The Freedom From
Surveillance Act
You have the right to move freely, live privately, and exist without being tracked, scored, profiled, or sold. This Act makes that right enforceable — against data brokers, against government overreach, and against the invisible industry that built a file on you without asking.
⬇ Download Full Bill (PDF)Ten titles. One principle.
End data brokerage
750+ companies built secret files on you. This Act shuts them down unless you say yes.
Restore the Fourth Amendment
The government cannot buy what it is constitutionally prohibited from seizing.
Free movement
Your license plate, your phone, your face — none of it tracked without a warrant.
Connected device rights
A real off switch for your car, your phone, your TV, and your smart home.
Digital identity protection
Age verification that doesn’t become a surveillance database. Biometrics you control.
Financial & workplace privacy
Your purchases, your keystrokes, your location after hours — not the government’s business.
“Technology exists to serve the American people — not to dominate them. Every person has an inherent right to move freely, live privately, and exist without being tracked, scored, profiled, or sold.”
— Core Principle, Freedom From Surveillance ActTITLE I — FINDINGS: The Surveillance Crisis
What is mass surveillance — and why does it affect you personally?
Most people think surveillance means a government agent watching you. Today it mostly means a vast, invisible industry collecting your location every few seconds, your health searches, your purchases, your political beliefs, your relationships — then selling that information to anyone who pays. Law enforcement buys it to avoid getting a warrant. Foreign governments buy it to identify and target Americans. Advertisers buy it to manipulate you. You never agreed to any of it. There is currently no comprehensive federal law stopping it.
The numbers
More than 750 data brokers operate in the United States with no comprehensive federal regulation. The industry is projected to exceed $561 billion by 2029. Foreign adversaries including China and Russia purchase detailed profiles of U.S. military personnel and ordinary citizens for pennies per person. ICE has scanned the driver’s license photos of 1 in 3 American adults and can locate 3 in 4 adults through commercial records — without a single warrant. Flock Safety performs over 20 billion license plate scans per month across 49 states, feeding a national law enforcement database with no warrant requirement.
The Privacy and Civil Liberties Oversight Board — the primary federal body ensuring surveillance programs respect civil liberties — was rendered nonfunctional in early 2025 when three of its members were removed by executive action. This Act restores it.
TITLE II — The Data Broker Prohibition & Regulation Act
Data brokers: the industry that built a file on you without asking
A data broker is a company whose entire business is collecting information about you — from your phone, your purchases, public records, social media, and hundreds of other sources — and selling it. You have never heard of most of them. You never signed up with them. You cannot easily find out what they know or demand they delete it. This title requires them to get your real, specific permission before collecting anything. It gives you the right to see your file, correct it, and delete it — all at once, with one request, through a free federal portal.
Key provisions
Consent required. No personal data may be collected, compiled, sold, or shared for commercial purposes without prior, specific, informed, freely given written consent. Consent buried in terms of service is void. Consent required as a condition of using a service is void.
Prohibited practices. Selling location data without a warrant. Selling sensitive data (health, religion, sexual orientation, immigration status, political affiliation) under any circumstances without explicit consent. Selling any data to law enforcement or foreign governments without a warrant. Retaining data beyond 90 days without re-consent. Selling data about minors under any circumstances.
The National Delete Portal. One free request deletes your data from every registered broker within 45 days. Failure to comply: $500 per consumer per day.
Your rights under this Act
- Right to Know — See everything any broker holds on you, including who they sold it to, within 30 days.
- Right to Delete — Demand complete deletion within 30 days, confirmed in writing.
- Right to Correct — Fix inaccurate data.
- Right to Opt Out — Stop all collection at any time, effective within 48 hours.
- Right to Sue — $1,000–$10,000 per violation, plus punitive damages and attorney’s fees. Class actions authorized.
TITLE III — The Fourth Amendment Enforcement Act
The government cannot buy what it is constitutionally prohibited from seizing
The Fourth Amendment says the government needs a warrant to search you. But for years, federal agencies have been paying data brokers for your location history, your associations, your movements — bypassing the warrant requirement entirely by using a credit card instead of a court order. Senator Ron Wyden called it “warrantless surveillance by credit card.” This title closes that loophole completely. If the government needs a warrant to seize it, it needs a warrant to buy it. No exceptions. No workarounds.
Government data purchase prohibition. No federal, state, or local government agency, law enforcement agency, intelligence agency, or any contractor acting on their behalf shall purchase or otherwise obtain personal data from a commercial data broker for surveillance, investigative, or intelligence purposes.
