Government and Private Entities Conspiring to
Track Everything You Do Online and Off
The police-corporate surveillance "complex" is being consolidated,
drawing ever-closer corporate tracking and government surveillance.
Americans' personal privacy is being crushed by the rise of a
four-headed corporate-state surveillance system. The four "heads"
are: federal government agencies; state and local law enforcement
entities; telecoms, web sites & Internet "apps" companies; and
private data aggregators (sometimes referred to as commercial
data warehouses).
Conventional analysis treats these four domains of data gathering
as separate and distinct; government agencies focus on security
issues and corporate entities are concerned with commerce. Some
overlap can be expected as, for example, in case of a terrorist
attack or an online banking fraud. In both cases, an actual
crime occurred. But what happens when the boundary separating or
restricting corporate-state collaboration, e.g., an exceptional
crime-fighting incident, erodes and becomes the taken-for-granted
operating environment, the new normal? Perhaps most troubling,
what happens when the traditional safeguards offered by "watchdog"
courts or regulatory organizations no longer seem to matter? What
does it say that the entities designed to protect personal privacy
rights seem to have either been effectively "captured" or become
toothless tigers? In President Eisenhower's legendary 1960 farewell
address, he warned of the potential power of the military-industrial
complex. Ike's 20th century formulation represented the intertwining
of the U.S. military and private contractors to achieve two
complementary goals. First, it sought to help corporations make
guaranteed, cost-plus profits and to provide glide-path retirement
programs for the military brass. Second, it sought to influence
Congress and thus shape foreign policy, helping fulfill the then
just-emerging global imperialist strategy.
Today's corporate-state surveillance complex demonstrates a
comparable intertwining of U.S. policing forces and private companies
in the monitoring of domestic life. It is being implemented thanks to
the technology fruits of a half-century of the military-industrial
complex. The Defense Department created the Internet and what it
can do in Yemen it can do in Oakland. The global war on terrorism
is coming home!
In the wake of the Great Recession, we are living through a great
economic and social restructuring. The global world order is shifting
and, accordingly, America's class and social relations are being
reordered. Occupy Wall Street's formulation of the social crisis,
the 1% vs. the 99%, has become the shorthand descriptor of this
restructuring of American economic relations. No time is better to
impose high-tech social disciple then one marked by economic and
social crisis. The unanswered question is obvious: Are we witnessing
the formation of the high-tech police state?
To reiterate, the four-headed corporate-state surveillance
hydra consists of (i) federal agencies; (ii) state and local law
enforcement entities; (iii) telecoms, web sites & Internet "apps"
companies; and (iv) private data aggregators. The following overview
sketches out the parameters of the ever-growing domestic spy state,
how it's being implemented and some of the more egregious examples
of abuse of public trust if not the law.
#1 -- Federal Surveillance
The attacks of 9/11 and the subsequent (and endless) "war on terror"
continue to provide the rationale for an ever-expanding domestic
security state. The leading agencies gathering data on Americans
(and others) include the National Security Agency (NSA), Department
of Homeland Security (DHS) and Department of Defense (DoD) as well
as the FBI and IRS. In the wake of 9/11, the NSA took the lead in
federal domestic cyber surveillance, but in 2010 the NSA ceded this
authority to the DHS.
Personal information is gathered from a host of both public and
private sources. One source is "public records" that can range from
birth, marriage and death records; court filings, arrest records,
driver's license information, property ownership registrations (e.g.,
car or house), tax records, professional licenses and even Securities
and Exchange Commission filings. Another source is "private" records
from ChoicePoint and LexisNexis as well as credit reporting agencies
such as Equifax, Experian Information Solutions and Trans Union LLC.
The most Kafkaesque example of federal tracking efforts has been the
DHS Transportation and Safety Administration's (TSA) No-Fly List. As
of 2011, it was estimated to contain about 10,000 names. The list's
inherent absurdity was illustrated when, some years before his death,
Ted Kennedy discovered he (as "T. Kennedy") was on the list.
The No-Fly List is administered by the Terrorist Screening Center
(TSC) which cannot reveal whether a particular person is on the
list, nor does it have the authority to remove someone from the
list -- that's up to the FBI. The TSC also manages what is known
as the Terrorist Watch List. Administered by the FBI, the list,
according to an ACLU estimate, consists of 1 million names and is
continually expanding.
DHS also maintains the Automated Biometric Identification System
(IDENT) that has the fingerprints, photographs and biographical
information on 126 million people.
