• China vs. U.S.: Privacy for Whom?

    September 13, 2022 // 3 Comments »

    The New York Times ran an article on the use of surveillance tech in China. One wishes they would do the same for the U.S.

    The NYT article came to some scary conclusions about autocratic China. Chinese authorities implement facial recognition tech everywhere they can, the police seek to connect electronic activity (making a call) to physical location, biometric information such as fingerprint and DNA is collected on a mass scale, and the government wants to tie together all of this data to build comprehensive profiles on troublesome citizens. The latter is the Holy Grail of surveillance, a single source to know all there is known about a person.

    Should the Times (or China) wish to expand its review of invasive government surveillance technology, particularly those technologies which integrate multiple systems, it need look no further than its hometown police force, the NYPD, and data aggregated into the little-known Consular Consolidated Database (CCD) by the U.S. State Department.

    Prior to 2021, when the New York City Council passed the Public Oversight of Surveillance Technology (POST) Act, citizens were left to piece together the various technologies used to surveil them based on scattered media reports. We know now the NYPD deploys facial recognition surveillance (and can retroactively employ facial recognition against video saved from one of 20,000 cameras), x-ray vansStingraysShotSpotters, and drones, among others, equipment all originally deployed in the Iraq and Afghan wars. But we still don’t know how many of these technologies are used in coordination with each other, and, as in China, that is the key to understanding their real effectiveness.

    POST reporting and other sources offer some clues. The NYPD uses the smartphone-based Domain Awareness System (DAS), “one of the world’s largest networks of cameras, license plate readers, and radiological censors,” all created by Microsoft with video analytics by IBM. DAS also utilizes auto­mated license plate read­er (ALPRs) devices attached to police cars or fixed on poles to capture the license plates of all cars passing by. ALPRs can also capture photo­graphs of cars, along with photos of the driver and passen­gers. This inform­a­tion is uploaded to a data­base where it can be analyzed to study move­ments, asso­ci­ations, and rela­tion­ships. Facial Iden­ti­fic­a­tion can then run photos, includ­ing from data­bases of arrest photos, juven­ile arrest photos of chil­dren as young as 11, and photos connec­ted to handgun permits. The system analyzes an image against those data­bases and gener­ates poten­tial matches in real-time.

    Included in DAS is a translator application which helps officers communicate with community members who do not speak English, while of course also recording and storing their remarks. DAS ties in to ShotSpotter, a technology developed for the Iraq War which pinpoints the sound of gunfire with real-time locations, even when no one calls 911. This technology triangulates where a shooting occurred and alerts police officers to the scene, letting them know relevant information, including the number of shots fired, if the shooter was moving at the time of the incident (e.g., in a vehicle), and the direction of the shooter’s movement. DNA data can also be accessed, so wide-spread collection is a must. One area of activity outlined in Chief of Detect­ives Memo #17 instruc­ts on how to collect “aban­doned” DNA samples from objects such as water bottles, gum, and apple cores. For example, police officers are taught to wait for the suspect to take a drink or smoke, and collect the sample once a suspect throws the cup or butt away.

    What is deployed in New York to aggregate sensor and bio data (including social media monitoring and cell phone locator services, which when tied to facial recognition can identify individuals, say who attend a protest, visit an AIDs clinic, etc.) will no doubt be coming soon to your town as the weapons of war all come home. The next step would be to tie together cities into regional and then state-wide networks. The extent to which inform­a­tion obtained from DAS is shared with federal agen­cies, such as immig­ra­tion author­it­ies, remains unknown. What we do know is the phrase “reasonable expectation of privacy” needs some updating.

    Perhaps the largest known data aggregator within the Federal government is the innocent-sounding Consular Consolidated Database (CCD) administered by the U.S. Department of State. Originally a simple database created in the 1990s to track visa and passport issuances, the CCD is now one of the largest global databases of personal information, growing at a rate of some 35,000 records a day. The system collects data from both foreign visa applicants and American citizens to include but not limited to imagery for use with facial recognition, biometric data such as ten-fingerprint samples, home/business addresses, phone numbers, email addresses, financial information, race, gender, social security and alien registration numbers, passport information, certain Federal benefits, medical information, legal information, education information, family information, travel history, arrests and convictions, and social media indicators.

    The CCD is especially valuable in that it is a database of databases, pulling together information collected elsewhere including abroad, as well as from some commercial databases and public records, and making the aggregate available both for individual search by identifiers like name, social security number or facial recognition, but also for very large scale analytic searches to identify patterns and trends. This massive pool of data is then made accessible to the Department of Homeland Security, Department of Commerce, Department of Defense, Department of Justice, Office of Personnel Management, Federal Bureau of Investigation, and “other interagency partners” to include potentially intelligence services. In addition to the State Department, information is regularly input into the CCD by the FBI, the Integrated Automated Fingerprint Identification System, DEA, ICE, IRS, DOD, Treasury, Health and Human Services (HHS), DHS, Interpol, and U.S. Marshal Service (USMS.)

    Numbers of records held by CCD are not available, with the last public tallies documented in 2016 showing 290 million passport records on American citizens, 25 million records pertaining to American citizens living abroad, 184 million visa records of foreigners, and over 75 million photographs. Some 35,000 records are added to the CCD daily, so do the math given the existing tallies are up to 13 years old. As a point of comparison, Google’s database of landmark photos holds only five million records. The Library of Congress database lists 29 million books.

