Category Archives: Surveillance

Contractor receives $400K federal funds for automatic license plate reading

According to reporting by Bloomsberg News the IRS, the Forest Service and the U.S. Air Force’s Air Combat Command have awarded a contractor over $400,000 in contracts for its automated licence plate recognition (ALPR) system since 2009.

It’s not clear if the contracts to Vigilant Solutions are ongoing, given the context that Homeland Security dropped similar plans in February of this year following widespread opposition form civil liberties groups.

“Especially with the IRS, I don’t know why these agencies are getting access to this kind of information,” said Jennifer Lynch, a senior staff attorney with the Electronic Frontier Foundation, a San Francisco-based privacy-rights group. “These systems treat every single person in an area as if they’re under investigation for a crime — that is not the way our criminal justice system was set up or the way things work in a democratic society.”

Other countries (including the UK) have long had such systems in place.

If you go to the Vigilant website they have a long complaining blog post about the lies and distortions by civil liberties groups:

License plate readers are under siege nationwide, thanks to a well-funded, well-coordinated campaign launched by civil liberties groups seeking to take advantage of the growing national debate over surveillance. 

Unfortunately, the campaign led by the American Civil Liberties Union (ACLU) has deliberately clouded and even omitted those facts.

According to this article, Vigilant actually successfully used the First Amendment to overturn an anti license-plate recognition law in Utah:

Vigilant Solutions and DRN [Digital Recognition Network] sued the state of Utah on constitutional grounds, arguing that the law infringed on the First Amendment right to take photographs of public images in public places, a right that everyone in Utah shares.

The law was overturned, but Vigilant com,plains that state agencies were then barred from using any of the data collected, impacting their profits. They also complain about data retention limits.

What’s also interesting about companies such as this is that they illustrate the argument for understanding policing and military together (see this blog post by Derek Gregory for example).

Society & Space piece on security

My piece “Is Security Sustainable?” has just appeared in Environment and Planning D: Society and Space, Vol 31(4).

If you’re outside the academic fire curtain or don’t want to read the whole thing my basic question is whether  the security we have now is sustainable in the long run, and at what cost. Rather than taking a “all security is good security” approach I ask what our current security surveillant state is costing us in terms of:

–Dollar amount (estimates go as high as $1T per year);
–Physical and mental health (of those charged with enabling security such as PTSD and amputations, but also health of those “living under drones”);
–Environmental costs.

I argue we are very far from knowing the answers to these costs, or even of identifying consensual ways to measure them. The piece is part of an ongoing project, but was occasioned by the Edward Snowden news. 

Thanks to EPD for being interested in this and getting it out in so timely a fashion! Update: As Stuart notes below it is available on open access now!

“Collect it all”

Glenn Greenwald this morning identifies what he calls the “crux” of the NSA surveillance revelations: the desire to “collect it all.”

What this means is that instead of targeting, surveilling, collecting or storing information on individual suspects for whom there is “probable cause” (evidence), everybody’s information is collected; guilty and innocent alike.

As a matter of fact I agree that this is a crux of the story, although for anybody interested in the study of surveillance this is hardly news. It is useful and important that this is now a matter of public debate, however.

For those interested, Foucault argues that this switch from “discipline and punish” individuals to mass surveillance is characteristic of modern states, and gives rise to their characterization as the “surveillant society”) (eg., John Pickles wrote about his as long ago as 1991, see also the work of David Lyon).

I discuss this in my 2003 piece on geosurveillance (Downloads tab):

Prior to the legal reforms of the 18th and early 19th centuries, Foucault argued the law focused on the nature of the crime committed, the evidence of guilt or innocence, and the system of penalties to be applied. In other words: crime and punishment. The person of the criminal was important only insofar as he or she was the individual to which the crime would be attributed.

Foucault argued that a second system of power emerged in the early eighteenth century that regulated, counted, and surveilled the mass of people as a population. Foucault called this “biopolitics of the population” (Foucault 1978, p. 139) or, more simply, “biopower.”

