US government deploys AI for mass surveillance, buying data from brokers to track Americans

How LLMs could supercharge mass surveillance in the US

The technology could make commercially available bulk datasets even more of a privacy concern. There are pieces of your life scattered all over the internet, and some of them are for sale. Data brokers amass web searches, financial records, and location data from millions of individuals and sell them to various clients, including the US government. Information on your recent online purchases or the route that you take to work could be sitting on hard drives around the world, waiting to be used. While reassembling those pieces isn't trivial, there is early evidence that LLMs might make it far easier. LLM agents could potentially do the work of intelligence analysts in a fraction of the time and for a fraction of the cost, which would enable the state to aim its all-seeing eye toward anyone, not just its highest-priority targets. "A lot of what we think of as privacy protection isn't so much like something that's written in the law," says Karen Levy, a professor of information science at Cornell University. "It just has to do with how hard or how expensive it is to learn stuff about people." When mobile phones became widespread, gathering data about people got much cheaper, but making use of that data remained difficult. Powerful LLMs could change that. Worries over how LLMs could facilitate mass surveillance recently made headlines around the world. According to reporting from the New York Times and the Atlantic, contract negotiations between Anthropic and the US Department of Defense fell apart in late February because Anthropic balked when the DOD demanded leeway to use the company's models to analyze commercially available data on US citizens. When Anthropic's rival OpenAI agreed to a DOD deal mere hours later, OpenAI faced an immediate wave of public backlash for apparently swanning past Anthropic's red lines. Under pressure, OpenAI and the DOD later revised the contract terms. For avid followers of Anthropic CEO Dario Amodei, the company's firm stance probably didn't come as a surprise. In a lengthy essay published to his personal website in January, Amodei had argued that AI-enabled mass surveillance could constitute a crime against humanity. The core concern underlying his dispute with the DOD was that the government might use LLM-based systems such as Claude to analyze reams of data obtained from brokers and build detailed profiles of individual Americans at scale. There's plenty of precedent for AI being used for mass surveillance: Most notably, governments worldwide use facial recognition to track citizens and noncitizens alike, and recent reporting indicates that US Immigrations and Customs Enforcement (ICE) agents have leaned heavily on facial recognition apps in order to carry out the Trump administration's mass deportation campaign. While there's not yet any smoking-gun evidence that the US government (or anyone else) is using LLMs to conduct surveillance in the way that Amodei warns about, there's a clear appetite for such capabilities. Artificial analysts The sort of surveillance against which Amodei cautions is only possible in the United States because of a legal loophole. If the police suspect you of a crime and want to peruse the location data stored on your phone to see if you were present at the scene, they need a signed warrant from a judge. That's because the Fourth Amendment of the Constitution protects anyone in the United States from "unreasonable searches" by the government. But when the government buys bulk data from brokers, it isn't itself searching -- it's taking advantage of searches conducted by the people who collected and compiled the data. That creates a paradox: The government can't look at the location information on your phone without a warrant, but if a dataset that the government has purchased contains your phone's location data, and the government is able to link it to you, then it can effectively perform an end run around the Fourth Amendment. The good news is that finding your information in these databases probably isn't as easy as just searching for your name. The data that brokers sell is often stripped of obvious identifiers -- it might contain, for example, location traces from millions of cell phones but not the corresponding phone numbers. But that's not an insurmountable obstacle. A 2019 New York Times investigation of bulk cell phone location data found that it was often possible to identify the owners of individual phones by making note of their apparent work and home locations. Even though deanonymizing data does take some effort, it's safely within the skill set of intelligence analysts, or indeed any competent internet user, and law enforcement has used ostensibly anonymized location data to tie people to specific crimes. But those are focused searches. While the government, or other organizations, might be able to access data that describes the locations of tens or hundreds of millions of Americans, it would take an utterly impractical number of human analysts to tie all of that data to specific individuals. AI agents could potentially do it faster and more cheaply. "One way to look at the kerfuffle with Anthropic is that the DOD wants to be able to exploit this [commercial data] loophole to the max," says Greg Nojeim, director of the security and surveillance project at the Center for Democracy & Technology. There's evidence indicating that LLM agents are up to the job. At the start of this year, Northeastern University professor Tianshi Li shared a particularly ironic example. Using an LLM agent, Li analyzed a publicly available Anthropic dataset that consisted of interviews with several scientists about how they use AI. Anthropic had redacted some personally identifying information in the scientists' responses, but the agent that Li used was able to connect descriptions of some of the subjects' research with specific studies that they had authored. Though the agent only managed to identify a fraction of the interviewed scientists, when it did succeed it was fast and cheap: Each attempt took about four minutes and cost less than fifty cents. Anthropic did not respond to a request for comment for this story. Other studies have shown that LLMs can match pseudonymous forum accounts to LinkedIn profiles; identify writers' native languages; isolate potentially identifying information from a user's online post history; and infer social media users' psychological traits, locations, incomes, sexes, and ages, among other attributes. While some of these tasks could be completed by the average person if given adequate time, others, such as native-language identification, would be challenging for anyone but an expert. "In practice, they're doing what a competent