Blog · Review Essay · Last reviewed June 24, 2026

Predict and Surveil and the Suspicion Machine

Sarah Brayne's Predict and Surveil: Data, Discretion, and the Future of Policing is an inside account of big data policing at the Los Angeles Police Department. Its AI-era value is precise: it shows that automated systems do not abolish discretion. They relocate discretion into data collection, vendor platforms, risk categories, alerts, dashboards, investigative habits, legal workarounds, and organizational routines that become harder for the public to see.

The suspicion machine is not just a predictive model. It is the whole chain that turns weak, partial, or uneven signals into reasons for state attention: collection, integration, scoring, interface design, human interpretation, enforcement action, record retention, and later reuse. Its unit of analysis is the handoff from signal to action to record.

The Book

Predict and Surveil was published by Oxford University Press in 2020. Oxford Academic lists the book with DOI 10.1093/oso/9780190684099.001.0001, print ISBN 9780190684099, online ISBN 9780190684129, online publication date October 22, 2020, and print availability in December 2020. OUP product metadata lists the book at 224 pages with 14 black-and-white illustrations.

Brayne's subject is not a hypothetical future in which police might someday use algorithms. It is an empirical study of how a major police department already used big data, predictive analytics, surveillance technologies, civilian analysts, private platforms, and everyday police judgment. Stanford's profile of Brayne describes the book as drawing on ethnographic research inside the LAPD to understand the social implications of predictive analytics and new surveillance technologies in law enforcement.

That method matters. The book does not ask whether predictive policing is good or bad in the abstract. It follows how systems enter work: who buys them, who trusts them, who resists them, which data sources become relevant, which people become visible, which legal categories stop fitting, and how a department learns to treat data collection as part of policing itself.

This places the book beside Weapons of Math Destruction, Automating Inequality, Race After Technology, Dark Matters, The Black Box Society, and Seeing Like a State. Brayne adds the shop-floor view of the police data system: not the sales demo, not the policy memo, but the institution adapting around the machine.

Current Context

As of June 24, 2026, Brayne's LAPD case reads less like a specialized policing story and more like a map of public-sector AI under coercive authority. Predictive policing now sits beside real-time crime centers, automated license-plate readers, facial-recognition searches, body-camera transcription, report-drafting products, social-media intelligence, commercially available data, and vendor dashboards that assemble operational pictures for police and analysts.

The U.S. Office of Justice Programs published an April 2025 technology brief describing real-time crime centers as law-enforcement units that centralize criminal information and intelligence analysis, support monitoring and investigations, and raise questions about staffing, training, technology workflow, policies, and data management. DOJ's June 3, 2026 Model Cities Initiative announcement then listed real-time crime centers, license plate readers, artificial intelligence systems, small unmanned aircraft systems, and IT upgrades among eligible public-safety investments. That does not prove these systems work. It shows the category moving from pilot and vendor pitch into grant, procurement, staffing, and municipal budget decisions.

Generative AI adds a second layer. NIJ's June 2025 landscape study treats criminal-justice generative AI as a workflow technology for transcription, translation, investigation, decision support, and other tasks. In policing, that means a suspicion chain may now include not only a score or alert, but also a generated narrative, retrieval result, translated statement, body-camera summary, or case-support memo that later appears more settled than the underlying sources.

The EU AI Act makes part of this problem legally visible, even though it is not a U.S. policing settlement. The European Commission's current overview lists individual criminal-offence risk assessment or prediction among prohibited AI practices, while the official Article 5 formulation is narrower: it bars systems for assessing or predicting a natural person's risk of committing a criminal offence when based solely on profiling or personality traits and characteristics, with a carveout for systems supporting human assessment based on objective, verifiable facts directly linked to criminal activity. The overview also classifies some law-enforcement uses as high risk and names logging, documentation, human oversight, robustness, cybersecurity, accuracy, and discriminatory-risk controls among high-risk obligations. The lesson for this review is not "Europe solved it." It is that coercive prediction needs rules that attach to use, evidence, contestability, and institutional power, not only to model architecture.