Given the recent NSA story I think it is easier to see the crucial insight of biopolitics here. One could say that this mass surveillance is necessary because we are all a kind of “pre-criminal” (in the eyes of the state every person has a criminal potential) to some degree or other. Therefore, as I argued (Downloads tab) in 2007:

First, we need to stop seeing the issue as one of security and surveillance versus privacy or rights. Arguing about this or that surveillance technique misses the point that, both historically and today, surveillance is a core component of the modern state; that is, surveillance and geosurveillance are characteristic of certain types of political rule based on a politics of fear (Foucault [1975] 1977; Lyon 1994; Graham and Wood 2003).

 

Transparency and secrecy

I’d like to consider in more detail some papers published in Theory, Culture & Society last year. As I mentioned a couple of weeks ago, these papers represent some very interesting inroads into a better understanding of secrecy, transparency and ultimately perhaps even truth.

Clare Birchall’s article, which introduces the special section, makes some sensible suggestions already in her abstract:

Despite common demands to support either transparency or secrecy in political and moral terms, we live with the tension between these terms and its inherent contradictions daily.

She sets up the terms of the debate as opacity and openness, but goes on to say that “we must work with the tension between these terms” rather than choosing one or the other. There is a tension between them.

This is a good start, but we need to go even further. Obviously the relations between privacy, secrecy, transparency are not symmetric. We can know very little about the state, but it can know a great deal about us, as I’ve said many times before. This is to say only that there are power dynamics at work.

Some of her remarks about a perceived love of transparency, or at least transparency talk, are widely off the mark a year and a half later. “Open government is the new mantra” she writes, “a sign of cultural…authority” (pp. 8-9). Today, this reads like little more than government talking points, but even in 2012 (post sealed indictments against WikiLeaks and the imprisonment of Bradley Manning) they are more than a little optimistic. She does note that some Obama administration transparency efforts have been “compromised” but relegates this to a footnote instead of a central problem to be taken into account. Are there really “countless copycats” of WikiLeaks (p. 15)? I don’t think so.

Also optimistic is her partial history of transparency, at least in the US. Her examples (Woodrow Wilson’s Fourteen Points, FOIA, etc.) could all be rebutted by pointing out that often, these were hard won, partial concessions, and that they permitted many other activities to go on in secret. That is, these transparency moves are covers; a kind of secret themselves.

The most striking of these in recent years, for me, was what happened to the government’s transparency website, USAspending.gov. Unveiled with some fanfare at the tail end of the Bush administration, it was meant to provide a public, user-friendly and authoritative source to government spending on outsourced contracts. In fact, intelligence agencies almost immediately gained exemptions to it (including the NGA and NSA), while others (such as the NRO) just never took part in it. We tell the story of this a bit more in a forthcoming paper “The New Political Economy of Geographical Intelligence” for the Annals. Nowhere on the site does it mention any of this–you have to read obscure GAO documents, and CRS articles that are not directly released to the public.

(Ironically, I recently emailed the NGA press office to inquire if they were still exempt, but have not received a reply or even an acknowledgement. So much for transparency!)

Birchall argues, following Derrida, that the state is placed into an “infinite hesitation” in the face of transparency. It cannot be too transparent, because then it allows no room for personal privacy, and it cannot not be transparent because then it is also hegemonic and clandestine, if not covert.

But could the issue not be resolved by splitting apart the object of analysis and instead of arguing for all-or-none transparency, see citizens as in a relation with the state? To citizens go the choice of privacy-transparency, but to the state goes no choice but the requirement of transparency (and not just the state, but corporate actions).

Ah, but how much choice to the citizen? Well, that’s up for debate, but in my view it’s a better one that debating all-or-nothing transparency/privacy. Here I like what she has to say about the need to resist going “beyond” either term, and get used to inhabiting it strategically (p. 12). I think this is absolutely correct.

One thing to be mentioned here is the role of corporate America. If oversight of government activities is bad, try business, especially intel businesses. These often operate with even less transparency than government (what really does Booz Allen Hamilton do? That $15m intel contract–what’s it for?) As Birchall notes, this can give rise to “lip-service transparency” in the neoliberal context.

