My name is Rex M. Lee, and I am a security advisor to governments, an OTA app and platform developer, and a former advisor to Congress for tech hearings (2017–2021) involving Meta, Google, ByteDance, and other social media platform developers.

I helped launch the world’s largest legal hacking firm, Houdinisoft, which was adopted by Verizon, AT&T, T-Mobile, and other global mobile network operators, as well as used for digital forensics.

I specialize in threats posed by Surveillance Capitalism, tech addiction, AI indoctrination, tech-based hybrid warfare, and civil-military fusion programs in Russia, China, and the United States.

In 2017, after advising Congress regarding the Facebook-Cambridge Analytica scandal, I was asked by Senator Ted Cruz’s office to author a congressional policy change proposal for digital rights from a developer’s perspective rather than from tech lobbyists working for Big Tech.

My initial digital rights proposal targeted the root cause of tech addiction, harm, and loss of privacy. It centered on banning Surveillance Capitalism, which would restore privacy, security, and safety to consumers of smartphones, computers, and connected products. Yet, my proposal was rejected by the U.S. Senate because there is no profit in solving the problem—especially by addressing targeted advertising, which fuels tech addiction and the loss of privacy.

I stopped advising Congress after the Instagram-Facebook whistleblower hearing involving Meta product designer Frances Haugen because the hearings became little more than puppet shows for grandstanding lawmakers who publicly claim they want to solve the problem while simultaneously taking money from the U.S.-China tech lobby. After each hearing, it became business as usual in Silicon Valley.

Aside from the harms caused by tech addiction, there are numerous other harms driven by targeted advertising rooted in Surveillance Capitalism (see harms below).

Addressing tech addiction alone will not restore privacy, security, or safety to consumers of smartphones, computers, and connected products powered by Android, iOS, or Windows.

Advertisers are equally—if not more—responsible for fueling tech addiction, manipulation, harm, and death among end users of AI-infused apps, social media platforms, and AI chatbots, including adults, teens, and children.

As a matter of fact, an entire multi-billion-dollar privacy industry has emerged in which so-called tech safety and privacy advocates make millions of dollars through books, documentaries, paid network TV and podcast appearances, interviews, and speaking fees. 

While these efforts may raise awareness, many of these advocates refuse to fully endorse banning Surveillance Capitalism because this predatory, exploitative, and harmful business model fuels the very industry from which they profit. 

As a matter of fact, many of these so called advocates, refuse to hold advertisers responsible for fueling the tech addiction, harm, and death, while refusing to hold Google, Apple, or Microsoft responsible for distributing highly addictive AI infused apps, social media platforms, gaming platforms, and AI chatbots that induce AI indoctrination, known as The Eliza Effect.

Without the continuation of Surveillance Capitalism, many of these paid advocates would no longer have careers built around addressing the symptoms of a problem they refuse to eliminate at its root cause, Surveillance Capitalism.

Restoring Privacy, Security, and Consumer Protection Under Existing Law

I believe that tech addiction and the loss of privacy can be significantly reduced by enforcing existing consumer and child protection laws regulated by the Federal Communications Commission (FCC), Federal Trade Commission (FTC), and State AGs, along with banning:

• Surveillance Capitalism
• Addictive Design
• Targeted Advertising
• Contracts of Adhesion
• Surveillance and Data Mining by Any Company
  

AI infused tech addiction and the loss of privacy are not being solved through new laws, lawsuits, congressional hearings, books, or documentaries.

Books and documentaries are great for awareness, but only addressing addictive design will not resolve the root cause; targeted advertising rooted in Surveillance Capitalism.

For more than 15 years, we have been trapped in the same feedback loop: hold a congressional hearing, file lawsuits, and create new laws, yet, AI infused tech addiction, exploitation, surveillance, manipulation, AI indoctrination, and the erosion of privacy have only accelerated while more adults, teens, and children are harmed or killed.

Advertisers need to be held accountable for funding tech addiction, without advertising money, there is no need for additive and manipulative technologies.

Electronic Bill of Rights Framework for Clean Data Business Practices Are Available Upon Request. 

The Electronic Bill of Rights (EBOR) is not a theoretical framework—it is grounded in existing federal law.

Before individuals can understand how they are harmed, they must first understand how the surveillance capitalism business model operates through essential telecom and technology products—such as smartphones—that are necessary for modern life and come at a cost.

