Surveillance Accountability Act
As we wrote about in "The Privacy Black Hole: Third-Party Doctrine", the US government can currently get around the usual checks and balances by buying information about us directly from data brokers. This is the same kind of information they would normally need a warrant or subpoena to obtain if they were investigating someone directly, thanks to the third-party doctrine.
The third-party doctrine is a U.S. legal principle that says people have no reasonable expectation of privacy in information they "voluntarily" share with third parties, such as banks or phone companies. As a result, the government can often get that data without a warrant.
In today's world, countless companies collect huge amounts of our personal information, and much of it gets labeled as "voluntarily shared", even when we don't realize it's happening or fully understand what is being tracked. The scope goes far beyond what most people would consider reasonable.
Types of Information Collected
Data brokers build detailed profiles on nearly every aspect of our lives. Here are some of the common categories:
- Basic identifiers and contact info: Full name, aliases, date of birth, current and past addresses, phone numbers, email addresses, Social Security numbers (or partial), and device identifiers.
- Demographic details: Age, gender, ethnicity/race, marital status, household makeup (such as the presence and ages of children), education level, occupation, employer, and religion.
- Financial information: Income level, net worth, credit scores and history, payment behaviors, bankruptcies, and spending patterns (like the types of products bought, how often, and payment methods).
- Location and movement data: Home and work routines, frequent visits (including to sensitive places like clinics, places of worship, or protests), and sometimes even real-time GPS tracking.
- Behavioral and lifestyle data: Online browsing and search history, interests and hobbies, purchase habits, brand preferences, social media activity, travel patterns, and inferred traits (such as "big spender parents" or political leanings based on supported causes).
- Health-related data: Inferred conditions (for example, interest in diabetes products, pregnancy, or mental health based on app usage or searches), medications, or interactions with health apps and websites. (Direct medical records face more restrictions, but inferences from apps and searches are common.)
- Sensitive or inferred attributes: Political preferences or beliefs (such as support for certain organizations or causes), sexual orientation (inferred from app usage), military status or service history, government employment, and family relationships.
- Other: Vehicle ownership, property details, criminal or court history, and even risk scores or categories (like "credit hungry" or "at-risk").
Some brokers advertise data on millions of people with tens of thousands of data points, including real-time location or specific details on military personnel, activists, or government employees. People-search sites often pull together public records to show home addresses, relatives' information, and contact details that anyone can search.
In short, they collect and sell enough sensitive personal information that cybersecurity policy expert and data privacy advocate Justin Sherman, author of a 2021 report by Duke University’s Technology Policy Lab titled "Data Brokers and Sensitive Data on U.S. Individuals", stated that “Data brokerage is a threat to Americans’ civil rights, consumers’ privacy and well-being, and U.S. national security.” He made this point in testimony to the U.S. House Committee on Energy and Commerce, Subcommittee on Oversight and Investigations, on April 19, 2023.
Where does all this information come from?
Sources of Data
Data brokers pull information from many public and private sources, then link it, make inferences, and build richer profiles:
- Public records: Voter registrations, property deeds, court filings (such as bankruptcies, divorces, or criminal records), driver's licenses, vehicle registrations, birth and marriage certificates, and professional licenses.
- Commercial and transactional data: Purchase histories from retailers, loyalty program details, warranty cards, magazine subscriptions, and credit card or payment trends.
- Online and digital tracking: Website cookies, browsing history, search queries, app usage, social media activity (especially public posts), device IDs, IP addresses, and ad interactions.
- Mobile and location data: Precise GPS from apps, Wi-Fi or Bluetooth signals, geotagged photos, and movement patterns from hundreds of millions of devices (both real-time and historical).
- Other brokers and third parties: They often buy or trade data with each other, which makes the profiles even more detailed.
- Inferred or derived data: Algorithms create new insights, such as predicting interests, health risks, or behaviors from patterns (for example, frequent purchases of certain products suggesting a medical condition).
Simply by living in the modern world, we generate data from many sources that together paint a very intimate picture of our daily lives. It's already concerning when companies use this for targeted advertising, but what happens when the government can buy it too?
Recent Developments: FBI Confirmation of Purchasing Commercially Available Data
This issue got fresh attention during the March 18, 2026 Senate Intelligence Committee Worldwide Threats hearing. When asked by Sen. Ron Wyden about the FBI buying commercial data that includes location information, FBI Director Kash Patel said:
“We do purchase commercially available information that’s consistent with the Constitution and the laws under the Electronic Communications Privacy Act, and it has led to some valuable intelligence for us.”
This confirmation shows the FBI is acquiring detailed datasets from commercial sources, often the same kind of granular location histories and movement patterns that the Supreme Court’s Carpenter v. United States (2018) decision said require a warrant if obtained directly from cell phone providers.
New Legislative Limits
The Surveillance Accountability Act aims to close this loophole and strengthen Fourth Amendment protections. It would require law enforcement to get a warrant based on probable cause before accessing data that significantly invades an individual's privacy. This includes the acquisition and analysis of any data, metadata, or information pertaining to a person’s digital or physical life. Examples include geolocation, communication records, personal device activity, assets, liabilities, biometric identifiers, behavioral signals data, or financial transactions.
The bill includes reasonable exceptions (such as plain-view observations or verifying government-issued ID during law enforcement interactions), but it restricts those exceptions for certain types of sensitive data. It also creates a way for individuals to take legal action if federal employees or agencies violate these rights.
You can learn more at https://www.surveillanceaccountability.com/
Act Now!
We believe law enforcement plays a vital role in society, but that role should not come at the expense of the privacy rights guaranteed by the Fourth Amendment. The Surveillance Accountability Act brings back the judicial oversight that the Founding Fathers built into our system.
Let your representatives know you support the Surveillance Accountability Act. It would help prevent broad, warrantless searches and restore important limits and probable cause requirements.
Remember: we may not have anything to hide, but everything to protect.
