Tag Archives: Data Valdez

Accountability and Intelligence: The Surveillance State’s Foreseeable Fall

I promised a longer and brighter view of where a world of mass surveillance is headed.

Surveillance means power, but it also means accountability. The deep state is trying to impose perfect accountability on others, and to preserve perfect unaccountability for itself. That can’t last. Employees of the deep state cannot be expected to have its back, when the deep state doesn’t have their back. The war on whistleblowers, and now the frantic ban by James Clapper on any deep state employees talking to the media without prior permission from their superiors, smack of panic, of a white-knuckle approach to the politics of information. The deep state knows that they can win individual battles, such as by imprisoning John Kiriakou or Chelsea Manning; with respect to their employees, their position appears to be that the beatings will continue until morale improves. They want to intimidate unauthorized leakers, and need a constant stream of Espionage Act prosecutions to do it with. However, they cannot, in the end, win this war.

Read More →

High Over Compton: “Wide Area Surveillance” Surveils Entire Town

The Atlantic picks up on a story from the Center for Investigative Reporting that in 2012, the LA County Sheriff’s Department secretly tested a civilian surveillance aircraft by flying it over a town in their jurisdiction and taking high-resolution footage of everything visibly happening there, over a period of up to six hours (highlights are ours):

If it’s adopted, Americans can be policed like Iraqis and Afghanis under occupation – and at bargain prices:

McNutt, who holds a doctorate in rapid product development, helped build wide-area surveillance to hunt down bombing suspects in Iraq and Afghanistan. He decided that clusters of high-powered surveillance cameras attached to the belly of small civilian aircraft could be a game-changer in U.S. law enforcement.

“Our whole system costs less than the price of a single police helicopter and costs less for an hour to operate than a police helicopter,” McNutt said. “But at the same time, it watches 10,000 times the area that a police helicopter could watch.”

A sergeant in the L.A. County Sheriff’s office compared the technology to Big Brother, which didn’t stop him from deploying it over a string of necklace snatchings.

The town they chose? Compton. Yes, that Compton, but it’s not the same Compton as yesteryear. Its boosters are now touting it as the hip, countercultural Brooklyn of the LA area. It has an inspirational new Millennial mayor, Aja Brown, who has garnered comparisons to Cory Booker. Its crime rate is down sixty percent, and it’s now majority-Latino. But it still has a median household income of $42,335, and still, even after all its struggles, somehow found itself the first city selected for mass surveillance, over, say, majority-white, tony Santa Clarita (median household income $91,450). Well, blow me down with a post-racial colorblind goddamn feather.

In related news, the NSA, under its MYSTIC and RETRO programs, was revealed last month to have been collecting the contents of the phone communications of an entire country (unnamed, but probably Iraq).

Believe it or not, this is the program's actual logo.

Believe it or not, this is the program’s actual logo.

These two stories are essentially the same. Developments in technology allow law enforcement surveillance to sweep past legal constraints intended for an era where collecting, storing and analyzing so much data was inconceivable. In luckless Compton, the Supreme Court’s 1989 decision in Florida v. Riley renders “wide area surveillance” presumptively constitutional. In luckless Iraq, the expansive powers of Executive Order 12333 and the FISA Amendments Act impose effectively no constraints on the NSA in intercepting the communications of foreign nations.

May I draw your attention to three salient points?

Read More →

Commonwealth Fusion Center Violates Constitution, New Report Says

minorityreport

Massachusetts has two “fusion centers”, mostly state-funded, which aggregate enormous amounts of data on innocent Massachusetts residents, with the notion of preventing terrorist attacks. When you call the “See Something, Say Something” line, the information goes into “Suspicious Activity Reports.” The ACLU of Massachusetts documented that the Boston fusion center (“BRIC”) had actually spent its time harassing peaceful activists rather than thwarting terrorism, which is one of the reasons why there will be nationwide protests against fusion centers on April 10, including in Boston.

In response to the ACLU revelations, Rep. Jason Lewis (now the newly elected Sen. Jason Lewis) filed a fusion center reform bill on Beacon Hill. Disconcerted at the prospect of more sunshine on their work, the Commonwealth Fusion Center, the fusion center in Maynard, offered him and other legislators a courtesy tour of their facility, to try to explain what good work they were doing. As an example of that work, they cited their First Amendment-violating harassment of an Arlington man who was not actually planning any violent crime, but who had tweeted about it being a good idea to shoot statists. They also provided to Rep. Lewis copies of various policies that they follow, including their Privacy Policy (updated 06.13.2013) and their policy on First Amendment investigations. Rep. Lewis then asked Digital Fourth to evaluate the policies they had provided, to assess whether they were constitutional. We enthusiastically agreed, and the resulting report is here.

Here are our main recommendations:

Read More →

Boston PD Suspends ALPR Program After Massive Privacy Violation

Just before Christmas, Muckrock and the ACLU of Massachusetts brought out excellent articles based on a full year of Muckrock’s investigative reporting into Boston PD’s use of automated license plate recognition technology.

ALPR systems automatically photograph and store in a police database the license plates of any car an ALPR-equipped police vehicle passes. The car may be parked or driving. It could be on the Pike, in a driveway, or anywhere a camera can reach. The question was, what does the Boston PD do with the mountain of data once it has it?

Read More →

Drowning in Data, Starved for Wisdom: The surveillance state cannot meaningfully assess terrorism risks

In this movie, we're Brad.

Pity the analysts.

