Corporate Surveillance and Data Extraction
- Chapter 11: Corporate Surveillance and Data Extraction
Chapter 11: Corporate Surveillance and Data Extraction
“Once a technology is admitted, it plays out its hand; it does what it is designed to do.”
Neil Postman, Technopoly (1992)^1^
Introduction
States are not the only surveillance threat. Corporate data extraction has built monitoring infrastructure that rivals and often exceeds state capabilities, and its business model, entanglement with state surveillance, and relationship to market failure all bear on how markets are beginning to respond to privacy demand.
11.1 The Business Model of Data Extraction
Users as Product
Shoshana Zuboff coined the term “surveillance capitalism” to describe a business model where human experience is claimed as free raw material for translation into behavioral data.^2^ This data feeds prediction products traded in behavioral futures markets.
The economic logic is simple: services appear free because users pay with data, not money. The advertiser is the customer; the user is the product. More precisely, predictions about user behavior are the product, while users supply the raw material for manufacturing those predictions.
This inverts the traditional market relationship. In ordinary exchange, businesses compete to serve customers. In data extraction, businesses compete to capture users. Serving customers requires satisfying their preferences; capturing users requires keeping them engaged regardless of whether engagement serves their interests.
Attention Harvesting
Data extraction businesses compete for attention. User engagement generates data; more engagement generates more data; maximizing engagement maximizes the raw material for prediction products.
This creates incentives for manipulation. If engagement serves user interests, no problem arises. But when engagement conflicts with user interests (addictive design, outrage amplification, rabbit holes of increasingly extreme content), the business model rewards manipulation over service.
Praxeology emphasizes revealed preference: action reveals preference through what people choose. But interpretation becomes harder when choice architecture is built to exploit psychological vulnerabilities. The user who spends hours scrolling may be revealing some preference, but not necessarily for scrolling as such; they may also be revealing susceptibility to variable reward schedules.^17^
Behavioral Surplus
Zuboff distinguishes between data necessary for service improvement and “behavioral surplus” extracted for prediction products. A map application needs location data to provide directions; that same location data, accumulated over time and correlated with other data, becomes raw material for predicting future behavior and selling those predictions to advertisers.
The surplus concept highlights that users receive services worth some fraction of the data they provide. The remainder, the surplus, is extracted without compensation. Users cannot easily assess how much surplus is extracted because they cannot observe how their data is used, combined, or sold.
This information asymmetry compounds the problem. In ordinary markets, competition drives prices toward marginal cost. In data extraction markets, users cannot comparison shop based on data extraction because they cannot observe extraction practices. Competition therefore occurs on other dimensions (features, network effects), not privacy protection.^3^
A Cantillon Analogy for Data
Richard Cantillon’s eighteenth-century analysis of monetary flows observed that new money enters the economy at specific points and that the recipients closest to those entry points benefit before prices have adjusted to the expansion.^4^ The Austrian tradition uses the concept narrowly, as a claim about the distributional effects of monetary expansion, and the claim holds up under that restriction.
A careful analogy runs in the data extraction economy without claiming the analogy is a proof. Behavioral records enter the commercial system at identifiable points (the browser, the phone, the smart device, the application session) and the firms closest to those collection points can combine and resell the records before the subject has any opportunity to react. Prices in the attention market adjust continuously as prediction accuracy improves, and the adjustment benefits the firms earliest in the chain. The similarity is structural, not monetary: first-access advantage produces disproportionate gains regardless of whether the substrate is currency or behavior.
Cantillon’s argument about money rests on the specific fact that currency is scarce and that new issuance dilutes the purchasing power of existing holders, which has no direct analog in data flows. The analogy establishes only that the economic form of the pattern (first recipients gain before the rest of the system adjusts) recurs in any market whose raw material flows through identifiable entry points.
Prediction Products
Data extraction businesses sell predictions. Advertisers pay for likely-to-click users; political campaigns pay for likely-to-persuade voters; insurers pay for likely-to-claim customers. The value lies in prediction accuracy; accuracy improves with more data; more data requires more extensive surveillance.
This creates an extraction ratchet. Each improvement in prediction accuracy makes data more valuable, which justifies more intensive extraction and then enables more accurate predictions. The endpoint, approached asymptotically, is ever broader monitoring in support of ever more refined behavioral prediction.
11.2 Corporate-State Entanglement
Legal Requirements
Chapter 10 examined triangular intervention, which is state mandates imposed on private transactions, and data extraction businesses face such mandates in several forms. Data retention requirements force companies to keep data they might otherwise delete; lawful interception requirements force communication providers to build surveillance backdoors. Reporting requirements force platforms to monitor for specified content.
These requirements shape corporate data practices. A company might prefer to minimize data collection for security and liability reasons, but legal requirements may mandate collection. The state uses corporate infrastructure as force multiplier, achieving surveillance scope far harder to assemble through direct government operation alone.
