The New Surveillance State
The New Surveillance State
The digital surveillance state got rebuilt after Snowden — legally, commercially, and without a single vote.
In 2021, one of the most powerful Catholic officials in America resigned in disgrace. Not because of an investigator, a warrant, or a wiretap, but because a small newsletter bought a trove of “anonymized” phone-app data, the kind brokers sell to anyone, and combed it until one device’s nightly movements lined up with his home, his office, and the gay dating app Grindr.
No crime. No court order. No law broken. A private life reverse-engineered from data he never knew he was shedding and that anyone with a credit card could buy.
Surveillance used to be a van parked outside your house with a legal wiretap. Now it is a supply chain of satellites and security cameras and AI, the individual components of which are lawful on their own but, when used collectively, are not. The entire system is emboldened by commercial loopholes that circumvent our right to privacy.
Edward Snowden’s 2013 leaks exposed an entire surveillance apparatus by which his then-employer, the NSA, was secretly vacuuming up Americans’ phone records and online data. In the aftermath of his disclosures, almost nothing changed. Congress retired exactly one piece of the NSA’s system: the bulk collection of Americans’ phone records, ended by the 2015 USA FREEDOM Act. The rest of its machinery kept running. Section 702, which “incidentally” sweeps up Americans’ emails and calls in the course of targeting foreigners of interest to U.S. intelligence agencies, has been reauthorized again and again, most recently in 2024. This third-party doctrine lets agencies buy from data brokers what they’d otherwise need a warrant to seize, and the classified court rulings that define all of it as “lawful” remain secret.
The United States has built guardrails before. After J. Edgar Hoover’s FBI was caught surveilling and sabotaging civil-rights leaders and dissenters, it took a Senate committee and most of the 1970’s to produce the Church Committee, the Foreign Intelligence Surveillance Act, and the principle that watching Americans requires a warrant. The Supreme Court reaffirmed it in 2018 in Carpenter vs United States. But Carpenter governs what the state can seize, not what it can buy. The data broker is the loophole and the warrant requirement ignores commercial transactions. We simply outsourced our spying.
The old fear was that the government watched too many people and collected more files than its agents could even analyze. We’re still applying logic from the days of filing cabinets to the AI / data-broker era.
Two things changed at once in the wake of Snowden, and we’ve been arguing about the wrong one. More of us are watched than a decade ago, but the larger shift comes from the ability to combine many kinds of personal data into a single, revealing picture. Surveillance data is bought and assembled to reveal not just our location via our phones, but what our faces, our purchases, and our bodies give away. Feed all of it to a model that never forgets, and you get something the old privacy debate never imagined.
Modern surveillance is a stack of software and data. At the bottom, data brokers like Venntel and Babel Street buy ordinary phone-app location data and resell it to ICE, the IRS, and the FBI without a warrant, just an invoice. One rung up, Clearview AI scraped three billion faces off the internet to build a search engine for recognizing human beings. Above that, Palantir’s “ImmigrationOS” contract for ICE fuses tax, DMV, passport, and license-plate data into one searchable dashboard. And on top sit the frontier AI models — the layer that can read all of it at once and connect dots that may be unrelated. Each piece is legal on its own. Stacked, they add up to something no warrant ever authorized.
This spring, OpenAI agreed to put its models to work for the government’s defense apparatus. The first version of OpenAI’s drafted agreement was loose enough that even Sam Altman called it “opportunistic and sloppy”; after an online user revolt, the company added a promise that its models would not be “intentionally used for domestic surveillance of U.S. persons”—but only “consistent with applicable laws.” The Electronic Frontier Foundation called these “weasel words”: agencies have spent fifty years defining their own surveillance as lawful, so a pledge that bends to “applicable law” bars almost nothing.
And the collectable surface keeps expanding into places no spy ever reached. Flo, the fertility app used by millions, promised privacy and then handed users’ cycle and pregnancy status to Facebook and Google; it drew an FTC order, and a jury later found Meta had collected that data in violation of California law.
Which brings us to the company that said no. In February 2026, Anthropic, the maker of Claude, refused the government’s demand that its models be available for “any lawful use,” holding out against mass domestic surveillance and autonomous weapons. The administration branded it a “supply chain risk,” the first such designation in history, and ordered agencies to stop using it.
Months later, an export-control order forced Anthropic to disable its two most capable models worldwide over a security concern the company says it received only as a verbal notice about a “narrow” jailbreak. Two weeks after going to court, the models were operational again. The government justified the order on national security grounds. The colder question is: What happens to firms that decline to help watch us?
What matters now is not whether the government can watch us, but whether any participating company is allowed to opt out. Clever workarounds and an army of data brokers have placed us under heavier surveillance than existed before Snowden. It happened lawfully, invisibly, and without any off-switch. Now the watchers no longer need a judge’s warrant; they just need vendors selling our privacy as a product.
Reuben Steiger is a writer and entrepreneur based in Princeton, NJ. Over a 25-year career he has helped start companies including Second Life and has led global innovation for companies including Interpublic and Omnicom. His current focus is the scaling and adoption of AI technologies. He collects books about the future.
Ever since Snowden's leaks in 2013 (and thank god for that), I have been operating on the assumption that basically anyone can get access to anyone's most private data. I am not on any social media and I am careful on what I write in emails and say on the phone. But other than that, there is absolutely nothing anyone can do to truly keep one's information private.
How it works
Once you click Generate, Ollama reads this article and crafts 5 comprehension questions. Your answers are graded against the article content — general knowledge won't be enough. Score 70+ to count toward your certificate.
Questions are cached — you'll always get the same 5 for this article.