Just Because You Can, Doesn't Mean You Should · Nonprofit Leadership on Boundaries in AI · Chapter 8
Welcome to the Ethics & Ink AI Newsletter #69
Hello, brilliant people.
Welcome back — and if you’re new here, welcome in. Pull up a chair. This one’s going to sting a little. It’s supposed to.
Okay gather round. So, you know I don’t do small talk, but I do do receipts — and May 2026 handed us a stack of them so thick I needed a minute. So let’s talk about it the way it deserves to be talked about: quickly, directly, and with full acknowledgment that the audacity involved is genuinely breathtaking. Eighty thousand people showed up to protest in London — two different marches, two different causes — and every single one of their faces was run through a police facial recognition system. Without consent. Without meaningful notice. Without recourse. Eighty thousand. I’m sure whoever greenlit that from inside a very expensive conference room told themselves it was a public-safety measure. It always is.
Meanwhile, across the Atlantic, fifty million phones were quietly carrying dormant facial recognition code that Meta had shipped inside its companion app — a system internally called NameTag, nearly ready to deploy, capable of identifying strangers on the street in real time. Meta called the reporting “misleading.” Then they removed the code within twenty-four hours. Honey. That’s not a denial. That’s a timeline.
And then — because May apparently decided one continent wasn’t enough — ICE confirmed it had used its AI face-scanning app over 200,000 times on people standing in American streets… Oh, and the EU? The one that was supposed to be the regulatory grown-up in the room? They voted 569 to 45 to delay their toughest biometric AI enforcement rules by sixteen months. Sixteen. I’ll be here when you’re ready to talk about it.
Four Months in Philly. A Big Year. A Very Full Plate.
So I moved to Philadelphia in early 2026, and I’ll tell you plainly: I was right about this city. It fits — aesthetically, professionally, temperamentally. It’s got the kind of architectural grit and stubborn intellectual edge that makes you want to build things that actually last. And 2026 is shaping up to be a genuinely historic year here; the World Cup is coming, the eyes of the world are going to be pointed directly at Philadelphia this summer. Which is, not coincidentally, exactly the moment we ought to be asking hard questions about who else is watching — and what they’re doing with what they see.
May was particularly dense. I spent a meaningful portion of it doing work for Cirque Du Soleil at the Philadelphia Expo Center — an extraordinary group of artistic people doing extraordinary work. There’s something clarifying about spending time around artists who’ve built an entire practice around precision, trust, and the willingness to do something genuinely difficult and sometimes dangerous in front of other human beings. It’s a useful reminder that rigor and artistry aren’t in tension. The best work tends to require both. Sunday was their last show of the run, and I’ve already been invited to join the service team again next year. I absolutely intend to be.
I’ll be honest with you: I skipped the live event for Chapter 7. My plate was stacked, and I’m not going to perform regret about it. But Chapter 8 is a different story entirely. The Boundaries Principle doesn’t get skipped — not when May handed us five surveillance stories that read like a case study in why Law 8 exists in the first place. So here we are.
What We’ve (Secretly) Been Talking About All Month.
For those of you subscribed to the nightly Ethics & Ink — AI email, May was a sprint. Here’s a look at the threads we pulled on — and why they matter for everything you’re about to read:
The SPIR Framework Series. Systematic P-Value Invalidation Response — my named successor to JEP. We traced how the limbic system gets hijacked at population scale, connecting it to the Cambridge Analytica architecture, the Twitter Files, and the DAMP paper. This is the analytical spine of everything I write. If you missed it, you’re doing yourself a disservice.
The Jim Jones / Cultural Radicalization Series. What does a 1970s cult have to do with algorithmic content delivery in 2026? More than you want to know. We walked through the architecture of manufactured epistemic collapse — the conditions that make a society susceptible — and it’s not a comfortable read.
Chapter 8 Groundwork: The Boundaries Principle + FTC Enforcement. We laid the legal scaffolding: FTC enforcement patterns, ACC/DAMP terminology, and what actual accountability looks like versus what gets dressed up in a press release and called accountability.
The Memorial Day Email. Multi-generational military service meets the surveillance economy. I wrote about what it means that the same government those family members served is now building tools to monitor the people it’s supposed to protect. I didn’t hold back. You weren’t surprised.
GDPR Article 17, EU AI Act Article 86, and CARS. The Consumer AI Renewal Standard. The regulatory scaffolding that should be protecting you. The gaps that demonstrably aren’t.
If you’re on the free tier, you’re getting some of this. The nightly email — where the real-time analysis lives, where I’m pulling apart stories as they break and connecting them to the framework before the news cycle has moved on — that’s paid. Here’s what that distinction actually means:
Free subscribers receive the weekly digest, major framework updates, and public-facing essays. You’re genuinely welcome here. Stay as long as you need.
