Quantcast Wilmington Divorce Attorney
105 N 6th Street |
info@ricefamilylaw.com
+1-910-762-3854

Rice Law Blog

Privacy and Surveillance in North Carolina: A Legal and Practical Framework for Individuals at Risk of Exposure

,

Mark Spencer Williams
Rice Law, PLLC · Wilmington, North Carolina
www.RiceFamilyLaw.com 
White Paper · June 2026

Disclaimer: Use of the information in this article does not create an attorney-client relationship. If you are involved in litigation, some of the suggestions in this article may run afoul of the requirements to preserve data or a protective order which may exist in your case. Under any circumstance, you should consult with your attorney or a licensed North Carolina attorney for legal advice. This information is intended for general informational purposes only on North Carolina law and does not constitute legal advice. Laws vary by jurisdiction, and you should consult a licensed attorney for advice regarding your specific situation.

Executive Summary

Personal privacy in the United States has shifted from a default condition to a managed one. A combination of constitutional doctrine, technological capability, and a mature commercial data market has expanded the volume of information that can be observed, retained, and later reconstructed about an individual—by government and private actors alike. Activity conducted in public, and the data generated by ordinary devices, can be collected and reassembled long after the fact.

This paper sets out the legal foundations that govern surveillance and data access, with particular attention to North Carolina, and explains how that framework intersects with an interconnected ecosystem of cameras, data brokers, mobile tracking, and artificial-intelligence analytics. It then identifies the doctrinal pressure points now in active litigation—geofence warrants, digital location data, and biometric access among them—and outlines, at the level of principle, how individuals can lawfully reduce unnecessary exposure. Implementation steps are addressed separately in a companion guide; this document is concerned with the framework, not the checklist.

The central conclusion is straightforward. Privacy today is best understood not as secrecy but as control over exposure. The individuals best positioned to make sound decisions—about what they share, how they communicate, and how they respond to legal process—are those who understand how the data is generated and used in the first place.

I. Privacy as a Managed Condition

In 1949, George Orwell published Nineteen Eighty-Four, a warning against a society of pervasive state surveillance drawn from the totalitarian regimes of his era. The warning was meant as caution, not forecast. Yet much of the architecture Orwell imagined now exists—assembled not by a single ministry but by the combined output of public agencies and a private data economy that monetizes observation at scale. The United States, which defines itself by individual liberty, has become one of the most thoroughly surveilled societies in the world.

This is not a claim that constant monitoring is occurring against any particular person. It is an observation about capability and availability: the data exists, it is retained, and it is increasingly accessible—by purchase, subpoena, warrant, or breach. A realistic privacy posture begins by treating exposure as the baseline and protection as the deliberate exception.

II. Constitutional Foundations

The Constitution constrains the government, not private actors

The Fourth Amendment restrains the government. It does not, by its own force, restrain private citizens or companies. Conduct by private actors—a data broker compiling a profile, an investigator following a target—is governed instead by statute and tort law, which provide narrower and less uniform protection. Understanding the source of a given right is the first step in assessing where it does, and does not, reach.

The reasonable-expectation-of-privacy test

Modern Fourth Amendment analysis turns on whether a person has a reasonable expectation of privacy in the place or information at issue.[1] As a general rule, there is no such expectation in what is knowingly exposed to the public—movements on public roads, activity visible from a lawful vantage point, and the exterior of one’s person and vehicle. What can be seen in public is, for constitutional purposes, largely fair game.

The third-party doctrine

A related principle holds that information voluntarily disclosed to a third party generally loses Fourth Amendment protection.[2] Because so much of modern life runs through intermediaries—carriers, banks, platforms, and applications—this doctrine reaches an extraordinary volume of personal data. It is also the doctrine under greatest strain, as courts confront the difference between a single record voluntarily shared and the comprehensive digital dossier that aggregation now makes possible.

Erosion at the digital edge

The Supreme Court has repeatedly declined to apply older analog rules mechanically to digital surveillance. Attaching a GPS tracker to a vehicle to monitor its movements is a search.[3] Using sense-enhancing technology not in general public use to perceive the interior of a home is a search.[4] Searching the contents of a cell phone seized on arrest generally requires a warrant.[5] And the acquisition of historical cell-site location information—a continuous record of a person’s movements held by a carrier—generally requires a warrant, notwithstanding the third-party doctrine and subject to exceptions such as exigent circumstances.[6] These decisions share a theme: the aggregation of data over time can reveal far more than any single observation, and the law is adjusting, unevenly, to that reality.