Voluntary Cooperation
Beyond legal requirements, many corporations cooperate voluntarily with government requests. The PRISM program revealed extensive government access to data held by major technology companies.^5^ National Security Letters compel disclosure while prohibiting recipients from acknowledging the request.^18^
Voluntary cooperation creates business opportunities. Government contracts reward companies with surveillance capabilities. Intelligence agencies are well-funded customers for prediction products. The line between serving advertisers and serving intelligence agencies becomes blurred when both want the same behavioral predictions.
The Public-Private Partnership
State and corporate surveillance have become symbiotic. States benefit from corporate data collection that would face legal barriers if conducted directly. Corporations benefit from legal frameworks that entrench their business models while burdening competitors.
Corporations collect data at scale that governments could not legally mandate, and governments then access that data through legal process, national security letters, or informal cooperation. Commercial analytical tools (machine learning, pattern recognition) serve the same surveillance ends as government programs. Corporate networks, devices, and platforms become the infrastructure on which monitoring rides. And large corporations can afford compliance with complex privacy regulations while smaller competitors cannot, so rules intended to protect privacy instead create moats protecting incumbents.
The Distinction Matters Less Than It Appears
The state-corporate distinction is consequential for legal purposes. Constitutional constraints apply to government action, not private action. For privacy analysis, the distinction is thinner.
If your communications are monitored, one core privacy loss can be similar whether the monitor is NSA or Google. If your behavior is predicted and manipulated, the injury does not disappear when the manipulator is a social media algorithm and not a government propaganda agency. The identity of the surveilling party still matters for law and downstream power, but the loss of privacy comes first.
This suggests that privacy protection must address both state and corporate surveillance. Technical measures effective against one may be effective against both. But legal measures effective against government surveillance (constitutional constraints, warrant requirements) do not reach corporate surveillance directly.
11.3 Is This a Market Failure?
The Market Failure Claim
Critics argue that surveillance capitalism is market failure.^6^ Users do not want full surveillance but get it anyway. Companies extract negative externalities, like privacy costs, without bearing them. Markets fail to produce privacy-respecting alternatives.
If true, this would justify intervention to correct the failure. Privacy regulations, data ownership rights, platform breakups might be warranted to restore functioning markets.
The Austrian Response
Austrian economics is skeptical of market-failure claims on several grounds that apply together. The knowledge problem makes central assessment of the “correct” level of privacy impossible: optimal outcomes emerge through market process and cannot be known in advance, and what looks like failure may be markets discovering solutions to problems regulators have not yet identified. The current market structure also reflects decades of intervention that distort the baseline against which failure is being diagnosed; the relevant question is whether observed outcomes result from markets or from the interventions shaping them. And static analysis may identify apparent inefficiencies that dynamic analysis reveals as temporary, meaning markets may be in the process of correcting the problem while intervention arrests that correction.
The intervention record on surveillance specifically is substantial and easy to document. Copyright and patent law help entrench incumbents by raising the cost of copying protocols and building compatible software. GDPR^19^ and similar regulations impose compliance costs that large firms absorb more easily than smaller rivals, reducing some abusive practices while hardening incumbent advantage at the same time. Major technology companies derive substantial revenue from government contracts, which creates a direct incentive to build surveillance capabilities that states want to buy. Section 230 and similar provisions lower the legal risks of hosting and large-scale curation, which favors platform scale.^7^ Banking regulations requiring know-your-customer and anti-money-laundering compliance push economic activity toward tracked digital channels and away from private cash, producing more of the data streams that surveillance businesses monetize. The “market” in which surveillance capitalism operates is far from a counterfactual free market. Its structure has been shaped at every layer by state policy, and the outcomes the critics attribute to the market partly reflect those policy choices.
Would a Free Market Produce This?
The counterfactual is difficult to assess, but several considerations suggest current outcomes are not inevitable market results. Without IP protection creating artificial scarcity in software, competition would be more intense; platforms could not maintain network effects by threatening compatible alternatives with patent lawsuits. If users could easily switch between compatible platforms, data extraction would face competitive pressure, and users who value privacy could migrate to privacy-respecting alternatives without losing network connections. Without monetary system surveillance pushing transactions toward tracked channels, alternative payment methods would reduce the data streams that make behavioral prediction valuable.
This does not prove that free markets would produce perfect privacy. Network effects, coordination problems, and real consumer preferences for free services would still exist. But it suggests current surveillance intensity reflects intervention as much as market outcome.
Network Effects and Lock-In
Even granting that intervention plays a role, real market dynamics contribute to surveillance concentration. Communication platforms are more valuable with more users, creating winner-take-all dynamics where a few platforms dominate and making exit costly for users. Users have invested in building connections and creating content on these platforms; switching means abandoning those investments. Even if users prefer privacy-respecting alternatives, coordination failure may prevent migration, as each user waits for others to switch and no one wants to be first to an empty platform.
