Blog · Review Essay · Last reviewed June 24, 2026

Surveillance Valley and the Military Internet

Yasha Levine's Surveillance Valley is a hostile history of the internet's innocence story. Its useful claim is not that every router, protocol, engineer, or user was part of one military plan. It is that networked computing grew through defense research, federal procurement, counterinsurgency imagination, privatized data markets, and the recurring administrative dream of making social life legible enough to predict and control. Read carefully, the book is less a conspiracy map than an argument about institutional memory: tools inherit purposes from the organizations that fund, test, scale, and normalize them.

For this review, the "military internet" does not mean a single hidden command center. It means a lineage of design virtues and institutional pathways: resilience, remote coordination, command visibility, logging, interoperability, procurement dependence, and the belief that complex social systems become governable when enough signals can be gathered in one operational picture.

The Book

Surveillance Valley: The Secret Military History of the Internet was published by PublicAffairs on February 6, 2018. Hachette's PublicAffairs record lists the book as political nonfiction in privacy and surveillance, and Kirkus records the hardback at 384 pages with ISBN 978-1-61039-802-2.

Levine is an investigative journalist whose book argues against the standard garage-and-campus myth of the internet. In that familiar story, the network begins as academic openness, becomes entrepreneurial liberation, and is later damaged by surveillance capitalism, state monitoring, and platform monopoly. Surveillance Valley reverses the timeline. It treats surveillance, military research, and social prediction as founding conditions rather than late betrayals.

That makes the book a useful companion to The Age of Surveillance Capitalism, The Net Delusion, Consent of the Networked, Protocol, and The Closed World. Its question is blunt: what if the network was never politically neutral infrastructure waiting for users to decide its meaning?

Current Context

As of June 24, 2026, Levine's subject is no longer only an argument about origin stories. Official U.S. policy now treats AI, data catalogs, compute, commercial model procurement, and software supply chains as national-security infrastructure. The January 2026 defense AI strategy directs expanded access to AI compute and federated data catalogs for mission advantage, while National Security Presidential Memorandum 11, issued June 5, 2026, tells the national-security enterprise to accelerate commercial and open-source AI adoption while requiring assurance, testing, controllability, legal compliance, and privacy and civil-liberties constraints.

Civilian public-sector policy has also moved through procurement and records. OMB memoranda M-25-21 and M-25-22, both issued April 3, 2025, frame federal AI use and acquisition around faster adoption, chief AI officer authority, high-impact AI risk management, portability, interoperability, competition, and vendor-dependence control. For this review, the important point is not the partisan direction of a given administration. It is that AI governance now happens through acquisition clauses, data access, model access, audit records, and vendor exit rights, exactly the kinds of institutional channels Levine asks readers to notice.

The European context adds a rights and market-surveillance layer. The European Commission's AI Act implementation page says prohibited AI practices and AI literacy obligations began applying on February 2, 2025; transparency rules come into effect in August 2026; and, following the simplification package and May 2026 political agreement, many high-risk area rules are now listed for December 2, 2027, with product-integrated high-risk rules listed for August 2, 2028. The FTC's 2024 staff report on major social media and video streaming services separately treats broad platform data collection, retention, children and teen safeguards, data-broker inputs, algorithms, analytics, and AI systems as one regulatory field. The live question is how observation becomes classification, and how classification becomes action.

The Origin Story Problem

The internet's public mythology often begins with decentralization. ARPANET, packet switching, TCP/IP, academic collaboration, open standards, and hacker culture are made to stand for a politics of freedom. That story is not false, but it is selective. DARPA's official ARPANET history emphasizes ARPA's 1960s research program, the first four-node network in 1969, packet switching, TCP/IP, DoD interest in command and control, NSFNET, and later commercialization. The Internet Society and National Science Foundation tell compatible versions: DARPA-funded researchers helped build ARPANET and TCP/IP, then NSFNET and commercial networks carried the internet outward.

Those official histories also discipline the critique. The Internet Society explicitly separates ARPANET from the false story that it was designed as a nuclear-war survival network, while noting that later internetworking did value robustness and survivability. Levine's argument does not need the lazy version of that myth. It is stronger when it stays with the documented institutional setting: defense research, command needs, university laboratories, packet-switching research, standards work, federal backbone policy, and eventual privatization.

Levine asks readers to hold the same facts at a different angle. DARPA was not a neutral benefactor floating outside American military power. Cold War command systems, Vietnam-era counterinsurgency, domestic unrest, behavioral science, and defense-funded computing all shaped what networked information seemed useful for. Computers promised coordination, communication, logistics, database analysis, and prediction. Those are practical capacities. They are also capacities of administration and control.

The strongest version of Levine's argument is not that every engineer secretly designed a police machine. It is that infrastructure inherits institutional purposes and default questions. A network built through defense funding, research contracts, classified needs, and strategic fantasies will carry traces of those worlds even when later users build open communities on top of it. The same design virtues can support public science, mutual aid, and accessibility. They can also support surveillance, targeting, and automated administration when connected to data brokers, cloud platforms, police systems, workplace dashboards, and AI models.