The NSA has just vigorously denied that their new Utah Data Center, intended for storing and processing intelligence data, will be used to spy on US citizens. The center will have a capacity of at least one yottabyte, and will provide employment for 100-200 people. With the most generous assumptions [200 employees, all employed only on reviewing the data, only one yottabyte of data, ten years to collect the yottabyte, 5GB per movie], each employee would be responsible on average for reviewing 4500 billion terabytes, or approximately 23 million years’ worth of Blu-ray quality movies, every year.

 

Must...keep...watching...my...country...needs...me

Must…keep…watching…my…country…needs…me

This astounding and continually increasing mismatch shows that we are well beyond the point where law enforcement is able to have a human review a manageable amount of the data in its possession potentially relating to terrorist threats. Computer processing power doubles every two years, but law enforcement employment is rising at a rate of about 7% every ten years, and nobody’s going to pay for it to double every two years instead. Purely machine-based review inevitably carries with it a far higher probability that important things will be missed, even if we were to suppose that the data was entirely accurate to begin with – which it certainly is not.

So why is anybody surprised that Tamerlan Tsarnaev, the elder of the Boston Marathon bombing suspects and one of around 750,000 people in the TIDE database, was not stopped at the border? That facial recognition software wasn’t able to flag him as a match for a suspect? That the fusion centers, intended to synthesize data into actionable “suspicious activity reports”, flag things too late for them to be of any use? That the Air Force is panicking a little at not having enough people to process the data provided by our drone fleet?

It’s in this context, then, that we should understand the calls for more surveillance after the Boston Marathon attacks for what they are. More cameras, more surveillance drones and more wiretapping, without many more humans to process the data, will make this problem worse, not better. These calls are being driven not by a realistic assessment that surveillance will help prevent the next attack, but by the internal incentives of the players in this market. Neither the drone manufacturers, nor law enforcement, nor elected officials, have an interest in being the ones to call a halt. So instead they’re promoting automation – automated drones, automated surveillance, and email scanning software techniques.

They are missing something very simple. We don’t need a terrorism database with 750,000 names on it. There are not 750,000 people out there who pose any sort of realistic threat to America. If the “terrorism watch list” were limited by law to a thousand records, then law enforcement would have to focus only on the thousand most serious threats. Given the real and likely manpower of the federal government, and the rarity of actual terrorism, that’s more than enough. If law enforcement used the power of the Fourth Amendment, instead of trying to find ways round it, it could focus more on the highest-probability threats.

Yes, they would miss stuff. That’s inevitable under both a tight and a loose system. But a tight system has the added advantages that it protects more people’s liberties, and costs a lot less.

UPDATE: With the help of a New Yorker fact-checker, the figure of “400 billion terabytes” above has been corrected to “500 billion terabytes”.

Joined-Up Government Can Be A Bad Thing

The National Counterterrorism Center is now being allowed access to all governmental databases to trawl for suspicious activity. The Wall Street Journal (“U.S. Terrorism Agency to Tap a Vast Database of Citizens”) and the Volokh Conspiracy (“DHS Dresses Up A Turf Fight as a Privacy Issue While Ignoring the Lessons of 9/11″) both report on this development, from opposing perspectives.

Just because one part of the government has a certain set of data, doesn’t mean that all other parts of the government should have it. Your tax return is kept privately within the IRS; records of your immigration applications stay with USCIS; Medicare keeps your health records private; and so on. This kind of data confidentiality used to be routine; but once again, in the service of terrorism, the normal limitations on government power are considered expendable.

This is what happened.

NCTC asked the Department of Homeland Security for access to a database on terror suspects. DHS gave NCTC the disks, on the condition that NCTC, within 30 days, remove information regarding “innocent US persons” (innocent non-US persons are apparently fair game).

Possibly terroristic non-US person Malala Yousafzai.

NCTC couldn’t do it. In fact, after 30 days they had barely been able to download the database from the disks. Even with another 30-day extension, they couldn’t do it, and in response to this failure, they have demanded, and gotten, even broader access to even more government databases. The only constraint is that any time they access a new database, they have to publish that fact in the Federal Register.

Their problems in removing “innocent US persons”‘ data are completely understandable, because NCTC was anxious that today’s innocent person may not turn out to have been innocent tomorrow. How do you remove innocent people, when nobody is provably innocent?

Your government, protecting you. With science!

From a resource standpoint, how could NCTC possibly deploy enough skilled analysts to prove the innocence of the (at minimum) hundreds of thousands of people this one database contained? And that’s just one of the many databases to which they will now have access!

This is an example of what, over at EFF when I was interning there in 2000, we used to call “Data Valdez”. The amount of data being created is enormous and essentially impossible to thoroughly analyze. The federal government has, in its various parts, access to data on every part of our lives, but no matter how fast its computers, it will never, ever have the human resources necessary to process it properly. Demanding access to ever greater oceans of data is not going to help. It’s a processing problem, not a data problem.

That’s why, at Digital Fourth, we recognize the wisdom for law enforcement of aggressively applying the constraints identified in the Fourth Amendment. Even if you have the ability to collect more data, it works better to consciously commit to collecting less. Law enforcement should, for its own sanity and ours, collect, retain and use in investigations only data that is related to investigations of actual, well-defined crimes committed by previously identified people. Only then will the volume of data collected be low enough that law enforcement will be able to process it thoughtfully and intelligently. Yes, that means that connections will be missed that will only become apparent after the fact of an attack. But we cannot insure perfectly against the probability of future attacks. We have to invest our resources rationally, and we have vastly over-invested in preventing terrorist attacks relative to other things that kill many more Americans.

%d bloggers like this: