Digital Privacy & Surveillance

The Challenge

Digital surveillance has become one of the most urgent civil rights crises in America. Technologies sold as public safety tools are being repurposed as instruments of social control—disproportionately targeting immigrants, transgender people, communities of color, and anyone who dissents. This is not confined to any single state. It is a national emergency driven by federal policy, cross-state data sharing, and a surveillance industry that operates without meaningful accountability.

Automated license plate readers (ALPRs) are deployed in all 50 states, capturing license plates, locations, passenger images, and movements—with minimal oversight over retention periods, storage, or sharing. The federal government is leveraging this nationwide network to track immigrants, transgender individuals, and people seeking reproductive healthcare. These systems ignore state borders: data collected in one jurisdiction is routinely shared with law enforcement in others, creating a de facto national tracking infrastructure no legislature has ever authorized.

Meanwhile, state legislatures have pursued age verification mandates and social media regulation bills that, however well-intentioned, would require users to surrender government-issued identification to third-party vendors. Washington’s HB 2112 and similar bills in Texas, Louisiana, Virginia, and more than a dozen other states follow the same flawed template. The risks are not hypothetical. In 2025, Discord’s third-party identity verification vendor was hacked, exposing over 70,000 government-issued ID photos—with the attackers claiming access to more than 2 million ID images. The message is clear: when you compel people to hand over their most sensitive identification documents to private companies, those documents will be compromised.

For transgender people, the stakes are uniquely dangerous. The U.S. Transgender Survey (2015) found that only 11% of respondents had all identity documents reflecting their correct name and gender, while 67% had no ID with the correct gender marker. Of the 32% who showed an ID that did not match their gender presentation, the result was harassment, denial of services, or assault. Leaked identity documents can enable stalking, harassment, and violence. Surveillance data tracking movement to gender-affirming healthcare providers or LGBTQ+ spaces can be weaponized by hostile governments. The intersection of digital surveillance and anti-trans policy is not a future threat—it is happening now, in every state.

Why This Matters

I understand surveillance as a lived reality, not an abstraction. My passport was revoked in a politically motivated act, forcing me into exile. I have received death threats serious enough to require changes to my daily life. I know what it means when a government has the tools to track your movement, your healthcare, and your associations—because I have experienced the consequences when those tools are turned against you.

I also understand the data. I served on the research committees for the first two U.S. Trans Surveys—the National Transgender Discrimination Survey (2008–2009, published 2011) and the U.S. Transgender Survey (2015, published 2016)—the largest surveys of transgender people ever conducted. Those surveys required extraordinary measures to protect respondent privacy, because the data itself could be weaponized against the very people we were trying to help. The NTDS found that 90% of respondents reported hiding their identity or experiencing harassment and discrimination. The USTS found that 23% avoided seeking needed healthcare out of fear of mistreatment as a transgender person. These are the human stakes behind every surveillance policy debate.

The communities I have served are among the most vulnerable to surveillance overreach. Transgender people seeking healthcare, immigrants navigating a hostile federal environment, survivors of domestic violence whose safety depends on not being found—all are endangered when surveillance data flows freely between local law enforcement, federal agencies, and private corporations with inadequate security.

One documented case involved Texas police using ALPR data from Flock Safety—including data originating from King County, Washington—to locate a woman who obtained reproductive healthcare services. When surveillance infrastructure in one state can enforce another state’s laws against that state’s own residents, we have a fundamental failure of governance that demands a national response. This is not a Washington problem or a Texas problem. It is an American problem.

The age verification debate reveals the same dynamic on a national scale. Protecting children online is a legitimate goal, but mandating that every adult surrender a government ID to a third-party vendor is not protection—it is the creation of massive, centralized databases of sensitive identity documents that will be hacked, leaked, or subpoenaed. The Discord breach proved exactly this. We cannot build child safety on a foundation that makes every adult less safe.

What I’ve Done

My work on digital privacy combines research, public advocacy, legislative engagement, and coalition building at both the state and national level:

• Served on the research committees for the first two U.S. Trans Surveys (NTDS and USTS), developing rigorous protocols to protect respondent privacy—work that shaped my understanding of how identity data must be safeguarded
• Co-authored “We Need to Regulate Automated License Plate Readers Now” in The Stranger with Jaelynn Scott of Lavender Rights Project, calling for stronger protections in Washington’s Driver Privacy Act (SB 6002), including a 7-day maximum data retention period and prohibitions on vendor data sharing without warrants
• Advocated against age verification mandates in multiple states, including Washington’s HB 2112 (which died in committee), arguing that compelling Americans to surrender government-issued IDs to third-party vendors creates unacceptable security risks
• Opposed provisions in Washington’s SB 5708 and similar bills nationwide that would create additional identity verification mechanisms, arguing that algorithmic regulation should not come at the cost of mass identity collection
• Used the Discord breach—where over 70,000 government ID photos were exposed through a third-party vendor hack—to educate legislators about the real-world consequences of mandatory ID surrender policies
• Built cross-movement coalitions linking digital privacy to reproductive rights, immigrant rights, and transgender safety—because surveillance does not affect these communities separately, and solutions must be national in scope

Where We Go From Here

State-level reforms like Washington’s Driver Privacy Act (SB 6002) are important starting points, but they cannot solve a national problem alone. Data retention should be capped at 7 days, not 21. Surveillance of protected locations—health facilities providing abortion care, gender-affirming care, or domestic violence services—should be explicitly prohibited. No data should be shared with federal agencies or out-of-state law enforcement without a warrant. These standards need to be adopted nationwide.

Age verification mandates must be rejected in favor of approaches that protect children without creating massive identity databases. Device-level parental controls, platform design requirements, and privacy-preserving age estimation technologies offer alternatives that do not require every adult to hand a driver’s license to a corporation that may be hacked next month.

The United States needs comprehensive federal digital privacy legislation that recognizes the unique dangers surveillance poses to marginalized communities. That means enshrining protections for sensitive location data—including visits to healthcare providers, places of worship, and community organizations—and creating meaningful enforcement mechanisms when those protections are violated. It means ending warrantless cross-state data sharing that turns every local ALPR network into a tool of federal enforcement. And it means holding third-party vendors accountable when they fail to protect the identity documents entrusted to them.

The fight for digital privacy is inseparable from the fight for civil rights. Every surveillance tool built to target one community will eventually be turned on others. Protecting the privacy of the most vulnerable protects everyone.