The Analytics Stack
- Chapter 12: The Analytics Stack
- Introduction
- 12.1 The Division of Labor in Surveillance
- 12.2 Machine Vision at Scale
- 12.3 The Model as Analyst
- 12.4 The Data-Broker Channel
- 12.5 Physical-World Infrastructure
- 12.6 The Commercial Spyware Arm
- 12.7 Compressing the OODA Loop
- 12.8 Why Agencies Keep Buying
- 12.9 Why the Stack Exists Now
- Chapter Summary
- Endnotes
Chapter 12: The Analytics Stack
“A government bureau’s interest in data does not end with what it is lawfully authorized to collect.”
Anonymous, origin unknown
Introduction
Commercial firms with no legislative mandate have built surveillance capability at a scale no individual agency could justify on its own, and state agencies purchase the output. Sensors harvest, brokers aggregate, models analyze, and agencies deploy. What the Constitution forbids any single actor to do, the market assembles in stages for the state to buy. Surveillance has migrated from direct observation by the state into an industrial process with priced layers at every step. Chapter 13 shows the state attacking cryptographic tools; this chapter shows the state buying the observational layer that exists before content is encrypted and after it is decrypted.
12.1 The Division of Labor in Surveillance
Adam Smith observed that the division of labor increases productivity by allowing specialization.^13^ Ludwig von Mises extended this to show that specialization depends on market exchange: the division of labor is coextensive with the catallactic order.^14^ The Analytics Stack applies that principle to observation.
A single agency cannot legally build and maintain a facial-recognition database containing every photograph on the open web. No single agency has the mandate or the political cover for that. A private firm can build the same database under the far weaker constraints that govern commercial speech, and then sell access to the agencies that could not have built it directly. The agency pays a subscription. The firm pays for the engineering. Neither bears the full reputational or constitutional cost a direct program would have incurred.
The same logic applies across every layer of the stack. License-plate capture, location tracking, social-graph extraction, behavioral prediction, endpoint compromise, and analytical fusion are each performed by specialist firms pricing their output in a competitive market. The state is one customer among many. That posture allows the firm to claim that it is neither a government contractor in the regulatory sense nor a state actor for constitutional purposes, and it allows the state to pay market price for capabilities it could not legally assemble.^1^
The arrangement is the predictable consequence of two doctrines interacting. The first doctrine is the third-party doctrine, which holds that information voluntarily shared with a third party enjoys reduced Fourth Amendment protection. The second doctrine is the commercial-speech permission for data collection about individuals who are not customers of the collector, which covers web scraping, ad-tech bidstream harvesting, and license-plate photography on public roads. Between them lies a market for the state’s observational appetite, with the first doctrine authorizing acquisition and the second doctrine manufacturing the supply. Better rules will not patch this; the rules produced it.^2^
The Coalition the Stack Assembles
Every state activity divides the population into a class that pays more into the apparatus than it receives and a class that receives more than it pays. Rothbard’s innovation was to include in the second class not only state employees but the contractors, vendors, and recipients of monopoly grants whose revenues depend on the state’s operation continuing.^3^ The firms that compose the analytics stack belong to that class. A data broker selling to the Department of Homeland Security, a facial-recognition vendor selling to Immigration and Customs Enforcement, a spyware firm selling to allied ministries of interior, and a predictive-policing platform selling to municipal departments are each revenue-aligned with the state’s continued purchase.
The stack’s durability under political pressure follows from this alignment. The firms’ incomes depend on the state’s continued purchase, and the state’s continued purchase depends on the existence of the capability the firms produce. Public pressure against any single contract reaches a coalition whose members absorb the pressure together, and the coalition is durable because each member has commercial incentive to keep the others solvent.
12.2 Machine Vision at Scale
Facial recognition is the mechanism by which a visual identifier that was once bounded by human memory becomes an index into a permanent database. The mathematical transformation is ordinary: a neural network maps an image to a vector in a high-dimensional space, and two images of the same face produce vectors that are close under a chosen metric. The transformation was well-understood long before it became a political question. What changed was cost.
Image acquisition fell to near-zero through ubiquitous camera deployment. Model inference fell to fractions of a cent through consumer GPU economics. Storage of feature vectors fell to trivial cost through commodity databases. Once all three costs had collapsed, matching a photograph against a billion-image corpus became cheaper than the paperwork of not doing so, and a capability that had been theoretically available became operationally universal.
Clearview AI is the canonical case because it removed the one remaining constraint on the capability: corpus size. By scraping images from the open web, Clearview built a corpus of roughly twenty billion photographs. That corpus is larger than any government-assembled database and subject to no legislative oversight. Law-enforcement agencies that could not have lawfully assembled such a corpus subscribe to it as a service. European data-protection authorities in several member states have imposed fines and bans, with no operational effect inside the United States. The ACLU settlement in the Illinois Biometric Information Privacy Act case restricts Clearview’s U.S. commercial sales to government entities, which is the clientele the firm was already serving.