These are real market phenomena, not intervention effects. They suggest that even absent intervention, privacy competition might face obstacles. But they do not justify further intervention; they suggest the problem requires technical and entrepreneurial solutions, not regulatory ones.
The Seen and the Unseen
Frédéric Bastiat’s 1850 essay on the seen and the unseen is the correct frame for the cost accounting that “nothing to hide” discussions typically omit.^8^ The good economist, Bastiat wrote, considers not only the immediate effect of an action but the effects it produces in the longer term and among the groups other than the one directly in view. Henry Hazlitt made the same principle the organizing lesson of Economics in One Lesson (1946), and the principle applies here without modification.
The seen effects of commercial surveillance are easy to list: the free service, the personalized feed, the convenient autofill, the advertisement that reaches the advertiser’s intended audience. The unseen effects are the ones that require the economist’s discipline to notice. An idea not shared because the author discounted the probability that a future employer would read the post. An entrepreneurial attempt not made because the record of its failure would be permanent and attached to the entrepreneur’s legal name. A purchase not made because the transaction would have revealed the purchaser’s interest in a disfavored topic. A consultation not scheduled because the intake form asks questions the patient expects to see used against them later. Each case is a specific voluntary exchange that surveillance taxed out of existence, and the aggregate is the economy the surveillance infrastructure has suppressed.
The unseen effects are larger than the seen, because most of what surveillance suppresses never happens at all. The free service is visible on every screen. What did not happen produces no data, and its cost cannot be measured from the outside. Analysis can still name the cost, and the naming is the discipline Bastiat insisted on.
11.4 The Irreversibility Problem
The analysis so far has treated exposed data as a category. That treatment is incomplete. One class of data has a property the others do not, and the property forces a distinct defensive posture. Biometric and genetic data cannot be rotated. Once exposed, the exposure is permanent.
Why Rotation Is the Usual Remedy
Credential exposure has a standard remedy. A leaked password is replaced with a new one; a compromised key is revoked and superseded by a new key pair; a stolen credit card number is cancelled and reissued; a leaked session token expires on its own schedule. The remedy works because the token is an artifact that can be replaced without changing the person it represents. Credential rotation is the defensive posture the security literature assumes whenever it describes “compromise” as a condition with a recovery path.
The same logic applies to most behavioral and financial data, though imperfectly. Exposed transaction records cannot be retracted, but the adversary’s knowledge of them ages: the pattern of purchases made two years ago describes a person who may have moved, changed jobs, and changed tastes. The information still has value to a chain-analysis firm or a data broker, but its value decays. Rotation-by-aging is slower than rotation-by-key-replacement, and it depends on the subject living differently over time, but it preserves the principle that exposure is a condition with a recovery path.
Why Biometric and Genetic Data Are Different
Biometric and genetic data are the defining category for which neither rotation mechanism works. A fingerprint is the same fingerprint in 2025 that it was in 2005 and that it will be in 2045. A face is the same face; an iris is the same iris; a voice print drifts only modestly with age. A genome is identical across every cell of a person’s body and stable across every year of a person’s life. The identifier is the person. The person cannot be reissued.
The practical consequence is that a database breach of biometric or genetic data is not a recoverable condition. The breach of a credential database means “rotate all credentials now”; the breach of a biometric database means “the identifier is now permanently known to the adversary, and every future use of that identifier must be assumed to be observable by the adversary.” The exposure extends across the lifetime of the person.
The insurance analogy is telling. Standard cyber-insurance policies price credential breaches using formulas that assume remediation ends when the credentials are rotated. Formulas applied to biometric breaches understate the true cost by orders of magnitude, because the exposure does not end. Several underwriters have recognized the discrepancy and adjusted their pricing; the adjustment is a market-side recognition that biometric and genetic data belong to a different category of asset.
The Cases Illustrate the Principle
Two cases illustrate the principle concretely enough to anchor the analysis. The first is the breach of a major consumer genetic-testing company in late 2023, in which the profiles of millions of customers were exposed through credential-stuffing attacks and then advertised for sale on underground forums segmented by ethnicity. The company subsequently entered bankruptcy and the genetic database became a primary asset in the proceedings, changing hands to a successor organization. The customers who contributed their genomes had no role in that transfer, and no remedy could undo it.^9^
The second is the national biometric identity program of a state with more than a billion enrolled identities, in which fingerprints and iris scans and demographic data have been centrally held for years. The program has survived multiple alleged leaks. Independent of any specific allegation, a system of this kind creates a single point whose compromise would permanently enumerate an entire population’s biometric identifiers, and its defensive posture cannot be rotation-based for the same reason as the first case.^10^
Chapter 12 examines a third pattern in detail: commercial facial-recognition corpora built from web-scraped images, where subjects never consented and regulatory fines have been absorbed as a cost of business. The structural property is the same.
