On Courage cover

On Courage

by Julia Angwin And Ami Fields-meyer

The authors of the New Yorker essay “So You Want to Be a Dissident?” profile people who stood up to authoritarianism.

Living in a Dragnet Nation

How can you live freely when every click, swipe, and trip becomes a data point? In Dragnet Nation, Julia Angwin argues that you inhabit an ecosystem of indiscriminate surveillance—a dragnet—where governments, corporations, and data brokers continuously collect, link, and reuse your personal information. She contends that mass surveillance is not a single villain’s plot but a system powered by cheap storage, ubiquitous sensors, favorable legal doctrines, and business models that monetize attention. To respond effectively, you must see the architecture, acknowledge the harms, and adopt layered defenses while pushing for policy change.

You discover how the dragnet works technically and legally (from Moore’s Law to the Third-Party Doctrine), why it expanded after 9/11, and how Silicon Valley’s ad infrastructure turned your behavior into revenue. You also confront the human costs: humiliation, economic sorting, legal jeopardy, and social chilling. Finally, you learn practical tactics—auditing your data, improving basic security, encrypting wisely, using pseudonyms, and blocking trackers—alongside a policy agenda that treats data abuses like environmental pollution.

What a dragnet is—and why it’s everywhere

A dragnet is an indiscriminate sweep of data. Storage and processing became so cheap that companies and agencies can retain years of phone logs, web searches, and GPS traces with little friction. Your smartphone functions as a sensor; your router and loyalty card become data sources. These streams flow into vast databases that cross-link identifiers—email addresses, cookies, ad IDs, credit cards—until your digital doppelgänger can be profiled and manipulated at scale.

Legally, U.S. doctrines lower the bar for collection. The Third-Party Doctrine says you lose a reasonable expectation of privacy when you share data with a service provider. Metadata get laxer rules than content. Border exceptions permit device searches at ports of entry. Together, these rules normalize suspicionless capture (compare the protective intent of the Fourth Amendment). The result is a multi-actor surveillance ecosystem rather than isolated programs.

The post‑9/11 and Silicon Valley convergence

After 9/11, intelligence agencies sought maximum data to preempt threats. NSA director Michael Hayden’s October 4, 2001 memo opened the door to warrantless interception and later bulk phone metadata. Whistleblower Bill Binney’s privacy-preserving ThinThread lost out to large contractor projects like Trailblazer; later FISA amendments legitimated broad collection and algorithmic warrants. Meanwhile, the dot‑com crash nudged Silicon Valley into tracking-fueled advertising: DoubleClick’s legal footing, Google’s and Facebook’s “free” services, and acquisitions like Google–DoubleClick consolidated behavioral profiling into the economy of attention.

Concrete harms you can feel

Angwin shows what these dragnets do to real people. John Gass lost his license to a facial-recognition false positive, costing him income. Yasir Afifi discovered an FBI GPS on his car; even after agents wrote “not a threat,” he withdrew from friends and political speech. Price discrimination appears when retailers and credit-card firms tailor offers by inferred income or ZIP code (Staples, Home Depot, Capital One). Data brokers sell “sucker lists” that exploit the vulnerable. Breaches at Wyndham and others show how you can suffer identity theft without any personal misstep. These harms accumulate into social chilling—and empower whoever holds your data.

Your defensive playbook

Before you hide, you must lock the doors: use a password manager, long diceware passphrases, and two‑factor authentication. Audit your data across platforms, brokers, and government files (Angwin pulled Google search history since 2006, obtained TECS and PNR travel records containing credit numbers and hotel bookings, and requested files from brokers like Acxiom and LexisNexis). Encrypt end‑to‑end where feasible, but remember that usability, key management, malware (FinSpy), and border searches can defeat good math. Block trackers with tools like Disconnect, while recognizing server‑side sharing you can’t stop in the browser.