The principle does not depend on Clearview specifically. Any firm willing to ignore scraping norms can build a comparable corpus, and the replaceability of the firm is what makes the capability durable. The Department of Homeland Security’s Homeland Advanced Recognition Technology (HART) database is designed to hold biometric and demographic records for hundreds of millions of identities, integrated with the Customs and Border Protection biometric entry-exit system and the Transportation Security Administration’s airport facial-matching kiosks that are now deployed at dozens of major U.S. airports. A single identity check that was never legislated as such now runs across commercial corpora, federal indices, airport infrastructure, and border crossings.^4^
Human recognition had a natural cost ceiling, because memory is finite and a passerby forgets within minutes. Machine recognition has no such ceiling. A capability whose use was rationed by cost is no longer rationed once the cost collapses, and it gets deployed at whatever rate other constraints permit. The law written for the scarce regime does not describe the abundant one.
12.3 The Model as Analyst
The labor-intensive step in historical intelligence work was reading. Documents accumulated faster than analysts could process them, and most collection was dead weight for that reason. Large language models change the accounting. A single analyst with a suitably prepared model can now produce summaries, extractions, translations, and correlations across document volumes that previously required organizational-scale human attention. The bottleneck has moved from reading to defining the query.
Palantir’s Artificial Intelligence Platform, launched in 2023 and bundled with the firm’s existing Gotham and Foundry products, is the visible instance of this shift. By 2025 its revenue exceeded four billion dollars, with contracts across the Department of Defense, the Department of Homeland Security, Immigration and Customs Enforcement, and the Navy. Contract values matter less than what they purchase. What they purchase is a fused data environment with a model-driven query interface, in which an analyst asks a natural-language question and receives an answer drawn from structured records, unstructured documents, satellite imagery, and sensor feeds. A multi-day collaboration among specialists collapses into a single conversational exchange.^5^
The book’s earlier argument was that privacy defense is cheaper than privacy offense, because encryption costs cents while breaking it costs billions. That argument holds for each unit of communication. The analytics stack does not attack individual units; it attacks aggregation. A million intercepted records are worth nothing if no analyst can read them. A million intercepted records fed to a model are worth everything, because the model extracts the patterns at a cost per query that approaches zero. The cost asymmetry that once favored defense has been partly offset at the aggregation layer.
The target of defense has moved. Encrypting content remains essential, but it is no longer sufficient. What must also be protected is the metadata that the model uses to build patterns when content is unavailable: timing, social graph, location, device identifier, and frequency. The model is a metadata analyst first and a content analyst only when metadata fails, which makes the transport-level defenses Chapter 17 develops indispensable.
12.4 The Data-Broker Channel
A data broker is a firm that aggregates records about individuals and resells them. The industry predates the internet but scaled with it, and its economic function was settled before anyone thought to ask whether it should exist. Brokers buy from app publishers, loyalty programs, credit bureaus, public records, and the real-time bidding stream through which advertising auctions run. They sell to advertisers, insurers, employers, private investigators, and, through specialist intermediaries, to government agencies.
The government-sales channel is the feature of interest. The Supreme Court’s 2018 decision in Carpenter v. United States held that the government needs a warrant to compel a carrier to produce historical cell-site location information. The decision was narrowly reasoned. The court emphasized the carrier’s compelled retention and the detailed nature of historical cell-site records. No part of the decision addressed information the government does not compel but purchases from a commercial party that lawfully obtained it. That gap is the data-broker loophole.
Venntel, a subsidiary of the advertising-tech firm Gravy Analytics, sold location data drawn from the real-time bidding stream to federal agencies across the late 2010s. The Treasury Inspector General for Tax Administration confirmed in a 2023 report that Internal Revenue Service Criminal Investigation had used Venntel data without warrants between 2017 and 2018. These were domestic tax-enforcement matters, not national-security exceptions. In 2024 the Venntel capability was absorbed by Babel Street and rebranded as Locate X. Fog Reveal, another product in the same class, was documented by the Electronic Frontier Foundation and the Associated Press as being used by dozens of local, state, and federal agencies at every level of U.S. law enforcement.^6^
A Fourth Amendment written against direct state acquisition, whether by search or by seizure or by compulsion, has no language for the case in which the state does none of these and only buys. The information the state obtains through purchase is as detailed as anything a warrant could have produced, and the legal theory under which the state obtained it is that no one required a warrant to buy what the market already sold. Congress has repeatedly considered bills to close the loophole through a Fourth Amendment Is Not for Sale Act, each of which has failed in committee or died on the calendar, leaving the commercial channel in continuous operation.
