— Essay · Published May 2026 · 14 min read

The Camera and the Database

The American surveillance state, built across the post-9/11 period, has been quietly expanded across both parties' administrations and now operates in a hybrid public-private form that combines the federal intelligence apparatus with the contemporary commercial data-broker industry. The legal framework that the Fourth Amendment is supposed to provide has not adapted to digital communications, to AI-driven inference, or to the data-broker loophole through which government agencies routinely acquire commercial data that direct collection would require a warrant for. The structural reform — restoration of the Fourth Amendment to operational adequacy in the digital era — has not been advanced at meaningful scale by either major party. The combined surveillance-and-data infrastructure is the structural condition the AI cascade described in *The Great AI Implosion* will, on the trajectory described, operate against.

By The Intelligent Party

The State That Was Built

On October 26, 2001, six weeks after the September 11 attacks, President George W. Bush signed the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, known thereafter by its acronym as the USA PATRIOT Act.¹ The Act, drafted across approximately six weeks in the immediate post-9/11 period and passed with substantial bipartisan support in both chambers, established the legal framework for the contemporary American surveillance apparatus. The Act’s principal substantive provisions included expansion of the Foreign Intelligence Surveillance Act (FISA) authorities, modifications to the criminal-procedure rules governing law-enforcement access to electronic communications, the so-called “Section 215” authorization that permitted bulk collection of business records (including, as subsequent disclosures revealed, the bulk collection of American telephone metadata), and the broader framework that integrated intelligence, law-enforcement, and information-sharing across federal agencies in a manner that the prior framework had separated.

The PATRIOT Act was passed in the immediate post-9/11 emergency context and was, in operational terms, a substantial expansion of federal surveillance authority that the prior framework — principally the 1978 FISA, the Electronic Communications Privacy Act of 1986, and the broader post-Watergate Church Committee reforms — had structurally constrained.² The expansion was framed as a temporary emergency response to a specific terrorist threat; the operational reality was that the expansion has been repeatedly reauthorized and extended across the subsequent twenty-three years, with the Section 215 bulk-collection authority continuing in operation until the partial reform of the USA FREEDOM Act of 2015 that the Snowden disclosures had made politically necessary.³

The Snowden disclosures of June 2013 are the empirical record on which the contemporary American surveillance debate has principally been conducted. Edward Snowden, a former NSA contractor, provided to journalists Glenn Greenwald, Barton Gellman, and Laura Poitras a substantial archive of NSA documents that revealed the operational scope of the post-9/11 surveillance apparatus.⁴ The disclosures included: the existence of bulk metadata collection of essentially all American telephone calls under the Section 215 authority; the PRISM program through which the NSA had direct-access arrangements with major American technology companies (Google, Microsoft, Yahoo, Facebook, Apple, others) for collection of internet communications; the upstream collection of internet traffic at the backbone level through cooperation with the major telecommunications carriers; the broader scope of the apparatus that exceeded substantially the operational scope the prior public framing had described. The disclosures produced, across the subsequent two years, the most substantial American debate on surveillance policy since the post-Watergate Church Committee period.

The legislative response to the Snowden disclosures was the USA FREEDOM Act of 2015, which modified the Section 215 authority to require that bulk telephone metadata be held by the telephone companies rather than by the NSA, and to establish new procedural requirements for FISA Court approval of specific queries against the data.⁵ The Act was a substantial reform of the Section 215 mechanism specifically; it did not address the broader surveillance apparatus that the Snowden disclosures had revealed. The FISA Section 702 program, which authorizes warrantless surveillance of non-U.S.-persons abroad and that incidentally collects substantial American communications, was reauthorized in 2018 and again in 2024 with modest procedural reforms but without substantial structural modification.⁶ The contemporary American surveillance framework, in operational terms, remains substantially the post-9/11 framework with the modest USA FREEDOM Act modifications layered on top.

The framework’s structural feature that the contemporary debate has been slowest to integrate is that the federal surveillance apparatus operates against a contemporary commercial data infrastructure that has, across the post-2000 period, accumulated detailed personal data on essentially every American to a degree that the post-9/11 federal apparatus could not have approached on its own. The combined federal-and-commercial data infrastructure is the operational form of the contemporary American surveillance state.