During the July 4, 2012, holiday weekend, Pres. Obama quietly
released a new Executive Order, "Assignment of National Security and
Emergency Preparedness Communications Functions." While ostensibly
seeking to ensure the continuity of government communications
during a national emergency, it grants new powers to the DHS over
telecom. It permits the agency to collect public communications
information and the authority to seize private facilities when
necessary. The Executive Order is legislation through the back door,
the Obama Administration's effort to implement a law that Congress
rejected in 2011.
Parallel to the DHS efforts, the FBI maintains a number of
operations tracking Americans. The Integrated Automated Fingerprint
Identification System (IAFIS) keeps fingerprint records of some 62
million people; it makes this resource available to 43 states and 5
other federal agencies. Soon, the agency will switch over to the NGI
(Next Generation Initiative), which will contain face recognition
searchable photos, iris scans, fingerprints, palm prints, and
a record of scars and tatoos. The FBI coordinates the Combined
DNA Index System (CODIS) that has DNA evidence from blood and
saliva sample on more than 10 million people. In addition, the FBI
maintains the Nationwide Suspicious Activity Reporting Initiative
(SAR) that includes some 160,000 reports on people who allegedly
acted suspiciously.
(These activities are separate from the recent revelation from
AntiSec that found on a FBI agent laptop a database of 12 million
Apple device owners' users unique identify, including owner's
personal information.)
In 2004, Congress established the National Counterterrorism Center
(NCTC) to serve as the "center for joint operational planning
and joint intelligence, staffed by personnel from the various
agencies." It maintains the Terrorist Identities Datamart Environment
(TIDE) that includes records on an estimated 740,000 people. Federal
authorities claim that less than 2 percent of the people on file
are US citizens or legal permanent residents. Earlier this year,
Att. Gen. Eric Holder extended the agency's ability to maintain
private information about U.S. citizens when there is no suspicion
that they are involved in terrorism from 180 days to five years.
The NSA's authority overrides 4th Amendment guarantees safeguarding
a citizen's right from unreasonable search and seizure through what
is known as a National Security Letter (NSL). In 2008, Congress
revised the Foreign Intelligence Surveillance Act freeing the
NSA from the bothersome requirement of having to prove probable
cause before intercepting a person's phone calls, text messages
or emails from someone in the U.S. suspected of involvement with
terrorism. Between 2000 and 2010 (excluding 2001 and 2002 for which
no records are available), the FBI was issued 273,122 NSLs; in 2010,
24,287 letters were issued pertaining to 14,000 U.S. residents.
In June 2011, the DoD originally launched a pilot program,
the Defense Industrial Base (DIB) Cyber Pilot, with 20 private
companies. It would allow intelligence agencies to share threat
information with private military contractors. Among the companies
who participated were Lockheed Martin, Northrop Grumman and Raytheon
as well as telcos AT&T, Verizon and CenturyLink. The telcos filter
incoming email for malicious software. In May 2012, DoD and DHS
announced plans to expand the program to 200 participants and the
DoD estimates that approximately 8,000 firms could potentially
participate.
DoD is aggressively promoting the Cyber Intelligence Sharing
and Protection Act of 2011 (CISPA), which recently passed the
House and is now before the Senate. Under this law, there would
be a significant expansion in sharing of information related to
"cyber hacking" (a very ill-defined term) between federal agencies,
including DoD, NSA and DHS, and private companies. The information
to be shared would cover both classified and unclassified data. The
ostensible purpose of such data sharing would be to protect the
nation's telecom networks and customers from hack-attacks. Sure.
#2 -- State and Local Law Enforcement
On July 9th, Rep. Ed Markey (D-MA) released the first set of findings
from the House's Bipartisan Congressional Privacy Caucus. It found
that over 1.3 million federal, state and local law enforcement data
requests were made to cellphone companies for personal records in
2011. Among the tracking information provided to law enforcement
entities were: geo-locational or GPS data, 911 call responses, text
message content, billing records, wiretaps, PING location data and
what are known as cell tower "dumps" (i.e., a carrier provides all
the phones numbers of cell users that connect with a discrete tower
during a discrete period of time).
In a separate and equally revealing disclosure, the ACLU found that,
based on records from over 200 local law enforcement agencies,
most law enforcement groups that engaged in cell-phone tracking
did not obtain a warrant, subpoena or other court order.