Chapter 10 analyzed financial surveillance as triangular intervention in Rothbard’s sense: the state conditions banking licensure on the bank reporting on its depositors, and the terms of the bank-depositor exchange are coercively modified to include state observation. The data-broker channel reaches the same surveillance outcome without triangular intervention. Every transaction in the chain is voluntary. The subject exchanges with an app publisher, the publisher resells to a broker, the broker sells to the state. The state compels none of these exchanges and only purchases their outputs. What does the work is not coercion of an exchange but selective absence of protection around it. The third-party doctrine withdraws the subject’s Fourth Amendment interest once data leaves the subject’s hands, and the commercial-speech framework permits the resale the doctrine has made legally riskless. Same information flow as the compelled case; different mechanism; no warrant required. The state that once needed to compel banks has discovered that a legal regime producing a private surveillance market is the cheaper instrument.
12.5 Physical-World Infrastructure
The stack is not confined to the internet. The same cost curves that made facial recognition economic have made every form of physical-world sensing economic.
Automated license-plate recognition (ALPR) is the paradigmatic case because a license plate is the one identifier every automobile is required by law to carry, and its retention in law is justified as a minimal mechanism for traffic enforcement. Flock Safety, the leading vendor, operates ALPR infrastructure in over five thousand communities across nearly every state, capturing billions of vehicle scans per month. Each scan is an image, a plate read, a location, and a timestamp. Aggregated over months, the scans produce a movement log for any vehicle that traverses the covered jurisdictions. The Norfolk, Virginia Circuit Court ruled in 2024 that warrantless access to this movement log violates the Fourth Amendment, and the ruling will be litigated upward for years; during that time, the infrastructure continues to scan.
The same vendor acquired a police-drone manufacturer in late 2024 and is building a Drone-as-First-Responder product line. The DFR pattern, pioneered by Chula Vista Police in California and now deployed by hundreds of U.S. cities, dispatches a drone to any reported incident before the officer arrives. The drone records continuous video during its flight, and the recording enters the evidentiary system whether the incident produced a crime or not. Skydio and BRINC build U.S. platforms for this market. DJI’s Chinese origin has pushed it out of federal procurement. The capability is agnostic to vendor.
Ring, the Amazon-owned home-camera product, illustrates the partial-retreat variant. From 2018 through 2024 the Neighbors app allowed police to solicit footage directly from Ring owners through a “Request for Assistance” tool. Public opposition to the surveillance implications led Amazon to remove the tool in January 2024. The infrastructure did not disappear. Police now obtain Ring footage through warrants served on Amazon or through owner consent, which is the older process with a higher transaction cost. Public attention can raise the price of a surveillance channel without closing it.
Cell-site simulators, historically branded as Stingrays and now sold under various successor names, complete the physical layer. A cell-site simulator masquerades as a cellular tower. Phones in the area connect to it by default and disclose their International Mobile Subscriber Identity. The simulator can log presence and track movement, and in more intrusive configurations it can intercept metadata directly. Research published in 2023 and 2024 documented that cell-site simulators remain operationally viable against 5G non-standalone networks and against some 5G standalone configurations. Mitigations in the 3GPP standardization track exist but lag deployment by years; in the interim the capability persists.^7^
The physical-world infrastructure inverts one of the oldest implicit privacy assumptions. The common-law expectation that a person was observable in public was built around the cost ceiling of human observation. One officer could follow one subject. A city could not follow everyone. Cameras and readers and drones removed the cost ceiling. The expectation that survived in common law has no economic basis in the new regime. Privacy in public is now an engineering problem.
12.6 The Commercial Spyware Arm
The analytics stack assumes the target’s device is a reliable source of the target’s data. That assumption fails when the device is compromised. Commercial spyware has matured into an industry with vendor tiers, standard product catalogs, published deployment records, and an active accountability case law.
Pegasus, from the NSO Group, is the reference product. It deploys through zero-click exploits against mainstream messaging endpoints including iMessage and WhatsApp, leaving the target unaware that the compromise has occurred. Citizen Lab at the University of Toronto has documented Pegasus infections of journalists, dissidents, lawyers, and politicians across at least thirty countries, including the first confirmed infection of a Russian journalist on European Union soil in 2023. The United States Commerce Department placed NSO on the Entity List in November 2021, which restricted U.S. technology sales to the firm without shutting down its operations. In late 2024 a U.S. federal court ruled NSO liable under the Computer Fraud and Abuse Act for the infection of roughly 1,400 WhatsApp users. That was the first major civil accountability decision in the spyware market.
Intellexa, the consortium behind the Predator spyware product, was sanctioned by the U.S. Treasury in March 2024 after its founders were identified and its corporate shell traced. Paragon Solutions, which markets the Graphite product, was acquired by the U.S. private-equity firm AE Industrial Partners in December 2024, producing a domestic-owned spyware vendor. Candiru and several smaller firms occupy adjacent market segments. Products differ in exploit portfolio and target-platform coverage and price; the capability is fungible, and the industry’s survival of sanctions on individual firms shows that restricting vendors does not restrict the capability. The competitive structure reproduces the Clearview pattern: sanction one vendor, another takes the market.