The Database the Government Buys

The American commercial data-broker industry consists of approximately four thousand firms operating principally without federal regulation, accumulating and reselling detailed personal data on approximately every American individual.⁷ The category of data the industry collects and resells includes: cellphone location histories (derived from app data, from cell-tower records, and from broader mobile-device tracking); browsing and search behavior; purchase records; vehicle travel records (derived from license-plate readers and from vehicle telematics); employment histories; relationship and household composition; political views (derived from voter registration combined with consumer behavior); health inferences (derived from purchase patterns, from health-app data, and from broader behavioral data); biometric data including facial geometry; and the broader category of inferred attributes that algorithmic processing of the underlying data produces. The data is collected principally through the consent-or-acceptance frameworks that the contemporary American digital-services industry operates under — the “click to accept” terms of service that essentially every American digital service requires and that essentially no American user reads or meaningfully evaluates.

The combination of the federal surveillance apparatus and the commercial data industry produces the structural feature that the contemporary American privacy framework has been least adequate to address: the data-broker loophole, through which federal and state law-enforcement agencies routinely acquire commercial data that direct collection would require Fourth Amendment warrant authorization for.⁸ The mechanism is straightforward. The federal government cannot, without a warrant, conduct comprehensive surveillance of an American citizen’s location, communications, purchases, and broader behavioral data. The commercial data brokers can, with the citizen’s notional consent, accumulate exactly that data. The federal government can, without a warrant, purchase the accumulated data from the commercial brokers. The Fourth Amendment requirement that the direct collection would impose is, in this configuration, structurally circumvented; the same data is acquired by the federal government through the commercial channel that the warrant requirement would have prevented from the direct channel.

The data-broker loophole has been used extensively across the post-2010 period by federal and state agencies. The Department of Homeland Security, Customs and Border Protection, Immigration and Customs Enforcement, the Internal Revenue Service, and various state and local law-enforcement agencies have, on extensive investigative reporting, purchased commercial data including cellphone location histories, license-plate-reader records, social-media data, and broader categories that the warrant requirement would have applied to in the direct-collection context.⁹ The empirical record of the data-broker loophole’s use is substantial; the legal framework that would constrain the use has not been advanced through the legislative process at the federal level.

The Supreme Court’s decision in Carpenter v. United States (2018) is the principal contemporary jurisprudential development on the underlying question.¹⁰ Carpenter, in a 5-4 decision authored by Chief Justice Roberts, held that the federal government’s acquisition of cellphone location records from a wireless carrier required a Fourth Amendment warrant, on the framework that the location records’ comprehensive scope and the implicit nature of the user’s association with the carrier made the records’ acquisition a Fourth Amendment search. The decision substantially modified the prior third-party doctrine (which had held that information voluntarily disclosed to a third party was not protected by the Fourth Amendment) for the specific category of cellphone location records. The decision did not, however, extend the modification to the broader data-broker context; Carpenter’s application has been substantially limited to the cellphone-location-records subcategory, with the broader data-broker question continuing to be litigated in the lower courts.¹¹

The combined effect of the Carpenter limitation and the data-broker loophole’s continued operation is the contemporary American surveillance framework. The Fourth Amendment, as currently interpreted, applies to the categories of data the federal government would directly collect; it does not consistently apply to the categories of data the federal government acquires through commercial intermediaries. The structural feature is the operational mechanism that the contemporary American surveillance state operates within. The reform that would close the loophole — explicit legislative requirement that government acquisition of commercial personal data require Fourth Amendment warrant authorization — has not been advanced to enactment at the federal level.

The Inference Layer

The third structural feature of the contemporary American surveillance framework is the AI-inference layer that operates against the accumulated commercial data infrastructure to produce categorizations and predictions about individuals that the underlying data does not directly contain.¹² The mechanism is the use of machine-learning models trained on substantial volumes of commercial data to infer characteristics, behaviors, risks, and propensities of specific individuals from the available data inputs.

The AI-inference layer operates in multiple operational categories. Credit-scoring inference uses the accumulated commercial data to produce credit-worthiness assessments that exceed the data the formal credit-reporting industry has historically operated on. Employment-screening inference uses the accumulated data to produce hiring-related risk assessments that the employer can use without the candidate’s knowledge of the inputs. Insurance-underwriting inference uses the data to produce risk assessments that affect insurance pricing across multiple categories. Predictive-policing inference uses the data to identify locations, times, and individuals associated with elevated criminal-activity probability. Immigration and visa inference uses the data to produce admissibility assessments. The operational mechanism in each category is similar: the AI-inference layer produces a categorization or prediction about a specific individual that affects the individual’s access to credit, employment, insurance, freedom from law-enforcement contact, immigration status, or other consequential outcomes; the individual has, in the typical case, no knowledge of the categorization, no access to the inputs that produced it, no mechanism to contest it, and no recourse against the consequential outcomes the categorization affects.

