The Trajectories of Government and Corporate Surveillance

Historically, surveillance was difficult and expensive.

Over the decades, as technology advanced, surveillance became easier and easier. Today, we find ourselves in a world of ubiquitous surveillance, where everything is collected, saved, searched, correlated and analyzed.

But while technology allowed for an increase in both corporate and government surveillance, the private and public sectors took very different paths to get there. The former always collected information about everyone, but over time, collected more and more of it, while the latter always collected maximal information, but over time, collected it on more and more people.

Corporate surveillance has been on a path from minimal to maximal information. Corporations always collected information on everyone they could, but in the past they didn’t collect very much of it and only held it as long as necessary. When surveillance information was expensive to collect and store, companies made do with as little as possible.

Telephone companies collected long-distance calling information because they needed it for billing purposes. Credit cards collected only the information about their customers’ transactions that they needed for billing. Stores hardly ever collected information about their customers, maybe some personal preferences, or name-and-address for advertising purposes. Even Google, back in the beginning, collected far less information about its users than it does today.

As technology improved, corporations were able to collect more. As the cost of data storage became cheaper, they were able to save more data and for a longer time. And as big data analysis tools became more powerful, it became profitable to save more. Today, almost everything is being saved by someone—probably forever.

Examples are everywhere. Internet companies like Google, Facebook, Amazon and Apple collect everything we do online at their sites. Third-party cookies allow those companies, and others, to collect data on us wherever we are on the Internet. Store affinity cards allow merchants to track our purchases. CCTV and aerial surveillance combined with automatic face recognition allow companies to track our movements; so does your cell phone. The Internet will facilitate even more surveillance, by more corporations for more purposes.

On the government side, surveillance has been on a path from individually targeted to broadly collected. When surveillance was manual and expensive, it could only be justified in extreme cases. The warrant process limited police surveillance, and resource restraints and the risk of discovery limited national intelligence surveillance. Specific individuals were targeted for surveillance, and maximal information was collected on them alone.

As technology improved, the government was able to implement ever-broadening surveillance. The National Security Agency could surveil groups—the Soviet government, the Chinese diplomatic corps, etc.—not just individuals. Eventually, they could spy on entire communications trunks.

Now, instead of watching one person, the NSA can monitor “three hops” away from that person—an ever widening network of people not directly connected to the person under surveillance. Using sophisticated tools, the NSA can surveil broad swaths of the Internet and phone network.

Governments have always used their authority to piggyback on corporate surveillance. Why should they go through the trouble of developing their own surveillance programs when they could just ask corporations for the data? For example we just learned that the NSA collects e-mail, IM and social networking contact lists for millions of Internet users worldwide.

But as corporations started collecting more information on populations, governments started demanding that data. Through National Security Letters, the FBI can surveil huge groups of people without obtaining a warrant. Through secret agreements, the NSA can monitor the entire Internet and telephone networks.

This is a huge part of the public-private surveillance partnership.

The result of all this is we’re now living in a world where both corporations and governments have us all under pretty much constant surveillance.

Data is a byproduct of the information society. Every interaction we have with a computer creates a transaction record, and we interact with computers hundreds of times a day. Even if we don’t use a computer—buying something in person with cash, say—the merchant uses a computer, and the data flows into the same system. Everything we do leaves a data shadow, and that shadow is constantly under surveillance.

Data is also a byproduct of information society socialization, whether it be e-mail, instant messages or conversations on Facebook. Conversations that used to be ephemeral are now recorded, and we are all leaving digital footprints wherever we go.

Moore’s law has made computing cheaper. All of us have made computing ubiquitous. And because computing produces data, and that data equals surveillance, we have created a world of ubiquitous surveillance.

Now we need to figure out what to do about it. This is more than reining in the NSA or fining a corporation for the occasional data abuse. We need to decide whether our data is a shared societal resource, a part of us that is inherently ours by right, or a private good to be bought and sold.

Writing in the Guardian, Chris Huhn said that “information is power, and the necessary corollary is that privacy is freedom.” How this interplay between power and freedom play out in the information age is still to be determined.

This essay previously appeared on CNN.com.