Forensic-extraction tools occupy the parallel wide-deployment layer. Cellebrite and Magnet Forensics (which acquired Grayshift and its GrayKey product in 2023) sell devices that exploit boot-chain and lockscreen weaknesses to extract data from seized phones. The customer base is law-enforcement agencies worldwide, numbering in the thousands. Unlike Pegasus, these tools require physical possession of the device, but they are priced for routine police use, and they operate at the scale of ordinary criminal investigations. The marginal arrest now generates a full device extract as a matter of course.
GrapheneOS is the public exception. A hardened Android distribution running on Pixel hardware, it auto-reboots into a Before First Unlock state after a configurable idle period, restricts USB peripherals while locked, and supports a duress wipe. Leaked Cellebrite support matrices from 2024 listed GrapheneOS devices as difficult or inaccessible in configurations that defeat stock Android and iOS. Extraction remains possible under a sufficiently resourced attack, but the floor the user can set is high enough that routine extraction fails.
Executive Order 14093, signed by President Biden in March 2023 and continued under successor administrations, prohibits U.S. government operational use of commercial spyware that poses counterintelligence or human-rights risks. The order is the state’s own acknowledgment that the capability is dangerous when directed at its officials. No restriction accompanies the capability when directed at anyone else. State actors want the spyware when the targets are adversaries and want to restrict it when the targets are themselves.^8^
Chapter 14 will set this limit out in full: cryptography cannot solve endpoint compromise, because a compromised device reads cleartext the same way the user does. The analytics stack sits on that limit. Breaking modern encryption costs billions in compute or the discovery of a zero-day in the implementation; compromising an endpoint costs tens of thousands to low millions per target for remote spyware and tens of thousands per unit for physical extraction, and delivers cleartext directly. The arms race migrated to the layer where the price structure favored the attacker, and it has stayed there. Chapter 22 takes up the countermeasures.
12.7 Compressing the OODA Loop
The first chapter of this book introduced Boyd’s observe-orient-decide-act loop as the structure of any targeted intervention, and argued that privacy disrupts the loop at observation. The Analytics Stack is useful to examine as the adversary’s answer to that claim, because the stack compresses the entire loop into industrial process.^9^
The observation layer is the sensor and acquisition stack: ALPRs, doorbell cameras, cell-site simulators, scraped web images, app location streams, bank transaction reports, and commercial spyware. Its output is raw records.
The orientation layer is the fusion and analysis stack: Palantir-class platforms, broker-assembled dossiers, biometric matching services, and large language models querying the fused environment. Its output is hypotheses and patterns, organized by subject or by event.
The decision layer is the case-management and authorization stack: warrant requests, arrest authorizations, audit selections, travel restrictions, and administrative sanctions. Its output is enforcement orders directed at individuals, and it has automated alongside the others. Pretrial risk scoring through the Public Safety Assessment and COMPAS shapes detention decisions in hundreds of U.S. jurisdictions. IRS audit selection runs on statistical models that choose which returns receive human review. ICE’s Risk Classification Assessment was documented in 2018 to recommend detention in every case evaluated, the failure mode of any decision-layer automation not empirically checked. Australia’s Robodebt issued automated welfare-debt notices against hundreds of thousands of recipients before courts halted the underlying methodology in 2019, and a 2023 Royal Commission judged the scheme unlawful and harmful. The pattern is consistent: models recommend, humans sign, and the review window shrinks to seconds per case as throughput rises.^10^
The action layer is deployment of enforcement: police units, tax audits, asset freezes, border stops, and regulatory actions. Its output is intervention in the target’s life.
Every layer in that sequence has specialist vendors and commercial pricing and has been optimized for throughput. The compressive effect is that an officer who in 1990 would have needed weeks of investigative work to assemble a case now has a query interface that returns the same package in minutes. The compression affects both sophisticated and routine operations. Cases previously uneconomic to pursue are now worth pursuing, which expands the population brought into contact with enforcement.
The countermeasure logic follows directly. If the stack compresses the loop, defense must act earlier in the loop. Observation-layer defenses are the only ones that break the entire chain, because a fused platform cannot fuse what was never collected. Encryption denies the observation layer the content; location obfuscation denies the observation layer the movement log; pseudonymity denies the observation layer the identity; cash denies the observation layer the transaction. Each of these defenses becomes more important as the downstream layers improve, because the downstream layers are the multiplier that turns observation into action. The defender’s marginal sensor denial is worth what it is worth times the multiplier of every downstream improvement.
Risk Is Not Uncertainty
Frank Knight’s 1921 distinction illuminates what the compressed loop can and cannot deliver.^11^ Risk is the condition under which the probabilities of outcomes are known or empirically estimable. Under uncertainty, those probabilities are not known. Insurance handles risk; no formula handles uncertainty. Knight’s distinction, developed outside the Austrian tradition and adopted by later Austrians including Lachmann and Shackle, is the right vocabulary for naming the limit.