The structural feature of the AI-inference layer is the asymmetry between the data-holding institution and the affected individual. The institution holds the data, runs the inference, applies the categorization, and acts on the consequence. The individual experiences the consequence without access to the inputs, the model, or the categorization. The asymmetry is not principally a function of any specific institution’s policy; it is the structural feature of the AI-inference framework as currently operating across the broader commercial and federal infrastructure. The reform that would address the asymmetry — explicit legal requirement that affected individuals have access to the inputs, the model logic, and the categorization that affects them, with mechanism to contest and to correct — has not been advanced through the federal legislative process.

The post-2022 development of large-language-model-based AI systems has substantially expanded the inference layer’s operational scope. The contemporary AI systems can produce inferences from substantially less structured input data than the prior generation of inference systems required; the contemporary systems can integrate text, image, audio, and behavioral data into composite inferences with substantially less explicit data-engineering required. The post-2022 inference capability is the structural feature that the contemporary AI cascade described in The Great AI Implosion operates against and that the contemporary surveillance framework will, on the trajectory the post-2022 development extends, increasingly include.¹³

The Two Parties’ Two Failures

The Democratic-coalition position on privacy and surveillance across the post-2001 period has been, in operational terms, the substantial preservation of the post-9/11 surveillance apparatus that the Democratic-coalition’s principal legislative voices supported in the 2001 PATRIOT Act vote and that subsequent Democratic administrations have substantively continued to operate. The Obama administration’s continuation and partial expansion of the post-9/11 surveillance framework, the post-Snowden USA FREEDOM Act’s modest reforms, the subsequent reauthorizations of FISA Section 702 with Democratic-coalition support, and the broader pattern of Democratic-coalition acceptance of the surveillance framework’s continued operation are the operational record.¹⁴ The Democratic-coalition’s specific failures on the structural reforms — comprehensive federal privacy legislation, closure of the data-broker loophole, AI-inference accountability requirements — have followed the pattern the broader series has described: legislative reform attempts have been advanced, have not been enacted, and the reasons for the non-enactment have included substantial Democratic-coalition stakeholder opposition to the structural reforms that the major technology companies, the broader data-services industry, and the federal national-security agencies have opposed.

The Republican-coalition position has been structurally different on some axes and structurally similar on others. The Republican-coalition’s traditional national-security framework has substantially aligned with the federal surveillance apparatus and has opposed reform on national-security grounds. The Republican-coalition’s contemporary post-2016 framework has been more internally inconsistent: a populist component that has expressed skepticism about specific surveillance applications (particularly applications targeting Republican-coalition political figures and constituencies) has emerged alongside the traditional national-security framework; the contemporary Republican coalition has, on FISA Section 702 reauthorization debates, included substantial members on both sides of the question.¹⁵ The Republican-coalition’s general opposition to federal regulation, including federal privacy legislation that would constrain commercial data practices, has been substantially consistent across the period.

The convergent failure of the two parties has been the absence of comprehensive federal privacy legislation. The American Privacy Rights Act and its predecessors, advanced across multiple Congresses, would have established federal privacy standards comparable to (and in some respects more comprehensive than) the European Union’s General Data Protection Regulation; the legislation has not advanced to enactment.¹⁶ The structural reasons for the non-enactment include the substantial lobbying expenditure of the technology industry against the legislation, the federalism complications that state-level privacy legislation (principally California’s Consumer Privacy Act and California Privacy Rights Act) has produced and that the federal legislation would either preempt or operate alongside, and the structural reluctance of federal national-security agencies to support legislation that would close the data-broker loophole their own operations rely on.

What’s at Stake

The Intelligent Party’s policy framework on privacy and surveillance, articulated in the platform’s privacy position, is the fifteen-component proposal that addresses the structural features the previous sections diagnosed.¹⁷ The components are extensive and are summarized in the platform’s specifics list; the principal structural commitments are: universal right of access, correction, and deletion of personal data held by any entity; mandatory two-year data retention default; prohibition on the sale of location, health, biometric, and children’s data; explicit closure of the data-broker loophole through warrant requirement for government acquisition of commercial data; private right of action for privacy violations; opt-in default for tracking and data collection; protection of biometric data at the level of genetic data; federal oversight of public-space facial recognition and comparable surveillance; opposition to mandated encryption backdoors; and the broader framework of universal-access-and-correction that the GDPR has established at the European scale.

The framework’s structural distinctiveness, against both major-party positions, is the integration of the privacy framework with the campaign-finance reform and the broader fourth-settlement framework. The platform’s privacy position is, in operational terms, the structural counterpart to the campaign-finance reform of The Donor Class; the donor class’s structural influence operates partly through the same data infrastructure that the privacy framework would constrain, and the structural reform of the data infrastructure is the operational complement to the structural reform of the campaign-finance system.

