historic rollback of digital rights. 

Last week, Instagram ended its opt-in, and therefore rarely used, end-to-end encryption feature. Years after publicly promising to provide the privacy protections of end-to-end encryption across its platforms by default, it instead gave up on that technical challenge. Now, we've all lost an option for safer conversations on one of the biggest social media platforms in the world.

In an announcement in 2023, Meta bragged about how it had successfully encrypted Messenger, and teased that Instagram was in progress. Even before then, they’d talked about how important encryption was in Messenger and Instagram in a white paper published in 2022, stating: 

We want people to have a trusted private space that’s safe and secure, which is why we’re taking our time to thoughtfully build and implement e2ee by default across Messenger and Instagram DMs.

So where did the reversal come from? In a statement, Meta claimed that, “Very few people were opting in to end-to-end encrypted messaging in DMs.” This isn’t all that surprising, as turning it on was an optional four-step process that few people knew about. Defaults matter, and Meta’s choice to blame people for failing to opt into this feature is proof of how much. In that same statement, the company pointed people to WhatsApp for access to encrypted messaging. Yet if Meta truly wanted people to have a trusted private space to communicate, it would meet them everywhere they are: on WhatsApp, on Messenger, and on Instagram.

But at least Meta was straightforward about the fact that it will not continue to support or work on this feature. That's rare. Most tech company promises aren’t broken explicitly, they just remain undelivered long enough to be forgotten. 

This is particularly disappointing as other companies take even bigger swings, like Google and Apple working together to implement end-to-end encryption over Rich Communication Services (RCS), and Signal’s continued work to make its app simpler and easier to use for everyone.

Meta abandoning this principle is disheartening, especially as we are still waiting for other promised features from the company, like end-to-end encryption in Facebook Messenger group messages. Instead of blaming users for not using these sorts of features and then abandoning the promise of delivery, Meta—and other tech companies—should start by enabling strong privacy protective features by default.

This week, Apple released iOS 26.5, an update that supports end-to-end encryption for Rich Communication Services (RCS), meaning conversations between Android and iPhone will soon be encrypted in the default chat apps. This has been a long time coming, and is a welcome delivery on a promise both Google and Apple made.

With this update, conversations that take place between Apple’s Messages app and Google Messages on Android will be end-to-end encrypted by default, as long as the carrier supports both RCS and encrypted messages (you can find a list of carriers here). RCS messages are a replacement for SMS, and in 2024 Apple started supporting it, making for a marked improvement in the quality of images and other media shared between Android and iPhones. 

Now, those conversations can also benefit from the increased privacy and security that end-to-end encryption offers, making it so neither Google, Apple, nor the cellular carriers have access to the contents of messages. This feature comes courtesy of both Apple and Google supporting the GSMA RCS Universal Profile 3.0, which implements the Messaging Layer Security protocol for encryption. Metadata will likely still be collected and stored for these conversations, making alternatives like Signal still a better option for many conversations. Likewise, if you back up those conversations to the cloud, they may be stored unencrypted unless you enable Advanced Data Protection on iOS (Google Messages end-to-end encrypts the text of messages in backups, but not the media, so we’d like to see a similar offering as ADP on Android). Still, this is a significant step forward for the privacy of millions of conversations worldwide.

End-to-end encrypted RCS messaging is still marked as beta on Apple devices, likely because the rollout is dependent on carriers as well as the Android phone running the most recent version of Google Messages. 

It might take some time before you get this feature in your chats and until you do, remember that the conversations are not protected with end-to-end encryption. But once everyone in the conversation is on the right software version and the carrier support is implemented, you will see a lock icon and the text, “Encrypted” at the top of the conversation for any chats you have over RCS, as seen here:

We applaud Apple and Google for getting this across the finish line and Encrypting It Already! More companies should take these sorts of difficult but necessary steps to protect the privacy of our conversations and our data.

Osama Khalid was just twelve years old when he began contributing to Wikipedia Arabic. In the height of the blogging era, he became a prolific blogger, publishing writings on his home country of Saudi Arabia, meetups he attended, and his opinions and observations about open source technology and freedom of expression. He advocated for internet freedom, contributed time and translations to various projects—including EFF’s HTTPS Everywhere—and was a thoughtful presence at the conferences he attended around the world…all while training to become a pediatrician.