A pattern recurring in historical data is a risk: what happened before can happen again at roughly the same rate, and a fused analytical platform can estimate the rate and direct resources at the higher-rate cases. A novel event of a kind the data does not contain is uncertainty: no aggregation reduces the novelty, because the novelty is in the category itself and not in any parameter within a known category. The compressed OODA loop improves enforcement against the pattern class and does not improve enforcement against the novel class. State threat models that depend on the novel class receive no benefit from the aggregation despite its cost. The marketing conflates the two classes because the political constituency for the stack does not distinguish them, and the epistemics do. Surveillance infrastructure priced against Knightian uncertainty is priced against a problem it cannot touch.
12.8 Why Agencies Keep Buying
Mises analyzed the dynamics of bureaucratic management in his 1944 study of the phenomenon.^12^ Bureaucratic management is the management of organizations whose output cannot be evaluated through profit and loss, because the output has no market price. An agency that loses money on its operations does not, by that fact alone, change course, and an agency that produces more intelligence reports per unit of budget does not thereby become better at its function in any measurable sense. Absent the profit test, what expands is the budget and what defines success is the budget’s expansion.
Applied to the analytics stack, the argument names the internal dynamic that the cost-curve analysis alone does not. Cost curves explain why the stack became affordable. Mises’s analysis of bureaucracy explains why affordable capability is purchased and retained regardless of whether it produces useful output. A director who declines to buy a commercial sensor feed that peer agencies have bought faces a political cost if any incident occurs that the feed could have prevented. A director who buys the feed faces no corresponding cost for the feed producing no usable intelligence, because no metric inside the agency measures the marginal return on the purchase. The asymmetry favors purchase and favors retention, and it holds regardless of what the sensor accomplishes.
Bureaucracies also expand along the axes the budget permits. An agency with surplus budget acquires capability; an agency with new capability acquires staff to operate it; staff acquire promotions and projects that require the capability to remain in place. The system locks in at the new level, and the next budget cycle begins from a baseline that includes the new level. The stack’s economics gave every agency with budget authority a reason to acquire. The Misesian analysis explains why the acquisitions accumulate instead of being pruned.
12.9 Why the Stack Exists Now
The stack is not new in kind. Pinkerton’s agency assembled surveillance for industrial and state clients in the nineteenth century.^15^ The Stasi assembled files on a third of East German adults with 1970s technology.^16^ What is new is the price per subject and the total addressable population, and both changed for identifiable reasons.
Sensor cost broke first. Digital imaging replaced film, commodity silicon replaced special-purpose hardware, cloud storage replaced local storage, and ubiquitous wireless replaced wired-only deployment. The cost of capturing a given observation fell by roughly six orders of magnitude over forty years. Storage cost broke next. Data-warehousing and object storage combined with Moore’s scaling law in density to reduce the cost of retaining a given record indefinitely from economically prohibitive to economically irrelevant. Analysis cost broke last. Human analysts gave way to rule-based systems, and rule-based systems gave way to large language models, with the cost of drawing an inference from a given record falling by roughly three orders of magnitude between 2010 and 2025.
When more than one cost curve collapses simultaneously, a capability that had been available only for exceptional cases becomes available for routine ones. The stack assembled itself through ordinary competitive pressure: any agency that refused it was outperformed by agencies that adopted it, and the outperformed agencies either adopted or lost budget and jurisdiction to the ones that had. The equilibrium emerged from local choices under identical incentive gradients, which is the signature of market order operating against the user.
The economic implication for privacy defense is that the defender’s cost curve must also bend. This is possible, and it has been happening, but it has been happening at a slower rate than the attacker’s stack for most of the last decade. Tor, Signal, Bitcoin, and Nostr are the points on the defender’s curve that have bent fastest.^17^ Each is a structural innovation that reduces defender cost by orders of magnitude for a specific observation type. The pace of those innovations is the variable that determines whether the Analytics Stack will be the end of the story or an intermediate phase before defense catches up.
Chapter Summary
The Analytics Stack is the integrated system through which commercial firms assemble surveillance capability and state agencies deploy it. Four layers compose it, sensor acquisition, fusion and analysis, decision and authorization, and enforcement action, and every layer has specialist vendors pricing their output competitively. Surveillance has been industrialized through market specialization: capability no single agency could lawfully build is assembled by firms and purchased as a service, and the state pays market price for capabilities it could not have obtained directly. The commercial channel routes around constitutional protections designed against direct state acquisition. The Fourth Amendment was written against compelled records; Carpenter narrowly limited warrantless cell-site data without addressing the broader commercial market in equivalent information, and the gap is where the data-broker industry operates.
Cost curves explain the timing. Sensor cost, storage cost, and analysis cost all collapsed in overlapping phases, and when they broke simultaneously the stack became economically mandatory for any agency whose competitors had adopted it. The result compresses Boyd’s OODA loop into industrial process: every stage from raw record to enforcement has been made efficient at once. Defense must therefore act at the observation layer, because every downstream layer has been optimized for throughput. Encryption, anonymous routing, location obfuscation, pseudonymity, and cash each deny the stack one specific observation class, and the defender’s marginal gain from any one of them is multiplied by the downstream efficiency.