EDITED TO ADD (11/14): Richard Stallman’s comments on the subject.

Tags: , , , , , , ,

Posted on October 21, 2013 at 6:05 AM60 Comments

Comments

unimportant October 21, 2013 7:01 AM

The delicate part of collecting metadata is that it contains the dynamic IP address together with the owner’s email address. With this information alone they can nearly mass identify all Google searches or pseudonymous Internet activities.

Whopsie October 21, 2013 7:01 AM

An excellent essay, but somewhat lessened by the last paragraph: Chris Huhn is not a great person to be quoting here – he was jailed for perverting the course of justice, and his comments in various Gaurdian articles appear to be part of a concerted effort to re-habilitate himself in the public eye.
If he thought privacy was that much of a fundamental right, why didn’t he do something about it when he was in an influential position in government?

Melvin October 21, 2013 7:32 AM

When you were reviewing the NSA documents, were there exploits for the hardware level?

http://searchcloudsecurity.techtarget.com/definition/BIOS-rootkit-attack

http://www.wilderssecurity.com/showthread.php?t=354463

This is the scariest one of them all, because since these programs were secret, we couldn’t even know what we DIDN’T know.

These are most likely “last resort,” because you got the line taps as a first resort, or easy software exploits.

I am concerned about the abuse of this power. What happens if you accidentally get caught up in a dragnet just because you clicked the wrong link in a forum?

I bring this up because I think these agencies want maximum power.

Steven Hoober October 21, 2013 7:34 AM

You missed one bit of the puzzle. Storage became cheaper long before computation.

Shortly after the last turn of the century I worked for a US mobile telecom, and as part of a project became aware that we were storing detailed data on not just transactions but complete user behavior such as the complete click through path on the website. For all users, forever. We were storing several TB a day, such that it had gotten to the point we had to have more than one guy whose full time job was opening boxes, screwing HDDs into sleds, and putting them into racks. Weekly, new storage racks arrived.

With this information we did… nothing. Far too much data to deal with. At the time. A few years later, we started being able to analyze it and react to the way people were historically using the products.

I found it interesting that there seemed to be a desire to exploit this info all along, and as soon as it became feasible to gather and store it forever — even before the company could do anything with it — it did so.

Jeff Johnson October 21, 2013 8:37 AM

“We need to decide whether our data is a shared societal resource, a part of us that is inherently ours by right, or a private good to be bought and sold.”

This seems to contain many many important questions to be asked and answered. One factor that may lead to unusual or surprising answers to these questions is that data has unique properties that other resources and goods don’t have. It can be very cheaply copied, transmitted and stored, so paradigms for other goods or public resources don’t necessarily apply in the same ways.

When “my” data is copied I lose nothing. The incremental costs are practically invisible. So what does the concept of possession mean any more? Do we possess or own our data? Ownership of data doesn’t mean the same as ownership of physical property. In the latter case ownership is a necessary reservation of access and rights that is essential to the utility of the property. If anyone can come on your land, it becomes less valuable and usable for you. But the ability to copy data widely and easily makes such a need to claim property less valuable or important to the utility of it.

Also there are so many kinds of data. Certainly I feel different about my bank account, my social security number, my private finances, than I feel about what web sites I’ve browsed or an anonymous profile of the things I’ve bought, or what books I read or music I like.

So the location of data in space, the physical ownership or replication count of it seems to have much less importance. What is essential is the access to it, the ability to control access, and the ways in which data may be used. I favor an open public resource model with as much data as we can possibly tolerate, given our needs for privacy. Some bare minimum of critical data connecting to financial resources or that otherwise make us vulnerable to physical abuse must be protected. But the extent to which my actions, my health data, or my preferences contribute anonymous global open databases should not bother me. What bothers me is that someone may claim the right to own and sell this information. It should be free and open to research and analysis for policy making. In some sense this data is no different than the atoms of my body, the sounds I make, the visual presentation to the world in public, it is information about reality, and to jealously hide and guard it seems to be a recipe to retard social progress by restricting the amount of knowledge available for everything from science, sociology and economics to psychology, history, and the creation of art and music.