Surveillance as Infrastructure

The book becomes most useful when it treats surveillance as an infrastructure problem rather than a scandal problem. A scandal suggests an exception: a bad program, a secret database, a corrupt agency, a breach of policy. Infrastructure suggests something more durable: logging, identification, routing, authentication, advertising markets, cloud contracts, platform analytics, predictive policing, intelligence partnerships, and default data retention.

Surveillance here means more than watching. It is a lifecycle: observe, retain, link, infer, share, and act. A system becomes surveillance infrastructure when its ordinary operation creates records that can be reused outside the user's immediate purpose, especially when those records become searchable, model-ready, legally compellable, commercially brokered, or operationally decisive.

That distinction matters because the modern internet does not need one central watcher to produce surveillance. It produces observation through ordinary operation. Search needs query logs. Social media needs graphs and behavioral signals. Advertising needs profiles. Security needs telemetry. Fraud detection needs fingerprints. Cloud providers need administrative visibility. Mobile operating systems need location, identity, app, and notification channels. The same data can support convenience, personalization, safety, market power, and state access.

Levine's phrase "military-digital complex" is polemical, but the underlying pattern is concrete: public agencies, defense contractors, universities, startups, platforms, data brokers, and intelligence services repeatedly exchange money, personnel, tools, datasets, and legitimacy. The boundary between public surveillance and private surveillance is therefore less clean than ordinary privacy debates suggest. A platform can be a consumer service, an advertising broker, an infrastructure provider, a model-training source, and a government contractor at the same time.

The Privacy Trap

One of the book's most controversial moves is its treatment of the privacy and encryption world. Levine argues that tools associated with resistance can themselves be entangled with state funding, intelligence priorities, or a narrow theory of privacy that leaves platform business models intact. Kirkus found parts of this argument provocative but not entirely persuasive, especially where Levine links privacy technologies too broadly to intelligence interests. The Guardian review also questioned whether he collapses corporate, military, and national agendas into one oversized explanation.

Still, the underlying warning is valuable. Privacy cannot be reduced to an app choice. A person may use encrypted messaging and still live inside advertising identifiers, data brokers, workplace monitoring, cloud metadata, payment trails, location systems, school platforms, border databases, and predictive scores. Encryption can protect content while leaving relationship patterns, device identity, timing, social graph, institutional dependence, and compelled endpoint access exposed.

That is not an argument against privacy tools. It is an argument against privacy theater. Tools matter, but they cannot carry the whole political burden when the business model, procurement system, legal regime, and infrastructure layer continue to reward extraction. A real privacy program has to reach data minimization, retention limits, training-use limits, broker restrictions, endpoint security, vendor contracts, appeal paths, and the public rules governing when private records become state evidence.

The AI-Age Reading

Read in 2026, Surveillance Valley has become more relevant because AI turns old surveillance capacity into model input, agent memory, synthetic judgment, and automated action.

The pre-AI internet could watch, sort, recommend, and sell. The AI-era internet can infer, summarize, classify, generate, persuade, triage, and delegate. Logs become training data. Profiles become personalization substrates. Search histories become intent models. Workplace telemetry becomes productivity judgment. Customer-service transcripts become behavioral prediction. Public-sector records become decision support. Military and intelligence interest returns through autonomous systems, cyber operations, targeting support, disinformation analysis, and command platforms.

The next step is action. When an AI agent can read across enterprise systems, use tools, send messages, spend money, file tickets, update records, or recommend enforcement, the old data dragnet becomes an operational surface. The enterprise connector makes private work legible to models. The agent log becomes both accountability evidence and a new dossier. The model memory turns past interaction into future classification. That is the AI-age version of Levine's warning: the archive does not just remember; it starts to act.

This makes Levine's infrastructure reading sharper than a privacy panic. The central issue is not only whether someone is spying. It is whether a society's nervous system is being built so that observation naturally flows into prediction and prediction naturally flows into intervention. Once that chain exists, every institution is tempted to ask for more legibility: more data, more sensors, more scoring, more preemption, more automated control.

AI also changes the cultural side of the story. The early internet myth promised liberation through connection. The AI platform myth often promises liberation through delegation: let the system read, remember, decide, negotiate, optimize, and act. But delegation without power analysis can make users more dependent on the very infrastructures that classify them.

Governance and Safety

The governance lesson is to treat surveillance infrastructure as dual use before it becomes irreversible. A data pipeline built for convenience can become a training set; a security log can become a risk score; a customer graph can become an influence model; a cloud contract can become a public dependency; a battlefield analytics system can become a template for civilian administration. The safety question is therefore not only model accuracy. It is authority transfer: who can watch, retain, infer, train, compel, automate, and act.

Current policy already points in this direction, though unevenly. Responsible military-AI materials use governance, traceability, reliability, testing, and governability language. The 2023 Data, Analytics, and AI Adoption Strategy frames data and AI as decision advantage. NSPM-11 adds adoption, adaptation, assurance, and accountability for national-security AI, including testing, evaluation, verification, validation, controllability, contract controls, and privacy and civil-liberties constraints. OMB M-25-21 and M-25-22 put civilian federal AI use into chief AI officer governance, high-impact risk management, acquisition rules, portability, interoperability, and vendor-dependence controls.