Pseudonyms, kids, and ethics

Because you can’t prevent all collection, Angwin experiments with identity obfuscation. She builds “Ida Tarbell”—a parallel persona with a companion American Express add‑on, disposable emails (MaskMe), public Wi‑Fi registrations, and even a burner phone carried in an OFF Pocket (a Faraday sleeve). She weighs Sissela Bok’s “publicity test” to justify selective deception while warning against eroding trust (think fake reviews). For parents, she proposes teaching privacy as a craft—playful password creation, tracker blockers, and pseudonyms—while pushing schools for transparency under weak regimes like COPPA and FERPA.

Policy: from personal tactics to public rules

Angwin argues you can’t opt out your way to safety. Treat data overreach like pollution: demand transparency, access, correction rights (extend FCRA‑style protections), and accountability. Use an “unfairness checklist” to judge any dragnet’s intrusiveness, bias, benefits, rights, and ability to withstand public scrutiny. Don’t rely on markets to price your privacy—your data are non‑scarce and often worth pennies (Acquisti’s research). The endgame is a healthier information ecosystem, not abstinence from technology.

Core promise

Understand the system, mitigate your exposure, and push for rules that make the powerful play fair. That is how you live, and act, in a dragnet nation.


Architecture of the Dragnet

Angwin maps how broad, suspicionless tracking actually works so you can target your defenses. Think of three pillars: cheap technology, permissive law, and interlocking actors whose incentives align. Each pillar makes surveillance both scalable and sticky, so traces of your life persist and circulate beyond your control.

Technical enablers you carry around

Storage and computation plummeted in cost, so organizations hoard data they once deleted: phone metadata, web searches, Wi‑Fi probes, and GPS trails. Your phone is a rolling sensor; your router and smart TV relay behavior; loyalty cards and credit networks log purchases. Ubiquitous identifiers—cookies, device fingerprints, ad IDs—let companies follow you across contexts. Even malls deploy phone-signal trackers and stores test facial recognition (FaceFirst) to link the browser to the body.

On the web, sites invite dozens of third parties to watch you. Krux counted 328 trackers on the top 50 content sites in 2013 (up from 167 in 2011). BlueKai, DoubleClick, AddThis, Coremetrics, Bazaarvoice—scripts that feel invisible—assemble a behavioral mirror that predicts your preferences and vulnerabilities.

Legal and doctrinal scaffolding

The Third-Party Doctrine treats information shared with providers (banks, ISPs, platforms) as outside constitutional privacy. Metadata often faces lighter oversight than content; border-search exceptions allow device review at ports of entry without warrants. The practical result is an asymmetry: your life is captured by default, while your ability to access or correct records remains limited (contrast with the Fair Credit Reporting Act’s rights in the credit context).

Who tracks you—and why collaboration amplifies power

Government ranges from intelligence (NSA’s bulk collection and PRISM access revealed by Snowden) to local police with license-plate readers. Commercial actors include advertising platforms (Google, Facebook), retailers, mobile carriers (AT&T and Verizon selling location), and data brokers (Acxiom, TLO, LexisNexis). Individuals also run dragnets: drones, dashcams, and neighborhood cameras extend the gaze into daily life.

These actors interoperate. Voter rolls sold to brokers get enriched and sold back to campaigns (Aristotle). Airline passenger name records (PNRs) and DHS systems (TECS, ATS) ingest commercial travel data. Nielsen scraped PatientsLikeMe forums; social buttons on sites leak names or emails to third parties that can re-identify “anonymous” cookies. This dark data cycle launders public and commercial records into dossiers used for targeting, risk scoring, and investigation.

Server‑side sharing: what blockers can’t see

Even if you harden your browser, publishers can send your attributes from their servers directly to brokers. Angwin and researcher Ashkan Soltani found WSJ.com feeding BlueKai, DoubleClick, and Twitter via backend pipelines, beyond the reach of NoScript or Adblock. Once you “let a service into your tent” by logging in, it can trail you across the web unless you also restrict third‑party cookies and segregate sessions.