The stack is not invincible. Defender cost curves can bend downward too, and the structural innovations the rest of the book develops, strong encryption, anonymous routing, resistant money, decentralized social infrastructure, have track records of collapsing the attacker’s cost advantage for specific observation types. The stack’s components also differ in reach and cost: a license-plate reader produces a movement log while commercial spyware produces total device compromise, and Chapter 22 threat-models against each layer separately. Legal reform has a place but not the primary one, because regulatory pressure on any single component displaces the capability to an adjacent one. Individual action is not futile: the stack is economically mandatory at the aggregate level and structurally fragile at the individual level, and a target who denies observation at every layer is a target the downstream machinery cannot process. The race has moved from the single-communication layer up to the aggregation layer, and the rest of the book works at the altitude the adversary now occupies.
Endnotes
^1^ Byron Tau’s 2024 book is the standing journalistic map of the commercial-to-state surveillance market; the EFF Atlas of Surveillance and 404 Media carry the ongoing reporting. Byron Tau, Means of Control: How the Hidden Alliance of Tech and Government is Creating a New American Surveillance State (Crown, 2024). Electronic Frontier Foundation, Atlas of Surveillance, https://atlasofsurveillance.org/, tracks specific deployments by jurisdiction. 404 Media, https://www.404media.co/, publishes ongoing investigative reporting on the industry.
^2^ Carpenter requires a warrant for compelled carrier records but does not address commercial purchase; legislative attempts to close the loophole through a “Fourth Amendment Is Not for Sale Act” have not passed. Carpenter v. United States, 585 U.S. 296 (2018). Scholarly treatment in Orin S. Kerr, “The Case for the Third-Party Doctrine,” Michigan Law Review 107 (2009): 561–601, and Paul Ohm, “The Fourth Amendment in a World Without Privacy,” Mississippi Law Journal 81, no. 5 (2012): 1309–1355. Legislative response in the “Fourth Amendment Is Not for Sale Act,” tracked across multiple Congresses at https://www.congress.gov/.
^3^ Murray N. Rothbard, Anatomy of the State (Auburn, AL: Ludwig von Mises Institute, 2009; first published 1974 in Egalitarianism as a Revolt Against Nature and Other Essays), in which Rothbard revives John C. Calhoun’s distinction between net taxpayers and net tax-consumers. The modern restatement: every state activity produces a class that receives more from the state than it contributes and a class that contributes more than it receives, and the ruling class in Rothbard’s sense is the coalition of the former. See also Power and Market: Government and the Economy, 4th ed. (Auburn, AL: Ludwig von Mises Institute, 2006), for the same analysis applied to specific intervention types; and John C. Calhoun, A Disquisition on Government (1851), for the original distinction Rothbard extended. The class analysis here is structurally distinct from the Marxist version because the class boundary is defined by state privilege, not by ownership of means of production.
^4^ Clearview AI built the canonical open-web facial-recognition corpus (~twenty billion images); HART is the parallel federal biometric index; TSA and CBP deploy facial matching at the physical checkpoints. Clearview AI, https://www.clearview.ai/. Kashmir Hill, Your Face Belongs to Us: A Secretive Startup’s Quest to End Privacy as We Know It (Random House, 2023), is the definitive journalistic account. U.S. Department of Homeland Security, Office of Biometric Identity Management (HART), https://www.dhs.gov/obim. TSA facial-matching at https://www.tsa.gov/digital-id. CBP biometric entry-exit at https://www.cbp.gov/travel/biometrics.
^5^ Palantir’s Artificial Intelligence Platform is the commercially visible instance of LLM-assisted intelligence analysis at state scale; Gotham and Foundry are the fused data environments it runs on top of. Palantir Artificial Intelligence Platform, https://www.palantir.com/platforms/aip/; Gotham, https://www.palantir.com/platforms/gotham/; Foundry, https://www.palantir.com/platforms/foundry/. Federal contract values are searchable at https://www.usaspending.gov/. Critical reporting by Caroline Haskins at Business Insider and by Sam Biddle at The Intercept (https://theintercept.com/).
^6^ Venntel and its successors (Locate X under Babel Street) and Fog Data Science sell location data drawn from the real-time bidding stream to federal, state, and local agencies; a 2023 TIGTA audit confirmed IRS Criminal Investigation used Venntel data without warrants. Venntel (subsidiary of Gravy Analytics), https://venntel.com/. Babel Street / Locate X, https://www.babelstreet.com/. Fog Data Science / Fog Reveal, https://fogdatascience.com/. Treasury Inspector General for Tax Administration, “The Criminal Investigation Division’s Use of Commercial Databases Containing Personal Information Complied with Policy but Raised Privacy Concerns,” Report No. 2023-IE-R003 (2023), https://www.tigta.gov/. Electronic Frontier Foundation reporting on the broker channel and Fog Reveal at https://www.eff.org/issues/street-level-surveillance/fog-data-science.