The Defensive Posture
The defensive posture that follows from irreversibility is different from the posture that applies to credentials. Minimize enrollment in any biometric or genetic collection whose purpose does not justify lifetime exposure. Where enrollment is unavoidable (border control, a state identity program, a medical necessity), prefer systems designed with biometric cancelability, where the stored template is a one-way function of the biometric and a secret that can be rotated. Where the service is optional (a phone’s face-based authentication, a consumer genetic-testing service, a biometric gym-membership system), weigh the ordinary convenience of the enrollment against its irreversible exposure. For most consumers under most threat models, the weighing does not justify the enrollment.
Legal reform has a narrow role here. State and national-level biometric privacy laws can create rights of action, deletion rights, and civil penalties; the laws of this class that have passed in several U.S. states since 2021 establish that the legal system can price biometric exposure after the fact. They cannot prevent the exposure in the first place. Prevention remains an engineering and personal-discipline problem, and the discipline must be calibrated to the irreversibility of the asset.^11^
The broader analytical point is that the taxonomy of surveillance must treat irreversible data as a distinct category. The earlier chapters of the book analyzed financial surveillance, corporate surveillance, and the Crypto Wars as separable channels. Biometric and genetic data cut across all three channels and impose a common constraint: whatever else the defender does, the identifier is the person, and any defensive architecture that relies on rotating the identifier fails by construction. This is the category that forces the strictest defensive discipline, and the rest of the book’s operational chapters take the discipline as given.
11.5 Market Responses and Privacy Competition
Privacy as Competitive Differentiator
Despite obstacles, markets have begun responding to privacy demand. Some established companies now differentiate on privacy; new entrants build privacy-first business models; infrastructure changes constrain data extraction regardless of individual company choices.
Apple’s privacy differentiation provides the clearest large-scale demonstration. In April 2021, Apple introduced App Tracking Transparency (ATT), requiring apps to request permission before tracking users across other companies’ apps and websites. The result was dramatic: approximately 80% of iOS users opted out of tracking when given a clear choice.^12^ Meta reported that ATT would reduce its 2022 revenue by approximately $10 billion; industry estimates placed the total cost to Meta closer to $13 billion annually.^13^
This single policy change revealed the fragility of surveillance-dependent business models. When users were given a simple choice, the vast majority chose not to be tracked. A large underlying privacy preference was already there; ATT gave it a simple mechanism for expression. Apple profited from revealing it; companies dependent on surveillance suffered. This is market discovery operating at scale.
Search and browser alternatives show similar dynamics. DuckDuckGo^20^ has grown from a niche search engine to processing billions of queries annually, despite competing against the most sophisticated search infrastructure in history. Users accept less sophisticated results in exchange for privacy; the trade-off reveals a real willingness to pay. Brave browser^21^ has reached tens of millions of users by combining privacy protection with attention-based advertising that compensates users instead of extracting from them.
The Rise of Encrypted Messaging
End-to-end encrypted messaging has achieved mainstream adoption more completely than any other privacy technology.
Signal’s growth trajectory illustrates the market discovery process. In January 2021, following WhatsApp’s announcement that it would share more data with Facebook, Signal’s servers crashed under the load of new users.^14^ The episode showed how quickly users will move when privacy costs become salient and a usable alternative exists. Signal’s nonprofit structure also shows that encrypted messaging need not depend on advertising or data extraction.
WhatsApp itself, despite Meta ownership, uses the Signal protocol^22^ for end-to-end encryption. The decision was defensive: without encryption, WhatsApp would lose users to encrypted alternatives. Even surveillance-dependent companies often need to provide some privacy features to remain competitive. This is market pressure operating through competition, not through regulation.
The encryption adoption pattern reveals something about how markets discover privacy demand. Encryption was once an expert-only technology that required manual key exchange and careful configuration, until Signal made it default and invisible and users benefit without needing to understand the technology. The lesson: privacy tools must be as convenient as surveillance alternatives to achieve broad adoption. Usability, not just security, strongly shapes market success.
Paid vs. Ad-Supported Models
The “free” services model depends on data extraction for revenue. Paid models offer an alternative: users pay with money, not data. When users are customers and not products, business incentives align with user interests instead of against them.
Subscription services have grown across categories. Streaming video offers ad-free tiers; users revealed preference for paying to avoid surveillance-enabling ads. News paywalls remove the advertising incentive to maximize engagement regardless of content quality. Productivity software subscriptions have displaced advertising-supported tools, changing incentive structures across the software industry.
Not all subscription services respect privacy; paid products can still extract data. But the paid model removes the structural incentive that makes data extraction the core business instead of an incidental practice. A company whose revenue comes from subscriptions has no structural reason to maximize data collection; a company whose revenue comes from prediction products has every reason.
