Part 1 and Part 2 Combined

Introduction

The United States did not build a surveillance state. It built a surveillance economy.

That distinction matters. A state-run surveillance apparatus can, at least in theory, be dismantled through legislation, litigation, or political will. An economy built around surveillance has different properties. It has vendors with recurring revenue, agencies with entrenched capabilities, grant programs with measurable outputs, and data brokers with buyers. Those forces do not reverse themselves because a court issues a warning or a Senate subcommittee files a critical report.

This investigation documents how the United States moved from targeted signals intelligence into a normalized, integrated surveillance ecosystem that spans federal agencies, state and local governments, private corporations, and consumer technology. It traces the legal authorities that enabled expansion, the procurement structures that funded it, the vendor relationships that operationalized it, and the information-sharing arrangements that distributed it across all 50 states.

Three questions organize the inquiry.

Who benefits? Intelligence agencies, federal law enforcement, defense contractors, local police departments, and private technology corporations that monetize data pipelines.

Who loses? The average citizen, specifically their reasonable expectation of privacy, anonymity, and freedom of movement.

Who controls the information? A hybrid structure built around federal agencies including the National Security Agency, the Federal Bureau of Investigation, and the Department of Homeland Security, operating alongside corporations such as Palantir Technologies, Amazon Web Services, Google, and an extensive network of data brokers whose business model depends on unrestricted data flow.

This is not a theory. It is an observable architecture, built incrementally through policy decisions, contract awards, crisis responses, and legal workarounds accumulated over three decades.

Background: The Foundations Were Laid Before Most People Were Paying Attention

Pre-9/11 Infrastructure

Mass surveillance did not begin on September 12, 2001. The infrastructure existed before the justification arrived.

During the Cold War and through the 1990s, the United States expanded signals intelligence capabilities through programs operating under the Five Eyes alliance, a formal intelligence-sharing arrangement between the U.S., United Kingdom, Canada, Australia, and New Zealand. The ECHELON program, confirmed through European Parliament investigations conducted between the late 1990s and 2001, gave allied intelligence agencies the technical capacity to intercept civilian communications globally. Satellite interception systems were expanded. Early internet traffic monitoring capabilities were developed. The legal architecture governing these activities was classified, secret, and largely unknown to the public.

What the pre-9/11 period established was not a specific set of surveillance powers but something more durable: the institutional culture, the technical capabilities, and the legal frameworks that would later absorb and legitimize dramatic expansion. The apparatus was ready. It was waiting for the moment the political environment would support visible deployment.

The Legal Shift After September 11

The attacks of September 11, 2001 provided that moment. Within weeks, Congress passed the USA PATRIOT Act under conditions that limited meaningful legislative review. The Act dramatically expanded government surveillance authority across several dimensions.

Section 215 authorized bulk collection of business records, including telephone metadata, under a relevance standard that courts would later find remarkably thin. The threshold for obtaining Foreign Intelligence Surveillance Court orders was lowered. The range of information accessible to investigators without traditional judicial process was extended. The FISA Court, already operating in secrecy, became the primary oversight mechanism for a dramatically expanded set of surveillance activities.

Declassified FISA Court rulings confirmed what the Snowden disclosures later made public: Section 215 was used to collect telephone metadata on millions of Americans with no individualized suspicion. The court approving that collection operated in a closed process, heard only government arguments, and approved the vast majority of requests submitted to it.

The legal change was real, but it was not the whole story. The more lasting transformation was institutional. The Department of Homeland Security was created in 2002, consolidating domestic intelligence functions under a broad mandate to prevent threats before they occur. Fusion centers, designed as federal-state-local intelligence sharing hubs, began spreading across the country. Watchlists expanded. Integration of private sector data streams began in earnest.

The NSA Programs: Federal Collection at Scale

The clearest window into the scope of federal surveillance came through Edward Snowden’s disclosures in 2013. Three programs illustrate the range and reach of what had been built.

PRISM provided NSA with access to data from major technology companies including Google, Facebook, Apple, Microsoft, and Yahoo. The program allowed collection of email, chat records, video content, stored files, voice communications, and login activity. The companies were served with legal orders; the data moved to government servers.

XKeyscore provided analysts with a real-time query interface into a massive repository of global internet traffic. Internal NSA training slides, published as part of the Snowden archive, described XKeyscore as the widest-reaching system for developing intelligence from the internet. Analysts could search content and metadata based on email address, name, keyword, phone number, IP address, or other selectors without prior authorization.

