How The MAD Act Addresses Surveillance & Data Privacy

Banning Psychological Profiling, Population-Scale Surveillance & Government Data Purchases

Prohibited
Permitted / Preserved
What the MAD Act Does
Enforcement
Context / Background

Commercial data brokers have assembled databases covering hundreds of millions of Americans without their meaningful knowledge or consent. Federal agencies have systematically purchased this data to acquire information they could not constitutionally compel through a warrant. Cambridge Analytica harvested psychological profiles on tens of millions of Americans and allegedly used them to manipulate multiple electoral cycles. The MAD Act does not regulate data collection — it categorically prohibits the three specific capabilities that make population-scale surveillance a threat: psychological profiling that exploits cognitive vulnerabilities, operational profiles that track individuals across unrelated contexts, and databases large enough to constitute private surveillance infrastructure. At the same time, it immediately terminates every federal contract that purchases commercial surveillance data and bars the practice at every level of government. Ordinary first-party commerce — a retailer knowing what you bought, a platform knowing what content you follow — is explicitly protected. The target is the infrastructure of manipulation, not the infrastructure of commerce.

≡ Findings
The Four Documented Threats Congress Identified
  • Inference-Based Manipulation: The derivation of psychological profiles — personality scores, emotional vulnerability assessments, political susceptibility models — from behavioral data enables persuasive messaging calibrated to exploit individual cognitive vulnerabilities. Congress found this capability has been demonstrated at scale in multiple electoral cycles, enabling private and foreign actors to manipulate political beliefs and electoral outcomes without the knowledge of the people targeted. The mechanism is commercial: the same model built for advertising is deployed for influence operations.
  • Operational Targeting: Comprehensive behavioral baselines — location histories, routines, relationship networks, daily patterns stitched together from unrelated commercial sources — constitute operational targeting packages usable to physically surveil, locate, monitor, harass, detain, or harm individuals. Congress found that the harm is in the raw data itself, independent of any derived inference. A record of where someone is, when they are there, and who they meet can serve as a tool of persecution before a single algorithmic score is applied.
  • Totalizing Coverage: Commercial databases covering ten million or more Americans — in some cases the majority of the adult U.S. population — constitute private surveillance infrastructure. Congress found that the threat is the existence of the database at that scale, independent of current use or stated purpose. Once assembled, such a database creates an irreversible capability for population-scale surveillance and social control available to any government, foreign intelligence service, or criminal organization with the resources to acquire it.
  • Executive Branch Information Asymmetry — the fourth threat, and the reason for JEOS: The constitutional system of checks and balances assumed that all three branches would have roughly comparable access to information about the exercise of governmental power. That assumption no longer holds. Modern signals intelligence, the global surveillance architecture of the Intelligence Community, and a classification system generating tens of millions of derivative classification decisions annually — over 80 million in a single recent fiscal year, per the Information Security Oversight Office — constitute an apparatus of state power operating largely beyond the informational reach of Congress and the courts. An executive branch that classifies the existence of an operation — not merely its contents — can in practice conceal that operation from oversight indefinitely absent a whistleblower or external disclosure. Technology has simultaneously made this asymmetry worse: senior officials have used consumer encrypted messaging apps — Signal, WhatsApp, Telegram — to conduct official business on platforms not designed for government records compliance, and have used auto-delete features that destroy records in violation of the Federal Records Act. Attempts to solve this through compliance tools have proven fragile: TeleMessage, a Signal clone deployed specifically to archive official messages for records compliance, was hacked in 2025, exposed government communications, and was subsequently disabled by DHS — leaving officials again manually responsible for their own records preservation. The MAD Act establishes JEOS to address this structural gap: not as a novel intrusion on executive power, but as the realization of the constitutional design the Framers intended, in the digital communications era.
≡ History
What the Historical Record Established About Executive Oversight
  • COINTELPRO (1956–1971) — the danger of surveillance without accountability: The FBI's counterintelligence program — exposed in 1971 and comprehensively investigated by the Church Committee in 1975–76 — systematically used surveillance capabilities to target, disrupt, and suppress constitutionally protected political activity: civil rights organizations, labor movements, antiwar groups, and political parties across the political spectrum. The CIA, NSA, FBI, and military intelligence agencies conducted systematic surveillance of domestic political activity, infiltrated organizations, and operated covert programs that relevant oversight committees were actively deceived about. Congress found that this pattern recurs whenever surveillance capabilities exist without categorical statutory constraints — and that JEOS is the structural answer: independent Article III oversight that cannot be deceived the way Congress can.
  • Iran-Contra (1986–1987) — off-books communications defeating oversight: Senior executive officials conducted an entire covert foreign policy operation — arms sales to a designated state sponsor of terrorism, diversion of proceeds to a foreign paramilitary force in explicit violation of congressional appropriations restrictions — using personal communications and off-books channels specifically designed to evade congressional oversight. Congress did not learn of it through oversight mechanisms. It was discovered through a foreign newspaper. This is the precise structural evasion JEOS addresses: official conduct conducted through channels that, by design, leave no record accessible to oversight. Officials who find comprehensive monitoring of their official communications objectionable retain the freedom not to seek or hold covered positions.