In July of 2020, he was detained amid a wave of arbitrary arrests carried out by the Saudi authorities during the Covid-19 lockdown and initially given a five-year prison sentence. That sentence was later increased on appeal to 32 years, then reduced in 2023 to 25 years, and again to 14 years this past September. In a joint letter that we signed on to in April, the Saudi human rights organization ALQST, which has been leading the campaign for Osama’s release, wrote: “The huge discrepancy between sentences handed down at different stages in the case underscores the arbitrary manner in which sentencing is carried out in the Saudi judicial system.”

So, what was his “crime”? Sharing information online that conflicted with official narratives. Osama’s Wikipedia contributions included pages on critical human rights issues in Saudi Arabia, including the treatment of women’s rights activist Loujain al-Hathloul (herself an EFF client) and Saudi Arabia’s infamous al-Ha’ir prison. His blog, which has since been taken offline, included articles such as one criticizing government plans for the surveillance of encrypted platforms.

Over the years, we’ve campaigned for the release of a number of individuals imprisoned for their speech. Our contributions to the campaigns of Ola Bini, the Swedish software developer who has been targeted by the government of Ecuador for the past seven years, and Alaa Abd El Fattah, have had real impact. These cases are reminders that attacks on free expression are rarely confined to borders: governments around the world continue to use vague cybercrime laws, national security claims, and politically motivated prosecutions to silence critics, technologists, journalists, and activists.

Supporting these two—and others we’ve highlighted in our Offline project—has never been about defending only individuals. It has also been about defending the principle that writing code, sharing ideas, criticizing governments, and organizing online should not be treated as crimes. Public pressure, international solidarity, legal advocacy, and sustained campaigning can shift the political cost of repression—and, in some cases, help secure meaningful protections for those targeted.

That’s why we’re highlighting Osama’s case and will continue to work with partners including ALQST to advocate for his release. Osama Khalid, like so many human rights defenders, journalists, and internet users detained by the Saudi government, deserves to be free.

Internet shutdowns are devastating for human rights. When people are disconnected from the internet and digital services, it impacts all aspects of their life—from accessing essential information, to seeking medical care, or communicating with loved ones, both in that country and externally. But on January 8th, 2026, the government of Iran shut down internet communications for the entire country as a rebellion threatened to topple the authoritarian government. The government then proceeded to execute as many as 656 dissidents over the next 3 months, though the actual number could be much higher. Which is part of the point: shutdowns often precede government acts of violence. 

Iran’s shutdown was hardly an isolated incident. Earlier this month, the U.S. military invaded Venezuela and kidnapped the Venezuelan president shortly after US cyber forces shut down all internet access and power grids for the capital city of Caracas. India routinely shuts off internet access in the Kashmir region, and Syria shut down internet communications as many as 73 times, most recently in 2025. Even the UK recently had a localized temporary internet shutdown. At the time of this writing there are 14 ongoing internet shutdowns worldwide.  

Government shutdowns aren’t the only reason an entire region or country might lose internet access. Hurricanes, earthquakes, and wildfires can take out internet connections in many regions of the world, and will only increase as climate change ramps up. They can completely disable the communications infrastructure relied upon by victims, their families, first responders, and disaster relief efforts. Having an alternate way to communicate in such times can save lives.  

One way to limit the impact of such shutdowns is to prepare in advance by setting up systems and structure for circumvention and resiliency. 

To keep people connected during internet shutdowns and blackouts, communication networks must be operational before and after the disaster or shutdown. To be effective, they must be widespread so that people can get access to them reliably, and they must be usable by a majority of the community. And any viable solution must be accessible and sustainable on a community level, not just to people with vast financial resources or technical knowledge. You shouldn’t have to be a tech wizard to be able to communicate with your neighbors!

Radios

There are many ways for a community to build their own disaster resilient communications. Radios, for example, are cheap, decentralized, and resilient. Many people with moderate technical skill have set up Meshtastic repeaters. Meshtastic is a way to use a common unlicensed radio spectrum and a technology called LoRA to have peer-to-peer decentralized communications with people in your neighborhood or city. When you buy a Meshtastic device (cheap ones cost around $20) you can link it to your phone and send text messages to people in your area without ever touching the telephone network or the internet. Messages are delivered directly from person to person over public radio waves.

There is also amateur radio, also known as ham radio, which has been used in disaster communications for decades. Ham radio requires a license, but allows you to communicate farther than Meshtastic, using repeaters or even bouncing signals off the stratosphere to talk to people on the other side of the planet or even on the International Space Station. It is even possible to access the internet over ham radio. 