The premium tier pattern, appearing across products and services, suggests growing willingness to pay for privacy and reduced surveillance. Users who once accepted “free” services now pay for alternatives that better align with their interests. This revealed preference guides entrepreneurial discovery of further privacy-respecting products.
Privacy Infrastructure
Beyond individual products, infrastructure changes are beginning to constrain data extraction structurally. DNS-over-HTTPS^23^ prevents ISPs from observing and monetizing browsing data. Default encryption in transit, now standard across the web, prevents casual interception. Hardware security modules in consumer devices make certain types of data extraction far harder.
These infrastructure changes differ from product competition in important ways. Product choice requires active user decisions; infrastructure changes protect users who make no choice at all. Default privacy is more powerful than opt-in privacy because it protects the vast majority who never adjust settings.
The shift toward privacy-protective defaults reflects market discovery at the infrastructure level. Companies that control infrastructure (browser makers, operating system vendors, device manufacturers) have discovered that privacy features provide competitive advantage. Google implementing privacy features in Chrome, despite Google’s advertising business, illustrates the competitive pressure: if Chrome does not provide privacy features, users migrate to browsers that do.
Data-Broker Opt-Out as a Patch on the Regime
A subscription market now exists for services that attempt to remove an individual’s records from the hundreds of data-broker directories that aggregate public records, property filings, voter rolls, and purchase histories. Optery, Incogni, DeleteMe, Kanary, and Privacy Bee are the major vendors at the time of writing. The services automate opt-out requests to each broker, return screenshot evidence of removal, and repeat the process on a schedule because brokers repopulate records from primary sources.^15^
The existence of the market is the relevant observation. A subscription that must run for as long as the subject wants privacy from the data-broker industry is what U.S. law currently offers in place of a prohibition on aggregation itself, and the subscription model exists because the law permits the underlying aggregation. The tools work within their limits and are worth having. The Austrian point is that the market for these services is a patch on a regulatory regime, and a legal regime that did not permit the aggregation would not require the patch to exist.
The Limits of Market Response
Market responses are real but face structural obstacles. Network effects favor established platforms; users cannot easily switch when their contacts remain on surveillance platforms. The discovery process is slow; many users remain unaware of alternatives. Privacy products often remain harder to use than surveillance alternatives, limiting adoption to those who specifically prioritize privacy.
Market response also addresses only some dimensions of the surveillance problem. Companies can compete on privacy for functions where privacy-respecting alternatives exist. But market competition cannot directly remove government surveillance requirements, infrastructure-level monitoring, or the accumulation of data by entities that face no market pressure to delete it.
The claim is not that markets solve all problems instantly; the claim is narrower. Markets discover preferences through entrepreneurial experimentation, and competition tends toward serving those preferences over time. Privacy market development is early-stage. The trajectory points toward greater privacy competition, but the process is incomplete.
Market Discovery
Privacy preferences were latent until entrepreneurs created products that revealed them. Apple did not know 80 percent of users would reject tracking until ATT gave them the choice, and Signal did not know millions would adopt encrypted messaging until usability made adoption feasible. The discovery process has no predetermined endpoint, and current privacy tools are early-stage. Each generation is easier to use and more competitive with the surveillance alternatives. Markets have not solved the privacy problem; they are in the process of discovering how to solve it.
Chapter Summary
Corporate data extraction inverts the traditional market relationship. The advertiser is the customer, the user supplies raw material for prediction products, and the business competes to capture users; serving them is incidental to the model. Corporate and state surveillance have become symbiotic: legal requirements force data collection, voluntary cooperation provides government access to data companies could never have been legally required to collect directly, and the public-private partnership achieves surveillance scope neither side could accomplish alone. Current outcomes also reflect substantial state intervention: intellectual property creates platform monopolies, compliance regulations build moats around incumbents, and government contracts incentivize surveillance development. The free-market counterfactual would produce different incentives.
Biometric and genetic data sit in a distinct category. They cannot be rotated, because a fingerprint, iris scan, face, voice print, or genome is the same identifier across every year of a person’s life. A breach is permanent and irrecoverable for the individuals whose records it contained, and legal remedies can price exposure after the fact without undoing it. The defensive posture this forces is prevention-based and must succeed every time, since a single breach is permanent.