  • NSA Bulk Domestic Metadata Collection (disclosed 2013) — the scale of what oversight cannot see: The NSA's bulk domestic metadata collection program operated for years before Edward Snowden disclosed it in 2013. The program's existence was classified. The relevant oversight committees were briefed on a restricted basis. The full Congress and the public had no knowledge the program existed. Congress found that this is not an aberration — it is a structural feature: the executive's classification authority over the existence of programs renders traditional oversight mechanisms ineffective not because those mechanisms are legally inadequate, but because they operate on information the executive controls and chooses to disclose. JEOS addresses this asymmetry by placing contemporaneous monitoring authority in an independent Article III body that the executive cannot classify away.
  • Consumer Encrypted Messaging Apps in Official Use (documented 2025–2026): Senior executive officials — including Cabinet members and National Security Council staff — used Signal to discuss classified military operational plans in a group chat that accidentally included a journalist. When this became public, officials switched to TeleMessage — a Signal clone specifically marketed as a records-compliant archiving tool designed to satisfy Federal Records Act requirements by backing up communications to a server. TeleMessage was then hacked in May 2025, exposing government communications, and DHS subsequently disabled it entirely. After disabling TeleMessage, DHS officials were again manually responsible for archiving their own messages — and court filings revealed DHS initially could not locate records from senior officials in response to a FOIA request. Congress found this sequence — violation, attempted compliance fix, hack, disabling of the compliance fix, return to manual self-archiving — is not a series of individual failures. It is a structural problem: records laws that depend on voluntary compliance by the officials being overseen cannot guarantee preservation of the official record. The MAD Act addresses this at the device layer, where collection does not depend on official self-reporting.
  • Nixon v. Administrator of General Services (1977) — the constitutional foundation: The Supreme Court established in this case that individuals who voluntarily seek and assume positions of extraordinary public trust hold a reduced expectation of privacy in all communications relating to the exercise of the powers of those offices. This principle is already embodied in existing requirements: financial disclosure is mandatory for senior officials, background investigation is a condition of security clearances, and records preservation is a condition of conducting government business. Congress found that comprehensive monitoring of Official Communications on enrolled devices is constitutionally the same category — a condition of office, not an intrusion upon it. The Court's analysis in Carpenter v. United States — which emphasized the absence of statutory authorization, judicial supervision, and minimization requirements — is addressed directly by JEOS: collection occurs under explicit statutory authorization, continuous Article III supervision, and strict minimization procedures.
≡ History
What the Historical Record Established
  • COINTELPRO (1956–1971): The FBI's counterintelligence program — exposed in 1971 and comprehensively investigated by the Church Committee in 1975–76 — systematically used surveillance capabilities to target, disrupt, and suppress constitutionally protected political activity: civil rights organizations, labor movements, antiwar groups, and political parties across the political spectrum. Congress found that this pattern recurs whenever surveillance capabilities exist without categorical statutory constraints. Internal agency policy, executive orders, and case-by-case judicial oversight have not prevented the recurrence of this structural pattern.
  • Carpenter v. United States (2018): The Supreme Court held that the federal government cannot use the third-party doctrine to evade constitutional warrant requirements for comprehensive personal data revealing the privacies of life. Federal agencies responded by purchasing the same data commercially — circumventing the ruling's logic while respecting its technical holding. Congress found this strategy constitutionally impermissible and uses this bill to codify and extend Carpenter's principle: if the government cannot constitutionally compel the data directly, it cannot purchase the commercial equivalent.
  • Cambridge Analytica (2016–2018): Cambridge Analytica and its affiliates harvested psychological profile data on tens of millions of Americans from a major social media platform without their knowledge. Those profiles were used to design and target political messaging in multiple U.S. electoral cycles. Congress found that no technical or legal distinction between "commercial" and "political" uses of psychological profiling data is meaningful — the same model, trained on the same data, is deployed against different message content. The commercial pathway that delivers psychological profiles to political actors must be categorically closed.
  • The FTC's Own Findings (2012–2023): The Federal Trade Commission formally found in 2012 that the notice-and-choice consent model — the framework underpinning all commercial data collection — produced long, incomprehensible privacy policies that consumers typically do not read, and that industry self-regulation had failed. Peer-reviewed research through 2023 confirms the situation has materially worsened: privacy policies are now significantly longer, less comprehensible, and privacy regulations intended to improve transparency have paradoxically made them harder to understand. Congress found that consent obtained through these mechanisms is not meaningful, informed, or voluntary — and therefore does not provide a legitimate property foundation entitling data holders to full compensation upon mandatory divestiture.
✗ Prohibited
What the MAD Act Categorically Bans
Psychological Profiles