The Associated Press received a 2011 Pulitzer Prize for
revealing the role played by the New York Police Department's
(NYPD) secret demographics unit. It undertook a federally funded,
multi-million-dollar, multi-state surveillance program of Muslims in
the metro-NY area, involving citizens and noncitizens alike. Most
recently, the AP reported that, based on the testimony of one of
the program's senior executives, the NYPD failed to identify a
single attack or threat.
Another NYPD anti-terrorist program is known as the Domain
Awareness System (DAS). It was developed as a commercial partnership
between the NYPD and Microsoft at an estimated cost of $30 to $40
million. With DAS, investigators can track individuals or incidents
(e.g., a suspicious package) through live video feeds from some
3,000 CCTV cameras, 2,600 radiation substance detectors, check
license plate numbers, pull up crime reports and cross-check all
information against criminal and terrorist databases. Big Brother
has become America's new normal.
One area in which local government and private interests come
together involves automatic license plate recognition. In New
York and other cities through the country, LPR cameras are being
mounted on lampposts, bridges and police patrol cars and capture
images of license plates. These photos are a being shared with
the National Insurance Crime Bureau that represents hundreds of
insurance companies. Thus, private location data of U.S. citizens
are being acquired and shared with commercial entities without
their knowledge or consent.
#3 - Telecom, Web Sites & Internet "Apps" Companies
Rep. Markey disclosure revealed a lucrative scheme involving
the security state outsourcing data gathering to ten major
telecommunications companies, including AT&T, Verizon and
T-Mobile. These companies made million of dollars supplying law
enforcement agencies with personal telecom information.
However, a far bigger issue involves most of the major websites,
including Google, Facebook, Amazon and iTunes, that systematically
collect user data and commercializes it for corporate purposes;
the telecoms engage in the same practice.
Many web companies fulfill government requests for a user's personal
information, but Google is one of the few companies that publicly
reveal such requests. Most recently, it reported that during the
second-half of 2011, U.S. government agencies made 12,243 requests
and that it complied with 93 percent of them (11,386). This is
1,000 a month; what's going on?
Wireless devices are two-way technologies. In addition to uploaded
valuable personal data, wireless customers are sitting ducks for
downloaded junk. Most smartphone users are unaware that when they
download a "free" app they are downloading a Trojan horse.
According to a recent study by Lookout Mobile Security, more than
half of the free apps embed advertising in their offerings and
that these offerings are provided by ad networks. It estimates
that 5 percent of all smartphone apps (representing 80 million
downloads) are embedded with "aggressive" ad networks that can
change bookmark settings and deliver ads outside the app they are
embedded in. Games, and especially Google Play, had the highest rate
of ad placements. The data from all these apps are being collected,
analyzed and exploited for commercial gain.
#4 - Private Data Aggregators
Private sector tracking can be divided between three types of
companies. One consists of those companies that facilitate commercial
transactions, the ostensible bank like Visa or PayPal. A second
consists of the ad agencies (most notably Google) that capture
personal data through "click-throughs" and "cookies." Finally,
private data aggregators like ChoicePoint, Intelius, Lexis Nexis
and US Search Profile that collect personal data, repackage it
and offering it for sale. They acquire, slice & dice your personal
information as if they were running sausage factories - and your
personal life is the unlucky pig Together, they prove that nothing
private is secret: the whole world is watching!
These companies track one's every keystroke, every order and bill
payment one makes, every word and/or phrase in one's emails, even
one's every mobile movement through GPS tracking. Data capture
involves everything from your personal Social Security number,
phone calls, arrest record, credit card transactions and online
viewing preferences as well as your medical and insurance records
and even personal prescriptions.
The Constitution was adopted on September 17, 1787, and reserved
privacy to a citizen's person, home and property; the 4th Amendment
prohibits illegal search and seizure. In the intervening 225 years,
the notion of personal privacy has been radically transformed,
especially in light of technological advances and the globalization
of the marketplace. It was written in a pre-industrial, agrarian
era and informs decisions made in a post-modern world.
Today, the Supreme Court's 1967 decision, Katz v. U.S. (389 US 347),
is all but forgotten. It established a link between the modes of
telecommunication and personal privacy that illuminates today's
debate over the limits of privacy in the post-modern age.
In this case, Charles Katz used a public pay phone booth to place
illegal gambling bets. In writing for the majority, Justice Potter
Stewart noted, "One who occupies [a telephone booth], shuts the
door behind him, and pays the toll that permits him to place a
call is surely entitled to assume that the words he utters into
the mouthpiece will not be broadcast to the world."