Peer-to-peer messaging apps 

Another option for internet communication during a shutdown is peer-to-peer messaging apps. One such project,called Briar, uses the Bluetooth functionality on phones to route messages from device to device until they reach their destination, even in instances where there is no internet. However, Briar faces the same problems many mesh projects do: almost nobody has the app installed and it’s difficult to use. If a mesh chat app isn’t already widely installed before an internet shutdown, it’s going to be even harder to get people to install it en masse once the shutdown starts. 

A similar effort called bitchat has recently gained some attention. Bitchat is a peer-to-peer chat system that routes over Nostr, Tor, and Bluetooth. It is unfortunately tainted in many people’s eyes by being a project by former Twitter CEO Jack Dorsey, but it is open source and runs on both Android and iOS. It was used with some success in Iran during the latest internet shutdown. 

Another option is Delta Chat, which uses PGP for encryption and email for routing, while still being much simpler to use than either technology. Delta Chat is highly regarded in Iran for its ability to route a message through even the tiniest sliver of email access.

Satellite internet 

Satellite internet is an internet connection that uses a connection to a satellite dish to reach the internet, such as Starlink. Since there are no wires and no physical connection to infrastructure, satellite internet is harder to shut down. Satellite internet has therefore been used in many cases to circumvent internet shutdowns, with people sharing bandwidth with their neighbors. Satellites are harder for governments to shut down unilaterally.  Unfortunately when the satellites are owned by tech oligarchs, such as Starlink (owned by Elon Musk), or by allied governments, the owners of those satellites may willingly shut down the network anyway. 

Dreaming of a better future

Ultimately an app that is already widely being used would be the best option for shutdown resistant communication. Imagine if WhatsApp or Signal could fall back to mesh networking over bluetooth or wifi. Even better, imagine if our phones all had LoRA built in so we could have more effective mesh networks! What if our phones all had a connection to a satellite constellation run by an international coalition of hackers? We can dream of a better world and we can build it. 

We can’t rely on tech oligarchs to save us, especially when these same companies and governments are the ones to sever our access to the internet and telecommunications. This is why it's important to set up communication mechanisms before a disaster happens. 

As hackers, it's important for us to build these tools and infrastructure of decentralized communication, to help people learn how to use them, and to set up networks before disaster strikes. Get together with others in your city and start setting up resilient off-grid networks and building community now. 

Before you download or use any of the tools mentioned in this guide check with a lawyer in your jurisdiction or country and make sure you understand what legal risks you might be taking on. 

A previous version of this article appeared in the Spring 2026 issue of 2600 magazine. 

Last year, the Canadian government pushed Bill C-2, which would erode Canadian digital rights in the name of “border security.” The bill was so bad it didn’t even make it to committee because of the backlash from the privacy community. Now, the spring’s worst sequel, Bill C-22, aka The Lawful Access Act, is trying it again.

As with most sequels, Bill C-22 makes some tweaks to problematic elements, but largely retains the same problems. The bill forces digital services, which could include telecoms, messaging apps, and more, to record and retain metadata for a full year, and expands information sharing with foreign governments, including the United States. Metadata can reveal a lot about who you communicate with, where you go, and when you do so. Expanding the collection of metadata would require companies to store even more information about their users than they already do, providing an incentive for bad actors to access that information. 

Worst of all, Bill C-22 erodes the privacy of millions by providing a mechanism for the Minister of Public Safety to demand companies create a backdoor to their services to provide law enforcement access to data, as long as these mandates don’t introduce a “systemic vulnerability.” These widespread surveillance backdoors would likely facilitate even more data breaches than we see already. The bill also bans companies from even revealing the existence of these orders publicly.

The definitions of both “systemic vulnerabilities” and “encryption” are not clear enough in C-22, leaving wiggle room for the government to demand that companies circumvent encryption. And the overbroad definitions in the bill can include apps as well as operating systems. Canadian officials have made it clear they believe it’s possible to add surveillance without introducing systemic vulnerabilities, which is just not true. Surveillance of encrypted communications is fundamentally a systemic vulnerability.

This resembles what happened in the UK last year, when the government demanded that Apple implement this type of backdoor into its optional Advanced Data Protection feature, which then forced Apple to revoke the feature for its UK users instead of complying with the request. To this day, UK users still do not have access to this powerful, privacy-protective feature that provides stronger protections for data stored in iCloud. Both Meta and Apple are concerned that C-22 would give the Canadian governments similar powers, and both companies have come out against the bill. The U.S. House Judiciary and Foreign Affairs committees also sent a joint letter to Canada’s Minister of Public Safety highlighting the concern around backdoors into encrypted systems.

The dangers of these sorts of backdoors are not theoretical. In 2024, the Salt Typhoon hack took advantage of a system built by Internet Service Providers to give law enforcement access to user data. When you build these systems, hackers will come.