Any compilation, model, score, index, or derived output that assesses or predicts personality characteristics, emotional state, cognitive vulnerabilities, susceptibility to persuasion, or political beliefs concerning a specific individual. The prohibition is absolute — no commercial purpose, national security justification, or user consent makes it lawful. The test is the nature of the output, not the permissibility of the inputs: feeding permitted first-party data into a model that produces a personality score still produces a prohibited profile.

Operational Profiles

Any data asset, system, or query capability capable of producing a comprehensive behavioral record of a specific individual's locations, routines, associational contacts, or behavioral patterns drawn from two or more independent commercial contexts. The prohibition applies to the capability, not just to stored compiled records — structuring a system to aggregate data at query time rather than in stored form is explicitly prohibited as technical evasion.

Population Coverage Databases

Any database containing Covered Personal Data, Psychological Profiles, or Operational Profiles concerning more than 10 million U.S. persons — or more than 3% of the population of any state, territory, or metropolitan statistical area, whichever threshold is smaller. Congress found that a private database at this scale constitutes surveillance infrastructure incompatible with democratic governance, regardless of its stated commercial purpose.

Precrime Risk Assessments

Any score, index, classification, or predictive output assessing the likelihood that a specific individual will engage in criminal, violent, politically disruptive, or socially deviant conduct, based on behavioral, demographic, associational, or population-level data rather than evidence of a specific past act. The bill exempts actuarial criminal history tools (not population-level scoring), FCRA credit scoring, licensed medical risk models, and the First Step Act's PATTERN tool — each with strict conditions on government transfer and commercial use.

Covert Device Collection

Activation of a user's microphone, camera, or visual input without session-specific consent and a visible persistent on-screen indicator. Capture of keystrokes, draft text (including text deleted before submission — protected as "private thought"), or input data beyond minimum service delivery needs. Real-time mass biometric identification — facial recognition, gait analysis, iris scanning, voice print matching — of individuals in publicly accessible spaces without their knowledge or consent.

Government Commercial Data Purchases

Any Federal Agency, state government, local government, county or municipal government, or tribal government purchasing, licensing, or accessing any Psychological Profile, Operational Profile, Precrime Risk Assessment, Population Coverage Database, or data derived from such prohibited compilations, from any commercial source. All existing federal government data broker contracts are terminated by operation of law on the date of enactment. Agencies must acquire data through constitutionally equivalent collection: warrant, subpoena, or consent.

