Seven Government Surveillance Powers You Have Never Heard Of

The surveillance that doesn't require a warrant

Every American has a working mental model of a warrant. A judge signs a piece of paper. Police show up at your door. Specific. Narrow. Adversarial.

That model is obsolete. Most surveillance in 2026 runs on legal mechanisms that don't require probable cause, don't require a named target, and often don't require a judge at all. The Fourth Amendment has been reshaped by two decades of case law and statutory innovation around the edges of the warrant requirement. This post walks through the actual mechanisms.

If you think "I have nothing to hide, so none of this applies to me," read to the end. Most of these tools are dragnets. They sweep in people who were never suspects.

Geofence warrants: the reverse warrant

A traditional warrant names a suspect and asks "show me this person's location." A geofence warrant flips that question on its head: name a location and a time window, then ask "show me everyone who was there."

How it works:

1. A crime is committed at a specific location.
2. Investigators draw a polygon around the location on a map.
3. They submit a warrant to Google (historically the most-served provider) requesting anonymized location data for every device Google recorded inside the polygon during a specified time window (often 30 minutes before through 30 minutes after the crime).
4. Google returns a list of anonymized device IDs with timestamps.
5. Investigators narrow the list (device near location too briefly, device near location before the time window, etc.) and request de-anonymization for the remaining devices.
6. Google returns the Google account holders' names.

The scale problem. A single geofence warrant around a bank during a one-hour window in an urban area typically returns 50 to 500 device records. Every one of those people was near a crime scene. None of them were suspects. Their Google Location History was disclosed to law enforcement anyway.

Legal status as of April 2026.

• Fifth Circuit (United States v. Smith, 2024). Geofence warrants are unconstitutional general warrants violating the Fourth Amendment. Binding in TX, LA, MS.
• Fourth Circuit (United States v. Chatrie, 2024). Reached the opposite conclusion. Geofence warrants are constitutional with appropriate limits. Binding in MD, VA, WV, NC, SC.
• Supreme Court. Cert granted. Oral argument scheduled April 27, 2026. *Chatrie v. United States* will likely be the most important Fourth Amendment case of the decade.

Google's countermove. In July 2025, Google changed Location History to store data on the user's device by default instead of on Google servers. Google now tells investigators it can't respond to geofence warrants for most users, because the data isn't in Google's possession anymore. Apple has had the same architecture for years. This is the most significant structural change in government surveillance access in the last decade. Most of the data simply won't be at the provider anymore.

What remains vulnerable.

• Users who enabled cloud backup of Location History
• Data from apps other than Google Maps that upload location (Uber, Waze, weather apps, Snapchat, Meta apps, and almost any ad-supported app)
• Google Timeline for users who have not migrated to the on-device version

Keyword warrants: the reverse search warrant

Same concept as geofence, applied to search queries. "Show me every person who searched for a specific term in a specific time window."

Real case: United States v. Smith (Colorado). The arson of a Senegalese immigrant family's home in 2020 killed five people. Investigators had no suspects. They served Google with a keyword warrant demanding identity data for everyone who searched the victims' address in the 15 days before the arson. Google returned a list of IPs and accounts. Arrests followed.

The case was appealed. Colorado Supreme Court (October 2023) ruled the keyword warrant was unconstitutional, but evidence was admitted under good-faith exception. Pennsylvania Supreme Court (December 2025) ruled the opposite: keyword warrants don't violate the Fourth Amendment because Google users "have no reasonable expectation of privacy in their search queries" under third-party doctrine.

Why this doctrine is so expansive. Under Smith v. Maryland (1979) and United States v. Miller (1976), information voluntarily shared with a third party has a diminished privacy expectation. Every search query is "voluntarily shared" with Google. The doctrine has been partially narrowed by Carpenter v. United States (2018) for cell-site location data, but that narrowing is explicitly limited and does not extend to search queries.

Tower dumps: the physical-world geofence

Cell tower dumps (also called "cell tower forensic searches") predate geofence warrants. The investigator requests, from a carrier (Verizon, AT&T, T-Mobile), every device that registered with a specific cell tower during a time window. One tower dump can return 10,000 to 100,000 device records.

A 2024 federal audit found a single tower dump request that captured records from 50,000+ people. Every one of them was near a cell tower during the window.

February 2025. The first federal district court ruling declared a tower dump unconstitutional (N.D. Mississippi). Other circuits haven't ruled. The practice continues under varying local rules.

The warrant standard for a tower dump is often substantially lower than a geofence warrant. Carriers have historically complied with court orders that don't meet full warrant standards.

Stingrays / Cell-Site Simulators

Stingray is the generic name for cell-site simulators (CSS). These devices impersonate cell towers to force nearby phones to register. Once registered, the CSS captures IMSI, IMEI, and in some configurations, content.

Deployments in 2026. Federal use is documented (FBI, DEA, Secret Service, ICE). State and local use is widespread. At minimum 75 law enforcement agencies in 27 states, per EFF's Atlas of Surveillance.

