Category Archives: Surveillance

AAG 2018 Session and Panel on Anxious/Desiring Geographies

Along with Mikko Joronen (University of Tampere, Finland) and Nick Robinson (Royal Holloway) I’m very pleased and excited to announce two complementary sessions at next year’s AAG meetings on “Anxious/Desiring Geographies.” (See our CFP here.)

There will be a paper session and a panel session.


Paper presenters (abstracts below)

Pawan Singh (Deakin University) “Anxious to not be Identified in the Age of Social Media: Data Privacy and Visibility in Postcolonial India.

Keith Harris (University of Washington) “The schizo and the city: mapping desiring-geographies.”

Banu Gokariksel (University of North Carolina, Chapel Hill) and Anna J. Secor (University of Kentucky) “Ethical encounters, anxious antagonisms: The emergence of Alevi-Sunni difference in Turkey.

Laura McKinley (York University) “Canada 150 Discovery Pass; Anxiety, Desire and the Structure of Settler-Colonial Attachments to the Land.”

David B. Clarke (Swansea University) and Marcus Doel (Swansea University) “The Other is Not Enough: Becoming Afraid, Being Anxious, and Antiphilosophy in Book X of the Seminar of Jacques Lacan.”

(Chair: Mikko Joronen)

(Organizers: Jeremy Crampton, Mikko Joronen, and Nick Robinson)


Panel participants

Anna J. Secor (University of Kentucky)

Mikko Joronen (SPARG, Finland)

Sarah Moore (University of Wisconsin – Madison)

Felicity Callard (Birkbeck, University of London)

Paul Kingsbury (Simon Faser University)

(Chair: Jeremy Crampton).

(Organizers: Jeremy Crampton, Mikko Joronen and Nick Robinson)

We think these are two very exciting line-ups!

Read on! Continue reading

Advertisements

cfp AAG 2018: Anxious/Desiring Geographies

Call for Papers: “Anxious/Desiring geographies.”

Sponsored by the AAG Digital Geography Specialty Group and the Political Geography Specialty Group.
AAG Annual Conference New Orleans April 10-14, 2018

Organizers: Jeremy W. Crampton (Kentucky, USA), Nick Robinson (RHUL, UK), Mikko Joronen (Tampere, Finland).

At this political moment we seem beset by anxieties from every direction. Automation is identified as an existential threat to jobs. Vulnerabilities from political violence increase anxieties of the subaltern. Climate change and the inauguration of the Anthropocene threaten our wellbeing. Nast (2017) credits the financial crisis with being “psychically traumatic.”

At least since Gregory’s identification of the inadequacy of representation, which he dubbed “cartographic anxiety” (Gregory, 1994), geographers have meaningfully contributed to understandings of the affective politics of anxiety. Attention has been paid to a geopolitics of fear that is experienced on both an everyday and global level (Pain and Smith, 2008), and to sexual desires and identities (Bell and Valentine, 1995). Brown and Knopp (2016) identified a biopolitics of the state’s anxieties in the governance of the gay bar.

In this session we seek papers that deepen our geographical understandings of anxiety, desire and/or the possible relationship(s) between them.

Is anxiety a mental disease that can be diagnosed and treated (APA, 2013), founded on lack, or can it be deployed more positively (Robbins and Moore, 2012)? Is anxiety the only affect that does not deceive (Lacan, 2014)? What is the relation between anxiety, desire and place? What might a politics of locationally affective resistance look like (Griffiths, 2017)? How is desire productive of spaces? How do anxiety and desire circulate and relate to subjectivities and the material body? Are there particular places and spaces that are invested in anxiety or desire, and what is the lived experience there?

Topics that address these questions include but are not limited to:

  • Places of anxiety and desire
  • Surveillance anxiety (eg., geosurveillance, automated facial recognition)
  • Automation anxiety and desires
  • The affective politics of policing
  • Living in code/space & the smart city and becoming the data subject
  • Everyday anxieties
  • The biopolitics of anxiety and desire
  • The anxious/desiring/desired body
  • Affective resistances
  • Governing through desire
  • Anxieties from political violence
  • Affective relations of anxiety/desire to pain, grief, worry or fear

 

Please send a title and abstract of 250 words to jcrampton@uky.edu, nicholas.Robinson.2014@live.rhul.ac.uk, and Mikko Joronen mikko.joronen@uta.fi by October 15th.
References

American Psychiatric Association. 2013 Diagnostic and Statistical Manual of Mental Disorders, Fifth Edition (DSM-5). Arlington, VA: American Psychiatric Association.

Bell, D. and Valentine, G. Mapping Desire: Geographies of Sexualities. London: Routledge.

Brown, M. & L. Knopp. 2016. Sex, drink, and state anxieties: governance through the gay bar. Social & Cultural Geography, 17, pp. 335-358.