investigator would do," wrote Nico Dekens, senior vice president of engineering at the intelligence software company ShadowDragon, in an email to MIT Technology Review. All of these results suggest that agents could give an unskilled worker the capabilities of a team of highly trained intelligence analysts. "[An agent] can gather information on its own and it can make plans, so it's not like a static search query," Li says. "It both lowers the barrier to entry and maybe pushes the limits of surveillance even farther." If political leaders wanted to quash dissent or punish opponents at scale, the combination of bulk data and countless virtual analysts could enable them to do so. A team of LLM agents might be able to identify the real people behind social media accounts that express negative views about the government or leverage a location dataset to compile a list of people present at a protest. Those in power could then make their lives difficult. "If government agents want to harass people, there are many opportunities to do so," says Darrell West, a senior fellow at the Brookings Institution. In the United States, such harassment might take subtle forms -- being pulled aside for excessive screenings at the airport, for example. Elsewhere, the consequences could be more drastic. Members of China's Uighur ethnic minority, for example, have been extensively surveilled by their government for years, and police may choose to investigate individuals based on surveillance data. For Uighurs, such investigations can result in internment and forced labor. And China appears to be interested in integrating LLMs into its surveillance system: An unsecured dataset discovered last year on a Baidu server indicates that Chinese companies are using LLMs to flag online posts for the purpose of "public opinion monitoring," which is a priority for the Chinese government. All of this is made worse by the fact that LLMs make mistakes. The advantage of using LLMs for mass surveillance is that they can do far more work than human analysts far more quickly, but that also makes thoroughly checking their work impossible. And because mass surveillance is, by its very nature, secretive, some who fall victim to such errors may not have any recourse. Privacy on a precipice For now, these threats are theoretical. It's almost impossible to determine how the US intelligence community is using LLMs in any detail: While most government agencies are required to report how they use AI, intelligence agencies are exempt. And the companies that provide tools that the government might use to conduct surveillance are cagey about the details of their tech, at least in public materials. "There are legitimate reasons for secrecy about how informational assets are being obtained and used for intelligence or defense purposes," Nojeim says. "But the amount of secrecy that surrounds this use is particularly troubling because the tech is so powerful and so new and so difficult for Congress to oversee." That said, there are some suggestive signs about how the government might be using LLMs. For example, government agencies, including ICE and the Drug Enforcement Administration hold subscriptions to ShadowDragon's software, and, according to Dekens, the company is currently working on incorporating LLMs into the tools it offers. "LLM agents are already very good at the mechanical side of analysis," he wrote. "Right now, the most effective way to use them is as a copilot and workflow layer." And the government could certainly take advantage of those capabilities, as it has access not only to commercially available bulk data but also to proprietary datasets compiled by individual agencies. Historically, those datasets had been siloed in different agencies -- the Internal Revenue Service had your tax data and the Centers for Medicare & Medicaid Services had your health records, and they didn't share. Last year, however, the Elon Musk-led Department of Government Efficiency reportedly mounted a crusade to centralize all that data. With the data in one place and powerful AI tools at their fingertips, members of government agencies can, in principle, construct detailed profiles of anyone. DOGE's data-centralization efforts and the LLM-enabled acceleration of analyst work are two sides of the same coin. In principle, both changes could help the government operate more effectively and economically. But there's a cost. "I think there's sometimes an assumption that inefficiency is always bad," says Levy. "But in privacy, you actually really want things to be hard." Few organizations would choose inefficient procedures of their own volition, but Congress could force the government down that path. Shortly after the Anthropic debacle, a bipartisan group of senators and representatives introduced a bill that would require the government to obtain a warrant before purchasing data from data brokers. Public outcry, too, seems to have had an effect: After OpenAI was overwhelmed by opprobrium for accepting DOD contract terms that Anthropic had rejected, the company and the Pentagon modified the contract to include additional surveillance protections. But government surveillance is not the only concern. Private companies could just as easily purchase bulk data and analyze it with LLM agents, and they are less subject to legal constraints and public opposition, especially if they aren't household names. If it is indeed possible for LLM agents to build detailed profiles of large numbers of individuals using bulk data, companies could use those capabilities to investigate job applicants or determine whether someone is insurable. "It is very, very hard to hold to account companies that are doing whatever they want to with our data," Levy says. "It's hard to even know what's happening." In the absence of legislation preventing such uses, we might need to rethink how we understand our own privacy. It has always been possible that someone online might unearth your address or connect you with your pseudonymous accounts, but given the effort that would take, it was easy to feel safe. Even in the wake of Edward Snowden's 2013 revelations about the National Security Agency's extensive surveillance of US citizens, many people reassured themselves that their privacy was still intact because the government had no reason to look into their lives. That kind of privacy depends entirely on friction: the time and effort required to link a secret social media account with its real-life owner, or the skill and resources needed to analyze bulk datasets. Stay under the radar, and no one will care enough to overcome that friction. But LLM agents could lessen that effort, or remove it entirely. If the government and other organizations can construct detailed profiles of millions of people at the drop of a hat, no one is beneath their notice.