There are lots of provocative questions here, and it is surprising that more people have not considered the relations between secrecy, lies, truth, and transparency. (Birchall does give examples of these.) One angle that continues to intrigue, is that between secrecy and knowledge.

Isn’t it interesting that one of the great foundational stories of western religion is that of the tree of knowledge. This tree is forbidden because it has dangerous knowledge (not all transparency is good). So here we enter forbidden knowledges, arcana, Pandora’s Box, the occult, secret societies. The “will to knowledge” then, in Foucault’s words, becomes something both highly problematic and yet compelling.

So in some ways this could be read as another consideration of truth, and the difficulties of truth. Knowledge is about getting the truth. But I do think there’s still a lot to be worked through about secrets, and the relationships between knowledge and truth. I’m looking forward to reading the rest of the articles in the TCS special section.

Snowden’s flight, as it was tweeted

Snowden’s flight from Hong Kong, as it was tweeted. I sort through the mass of tweets so you don’t have to! Includes plenty of argument. Most recent at top.

https://twitter.com/WilliamsJon/status/348794144321318912

https://twitter.com/EllenBarryNYT/status/348790361696653312

Snowden interview–2 points

There are two points that stand out for me from the amazing Edward Snowden interview this morning in the Guardian. By the way, I cannot recall another occasion where  a “hunted” man (as someone put it on Twitter) was interviewed live–quite an awesome experience, and just a bit surreal to see it unfolding.

Anyway, here’s the first quote:

The consent of the governed is not consent if it is not informed.

Snowden refers here to the idea that we-the-people give our consent to be governed, which comes from the US Declaration of Independence. Snowden distinguishes between generic consent and a specific “informed consent.” This is the phrase that is used in scientific research when researching with human subjects. The consent must be informed, and furthermore, the consent can be withdrawn at any time.

The other quote that struck me:

The US Person / foreigner distinction is not a reasonable substitute for individualized suspicion…

What he’s saying here is that there is a huge difference between a specific, targeted and individualized suspicion that could give grounds for surveillance and a mass surveillance of people based on a “US person/not US person” division. Especially as the latter is easily shown to be nonsensical. You might think that Snowden is against all surveillance or for the abolition of the NSA, etc. but clearly he is not. Worth remembering.

Jeremy Crampton – The Costs of Security

Jeremy:

“The Costs of Security.” My new piece at the Society & Space open access site. Thanks to Stuart Elden and the editors at EPD for their interest in this, as well as the longer version coming out in the print journal.

Originally posted on Society and Space - Environment and Planning D:

Jeremy W. Crampton discusses recent developments around security, surveillance and the state. This is a shorter version of a commentary forthcoming in Society & Space, Vol 31 No 4, entitled “Is Security Sustainable?” [Update: now available open access here] Jeremy also runs the Open Geography site where he discusses a range of related questions, as well as his long-standing interests in cartography, Foucault, and other geographical issues. 

Addendum: Crampton has added further thoughts at his site Open Geographies since Snowden’s online interview today at the Guardian site. –eds.

The recent revelations in the Guardian by Glenn Greenwald and his colleagues about the mass surveillance operations of the US intelligence community (IC) have brought unusual attention to government activities that typically operate in conditions of extreme secrecy.

There’s more to come—Greenwald has promised further stories on the National Security Agency (NSA). Amidst all the revelations and the speculation, however, we…

View original 33 more words

Is a secret a lie?

Is a secret a lie? That is, in and of itself, are secrets lies?

This thought was engendered by the events of the last week about previously classified court orders and data mining programs at the NSA, and the larger world of classified activities.

In “history of the lie” Derrida states that a lie is not an error. You can be in error about something, mistaken about it (“why did you miss the meeting at 1pm?”, “oh I thought we were meeting at 2pm“) without lying. As he also says, one does not lie simply by saying something that is false, as long as “one believes in good faith in the truth of what one believes” (p. 31).