Upstream Collection involved interception of data directly from the fiber optic cables and infrastructure that carry internet traffic. Unlike PRISM, which collected data from tech companies with legal process, Upstream collection happened at the infrastructure level, capturing internet communications in transit.

Declassified documents confirmed that the NSA collected metadata and content from millions of users, including U.S. citizens, under authorities that the Privacy and Civil Liberties Oversight Board later found lacked a viable legal foundation. In its review of the Section 215 telephone records program, PCLOB concluded the program raised serious First and Fourth Amendment concerns and, most significantly, had not identified a single instance in which the program made a concrete difference in stopping a terrorist threat to the United States. That finding matters. It is the foundation of the most important structural observation in this analysis: low evidentiary return does not produce rollback in the surveillance state. It produces calls for more integration.

The Vendor Layer: Outsourcing Visibility

The federal collection model took a public hit after the Snowden disclosures. What followed was not retrenchment. It was a pivot.

Agencies did not stop wanting mass visibility into people’s activities, associations, and movements. They changed methods. They leaned harder on private contractors, commercial data brokers, local-federal information sharing arrangements, and grant-funded local technology acquisition. The surveillance state became less visibly federal and more operationally networked.

Palantir and the Integration Model

Palantir Technologies is the clearest example of what the public-private convergence looks like in practice, though not the only one.

Official federal spending records and procurement notices document Palantir’s extensive role in ICE’s Investigative Case Management system. USAspending identifies contract activity for ICE’s ICM work, and SAM procurement notices show ICE pursuing sole-source arrangements with Palantir for the same system. Federal spending records tied to ICE operations place Palantir’s ICM-related work at substantial totals. None of this is disputed or hidden. It is on the government’s own procurement infrastructure.

The significance of a platform like ICM is not administrative efficiency. It is integration. These platforms allow agencies to fuse records, case information, investigative leads, data feeds, and analytical workflows into a single operational picture of a person, network, or movement pattern. The power lies in the aggregation layer. Individual pieces of data, innocuous in isolation, become something qualitatively different when joined together and made searchable across time and geography.

Palantir is the visible tip. The broader model involves cloud infrastructure hosting classified government data, analytics vendors processing law enforcement records, biometric vendors supplying identification systems, camera vendors building out physical monitoring networks, and data brokers supplying location, financial, and behavioral information on the open market.

Federal Use of Facial Recognition

In 2021, the Government Accountability Office reported that between April 2018 and March 2020, multiple federal agencies, including the FBI, U.S. Marshals Service, Customs and Border Protection, Secret Service, IRS Criminal Investigation, and Postal Inspection Service, used non-federal facial recognition technology. The GAO found these agencies had not adequately tracked which systems they were using, and in several cases had not assessed privacy risks before deploying the technology.

That is a significant governance failure at the exact point where government power meets private technology capability. Agencies were using commercial facial recognition systems with limited internal oversight, no comprehensive inventory of which tools were in use, and no systematic evaluation of accuracy disparities or civil liberties implications.

The Data Broker Market

In 2024, the Federal Trade Commission announced an order prohibiting X-Mode Social and its successor Outlogic from selling sensitive location data after alleging the company sold precise location information that could be used to track visits to medical facilities, places of worship, and domestic abuse shelters. In February 2026, the FTC was still warning data brokers about their obligations under the Protecting Americans’ Data from Foreign Adversaries Act.

Two things are visible in that timeline. The market in sensitive location data is real and has been active for years. It remained active enough in 2026 that federal regulators were still issuing warnings nearly a decade after the problem was publicly identified.

The government’s interest in this market is documented through FOIA disclosures. ACLU reporting based on DHS records described internal agency material about purchases of commercial cell-phone location data from a company called Venntel. According to those records, internal documents acknowledged that legal, policy, and privacy reviews had not kept pace with evolving technology. Some projects involving Venntel data were temporarily halted due to unanswered legal and privacy questions. The purchases continued regardless. Released material included spreadsheets containing approximately 336,000 location points from a subset of records, with more than 113,000 location points from a three-day span in one region.

The constitutional context for that purchase is provided by the Supreme Court’s 2018 decision in Carpenter v. United States, which held that government acquisition of historical cell-site location data constitutes a Fourth Amendment search requiring a warrant. The majority recognized that long-term location records are qualitatively different from the kinds of information courts had previously allowed government to obtain without warrants. The records at issue in Carpenter cataloged the defendant’s movements over 127 days, averaging 101 location data points per day.

