If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. Brazil’s social security agency wants your fingerprints and a photo of your face before it will pay your pension. A new ordinance from the INSS, published in the official federal gazette on June 22, makes biometric registration mandatory across nearly all the social benefits the agency hands out, reaching retirement pensions, disability payments, and assistance benefits that carried no such requirement before. The collection covers prints from both hands and a facial image, all of it stored in a federal database. Until now, biometrics has been applied to a narrow set of programs, mostly the BPC assistance benefit since September 2024 and certain payroll loans. Enforcement runs through Brazil’s biometric national ID, the Carteira de Identidade Nacional, or CIN. Anyone without a biometric record on file will need a CIN from January 2027 to keep receiving benefits and from January 1, 2028, the CIN becomes the sole accepted standard for granting, maintaining, and renewing covered benefits. This all presented as fraud prevention, a way to confirm that money reaches the named recipient. However, that justification lands a little strangely, given what the INSS confirmed one month earlier. On May 21, the agency acknowledged a security failure that exposed the data of roughly 2 million insured Brazilians. Dataprev, the state company that manages pension records, traced it to April 22. The cause was a Meu INSS query service that was supposed to require a login and didn’t, leaving the records reachable without authentication. Dataprev later put the exposure at around 2.8 million taxpayer IDs. The INSS worked to make the number sound smaller, saying 97 percent of the accessed records belonged to people who had already died, with roughly 50,000 living citizens affected. Reassuring as the agency meant that to be, 50,000 living people having their data spilled through an open endpoint is its own problem, and the records of the dead feed fraud against their survivors and estates. Among the protections the agency then pointed to going forward was facial biometrics. The institution that just leaked millions of records is now asking citizens to trust it with the most sensitive identifier they own. Brazil’s plan funnels the biometrics of tens of millions of recipients into one national base, the same kind of centralized store that turns a single misconfigured endpoint into a mass leak. The ordinance allows exemptions for people over 80, refugees and stateless residents, Brazilians abroad, those in hard-to-reach areas, and people physically unable to travel. Everyone else who neither registers nor qualifies can have their application closed and treated as abandoned. Brazil could verify identity using documents it already holds. It is choosing instead to demand the face and fingerprints of nearly everyone who depends on a state payment, months after showing it cannot keep its existing data behind a login screen. If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net. The post Brazil Requires Biometrics for Pensions, Even After Data Leak appeared first on Reclaim The Net.