It is also critical to understand which devices and platforms—including those supported by Android, iOS, and Windows—serve as the primary vectors for surveillance, as well as the scale and scope of data extraction from those devices and services.

The following section explains how this process works, including:

• How data is collected, aggregated, and analyzed 
• The volume and types of highly confidential information involved 
• How that data is used, shared, and monetized 
• The legal mechanisms enabling these practices, including contracts of adhesion (terms of service) that condition access to essential products and services on acceptance of broad data collection policies

It is not just privacy that is at stake—it is the systematic exploitation of individuals for profit at the expense of their privacy, security, and safety, as well as their data and financial sovereignty, biological autonomy (including biometric and genetic information), civil liberties, and fundamental human rights by way of products and services that cost money.

Modern connected devices—including smartphones, tablet PCs, connected home products, personal computers, servers, wearable technologies, security and environmental systems, connected vehicles, AI-enabled toys, and other digital services—form a pervasive and continuous data-collection environment.

These devices and platforms operate as always-on data collection nodes, enabled by operating systems such as Android, iOS, and Windows, as well as AI-infused applications, social media platforms, and chatbots.

Within this ecosystem:

• Data is continuously collected, transmitted, and analyzed 
• User behavior, location, interactions, and preferences are monitored 
• Multiple layers of software and services contribute to ongoing data aggregation 

This model is primarily supported by data-driven business practices centered on targeted advertising, often described as surveillance-based monetization.

Participation in this ecosystem is frequently governed by non-negotiable terms of service (contracts of adhesion), where access to essential products and services is conditioned on acceptance of broad data collection and use policies.

Data collected from individuals—including teens, children, and business professionals—is often facilitated through what can be described as “leaky operating systems” (Android, iOS, and Windows). These systems support a broad ecosystem of AI-infused applications, social media platforms, and AI chatbots that are designed to drive engagement and data collection at scale.

Within this framework, many of these applications and platforms function in ways that may be characterized as “legal malware”—software that operates within the bounds of the predatory contract of adhesion (terms of service) while enabling extensive data extraction, behavioral tracking, and monetization.

These operating systems and their associated ecosystems underpin essential connected telecom and technology products—including smartphones, computers, and other digital services—that are now required for participation in modern life.

 The surveillance and data mining being conducted by Alphabet (Google), Apple, Microsoft, Meta, TikTok USDS JV, ByteDance (China), Wildberries (Russia), and others is "indiscriminate" meaning they are collecting from individuals, businesses, and government agencies is the following buckets of highly confidential information (over 5,000 data points):

• Personal, Business, Employment, Financial, and Legal
• Medical, Health, and Biometric
• Location, Geofence, and Motion
• Behavioral 
• Sensitive User Data (Texts, Emails, Attachments, Calendar, Contacts, Phone/Messaging Logs, Accounts, Audio Recordings of End User, Photos, Videos, Files, and Other Specific user Data)
• External Information Connected to Host Device- Thumb Drive, External Hard Drive, Computer, TV, Connected Vehicle, any Connected Source
• Indiscriminate Audio, Video, and Physical Surveillance on Personal and Business Activities 24x7/365 Days Per Year

All data collected from individuals—including teens and children—is aggregated into identifiable digital profiles, often referred to as Digital DNA. These profiles represent detailed behavioral, personal, and usage patterns tied to a specific individual.

Operating system providers and developers—including those behind Android, iOS, and Windows—enable the creation of these identifiable user profiles through system-level data access, application activity, and integrated services. These profiles are then leveraged for monetization, primarily through targeted advertising, as well as other commercial uses, including data sharing and resale.

In addition to data collected directly from device owners and end users, operating system providers, app developers, and AI platforms may also acquire and combine user profile data from third-party sources. This results in a layered aggregation model, where multiple entities contribute to and exploit increasingly comprehensive user profiles.

The outcome is a data ecosystem in which:

• Individuals are continuously profiled across devices and platforms 
• Data is combined, enriched, and redistributed among multiple parties 
• Both users and paying customers may be subject to profiling and monetization 
• Sensitive behavioral and personal data becomes a commercial asset
• Highly addictive AI infused apps, social media platforms, and AI chatbots programmed to induce "The Eliza Effect" (AI indoctrination) are used to ensure maximum engagement

The widespread use of highly addictive and manipulative technologies embedded in AI-infused applications, social media platforms, and AI chatbots has contributed to a growing global technology addiction crisis. This crisis affects adults, teens, and children alike and has been associated with increases in anxiety, depression, violence, online bullying, self-harm, public discord, political polarization, and suicide.

