How Manufactured Consent Builds Surveillance in Emerging Tech like AI
From the internet to consumer AI, user consent has degraded in stages:
- informed consent, where a real yes-or-no choice gated participation,
- to assent, where clicking "I agree" became a ritual nobody reads,
- to forced consent, where declining a permission breaks the product,
- to what we have now — absent consent, where data is used in ways no dialog box ever described.
Each generation of technology has pushed the line further, and each new interface makes the previous one look quaint. I am mapping that trajectory and testing it against three current cases where AI is completing it. These case studies will be complete within 6-9 months from now.
I: A model trained on a game can be used for war.
Niantic built its geospatial AI business on roughly 30 billion location-tagged images that Pokémon Go and Ingress players contributed by scanning real-world landmarks for in-game rewards. Consent was captured in the terms of service of a mobile game. That business spun out in 2025 as Niantic Spatial, and its visual positioning technology is now paired with Vantor, a National Geospatial-Intelligence Agency contractor, to support what the companies describe as national security missions.
To summarize a Delft University ethicist who has studied the case: once scans are aggregated into a foundation model, it becomes effectively impossible to trace which inputs are doing which work. Meaning consent given at the point of collection has no bearing on what the resulting model is later used for.
Aggregation makes consent unenforceable. Nothing compels a company to safeguard data it can't be audited against (II), and nothing but new collection is left for regulators to regulate (III).
II: Total visibility does not create accountability.
AI assistants require accounts and log everything to create arguably the most intimate behavioural dataset ever assembled. This visibility is not equally accessible, nor does it equate to accountability. The Tumbler Ridge shooting in British Columbia, Canada demonstrated the asymmetry: the shooter held extensive conversations with ChatGPT about gun violence in the months before the attack; the account was flagged internally weeks beforehand but authorities were never notified; a second account circumvented the flag entirely. We know these binary truths because they were logged, but OpenAI refuses to share the data that proves the depths of these claims.
The companies conducting the most intimate surveillance in history have accepted none of the protective obligations that surveillance is supposedly for. The pending lawsuits will shape whether a duty to act exists in law. What these companies see, and choose not to act on, has barely started.
III: Protection as surveillance infrastructure.
The regulatory response to online harm is constructing the next surveillance layer under a child-safety banner. Australia began enforcing age verification in March 2026, reaching past social media into search, game chats, and AI chatbots. The UK's Social Media (Minimum Age) Act now effectively requires every adult to prove their identity to access major platforms. More than two dozen US states have enacted digital ID checks.
Digital-rights advocates—including many parents who agree these platforms harm kids—oppose these laws because the cure is an identity checkpoint for everyone.
The harms are real. Companies won't self-safeguard (see II) so states are answering with infrastructure that expands surveillance for all (see III).
Why these questions are worth answering
These three case studies showcase how consent collected once is spent indefinitely, in places nobody agreed to and increasingly can't even see.
- Case I shows consent given under 2016's rules being spent, a decade later, at a scale and for purposes nobody agreed to.
- Case II shows that the surveillance apparatus already in place produces no protective duty even when it clearly could.
- Case III shows the policy response building tomorrow's surveillance layer today, under a banner nobody can easily object to.
Thirty years ago, informed consent gated participation. Now absent consent is the default state.
1995 — installing shareware
Do you accept this license agreement?
A real binary choice. Declining meant the program simply didn't install.
How should we think about harm that is diffuse and invisible to the person experiencing it? My answer is that the invisibility is not incidental. What I'm left wondering is what real protection actually looks like, and what stops it from becoming a new surveillance system.
What's next for this project
In roughly 6-9 months, these case studies will be complete and shareable. They will be used to inform:
- A flagship report on AI: A publicly accessible report on with the four-stage framework (informed, assent, forced, absent) applied to the three cases. Interviews with LLM experts, digital-rights advocates, and policy creators are also being conducted.
- An educational and interactive timeline: A short, shareable timeline tool letting readers move a slider from 1995 to today with consent dialogue degrading in real time. The minimum viable version is in this post; the ideal version would leverage historical screenshots or provide more points of engagement.
- Op-eds: Each case study presents a potential opinion topic.
- Podcast appearance(s): Case I and II provide a foundation for in-depth but accessible discussions around AI and surveillance technology.