The political coalition required to enact the fifteen components does not currently exist. The conditions under which it might assemble are the conditions the broader fourth-settlement framework requires.

The comparative record is, in this case as in the others, instructive. The European Union’s General Data Protection Regulation, in operation since 2018, has demonstrated that comprehensive privacy regulation is compatible with a functioning digital economy; the European technology industry has continued to operate, has continued to innovate, and has not collapsed in the manner that the regulation’s American opponents had predicted.¹⁸ The structural alternative is operating; the American refusal to adopt comparable framework has been bipartisan in operational effect.

The realism the previous essays have called for, applied to privacy and surveillance, is the realism that the structural reform is achievable on the specific architecture the platform has proposed; that the architecture has been designed to address the political feasibility constraints that have prevented the broader reform attempts; that the principal obstacles to its enactment are the lobbying coalition described in The Donor Class, the federal national-security agency opposition that the post-9/11 surveillance framework has institutionalized, and the broader structural inertia of the existing data infrastructure. The conditions under which the obstacles break are the conditions under which the broader fourth-settlement framework simultaneously becomes available.

The camera and the database are the operational components of the contemporary American surveillance framework. The structural reform — the restoration of the Fourth Amendment to operational adequacy in the digital era, paired with the comprehensive privacy framework that the comparator democracies operate under — is the assembly the broader fourth-settlement framework requires. The realism is the realism the European Union has demonstrated: comprehensive privacy regulation is achievable on the empirical record, against the lobbying coalition that has, across two decades, prevented the regulation from being enacted at the American federal scale.

The structural reform is the reform the polling supports, that the comparative record has validated, and that the constitutional framework as currently interpreted does not prevent. The non-enactment has not been a failure of policy design or of constitutional space. It has been the operational outcome of the lobbying coalition and the federal national-security apparatus that the broader fourth-settlement framework would, in its campaign-finance and accountability components, structurally constrain.

Notes

1Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. 107-56, 115 Stat. 272. ↩
2Foreign Intelligence Surveillance Act of 1978, Pub. L. 95-511, 92 Stat. 1783; Electronic Communications Privacy Act of 1986, Pub. L. 99-508, 100 Stat. 1848. For the post-Watergate Church Committee reforms: Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities, Final Report, 1976. ↩
3For Section 215 reauthorization history: USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. L. 109-177; multiple subsequent reauthorizations. ↩
4For the Snowden disclosures: Glenn Greenwald, No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State, Metropolitan Books, 2014; Barton Gellman, Dark Mirror: Edward Snowden and the American Surveillance State, Penguin Press, 2020. ↩
5USA FREEDOM Act of 2015, Pub. L. 114-23, 129 Stat. 268. ↩
6For FISA Section 702 reauthorization: FISA Amendments Reauthorization Act of 2017, Pub. L. 115-118; Reforming Intelligence and Securing America Act of 2024, Pub. L. 118-49. ↩
7For the data-broker industry: Federal Trade Commission, Data Brokers: A Call for Transparency and Accountability, May 2014; Privacy Rights Clearinghouse data-broker tracking, privacyrights.org. ↩
8For the data-broker loophole: Center for Democracy & Technology, Government Acquisition of Personal Data from Commercial Sources, multiple analyses, cdt.org. ↩
9For specific federal-agency use of commercial data: Office of the Director of National Intelligence, Senior Advisory Group Panel on Commercially Available Information, 2022. ↩
10Carpenter v. United States, 585 U.S. 296 (2018). ↩
11For the post-Carpenter lower-court jurisprudence on data-broker acquisition: ongoing litigation, including the various Border Search exception cases and the data-broker-specific challenges. ↩
12For the AI-inference layer in commercial data use: Cathy O’Neil, Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy, Crown, 2016; Frank Pasquale, The Black Box Society: The Secret Algorithms That Control Money and Information, Harvard University Press, 2015. ↩
13See “The Great AI Implosion,” The Intelligent Party, April 2026. ↩
14For the Obama-administration surveillance framework: Charlie Savage, Power Wars: Inside Obama’s Post-9/11 Presidency, Little, Brown, 2015. ↩
15For the contemporary Republican-coalition split on FISA: post-2018 Republican-coalition congressional voting records on FISA reauthorization. ↩
16For comprehensive federal privacy legislation: American Data Privacy and Protection Act, H.R. 8152 (117th Congress); American Privacy Rights Act of 2024 (118th Congress). ↩
17The Intelligent Party, Positions: Privacy & Surveillance, intelligent-party.org/positions/#privacy. ↩
18For GDPR’s economic effects: European Data Protection Board reports; comparative analysis in Anu Bradford, The Brussels Effect: How the European Union Rules the World, Oxford University Press, 2020. ↩