“Everything, Everywhere, All at Once Surveillance”: Your Questions Answered

Technology that tracks personal information, including one’s location, interests, and online behaviors, has become commonplace. It’s as ubiquitous as the GPS in a car or a home security camera. But that data doesn’t just stay with us; law enforcement agencies are increasingly able to access it, too, and they’re using it to prosecute people. 

At the same time, many local officials across the country have embraced license plate readers and facial recognition cameras in service of public safety. But taken together, all this data tracking at the personal and public levels creates a vast web of surveillance and raises serious threats to privacy. 

It’s a topic we thought our readers might be wondering about, so we asked you to send us questions about how law enforcement uses these forms of digital surveillance. 

We shared many of your questions with Andrew Guthrie Ferguson, a law professor and author of the new book Your Data Will Be Used Against You which provides a deep look into how tracking personal data has become a key tool within the criminal legal system. 

Ferguson says we are now living in an era of “everything, everywhere, all at once surveillance” that society has not fully reckoned with. “It used to be the case that we could live our lives with the presumption of innocence and the ability to avoid law enforcement attention until we did something bad to warrant that attention,” he says. “With mass surveillance systems the presumption evaporates, and we live under the surveillance as if we were all guilty.”

We answer nine of your questions here—select the one you are most interested in from the list below, or keep scrolling to explore them all. 

Which companies and products are tracking personal data?

How do Flock cameras and other surveillance tech work?

What’s most surprising about how our personal data is tracked?

Do police need a warrant to access your email and search history?

How do other countries protect data privacy?

How can we reduce our exposure to digital surveillance?

What local laws could restrict data tracking?

Could cities use surveillance cameras while protecting residents’ privacy?

What groups are fighting digital surveillance?

Keep reading to learn more from Ferguson about digital surveillance and policing, and revisit older installments of our “Ask Bolts” series.

I’ve read that a lot of personal data comes from big tech surveillance used for advertising. Who else is sharing info? Credit card companies? Car manufacturers (with their maps and location information gathering)? —Tired of Tech

The truth is almost everything you do in the digital world reveals your interests, activities, and patterns. Worse, all this data can be potential evidence which can be used against you in a court of law. Your phones reveal where you go through location tracking systems. Identifiers hidden in apps on your phone are sold and resold by data brokers who also sell to law enforcement. Your cars are essentially computers on wheels that track your location and interests through your connected infotainment systems. All that personal data is now available as a form of commercial and criminal justice surveillance.

One of the things I try to get across in my book is that all smart devices are surveillance devices. That is literally what you are paying for—to surveil yourself. The catch is that the companies also have the data and can use it for commercial reasons or, with proper legal authority, give it to the police. The only way to avoid having your data used against you is to have companies destroy or encrypt the information so they cannot obtain it even if requested by police. The problem, of course, is that data companies are in the business of collecting your data to sell it. Your location is valuable to advertisers, so they build systems to collect, aggregate, and then sell the information. 

So, yes, your personal data is being collected for advertising and used for many other ends. 

Are Flock cameras and similar surveillance technology keeping track of all residents’ movements? How long is data retained for these surveillance devices, and where is it stored? — A very concerned citizen, Tennessee

Flock is one of several companies that sell Automated License Plate Recognition (ALPR) cameras to law enforcement. ALPRs are identifying technologies, meaning they allow police to identify all the information about a particular vehicle through its license plate. Essentially, AI-enhanced video analytics in a camera identifies the combination of letters and numbers on a license plate which can be connected to a database about that vehicle and its owner. Depending on the company or service, that information can be limited to just whether the car was stolen or not, or can be the first clue in a larger collection of personal data all linked to that license plate. [Editor’s note: Bolts recently reported on how law enforcement agencies use ALPRs and the privacy activists fighting against them.]