Takeaway

The dragnet’s power comes from overlap: cheap sensors, permissive law, and actor collaboration. To defend yourself, you must disrupt linkages—between devices, identifiers, and accounts—while recognizing that some flows happen where you can’t see them.


Harms and Chilling Effects

It’s tempting to shrug at tracking until you see the human toll. Angwin focuses on concrete harms—dignity, dollars, and democracy—and shows how subtle pressure converts into self-censorship. History provides a warning: even limited surveillance can corrode freedom; at today’s scale, the damage multiplies.

A historical mirror: the Stasi files

In Berlin’s Stasi archives, Angwin notes how relatively “small” paper files, built from human informants and mail interception, produced pervasive fear. People altered friendships and speech to avoid suspicion. If such manual surveillance chilled a nation, what happens when today’s automated dragnets trace every click and trip? (Compare Foucault’s Panopticon: the possibility of being watched changes behavior.)

Freedom of association and self-censorship

Yasir Afifi discovered an FBI GPS under his car after a Reddit thread mentioned airport security. Agents eventually concluded he was not a threat, but the experience cost him friendships and silenced his online speech. This echoes Supreme Court worries that surveillance can suppress association (see the NAACP membership case). One brush with the dragnet can turn a citizen into a self-monitor.

Economic and personal harms you pay for

Firms quietly sort you by inferred income and geography. Angwin documents price differences at Staples and Home Depot and credit-card offers calibrated by ZIP code (Capital One, Discover). Brokers sell lists of the vulnerable—“sucker lists”—that scammers exploit, while data breaches at Wyndham and elsewhere push identity theft costs onto victims. Foster kids like Jaleesa Suell saw credit ruined by impersonators; breaches enable tax and medical fraud. These losses are regressive and often invisible to those profiting from the data.

Policing mistakes and opaque watch lists

John Gass fell prey to a facial-recognition false match that revoked his license and livelihood. Airport body scanners invert the presumption of innocence. Large-scale programs—bulk metadata, PRISM—feed opaque watch lists with little avenue for due process. The “police-lineup dragnet” treats everyone as a suspect, and error rates, however small, can devastate lives when scaled to populations.

The Hall of Mirrors goes personal

Ad tracking bleeds into intimate harms. Facebook’s targeted ads “outed” Rayne Puertos on a shared work PC. Rapleaf tied browsing to political contributions, serving Linda Twombly tailored political messages. Teenagers like Cate Reid and Jenna Maas faced weight-loss and hobby ads inferred from browsing. Personalization becomes manipulation when it targets moments of vulnerability (Ryan Calo’s warning) and primes behavior in your blind spots.

Civic cost

Each small harm—humiliation, a lost job, a pricier offer—adds up to a society where fewer people speak, organize, or experiment. The dragnet redistributes power to institutions that hold the data and away from individuals who become predictable, pliable targets.


From 9/11 to Ad Tech

To understand why surveillance feels inescapable, you need the twin backstories: a national security surge that normalized mass data collection and a tech industry pivot that made your behavior the product. Angwin traces how these forces converged into a surveillance supply chain that feeds itself.

The post‑9/11 legal pivot

In the days after 9/11, NSA director Michael Hayden authorized warrantless interception connected to Afghanistan (October 4 memo). Emergency measures expanded into bulk metadata, contact chaining, and broad taps. Whistleblower Bill Binney resigned rather than back domestic dragnets; his ThinThread design embedded privacy protections but lost to Trailblazer’s contractor-led sprawl. FISA amendments later codified algorithmic warrants and corporate cooperation, culminating in PRISM’s company-to-agency data firehose (revealed by Edward Snowden).

Silicon Valley’s business model shift

The dot‑com crash killed many retail software dreams; ad-funded “free” services replaced them. Tracking cookies, legitimized by key rulings (Judge Buchwald, 2000), let third parties place code through websites. Google, Facebook, and others scaled attention markets; acquisitions like Google–DoubleClick and AOL–Tacoda consolidated cross-site tracking and auction-based ad targeting. Data became the oil of the web—collected by default, repurposed relentlessly.