Gregory, D. 1994. Geographical Imaginations. Cambridge, MA: Blackwell.

Griffiths, M. (2017) Hope in Hebron: The political affects of activism in a strangled city. Antipode, 49, 617-635.

Lacan, J. 2014. Anxiety. Seminar Book X. Cambridge: Polity Press.

Nast, H. J. (2017) Into the arms of dolls: Japan’s declining fertility rates, the 1990s financial crisis and the (maternal) comforts of the posthuman. Social & Cultural Geography, 18, 758-785.

Pain, R. and Smith, S. (Eds) 2008. Fear: Critical Geopolitics and Everyday Life. Aldershot: Ashgate.

Robbins, P. and Moore, S.A. 2012. Ecological anxiety disorder: diagnosing the politics of the Anthropocene. cultural geographies, 20(1) 3–19.

Sioh, M. 2014. A small narrow space: postcolonial territorialization and the libidinal economy. In P. Kingsbury and S. Pile (Eds), Psychoanalytic Geographies. Farnham, Surrey: Ashgate.

0415anxiety-tmagArticle

Talk at Colgate University on Big Data

Today I’m giving a talk at Colgate University, in New York. It was a bit of toss-up if the weather would allow me to get here (snow and flight cancellations), but thankfully I’m here safely.

My talk is entitled “Big Data Narratives: Surveillance and Privacy in the Age of the Algorithm.”

Thanks to my hosts Peter Scull, Adam Burnett and the geography department. The talk is made possible by the Dennis Fund endowed lecture series in the social sciences at Colgate.

PS: small historical note. Colgate was the place Peter Gould was evacuated to during WWII when he was a child.

Steven Aftergood reviews Black Box Society in Nature

Review of Frank Pasquale’s The Black Box Society by Steven Aftergood (who runs the Secrecy News blog) in Nature.

Everyone who uses the Internet for entertainment, education, news or commerce is implicated in a web of data collection whose breadth surpasses ordinary awareness.

Last May, a US Senate investigation reported that a single visit to a popular tabloid-news website triggered activity on more than 350 other web servers. Most of those contacts, including delivery of advertisements, are likely to be benign. But they typically deposit a software ‘cookie’ on the visitor’s computer; these enable the identification and tracking of visitors, generating digital profiles of their interests and patterns of online behaviour.

Continues here.

Crypto-geographies and the Internet of Things

Secret codes have long fascinated people. According to Secret History, a new history of cryptology by Craig Bauer, who was Scholar-In-Residence at the NSA Center for Cryptologic History in 2011-12, cryptography predates the Greeks. Many of these ciphers were relatively simple by today’s standards, involving either transposition or substitution (respectively systems where the letters are moved but not replaced, and where the letters are replaced, eg., A is replaced by Z, etc).

The now fairly well-known Enigma machine, deciphered by British scientists at Bletchley Park (and the subject of many books and a couple of movies) is pictured above. This was a German system of ciphering, used by the German Nazi regime during WWII. Less well-known (but undeservedly so) are the decryptions by the NSA and its predecessor group (The US Army Signals Intelligence Service located at Arlington Hall, a former girl’s school in Virginia) of the so-called Venona traffic. Venona refers to the project to decrypt Soviet diplomatic communications with its agents in the USA and elsewhere. These encrypted messages often referred to codenames of American spies working for the Soviets during the war. With the help of investigations by the FBI the US government was able to identify many of these people, based on the partial decryptions. According to the NSA and most (but not all) historians, these included Julius and Ethel Rosenberg, Klaus Fuchs, and several serving OSS personnel.

The Soviets were tipped off to the fact that the US was decrypting their messages (probably by Kim Philby, the British spy who was posted to the US for a time), and stopped using their one-time encryption pads. Nevertheless the project to decrypt the messages continued until the early 1980s, eventually yielding about 2,900 partially decrypted messages. They remained a closely guarded secret long after their operational worth had dwindled, and it was only with the publication in 1987 of Spycatcher, by Peter Wright, a former British intelligence officer, that the project was referred to by its codename in public. (Publication of Spycatcher was embargoed by Margaret Thatcher’s government in the UK, but Wright succeeded in publishing it in Australia anyway.)

Some terms: “Cryptography” is the science (and art) of creating ciphers. “Cryptanalysis” is the effort of deciphering them without the key. “Cryptology” is both of these, to include the assessment of the security of a cipher, comparing ciphers and so on. The words are Greek from kryptos (κρυπτός) meaning hidden, secret.

Is there such a thing as cryptologic geographies? If not, could there be, and of what would it consist? In other words, are there (non-trivial) geographies of encryption? Here are some ideas.