Warrant requirement for all location access. No government entity shall obtain or use the location data of any person — from any source including brokers, carriers, connected vehicles, license plate readers, or cell-site simulators — without a warrant based on probable cause, issued by a neutral magistrate. Bulk or mass location data orders are prohibited. Warrants may not exceed 30 days. Evidence obtained in violation is inadmissible.
What is a geofence warrant — and why is it banned?
A geofence warrant asks Google or Apple to identify every person whose phone was in a specific location during a specific time — the entire block, the whole neighborhood, everyone at a protest, everyone who visited a clinic. Police have used them to get lists of hundreds of people and then investigate all of them with no individual suspicion. These are the digital equivalent of the “general warrants” — search everyone, find something — that the Fourth Amendment was written specifically to prohibit. This Act bans them entirely.
Fusion center reform. All 79 federally funded fusion centers face mandatory independent annual audits with public release of findings. Monitoring of political activity, protests, demonstrations, religious observance, journalism, or any First Amendment-protected activity is expressly prohibited. Citizens have the right to request any record a fusion center holds on them.
TITLE IV — The Free Movement Act
Your right to drive, walk, and move without being permanently tracked
Right now, a company called Flock Safety scans over 20 billion license plates every month across 49 states, storing where your car was and when, sharing it with law enforcement nationwide — with no warrant required. Police have used this network to track vehicles at protests and target activists. Cell-site simulators at demonstrations sweep up the phones of every bystander within range. Facial recognition is being used in real-time on public streets in some cities. This title says: your physical movements belong to you. A warrant is required before the government tracks them.
License plate readers (ALPRs). May only be used to check against a hotlist of vehicles in active, specific criminal investigations. Non-matching records must be deleted within 24 hours. No sharing with immigration authorities, foreign governments, or commercial entities. No national database. No movement profiling without a warrant.
Cell-site simulators (Stingrays). Warrant required, naming the specific target device. All data from bystanders must be immediately and permanently deleted. Prohibited at protests, demonstrations, religious gatherings, or any First Amendment-protected activity.
Drones. Warrant required for any surveillance. No deployment at protests or political events. No facial recognition or crowd-identification equipment. Footage deleted within 72 hours unless part of an active warranted investigation.
Facial recognition. Immediate two-year moratorium on all government use. Post-moratorium: warrant required, specific suspect only, no real-time crowd surveillance, minimum 99.9% accuracy across all demographic groups, no arrest based solely on a facial recognition match.
TITLE V — The Connected Device Privacy Act
Your car is watching you. Your phone is selling you. Your TV is listening.
GM’s OnStar was transmitting the precise location of customers’ cars to data brokers as frequently as every three seconds — without most drivers knowing. A weather app you downloaded is tracking your location 24 hours a day and selling it through an embedded tracking kit from an advertiser you’ve never heard of. Your smart TV records what you watch. Your Amazon or Google speaker records household conversations. This title requires a real off switch — hardware level, not buried in settings — for all of it, and prohibits the sale of any of this data without your specific consent.
Connected vehicles. No collection, storage, or transmission of vehicle data — location, driving behavior, voice recordings, passenger information — without specific affirmative consent not required as a condition of vehicle use. No sale to insurers, employers, law enforcement, or brokers. A real, accessible, hardware off switch required on every vehicle.
Smartphones and apps. No precise location collection without a clear, separate consent screen before access is granted. Location granted for one purpose may not be used for another. All embedded tracking SDKs must be disclosed. Apple and Google must implement a universal, system-level ad tracking kill switch — default off on all new devices.
Smart home and IoT. Physical hardware privacy switches required on all microphone, camera, and location-sensor devices. Ring and Nest systems prohibited from sharing footage with law enforcement without a warrant. Smart TV viewing data and voice recordings may not be sold without specific consent.
TITLE VI — The Digital Identity Protection Act
Age verification is building a surveillance database — without most people realizing it
Twenty-five states now require you to upload your government-issued ID to access legal websites. This sounds like child protection. In practice it means millions of Americans are uploading their driver’s license to private companies that are keeping that data, linking your real identity to your browsing history, and in several cases have already suffered data breaches. This title says age verification must work without anyone ever seeing or storing your ID — the technology to do this exists and is called device-local verification. If a company can’t do it that way, they can’t do it at all.
Age verification. Must be performed locally on the user’s device. No personally identifiable information transmitted to any server. Result is only a yes/no age confirmation. Any provider suffering a data breach involving government IDs: mandatory minimum $1 million civil penalty per affected individual.