✗ Prohibited
Advertising Data: What's Banned and What's Not
  • Banned advertising data categories include: psychographic and personality profiles; emotional and psychological state inference from any source; cross-context behavioral aggregation from two or more unrelated platforms through any tracking mechanism; social graph and relationship inference; vulnerability and life-event inference derived from behavioral or purchase data; precise or persistent location data beyond postal-code level or retained beyond the current session; content-consumption-based political, religious, or health inference regardless of how it's labeled commercially; lookalike audience modeling using any prohibited variable; and behavioral prediction scoring predicting responses to persuasive or ideological messaging rather than transactional intent.
  • Content recommendation systems are prohibited from: optimizing for psychological engagement, emotional captivation, session duration, re-engagement rates, or any metric that predicts individual behavioral response rather than whether content falls within a category the user explicitly declared interest in. Notification timing optimization — determining when to push alerts based on when a user is most psychologically susceptible — is specifically prohibited. Progressive emotional intensification (deliberately sequencing content from lower to higher arousal states to increase time-on-platform) is prohibited.
  • Platforms may not secretly scan private messages. No platform providing private electronic messaging may access, read, scan, analyze, or retain the content of private user communications except for: mandatory CSAM detection (hash-matching for platforms over 1M users, AI-based novel detection for platforms over 10M users); specific platform security and integrity functions; user-reported content reviewed solely on the basis of that user's own report; and legal process including warrants, court orders, and emergency disclosures. Scanning private messages for advertising targeting, behavioral profiling, or any commercial purpose is a Tier 3 violation with criminal penalties.
✓ Permitted
What Remains Completely Intact
  • Ordinary first-party commerce: Any entity collecting data within a direct commercial relationship and using it solely to serve that relationship is not covered by the registration requirements and is not subject to proactive audit authority. A retailer may use your purchase history to suggest products. A platform may surface content from accounts you explicitly follow. A search engine may use your current query to return relevant results and matched advertising — without retaining the query as a behavioral record beyond that session. The bill explicitly states: "ordinary commercial data collection for the purpose of providing relevant goods and services to consumers serves legitimate purposes and is not the target of this Section."
  • Contextual advertising: Advertising selected on the basis of the content currently being viewed or the query currently submitted — without cross-session behavioral profiling — is specifically protected. A news site may show you ads related to the article you're reading. A search engine may show ads matched to your current search. What's prohibited is using that context as the starting point for a persistent behavioral profile retained across sessions and combined with data from other sources.
  • Explicit user-declared preferences: If a user affirmatively follows an account, saves content, subscribes to a channel, or selects content categories through a dedicated preference interface — these signals are permitted as recommendation and targeting inputs, including for sensitive categories the user themselves declares. What's prohibited is the platform inferring these characteristics from surveillance without the user's knowledge. A user who affirmatively selects "progressive politics" or "Christian content" as a preference category has made a permitted declaration; the platform inferring those characteristics from behavioral patterns without asking has not.
  • Law enforcement warrant-based collection: Law enforcement retains full authority to assemble an Operational Profile of a specific named criminal suspect using location, communications, or behavioral data obtained exclusively through constitutionally equivalent collection — warrant, subpoena, court order, or explicit consent — where assembly is for the purpose of investigating a specific criminal offense. What's prohibited is law enforcement buying the commercial equivalent of what a warrant would require. Evidence-based violence intervention programs identifying high-risk individuals for the purpose of connecting them with services and support resources are also fully preserved — the restriction is on using risk scores for enforcement decisions, not for intervention and support.
  • Healthcare, financial, and research carve-outs: CMS, SSA, VA, IRS, FinCEN, the Census Bureau, statistical agencies, and the FDA retain authority to hold data required for their specific statutory functions, subject to technical isolation requirements and annual audit. Clinical trials, IRB-approved epidemiological research, and FDA-mandated post-market surveillance retain authority to collect detailed health and behavioral data under strict conditions. Consumer reporting agencies retain FCRA authority with mandatory technical isolation of credit data from commercial operations. Licensed mental health applications may collect therapeutic data within the clinical relationship, subject to an absolute prohibition on third-party transfer.
  • Journalism and press exemption: Journalists, news organizations, nonprofit investigative journalism organizations, and documentary filmmakers may collect, process, and retain Covered Personal Data — including data that would otherwise constitute an Operational Profile — for the purpose of newsgathering, investigation, and publication on matters of genuine public concern. The exemption does not extend to covert audio and video collection in private spaces, real-time biometric identification in public, or psychological profiling, which apply to journalists without exception.
  • Small business exemption: Any entity with global revenues under $40 million annually, collecting data on fewer than 200,000 U.S. persons, and deriving less than 25% of revenues from third-party data transfers is exempt from registration, mandatory independent audit, and proactive audit authority. Small businesses remain fully subject to all substantive prohibitions — the exemption is procedural, not substantive. Anti-structuring rules prevent deliberate corporate fragmentation designed to fall below the thresholds.
† Reform
What Happens to Existing Databases
  • 90 days after enactment — certified inventory due: Any entity holding a Population Coverage Database must submit a certified divestiture inventory to the Bureau, prepared by an independent technical auditor and specifically enumerating every system — primary databases, backup systems, cold storage archives, disaster recovery systems, off-site backups, cloud storage instances, and third-party backup services — and the total volume of above-threshold records in each. It is not a defense to have failed to maintain a comprehensive inventory of all systems.
  • 135 days after enactment — certified destruction complete: All above-threshold records in all enumerated systems must be permanently and irreversibly deleted. Divestiture means destruction — sale or transfer to any other entity, anonymization, de-identification, tokenization, or any other transformation without deletion are independently prohibited and do not constitute compliant divestiture. The CEO and Chief Privacy Officer must sign the destruction certification under penalty of perjury. Discovery of any above-threshold record after the certified deletion date creates an automatic presumption of willful violation with Tier 3 penalties retroactive to the deletion date and criminal referral for the signatories.