(New) Paid subscribers get the nightly email, early access to every new chapter, the full SPIR series, and the analytical threads that never surface in the public feed. You also get me — in real time — working through the hardest questions in AI ethics before anyone else has named them.
Upgrade at ethicsandink.substack.com. If you can’t right now, forward this to someone who should be reading it. That’s free.
What’s Coming: Four Weeks of Chapter 8 in the Real World.
This isn’t just another newsletter issue. It’s the opening dispatch of a four-week series examining Chapter 8 — the Boundaries Principle — as it’s playing out right now, in real deployments, on real people, with real consequences. We’re not going to talk about AI surveillance in the abstract. We’re going to walk through what it actually looks like when the boundary gets crossed, who paid for it, who got hurt, and what — if anything — happened next.
Each week builds on the last. Week 5 is a live event, and you’ll want to be in the room for that one. Here’s how it unfolds:
Week 1 — Pillar One — The Minimalist Mandate: What “essential” actually means in practice: why the surveillance stories of May 2026 are case studies in collecting everything except what was necessary, and what a truly purpose-limited system would have looked like instead.
Week 2 — Pillar Two — The Cultural Respect Protocol: One-size-fits-all privacy is a design choice, not a technical constraint. We’ll look at who gets erased when systems ignore cultural and personal privacy differences — and why the ICE deployment and London LFR stories are Pillar Two failures as much as anything else.
Week 3 — Pillar Three — The Anonymous Option: The right to use services without being identified isn’t radical. It’s a design decision that companies choose not to make — and Meta’s NameTag is the cleanest proof of that. We’ll walk through what genuine anonymity infrastructure requires and why the industry keeps pretending it’s technically impossible.
Week 4 — The EU AI Act — What It Actually Requires, What Just Changed, and What You Need to Know Now: The high-risk compliance delay to December 2027, what obligations are already in force, the new deepfake prohibition, and a plain-language field guide to which provisions apply to the exact systems we’ve been discussing all month — because “the regulation is complicated” is not the same as “the regulation doesn’t apply to you.”
Week 5 — Live Event: Just Because You Can Doesn’t Mean You Should.
We’re going to do this live. Five weeks of framework, five stories, five real-world applications of the Boundaries Principle — and then we’re going to sit in a room together and talk about what it means to push back. What accountability actually requires. And what you, specifically, can do about it.
Details are forthcoming. Mark your calendar for Week 5. Don’t skip this one.
But First: What May 2026 Just Showed You.
The Boundaries Principle is deceptively simple: there’s a difference between what you can do with data and what you should. May 2026 delivered a five-alarm demonstration of what happens when institutions — governments, corporations, regulators — have decided that distinction is largely decorative.
Here are the five stories you need to know going into this series.
London’s Met Police Scanned 80,000 Protesters’ Faces. At Political Demonstrations. For the First Time in History.
On May 16, 2026, London’s Metropolitan Police deployed live facial recognition cameras at two simultaneous political protests — Tommy Robinson’s “Unite the Kingdom” march and a Nakba Day rally. Roughly 80,000 people were scanned. This had never been done at a political demonstration in the UK. There was no statute authorizing it. There was a police policy document, which is doing a lot of heavy lifting in this story.
The Met claimed non-matching faces were deleted within seconds. The UK Biometrics and Surveillance Camera Commissioner warned that every mistake would end in court. Big Brother Watch’s Jake Hurfurt called it “a frightening escalation” — pointing out, correctly, that a biometric identity check cannot become the price of exercising the right to assembly. And yet: the Home Office has pledged £115 million over three years to expand this nationally, building a Police.AI center that will seed LFR capabilities across England and Wales.
The Met told reporters the system has helped arrest roughly 2,500 wanted individuals since 2024 and boasts only 10 false alerts. I’d be more impressed by that number if I believed for a moment that false alerts were being counted by the same agency that benefits from undercounting them. Regulatory capture isn’t a conspiracy theory. It’s an incentive structure.
The capability to scan a protest crowd is not authorization to scan a protest crowd. Particularly not when the crowd is, by definition, exercising a constitutional right — and when the agency doing the scanning is the same one that decides whether the scan was justified.
The Boundaries Principle, applied: The question was never whether the cameras could be pointed at 80,000 people. The question was whether anyone with genuine accountability to those 80,000 people decided they should be. The answer to that question is no.
Read more / fact-check: LADbible — LFR at London Protests, May 16 | Freevacy — Met Police LFR Deployment Details
Meta Built a Hidden Facial Recognition System, Shipped It to 50 Million Phones, and Then Called the Reporting “Dishonest.”