Key takeaway. Constitutional privacy protections bind the government, not private actors — and the doctrines that once limited surveillance are eroding as courts confront data aggregated over time.

III. North Carolina’s Distinct Landscape

North Carolina law diverges from the national picture in several respects that materially affect privacy, and these distinctions are frequently overlooked in general guidance.

Open fields and wildlife officers

Under the open-fields doctrine, land outside the curtilage of a home receives no Fourth Amendment protection.[7] In practice, this allows wildlife officers and other authorized law enforcement to enter forests, pastures, and fenced or unfenced acreage—even past posted no-trespassing signs—without a warrant and without articulable suspicion when checking for wildlife violations. The doctrine’s application to modern practices, including the placement of concealed trail cameras on private land, is now being challenged in litigation in several states, including a North Carolina matter.[8] Its limits are unsettled.

Vessel inspections

North Carolina courts have upheld stopping a vessel on the state’s waters for a safety inspection without a warrant or individualized suspicion of wrongdoing.[9] These are framed as safety inspections; in practice they also furnish a lawful occasion to observe other potential violations.

License-plate obfuscation is prohibited

Although reflective covers, photo-blocking films, and similar products are marketed as defenses against automated cameras, covering a plate so that its required characters are rendered illegible is unlawful in North Carolina—an infraction under the motor-vehicle code.[10] Individuals should not attempt to defeat plate readers by these means. The lawful response to automated surveillance is to understand it, not to commit a separate offense in evading it.

Private-actor tracking and identification

North Carolina’s cyberstalking statute generally makes it unlawful to place an electronic tracking device on a vehicle without consent, but it carves out a narrow exception for a private investigator, licensed under Chapter 74C, who tracks pursuant to statutory authority, not otherwise contrary to law, and not against a person protected by a domestic-violence or other qualifying protective order.[11] Within those limits, a private investigator may lawfully track a vehicle in circumstances where the same conduct by law enforcement would require a warrant. Separately, North Carolina has enacted no general “stop-and-identify” statute compelling a person to produce identification on demand,[12] though practical exceptions exist; the gap between the legal rule and the realistic on-the-ground calculus is addressed in the companion guidance.

Key takeaway. North Carolina departs from the national baseline in ways that widen exposure — from open-fields entry to warrantless vessel stops — and these state-specific rules are easy to overlook.

IV. The Surveillance Ecosystem

Contemporary surveillance is not principally a matter of officers in the field. It is an interconnected ecosystem in which observation is captured, retained, and resold, then made available to government and private buyers. Its principal components include the following.

Automated license plate readers and camera networks

Public and private camera systems—including commercial networks such as those operated by Flock Safety—capture license plates, images, and associated metadata that are tied to searchable databases. Access frequently crosses jurisdictional lines: agencies in one state routinely query camera data captured in another, and tens of thousands of searches against a single community’s drivers can occur in a short period.[13] Mapping projects such as Deflock allow individuals to assess the density of such cameras along a given route. The aggregate effect approaches a continuous record of vehicle movement—precisely the kind of comprehensive tracking that GPS jurisprudence treats with suspicion, though the constitutionality of pervasive ALPR networks remains untested.

Data brokers and people-search services

Data brokers compile and sell large volumes of personal information—identity and contact data, marketing and purchase histories, financial indicators, and health-adjacent signals drawn from connected devices and transactions. Much of this is available to anyone willing to pay, and a search of common people-search services will often reveal a surprising amount about an individual.

Mobile location data and advertising identifiers

Applications generate location and behavioral data keyed to mobile advertising identifiers. Although nominally anonymous, such identifiers can be correlated with other records to re-identify individuals, and commercial tools have packaged this data for law-enforcement use.[14] The result is a parallel location-tracking capability assembled entirely from the commercial market, outside the warrant process.

Artificial-intelligence data integration

Analytics firms—Palantir prominent among them—integrate disparate data sources into consolidated profiles that are then sold to government agencies; United States Immigration and Customs Enforcement is among the largest customers for such capabilities. Cloud storage, smart-home devices, and vehicle telematics add further streams, much of it retained in forms accessible to the provider and, through the provider, to legal process.