^7^ Flock Safety dominates ALPR; Skydio, BRINC, and DJI supply the police-drone market; Amazon Ring carries the doorbell-camera layer; cell-site simulators close out the physical sensor tier. Flock Safety, https://www.flocksafety.com/. Skydio, https://www.skydio.com/. BRINC, https://www.brinc.com/. DJI, https://www.dji.com/. Amazon Ring, https://ring.com/, and the Neighbors app, https://shop.ring.com/pages/neighbors-app. Chula Vista Police Drone-as-First-Responder program, https://www.chulavistapd.org/police-services/drones-as-1st-responders. Crowder v. Diamondback Investment Group, LLC, Circuit Court of the City of Norfolk, Case No. CL24-000194 (2024), on warrantless ALPR access. On cell-site simulators and 5G, see Citizen Lab’s ongoing analysis at https://citizenlab.ca/.
^8^ Pegasus (NSO), Predator (Intellexa), Graphite (Paragon), and Candiru’s products make up the remote-compromise market; Cellebrite and Magnet Forensics (GrayKey) run the physical-extraction market; GrapheneOS is the public defensive exception; Executive Order 14093 restricts U.S. government operational use without restricting the industry. Citizen Lab, https://citizenlab.ca/, is the primary empirical source on spyware deployments. NSO Group, https://www.nsogroup.com/. WhatsApp LLC v. NSO Group, Case No. 4:19-cv-07123 (N.D. Cal. 2024). Intellexa / Predator: U.S. Treasury OFAC sanctions designation of March 5, 2024, https://ofac.treasury.gov/recent-actions/20240305. Paragon Solutions / Graphite (acquired by AE Industrial Partners, December 2024); public reporting in TechCrunch and Haaretz. Candiru: no public website; documented by Citizen Lab and Microsoft Threat Intelligence Center reporting. Cellebrite, https://cellebrite.com/. Magnet Forensics, https://www.magnetforensics.com/. GrapheneOS, https://grapheneos.org/, feature documentation at https://grapheneos.org/features. Executive Order 14093, “Prohibition on Use by the United States Government of Commercial Spyware That Poses Risks to National Security,” 88 Fed. Reg. 18957 (March 27, 2023), https://www.federalregister.gov/documents/2023/03/30/2023-06730/prohibition-on-use-by-the-united-states-government-of-commercial-spyware-that-poses-risks-to.
^9^ Boyd’s OODA loop is the structural framework the chapter uses to show how surveillance integrates across layers; see Chapter 1, note 4, for the primary citation to Boyd’s “Patterns of Conflict” briefing. Frans P. B. Osinga, Science, Strategy and War: The Strategic Theory of John Boyd (Routledge, 2006), is the standard academic treatment. Grant T. Hammond, The Mind of War: John Boyd and American Security (Smithsonian, 2001), is the biographical treatment.
^10^ The decision layer has automated alongside sensor and orientation layers; PSA and COMPAS drive detention decisions, ICE’s Risk Classification Assessment recommended detention in nearly every case, and Australia’s Robodebt generated hundreds of thousands of unlawful automated debt notices before a 2023 Royal Commission halted it. Public Safety Assessment (Arnold Ventures), https://advancingpretrial.org/psa/about-the-psa/. COMPAS / Equivant, https://www.equivant.com/. Critical analysis of COMPAS risk scoring: Julia Angwin, Jeff Larson, Surya Mattu, and Lauren Kirchner, “Machine Bias,” ProPublica (May 23, 2016), https://www.propublica.org/article/machine-bias-risk-assessments-in-criminal-sentencing. On IRS automated audit selection, see Internal Revenue Service, Inflation Reduction Act Strategic Operating Plan (2023), https://www.irs.gov/pub/irs-pdf/p3744.pdf. ICE Enforcement and Removal Operations Risk Classification Assessment: Reade Levinson, Mica Rosenberg, and Kristina Cooke, “Special Report: How Trump Administration Altered ICE’s Detention Tool,” Reuters (June 26, 2018), https://www.reuters.com/investigates/special-report/usa-immigration-detention/. Robodebt: Commonwealth of Australia, Report of the Royal Commission into the Robodebt Scheme (July 2023), https://web.archive.org/web/20230901000000/https://robodebt.royalcommission.gov.au/publications/report.
^11^ Frank H. Knight, Risk, Uncertainty, and Profit (Boston: Houghton Mifflin, 1921), especially Part III. Knight is a Chicago School founder, not an Austrian, and the distinction the book’s argument invokes is Knight’s, not Mises’s. Mises offers the parallel distinction between class probability and case probability in Human Action (cited at Chapter 3, note 1), chapter 6 (“Uncertainty”). For the Austrian reception of Knightian uncertainty, see Ludwig M. Lachmann, Capital, Expectations, and the Market Process (Kansas City: Sheed Andrews and McMeel, 1977), and G. L. S. Shackle, Epistemics and Economics (Cambridge University Press, 1972).