In May 2026, a coalition of more than 75 organizations — the ACLU, domestic violence advocates, immigrant rights groups, reproductive rights organizations — sent an open letter to Mark Zuckerberg demanding he kill facial recognition in Meta’s Ray-Ban and Oakley smart glasses. They called it “a red line society must not cross.” The coalition branded its campaign Eyewear, Not Spyware,which is the kind of slogan that only gets written when the underlying facts are genuinely alarming.
Then WIRED found something worse. Meta had already been shipping dormant facial recognition code — internally called “NameTag” — inside the Meta AI companion app. The app, which is required to manage Ray-Ban and Oakley glasses, had been downloaded more than 50 million times. The system used three AI models running on-device to detect, crop, and generate biometric faceprints. A researcher loaded a faceprint and received a “Person recognized” alert. Cooper Quintin of EFF’s Threat Lab told WIRED the system was “nearly ready to go.”
Meta’s response: the reporting was “misleading” and “dishonest.” Also Meta’s response: they removed the code from the app within 24 hours. I’ll let you sit with that particular combination of adjectives.
This is the same company that paid $1.4 billion in 2025 to settle a Texas biometric lawsuit. The same company that’s accumulated more than $7 billion in privacy fines and settlements across multiple jurisdictions. There’s a type of leader who frames every accountability moment as a communications problem rather than an ethics one — who believes that if the story doesn’t break, the policy doesn’t exist. The story broke. The code was there. The policy existed.
Shipping dormant surveillance architecture into 50 million devices “just in case” isn’t a neutral engineering decision. It’s an infrastructure choice. And infrastructure, as I’ve written before, has politics embedded in its design — whether or not the designer chooses to acknowledge it.
The Boundaries Principle, applied: You don’t get to build the capability, deploy it quietly, and then claim you weren’t using it. Presence is a choice. Shipping is a decision. And “we hadn’t turned it on yet” is not a defense. It’s a timeline.
Read more / fact-check: ACLU — “Eyewear, Not Spyware” Campaign | WIRED — Meta NameTag Investigation, June 4, 2026 | EPIC — Meta Smart Glasses Facial Recognition Opposition
ICE Used Its AI Face-Scanning App 200,000 Times. Now It Wants to Expand to 1,000 More Police Departments.
On May 7, 2026, 404 Media reported that ICE is planning to distribute its AI face-scanning capability — the Task Force Module App — to more than a thousand local law-enforcement agencies through its 287(g) program, which had already expanded from roughly 150 agencies under the previous administration to over 1,000. The app, built on NEC’s NeoFace technology, lets an officer point a phone at a person’s face and pull biographical data from a database of more than 250 million DHS and State Department records. ICE retains photos for up to 15 years. There’s no opt-out mechanism.
ICE’s own assistant director confirmed the app had been used more than 200,000 times — and that the agency is now developing its own smart glasses to supplement it. One documented case, listed in court records as “MJMA,” shows the app returning two different, incorrect identities in a single interaction. ICE treated the match as a definitive immigration status determination anyway.
Congressional critics — Sen. Ed Markey, Rep. Pramila Jayapal, Rep. Bennie Thompson — have called this out explicitly as mission creep. The Facial Recognition and Biometric Technology Moratorium Act and the ICE Out of Our Faces Act have both been reintroduced in 2026. They haven’t passed. The app is still running.
Facial recognition systems have documented higher error rates for people of color — a fact that hasn’t slowed a single procurement decision. The pipeline from border enforcement tool to domestic policing infrastructure isn’t a slippery slope. It’s a procurement strategy.
The Boundaries Principle, applied: “Border enforcement” isn’t a license to run facial recognition on everyone within a thousand miles of a border. Which, given the way these tools are being distributed, increasingly means everyone.
Read more / fact-check: 404 Media — ICE Task Force App & Mobile Fortify Expansion | Ainvest — Palantir $30M ICE Contract & ImmigrationOS
The EU Blinked. High-Risk AI Compliance — Including Biometrics — Delayed to December 2027.
On May 7, 2026, the European Parliament and Council reached a provisional agreement on the “Digital Omnibus” simplification package, pushing back compliance deadlines for high-risk AI systems — biometrics, facial recognition, law enforcement AI, border control — from August 2026 to December 2, 2027. The Parliament approved it 569 to 45.
The stated reason: technical standards aren’t ready. National competent authorities aren’t ready. Businesses need more time.
Allow me to translate. The companies deploying biometric surveillance on your face didn’t want to comply with the rules designed to govern it, and the regulators determined that inconvenience was sufficient grounds to extend the runway by 16 months — while the surveillance continues running. The gap between what’s being deployed and what’s being governed didn’t close. It widened. On purpose. With a parliamentary supermajority behind it.
To be fair: the EU did add a new prohibition on AI-generated non-consensual sexual deepfakes and CSAM, effective December 2026, with fines up to €35 million or 7% of global turnover. And the existing bans on the most extreme uses of real-time remote biometric identification in public spaces technically remain in force. Technically.