U.S. governance remains more fragmented. NIST's AI Risk Management Framework is voluntary and general-purpose; NIST also notes that AI RMF 1.0 is being revised. NIST's face-recognition evaluations document that demographic effects and error-rate variation have to be measured in context. ODNI's commercial-information policy framework is intelligence-community guidance rather than local-police law, but it is a useful reminder that buying data does not remove privacy, civil-liberties, provenance, or retention duties. Vendor product pages can show that a capability exists; they are not independent evidence that the capability is lawful, accurate, fair, or safe in a specific deployment.

Discretion Moves Upstream

The book's central lesson is that data-driven policing does not remove human judgment. It changes where judgment happens. A patrol officer's stop, a detective's hunch, or an analyst's search may still matter. But the earlier layers now matter too: what gets digitized, which datasets are integrated, what a vendor platform makes searchable, how a category is defined, which locations receive attention, what counts as a useful association, and which outputs become trusted enough to guide action.

This is the institutional form of a familiar AI problem. Organizations adopt systems in part because they promise neutrality, scale, efficiency, and a way out of human bias. The output then appears to arrive from the machine rather than from the sequence of choices that made the machine's answer possible. But the choices do not disappear. They move into training data, model design, procurement, access control, thresholds, dashboard defaults, data-sharing agreements, and work routines.

Brayne's LAPD case is useful because the stakes are severe. A risk flag, network association, hotspot, or alert can direct state attention toward bodies, homes, cars, neighborhoods, and social ties. A flawed recommendation is not only an error. It can become a knock at the door, a patrol pattern, a watchlist, a search, an intensified record, or a justification that survives longer than the moment that produced it.

The result is a suspicion machine. It does not merely find suspicion. It lowers the threshold for official attention, packages uncertainty as operational knowledge, and leaves a record that can be retrieved later as if it were independent evidence. An audit that begins only at the final score arrives too late.

Dragnet Surveillance

One of Brayne's key distinctions is between dragnet and directed surveillance. Dragnet surveillance gathers and analyzes information on everyone, not only people already under suspicion. Oxford Academic's chapter abstract emphasizes that dragnet systems widen and deepen social oversight: more people enter law-enforcement systems, people with no direct police contact become included, and police data systems draw from institutions not usually treated as crime-control apparatuses.

This is not just more information. It is a change in the threshold for becoming police-readable. A person may become visible because of a location trace, a database relation, an association, a license plate, a service call, a third-party record, a social network tie, a residence, or someone else's institutional contact. The system expands the surface area from which suspicion can be assembled.

The strongest part of Brayne's analysis is her refusal to treat this expansion as inevitable. Mass digitization makes dragnet surveillance possible, but possibility is not destiny. Agencies choose which systems to buy, which data to integrate, which vendors to trust, which people to query, which communities to treat as data-rich targets, and which legal or political objections to route around. Surveillance is not an automatic side effect of data. It is an institutional project.

That distinction is crucial for AI governance. It is easy to say a model merely uses available data. Brayne shows why availability itself has to be investigated. Data becomes available because institutions made it collectible, interoperable, retained, shared, searchable, and operationally useful. The politics begins before the model runs.

This is why data provenance is not a clerical detail. A source label should say whether a signal came from a witness, a live camera, an old arrest record, a data broker, a hot list, a social-media scrape, or an analyst inference. Without that label, dragnet data turns into context without accountability.

Directed Suspicion

Directed surveillance narrows the field toward people and places deemed suspicious. The book's chapter on predictive policing and quantified risk describes person-based and place-based systems, crime-pattern analysis, algorithmic risk scoring, patrol direction, and the cycle of collection, analysis, intervention, and response. The important word is "cycle." Predictive policing is not a single prediction dropped into neutral space. It is a workflow that sends attention somewhere and then turns the result of that attention into new data.

That makes the recursive loop obvious. If police patrol one place more intensely, they may record more incidents there. If those records feed future analysis, the location can become increasingly legible as risky. If risk justifies more patrol, the system can convert historical enforcement into apparent statistical evidence. The model is inside the social world it claims to measure.

The recursive danger is not only biased patrol allocation. It is record manufacture. A location becomes data-rich because it is watched, and then data richness becomes evidence that it deserves watching. The interface calls this pattern recognition; the institution may experience it as confirmation.