Data brokers bridge offline and online

Brokers like Acxiom and Experian evolved from mailing lists and credit files to hybrid profiles that link DMV, voter rolls, warranty cards, and ecommerce trails. TLO and LexisNexis can produce multi‑page dossiers listing your addresses since 1989. BlueKai packages behavioral segments for real-time bidding. This broker layer serves marketers, insurers, debt collectors, and—through purchase or compulsion—law enforcement.

Converging incentives lock in the dragnet

Security agencies want large, connected datasets to reduce uncertainty; tech firms profit from granular behavioral prediction. The feedback loop reinforces collection: corporate profiles feed government risk scoring; government demands justify more corporate logging. Airline PNRs flow into TECS and ATS; campaigns buy enriched voter files; mobile carriers monetize location data (AT&T, Verizon). Each handoff strengthens the next, reducing transparency and raising the cost of opting out.

Bottom line

Surveillance at scale wasn’t inevitable; it was built at the intersection of fear and profit. Reform must address both—the laws that lower collection thresholds and the markets that reward behavioral extraction.


Audit, Security, and Encryption

Before you try to disappear, figure out what already exists and lock down the basics. Angwin shows how to run a personal data audit, fix the easy security holes, and deploy encryption realistically—accepting the usability and operational trade‑offs that derail many good intentions.

Run a practical audit

Start with major platforms. Google held Angwin’s search history back to 2006 and listed 2,192 email correspondents. Facebook’s archive was partial and opaque; Twitter provided a full tweet download. Then move to data brokers. Angwin contacted 200+ brokers: Acxiom and Datalogix returned demographic propensities; TLO and LexisNexis produced detailed address and association histories. Don’t forget government records: DHS returned TECS and PNR files showing international flights, hotel bookings, credit card numbers, and internal notations. You’ll likely find surprising links—employer travel systems forwarding details to government databases.

Prioritize by threat model

Angwin distinguishes between indiscriminate dragnets and targeted investigations. For dragnets, protect high‑signal data such as location, search, and browser history. For targeted threats, harden account access and communications (strong authentication, end‑to‑end encryption). Use the “mud‑puddle test”: if a service can restore your account after you “forget everything,” it probably retains recoverable access to your data. Favor zero‑knowledge models.

Get the basics right

Angwin’s Twitter hack proves human error is the front door. Use a password manager (1Password), create long diceware passphrases, and enable two‑factor authentication on email, banks, and social accounts. Write down the master passphrase and store it securely rather than reusing weak passwords. Back up devices; cover webcams; shred sensitive paper. These boring habits outperform exotic tools you won’t maintain.

Use encryption, but mind the weak links

Public‑key email (GPG) is powerful but brittle. Angwin struggled to integrate Enigmail with Postbox, needed colleagues to troubleshoot, and faced compatibility snags. Keys are modern codebooks—guard them offline (smartcards, locked drawers) and plan for border crossings (clean devices, ephemeral keys on thumb drives you can destroy). Remember, encrypted traffic can attract retention by intelligence agencies, and endpoint malware like Gamma Group’s FinSpy can bypass crypto entirely by capturing keystrokes and screens.

Choose tools that fit your life

For chat, OTR over Jabber with Tor provides confidentiality and deniability, but upgrades can break settings. Tails (a live OS) offers a clean environment if a trusted friend helps you install it. Silent Circle made mobile crypto easier but sometimes failed in key exchanges, creating missed messages. Aim for “conventional tools you will actually use,” pay for sustainable projects, and accept some friction to gain meaningful protection.

Rule of thumb

Security is layered: fix passwords and authentication first, then add encryption where necessary, and always assume the endpoint—not the math—is your most likely failure point.