At some point, the question needs to be asked:

"If addiction, harm, mental health decline, exploitation, and the loss of life among teens and children are not the line at which government, advertisers, and Big Tech change their business models, then what is?" 

Individuals who access the internet through devices supported by Android, iOS, or Windows operating systems are subject to large-scale data collection and profiling within Google's global advertising ecosystems supported by the AdTech AI-Quantum Control Platform (Core) that distributes targeted ads to billions of people around the world 24x7/365 days per year.

Google's ecosystem—often described as the AdTech Core and ecosystem of micro cores—aggregate user data to enable the delivery of targeted advertising across international markets. Through a network comprised of over 35,000 data brokers, developers, advertisers, PR agencies, developers, and platform providers, user information can be distributed and utilized across multiple jurisdictions worldwide, including those in China and Russia.

This includes regions with varying regulatory standards, raising important questions about:

• Where user data is processed and stored 
• Who has access to that data across global markets 
• How data flows between commercial ecosystems and international entities 
• The extent to which user profiles are shared, licensed, or monetized globally
• Targeted ads are sent to a user anywhere in the world through multiple digital signatures that include GPS, geofence, nearfield communication (NFC tags), Bluetooth, Wi-Fi access points, cellular tower triangulation, and bio metric data that includes facial recognition and voice prints

These platforms operate through interconnected advertising infrastructures—sometimes referred to as “micro AdTech ecosystems”—that support real-time bidding, audience targeting, and behavioral profiling at planetary scale.

Through biometric data, individuals can potentially be identified and located—even without carrying their personal device—using technologies such as facial recognition and voice pattern analysis. These capabilities can operate through nearby connected devices, cameras, or other networked products within close proximity via Google's AdTech Core and global ecosystem, for advertisers this is the greatest system every created, for military use it is the greatest targeting system on the planet.

Global advertising technology (AdTech) infrastructures—originally developed for commercial targeting—are increasingly being examined in the context of national security and information operations.

Large-scale AdTech platforms and their surrounding ecosystems enable capabilities such as:

• Behavioral profiling at population scale 
• Real-time data aggregation and analysis 
• Precision targeting of individuals and groups 
• Content amplification and distribution across digital channels 

These same capabilities may be leveraged beyond commercial use cases. Governments and state-aligned actors have been documented utilizing data-driven platforms and digital ecosystems for purposes including:

• Intelligence gathering and surveillance 
• Information operations, including misinformation and propaganda 
• Influence and behavioral shaping at scale 
• Strategic espionage and data mining and analytics 
• Targeted digital campaigns across populations 
• Blackmail

This convergence of commercial data infrastructure and government use cases is often described as civil–military fusion, where technologies developed in the private sector are adapted for national security and strategic operations.

Chinese and Russian civil military programs including those in the U.S. involving Palantir Technologies Gotham Intelligence and Military Core pose massive threats to privacy, security, and safety to everyone, including teens and children, connected to the internet by way of any device or services supported by Android, iOS, or Windows.

For decades, telecommunications, consumer protection, child safety, and privacy laws have established clear legal obligations regarding the protection of user data, confidentiality, and the lawful use of communications infrastructure.

Yet today, consumers—including minors—are routinely subjected to pervasive surveillance and data mining through smartphones, applications, operating systems, and connected products, despite the existence of these established legal safeguards.

These practices are often justified through terms of service and privacy policies. However, EBOR asserts that contractual consent does not override statutory law, particularly when services are essential to modern life.

“You cannot contract your way out of federal law.”
 

Telecommunications infrastructure—including wireless, landline, fiber, and satellite—is regulated under a public interest framework, not a purely commercial one.
The use of this infrastructure for surveillance-based business models raises serious legal and constitutional questions.

47 U.S.C. § 222

Telecommunications carriers are legally required to protect the confidentiality of customer data, including:

• Call records 
• Usage data 
• Location information 
• Service-related metadata 

Carriers do not own this data—they are custodians with a duty to protect it.

47 C.F.R. §§ 64.2001–64.2011

These rules implement Section 222 and require:

• Explicit customer approval for data use in many cases 
• Safeguards against unauthorized access 
• Mandatory breach notification 
• Restrictions on disclosure of sensitive data 
• 
  

These are enforceable regulatory obligations, not optional guidelines.