Brayne is careful about how officers use these systems. They do not simply obey algorithms. They interpret, ignore, adapt, supplement, and explain them through local knowledge, occupational culture, experience, fear, and organizational incentives. That complexity does not make the systems harmless. It means the system's effects cannot be understood by reading the code alone.

For AI systems more broadly, this is the missing middle. The real question is often not "What did the algorithm output?" but "How did the institution learn to use that output?" The same model can become advisory, decorative, coercive, or legitimating depending on workflow, authority, paperwork, training, incentives, and the cost of disagreeing with the machine.

When the Watcher Is Watched

One of the book's most revealing moves is that it studies police resistance to being surveilled. The same technologies that make civilians visible can also make officers visible to managers: location tracking, sensors, performance data, reporting systems, recordings, and analytics that threaten autonomy and experiential judgment. Oxford Academic's chapter abstract frames this as workplace surveillance, deskilling, managerial control, and old divisions inside the LAPD reappearing through new tools.

This matters because it exposes the social meaning of surveillance from inside the institution. Officers often understand function creep, context collapse, and managerial reuse when they are the ones being measured. They know that data collected for one purpose can be used for another. They know that a location record can become a discipline record. They know that visibility changes behavior.

Brayne does not turn that into a comforting symmetry. Police discomfort with internal surveillance does not automatically produce solidarity with the people police surveil. But the tension is analytically valuable. It shows that objections to data capture are not irrational technophobia. They are ordinary institutional knowledge about how records travel once they exist.

This is also a labor lesson. AI and data systems often arrive as tools for better service, safer operations, or smarter allocation. They can also become management systems. Workplace analytics, driver monitoring, warehouse scoring, call-center QA, teacher dashboards, and coding-agent telemetry all share the same question: who is made measurable, who sees the measurement, who can contest it, and what decisions can be attached later?

Inequality Under Objectivity

The book's inequality chapter is careful because it does not deny every possible benefit of data. Data can expose patterns of officer behavior, check claims about fairness, and sometimes constrain arbitrary judgment. But Brayne's argument is that current data-driven systems can also reproduce inequality while looking cleaner than the practices they extend.

Oxford Academic summarizes four mechanisms: deeper surveillance of people already under suspicion, secondary surveillance of people with no direct police contact, unequal widening of the criminal-justice dragnet, and avoidance of institutions that collect data but also support social integration. The last point is especially important. Surveillance does not only act at the moment of police contact. It can change whether people seek medical care, education, work, financial services, public benefits, or other forms of help because institutional contact becomes risky.

This is where "data-driven" becomes a misleading comfort phrase. The phrase suggests a system led by evidence rather than prejudice. Brayne shows a more difficult pattern: evidence itself is socially produced. Some people and places are over-observed. Some harms are under-recorded. Some categories reflect institutional priorities. Some associations become suspicious because a system has been built to look for them. The database can then return the old hierarchy as a fresh discovery.

The AI-era version appears wherever models summarize, score, flag, rank, or route people through institutions. The system may not need an explicitly protected variable to reproduce unequal exposure. It may need only an uneven record, a proxy, a feedback loop, a vendor metric, a narrow task definition, and an organization eager for administratively usable certainty.

This is the policing counterpart to the digital poorhouse. A system can punish people not only by denying a benefit or directing a patrol, but by making ordinary institutional contact dangerous. When records travel across domains, people learn to avoid the hospital, school, benefit office, shelter, job program, or police call because help may also become data.

Law After the Data Trail

Brayne's legal analysis is one of the book's strongest bridges to current AI governance. The chapter on algorithmic suspicion argues that existing legal frameworks are too narrow for big data policing. Concepts such as individualized suspicion, exclusion, and search doctrine do not map cleanly onto systems where data has a life course: collected in one place, integrated elsewhere, analyzed later, translated into a score, used to guide an encounter, and then converted into new institutional memory.

That life course is where accountability gets lost. If each legal question examines only one moment, the system can avoid scrutiny by distributing the consequential act across many small steps. Collection looks routine. Integration looks administrative. Scoring looks analytic. Patrol direction looks operational. The stop looks discretionary. The final report looks factual. No single piece carries the whole burden, but together they form a machinery of suspicion.