Does someone making a call on a wireless device today have comparable
rights as someone in a phone booth a half-century ago? Are
the keystrokes an individual enters on a personal computer or a
smartphone equivalent to an old-fashion voice call? And what of the
personal information an individual provides to a 3rd party like a
credit-card company, insurance company and telephone, wireless and
Internet service provider?
The Katz decision was farsighted for the mid-20th century and one
can only hope that its insight will inform the debate over 21st
century digital technology and communications. More so, it serves
as an analogy for contemporary notions of social life and their
reasonable expectations of privacy.
However, war has long provided the rationale for the imposition
of state tyranny. World War I hysteria found expression in the
Espionage Act of 1917 and the Palmer Raids of 1920; World War II
hysteria resulted in the mass roundup and imprisonment of 120,000
Japanese and Japanese-Americans; the Cold War gave us anti-Communism.
One consequence of 9/11 is that Constitutionally protected
privacy rights have come under increasing threat from both private
corporations and government entities. These two domains, the private
and the state, traditionally function as separate, if not parallel,
worlds. Since 9/11, both domains have not only been very busy
collecting raw digital and other information on ordinary Americans,
but have increasingly joined forces.
In the marketplace of valued data, one's digital self (or selves)
is increasingly being sliced and diced, collated and repackaged,
as an ever more exact commodity. Nothing about a person's electronic
self, whether a credit-card purchase, parking ticket, GPS location,
medical record or viewing practices, is private.
The military-industrial complex formalized the fiction that separates
the corporate and the federal, serving as the revolving door for
deals mae and rewarded. A permanent militarized state is now engaged
in wars against "terrorists," good-old foreign cyber-espionage with
China, Iran, Russia and others, battles with criminal gangs, cyber
hackers (like Anonymous) and whistle-blowers. The same technologies
being employed to fight the war on terror internationally are being
imposed on Americans in their most private, personal lives.
The police-corporate surveillance "complex" is being consolidated,
drawing ever-closer corporate tracking and government
surveillance. These entities collect data sent from different
devices, that takes different forms and use different distribution
networks. Such devices include a phone or smartphone, PC or tablet;
they are separate from the network one employs, whether wireline,
wireless or cable; and are distinct from the type of information
one communicates, from email message, commercial transaction
and social network connection to video download and medical
records. Nevertheless, in our increasingly digitally mediated
universe, all 1s and 0s are alike.
Today, nearly all the personal data gathering that takes place does
so under one of two conditions. First, it is done by a consumer
under the "terms of use" required by a take-it-or-leave-it offer for
whatever service is offered (e.g., making a call, use of an iPhone,
doing a Google search, ordering a book through Amazon). Second,
it is ostensibly done "legally" by a law enforcement agency with
a court order (or without such legal niceties).
The line between the corporate and the government is eroding. There
seems to be a widening two-way street between law-enforcement
entities (both federal or local) and private companies over
information sharing. One form of working relation is ostensibly
passive, a fee for service arrangement, as when a telco provides
a user's GPS tracking data or Google supplies user data. The
information is provided when the company receives a court-approved
request. However, as the ACLU found, cordial relations between law
enforcement entities and telecoms often bypass legal niceties.
A second form of information sharing comes from the more traditional
out-sourcing deal, the apparent collusion between a federal
government agency and one of its former spymasters, former CIA
director Richard Helms. His Virginia-based company, Abraxas Corp.,
created TrapWire correlates video surveillance with other data,
including criminal and terrorist watch lists, facial recognition
profiles, license plate information, stolen vehicles reports and
other event data. It was acquired by San Diego-based, Cubic Corp.,
in 2010 for $124 million in cash.
A third form is the partnership, a for-profit venture between a local
government and a major corporation. Welcome to Domain Awareness
System in which the NYPD and Microsoft entered into a commercial
venture. A flurry of press releases and TV appearances promoted
the venture of Mayor Bloomberg 21st century capitalism. It would
be interesting to examine the final financial projections to see
what New York's rate-of-return would be given its estimated $30 to
$40 million investment.
Earlier this year, in Jones v. U.S., the Supreme Court ruled that
the police are required to get a warrant before attaching a Global
Position System (GPS) device a suspect's car. In its decision, the
Court rejected the Obama Justice Department's claim that citizens
have no expectation of privacy in public places. This decision
may provide the rationale for a redrawing of the lines protecting
privacy, communication and personal information.