pluralistic.net web signal June 29th 2026

Doctorow argues the surveillance internet is a policy choice

TL;DR

Doctorow argues mass internet surveillance is a policy outcome, not a technical inevitability, because modern encryption can render data unscramblable by unauthorized parties.
He notes Congress has not updated American consumer privacy law since 1988, leaving the commercial surveillance stack to grow in a legislative vacuum.
His pitch is predistribution, banning data collection upfront, rather than redistribution through breakups, fines, and taxes after monopolies form.

Cory Doctorow's latest Pluralistic essay makes a claim worth sitting with if you work anywhere near data: the surveillance internet we have is not a technical inevitability, it is a policy outcome. Modern encryption, he writes, can scramble data so it is "literally unscramblable" by an unauthorized party. The math works. What does not work is the political will to require its use.

His potted history is the part that matters for anyone shipping AI products built on commercial data exhaust. The NSA treated encryption as a controlled munition until Cindy Cohn of the EFF convinced a court that the First Amendment protected publishing code. Congress, he notes, has not updated American consumer privacy law since 1988, and the entire commercial surveillance stack that now feeds ad targeting, training pipelines, and warrantless data purchases by US law enforcement grew up in that legislative vacuum.

The argument he is making is for what he calls predistribution rather than redistribution. Breakups, fines, and taxes are redistribution, you let the harm happen and then try to redress it. Predistribution would be banning the collection in the first place. He frames the commercial data broker industry and the government agencies that buy from it as the same problem, citing reporting on ICE's facial recognition app and on the EU's Chat Control proposal returning yet again.

Take it as polemic, because it is. Doctorow does not lay out a specific bill, and the essay is light on what enforcement looks like once data brokers operate offshore, or how training-data scraping would be treated under a collection ban. The honest caveat is that "ban it at the source" is easy to write and hard to legislate, especially when the buyers include the agencies that would enforce the rule.

What it does give you is a clean framing for a debate the AI industry is about to have whether it wants to or not. If predistribution gains traction, the companies that benefit are the ones that built without commercial surveillance feedstock, and the ones that lose are the ones whose moat is a decade of harvested behavior.

Shared on Bluesky by 2 AI experts

By Cory Doctorow (GPG 0xBF3D9110957E5F4C) @doctorow.pluralistic.net: The EU has the GDPR, but it also has Ireland, the country where all GDPR cases against Big Tech go to die, because any tax haven inevitably … →
Chris Marsden @chrismarsden.bsky.social amplified

By Cory Doctorow (GPG 0xBF3D9110957E5F4C) @doctorow.pluralistic.net

The EU has the GDPR, but it also has Ireland, the country where all GDPR cases against Big Tech go to die, because any tax haven inevitably becomes a crime haven: pluralistic.net/2025/10/31/l... 16/
View on Bluesky →

Originally reported by pluralistic.net

Read the original article →

Original headline: Pluralistic: The internet was made for privacy (31 Oct 2025) – Pluralistic: Daily links from Cory Doctorow