The market response to Carpenter was predictable. If direct compelled collection from carriers requires a warrant, agencies can attempt to purchase functionally similar data from commercial brokers who collected it through app agreements and device permissions. The constitutional problem does not disappear because a private intermediary is standing in the middle of the transaction. The government is still acquiring the ability to reconstruct movement, association, routine, and presence across time. It is simply renting a workaround.

Funding Pipelines: How the Mesh Gets Built Locally

The question of why surveillance technology keeps spreading to smaller jurisdictions has a straightforward answer: the federal government funds it.

DHS’s Homeland Security Grant Program is one of the primary funding channels. DHS materials state that fusion-center-related funding requests must be consolidated into a single investment for states as a requirement of the program. That design choice is structurally important. It means federal grant architecture is not merely tolerating fusion centers. It is embedding them into the funding structure. Surveillance capacity is administratively normalized as a condition of receiving preparedness money.

FEMA’s HSGP materials describe the program as a suite of risk-based grants designed to enhance state, local, tribal, and territorial capabilities for terrorism prevention, protection, and response. DOJ’s Byrne JAG formula grants provide additional state and local funding that supports personnel, equipment, and technology purchases. In practice, these funding streams allow surveillance hardware and software to enter local police departments through broad procurement categories: interoperability, analytics, intelligence support, operational modernization, infrastructure protection.

The public justification for each purchase is almost always the same: terrorism prevention, serious crime, border security, public safety emergencies. The practical result is durable local capability that rarely shrinks after the stated emergency passes. The local agency has the tool, knows how to use it, has integrated it into operational practice, and has no particular incentive to return it.

Fusion Centers: Where Data Changes Its Legal Character

Fusion centers deserve specific attention because they illustrate how information, incentives, and accountability failures interact in a single institutional structure.

The 2012 Senate Permanent Subcommittee on Investigations report on fusion centers is detailed and damning. The investigation found that DHS-supported fusion center reporting was often shoddy, rarely timely, and at times posed threats to civil liberties and Privacy Act protections. It found fusion centers frequently produced intelligence that was irrelevant, useless, or inappropriate. Many produced no intelligence reporting at all. The report found the system’s value to federal counterterrorism efforts was unclear.

That report did not end the fusion center network. The network survived, continued to expand its funding, and continued to accumulate data-sharing relationships with local agencies, private sector partners, and federal entities. The reason is institutional: once agencies, contractors, and grant channels are organized around a system, poor performance creates calls for more investment rather than termination. The argument for increased resources is always available. The argument for shutting it down faces resistance from every interest group that benefits from the system’s continuation.

Fusion centers also serve a specific legal function that is rarely discussed clearly. They are nodes where information from different sources, gathered under different legal authorities, can be combined. Federal intelligence gathered under national security authorities can sit alongside local law enforcement records, commercial data purchases, and social media monitoring. The aggregation happens in an institutional space that is harder to regulate than any single source. That is a feature, not a design flaw.

The 50-State Mesh: Local Is Not Small

The Atlas of Surveillance, as of March 2026, documented more than 15,000 data points of surveillance technology deployment across the United States. That number represents only the publicly documented portion of deployed technology. The full picture is larger.

The national spread is the key fact. Surveillance technology is not concentrated in a handful of large coastal cities. It is deployed across suburban, rural, municipal, and county-level jurisdictions as ordinary policing infrastructure.

Illinois provides one example of what legal resistance looks like. The ACLU sued Clearview AI under the Illinois Biometric Information Privacy Act, resulting in a 2022 consent order that imposed permanent restrictions on Clearview’s ability to make its faceprint database available to most private entities nationwide, and barred sales to Illinois entities including state and local police for five years. The existence of that outcome required both a specific state statute and organized litigation. Without BIPA, no equivalent remedy was available.

Iowa illustrates ordinary expansion. ACLU of Iowa reporting in 2025 described rapid proliferation of automated license plate readers in the state and warned of a growing surveillance network capable of tracking people’s movements, habits, and associations. Iowa is not a border state. It is not a major metropolitan area. The spread of surveillance infrastructure into mid-sized and smaller jurisdictions reflects the availability of federal grants, vendor marketing, and normalized procurement practices.