Regarding “Information is power, and the necessary corollary is that privacy is freedom”.

Ownership of information has always been a means of manufacturing power that isn’t necessarily conferred democratically. A sales person’s or head hunter’s contacts, a trader or import/export broker’s connections, having insider information on corporate decision making, or inside information on government regulations or legislating are means of setting one’s self up as a middle-man that others depend on merely because they do not have access to the same information. Experience and knowledge are different from information in this context. To allow people to profit or excercise power from the mere possession of information, as opposed to real experienced expert knowledge, seems like allowing someone to profit from controlling the atmosphere or the world’s water supply, or patenting genes.

So here is a case where we can confirm that information is power, and possibly we could in many circumstances say that it is a source of illegitimate or self-styled power, power obtained via no authority or merit other than being able to corral and control information. But also this same information, if made open, transforms that information into freedom, which is in essence individual power. Look at the power afforded people by the open source movement. Certainly this is also freedom. So freedom is not limited to privacy. Freedom is individual empowerment. Access to information is also a source of freedom, and freedom and power are closely linked. Power is not always or necessarily a denial of freedom.

Bauke Jan Douma October 21, 2013 9:09 AM

quote: public-private surveillance partnership. end quote

This brings to mind something I was wondering about just a few days ago.

Is there any evidence (in the Snowden docs or otherwise) that the NSA has
been providing Google with data for the purposes of their (Google’s) primary
business?
I wouldn’t be surprised at all if that were to be revealed one of these days. (*

*)
just picking Google to create a poignant example, but you may
subsititute Microsoft et al.

Clive Robinson October 21, 2013 11:38 AM

@ Jeff Johnson,

    When “my” data is copied I lose nothing.

That’s the great Internet Marketears “big lie” and not a good place to start your argument from.

The simple response is “if somebody is collecting it it has value to then in dollars and cents, that value is accruing to them and not to you”. It might also have significant value as IP and as we know from others IP is worth significant money to bribe politicians and legislators over. The fact that somebody has said “finders keepers” is neither moraly or in many juresdictions legaly right and falls under the notion of “denying the owner the rights and privalages pertaining to ownership” and it does not matter if the item of value is tangable or intangable. Call it what you will it’s technicaly a crime, and I’m sure your employer would not be to happy about you stealing near but not quite worthless items of stationary such as a paper clip, or used the photocopier to make up flyers etc for you own business.

With regards your idea of maximising the availability of data you say,

    But the extent to which my actions, my health data, or my preferences contribute anonymous global open databases should not bother me

It realy should bother you for a couple of reasons, the first being there realy is no such thing as anonymous data any longer. In the UK the government under the financial inducment of vested parrties want to make the health data on every one in the country available to those with money. Supposadly the data is going to be anonymised, however every such scheme put forward has been found to have significant and serious flaws that de-anonymise the supposadly anonymous data. Usually this is by cross refrencing to other “public” databases such as the Land Registry or Electoral rolls, which then opens up other databases such as credit cards etc. It would appear that with personal data there is “useful data” and “anonymous data, that is if it has any real utility it is not actually anonymous.

Now in the UK we have recently had cases of “illegal DBs” to do with “black listed construction workers” and “landlords and lettings” in either case individuals were entered into these illegal DBs by people with malicious intent, much to the individuals harm (compensation litigation is pending). We know from the “US Healthcare model” that in the US insurance providers use “employment DBs”, “accomadation DBs”, “health care records” etc etc to deny people health care or make it to expensive to afford. Thus they become sick and ill and a burden on others, now you may think “so what I’m healty” but having sick and ill people in society above a certain level endangers the whole population and makes them sick and unwell. So it does effect you nomatter how rich/poor well/unwell. Collecting such information because it can not be realy made anonymous –and still be usefull– is a very real risk to us all, because even if it’s not made available history shows us it will be targeted like any other commodity of value.

And this is the important point, if information is usefull it WILL be used to “make money” and usually this money is made by harming people. This value/harm automaticaly confers power to anybody with access to it. And access will be found lawfully or unlawfully to any collection of data that has any kind of usefullness. The only way to protect people from harm is by not collecting such data in ways it can be accessed to a persons harm. Untill we find such ways in the main balance of things society would be mentaly and physically better of without the building of such DBs.