Pseudonyms, Opt-Outs, and Blocking

When you can’t stop collection, you can reduce linkability, jam the signals, and make it harder to build a coherent file about you. Angwin experiments with alternate identities, tests the commercial “opt‑out” maze, and fights ad trackers—learning the ethics and limits of each tactic.

Build selective pseudonymity

Angwin creates “Ida Tarbell” for low‑stakes transactions that don’t require real identity: restaurant reservations, product accounts, and shopping sign‑ups. She uses disposable emails and phone numbers (MaskMe), registers accounts over Tor or public Wi‑Fi to break IP ties, and links an American Express additional card to Ida so legitimate purchases don’t expose her primary identity. Offline, she buys a prepaid burner phone with cash and tucks it into an OFF Pocket (a Faraday sleeve) to prevent location tracking—discovering how shops still demand personal info and how juggling dual devices strains daily life.

Navigate the ethics

Is lying okay? Angwin uses Sissela Bok’s “publicity test”: would your deception be defensible if universal? Protecting yourself from profiling and PRISM‑like dragnets can pass that test; fabricating reviews or catfishing does not. She warns that anonymity channels can devolve into criminal ecosystems (E‑gold, Liberty Reserve) and that services promising perfect secrecy may shutter under pressure (Lavabit). Use pseudonyms to rebalance power, not to erode trust.

The opt‑out illusion

Angwin catalogs 212 data brokers; only 92 offer opt‑outs. Some demand your driver’s license or SSN; others charge fees (Mugshots.com $399; SearchBug $27.95). She hires Catalog Choice (TrustedID) and Abine’s DeleteMe; both partially fail, citing bugs and technical issues. Results are patchy suppression, not deletion. Worse actors keep the most durable copies. You must decide whether to entrust even more data to opt‑out services with uncertain outcomes. (Note: this stands in stark contrast to the FCRA’s regulated access/dispute process for credit files.)

Fight trackers—accept the arms race

Incognito mode only wipes local history after a session; it doesn’t stop trackers. Ad industry “opt‑out” cookies are paradoxical: you need a cookie to say you don’t want cookies. Do‑Not‑Track is mostly ignored. Going nuclear with NoScript and Adblock Plus blocks many trackers but breaks sites (Amazon, Apple, FreshDirect) and conflicts with tools like password managers. Ghostery once defaulted to allow lists and had industry ties; Disconnect was mission-driven to block social/search tracking. Even then, server‑side data sharing bypasses your browser entirely.

Social networks: trust versus exposure

Public connections act as trust signals (Judith Donath, danah boyd), yet they expose your social graph to mining and manipulation. Angwin unfriends 600 contacts and closes LinkedIn, then uses Ida to keep a toehold. A college student, Gaeby Todesco, deletes Facebook before job hunts to avoid “red cup” photos, only to find herself cut off from news and perceived as mysterious by dates. Pseudonymity is a practical compromise: use real identity when verification benefits you; use aliases when it doesn’t.

Practical stance

Mix identities purposefully, audit and trim exposure, block what you can, and expect imperfect results. Your goal isn’t perfect invisibility—it’s to raise the cost of correlating you.


Raising Kids, Changing Rules

Parenting in a dragnet nation means protecting children without turning their lives into a surveillance project. Angwin shows why well‑meaning monitoring can backfire, how laws leave gaps around kids’ data, and how to teach privacy as a shared craft—while pushing for institutional change.

The surveillance reflex—and its cost to curiosity

Authorities often counsel maximum oversight: the American Academy of Pediatrics, the FBI, and DHS promote tools that give parents direct access to kids’ accounts (sometimes covertly). But studies suggest surveillance can sap intrinsic motivation and turn learning into compliance (Lepper & Greene). Covert tracking also teaches secrecy rather than judgment. The risk: children grow up performing for the camera instead of experimenting, failing, and reflecting.