US government ramps up mass surveillance with help of AI tech, data brokers - and your apps and devices

On a Saturday morning, you head to the hardware store. Your neighbors' Ring cameras film your walk to the car. Your car's sensors, cameras and microphones record your speed, how you drive, where you're going, who's with you, what you say, and biological metrics such as facial expression, weight and heart rate. Your car may also collect text messages and contacts from your connected smartphone. Meanwhile, your phone continuously senses and records your communications, info about your health, what apps you're using, and tracks your location via cell towers, GPS satellites and Wi-Fi and Bluetooth. As you enter the store, its surveillance cameras identify your face and track your movements through the aisles. If you then use Apple or Google Pay to make your purchase, your phone tracks what you bought and how much you paid. All this data quickly becomes commercially available, bought and sold by data brokers. Aggregated and analyzed by artificial intelligence, the data reveals detailed, sensitive information about you that can be used to predict and manipulate your behavior, including what you buy, feel, think and do. Companies unilaterally collect data from most of your activities. This "surveillance capitalism" is often unrelated to the services device manufacturers, apps and stores are providing you. For example, Tinder is planning to use AI to scan your entire camera roll. And despite their promises, "opting out" doesn't actually stop companies' data collection. While companies can manipulate you, they cannot put you in jail. But the U.S. government can, and it now purchases massive quantities of your information from commercial data brokers. The government is able to purchase Americans' sensitive data because the information it buys is not subject to the same restrictions as information it collects directly. The federal government is also ramping up its abilities to directly collect data through partnerships with private tech companies. These surveillance tech partnerships are becoming entrenched, domestically and abroad, as advances in AI take surveillance to unprecedented levels. As a privacy, electronic surveillance and tech law attorney, author and legal educator, I have spent years researching, writing and advising about privacy and legal issues related to surveillance and data use. To understand the issues, it is critical to know how these technologies function, who collects what data about you, how that data can be used against you, and why the laws you might think are protecting your data do not apply or are ignored. Big money for AI-driven tech and more data Congressional funding is supercharging huge government investments in surveillance tech and data analytics driven by AI, which automates analysis of very large amounts of data. The massive 2025 tax-and-spending law netted the Department of Homeland Security an unprecedented US$165 billion in yearly funding. Immigration and Customs Enforcement, part of DHS, got about $86 billion. Disclosure of documents allegedly hacked from Homeland Security reveal a massive surveillance web that has all Americans in its scope. DHS is expanding its AI surveillance capabilities with a surge in contracts to private companies. It is reportedly funding companies that provide more AI-automated surveillance in airports; adapters to convert agents' phones into biometric scanners; and an AI platform that acquires all 911 call center data to build geospatial heat maps to predict incident trends. Predicting incident trends can be a form of predictive policing, which uses data to anticipate where, when and how crime may occur. DHS has also spent millions on AI-driven software used to detect sentiment and emotion in users' online posts. Have you been complaining about Immigration and Customs Enforcement policies online? If so, social media companies including Google, Reddit, Discord, and Facebook and Instagram owner Meta may have sent identifying data, such as your name, email address, phone number and activity, to DHS in response to hundreds of DHS subpoenas served on the companies. Meanwhile, the Trump administration's national policy framework for artificial intelligence, released on March 20, 2026, urges Congress to use grants and tax incentives to fund "wider deployment of AI tools across American industry" and to allow industry and academia to use federal datasets to train AI. Using federal datasets this way raises privacy law concerns because they contain a lifetime of sensitive details about you, including biographical, employment and tax information. Blurring lines and little oversight In foreign intelligence work, the funding, development and controlled use of certain AI-driven gathering of data makes sense. The CIA's new acquisition framework to turbocharge collaboration with the private sector may be legal with proper oversight. But the line between collaborating for lawful national security purposes