Instead, “to lie is to want to deceive the other, sometimes even by saying what is true” (31). Is that what a secret does? A secret withholds, it withholds the “whole truth” in the first instance, and so deceives. And it might also be deceptive in the sense that it says “there are no secrets here,” as the Verizon FISA Court Order says, you cannot tell of this secret order. You cannot tell of the fact of, this order, nor may you tell of the content of, this order. Not all secrets do that. Sometimes you may tell of the fact of, a secret. the “fact of” Prism was not a secret. But for it to be a secret you can never tell of the content of, a secret. What Prism does, is a secret (and very contested between the tech companies and some interpretations of media reports).

So yes, secrets do seem inherently to be lies, and in a double or triple sense. They don’t tell the whole truth (they withhold, and sometimes even doubly withhold that they are withholding), and secondly they “want to deceive,” which is the definition of a lie, according to Derrida.

Update: In the intelligence world, there’s a related distinction that is often made, between “covert” operations (ops) and “clandestine” ones. Covert ops are deniable by their sponsor. They hide the “fact of” a secret activity or mission (eg., by providing innocuous cover story for an agent). You may see something, but not know it’s a secret. Clandestine means the ops are hidden, but if they were to be observed, could not necessarily be denied. Clearly, covert ops are the “double secret” whereas clandestine are merely the ordinary secret.

In our context, Prism was an ordinary secret, what it does is unknown. The FISA court order to Verizon, however (and National Security Letters, NSLs) is covert, in the sense of having this double layer of secrecy (a recipient would be legally obliged to say they had not received one). /update

There’s a lot more to be said about secrecy than this, for example this special section of the journal Theory, Culture & Society from 2011 begins to critique secrecy’s supposed opposite, transparency. I am all for questioning the limits of transparency, but feel we still have some way to thinking through secrecy just yet. Perhaps more on this later.

New information on Prism

I didn’t say much about Prism in my post yesterday as it didn’t seem quite as clear as the Verizon court order. (Compare the two here.) Additionally, the complete slideset was not posed by the Guardian, unlike the Verizon court order. We now have some additional information. (Update: The Guardian has now published a single additional slide.)

First, the program obviously exists. See this job ad requiring expertise in it, and this datasheet from Cryptome indicating its use since 2003; and this senior intel officer’s online resume at LinkedIn mentioning Prism expertise.Capture

I did think it odd that it was only funded at $20m. My guess right now based on additional reporting by Declan McCullagh, Chief Political Correspondent at CNET, is that it is software that facilitates data extraction/interface with the named companies. Additionally, Marc Ambinder, who I mentioned in my post, says “PRISM is a kick-ass GUI that allows an analyst to look at, collate, monitor, and cross-check different data types provided to the NSA from internet companies located inside the United States.”

It obviously works within the law, but if we accept tech company pronouncements, does not provide the sort of continuous “direct access” to company servers that has been discussed. The “fact of” Prisms’ existence is not classified, but what it does, is. McCullagh’s argument that “Prism is an unclassified web tool” is completely misleading.

Nevertheless, these are really a technical clarifications. The main points remain, I think:

1. Tech companies work with the government/NSA within the law to provide user data. We should still be concerned , even if this is just one small part of US surveillance. Most immediately, we need to rethink the law, especially FISA and the Patriot Act. Do not pay attention to tech company pronouncements that they operate within the law. No one said otherwise. But that’s the problem.

2. The government can obtain access to user records from these companies. Saying that it is overseen by the FISA Court is irrelevant–who’s going to appeal? The Court’s deliberations are secret. And if you did appeal, good luck: the Supreme Court recently refused to hear an appeal by Amnesty International because they “lack standing” ie don’t know for a fact that they were affected by the law. And as McCullagh concedes “How much oversight and review the Foreign Intelligence Surveillance Court actually provides is less than clear.”

3. The amount of data collected is still considerable. Consider this scenario laid out by Ambinder:

Under the FISA Amendments Act of 2008, the NSA and the attorney general apply for an order allowing them to access a slice of the stuff that a company like Facebook keeps on its servers. Maybe this order is for all Facebook accounts opened up in Abbottabad, Pakistan. Maybe there are 50 of them. Facebook gets this order.