Tim October 21, 2013 11:39 AM

I work in prediction. Information isn’t about saying what’s what, what is, and what was, its really about predicting what will come next. It is the ability to make a better bet about the future which is everything in business, finance, and every aspect of our daily lives. Whilst people worry about their privacy being invaded, I worry about the real power that comes from those who have access to such great stores of information – and then inevitably defend and prevent access to it by their competitors. This isn’t about “you” regardless of what your instincts tell you when your privacy is invaded, its about “us”.

Information always spreads, just look at whats happened to the NSA. The harder you try to protect your privacy, the more valuable it becomes to compromise it. That dynamic will come into play again and again. This actually comes as some relief, as unless the information is shared, we’re heading towards a concentration of power quite devastating in the hands of those selfish enough to grab it.

Thanks Snowden, and all those who follow.

The Mafia October 21, 2013 11:49 AM

Jeff Johnson • October 21, 2013 8:37 AM
When “my” data is copied I lose nothing.

Tell that to the MPAA and RIAA.

John Campbell October 21, 2013 12:39 PM

Surveillance, however, has its limitations.

Consider, if you will, that you can collect this data and store it…

…but, then, how do you find it again? How do you take a chunk of data and make it easily searchable?

Oh, sure, you can use Google’s spiders, but, then, the indices get bigger and bigger and bigger and you get a degree of fan-out that…

Oh, wait…

I guess these organizations will be looking to hire a sh!tload of Librarians and Research Librarians.

Neverrrrrrr Minnnnndddd…

I used to think I was pretty competent using a search engine UNTIL a friend, a research librarian, was able to choose, seemingly out of thin air, search terms that narrowed things down.

OK, we can store it, and, as we store it, we can retain a set of indices (the index space probably makes the data space look like NOTHING) that can then be searched through.

Still gonna burn a sh!tload of cycles trying to build useful indices, but, yeah, maybe the search space won’t be as big a problem as I initially thought it would.

Daniel October 21, 2013 12:59 PM

“How this interplay between power and freedom play out in the information age is still to be determined.”

It has already been determined. One only has to look at the Snowden revelations so far. The reality is that privacy advocates are on the defensive. There is no significant political will to change the laws and there simply aren’t enough privacy friendly computer programmers to make a meaningful difference on the technical side.

I comprehend the need for hope but I think doing so only leaves the impression that the task is much easier than it actually is, which can only result in misplaced expectations leading to disappointment. The question isn’t whether the interplay between power and freedom has been determined, the question is whether that determination is going to last. My belief is that it will.

z October 21, 2013 1:02 PM

Corporate surveillance is essentially government surveillance. When the gov can simply order (or threaten) a company to turn over the fruits of its surveillance, then the Constitutional boundaries preventing the government from collecting that information on its own are meaningless.

Brian M. October 21, 2013 1:29 PM

“There is nothing either good or bad, but thinking makes it so.”
― William Shakespeare, Hamlet

Value, like money, is an artificial concept. At one point tulip bulbs commanded a fantastic value, just like internet stocks. So what is the value that is our personal data?

There is the value to corporations. The greatest value would be, “what will the customers buy next?” That has been ongoing since someone bothered to listen to their customers. Today, our web traffic is collected an analyzed. What value does this have for us, personally? Will we receive a better shopping deal, or will the data be used by companies for collusion? If we get a deal on products, then that’s essentially a payment to us. Otherwise, we are getting screwed, and hard.

There is the value to governments. Basically, it amounts to how much the people can be screwed and not revolt, one way or another. There have been multiple electoral revolts in the U.S. The Watergate scandal was about one party spying on another. But what if they didn’t need to spy? What if “big data,” in the form of analyzing publicly available texts, was used to give one party an edge over the other?

The NSA started with the legitimate premise of attempting to find “foreign agents,” and moved on from that to collecting data on everybody, just because they could do it. Nobody is sure about the value of the NSA data. So I suggest this valuation: What is the monetary value of the crimes that this data was used to prosecute?