Markets are responding to the privacy demand that intervention has not satisfied. Apple’s App Tracking Transparency revealed that roughly 80% of users reject tracking when given a clear choice, encrypted messaging has achieved mainstream adoption, and paid services offer alternatives to ad-supported extraction. The discovery is incomplete. Network effects, coordination problems, and government surveillance mandates create obstacles that market competition alone may not overcome, and further regulation risks entrenching existing surveillance infrastructure through compliance moats that favor incumbents. The analysis neither condemns markets nor exonerates them. It notes that current incentives are shaped by intervention as much as by consumer preference, and that technical and entrepreneurial solutions may succeed where regulatory ones would reinforce the structure they claim to restrain.^16^
Endnotes
^1^ Neil Postman, Technopoly: The Surrender of Culture to Technology (New York: Alfred A. Knopf, 1992), 7. Written a decade before the surveillance-capitalism business model achieved dominance, Postman’s framework anticipated the pattern this chapter analyzes: once a technology is introduced for narrow commercial purposes, its inherent logic restructures the activities around it. The advertising-supported internet did not invent user surveillance; it inherited a logic from what Postman called the technopoly, in which instruments of measurement become the frame through which experience itself is understood. For the popular-culture compression of the same argument, see Andrew Lewis (user “blue_beetle”), comment on MetaFilter, August 26, 2010: “If you are not paying for it, you’re not the customer; you’re the product being sold,” a formulation this chapter’s analysis extends and grounds.
^2^ Shoshana Zuboff, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power (New York: PublicAffairs, 2019), 8-11. Zuboff provides detailed documentation of surveillance capitalism’s development and practices, though her analysis differs from the Austrian perspective applied here.
^3^ On network effects and platform economics, see David S. Evans and Richard Schmalensee, Matchmakers: The New Economics of Multisided Platforms (Boston: Harvard Business Review Press, 2016).
^4^ Richard Cantillon, Essai sur la Nature du Commerce en Général, ed. Henry Higgs (London: Macmillan, 1931; French original 1755), Part II, chapters 6–7. For the Austrian treatment, see Ludwig von Mises, The Theory of Money and Credit, trans. H. E. Batson (New Haven: Yale University Press, 1953 [1912]), Part Two, chapter 8; and Rothbard, Man, Economy, and State (cited at Chapter 3, note 3), chapter 11. The restriction of the Cantillon effect to monetary expansion is deliberate in the Austrian literature, and the analogy to data flows in the main text claims only that the structural pattern recurs, not that the monetary analysis transfers.
^5^ The PRISM program was revealed through documents leaked by Edward Snowden in 2013. See Glenn Greenwald, No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State (cited at Chapter 1, note 7).
^6^ On the Austrian critique of market failure theory, see Israel M. Kirzner, “The Perils of Regulation: A Market-Process Approach,” in Discovery and the Capitalist Process (Chicago: University of Chicago Press, 1985), and Rothbard, Power and Market (cited at Chapter 10, note 2), chapter 3.
^7^ On Section 230 and platform immunity, see Jeff Kosseff, The Twenty-Six Words That Created the Internet (Ithaca, NY: Cornell University Press, 2019).
^8^ Frédéric Bastiat, “Ce qu’on voit et ce qu’on ne voit pas” (1850), translated as “That Which Is Seen, and That Which Is Not Seen,” in Selected Essays on Political Economy, trans. Seymour Cain (Irvington-on-Hudson, NY: Foundation for Economic Education, 1995). Henry Hazlitt, Economics in One Lesson (New York: Harper, 1946), chapter 1, states the principle directly: “The art of economics consists in looking not merely at the immediate but at the longer effects of any act or policy; it consists in tracing the consequences of that policy not merely for one group but for all groups.”
^9^ 23andMe’s October 2023 credential-stuffing breach exposed roughly seven million customer profiles; the company filed Chapter 11 in March 2025, and its genetic database was auctioned as a bankruptcy asset in 2025, confirming that genetic data is a permanent, transferable exposure that routine consumer consent does not price. 23andMe, https://www.23andme.com/. 23andMe breach disclosure (December 2023), SEC filing, https://www.sec.gov/Archives/edgar/data/1804591/000110465923124825/tm2331489d1_8k.htm. Class action settlement reporting in Reuters and Bloomberg, 2024. Chapter 11 bankruptcy filing in In re 23andMe Holding Co., Case No. 25-10625, U.S. Bankruptcy Court, Southern District of Texas (March 2025). Genetic Information Nondiscrimination Act of 2008 (GINA), 42 U.S.C. § 2000ff. On the limits of HIPAA and GINA as applied to consumer genetic databases, see Natalie Ram, “Genetic Privacy After Carpenter,” Virginia Law Review 105 (2019).
^10^ India’s Aadhaar biometric identity program enrolls over 1.3 billion residents with fingerprints, iris scans, and demographic data centrally held by the Unique Identification Authority of India; architectural critiques since 2017 have identified the central database as a single point whose compromise would permanently enumerate an entire population’s biometric identifiers. Aadhaar / UIDAI, https://uidai.gov.in/. On architectural critiques, see Reetika Khera et al., Dissent on Aadhaar: Big Data Meets Big Brother (Orient BlackSwan, 2019). On biometric cancelability, see Nalini Ratha, Jonathan Connell, and Ruud Bolle, “Enhancing Security and Privacy in Biometrics-Based Authentication Systems,” IBM Systems Journal 40, no. 3 (2001): 614–634, and the subsequent literature on biometric template protection at the IEEE International Joint Conference on Biometrics (IJCB) proceedings. Comparable programs include Pakistan’s NADRA, https://www.nadra.gov.pk/, and the EU’s proposed European Digital Identity Wallet under eIDAS 2.0.
