The Quiet Normalcy of Being Watched: How Surveillance Became Just Another Tuesday

="">

Nobody stormed the barricades. Nobody marched. The most consequential shift in the relationship between individuals and the institutions that watch them didn’t arrive with a bang or a manifesto. It arrived with a cookie banner and a shrug.

Benn Stancil, writing in his Substack newsletter, recently laid out a thesis that should unsettle anyone who still thinks about privacy as a political issue: surveillance won not by force but by tedium. The argument is disarmingly simple. We didn’t lose the privacy war in some dramatic confrontation between citizens and the state. We lost it because surveillance became boring. Ordinary. The kind of thing you click “Accept” on before your morning coffee.

Stancil’s framing borrows, implicitly, from Hannah Arendt’s famous phrase about the banality of evil — the idea that the most dangerous things aren’t dramatic but bureaucratic. Surveillance in 2025 isn’t a jackbooted officer rifling through your desk. It’s a terms-of-service agreement 47 pages long that nobody reads, attached to an app that tells you the weather.

And the data flows anyway.

The piece resonates because it names something people feel but rarely articulate. There’s a widespread ambient awareness that our phones track us, that our browsing histories are commodities, that facial recognition cameras dot our cities. But that awareness doesn’t translate into outrage. It translates into resignation. Or worse — indifference. Stancil argues this is the real victory of the surveillance apparatus: not that it overcame resistance, but that it made resistance feel pointless, even silly.

Consider the trajectory. In 2013, Edward Snowden’s revelations about the National Security Agency’s mass data collection programs triggered genuine public fury. Congressional hearings. International diplomatic incidents. A real, sustained conversation about the limits of government surveillance. Twelve years later, the average American voluntarily carries a device that tracks their location continuously, feeds their conversations to algorithmic ad systems, and stores biometric data in corporate servers — and considers this arrangement convenient.

What happened?

Part of the answer is structural. The surveillance infrastructure of 2025 is overwhelmingly private, not governmental. That distinction matters psychologically. People fear the state in ways they don’t fear Google. A government wiretap feels like an intrusion. A personalized ad feels like a service. The underlying data collection is often identical in scope and sometimes more invasive in the commercial case, but the emotional register is entirely different. Stancil’s point is that this emotional gap is the whole game. Surveillance doesn’t need to be secret if people simply don’t care.

The numbers back this up. A Pew Research Center survey from 2023 found that 67% of Americans say they understand little to nothing about what companies do with their data. But here’s the kicker: most of them aren’t particularly bothered by that ignorance. Only about one in five report being very concerned. The rest have made a kind of peace with opacity — not because they trust corporations, but because the cost of caring seems to exceed the benefit.

This is the banality Stancil is describing. Not malice. Not conspiracy. Just friction economics. Opting out of surveillance in the modern world is so difficult, so time-consuming, so socially isolating that most rational people simply don’t bother. You can delete Facebook. You can use a VPN. You can switch to Signal, run Linux, pay cash. But each step removes you further from the default infrastructure of contemporary life — the group chats, the shared calendars, the family photo albums, the restaurant recommendations. The surveillance tax is baked into participation itself.

And participation is non-negotiable for most people.

Stancil makes another observation that deserves attention from anyone working in data, technology, or policy. He notes that the people who build surveillance systems — the engineers, product managers, data analysts — are themselves often ambivalent about what they’re constructing. They aren’t villains. They’re professionals solving optimization problems. Making the ad targeting more accurate. Improving the recommendation engine. Reducing churn. Each individual task is mundane. The aggregate effect is a system of monitoring that would have been unimaginable to any prior generation, assembled not by ideologues but by people doing their jobs.

This is where the Arendt parallel cuts deepest. The machinery of mass surveillance doesn’t require enthusiastic collaborators. It requires competent ones. People who focus on their slice of the problem and don’t spend too much time thinking about the whole. Stancil isn’t accusing anyone of malice — he’s pointing out that malice was never necessary.