Rayhunter project (EFF). A detection system for CSS using cheap Orbic RC400L modems. Achieves 94% accuracy detecting likely CSS activity. As of early 2026, Rayhunter deployments have detected probable CSS activity in Chicago and New York, including at federal buildings and specific protests.

Use doctrine. Courts have split on whether Stingray use requires a warrant. The federal government has an internal policy requiring warrants in most cases (DOJ 2015 policy), but it's policy, not law. State and local agencies vary widely.

National Security Letters: surveillance without a judge

NSLs are administrative subpoenas issued by the FBI under five statutory authorities (18 USC 2709 is the most-used). Key features:

• No judicial approval required. The FBI issues them internally.
• Comes with a gag order. The recipient can't disclose even the existence of the NSL, often for years.
• Very broad scope. Subscriber information, toll billing records, electronic communications transactional records, credit and bank records.

Volume. The FBI has issued roughly 10,000 to 60,000 NSLs per year in recent public reporting. Volume fluctuates year to year. The content-restriction doctrine limits NSLs to non-content records (metadata rather than the actual text of emails or messages), but metadata is often more revealing than content.

Gag order erosion. The USA FREEDOM Act (2015) required periodic review of NSL gag orders. Some NSL recipients (Twitter, Cloudflare, others) have litigated and disclosed receipt after gag orders were modified or lifted. The majority are never disclosed.

Section 702: FISA and backdoor searches

Section 702 of the FISA Amendments Act (2008) authorizes the government to collect communications from non-US persons reasonably believed to be located outside the United States, without individualized warrants. Collection happens in two ways.

• PRISM (downstream). Pulled directly from providers (Google, Yahoo, Facebook, Microsoft, Apple, etc.)
• UPSTREAM. Collected from the internet backbone at peering points.

The backdoor search problem. US persons' communications get routinely swept up in Section 702 collection when they communicate with foreign targets. The FBI can and does query the collected data using US person identifiers, without a warrant, to find communications that mention or involve US persons. That's the "backdoor search."

FBI 702 query volume on US persons (2025). 35% increase over 2024, per ODNI's annual transparency report. FBI query compliance has improved since the 2018 abuses, but remains controversial.

Sunset. Section 702 reauthorization expires April 20, 2026. Reauthorization is the most contested surveillance legislation of the year. The Reforming Intelligence and Securing America Act (RISAA, 2024 reauth) extended 702 with incremental changes but did not eliminate backdoor searches.

Executive Order 12333

EO 12333 authorizes signals intelligence collection outside the United States without statutory restriction or judicial oversight. Ostensibly targets non-US persons abroad. In practice, huge volumes of Americans' data get collected incidentally. This especially hits Americans who travel abroad, communicate with anyone abroad, or use services with foreign infrastructure.

Unlike Section 702, EO 12333 isn't statutory. It's an executive order. The only legal restraints are the intelligence community's own internal policies (Intelligence Community Directive 203, Section 309 of the Intelligence Authorization Act for FY 2015, etc.). No court reviews specific EO 12333 collection.

Pen register / trap-and-trace

Pen registers record outgoing call metadata. Trap-and-trace records incoming. Statute: 18 USC 3121-3127. Standard: "relevance to an ongoing criminal investigation." Substantially lower than probable cause.

The statute has been stretched to cover internet metadata: email sender/recipient pairs, IP addresses connected to, URLs visited (without content). Modern pen registers look nothing like traditional phone-line wiretaps. They often involve ongoing real-time collection of internet routing information.

Third-party doctrine: the root of most of this

Almost every surveillance mechanism above depends on the third-party doctrine, the Supreme Court's 1976 to 1979 holding that information voluntarily shared with a third party has reduced Fourth Amendment protection.

When the doctrine was established, the third parties were banks and phone companies. The information was check amounts and dialed numbers. Today, the third parties are Google, Apple, Facebook, Verizon, Uber, and roughly every app on your phone. The information is everywhere you go, everything you search, everyone you talk to, and most of what you do.

The doctrine was partially narrowed by Carpenter v. United States (2018). The Supreme Court held that cell-site location information from a seven-day period was protected by the Fourth Amendment despite being held by the carrier. Carpenter's narrowing was explicitly limited to CSLI, and lower courts have declined to extend it to most other third-party data.

Post-Carpenter cases: Leaders of a Beautiful Struggle v. Baltimore (aerial surveillance), extended somewhat. US v. Moalin (NSA call metadata), extended somewhat. US v. Miller (2023, financial records), not extended. US v. Chatrie (geofence), Fourth Circuit declined to extend.

Palantir: the aggregation layer

Palantir Technologies (ticker: PLTR) builds the integration platform that connects all of the above into a single usable interface for investigators. Palantir Gotham is the flagship product.