Disclosed government capability

Public disclosures establish that the government has, at various times, collected communications at scale and developed exploitation capabilities.[15] Commercial spyware has compounded the concern: tools such as Pegasus, developed by the private firm NSO Group, can in some configurations compromise a device with little or no user interaction. The Federal Bureau of Investigation acquired and tested Pegasus but has stated it made no operational use of it and decided against deployment.[16] The responsible posture is neither to assume the maximum capability against any individual nor to dismiss the documented record; it is to plan on the assumption that sophisticated actors may exceed publicly known limits.

Key takeaway. Most modern surveillance is commercial: data is captured, retained, and resold, then reaches government and private buyers through purchase, subpoena, or breach.

V. Geofence and Reverse-Location Warrants

A geofence warrant—also called a reverse-location warrant—compels a provider to disclose data on all devices present within a defined geographic area during a defined window. It is used when law enforcement knows the time and place of an event but not the suspect, and it converts everyone in the vicinity into a candidate. The technique’s constitutionality is contested in a way that will outlast any single decision. The Fifth Circuit has held that the use of geofence warrants, at least as presented to it, is unconstitutional—likening them to “modern-day general warrants”—while nonetheless affirming on the good-faith exception.[17] The en banc Fourth Circuit, expressly disagreeing with the Fifth, affirmed the denial of suppression across a fractured set of opinions in which the good-faith exception again figured centrally.[18] Because North Carolina lies within the Fourth Circuit, Chatrie—not Smith—controls federal Fourth Amendment questions in the federal courts here; Smith is persuasive only, and state courts applying the North Carolina Constitution are not bound by either. The geofence question has drawn the Supreme Court’s attention, and because this area moves quickly, counsel should independently confirm the current posture of Chatrie and any certiorari proceedings before relying on this section. However the question is ultimately resolved, the issue will remain a live frontier: a ruling for the government will channel the contest into statutory and state-constitutional challenges, while a ruling against it will reshape how providers respond to future demands.

The structural risk extends beyond any single case. A jurisdiction prohibited from maintaining a registry of gun owners could approximate one by requesting geofence data for everyone near firearms retailers; the same method could be turned to religion, political activity, or sexual orientation by reference to the locations associated with each. The danger is not the individual warrant but the latent capacity for inference at population scale.

Key takeaway. Geofence warrants turn proximity into suspicion. With the federal circuits split, reverse-location data will remain a contested frontier however the courts ultimately resolve it.

VI. Federal Surveillance Authorities

Several federal authorities permit collection that reaches U.S. persons. Section 702 of the Foreign Intelligence Surveillance Act authorizes warrantless targeting of non-U.S. persons abroad; communications of Americans who interact with those targets may be collected “incidentally” and later queried by agencies without a separate warrant.[19] That authority was reauthorized and amended in 2024 and, as of mid-2026, continues under a series of short-term extensions while Congress remains divided over whether a warrant should be required to query Americans’ data.[20] Other authorities—the USA PATRIOT Act’s provisions for delayed-notice warrants, business-records access, and roving wiretaps, and Executive Order 12333’s framework for foreign-intelligence activity—further expand the government’s reach, and U.S. citizens abroad enjoy comparatively thinner protection.[21] The practical takeaway is not that every communication is monitored, but that the lawful mechanisms for collection are broad, evolving, and incompletely transparent.

Key takeaway. Federal collection authorities that reach U.S. persons are broad, evolving, and incompletely transparent; assume the lawful mechanisms are wider than the public record shows.

VII. Artificial-Intelligence Queries as Evidence

A newer exposure deserves specific attention. Law enforcement has begun obtaining records of individuals’ interactions with generative-AI systems, using those queries both as direct evidence and as proof of state of mind.[22] A federal warrant has been served on a major provider, and a defendant’s chatbot history has featured as evidence in at least one prosecution. Whether such interactions carry any evidentiary privilege is unsettled, and users should assume that queries to consumer AI tools may be retained and disclosed through legal process.

Key takeaway. Queries to consumer AI tools may be retained and produced through legal process, and likely carry no privilege — treat them as discoverable.

VIII. Litigation Exposure

The abstractions above become concrete in litigation. In criminal matters, investigators routinely assemble evidence from a subject’s own devices—phones, smartwatches, home cameras, vehicle infotainment systems, computers, tablets, and connected peripherals—to corroborate or contradict statements the subject has made. Combined with the public-domain record of cameras and plate readers, this leaves little of an individual’s movements or communications genuinely private once an investigation begins.