There was case where two guys sent about $8,500 to Africa, which was used to directly support terrorists. There have been an unknown number of non-terror cases. But is the monetary total anywhere close to the money spent on the NSA? I don’t know, but I really doubt it.

Phones are being tracked for the supposed benefit to the consumers. But is that a real benefit, or is that just sham marketing by Google, et al? Before going to lunch, how much does price influence my decision to eat at one location over another? How about the menu? Neither of those needs to be tracked. But where I go has some value to real estate agents for evaluating property traffic patterns, and thus Google has something to sell to them, but not to me. I am not Google’s customer, I am its packaged product.

Let’s suppose that in this interconnected age, we actually had an information system where individuals could not be tracked or monitored. Our communications protocols and other technologies precluded all surveillance and data aggregation. The individual is perfectly invisible on the network, past, present, and future.

Would Google exist? I think so. They offer a service, and people flock to that service. Would they still be putting ads on their pages? Google is an ad agency, so of course they would.

Would the NSA be spending billions on crap? As long as they are given billions, the answer is yes. It’s always yes. All government agencies figure out how to squander money. It’s just part of the life of an organism. Money is equal to life, and the more money an organization gets, the better its quality of life.

Google would shrink if people moved from it to another service. That’s competition. The NSA would only shrink if those in charge of its purse strings decided that the money spent had to have an absolute X return on investment.

What Google and the NSA are trying to do is a version of Philip K. Dick’s Minority Report, where the future can be predicted. So how much data is needed to predict the future? Right now, it looks like an infinite amount of data is needed. Thus, the data is useless. Both Google and the NSA are wasting money. The difference between them is that Google can go out of business, but the NSA can’t.

Michael Moser October 21, 2013 1:38 PM

If you have ‘big’ government then the state has lots of levers that it can pull; lots of points of influence, lots of incentives that can be withdrawn or granted;

Big government + surveillance == serfdom

Jeff Johnson October 21, 2013 1:41 PM

@Clive Robinson,
When I said that I lose nothing when data is copied, I meant to distinguish the properties of electronic data from other physical possessions, such as a bicycle or land or a house. Certainly if somebody uses my bike, or builds on my land without my permission, just that act deprives me of utility in a way that copying my data does not.

But I agree with you that if someone monetizes it without my permission or without compensating me accordingly, then I do lose something, and the person using it is effectively committing a form of theft.

I wrote: “So the location of data in space, the physical ownership or replication count of it seems to have much less importance. What is essential is the access to it, the ability to control access, and the ways in which data may be used.”

I think there is some information we must be able to control access to. I would also like to be able to prevent other information from being monetized unless I give permission and if I choose to be, am compensated.

But I’m worried about the closure of the Internet to possibly valuable research in social sciences and economics for example, because of an obsession with privacy. I also am concerned about the unauthorized commercial compartmentalization of that information for private gain. But as in the open source model, if data that is freely available to all is used creatively to generate income, that seems less troublesome than, for example, google or Facebook using monopolized access to data in order to profit.

I understand that information is power, and people monetizing the data associated with my activities is just another form of middle man profiting not from the merit of skill and experience as much as deriving a boon from the unique opportunity to gather information that others don’t have access to. It is an artificial scarcity that people profit from, when that information ought to be open to non-commercial uses for free, in my view. A horrible example of private gain from this kind of artificial scarcity is the for-profit academic publishing world.

I think the idea that privacy is freedom is too narrow a view of freedom with respect to information. Think of the freedom that open source software provides. And your post, if slightly altered mutatis mutandis, could be viewed as an argument against the practicality or value of open source software. An important factor is that open source software is willingly donated. But there is an enormous amount of my data I would willingly donate if I knew it could not be monetized without my permission, and if it could be freely used to help sociologists and economists develop better models with micro-foundations, or to prove that certain macro or meso models are equivalent to some micro-founded model. I think that there is a lot of possible freedom, defined as empowering individuals, to be derived for humanity in the future from the widespread open availability of data that can aid in accurately modeling society, economics, and politics, to name just a few examples.

