What banning AI surveillance should look like, at a minimum (gabrielweinberg.com)

An authorial proposal urges Congress to adopt an AI-specific privacy law that targets the unique risks of AI surveillance rather than waiting for a broader privacy statute. The core prescription: create bright-line bans on clearly harmful practices (identity theft, deceptive impersonation, unauthorized deepfakes, and similar manipulative uses), subject borderline or consequential applications to heightened scrutiny (AI-assisted law enforcement, predictive policing, loan decisions, health-data processing)—requiring human review, audits, and explicit opt‑in—and make all other profiling transparent with easy opt-outs. The piece also recommends enumerating consumer AI rights (access, correction, deletion, portability, notice, transparency, opt-out, human review) or imposing duties of care/loyalty on data holders (minimization, prohibiting secondary uses without consent), while remaining framework-agnostic about how to legislate. For the AI/ML community this spells concrete compliance and design requirements: models and pipelines must support data minimization, consented secondary-use controls, auditing and explainability hooks, and run-time disclosures that tell users when they’re interacting with AI and what inferences are being made. Allowing states to strengthen — not undercut — federal minimums acknowledges rapid change and distributed governance. The author argues these safeguards won’t stifle innovation; instead, they can build trust necessary for broader adoption while constraining high-risk surveillance uses.