versus unlawful domestic spying is becoming dangerously blurred or ignored. For example, the Pentagon has declared a contractor, Anthropic, a national security risk because Anthropic insisted that its powerful agentic AI model, Claude, not be used for mass domestic surveillance of Americans or fully autonomous weapons. On March 18, 2026, FBI Director Kash Patel confirmed to Congress that the FBI is buying Americans' data from data brokers, including location histories, to track American citizens. As the federal government accelerates the use of and investment in AI-driven spy tech, it is mandating less oversight around AI technology. In addition to the national AI policy framework, which discourages state regulation of AI, the president has issued executive orders to accelerate federal government adoption of AI systems, remove state law AI regulation barriers and require that the federal government not procure the use of AI models that attempt to adjust for bias. But using advanced AI systems is risky, given reports of AI agents going rogue, exposing sensitive data and becoming a threat, even during routine tasks. Your data The surveillance capitalism system requires people to unwittingly participate in a manipulative cycle of group- and self-surveillance. Neighborhood doorbell cameras, Flock license plate readers and hyperlocal social media sites like Nextdoor create a crowdsourced record of all people's movements in public spaces. Sensors in phones and wearable devices, such as earbuds and rings, collect ever more sensitive details. These include health data, including your heart rate and heart rate variability, blood oxygen, sweat and stress levels, behavioral patterns, neurological changes and even brain waves. Smartphones can be used to diagnose, assess and treat Parkinson's disease. Earbuds could be used to monitor brain health. This data is not protected under HIPAA, which prohibits health care providers and those working with them from disclosing your health information without your permission, because the law does not consider tech companies to be health care providers nor these wearables to be medical devices. Legal protections People have little choice when buying devices, using apps or opening accounts but to agree to lengthy terms that include consent for companies to collect and sell their personal data. This "consent" allows their data to end up in the largely unregulated commercial data market. The government claims it can lawfully purchase this data from data brokers. But in buying your data in bulk on the commercial market, the government is circumventing the Constitution, Supreme Court decisions and federal laws designed to protect your privacy from unwarranted government overreach. The Fourth Amendment prohibits unreasonable search and seizure by the government. Supreme Court cases require police to get a warrant to search a phone or use cellular or GPS location information to track someone. The Electronic Communications Privacy Act's Wiretap Act prohibits unauthorized interception of wire, oral and electronic communications. Despite some efforts, Congress has failed to enact legislation to protect data privacy, the use of sensitive data by AI systems or to restore the intent of the Electronic Communications Privacy Act. Courts have allowed the broad electronic privacy protections in the federal Wiretap Act to be eviscerated by companies claiming consent. In my opinion, the way to begin to address these problems is to restore the Wiretap Act and related laws to their intended purposes of protecting Americans' privacy in communications, and for Congress to follow through on its promises and efforts by passing legislation that secures Americans' data privacy and protects them from AI harms. This article is part of a series on data privacy that explores who collects your data, what and how they collect, who sells and buys your data, what they all do with it, and what you can do about it.

How the government is ramping up mass surveillance with AI-driven tech

Companies unilaterally collect data from most of your activities. This "surveillance capitalism" is often unrelated to the services device manufacturers, apps, and stores are providing you. For example, Tinder is planning to use AI to scan your entire camera roll. And despite their promises, "opting out" doesn't actually stop companies' data collection. While companies can manipulate you, they cannot put you in jail. But the U.S. government can, and it now purchases massive quantities of your information from commercial data brokers. The government is able to purchase Americans' sensitive data because the information it buys is not subject to the same restrictions as information it collects directly. The federal government is also ramping up its abilities to directly collect data through partnerships with private tech companies. These surveillance tech partnerships are becoming entrenched, domestically and abroad, as advances in AI take surveillance to unprecedented levels.