Curious October 21, 2013 1:55 PM

“Information is power, and the necessary corollary is that privacy is freedom.” (Chris Huhn, The Guardian)
I don’t know who Chris Huhn is but I am inclined to question his wisdom after simply having read the quotation above (I also read the Guardian article).

I have to say that ‘privacy’ is foremost privacy, no more, no less.

Privacy is NOT anything like a ‘freedom’, unless ofc ‘freedom’ were to be regarded as ‘imposed freedom’, which might as well be understood as a NEGATIVE right and as such NOT a POSITIVE right (imagine neg/pos privacy, or neg/pos welfare, doesn’t sound good does it?); but then it would be all too obvious that ‘freedom’ couldn’t possibly be something that is ‘personal’ and thus universal and then the concept of ‘privacy’ goes out the window altogether in the name of wanting to be pragmatical about it, with ‘freedom’ and ‘power’ as some kind of metonymy for ‘privacy’, creating a cognitive blind spot or vacuous denomination, when one really ought to know better. Would be convenient I am sure to view ‘privacy’ as some kind of ‘freedom’, unless on the other hand you like having a right to privacy yourself and also understand that such is valid for others to claim as well, and then one would realize that ‘privacy’ is really not something that is subject to anyones needs, whims or practical concerns. ‘Privacy’ is ultimaterly not a matter of practicality and a sensible demand would be to have privacy notwithstanding the rule of law. Privacy is foremost something claimed and one shouldn’t simply try to value it or appraise it, nor one be required to solicit or beg for it. The state, the corporations and all others in general having no rights to other peoples privacy, ought to be a sensible starting point in debates regarding privacy and such imo.

In other words, to talk about ‘privacy’ or a right to ‘privacy’ is not the same thing as talking about having the ‘freedom’ to privacy. It is really not the same thing, because a meaning depends on the eyes of the beholder, and in a time of mass online surveillance, you just can’t trust a fight for privacy to be championed by the state or by law for that matter, because those are tools and most people are not a part of that kind of craftsmansship.

A problem I have with the use of a word like ‘freedom’, is that in a world with rules imposed by law, as a matter of fact, no ‘power’ is really left to any individual person as such unless by chance, as if you had to fight for it somehow. I would say that fighting for freedom is never as interesting as simply being free, if you somehow could wish for both options. What is probably interesting about ‘freedom’ generally in a colloquially sort of way, is that ‘freedom’ is associative to ‘being free’ to do someting, however I can’t help but think that sanctioned free’ness in announced “freedoms”, is more akin to being allowed for, or to do, something, and not so much as effectually being empowered or privileged as individuals.

On second thought, I guess anything related to ‘a freedom’ is probably viewed with such grandeur and as such a noble thing in general, because of how things are, or is thought to be taken for granted. Things that are needed by the lot can be expected to be satisfied in a ‘society’ I would think, but I am sceptical on behalf of what could be said to be the needs of the less privileged, the few, or the one (a need and/or request for demanding privacy).

I guess I should now say: be careful what you wish for when demanding ‘freedom’.

Jeff Johnson October 21, 2013 2:09 PM

Oh, and I forgot one thing: I would add to the possible benefits of donating information for open internet access the possibility of the NSA preventing terrorist acts or the FBI solving violent crimes.

A question is: must the NSA be secretive about its data gathering activities, and keep the data itself secret, in order to be effective from a security standpoint?

I’m just theorizing, but what if such data were open to various levels of access with respect to anonymity? For example anyone could get at the data on preferences, sites visited, purchases, discussion comments or posts, and other things people want to reveal, but names, phone numbers, addresses, account numbers, and other “personalizing” information are electronically redacted unless a digital warrant is obtained via a well defined legal procedure that requires a justification persuasive to a court or judge.

Anyone committing criminal or terroristic acts would most likely presume a lack of secrecy anyway. So the value of secrecy is probably less than imagined for surveillance methods such as watching Internet activity. The cat is kind of out of the bag now. But just knowing that the information is stored and possibly accessible under appropriate future circumstances could act as an effective deterrent. And the data would have potentially great public value as well.