Canadians deserve strong privacy protections, transparency into how companies handle user data, and clear safeguards around encrypted data. Bill C-22 provides none of that, instead reaching further into the digital pockets of tech companies to build broad lawful access mechanisms.

Further reading

• Full text of C-22
• Canadian Civil Liberties Association statement and letter
• Open Media blog on C-22
• EFF’s blog on bill C-2

EFF, along with the national ACLU, the ACLU affiliates in Maryland, North Carolina, South Carolina, and Virginia, and the National Association of Criminal Defense Lawyers (NACDL) filed an amicus brief in the U.S. Court of Appeals for the Fourth Circuit urging the court to require a warrant for border searches of electronic devices under the Fourth Amendment, an argument EFF has been making in the courts and Congress for nearly a decade. The Fourth Circuit heard oral arguments on May 8. The Knight Institute at Columbia University and Reporters Committee for Freedom of the Press also filed a helpful brief focusing on the First Amendment implications of border searches of electronic devices.

The case, U.S. v. Belmonte Cardozo, involves a U.S. citizen whose cell phone was manually searched after he arrived at Dulles airport near Washington, D.C., following a trip to Bolivia. He had been on the government’s radar prior to his international trip and had been flagged for secondary inspection. Border officers found child sexual abuse material (CSAM) on his phone, and he was later arrested and criminally charged.

The district court denied the defendant’s motion to suppress the images and other data obtained from the warrantless search of his cell phone. He was ultimately convicted of child pornography and sexual exploitation of minors because he had used social media to entice minors to send him sexually explicit photos of themselves.

The number of warrantless device searches at the border and the significant invasion of privacy they represent is only increasing. In Fiscal Year 2025, U.S. Customs and Border Protection (CBP) conducted 55,318 device searches, both manual (“basic”) and forensic (“advanced”).

A manual search involves a border officer tapping or mousing around a device. A forensic search involves connecting another device to the traveler’s device and using software to extract and analyze the data to create a detailed report the device owner’s activities and communications. However, both search methods are highly privacy-invasive, as border officers can access the same data that can reveal the most personal aspects of our lives, including political affiliations, religious beliefs and practices, sexual and romantic affinities, financial status, health conditions, and family and professional associations.

In our amicus brief, we argued that the Fourth Circuit should adopt the same legal standard for both manual and forensic searches, and that standard should be a warrant supported by probable cause and issued by a neutral judge. The highly personal nature of the information found on electronic devices is why there should not be different legal standards for different methods of search, and why a judge should determine whether the government has provided credible preliminary evidence that there’s a likelihood that further evidence will be found on the device indicating wrongdoing by the specific traveler.

Moreover, we argued that “the process of getting a warrant is not unduly burdensome,” and that “getting a warrant would not impede the efficient processing of travelers. If border officers have probable cause to search a device, they may retain it and let the traveler continue on their way, then get a search warrant. Or, where there is truly no time to go to a judge, the exigent circumstances exception may apply on a case-by-case basis.”

The Fourth Circuit in prior cases only considered forensic device searches at the border. In U.S. v. Kolsuz (2018), the court held that the forensic search of the defendant’s cell phone at the border “must be considered a nonroutine border search, requiring some measure of individualized suspicion” of a transnational offense, but the court declined to decide whether the standard is only reasonable suspicion or instead a probable cause warrant. Then in U.S. v. Aigbekaen (2019), the court held that a forensic device search at the border in support of a purely domestic law enforcement investigation requires a warrant. The court also reiterated the general Kolsuz rule for a forensic border-related device search: the “Government must have individualized suspicion of an offense that bears some nexus to the border search exception's purposes of protecting national security, collecting duties, blocking the entry of unwanted persons, or disrupting efforts to export or import contraband.” Now, manual searches are before the court.

In urging the Fourth Circuit to adopt a warrant standard for both manual and forensic device searches at the border, we argued that the U.S. Supreme Court’s balancing test in Riley v. California (2014) should govern the analysis here. In that case, the Court weighed the government’s interests in warrantless and suspicionless access to cell phone data following an arrest, against an arrestee’s privacy interests in the depth and breadth of personal information stored on a cell phone. The Court concluded that the search-incident-to-arrest warrant exception does not apply, and that police need to get a warrant to search an arrestee’s phone.