Mobile driver’s licenses. No “phone home” — no notification or log transmitted to the state when your license is scanned. States may not maintain logs of when and where your mobile ID is verified.
Biometric data. Fingerprints, iris scans, facial geometry, voiceprints, gait patterns, and DNA cannot be changed if compromised. No private employer may collect biometrics without specific written consent. No government agency may add commercially obtained biometric data to any law enforcement database. Data breach: $10,000 per affected individual, notification within 48 hours.
TITLE VII — Personal Privacy in the Digital Age
Your purchases, your keystrokes, and your location after work are not your employer’s — or the government’s — business
After January 6, federal agencies began requesting bulk financial transaction data from banks — not targeting specific individuals, but sweeping up thousands of people at once. Some employers now use AI systems that score workers’ “productivity” by monitoring keystrokes, eye movements, and facial expressions all day. GPS trackers on company vehicles follow workers after hours. This title draws clear lines: your money requires a warrant. Your face at your desk is not a performance metric. And your location after work is yours.
Financial surveillance. No bank or payment processor shall share individual transaction data with any government agency without a warrant based on probable cause. No bulk monitoring of consumer purchases. Central Bank Digital Currencies, if implemented, must carry the same privacy protections as physical cash.
Workplace surveillance. Without specific written revocable employee consent, prohibited: keystroke logging on personal devices, continuous biometric monitoring, AI productivity or sentiment scoring using behavioral data, GPS tracking outside working hours. Employees who refuse consent for prohibited monitoring may not be fired or disciplined on that basis.
Social media surveillance. No government monitoring of social media without a warrant based on probable cause of a specific crime. Government contracts with social media monitoring services for tracking constitutionally protected speech are void and prohibited.
TITLE VIII — Enforcement, Penalties & Oversight
A law without enforcement is a suggestion. This Act establishes a dedicated Privacy Enforcement Agency — an independent federal agency with a Senate-confirmed director serving a 7-year term removable only for cause, full rulemaking authority, subpoena power, and litigation authority to bring civil enforcement actions in federal court.
Penalty schedule
| Violation | Civil Penalty | Criminal |
|---|---|---|
| Unauthorized data broker operation | $50,000/day | — |
| Selling data to government without warrant | $100,000/transaction | Up to 5 years |
| Selling sensitive data without consent | $10,000/individual | Up to 3 years |
| Selling data to foreign adversaries | $1,000,000/transaction | Up to 10 years |
| ALPR non-compliant retention/sharing | $25,000/day | Up to 2 years |
| Unauthorized cell-site simulator use | $50,000/deployment | Up to 5 years |
| Failure to honor deletion request | $500/consumer/day | — |
| Age verification data breach | $1M/individual | Up to 5 years |
| Government official circumventing warrant | Personal liability | Up to 10 years + termination |
| Fusion center political surveillance | Loss of federal funding | Up to 5 years |
Private right of action. Any person whose rights under this Act are violated may sue for actual damages or $1,000–$10,000 per violation (whichever is greater), punitive damages for willful violations, mandatory deletion of unlawfully obtained data, and attorney’s fees. Class actions are expressly authorized. No terms of service may waive these rights.
PCLOB restored. The Privacy and Civil Liberties Oversight Board is restored to full operational status. Seven members, no more than three from any one party, 6-year staggered terms, removable only for cause. Mandatory public report every 6 months on the state of government surveillance in America.
TITLE IX — Permitted Uses: Technology in Service of People
This Act does not ban technology — it bans surveillance
Navigation still works. Emergency 911 still works. Fraud detection still works. Parents can still monitor their minor children’s devices. Journalists and whistleblowers are fully protected. Businesses can still analyze their own data in aggregate to improve their products. What this Act ends is the invisible, unconsented, industrial-scale collection and sale of your personal life to whoever has the money to pay for it. Technology can be extraordinarily useful. The question is who it serves.
Fully permitted under this Act: navigation apps (location deleted after route completion), 911 emergency services, targeted ALPR for specific active investigations (non-matching records immediately deleted), aggregate de-identified business analytics never sold, fraud prevention and cybersecurity (minimum data, never sold), IRB-supervised academic research with genuine informed consent, journalism and whistleblowing, consensual family location sharing, parental monitoring of minor children’s devices.
TITLE X — Implementation Timeline
“Technology exists to serve the people. Not to profit from them. Not to monitor them. Not to control them. This Act restores that principle into law.”
— Senator Natalie M. Fleming, Idaho