^11^ Illinois BIPA (2008) is the model state biometric-privacy statute with a private right of action; several U.S. states (Texas, Washington, New York, others) have passed similar laws since 2021; legal remedies price biometric exposure after the fact but cannot prevent the exposure itself. Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14, https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57. Texas Capture or Use of Biometric Identifier Act (CUBI), Tex. Bus. & Com. Code § 503.001. Washington State biometric privacy law, RCW 19.375. On BIPA litigation, see Rosenbach v. Six Flags Entertainment Corp., 129 N.E.3d 1197 (Ill. 2019), and Cothron v. White Castle System, Inc., 216 N.E.3d 918 (Ill. 2023). Comparative analysis of state biometric-privacy laws in Future of Privacy Forum reports, https://fpf.org/.
^12^ During Q3 2021, approximately 80% of iOS users opted out of tracking on major social media platforms following ATT implementation. See Statista, “App Tracking Transparency: Opt-In Rate of iOS Users 2022,” and Flurry Analytics, “App Tracking Transparency Opt-In Rate: Monthly Updates.”
^13^ Meta CFO Dave Wehner stated the estimated $10 billion revenue impact during the Q4 2021 earnings call, February 2022. See “Facebook Says Apple iOS Privacy Change Will Result in $10 Billion Revenue Hit This Year,” CNBC, February 2, 2022. Lotame estimated the total impact at $12.8 billion.
^14^ For the canonical Signal Foundation reference and protocol specifications, see Chapter 5, note 7. On Signal’s nonprofit structure and reported growth, see Signal Technology Foundation tax filings and Business of Apps, “Signal Revenue & Usage Statistics (2025).” The Signal Foundation operates as a 501(c)(3) nonprofit funded primarily by donations.
^15^ Optery, Incogni, DeleteMe, Kanary, and Privacy Bee are the major vendors in the data-broker opt-out subscription market; the market’s existence shows that U.S. law prices data-broker aggregation through post-hoc opt-out instead of through prohibition. Optery, https://www.optery.com/. Incogni (Surfshark), https://incogni.com/. DeleteMe (Abine), https://joindeleteme.com/. Kanary, https://www.kanary.com/. Privacy Bee, https://privacybee.com/. For the primary regulatory document on the underlying data-broker industry, see Federal Trade Commission, Data Brokers: A Call for Transparency and Accountability (May 2014), already cited in note 16. For the Vermont data-broker registration regime as one state-level response, 9 V.S.A. § 2446.
^17^ Variable reward schedules - intermittent reinforcement patterns that maximize engagement by delivering unpredictable rewards - were first described by B.F. Skinner in The Behavior of Organisms (New York: Appleton-Century-Crofts, 1938). Their application to digital product design is documented in Natasha Dow Schüll, Addiction by Design: Machine Gambling in Las Vegas (Princeton, NJ: Princeton University Press, 2012), which analyzes how slot-machine designers use variable-ratio schedules to maximize time-on-device; the same logic transferred directly to social media feed design. Tristan Harris’s work at the Center for Humane Technology, https://www.humanetech.com/, documents the deliberate application of these techniques to smartphone applications.
^18^ National Security Letters are administrative subpoenas issued by the FBI under 18 U.S.C. § 2709 (electronic communications), 12 U.S.C. § 3414 (financial records), and related statutes, compelling disclosure of customer records while prohibiting recipients from acknowledging the request. The gag-order provision was challenged in Doe v. Ashcroft, 334 F. Supp. 2d 471 (S.D.N.Y. 2004), and subsequently in Doe v. Mukasey, 549 F.3d 861 (2d Cir. 2008), which required judicial review of gag orders. The FBI issued approximately 16,000–17,000 NSL requests per year in the early 2020s. For the scale of use, see Electronic Frontier Foundation, “National Security Letters,” https://www.eff.org/issues/national-security-letters, and the annual FBI reports to Congress on NSL usage required under 18 U.S.C. § 2709(e).
^19^ General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, Official Journal of the European Union, L 119/1 (May 4, 2016), effective May 25, 2018, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679. The GDPR imposes data-minimization, consent, and accountability obligations on firms processing EU residents’ personal data. For the compliance-cost asymmetry argument - that large incumbents absorb compliance costs that exclude smaller rivals - see Cristina Caffarra and Fiona Scott Morton, “The European Commission Digital Markets Act: A Translation,” VoxEU, https://cepr.org/voxeu/ (2021); and Garrett Johnson, Scott Shriver, and Samuel Goldberg, “Privacy and Market Concentration: Intended and Unintended Consequences of the GDPR,” Marketing Science 42, no. 3 (2023): 454–480.