Now, these accounts are being updated in real-time. So Facebook somehow creates a mirror of the slice of stuff that only the NSA can access. The selected/court-ordered accounts are updated in real-time on both the Facebook server and the mirrored server. PRISM is the tool that puts this all together. Facebook has no idea what the NSA is doing with the data, and the NSA doesn’t tell them.

The companies came online at different points, according to the documents we’ve seen, maybe because some of them were reluctant to provide their data and others had to find a way to standardize their data in a way that PRISM could understand. Alternatively, perhaps PRISM updates itself regularly and is able to accept more and more types of inputs.

What makes PRISM interesting to us is that it seems to be the ONLY system that the NSA uses to collect/analyze non-telephonic non-analog data stored on American servers but updated and controlled and “owned” by users overseas. It is a domestic collection platform USED for foreign intelligence collection. It is of course hard to view a Facebook account in isolation and not incidentally come into contact with an account that is owned by an American. I assume that a bunch of us have Pakistani Facebook friends. If the NSA is collecting on that account, and I were to initiate a Facebook chat, the NSA would suck up my chat. Supposedly, the PRISM system would flag this as an incidental overcollect and delete it from the analyst’s workspace. Because the internet is a really complicated series of tubes, though, this doesn’t always happen. And so the analyst must sometimes “physically” segregate the U.S. person’s data.

The top 3 myths about the recent surveillance revelations

The recent–and still ongoing–revelations in the Guardian by their columnist Glenn Greenwald and his colleagues have already given rise to a number of dismissive myths.

Here are three of them, and my responses.

1. “It’s nothing new. We’ve known about this for a long time.”

For example, Senator Chambliss, ranking member of the Senate Intelligence Committee: “Everyone’s been aware of it for years.”

This is a common human reaction to any information that is presented as being important. It’s healthy and reflects a critical attitude. You may remember  similar responses to the WikiLeaks cables. But the latter turned out to be incredibly useful. So it’s worth recognizing what is new here, and what we’ve already known. (And there is a difference between “known” in the sense of known as a undisputed fact and “suspected.”)

In 2005 the New York Times revealed (after sitting on the story until George Bush was re-elected) that the NSA had been performing “warrantless wiretaps” in a program known as “Stellar Wind.” The story was reported by James Risen and Eric Lichtblau (see super-useful EFF timeline here) who later won a Pulitzer prize for their reporting. This was–and remains–genuinely new information, not least because it was not something rogue going on, but was done under the full direction of the Bush White House. It was a central plank in liberals’ opposition to Bush’s war on terror as it applied domestically (the Iraq war was the other, as it applied overseas). Risen was subpoenaed twice by the government as part of their still-ongoing investigation into one of his alleged sources (Jeffrey Sterling, a former CIA employee) for a separate story (see case files here).

When President Obama took office he reportedly closed down this program. But note that it refers to “warrantless” wiretapping, or interception. What if you could get access without needing a warrant? And do so legally? This is, in large part, what is significant about the recent revelations. Yes, Sens. Udall and Wyden have been trying to publicly put on record information about this, as the latter tweeted yesterday:

But now this is confirmed by the Guardian’s Verizon story, rather than hinted or speculated at. So what is new is that we now know that:

The Guardian for the first time published an actual FISA Court order. This order revealed that the US is collecting information (specifically, metadata) on all communications by customers, both foreign and domestic, of the country’s biggest telecom provider. Specifically, Verizon’s business customers. Senator Feinstein, who is on the Senate Intelligence Oversight Committee, said in a press conference on June 6, 2013, that as far as she was aware this was a routine 3-month extension of a program going back at least to 2006.

It was previously speculated or thought that this was going on (eg., see this USAToday story from 2006). But now we know.

As recently as March, 2013, DNI Director Clapper, when asked a direct question on whether the US was collecting information on millions of Americans, said “no.” Glenn Greenwald directly called this a “lie” on “Democracy Now” this morning.

Second, the Guardian and the Washington Post both revealed the existence of another program, known as Prism, that collects the actual content of communications from Yahoo, Google, Apple, Facebook and so on, of people (including Americans) overseas. According to the document, which the Guardian has authenticated, the NSA has had “direct access” into the servers of these companies on an ongoing basis since 2007.