Identifying technologies can become tracking technologies with a high density of cameras that collect license plates over a long period of time. Tracking concerns are real because many of us drive in ways that reveal our activities and interests. For example, if you drive to the cancer center every week for chemotherapy, that might reveal a medical issue. Your license plate might be captured at the hospital, on your drive, and outside your home, and the repeated patterns turn into a clue about your health. Whether you drive to a gun range, church, or political protest, the ALPR hits reveal something about your interests. In aggregation, these patterns can be digitally mined for insights into what you do and who you are.

Different jurisdictions have different densities of cameras and data retention rules. For example, in San Jose, California, the city has 474 cameras recording the streets. Cameras can be placed on police cars, streetlights, bridges, highway overpasses, light poles, or mobile units. The national numbers of ALPR searches are staggering, with billions of license plate recordings all across the country.  

In addition, the license plates are not limited to just motor vehicle information but can be connected to a whole host of criminal justice and public records data. Some companies advertise the growing network of informational data points that can all be linked to a license plate with a single search.  

Key to a concern about tracking is the retention policies of these jurisdictions. For example, in San Jose, the license plate data is kept for 30 days, but in New Hampshire, the license plate data must be deleted almost instantaneously. The laws are different all across the country. New Mexico, for example, just passed a protective ALPR law that forbids New Mexico law enforcement from sharing the data with out-of-state police and forbids use in immigration enforcement or to track people seeking abortion or gender-affirming care. Obviously, a system that deletes the data or limits sharing is more protective against long-term tracking and pattern matching.  

Is there something you think would surprise us for how dangerous data tracking has become, or just something that really scared you when writing this book? — Landry, California

The most surprising takeaway in writing this book was the fact that nothing is too private for prosecution. There is nothing you do in a digital world that cannot be obtained with a judicial warrant (and many times, can be obtained without warrant). Think about the most personal information—a secret note on your phone, records from your period tracking app, data from your smart bed, an embarrassing Google search, or even your digital heart beat from a smart pacemaker. All of it can be obtained by police seeking to prosecute you. Again, smart devices are surveillance devices and unless encrypted or deleted, they can become potential evidence.

Sometimes, of course, this information can be very helpful to police. The secret note that you are planning to kill your boyfriend might be good evidence if your boyfriend ends up dead. But a judicial warrant that could lead to the discovery of the secret note also allows police to rummage through every other bit of your digital life. Maybe that is a privacy cost we are willing to pay, but it does leave us all very exposed. Essentially, if you create the data, they can come for it. And you create a lot of data every day.

Do police need a warrant to search your gmail account? —Girolamo, Texas

As a practical matter, police have been obtaining a warrant to search Gmail and other email accounts. As a constitutional matter, the question is not 100 percent settled.

For many years now, law enforcement has been requesting data from Google about its users. In the first six months of 2025, Google received almost 25,000 warrant requests for data about its customers. The reason for the warrant requirement is that Google’s lawyers demanded it. The company and its lawyers have stated they would not turn over the data without a warrant and law enforcement has complied with this requirement. Federal courts have largely agreed that we have a reasonable expectation of privacy in the content of our email, and thus a judicial warrant is required for revealing the content, but the Supreme Court has not explicitly required it.

Notably, in April 2026, the solicitor general of the United States argued before the Supreme Court that the government did not need a warrant to obtain geolocation data that Google held for its customers. In Chatrie v. United States, the government stated that geolocation information could be obtained without a warrant. However, when pressed about whether that also involved Gmail requests, the solicitor general responded that the position of the United States was that a warrant was required for email. The Supreme Court will decide Chatrie in June and perhaps clarify this issue.

Other forms of digital communication and Google services like search history have different rules. Two courts have recently held that police do not need a warrant to obtain your search history. So, if you googled “nearest abortion services,” “next No Kings protest,” or “how to track ICE agents in my community,” those searches could be obtained by law enforcement without even a warrant. Police can essentially rummage through your most revealing Google search queries and find incriminating evidence against you.

Have other countries pioneered legal approaches to prevent the use of personal data and facial recognition? And, if cities or states in the U.S. follow suit, are courts likely to enable those laws to stay in place? — Jane C.