In civil litigation—family law disputes prominent among them—the same exposure runs through discovery and the subpoena power. Phone records, financial and banking records, location history, social-media activity, and medical and educational records can be compelled and, taken together, reconstruct a detailed account of a person’s whereabouts, relationships, and habits. For individuals with significant assets or professional obligations, this is the practical core of the privacy problem: information generated in the ordinary course of life becomes evidence in the extraordinary moment of a dispute.

Cross-border travel adds a further dimension. The laws of other countries differ, and a refusal to unlock a device at a border may simply result in denial of entry—no different in kind from the United States’ treatment of non-citizens who decline to unlock their devices. The scope of warrantless device searches at the United States border is itself unsettled and varies by circuit, so travelers should understand the rules and the surveillance practices of any destination in advance.

Key takeaway. In both criminal and civil litigation, the ordinary data of daily life becomes evidence — most acutely in high-asset family disputes, where discovery and subpoena reach nearly everything.

IX. Reducing Exposure: Principles

No strategy eliminates exposure, and every protection carries a cost in convenience or functionality. At the level of principle—implementation is addressed in the companion guide—meaningful risk reduction rests on a small number of ideas. Secure the devices themselves, through encryption, strong authentication, and current software. Minimize the data created in the first place, not merely the data shared, since information never generated cannot be compelled. Prefer communication tools that limit retention and provide end-to-end encryption. Exercise discipline over location data and the permissions granted to applications. Preserve, in any encounter with law enforcement, the right to remain silent and the right to decline consent to a search. And treat every protection as a conscious trade-off, adopted where the stakes justify the cost and declined where they do not.

X. Limitations and Conclusion

Two limitations bear emphasis. First, privacy protections are not absolute; they manage risk rather than eliminate it. Second, the law in this area is moving quickly and varies by jurisdiction and by fact—several propositions in this paper depend on litigation that may be resolved soon after publication. This document is general in nature and does not constitute legal advice.

With those caveats, the framework is durable even as the details shift. The individual who understands how data is generated, retained, and obtained is the individual best equipped to decide what to share, how to communicate, and how to respond when private information becomes the subject of legal process.

Privacy is not secrecy. It is control over exposure.

If the exposure described in this paper applies to your circumstances — a separation, a business dispute, an investigation, or simply a public profile worth protecting — the step-by-step protections that follow from these principles are set out in our companion implementation guide, The Privacy Protection Playbook. For counsel applied to your specific facts, Rice Law is available to help.