^12^ Ludwig von Mises, Bureaucracy (New Haven: Yale University Press, 1944; reprinted Indianapolis: Liberty Fund, 2007), especially the chapters on “Profit Management” and “Bureaucratic Management.” Mises’s argument is that bureaucracies exist where market prices cannot be formed for the outputs in question, that bureaucratic personnel are therefore not subject to the discipline profit-and-loss accounting imposes, and that the institutional form has internal expansionary pressures that no amount of administrative reform neutralizes. William A. Niskanen, Bureaucracy and Representative Government (Chicago: Aldine-Atherton, 1971), develops the complementary public-choice analysis from a non-Austrian vantage.
^13^ Adam Smith, An Inquiry into the Nature and Causes of the Wealth of Nations (London: W. Strahan and T. Cadell, 1776), Book I, chapters 1–3, on the division of labor, its productivity effects, and its dependence on the extent of the market. The canonical modern edition is Adam Smith, The Wealth of Nations, ed. R. H. Campbell, A. S. Skinner, and W. B. Todd, Glasgow Edition of the Works and Correspondence of Adam Smith, vols. 1–2 (Oxford: Oxford University Press, 1976; reprinted Indianapolis: Liberty Fund, 1981).
^14^ Ludwig von Mises, Human Action: A Treatise on Economics, 4th ed. (Irvington-on-Hudson, NY: Foundation for Economic Education, 1996; originally published 1949), chapter 8 (“Human Society”), especially section 3 (“The Division of Labor”) and section 5 (“The Catallactic Problem of the Division of Labor”). Mises argues that the division of labor is constituted by and coextensive with the market exchange order (what he terms the catallactic order), and that the productivity gains Smith identified are themselves a product of voluntary cooperation under the price system. The surveillance-stack argument inherits this framework: specialization in observation is possible and economically rational because market prices coordinate each layer.
^15^ The Pinkerton National Detective Agency, founded by Allan Pinkerton in 1850, operated as a private intelligence and enforcement service for railroads, industrial employers, and federal agencies throughout the nineteenth century, including strike-breaking and infiltration of labor organizations. Its client base shows that the commercial-to-state surveillance market predates digital technology by more than a century. Frank Morn, The Eye That Never Sleeps: A History of the Pinkerton National Detective Agency (Bloomington: Indiana University Press, 1982), is the standard history. See also Robert P. Weiss, “Private Detective Agencies and Labour Discipline in the United States, 1855–1946,” Historical Journal 29, no. 1 (1986): 87–107.
^16^ The East German Ministry for State Security (Stasi) maintained files on an estimated 5.6 million individuals (roughly a third of the adult GDR population) using approximately 91,000 full-time employees and 170,000–190,000 informal collaborators at its peak in the 1980s. The comparison with the digital analytics stack inverts the cost structure: the Stasi achieved high penetration only through massive human-labor expenditure, while the commercial stack achieves comparable or greater coverage at near-zero marginal cost per subject. Gary Bruce, The Firm: The Inside Story of the Stasi (Oxford: Oxford University Press, 2010). Jens Gieseke, The History of the Stasi: East Germany’s Secret Police, 1945–1990, trans. David Burnett (New York: Berghahn Books, 2014). The Stasi Records Agency (BStU) archives are held by the Federal Commissioner for the Records of the State Security Service of the Former German Democratic Republic, https://www.bstu.de/.
^17^ Tor provides low-latency anonymous routing through onion encryption across a volunteer relay network; Signal provides end-to-end encrypted messaging under the Signal Protocol; Bitcoin provides a pseudonymous payment system resistant to financial surveillance at the transaction layer; Nostr provides a censorship-resistant social-graph and messaging protocol over public-key cryptography. Each collapses the attacker’s cost advantage for a specific observation class. Tor Project, https://www.torproject.org/; Roger Dingledine, Nick Mathewson, and Paul Syverson, “Tor: The Second-Generation Onion Router,” Proceedings of the 13th USENIX Security Symposium (2004), https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf. Signal Protocol specification: Trevor Perrin and Moxie Marlinspike, “The Double Ratchet Algorithm” (2016), https://signal.org/docs/specifications/doubleratchet/; Signal Foundation, https://signal.org/. Bitcoin: Satoshi Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System” (2008), https://bitcoin.org/bitcoin.pdf. Nostr protocol specification, https://github.com/nostr-protocol/nostr.
<- Previous: Corporate Surveillance and Data Extraction |
-> Next: The Crypto Wars |The Praxeology of Privacy – third edition. New chapters publish daily at 1600 UTC.
More from The Praxeology of Privacy
Write a comment