^20^ DuckDuckGo is a privacy-preserving search engine that does not track users or build behavioral profiles. DuckDuckGo, https://duckduckgo.com/. Founded by Gabriel Weinberg in 2008, DuckDuckGo reported passing 100 billion lifetime queries in January 2021 and processing over 3 billion monthly queries by 2023. For traffic data, see DuckDuckGo Traffic Statistics, https://duckduckgo.com/traffic. The engine shows revealed preference for privacy-respecting alternatives even when they offer less thorough results than Google.
^21^ Brave is a privacy-focused browser developed by Brave Software, Inc., founded by Brendan Eich (co-creator of JavaScript and former CEO of Mozilla). Brave, https://brave.com/. Brave blocks trackers and ads by default and offers the Basic Attention Token (BAT) system, which compensates users for opting into privacy-respecting ads. Brave reached 50 million monthly active users by 2022 and 60+ million by 2023. For usage statistics, see Brave’s transparency reports at https://brave.com/transparency/. The BAT model is described in Brendan Eich and Brian Bondy, “Basic Attention Token (BAT): Blockchain Based Digital Advertising” (white paper, 2017), https://basicattentiontoken.org/static-assets/documents/BasicAttentionTokenWhitePaper-4.pdf.
^22^ WhatsApp adopted the Signal Protocol for end-to-end encryption in 2016, completing the rollout to all one billion users in April 2016. The integration was developed in partnership with Open Whisper Systems. See Moxie Marlinspike, “WhatsApp’s Signal Protocol Integration Is Now Complete,” Open Whisper Systems blog, April 5, 2016, https://signal.org/blog/whatsapp-complete/. The Signal Protocol specification is at https://signal.org/docs/. WhatsApp’s adoption represents the largest deployment of end-to-end encryption in history; that a surveillance-dependent parent company (Meta) found encryption competitively necessary illustrates the market pressure this chapter analyzes.
^23^ DNS-over-HTTPS (DoH) encrypts DNS queries between the client and a DNS resolver, preventing ISPs from observing domain-name lookups. The standard is defined in Paul Hoffman and Patrick McManus, “DNS Queries over HTTPS (DoH),” RFC 8484, Internet Engineering Task Force (October 2018), https://www.rfc-editor.org/rfc/rfc8484. Major browser deployments include Firefox (default DoH since 2020, https://blog.mozilla.org/en/products/firefox/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/) and Chrome (secure DNS since 2020). ISP opposition to DoH deployment is documented in UK parliamentary evidence from Virgin Media, BT, and Sky, and in the Internet Society’s analysis at https://www.internetsociety.org/resources/doc/2019/dns-over-https/.
^16^ Further reading on surveillance capitalism, adtech, and data brokers. On the canonical critical treatment, Zuboff, The Age of Surveillance Capitalism, see note 2 above and Chapter 1, note 6; Carissa Véliz, Privacy Is Power (Bantam Press, 2020), is the shorter popular version. On the behavioral-prediction mechanism specifically, Jaron Lanier, Ten Arguments for Deleting Your Social Media Accounts Right Now (Henry Holt, 2018), is accessible; Yasha Levine, Surveillance Valley: The Secret Military History of the Internet (PublicAffairs, 2018), documents the state–commercial continuity. On the 2013 NSA revelations underlying the PRISM citation in note 5, Greenwald, No Place to Hide (cited at Chapter 1, note 7), is the narrative account. On data brokers specifically, the FTC report Data Brokers: A Call for Transparency and Accountability (May 2014), https://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014, remains the foundational regulatory document; Kashmir Hill’s ongoing reporting at The New York Times is the best current journalism on specific data-broker practices. On the Austrian critique of “market failure” applied to platforms, Kirzner, “The Perils of Regulation” (cited in note 6 above), is the theoretical foundation; for empirical work, Luigi Zingales, A Capitalism for the People: Recapturing the Lost Genius of American Prosperity (Basic Books, 2012), and the ongoing Stigler Center working papers at https://stigler.capitalisnt.com, treat rent-extraction in platform markets. On the tracking-mechanics side, Timothy Libert, “Exposing the Hidden Web: An Analysis of Third-Party HTTP Requests on 1 Million Websites,” International Journal of Communication 9 (2015): 3544–3561, is the standard empirical study; Arvind Narayanan and colleagues’ OpenWPM work at Princeton, https://webtransparency.cs.princeton.edu, is the technical-measurement reference. For the hedonic-tradeoff critique of “free services,” Hal Varian, “Beyond Big Data,” Business Economics 49, no. 1 (2014): 27–31, is the industry-defender view worth reading alongside the critics.
<- Previous: Financial Surveillance and the State |
-> Next: The Analytics Stack |The Praxeology of Privacy – third edition. New chapters publish daily at 1600 UTC.
Write a comment