← Back to Blog

The Surveillance System That Doesn't Need to Break the Law

March 14, 2026

There are roughly four thousand data broker companies operating in the United States. They buy, aggregate, and sell personal information — your location history, purchasing patterns, browsing behavior, health data — without a warrant, without a subpoena, without any legal process at all. They just buy it. And if a government agency purchases that data from a broker who purchased it from a company that collected it from you after you clicked "I Agree," no law has been broken at any step in the chain.

This is not a conspiracy theory. It is contract law.

Most people, when they think about surveillance, imagine something illegal — wiretaps, black-budget programs, shadowy agencies operating outside the law. That image is comforting because it implies a clear villain and a clear remedy: catch them, expose them, prosecute them. The system that actually monitors the American population works nothing like that. It operates in daylight, with legal review at every stage, and its architects did not design it to evade the law. They designed it to be the law.

The Third-Party Doctrine: A 1979 Ruling That Built the Modern Surveillance State

The legal foundation for most commercial surveillance rests on a Supreme Court case from 1979 called Smith v. Maryland. The ruling established what lawyers call the third-party doctrine: information voluntarily shared with a third party — a phone company, a bank, an internet provider — carries no reasonable expectation of privacy under the Fourth Amendment.

In 1979, this meant the phone company could share your call records with the government. In 2026, it means that every app on your phone, every connected device in your home, every cashless transaction you make, and every website you visit generates data that is legally available for purchase by anyone with a procurement budget.

The Carpenter v. United States decision in 2018 narrowed the doctrine slightly for cell-site location data. The surveillance industry's response was to route around the ruling — inferring location from Wi-Fi connection logs and IP addresses rather than collecting it directly from cell towers. The legal equivalent of building a road around a checkpoint.

This is not a system that was caught off guard by the courts. It is a system that anticipated the courts and pre-engineered its legal defenses.

Why Exposure Alone Changes Nothing

There is a common fantasy, well-represented in fiction and journalism, that the right exposure at the right moment can bring a surveillance system down. Find the documents, give them to a reporter, watch the dominoes fall. It is a satisfying narrative. It is also, based on the evidence, wrong.

The Snowden disclosures were the most comprehensive exposure of government surveillance in history. The result was some modest reforms, considerable public debate, and a surveillance apparatus that is measurably larger today than it was before Snowden went public. Exposure without institutional follow-through is just information. And information, by itself, changes nothing.

The reason is structural. The surveillance system is not a single program that can be shut down or a single agency that can be defunded. It is an ecosystem — thousands of companies, dozens of government agencies, millions of contracts, and billions of daily data transactions. Each component is individually legal. Each company has a compliance department. Each government contract was awarded through standard procurement. The system does not have a kill switch because it was never designed as a single thing. It grew, organically, from the intersection of corporate data collection and government data purchasing, and it is now so deeply woven into the infrastructure of daily life that removing it would require dismantling services that hundreds of millions of people use every day.

This is the uncomfortable part. The surveillance system works because it provides genuine value. Your smart speaker answers your questions. Your fitness tracker monitors your health. Your navigation app gets you to work faster. Your social media platform connects you to friends and family. The data collection that enables surveillance is the same data collection that enables these services. You cannot have one without the other under the current legal framework.

The Question Nobody Wants to Answer

The real problem with modern surveillance is not that it was imposed on an unwilling population. It is that the population chose it — not with full knowledge of the consequences, but not under coercion either. Every terms of service agreement was technically available to read. Every privacy policy was technically public. The choice between privacy and convenience was presented, and convenience won, decisively, every single time.

This creates a political problem that has no clean solution. A comprehensive federal privacy law — something with real teeth, banning the sale of personal data without explicit opt-in consent, requiring warrants for all government data acquisition — could change the legal landscape. The tech lobby spent four hundred million dollars on lobbying last year. Members of Congress who write serious privacy legislation reliably find themselves facing primary challengers backed by tech PACs. The political incentive structure is designed to prevent exactly this kind of reform.

The judicial path is equally uncertain. A Supreme Court case extending Carpenter to cover all commercially collected data is theoretically possible but practically years away, and the system would adapt long before the courts acted.

What remains is public pressure — the sustained, organized kind that creates electoral consequences for legislators who block reform. The kind that requires people to care about privacy more than they care about the services that surveillance makes possible. Given the choice between abstract rights and concrete convenience, the historical record is not encouraging.

This is not a comfortable conclusion. It is, as far as I can tell, an honest one.

From the Catalog

Browse all
Loop Engineering
Loop Engineering
Designing Self-Running AI Agent Systems: From Manual Prompting to Autonomous Loops That Build, Verify, and Iterate While You Sleep
The AI-Native CIO
The AI-Native CIO
How the Executive Role Is Being Rewritten by Artificial Intelligence
Ship It With AI
Ship It With AI
How Non-Technical Founders Are Building Real Products
Belle Starr
Belle Starr
The Bandit Queen