Recent developments reinforce the thesis. In May 2025, reports emerged that several major AI companies are hoovering up vast quantities of personal data to train their models, often under terms-of-service provisions that users agreed to years ago without understanding the implications. Meta’s use of Instagram and Facebook posts to train its AI systems drew some public criticism but no significant user exodus. The pattern holds: disclosure without consequence.

The regulatory picture offers little counterweight. Europe’s General Data Protection Regulation, once heralded as the gold standard for privacy protection, has produced a decade of cookie consent pop-ups that people dismiss reflexively and a handful of headline fines that tech companies treat as a cost of doing business. In the United States, comprehensive federal privacy legislation remains stalled, as it has for years. Individual states have passed their own laws — California, Colorado, Connecticut, Virginia among them — but the patchwork creates confusion more than it creates protection. The political will for a genuine confrontation with the data economy simply isn’t there, in part because voters don’t demand it.

Why don’t they demand it? Stancil’s answer is the most uncomfortable one: because surveillance delivers real value. The same data collection that enables tracking also enables convenience. Your maps app knows where you are because it’s tracking you. Your email filters spam because it’s reading your messages. Your streaming service recommends shows you actually want to watch because it’s cataloging your every click. The transaction is Faustian, but the immediate returns are tangible and the costs are abstract.

This isn’t a new observation, but Stancil frames it with a useful bluntness. The privacy debate, as typically conducted, assumes that people would choose privacy if they understood the trade-offs. But maybe they do understand, at least intuitively, and they’re choosing convenience anyway. That possibility is harder to organize around. You can fight a tyrant. It’s much harder to fight a preference.

There’s a generational dimension too. Younger users who grew up with smartphones and social media don’t experience surveillance as an imposition because they have no memory of its absence. For someone born in 2005, the idea that a corporation doesn’t know your location at all times is as quaint as the idea of using a paper map. Privacy, for this cohort, isn’t a right being eroded — it’s an abstraction from a world they never inhabited.

So where does this leave the privacy movement? Stancil doesn’t offer a neat prescription, and that’s to his credit. The honest answer is that the forces normalizing surveillance are structural, economic, and psychological — and no single policy intervention is likely to reverse them. GDPR didn’t do it. The Snowden revelations didn’t do it. Congressional hearings didn’t do it.

What might work is a shift in how the technology industry itself thinks about data collection — not as a default but as a design choice with costs. Some companies have begun moving in this direction. Apple has made privacy a marketing differentiator, limiting cross-app tracking and building on-device processing to reduce data transmission. But Apple’s model depends on selling expensive hardware, not ads. For companies whose business model is advertising — which is to say, for most of the consumer internet — less data collection means less revenue. The incentive structure points one way.

There are technologists who argue that privacy-preserving computation, including techniques like differential privacy, federated learning, and homomorphic encryption, can square the circle — delivering personalization without centralized data hoarding. These approaches are real and improving. But they remain niche, expensive, and complex to implement. The default architecture of the internet is still built on the assumption that data flows freely to centralized servers where it can be analyzed, monetized, and — inevitably — surveilled.

Stancil’s essay is ultimately about something bigger than technology policy. It’s about the human capacity to normalize almost anything. Surveillance isn’t resisted because it doesn’t feel like surveillance. It feels like using your phone. And that, more than any law or any leak, is what makes it durable.

The implications for industry professionals are significant. If you work in data analytics, product development, or digital advertising, you are — whether you think about it this way or not — part of the infrastructure Stancil describes. That isn’t an accusation. It’s a structural observation. The question isn’t whether you’re a good or bad person. The question is whether the systems you’re building would be recognizable, to an outside observer, as surveillance systems. And if so, whether the banality of your daily work is the feature that keeps anyone from noticing.

The most effective surveillance is the kind nobody talks about at dinner. Not because it’s secret. Because it’s boring.