The EU AI Act names the same boundary from a rights-based direction. It prohibits several surveillance-adjacent practices, including social scoring, solely profile-based criminal-offense risk assessment, untargeted scraping to build facial-recognition databases, and some workplace and education emotion-recognition uses. Its high-risk categories include biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, and justice when the statutory conditions are met, though application dates are staged and have been affected by the 2026 simplification process.

Those instruments do not solve Levine's problem. They do, however, make the practical control surface clearer: public procurement disclosure, data minimization, short retention by default, source and purpose logs, limits on model training and secondary use, independent security testing, human review with real authority, appeal channels, incident reporting, exit rights from vendors, and prohibitions on uses that convert ordinary life into generalized suspicion. A system that observes at scale and then recommends, denies, flags, targets, or escalates is already exercising institutional power. It should be governed as power, not merely documented as software.

The hard design problem is proportional evidence. Thin logs make abuse impossible to investigate. Permanent, content-rich logs become another surveillance archive. The answer is not to avoid records, but to separate audit evidence from product improvement; redact unrelated content; keep narrow operational receipts; bind logs to retention schedules; require role-based access; and preserve appeal records outside the same automated system being challenged. That is where AI audit trails, data minimization, AI data retention, system inventory, and vendor governance belong in one conversation.

Where the Book Needs Friction

Surveillance Valley is strongest as a corrective myth-breaker and weakest when it risks becoming a counter-myth of its own. Los Angeles Review of Books treated Levine's challenge to standard computing history as useful while warning that he does not always back the largest conclusions with enough evidence. That criticism should be taken seriously. A history that replaces heroic garage folklore with totalized military folklore can still flatten the messy pluralism of technical development.

ARPANET was defense-funded, but it was also shaped by university researchers, open protocol work, competing technical cultures, public science, commercial pressures, users, standards bodies, and later civic uses that were not reducible to counterinsurgency. The web became a surveillance machine, but it also became a library, organizing tool, publishing medium, disability access layer, diaspora connector, mutual-aid channel, and technical commons. A good political history has to keep both truths in frame.

The book also sometimes treats institutional entanglement as moral identity. Funding, contracting, influence, and alignment matter, but they are not all the same thing. A privacy tool can receive government-linked support and still provide real protection in some contexts. A platform can serve state interests and still contain internal conflicts among engineers, users, regulators, advertisers, and civil-society critics. The point is to map power precisely, not to make every connection prove the same conclusion.

The same caution applies to AI governance. Military or intelligence interest in AI is not proof that every AI system is military technology. Commercial origin is not proof of innocence either. What matters is the chain of control: who funded the system, what data it needs, what decisions it supports, who can compel access, who is harmed by errors, who can audit the result, and whether affected people can refuse or contest the action.

What This Changes

The practical lesson is to audit origin stories, then audit action chains.

When a technology arrives wrapped in liberation language, ask what institutions paid for it, what problems they needed solved, what data it must collect to function, what kinds of users become most legible, who can compel access, who can refuse, and what happens when the tool is connected to predictive models and automated action.

For AI governance, this means privacy policy is not enough. Procurement records, data-retention rules, model-training boundaries, audit logs, user-export rights, public-interest alternatives, labor protections, appeal channels, and vendor exit plans all belong in the same conversation. A system that observes people at scale and then recommends or acts upon them is already a political institution, even when it presents itself as a consumer convenience.

Surveillance Valley should be read with skepticism, but not dismissed. Its value is not that every claim lands cleanly. Its value is that it breaks the habit of treating the network as innocent until misused. Some tools are born with institutional memory. The work is to make that memory visible before it becomes an operating environment: the background layer that decides what can be seen, predicted, denied, targeted, automated, or appealed.

Source Discipline

This review separates five kinds of evidence: publisher and library metadata for the book; official histories for ARPANET, DARPA, TCP/IP, and NSFNET; current policy instruments for AI governance and procurement; regulator reports on platform data practices; and critical reviews that test Levine's interpretation. Official internet histories support the defense-funded origins. They also warn against sloppy myths, including the claim that ARPANET itself was designed as a nuclear-war survival network. They do not, by themselves, prove Levine's larger political story.

The current-governance claims are scoped to the cited instruments. Defense and national-security documents describe their own AI adoption, assurance, and data-access strategies; OMB M-25-21 and M-25-22 are civilian federal guidance with stated scope limits; the FTC staff report is a regulator's study of selected major services, not a court finding against every platform; and the EU AI Act governs systems within its jurisdiction on a staged timeline that changed through the 2026 simplification process. Levine's "military-digital complex" framing is treated here as a polemical thesis to interrogate, not as settled fact.

Nothing in this review claims that AI systems are conscious, divine, autonomous moral agents, or AGI. The claim is institutional: data systems, models, interfaces, contracts, procurement rules, and audit records can transfer power even when the machine has no inner life.

Sources

Book links are paid affiliate links. As an Amazon Associate I earn from qualifying purchases.


Return to Blog · Return to Books