 3. Unjust and Unreasonable Practices

47 U.S.C. § 201(b)

It is unlawful for telecommunications providers to engage in practices that are unjust or unreasonable.

The misuse of customer data—especially at scale—may fall within this prohibition.

47 U.S.C. § 202(a)

This statute prohibits discriminatory or coercive practices in telecommunications services, including conditions that unfairly burden consumers.

Telecommunications carriers operate under a legal requirement to serve the:

“Public interest, convenience, and necessity.”

This establishes a public trust obligation—meaning infrastructure cannot be used solely for exploitative commercial purposes at the expense of consumers.

FTC Act – 15 U.S.C. § 45

Prohibits:

• Unfair business practices 
• Deceptive representations 
• Misleading privacy disclosures 

This applies directly to digital platforms, apps, and data-driven services.

This law is designed to address national security risks posed by applications and platforms that are owned, controlled, or influenced by foreign adversaries.

Key Provisions:

• Targets Foreign Adversary Control
  Applies to applications owned or controlled by entities in countries designated as foreign adversaries (e.g., China, Russia). 

• Divestment or Ban Requirement
  Requires companies to divest foreign ownership/control or face removal (ban) from U.S. app stores and infrastructure. 

• Focus on Data Security & Influence Operations
  Addresses risks related to: 
  • Mass data collection on U.S. citizens 
  • Surveillance and profiling 
  • Algorithmic manipulation and propaganda 

• Applies to App Stores and Distribution Platforms
  Prohibits companies like Apple and Google from distributing non-compliant applications in the U.S. 

• National Security Enforcement Mechanism
  Gives the federal government authority to act when foreign-controlled platforms pose a threat to U.S. national security. 

Consumers are told: “You agreed to it.”
 

But in reality:

• Refusing terms often means losing access to essential telecommunication and internet services regulated by the FCC
• Devices are purchased, yet functionality is restricted without consent 
• Data collection is bundled into non-negotiable agreements 
• Federal law protects from discrimination meaning no company can bar a person from access to telecommunications and internet infrastructure by way of a contract of any kind, especially through coercion by way of products and services that cost money
• No contract can superweed federal law regarding unauthorized surveillance and data mining through any essential telecommunications and tech product or service, such as a smartphone, supported by telecom infrastructure and internet infrastructure regulated by the FCC due to existing public trust/obligation laws

This raises a fundamental question:

Is consent valid when participation in modern society requires acceptance? 

At both the state and federal level, a consistent pattern has emerged:

• Meaningful enforcement is limited 
• Legislative efforts often stall during escalation 
• Critical provisions are frequently removed during the legislative process 
• Industry lobbying results in incomplete or weakened laws 

The result:

Incomplete legislation + weak enforcement = systemic backdoors for exploitation

This issue extends far beyond privacy.

It impacts:

• Government systems 
• Critical infrastructure (energy, utilities, telecom) 
• Enterprise networks 
• Schools and homes 
• Devices used by minors 

Key concerns include:

• Foreign access to sensitive data 
• Surveillance through consumer devices 
• Exposure of behavioral, biometric, and location data 
• Risks to children through always-on digital ecosystems

• How much sensitive data is being collected and where is it stored? 
• Who has access to that data—domestically and globally? 
• Are existing confidentiality laws being violated through modern platforms? 
• What protections exist for minors inside connected environments? 
• How much surveillance is occurring through devices already paid for by consumers? 

The Electronic Bill of Rights is based on three fundamental legal principles:

Terms of service cannot waive federally protected rights.

Coerced or conditional consent is not valid consent.

Licensed spectrum and regulated networks are not private data-extraction systems.

The issue is not the absence of law.

The issue is:

• Lack of enforcement 
• Incomplete legislation 
• Business models built on surveillance and data extraction 

EBOR exists to:

• Clarify rights 
• Enforce existing law 
• Close legal loopholes 
• Protect consumers, families, and national security

The Electronic Bill of Rights calls on:

• Lawmakers 
• Regulators 
• Businesses 
• Critical infrastructure operators 
• Consumers 

to recognize and act on the following reality:

Privacy, security, and safety are not optional features. They are legal rights.

This material is provided for informational and educational purposes only and does not constitute legal advice. Readers should consult qualified legal counsel for advice regarding specific legal matters.