What we saw in London suggests those bans are doing considerably less structural work than their authors intended.
The Boundaries Principle, applied: Regulation that arrives after the infrastructure is already built isn’t regulation. It’s documentation. And powerful actors have been pricing in documentation since the first compliance team was hired to explain why the rule doesn’t quite apply here.
Read more / fact-check: ID Tech Wire — EU Delays High-Risk AI Act to December 2027 | Latham & Watkins — AI Act Update: EU Extends Deadlines | European Commission — Navigating the AI Act FAQ | SmartAI For Biz — EU AI Act High-Risk Rules Delayed
China Upgraded the World’s Largest Surveillance Network with On-Device AI and Large Language Models.
On May 27, 2026, the Financial Times published an investigation showing Chinese local governments retrofitting their existing camera network — already the largest in the world — with on-device AI and large language models running directly on the cameras. Not just facial recognition. Not just watchlist matching. Behavioral prediction. Natural language video search. Text prompts like “a woman in a red hat.” Systems that flag erratic driving, crowd formation, lingering near bridges, behavior that might indicate something worth investigating — before anything has happened.
The shift here is from reactive monitoring (catching you after the fact) to predictive surveillance (flagging you before you’ve done anything). Maya Wang of Human Rights Watch described it as giving authorities “unprecedented capacity to monitor behavior at scale.” This followed a 2024 directive from Public Security Minister Wang Xiaohong pushing explicit predictive policing capabilities after a string of violent attacks — which is how almost every surveillance expansion gets justified, if you look at the historical record.
And then there’s the export dimension. China is the world’s leading exporter of facial recognition AI, embedding “safe city” systems across Asia, Africa, and the Middle East in regions that often lack the governance infrastructure to contest what’s being installed. The architecture of Chinese surveillance is becoming the global default for what a modern camera network looks like — not because anyone voted for it, but because it’s affordable, it’s available, and it comes with state financing. Infrastructure diffuses faster than regulation. That’s not an accident. That’s the business model.
The Boundaries Principle, applied: A surveillance architecture that can’t be audited, contested, or refused isn’t a security system. It’s a control system. And control systems, as a rule, don’t stay within the borders of the country that built them.
Read more / fact-check: Financial Times — China Upgrades Surveillance with On-Device AI and LLMs, May 27 | Resultsense — China AI Surveillance Overhaul | Brookings — Exporting the Surveillance State via Trade in AI | Lowy Institute — AI Surveillance & the Governance Vacuum in Asia-Pacific
The Thread That Holds All Five Together.
You might look at these stories and see five separate problems in five separate countries. London. Silicon Valley. Texas. Brussels. Beijing.
I see one problem with five addresses — and a common protagonist in each of them: the institution that decided its own convenience, security concern, or competitive advantage was a sufficient reason to override the dignity of the person being scanned.
The problem isn’t that the technology exists. The problem is that we’ve built an ecosystem in which having the capability is treated as de facto justification for its use — in which the burden of proof has been quietly, systematically transferred from the institution deploying the tool to the individual subject to it. You’re now responsible for proving you shouldn’t be in the database. That’s not how rights work. That’s not how dignity works. And it’s not how any of this was supposed to go.
Over the next four weeks, we’re going to pull each of these stories apart and look at what the Boundaries Principle actually requires — in law, in practice, and in the kind of institutional culture that doesn’t get built by policy memo. Week 5, we do it live.
The person at the end of the system is the only legitimate measure of whether any of this is working. Not the accuracy rate. Not the arrest total. Not the quarterly earnings call.
The person. That’s it. That’s the whole framework.
— Chara
Founder, The Praesidium Institute
Author, The 10 Laws of AI: A Battle Plan for Human Dignity in the Digital Age + Lost: Life & Ethics in the Age of AI
Publisher, Ethics & Ink — AI
P.S. If you haven’t read the DAMP paper yet — arXiv:2604.15166, out of Johns Hopkins — you’re missing the technical foundation for everything I write about AI accountability. It’s the most consequential paper published in this space in 2026, and most people haven’t heard of it because the people who’d find it inconvenient haven’t made it trend. Go find it. Read it carefully.
P.P.S. The nightly email for June is already three layers deeper on every one of these stories. The ICE thread alone has developments that haven’t surfaced publicly yet. If you want those, upgrade here. The analysis doesn’t wait for the news cycle to catch up.
P.P.P.S. The Week 5 live event is happening. After thismonth’s news — after five stories that are practically a real-time syllabus for Chapter 8 — there’s nowhere I’d rather be than in a room full of people who are still paying attention and still willing to ask what we’re supposed to do about it. Details forthcoming. Don’t miss it.