Legal gaps: COPPA and FERPA

You might assume children’s data enjoy special protection. COPPA requires parental consent under 13, but many sites simply avoid serving kids, and parents often lie about ages to unlock tools (Angwin created a Gmail account for her seven‑year‑old). FERPA lets schools share directory and educational data and to contract with vendors; projects like inBloom showed how student records can flow to third parties with limited parental recourse. Unlike credit files, there’s no robust right to audit or correct much of what schools upload to vendors.

Teach privacy as play

Angwin invites her daughter Harriet into privacy projects: rolling dice to create strong passphrases (even selling them to adults), installing Ghostery and later Disconnect Kids, and adopting pseudonyms for nonessential accounts. They celebrate privacy‑positive brands (DuckDuckGo’s duck) and discuss permanence before posting photos. This reframes privacy from prohibition to craft: something you practice together, not a list of “don’ts” to evade.

Family tactics that scale

  • Co‑create house rules: when to post, who to friend, and how to use pseudonyms.
  • Model good hygiene: password managers, two‑factor authentication, and backups.
  • Limit the public archive of childhood; share privately or ephemerally, and explain trade‑offs.
  • Engage schools: ask for vendor lists, data flows, and opt‑outs where possible.

Push for systemic fixes

Personal tactics help, but rules matter. Advocate for transparency dashboards at the district level, third‑party contract limits, data retention caps, and parental access/correction rights. Treat school data like a regulated asset with audit trails and deletion policies. The long game is cultural too: reward products and curricula that design for privacy by default.

Guiding principle

Raise skeptical, skilled kids who understand how systems see them—and advocate with you to change those systems.


An Unfairness Doctrine

You can’t fix dragnet harms with personal tactics alone. Angwin’s policy argument reframes data abuse as pollution: invisible, cumulative, and profitable precisely because its costs are externalized onto you. The remedy is transparency, accountability, and enforceable rights—without demanding technological abstinence.

Privacy as pollution

Like the Cuyahoga River fire spurred environmental reform, data scandals reveal systemic risk. The Clean Air and Clean Water Acts didn’t halt industry; they changed incentives through measurement, public reporting, and penalties. Similarly, disclosure regimes (think Toxics Release Inventory) can pressure data handlers to curb excess collection and leaks. Sunlight makes reputational risk real.

A practical unfairness checklist

  • Rights: Do individuals have access, correction, and dispute rights over the data?
  • Accountability: Are operators liable for misuse and breach?
  • Intrusiveness: Is the scope proportional to the stated purpose?
  • Benefits: Are societal gains demonstrable and audited?
  • Bias: Does the system encode racial, religious, or economic unfairness?
  • Publicity: Can the dragnet withstand informed public scrutiny?

Use this checklist on any proposal—from license‑plate readers to retail facial recognition—and demand independent evaluation. If a program fails, scale it back or end it.

Why markets won’t save you

Turning data into property you sell sounds empowering, but it fails in practice: copies are cheap, brokers already hold your information, and average per‑person value rounds to pennies (the Financial Times pegged many categories at fractions of a cent; Alessandro Acquisti shows people systematically undervalue privacy once leaked). You risk legitimizing extraction without leverage to bargain. Rights and rules outperform one-off transactions.

Policy tools that work

Extend FCRA‑style access, correction, and adverse‑action notices beyond credit files to data-broker dossiers and risk scores. Mandate breach liability and data minimization. Require auditable retention limits and deletion. Support a dedicated Information Protection Agency (EPA analog) with rulemaking and enforcement powers. Standardize opt‑outs as meaningful deletion, not temporary suppression. Protect pseudonymity for low‑risk contexts while tightening authentication only where safety demands it.

North Star

Design a data economy that preserves the benefits of personalization and security while eliminating indiscriminate, unaccountable collection. Fairness is not anti‑technology; it is pro‑democracy.

Dig Deeper

Get personalized prompts to apply these lessons to your life and deepen your understanding.

Go Deeper

Get the Full Experience

Download Insight Books for AI-powered reflections, quizzes, and more.