The book also highlights information asymmetry. People affected by these systems often cannot know what data was used, what associations were inferred, which vendor system contributed, whether a score mattered, or how to challenge the record. In legal and administrative settings, that asymmetry can turn due process into a theater of partial visibility.

The practical question is not only whether a search, stop, or warrant was legal at one visible moment. It is whether the defense, court, public-records officer, inspector general, or civil-rights investigator can reconstruct the path by which a dashboard output, analyst note, hot-list hit, camera search, or generated report entered the case. That puts Brayne's legal chapter beside this site's work on synthetic evidence, AI-drafted police reports, and audit trails.

This is now a general problem for AI-mediated institutions. A public agency, employer, school, hospital, insurer, bank, court, or platform can route decisions through layers of models, retrieval systems, vendor APIs, human review, and policy classifiers. If the affected person sees only the final answer, accountability has already failed.

The AI Reading

Read in 2026, Predict and Surveil is not only a policing book. It is a manual for recognizing how institutions become machine-readable before they become automated. The LAPD case makes the process visible because policing is unusually coercive, but the pattern travels: data is collected, categories harden, vendors mediate access, dashboards create operational truth, human discretion is rearranged, and the institution starts acting through the record it has learned to trust.

The book is especially useful against two false stories. The first says automated systems replace human judgment. The second says human judgment remains in charge because a person still reviews or acts. Brayne shows the more important middle: human and machine arrangements compose judgment together. The system shapes what humans see, what they ignore, how they justify action, and which kinds of uncertainty survive long enough to matter.

That is the bridge to agents, copilots, fraud systems, welfare analytics, workplace dashboards, student-risk models, safety classifiers, medical triage, real-time crime centers, 9-1-1 copilots, drone first response, and government chatbots. The danger is not only a bad prediction. It is the creation of an institutional environment where prediction, classification, and retrieval make some realities easier to act on than others.

The generative-AI layer makes source discipline harder because the output can look like ordinary administrative prose. A generated incident summary, report draft, translation, redaction, or investigative lead may compress uncertainty, omit source boundaries, or overstate confidence unless the workflow preserves the inputs, prompt or query, model version, reviewer action, and final human changes. The problem is not that prose is generated. It is that generated prose can become the clean memory of a messy encounter.

The review shelf often returns to legibility and recursive reality because those concepts make this exact process visible. Legibility is not neutral seeing. It is seeing for an administrative purpose. Recursive reality appears when the act of seeing changes the world being seen, then treats the changed world as new evidence. Big data policing is one of the clearest cases: the map changes patrol, patrol changes records, records change the map.

Governance and Safety

Governance should follow the suspicion chain, not only the model. A useful audit must ask where the data came from, why it was collected, what legal authority allowed access, which vendor system processed it, what version was used, what query or alert triggered attention, what threshold mattered, who reviewed the output, what action followed, and how the record will be retained, corrected, or deleted.

The minimum control is a suspicion ledger: dataset source and legal basis, vendor and product version, model or rule version, query terms, alert trigger, confidence or score where one exists, human reviewer, override or disagreement, enforcement action, disclosure status, retained record, correction path, appeal path, and retention rule. Without that chain, an affected person may be asked to contest a conclusion whose causes are hidden across procurement files, data brokers, APIs, analyst notes, and patrol reports.

Some uses should trigger a pause or no-go rule. Do not deploy a policing analytics system when the agency cannot identify the source data, legal authority, update policy, retention rule, error channel, disclosure path, vendor dependencies, or affected decision. Do not use an individual crime-risk prediction that rests only on profiling, proxies, personality traits, or stale institutional contact. Do not connect sensitive places or protected activity to routine search without heightened authorization, narrow purpose, expiry, and independent review.

Procurement should carry the same burden. Contracts for policing analytics need audit rights, model and data-change notice, data minimization, limits on secondary use and vendor training, export and exit rights, public-records support, civil-rights testing, cybersecurity duties, retention limits, incident reporting, and clear rules for community oversight. A city that buys a dashboard without these terms is not only buying software. It is delegating part of its public memory.