  • Structured Compliance Credit: Any entity completing timely certified destruction is entitled to a federal tax credit equal to 100% of documented, reasonable compliance costs — meaning actual destruction costs, independent auditor fees, and technical migration costs. The credit does not include the asserted market value of the destroyed data itself. Congress found that databases assembled through covert extraction of personal information without meaningful consent do not rest on a legitimate property foundation entitling holders to full market-value compensation — consistent with the Supreme Court's Penn Central regulatory takings framework.
  • No reconstitution: No entity that has divested may reconstitute a Population Coverage Database by any subsequent means. Any transaction that would reconstitute an above-threshold database is subject to prior Bureau review and is presumptively prohibited. Bureau inaction within 30 days does not authorize the transaction to proceed — the entity must seek expedited district court review, which must rule within 15 days.
⚖ Enforcement
The Bureau of Data Surveillance
  • A new independent agency within the FTC: The Bureau of Data Surveillance is headed by a Director nominated by the President and confirmed by the Senate, serving a fixed 5-year term renewable not more than twice (maximum 15 years total). The Director is selected from a publicly announced candidate pool compiled by OPM from individuals with no data broker employment in the preceding 5 years, no political appointment in the preceding 7 years, and no financial interest in any registered entity. If the President fails to nominate from two consecutive pools, or the Senate fails to act within 90 days of nomination, the most qualified candidate is deemed nominated and confirmed by operation of law. The Bureau is fully operational no later than 365 days after enactment regardless of appointment process delays.
  • Mandatory appropriations floors: Year 1 — not less than $150 million; Year 2 — not less than $300 million; Year 3 and after — not less than $500 million (subject to registry enrollment thresholds, otherwise $300 million). These floors are not subject to rescission or continuing resolution reduction. 50% of all civil penalties collected go into a dedicated Supplemental Enforcement Fund not subject to presidential impoundment, available to the Bureau without further appropriation.
  • Proactive audit authority: The Bureau may conduct proactive technical audits of any registered entity without a predicate complaint, including unannounced audits of entities holding over 50 million U.S. person records. The Bureau has specific algorithmic testing authority — supplying synthetic data inputs to submitted algorithms and examining outputs to determine whether the algorithm produces prohibited outputs regardless of whether its inputs are individually permitted. A finding that an algorithm produces prohibited outputs constitutes evidence of a violation regardless of input permissibility.
  • No political interference with enforcement: No executive branch official — including White House staff — may communicate with Bureau enforcement staff for the purpose of influencing, directing, delaying, or terminating any specific pending enforcement matter. The Director maintains a public Enforcement Communication Log; any such communication must be entered within 48 hours. Any Director who takes or declines an enforcement action based on a prohibited communication is subject to removal for malfeasance and criminal liability under 18 U.S.C. § 1505.
† Reform
JEOS: The Executive Accountability System
  • What JEOS is: The Judicial Executive Oversight System is a specialized Article III judicial body established within the U.S. District Court for the District of Columbia. It is headed by an Article III circuit judge and staffed entirely by career civil servants — no political appointees, no Schedule F reclassification, no executive branch supervisory authority. Its funding is designated mandatory appropriations not subject to presidential impoundment. A $2 billion one-time capital appropriation funds system development. JEOS has no authority to punish, arrest, or take direct action against anyone — it monitors, reviews, and refers. All enforcement action must proceed through DOJ prosecution, congressional oversight, or impeachment.
  • Who it covers: All Cabinet-level officers, sub-Cabinet presidential appointees, White House Office staff at GS-15 and above, all members of the Senior Executive Service, and anyone holding a TS/SCI security clearance who exercises significant authority over intelligence collection, funds, regulations, or personnel — defined precisely. Operational intelligence officers whose primary duties are foreign collection without independent policymaking authority are not covered by security clearance alone. Covered Officials consent to monitoring as a condition of holding their positions and receive written notice at enrollment.
  • What it monitors: All Official Communications — any communication by or to a Covered Official concerning the exercise of governmental authority, the administration of law, the expenditure of appropriated funds, the award of contracts, or the formulation of policy. This includes communications on enrolled personal devices — because documented use of consumer encrypted messaging apps (TeleMessage, Signal, WhatsApp, Telegram) to conduct official business in deliberate circumvention of records laws created a structural oversight gap the Framers never contemplated and would not have tolerated. All Official Communications must use Approved Communications Systems. TeleMessage and any platform controlled or compellable by a foreign government are specifically prohibited.
  • How the automated screening works: The JEOS monitoring application operates through a three-tier review framework. Tier 1 screens all incoming communications in real time for Triggering Violations — bribery, obstruction, Antideficiency Act violations, Espionage Act violations, emoluments, conflicts of interest. Tier 2 retains all communications for 260 days and periodically reanalyzes them in full context — a communication that appears innocuous alone may flag when analyzed alongside a pattern of coordinated contacts over time. No human accesses any content until the automated system generates a flag and a JEOS Panel judge authorizes access using a multi-custodian key escrow system. Tier 3 is human judicial review, triggered only by a flag.
  • What happens when a Triggering Violation is found: A three-judge sub-panel reviews preserved communications with the participation of the Special Ethics Advocate, applies the probable cause standard, and issues a Final Disposition within 45 days. Upon finding probable cause: Criminal Referral to the Attorney General; concurrent notice to congressional oversight committees; notification to the Comptroller General for appropriations violations. For violations involving probable cause of treason, coup, insurrection, or systemic subversion of constitutional order, the matter goes to the D.C. Circuit for mandatory expedited review — which must convene within 72 hours and decide within 30 days, with no judge who was nominated by the President under investigation sitting on the panel.
  • Archive framework and personal privacy: Communications not resulting in an active Investigative Order after 260 days transfer to a 25-year classified judicial archive. The automated system applies a final classification pass distinguishing Official Nexus communications (archived) from personal communications with no official connection (subject to deletion after judicial authorization of the automated classification). No human reviews the content of communications identified for deletion in this process — a JEOS Panel judge reviews the automated system's process and output, not the underlying content, before authorizing deletion. Collection terminates immediately upon a Covered Official leaving their covered position.