It is hard to point to a country that has been consistently thoughtful and protective of citizens’ privacy when it comes to law enforcement. While the European Union has been proactive in protecting consumer data, the GDPR does not limit law enforcement use. The EU AI Act does take a risk-based approach to certain policing technologies and offers some protection on higher risk technologies like live facial recognition surveillance. 

That said, anyone flying through Europe or Asia will see many countries fully embracing facial recognition technologies at the border. And police in the United Kingdom are now piloting mobile facial recognition identification on the streets of London. The United States is thus not alone in confronting the dangers of digital surveillance, and while better than some countries, it cannot claim to have solved the problems. 

There is perhaps a happier answer about how courts might respond to city or state regulation of police surveillance technology. Generally, courts have deferred to legislative action recognizing that constitutional rights provide the floor, not the ceiling, of individual rights. If a state legislature wanted to ban facial recognition, there is no countervailing government interest that would overcome that democratic choice. 

In fact, the best place to look for promising solutions is from courageous state legislators who want to protect their constituent’s privacy from mass surveillance. If legislators act, courts will defer to these policy choices.

If the average person wanted to meaningfully reduce their exposure to law enforcement data surveillance today, what actions would actually make a difference, and which ones are basically pointless? — CanadiensFan

I think it is important to reframe the question away from individual actions. The truth is that you and I cannot negotiate with the FBI or Amazon to change how they use our data. We are largely trapped in these technologies of self-surveillance that we have either bought ourselves or bought with our tax dollars. That trap is the centerpiece of my book, and its dilemma is all too real. But how that trap was sprung also reveals the path out. We have been complicit in these self-surveillance systems and we can make our own individual choices about what technologies we want in our homes and what technologies we want our governments to buy for our cities.

Individually, I suggest that you become intentional about the digital conveniences you really need. You might think GPS in your car is indispensable, but maybe you don’t need the cat-cam to watch your feline friend nap while you are at work. Maybe you invest in a more privacy protective smartphone like Apple, and say no to the location tracking requests on the apps you download. The book offers some more practical tips, but the main takeaway is to become more aware of the choices you make every day to contribute to the growing networks of self-surveillance.

Collectively, there are other options. As a voter, maybe you ask your local representative for evidence that the money being spent on a real-time crime center is worth the annual cost of data storage and upkeep. As a representative, maybe you ask to see how many criminal cases were solved by quick response drones before signing the next city contract with the vendor selling the product. These are public expenditures using public funds, but without public accountability for whether they are worth the cost. It is a choice about whether to invest in more surveillance technology, and that money could be spent in other ways to address the root causes of crime.  

What local laws can we help pass through for protection? Or what local laws are on the books that protect us in this moment, and moving forward? — @rosariovpendleton on Bluesky 

Policing is local and regulating police surveillance should also be local. These are the two basic questions I always ask people: (1) do you know what surveillance technologies are in use in your community; and (2) do you know what rules govern those technologies? Whether I am asking an elected member of a city council or just a concerned citizen, the answer is always “no” and “no.” 

This sad reality has democratic power and local control backwards. We should not be asking police what technologies are in use, we should know and have approved of them before our tax dollars were used to buy them. Local democratic accountability should be the baseline for buying new technology. (Editor’s note: Read more in Bolts about the local organizing to pass so-called Community Control Over Police Surveillance ordinances, which two dozen jurisdictions have at this time.)

Transparency about technologies is just the bare minimum. Authorizing powers, audits, and civil liberties risks assessments should also be mandated as part of any procurement decision. Does the technology work? At what cost? What are the risks? Have we considered policies for local approval? These are pretty basic questions and yet are rarely asked before new police technology is purchased. The irony for the companies is that in the few cases where communities have protested about ALPRs, or gunshot detection, or predictive policing, had the technology been explained, vetted, proved to work, and been democratically authorized, they might have been able to keep the contract. But secrecy and failure to engage the impacted communities led to successful protests and cancelled contracts.