One of my earliest ideas of this was a geography of https, the secure version of web-browsing (now coming into vogue but still greatly variable). The New York Times recently laid down a challenge to make https default by the end of 2015 if other media companies would do the same. This is non-trivial, because if encrypted messages are more secure than non-encrypted ones, then the latter will reveal weaknesses in the internet. These weaknesses could be exploited. Second, if you are sending emails and other communications over the internet in non-encrypted form, then this is easier for governments to intercept and monitor.

And this is not just to do with messages you write, but also other parts of the personal datastream. For example, your location. What if you could record, but encrypt your geolocation to take advantage of services offered by apps (eg Google Maps) in such a way that they could not be intercepted, decrypted and exploited by third parties (including the government)? Would this mean that the web and internet would “go dark” as officials warn? And would criminals and terrorists be afforded protection in those dark spaces? That was certainly the message of the Attorney General and the FBI Director a few days ago in response to plans by Apple and Google to implement better encryption. AG Holder:

said quick access to phone data can help law enforcement officers find and protect victims, such as those targeted by kidnappers and sexual predators.

Justice Department officials said Holder is merely asking for cooperation from the companies at this time.

And how universal would this advantage to users, potential criminals and law enforcement be? And would those places where one of these had an advantage necessarily overlap with the others? That is, what would be the differential access to encryption from place to place or group to group–a digital divide of encryption?

Is there a political economy of encryption? Who are the companies and individuals working on encryption in the commercial sector? To what extent is there movement between the private and public sectors of both cryptology expertise and personnel? Further, to what extent is there better crypotography in the government and intelligence community than there is in the commercial sector? What are the implications of allowing backdoors to encryption algorithms that can “only” be broken by the government but not by third parties? (I’m thinking here of the well-known proposal in the 1990s for the “Clipper Chip” which allowed just such a backdoor for the NSA but was met with such opposition that it was not implemented.) Is such a backdoor safe from third party hacking, and if so, for how long? (And what is an acceptable definition of “safe” here?). A geographical analysis of these questions would imply some access to where and who has installed the systems in question, which might be provided by basic research efforts such as those carried out at the Oxford Internet Institute by Mark Graham and his colleagues.

Do other computer systems have vulnerabilities? That is, ones without designed-in backdoors? If so, where are they? When it comes to exploits and vulnerabilities, what are the implications of announcing them vs. hoarding them (eg, so-called zero-day exploits)? Is there differential access to knowledge about exploits and vulnerabilities? Where? Again, who makes money off this? What is the crypto- value-chain?

Speaking of hacking; there are a huge array of secret attempts (and thus crypto- if not cryptologic) to break into, disrupt, or exploit systems (and an equally expansive range of countermeasures). The Department of Defense has estimated there may be up to 10 million hacking attacks per day. Most of these are probably automated scans, according to Adam Segal, a cybersecurity expert at the Council on Foreign Relations.

What systems are vulnerable to these exploits, and what exploits are being carried out? Here we could examine mundane events such as DDOS, where antagonists attempt to bring down a web server to deny its proper function, to more exotic events such as the US/Israeli Stuxnet virus meant to disrupt Iranian nuclear programs (but which had effects well beyond Iran once the virus was in the wild). (For more on this virus/worm, see the Stuxnet Dossier [pdf] compiled by Symantec.)

We often hear in the news that certain countries (Russia, China) are more responsible for intrusions and exploits than others, but I’m not aware of any detailed work on this sort of cryptogeography. The recent JP Morgan vulnerability affected more than 83 million US households (who? why?), according to the NYT, and actually included another 9 banks not previously reported. The NYT also said the attack was carried out by hackers having “at least loose connections with officials of the Russian government.” But that is a very imprecise and sketchy account. Just recently, a new poll showed bipartisan low levels of confidence among Americans in the “government’s ability to protect their personal safety and economic security.” Here government is arguably failing at its job of providing security. Ferguson and domestic homicides were mentioned specifically in the AP story. Do people feel threatened by the JP Morgan hacks, the Target and other breaches?

There is surely a whole economy of knock-on effects that result from this; so again, we can speculate about a political economy of crytogeographies.

What would a better map of hacking attempts look like? Security companies and telcos track these data, as for example in this map created by Norse which describes itself as “a global leader in live attack intelligence.” Who is this company? How do they earn their money? More importantly, what is the nature of this market sector more generally?

mass-attack-norse-map-100315099-orig
(Click for live version.)

The above map however is to a large extent a misrepresentation because it only shows attacks on their honeypots, not the entirety of the internet, or even the entirety of a particular region or network.

A similar visualization, again covering the globe by country, is offered by Kaspersky Labs.

ScreenClip1
(Click for live version)

These are not per se all that analytically valuable, although they are visually striking (if somewhat derivative).