2. “It’s just metadata, not content.”

This is a serious misunderstanding. The secret FISA court order published by the Guardian gives the FBI and the NSA access to all “transactional metadata” which defenders of the program immediately characterized as akin to reading the outside of an envelope, rather than your letter inside. But to conclude that your personal privacy has not been violated is to be ignorant of what you can do with metadata. Note that the metadata  includes phone numbers, location, length of the call, and who called who. From this, it is easy enough to build a pretty complete picture of what’s going on (and it may therefore be even more valuable than the actual content!). After all, according to the Wall Street Journal, it was metadata that revealed former CIA Director GEN. David Petraeus’ affair with his Mistress Paula Broadwell. Investigators were able to note her location and contacts in order to build a case against her before reading any of her messages’ content. Investigators then used the metadata as probable cause to obtain a warrant to read her emails, which led them to Petraeus. It is in the nature of “big data” that it can be extensively mined for significant patterns and findings, and can be leveraged against ancillary data (Crampton et al. 2013).

Locational metadata is by itself a critical insight into activity. Indeed there is a whole field of intelligence analysis known as Activity-based Intelligence” or ABI, that is a key part of intelligence, including geographical intelligence (GEOINT) that relies on geolocational data. A recent paper (pdf) by a joint team of investigators from MIT, Harvard and Louvain recently showed that they could uniquely identify an individual 95 percent of the time from a large, anonymized dataset, knowing just four pieces of metadata. So if I know where you are just four times, I can almost certainly uniquely identify you even if personal identifiers are stripped (as there are not in the Verizon order). Then I can track you, see who you interact with, for how long, and build a pretty good picture that will at least get me a subpoena (which, remember, requires less evidence than a warrant).

Also note that metadata are deemed by US law to have been “given” by you to a third party and so are not subject to warrant having probable cause (a la the Fourth Amendment) but only a subpoena, which is much easier to get.

3. “The leaks (and the leakers) threaten legal, approved measures that are designed to ensure the safety of Americans. We should prosecute/investigate/stop leakers.”

For example, during the same press conference yesterday, Sen. Feinstein was asked if the Verizon leak should be investigated. She replied “Yes, I think so” (video).

There are several points to be made here. First, it is part of the problem, not the solution, that these programs (Verizon and PRISM, as well as others we sometimes hear about, such as “Ragtime” a codename revealed in Marc Ambinder’s book, Deep State) operate within the law. It indicates that the laws are wrong, overbroad, and unconstitutional. This includes the Patriot Act.

Second, to say that “Congress in fully briefed” as both President Obama and Sen. Feinstein did, is irrelevant and untrue. Only a very small group of Senators (typically either the “Gang of Four” [CRS pdf], or “Gang of Eight” [CRS pdf]) get anything like regular national security/intel briefings (there was a separate one yesterday, to 27 interested Senators), but, since they can’t tell the public what’s going on, and Intelligence committees rarely hold publicly accessible meetings, this is not much good to US citizens, nor even to other Senators and Congressmen and women not included.

To the point that these leaks damage operational programs and even cost lives, and therefore we need to investigate and prosecute leakers. First, there is a deficit of publicly available information that would provide a basis for a conversation about these matters. Second, according to one (fully briefed) Senator, Ron Wyden, who is on the intelligence committee, he said yesterday regarding this blanket surveillance that “Based on several years of oversight, I believe that its value and effectiveness remain unclear.”

Third, the investigation of leakers is not only wrong but counter-productive. These “leakers” are not acting for financial gain (just think how much money Bradley Manning could have made, or how much Thomas Drake has lost) but as whistleblowers. Whistleblowing, which candidate Obama praised in 2008, is an act carried out to alert to government waste, inefficiencies, or malfeasance.  Prosecutions of these whistleblowers, especially under the World War I-era Espionage Act ( a favorite of the Obama administration) will suppress future whistleblowers and hence the public’s ability to know about government waste, fraud and mismanagement.

These are my top 3 myths. There are others, and feel free to add your own.