Depending on the technology at issue, there are laws on the books that regulate police use. ALPR laws differ state by state. Illinois has a very protective biometric law. Some cities have banned facial recognition and predictive policing. The laws around police drones vary state by state and city by city. While difficult to keep track of, these laws provide some hope that citizens can come together and demand democratic oversight over the technologies used in our names. Police surveillance is a form of democratically mediated self-surveillance, and we should have a voice in deciding how we use that power. At a minimum, we should be able to answer those two basic questions about police use and rules.

Do you think there is a way to design a system that provides the ability to, say, find the license plate of a stolen car, but still be respectful of our residents’ privacy rights? If so, what would the requirements be? — Luke Diaz, the mayor of Verona, Wisconsin

(Editor’s note: Bolts reported earlier this year on Diaz’s effort to rid his town of Flock cameras.) 

All digital surveillance systems can be designed to protect privacy if there exists the political will to make it happen. For example, an ALPR system can be designed for different purposes. One design could focus on solving past crimes. Stolen cars are a problem in many communities, and an ALPR system can be designed to only identify a list of license plates of stolen cars. The system is binary—the license plate records a stolen car (or not) with all of the non-responsive data deleted within a short time. Similarly, in an emergency (an Amber alert) a new license plate can be added in the system until the car is identified. 

New Hampshire has a law that deletes the ALPR data within three minutes if no match is found. In such a system, there is no need to connect additional data or databases to the license plate system. Nor is there a need to retain all the collected data. Tracking is not possible because the data needed for tracking does not exist. 

In contrast, an ALPR design that focuses on collecting license plates because the technology exists to collect, analyze, and find patterns in the data creates a real privacy concern. In North Carolina, for example, ALPR data is collected for three months (90 days). 

Laws around ALPRs involve political choices. Without clear limits, the default of surveillance shifts such that everyone is searched everywhere all the time with the vast majority (99.9 percent) of that collected data being innocent conduct. This is the norm without rules or regulations around ALPR use. While the dataset might provide clues to detectives trying to find patterns in criminal actions, the result is a broad network of surveillance cameras that captures everyone.

Stepping back, it is easy to forget what a significant change this everything, everywhere, all at once surveillance is to the traditional status quo. It used to be the case that we could live our lives with the presumption of innocence and the ability to avoid law enforcement attention until we did something bad to warrant that attention. With mass surveillance systems the presumption evaporates, and we live under the surveillance as if we were all guilty. While we can hope that police will not use this data for nefarious or politicized reasons, that hope might be misplaced in today’s America. ALPR systems should be cognizant of how they can be misused and start with careful, detailed, democratically-accountable limits on use, and only expand after data shows that such an expansion is warranted.

Are there any groups doing a good job to fight back? —@bichonsnuggles on X

If you feel a bit overwhelmed at the growing networks of self-surveillance, there are national civil rights groups, local civil liberties groups, and truth-tellers like journalists who are exposing the problems with growing surveillance powers. I don’t presume to speak for these groups but check out their websites and work. Self-surveillance is a democratic problem and requires a democratic solution. 

A non-exclusive, but still overly long, list of groups doing interesting work on these issues include Electronic Frontier Foundation, the NACDL Fourth Amendment Center, Algorithmic Justice League, DeFlock, the Policing Project at NYU Law, the Brennan Center for Justice, the American Civil Liberties Union, the Lawyers Committee for Civil Rights Under Law, Mijente, Center for Democracy and Technology, Electronic Privacy Information Center, Just Futures Law, and MediaJustice.

Many local organizations are also focusing on it, such as Secure Justice in the San Francisco Bay Area, Lucy Parsons Lab in Chicago, Our Data Bodies in Michigan, the Stop LAPD Spying Coalition in Los Angeles, and Surveillance Technology Oversight Project in New York. And finally, don’t forget that journalists are covering these issues at publications like 404 Media, Wired, Arstechnina, The Marshall Project—and Bolts.