    The New York Times article about surveillance in China is scary, showing what a vast, interconnected system is capable of doing in exposing a person’s life to scrutiny. The Chinese authorities are, however, realistic about their technological limitations. According to one bidding document, the Ministry of Public Security, China’s top police agency, believed one of their biggest problems was data had not been centralized. That Chinese problem appears well on its way to resolution inside the United States, and that is also quite scary.

    Related Articles:

    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, NSA, Other Ideas, Post-Constitution America

    Technology and the End of Privacy

    June 5, 2014 // 2 Comments »

    The self-created end of privacy in the United States was brought about as much by technology as desire. Those who claim there is little new here — the government read the mail of and wiretapped the calls and conversations of Americans under COINTELPRO from 1956 to at least 1971 – do not understand the impact of technology.

    Technology now being employed by the NSA and others inside the U.S. has never before existed, in scale, scope or sheer efficiency. Size matters. We are the first people in history to deal with this threat to privacy. Avoiding even the majority of encroaching digitalization essentially means withdrawing from society.

    The spying and compiling of information on innocent Americans by J. Edgar Hoover’s low-tech FBI is well-known; files, recordings and photos secretly obtained exposed the lives of civil rights leaders, popular musicians and antiwar protesters. You will likely think of additional examples, or they’ll be in the next batch of Snowden documents. However, four key advances in tech have changed everything between J. Edgar Hoover’s time and J. Edgar Holder’s:

    More Information from Increasingly Digital Lives

    More and more of Americans’ lives are now digital than ever before, from banking to travel to cell phones to social media.

    Where once the NSA was limited to traditional notions of communication, the written and spoken word, it is now known that images, photos and video are being collected and subject to facial recognition technology that automatically matches those to the traditional communications also collected, literally putting a face to a name. Facial recognition tech, even as employed today at casinos, can pick out a known person from a crowd. It can account for age, changes in facial hair, glasses, hats and the like.

    An off-shoot of facial recognition is the broad category of biometrics, the use of traits unique to a person, to identify someone. These can be anything from the prosaic fingerprint to cutting-edge DNA records and iris scans. This is also big business, and now has its own trade association in Washington, DC. One of the world’s largest (known) collections of biometric data is held by the Department of State. As of December 2009, it’s Consular Consolidated Database (CCD) contained over 75 million photographs of Americans and foreigners and has a current growth rate of approximately 35,000 records per day. CCD also collects the fingerprints of all foreigners issued visas.

    Collect it All, Store it Forever

    NSA and others have created powerful tools that can gather and store this data, with the promise of gathering and storing everything. Data storage is cheap and more constrained today by the availability of electricity and water to cool the electronics than anything else. The possibility of quantum storage in the near future only suggests holding more data longer will be easier and cheaper. How much? NSA whistleblower Bill Binney stated in a lecture that the 80th FISA court general warrant of 2013 alone required Verizon to turn over an unknown number of records on 100 million people.

    Aggregate What You Collect

    Where once data was kept in paper files stuffed into cabinets in isolated offices, then in digital form by a variety of agencies in multiple formats, technology today permits combined mega-databases, where information from license plate readers, wiretaps and library book choices can be aggregated and easily shared. Basically everything about a person, gathered worldwide by various agencies and means, can be easily put into a single “file.”

    Interesting side point: NSA analysts snoop into old girlfriends’ and boyfriends’ data so frequently that it has it’s own internal slang term: Love-INT (INT being “intelligence.”)

    Eliminate the Human Link– Analysis

    Emerging technologies grow more and grow capable of analyzing this Big Data. Some are even available to the public, off-the-shelf, such as IBM’s Non-Obvious Relationship Awareness (NORA, also known as IBM Relationship Resolution) software. NORA scans multiple databases (for example, geolocation info from license plate readers and social media friends) and recognizes relationships that may not be obvious at first glance. More importantly, it is fast and automated.

    The Secret Service is seeking contractors to create new software to monitor social media. One key feature sought is the “Ability to detect sarcasm and false positives.” The ever-growing amount of social media content being gathered defies human monitoring. The new software would sort potential serious threat Tweets such “I will kill the president in Dallas tomorrow” from online rants like “IMHO Obama sux, somebody should do something bout dat. LOL” The Secret Service adds that the ability to detect sarcasm and false positives is just one of 18 things they scan for in social media.

    Machine tools such as NORA are removing the last hurdle to the NSA knowing nearly everything, the need for trained humans in vast numbers to match the vast data haul, to “connect the dots.” In addition to efficiency, machines offer the NSA other advantages. They don’t have consciences, and they don’t blow the whistle.

    BONUS: An interesting side point to the pervasiveness of surveillance: the possibility of a new elite, those who through their relationship with the government or through enormous expenditures on personal countermeasures, can maintain privacy. It seems likely that, for example, the head of the NSA could exempt himself from his organization’s own surveillance (as David Petraeus learned, the head of the CIA clearly enjoys no such exemption.) As celebrities buy private islands and use private jets to live apart from the real world, they may be able to purchase technology to enjoy more privacy than the rest of us. A new 1%.

    Related Articles:

    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, NSA, Other Ideas, Post-Constitution America