Publicly disclosed government deals. $10+ billion in US government contracts. ICE, CBP, FBI, DoD, Army, Air Force, IRS, Health and Human Services, dozens of state and local agencies.

What Gotham integrates (per published case studies and leaked internal documents):

• DMV records (photos, addresses, license plate numbers)
• Police records (arrest records, incident reports, mugshots)
• Social media (public profiles, friend graphs, posts, metadata)
• IRS records (where authorized)
• Cell records (subpoenaed)
• Facial recognition results (federated across agencies)
• License plate reader feeds (Flock, Motorola, municipal systems)
• Financial records (where authorized)
• Credit records (selectively)
• Commercial data broker feeds
• Utility records
• Deed and property records

Investigators query Gotham with things like: "show everyone named X within 2 miles of location Y between times A and B who drives a blue Toyota with plate beginning 'AB'." The system returns a unified answer drawn from all integrated sources.

Civil liberties concern. The individual data sources have specific legal authorizations. The integrated result has no single authorization. A warrant to query one source doesn't authorize the Palantir cross-reference.

Automated License Plate Readers (ALPRs)

Flock Safety is the dominant commercial ALPR network in the US. Deployed in 4,000+ municipalities. Each camera reads roughly 8,000 to 40,000 plates per day. Plate reads include plate number, timestamp, GPS location, vehicle make / color / distinguishing features.

Flock retains reads for 30 days by default. Access gets granted to participating law enforcement, and increasingly to neighboring jurisdictions via data-sharing agreements. A vehicle passing through multiple Flock-covered cities can be tracked across an entire region without a warrant.

EFF / ACLU litigation. Ongoing in multiple states. A Norfolk, VA case ruled in 2025 that long-term ALPR tracking may violate the Fourth Amendment. The reasoning was modeled on Carpenter. The case is on appeal.

What this all means

The mechanisms above aren't hypothetical. They're deployed, in active use, with measurable volume. The dragnet models (geofence, keyword, tower dump) sweep in people who had no relationship to the underlying crime. The administrative mechanisms (NSL, pen register) operate without meaningful judicial oversight. The intelligence authorities (Section 702, EO 12333) are explicitly designed to permit large-scale collection.

The consistent pattern. Each mechanism is justified as narrow, targeted, and limited. Each is then used at scale. Judicial pushback comes years after deployment, once the tools are already established in law enforcement practice.

What you can do

Against location surveillance.

• Google Maps Timeline set to on-device storage only
• Apple Location Services set to minimum for each app
• Disable "Share My Location" except for a small trusted list
• Disable ad personalization on Google and Apple
• Use a separate Google account or no Google account for Maps

Against communications metadata.

• Signal for messaging (metadata-resistant)
• ProtonMail or Tutanota for email. Doesn't solve the third-party doctrine, but limits scope.
• Avoid SMS for anything sensitive

Against search history.

• Use DuckDuckGo, Kagi, or Brave Search as your daily driver
• Use Google only from a private window or Tor
• Ad and tracker blocking at the DNS layer (NextDNS, Pi-hole)

Against license plate readers.

• Impossible to opt out of. Accept that your routes are logged.

Against aggregated tracking (Palantir-class).

• No individual defense exists. The aggregation itself is the issue. Political organizing toward statutory and judicial reform is the only answer.

The bottom line

The Fourth Amendment no longer governs the bulk of surveillance in the United States. The mechanisms described above cover the dragnet surveillance of ordinary people living ordinary lives. Most of it is legal under current doctrine. Some of it is being challenged. The challenges move slowly. The surveillance scales quickly.

Assume your data is in the system. Behave accordingly.

Sources

1. [Carpenter v. United States, 585 U.S. 296 (2018) — Supreme Court](https://www.supremecourt.gov/opinions/17pdf/16-402_h315.pdf)
2. [United States v. Chatrie — Fourth Circuit](https://www.ca4.uscourts.gov/opinions/222333.P.pdf)
3. [United States v. Smith (Fifth Circuit, Geofence)](https://www.ca5.uscourts.gov/)
4. [Google Location History On-Device Change — Google Blog, July 2025](https://blog.google/products/maps/updates-to-location-history-and-new-controls/)
5. [EFF Atlas of Surveillance](https://atlasofsurveillance.org/)
6. [Rayhunter — EFF](https://www.eff.org/deeplinks/2025/02/eff-launches-rayhunter)
7. [ODNI Section 702 Annual Statistical Transparency Report (2025)](https://www.dni.gov/files/CLPT/documents/2025_ASTR_for_CY2024.pdf)
8. [Flock Safety Transparency Coverage — EFF, 2024](https://www.eff.org/deeplinks/2024/06/flock-safety-alpr-network)
9. [Palantir Gotham Case Studies — Palantir](https://www.palantir.com/platforms/gotham/)
10. [RISAA / FISA Section 702 Reauthorization Coverage — Brennan Center](https://www.brennancenter.org/our-work/research-reports/section-702-fisa-amendments-act-primer)