Notes

  1. Katz v. United States, 389 U.S. 347 (1967) (establishing the “reasonable expectation of privacy” test).
  2. Smith v. Maryland, 442 U.S. 735 (1979) (no reasonable expectation of privacy in information voluntarily conveyed to a third party).
  3. United States v. Jones, 565 U.S. 400 (2012) (installation of a GPS tracker on a vehicle to monitor its movements is a Fourth Amendment search).
  4. Kyllo v. United States, 533 U.S. 27 (2001) (use of sense-enhancing technology not in general public use to obtain information about a home’s interior is a search).
  5. Riley v. California, 573 U.S. 373 (2014) (police generally must obtain a warrant before searching a cell phone seized incident to arrest).
  6. Carpenter v. United States, 138 S. Ct. 2206 (2018) (acquisition of historical cell-site location information is a search that generally requires a warrant, subject to established exceptions such as exigent circumstances; declining to extend the third-party doctrine mechanically to digital location data). The decision is expressly narrow and does not resolve every digital-location question.
  7. Oliver v. United States, 466 U.S. 170 (1984); Hester v. United States, 265 U.S. 57 (1924) (the “open fields” doctrine: areas outside the curtilage of a home receive no Fourth Amendment protection).
  8. See Institute for Justice, “Open Fields” litigation (challenging warrantless entry and trail-camera surveillance of private land by wildlife officers, including the North Carolina matter of Josh Highlander). The constitutionality of the doctrine as applied to modern surveillance is the subject of ongoing litigation in several states.
  9. State v. Pike, 139 N.C. App. 96, 532 S.E.2d 543 (2000) (upholding a suspicionless safety inspection of a vessel on North Carolina waters by a Wildlife Resources Commission officer; the court emphasized the specific circumstances and expressly declined to extend its holding to other factual situations); see N.C. Gen. Stat. ch. 75A (Boating and Water Safety).
  10. N.C. Gen. Stat. § 20-63(g) (covering a registration plate with a frame or a transparent, clear, or tinted cover that renders a required number, letter, the State name, or a registration sticker illegible is an infraction, penalized under N.C. Gen. Stat. § 14-3.1). This is an infraction, not a misdemeanor; separate, more serious statutes govern displaying a fictitious or altered plate.
  11. N.C. Gen. Stat. § 14-196.3(b)(5)(k) (excepting from the cyberstalking statute’s prohibition on placing an electronic tracking device without consent a private investigator licensed under Chapter 74C, provided the tracking is pursuant to G.S. 74C-3(a)(8), is not otherwise contrary to law, and the person tracked is not protected by a domestic-violence or other qualifying protective order); see 2015 N.C. Sess. Laws 282 (S.B. 238). A violation of the statute is a Class 2 misdemeanor. § 14-196.3(d).
  12. North Carolina has enacted no general “stop and identify” statute compelling a person to produce identification on demand; the proposition rests on the absence of such a law. Cf. N.C. Gen. Stat. § 14-223 (resisting, delaying, or obstructing a public officer in the discharge of a duty), which may apply where a person obstructs an officer engaged in lawful duties.
  13. On the scale of automated license plate reader networks and cross-jurisdiction access, see reporting on Flock Safety and the Deflock mapping project; more than eighty North Carolina agencies have run searches against out-of-state camera networks. See also WLOS, “NC Senate considers bill to make highway license plate reader program permanent” (2025).
  14. On the resale of mobile advertising identifiers to law enforcement, see Electronic Frontier Foundation and Associated Press reporting on Fog Reveal (2022).
  15. Disclosures concerning the PRISM program (2013) and the WikiLeaks “Vault 7” release (2017) document certain government collection and exploitation capabilities. The full extent of nation-state capability is not publicly known, and prudent risk assessment should neither assume the maximum nor dismiss the documented record.
  16. Pegasus is spyware developed by the NSO Group, a private Israeli firm; the “Pegasus Project” refers to the 2021 journalistic consortium that documented its use. The Federal Bureau of Investigation acquired and tested Pegasus beginning in 2019 but has stated it made no operational use of the tool and ultimately decided against deployment; the equipment reportedly remains in the Bureau’s possession. See The Guardian and The New York Times reporting (2022).
  17. United States v. Smith, 110 F.4th 817 (5th Cir. 2024) (holding the use of geofence warrants, “at least as described herein,” unconstitutional under the Fourth Amendment while applying the good-faith exception and affirming the denial of suppression; expressly “part[ing] ways” with the Fourth Circuit). Because North Carolina lies within the Fourth Circuit, Smith is persuasive authority only and does not govern North Carolina federal courts.
  18. United States v. Chatrie, 136 F.4th 100 (4th Cir. 2025) (en banc) (No. 22-4489) (affirming the denial of suppression across a fractured set of separate opinions tied heavily to the good-faith exception; the decision does not resolve every geofence question in a clean majority holding), aff’g on rehearing en banc the panel decision reported at 107 F.4th 319 (4th Cir. 2024). As the controlling Fourth Circuit authority, Chatrie—not Smith—governs federal Fourth Amendment questions in the federal courts of the Fourth Circuit, which includes North Carolina. Review of the geofence question has been sought at the Supreme Court; because this area is moving quickly, counsel should independently confirm the current docket status of Chatrie before relying on this paragraph.
  19. Foreign Intelligence Surveillance Act of 1978, § 702, codified as amended at 50 U.S.C. § 1881a. Section 702 authorizes targeting of non-U.S. persons reasonably believed to be located abroad; communications of U.S. persons may be collected “incidentally” and later queried.
  20. Reforming Intelligence and Securing America Act, Pub. L. No. 118-49 (2024) (reauthorizing and amending Section 702). As of mid-2026, the authority has been continued through a series of short-term extensions amid an unresolved dispute over whether agencies must obtain a warrant to query U.S.-person data. This is a fast-moving area; confirm the current status of Section 702 immediately before relying on this section.
  21. Exec. Order No. 12333 (United States Intelligence Activities), as amended; Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001.
  22. On law-enforcement acquisition of generative-AI query records, see reporting on the first federal search warrant served on OpenAI and the 2025 arson prosecution in which a defendant’s ChatGPT history was cited as evidence (CNN, Oct. 2025). Whether such queries enjoy any evidentiary privilege is unsettled.

About Post Author

Mark Spencer Williams

Have A Question?