What do these attacks do, and to whom do they do it? It would be interesting to do a geopolitical analysis of the Stuxnet worm here, which has received a fair amount of coverage. Stuxnet would make an interesting case study, although it remains to be seen how representative it is (being created by state actors against the nuclear capabilities of another state). As stated above, most attacks are undirected and opportunistic. A Congressional Research Services (CRS) Report on Stuxnet examined the national security implications of the attack, and of course there is a long history of the study of cyberattacks and cyberwarfare going back several decades. But I’m not aware that geographers have contributed to this literature in a geopolitical sense.

For some, these concerns are especially paramount in the context of smart cities, big data and automated (“smart”) controls–including the so-called smart grid and the Internet of Things (IoT). Take utilities and smart meters for instance. There are minimally two concerns–that hackers could access smart controls and take command of critical infrastructure, and second, that data held in smart meters may be legally accessible under surveillance laws by the government. Another CRS report in 2012 warned that current legislation “would appear to permit law enforcement to access smart meter data for investigative purposes under procedures provided in the SCA, ECPA, and the Foreign Intelligence Surveillance Act (FISA)”. Although we hear a lot about surveillance of phone and internet communications, there is as yet much less on surveillance of other big data sources. Luckily I have a paper coming out on that topic but needless to say much more needs to be done.

Cryptologic geographies would appear to be a fertile field for investigation. Broadly conceived to include geopolitical implications, big data, regulation and policy, governance, security, the Internet of Things, cybergeographies, and justice, there is a need for intervention here to both clarify our understanding, and intervene in policy and political debate. Certainly other scholars are already doing so (eg., Internet Governance Project paper on whether cyberwarfare is a new Cold War, pdf).

The mass of connected computer systems and devices known as the Internet of Things will surely only intensify issues of security, encryption and governance. The crypto-geographies of these are highly important to sort through. This post is an attempt to highlight what issues are at stake and to provide some initial ideas.

New paper: “Collect it all”

I’ve posted the final manuscript draft of a new paper at SSRN: “Collect it all: National Security, Big data and Governance.”

Here’s the abstract.

This paper is a case study of complications of Big Data. The case study draws from the US intelligence community (IC), but the issues are applicable on a wide scale to Big Data. There are two ways Big Data are making a big impact: a reconceptualization of (geo)privacy, and “algorithmic security.” Geoprivacy is revealed as a geopolitical assemblage rather than something possessed and is part of emerging political economy of technology and neoliberal markets. Security has become increasingly algorithmic and biometric, enrolling Big Data to disambiguate the biopolitical subject. Geoweb and remote sensing technologies, companies, and knowledges are imbricated in this assemblage of algorithmic security. I conclude with three spaces of intervention; new critical histories of the geoweb that trace the relationship of geography and the state; a fuller political economy of the geoweb and its circulations of geographical knowledge; and legislative and encryption efforts that enable the geographic community to participate in public debate.

Keywords: Big Data, privacy, national security, geoweb, political economy

Surveillance costs–new study

Shortly after the Edward Snowden revelations began in June 2013 I wrote a Commentary for Society and Space open site on the costs of security.

One of the issues I addressed had to do with the economic and other costs of surveillance:

What does the US actually pay? One attempt at an answer to this surprisingly difficult question was recently provided by the National Priorities Project (NPP). Their estimate was that the US national security budget was $1.2 trillion a year.

A new report by the New America Foundation has further explored the costs of surveillance in terms of lost business opportunities to US companies, US foreign policy and cybersecurity:

  • Direct Economic Costs to U.S. Businesses: American companies have reported declining sales overseas and lost business opportunities, especially as foreign companies turn claims of products that can protect users from NSA spying into a competitive advantage. The cloud computing industry is particularly vulnerable and could lose billions of dollars in the next three to five years as a result of NSA surveillance.
  • Potential Costs to U.S. Businesses and to the Openness of the Internet from the Rise of Data Localization and Data Protection Proposals: New proposals from foreign governments looking to implement data localization requirements or much stronger data protection laws could compound economic losses in the long term. These proposals could also force changes to the architecture of the global network itself, threatening free expression and privacy if they are implemented.
  • Costs to U.S. Foreign Policy: Loss of credibility for the U.S. Internet Freedom agenda, as well as damage to broader bilateral and multilateral relations, threaten U.S. foreign policy interests. Revelations about the extent of NSA surveillance have already colored a number of critical interactions with nations such as Germany and Brazil in the past year.
  • Costs to Cybersecurity: The NSA has done serious damage to Internet security through its weakening of key encryption standards, insertion of surveillance backdoors into widely-used hardware and software products, stockpiling rather than responsibly disclosing information about software security vulnerabilities, and a variety of offensive hacking operations undermining the overall security of the global Internet.

These may end up being upper bounds of the costs (and consequences), but they are very helpful in identifying what is at stake here. I haven’t read the whole report yet, but the executive summary is here (pdf).