Human oversight also has to be real rather than decorative. Reviewers need evidence access, training, time to disagree, authority to refuse action, a way to record disagreement, and a route to correct systemic errors. A person in the loop is not meaningful if the workflow, management incentives, or legal paperwork make the machine-shaped answer the path of least resistance.

Governance also needs a public inventory. Residents should be able to see which systems exist, what data they ingest, what decisions they affect, who operates them, whether a vendor can reuse the data, what audits have happened, what incidents occurred, and when the authority expires. This is where system inventory, impact assessment, and public-register work become concrete rather than procedural decoration.

Safety cuts both ways. Evidence trails are necessary for accountability, appeals, audits, and incident review, but they can become new surveillance assets. Audit design therefore needs minimization, redaction, role-based access, segmentation, retention schedules, and public reporting that preserves contestability without converting every oversight artifact into another permanent dragnet record.

Where the Book Needs Friction

The book's strengths create some of its limits. LAPD is a strategic and unusually data-intensive case, not a statistical sample of all police departments. That is not a flaw, but it should guide how the book is used. It shows processes in high relief: vendor influence, data integration, predictive systems, organizational resistance, and the politics of surveillance. It does not prove that every agency follows the same path.

The book also predates the current wave of generative AI, multimodal models, real-time transcription, body-camera summarization, agentic search, synthetic evidence, and model-mediated police reports. Those systems intensify the book's questions rather than replacing them. The same issues now appear at new layers: who writes the first draft, who controls retrieval, what counts as a source, how memory is retained, and whether a generated summary becomes more durable than the scene it claims to describe.

Readers looking for an abolitionist argument, a technical audit manual, or a full legal reform blueprint will need companion sources. Brayne gives something different: a sociological account of how big data actually enters a coercive institution and how that institution changes around it.

There is also a temptation to use the book as a generic anti-technology argument. That would flatten its value. Brayne's strongest claim is not that data can never help. It is that data systems are social, institutional, and political all the way down. That makes accountability harder, not optional.

What This Changes

Predict and Surveil changes the question from "Is the algorithm biased?" to "Where did discretionary power move?" That is a better question because it follows the whole system: collection, integration, procurement, scoring, interface design, analyst practice, officer judgment, legal categories, community exposure, management pressure, and the afterlife of records.

It also changes what counts as transparency. Publishing a model description or variable list is not enough if the public cannot see how the system is used, which people are pulled into its orbit, what data sources were joined, whether officers or analysts can override it, how records are corrected, and what consequences follow from a risk label.

The book's final value is diagnostic. Whenever an AI or data system enters an institution, ask what it makes easier to see, what it makes harder to contest, what it teaches workers to believe, what it asks affected people to prove, and how its outputs return as future evidence. In policing, those questions are urgent because the institution can impose force. In other domains, they are still the right questions because the same machinery can deny care, shape work, allocate suspicion, close appeals, and train reality to fit the dashboard.

Brayne's book is therefore a warning about the administrative life of prediction. A model does not need to be sovereign to be dangerous. It only needs an institution willing to treat machine-readable suspicion as a reason to act.

Source Discipline

This review separates five kinds of evidence. Brayne's book and Oxford chapter abstracts support claims about the LAPD ethnography and the concepts of dragnet surveillance, directed surveillance, police pushback, inequality, and algorithmic suspicion. Publisher and author pages support bibliographic and author-context claims. Regulator and standards materials support current governance context. Vendor pages support only narrow claims that particular products or features are advertised. Reviews and event pages are secondary context, not authority for factual claims about deployments.

That separation matters because surveillance technology is often sold through safety language, efficiency claims, and selective demos. A product page can describe a workflow; it cannot by itself prove field accuracy, civil-rights compliance, legal sufficiency, or community consent. Claims about bias, error, legality, and safety should name the system, version, setting, population, metric, audit method, and decision consequence. This page makes no claim that any AI system is conscious, divine, or AGI.

Sources

Book links are paid affiliate links. As an Amazon Associate I earn from qualifying purchases.


Return to Blog · Return to Books