Sources & Legislative Record

Primary Source
MAD Act — American Surveillance Prohibition and Privacy Enforcement Act (ASPPEA) & Executive Accountability and Judicial Oversight Act (EAJOA) — Full Legislative Text (on file)
Supreme Court
Carpenter v. United States, 585 U.S. 296 (2018) — Fourth Amendment and commercial data circumvention
Supreme Court
Nixon v. Administrator of General Services, 433 U.S. 425 (1977) — Reduced privacy expectation in official conduct
Supreme Court
Penn Central Transportation Co. v. New York City, 438 U.S. 104 (1978) — Regulatory takings framework for mandatory divestiture
Church Committee
Senate Select Committee to Study Governmental Operations — Final Report on COINTELPRO and domestic intelligence abuse (1976)
FTC Report
FTC — "Protecting Consumer Privacy in an Era of Rapid Change" (March 2012)
Cambridge Analytica
FTC — Facebook/Cambridge Analytica Enforcement Action (July 2019)
Prior Legislation
S. 3400 — American Data Privacy and Protection Act (ADPPA), 117th Congress (2022 draft)
Prior Legislation
H.R. 8152 — American Data Privacy and Protection Act, 117th Congress
Floyd v. New York
Floyd v. City of New York, 959 F. Supp. 2d 540 (S.D.N.Y. 2013) — Algorithmic profiling as unconstitutional stop-and-frisk at scale
Terry v. Ohio
Terry v. Ohio, 392 U.S. 1 (1968) — Individualized reasonable suspicion requirement for stops; population-level algorithmic scoring insufficient
FISA Court
Foreign Intelligence Surveillance Act, 50 U.S.C. § 1803 — FISA Court precedent for Article III specialized judicial oversight
Mistretta v. U.S.
Mistretta v. United States, 488 U.S. 361 (1989) — Constitutional basis for specialized Article III judicial bodies with administrative functions
4th Amendment
U.S. Constitution, Amendment IV — Warrant requirement; right of people to be secure against unreasonable searches and seizures
First Step Act
First Step Act of 2018, 18 U.S.C. § 3632 — PATTERN tool statutory basis and MAD Act carve-out conditions
Andrus v. Allard
Andrus v. Allard, 444 U.S. 51 (1979) — Prospective prohibition does not automatically constitute compensable taking