Louisiana shows what happens when local guardrails are treated as obstacles rather than limits. In May 2025, the ACLU and ACLU of Louisiana reported that New Orleans police had been using real-time facial recognition through the Project NOLA camera network without public oversight or City Council approval. More than 200 cameras were scanning pedestrians and sending alerts to officers, despite a 2022 city law that had maintained a ban on facial recognition as a surveillance tool. The lesson is specific: policy restrictions do not enforce themselves. When incentives favor expansion and oversight is passive, agencies and their private partners will operate at the edge of what they believe they can sustain.

Border states occupy a distinct category. The EFF’s U.S.-Mexico border surveillance dataset, updated in January 2026, maps Customs and Border Protection surveillance towers, automated license plate readers, aerostats, and facial recognition systems at land ports of entry. Hundreds of surveillance towers have been documented along the border. The logic in border regions is territorial: location itself becomes the justification for pervasive monitoring. Legal protections that apply in the interior are explicitly narrower in the border zone, and that distinction shapes what agencies can deploy with less scrutiny.

The Counterargument, Addressed Honestly

The serious argument for comprehensive surveillance is not the “nothing to hide” claim. That argument fails immediately because privacy is about autonomy, not concealment, and because surveillance changes behavior across entire populations, including among people who have done nothing wrong.

The serious argument is this: modern threats are networked, fast-moving, transnational, and technologically sophisticated. Adversaries operate across jurisdictions and use commercial tools. Effective intelligence requires integrated data and broad access. Point-by-point collection tied to individual warrants cannot match the operational tempo of networked threats.

There is genuine truth in that framing. Targeted intelligence collection is a legitimate state function. Modern threat environments create genuine demands for analytical capability.

The problem is what gets smuggled in under that premise. Bulk access without individualized suspicion. Persistent data retention without defined limits. Weak oversight that functions reactively rather than preventively. Outsourced data collection designed to route around judicial process. Mission creep from terrorism to immigration enforcement to predictive policing to protest monitoring. Each expansion arrives wearing the justification of the previous one.

The oversight argument deserves the same honest treatment. Inspector general reviews, courts, legislative committees, and internal privacy offices all exist. They matter. But the record shows those mechanisms consistently arrive after capabilities are entrenched. The Senate fusion center report documented failure after the network was already nationwide. The PCLOB’s Section 215 critique came after years of bulk collection. GAO’s warnings about federal facial recognition use documented ongoing risk after agencies had been using unevaluated systems for years. Oversight in America’s surveillance apparatus has frequently functioned like a coroner: it documents what happened, but the machinery that produced the outcome remains operational.

Conclusion: A Surveillance Economy Does Not Self-Liquidate

The most important finding from this investigation is not about any specific program. It is about structure.

The American surveillance state is not held together by a single statute, a single agency, or a single emergency authorization. It is held together by interlocking economic and institutional interests that reinforce each other at every level.

Federal agencies want broad visibility into threats, movements, and networks. Local agencies want tools that expand investigative and enforcement capability. Vendors want recurring government contracts and the data access that comes with them. Grant programs want measurable outputs that justify continued funding. Data brokers want buyers with deep pockets and sustained demand. These interests are not in conflict. They are aligned. And aligned interests produce durable systems.

The constitutional question, specifically whether the American public should be subject to this level of institutional visibility without meaningful consent, has been treated as a secondary concern throughout this process. Courts address each new technical end-run one case at a time. Legislatures debate narrow statutory fixes. Privacy offices review specific programs while the broader architecture expands.

Meanwhile, the specific unresolved questions multiply. How much surveillance is now effectively off-ledger because it is outsourced to brokers or brokered through local agencies? How many jurisdictions have acquired capabilities through grant programs without any public deliberation about privacy costs? How often are commercial data systems doing work that government could not legally do on its own? How much of what gets called intelligence collection is better described as generalized social monitoring with no defined limit?

The surveillance apparatus built over the past thirty years was not inevitable. It was constructed through specific decisions: legislative, judicial, executive, and commercial. Decisions that were made can, in principle, be revisited. But that requires recognizing the system for what it is, not for what its architects say it was built to do.

America did not merely accumulate surveillance powers. It built a surveillance economy.

Economies do not self-liquidate. They have to be dismantled.

That is the unresolved question this investigation leaves standing: not whether the system exists, but whether the political will to address it will ever outpace the institutional and commercial interests that depend on its continuation.

Based on what three decades of evidence shows, that question does not have a comfortable answer.