The U.S. Supreme Court has recognized for a century a border search exception to the Fourth Amendment’s warrant requirement, allowing not only warrantless but also often suspicionless “routine” searches of luggage, vehicles, and other items crossing the border. The primary justification for the border search exception has been to find—in the items being searched—goods smuggled to avoid paying duties (i.e., taxes) and contraband such as drugs, weapons, and other prohibited items, thereby blocking their entry into the country.

But a traveler’s privacy interests in their suitcase and its contents are minimal compared to those in all the personal data on the person’s cell phone or laptop. And a travelers’ privacy interests in their electronic devices are at least the same as those considered in Riley. Modern devices, over a decade later, contain even more data that can reveal even more intimate details about our lives.

We hope that the Fourth Circuit will rise to the occasion and be the first circuit to fully protect travelers’ Fourth Amendment rights at the border.

When governments shut down spaces for dialogue, dissent, and collective organizing, the damage extends far beyond a single event. The abrupt cancellation of RightsCon 2026—the world’s largest annual global digital rights conference—is not just a logistical disruption for thousands of researchers, journalists, technologists, and activists—it is part of a growing global pattern of shrinking civic space and increasing hostility toward free expression and independent civil society.

Just days before the conference was set to begin and as participants had begun to arrive in Lusaka, organizers announced that RightsCon would no longer proceed in Zambia or online after mounting political pressure and demands that would have excluded vulnerable communities and constrained discussion. The U.N.’s World Press Freedom Day, which was set to take place just prior to the conference, was scaled down in light of the events, and its press freedom prize ceremony postponed to a later date.

RightsCon has long served as one of the few truly global convenings where civil society groups, grassroots organizers, technologists, and policymakers can meet on equal footing to confront some of the most urgent human rights challenges of the digital age—from censorship and surveillance to internet shutdowns, platform accountability, and the safety of marginalized communities online. EFF has had a presence at RightsCon since its inception in 2011, and had planned to meet with and learn from international partners and present our work during several sessions in Lusaka.

The cancellation is especially devastating because of what RightsCon represents. For many advocates—particularly those from the global majority—it is not merely another conference. It is a rare opportunity to build solidarity across borders, form lasting partnerships, learn from other regions’ experiences, secure funding and support for local work, and ensure that the people most impacted by digital repression have a seat at the table. Holding the event in southern Africa carried particular significance, promising to elevate regional voices and strengthen local digital rights networks.

What happened in Zambia sends a chilling message. According to organizers and multiple reports, the pressure surrounding the event included Chinese government demands to exclude Taiwanese participants and moderate discussions around politically sensitive topics. At a moment when governments around the world are increasingly restricting protest, targeting journalists, cutting funds for human rights work, banning young people from online communities, censoring speech, and criminalizing civil society activity, the cancellation of RightsCon reflects the broader erosion of democratic space online and offline.

Organizations from the digital rights community have spoken out forcefully against the government’s cancellation of the conference, making clear that these attacks on civic participation will not pass unnoticed. Access Now described the decision as evidence of “the far reach of transnational repression targeting civil society.” Index on Censorship’s response warned that the move represents a dangerous escalation in attempts to suppress open dialogue, while IFEX rightly described the cancellation as a blow not just to one conference, but to freedom of expression and assembly everywhere.

We are also heartened to see statements from members of the international community—including Tabani Moyo, who spoke about the impact on the southern African community, and Taiwanese participant Shin Yang, who emphasized the importance of preserving spaces where marginalized communities can safely organize and speak—underscoring that attempts to silence civil society only reinforce the importance of defending open, global spaces for organizing and debate.

Even as this cancellation represents a serious setback, it is important to remember that the digital rights community has always adapted under pressure. Around the world, advocates continue to organize in increasingly difficult environments, finding new ways to connect, collaborate, and resist censorship and repression. Upcoming events like the Global Gathering and FIFAfrica—both of which EFF plans to attend—will bring together members of the community to tackle tough issues. And in the meantime, groups from all over the world are working together to incorporate global perspectives into platform regulations, oppose age verification laws, protect against surveillance, and fight internet shutdowns, among many other efforts.

RightsCon itself emerged from a recognition that defending human rights in the digital age requires international solidarity—and that need has not disappeared.

The conversations that were supposed to happen in Lusaka will continue elsewhere: in community spaces, online gatherings, encrypted chats, and future convenings yet to come. Governments may close venues, restrict participation, or attempt to narrow the boundaries of acceptable speech, but they cannot erase the global movement working to defend a free and open internet.

RightsCon will not go on in Zambia, but we remain heartened and inspired by the strength of the global digital rights community, stand with them in solidarity, and look forward to seeing our allies at the next RightsCon and other upcoming events.