Certainly what I’m suggesting would rely on very secure access control methods, digital identities, and other technologies that aren’t ready for such a model, but are perhaps close so that we can imagine such an open model with certain voluntary controls over the privacy, access, and publishing of information on an individual basis.

Carpe October 21, 2013 3:06 PM

I would just like to address one point I am seeing fairly often here, which is that the goal of this massive surveillance system is a Minority Report style pre-crime prediction mechanism.

This is the not talked about base upon which the lie of surveillance is built. So of course the real discussion can’t be had with the public, because the conclusion is that the public is too stupid to be trusted with frank policy discussion. In the backrooms and in the SCIF’s though, what the 3-letters are selling to the corrupt/comprimised congresspeople though is this: “we need to build this massive surveillance system so that we can predict and prevent the next 9/11 before it happens, so you better play ball or else…”

So I would guess of the minority of congresspeople who are actually briefed on the matter, any given one either 1) is stupid enough to agree 2) is afraid for their position 3) is afraid of the consequences, if they said they opposed it.

I digress though, the real point being that a massive surveillance system ala Minority Report may be the very long term power goal, but immediately, the real goal is the ability to, in intelligence terms, “walk the cat back” on anyone, and in particular, anyone who poses any sort of threat against the powers that be.

Surveillance is a tool of control, and the primary thing it undermines is free speech via the chilling effect.

Minority Of One October 21, 2013 3:28 PM

@Carpe I would just like to address one point I am seeing fairly often here, which is that the goal of this massive surveillance system is a Minority Report style pre-crime prediction mechanism.

It doesn’t stop with prediction. A pre-crime is a precursor to a crime which can occur only if someone chooses to do it. Implementation of a pre-crime system implies the use of psychological operations aimed at individuals who are linked to crime precursors to condition them not to commit the crime.

How many crime precursor hops should such a system go? The answer will determine the extent of conditioning that will be applied.

Are we men with the freedom to choose, which means the freedom from pre-crime brainwashing?

Or are we to be conditioned like dogs?

The Minority Report system is already operational.

Carpe October 21, 2013 3:33 PM

@Minority Of One

“The Minority Report system is already operational.”

Ok, let me rephrase then. If it is operational, it is not going after the crimes we think it should be going after, and instead is solely being used to cement TPTB’s control.

Brian M. October 21, 2013 4:13 PM

@Minority Of One:
The Minority Report system is already operational.

Are you thinking about entrapment? “the action of luring an individual into committing a crime in order to prosecute the person for it”

From what I’ve been reading in the press, the government has been given free reign to commit entrapment. I keep reading about “terrorists” who have to be “recruited,” “trained,” and then finally given the tool to “do the job.” And all of it comes from the FBI, et al. I am not convinced that the agencies can prevent an occurrence like the al Shabaab attack on the shopping mall from happening here.

Clive Robinson October 21, 2013 4:15 PM

@ Carpe,

    Surveillance is a tool of control, and the primary thing it undermines is free speech via the chilling effect.

This is true with “big data” and the first people to feel the chill were celebs and politico’s. They discovered to their horror that anything they said in the past could be found selected and presented in effect out of context to make a rod for their own backs.

If any comment had been made by an individual that appeared to show some negative attitude in todays view point then no matter how old it would be brought into play by those with some kind of axe to grind.

The result is we get carefully sanitised sound bites usually devoid of all real meaning and about as much use as trying to build buildings out of warm rain drops.

Thus politico’s were the first to feel the chill grip of the Internet, and seen first hand it’s power to destroy their and others careers. They know well the meaning of the words atttributted to Carinal Richelieu but with a modern twist. In Richelieu’s time it was “six lines written” by the hand of the most honest had that would hang him, in this day and age it’s “six lines said” on some journo’s tape recorder or open wirless mic, or at a social function that pops up on some obscure part of the Internet waiting for someone to give them the rope. The Free speach of an off the record comment is no more every thing including the noises you make when thinking are up for grabs to be abused and used against you, even if only in satire and parody.

martinr October 21, 2013 4:39 PM

You didn’t mention that data privacy is first of all a problem of countries like the U.S., which do not have a constitutional protection of privacy.

The idea that states have to pass common law in order to protect against “revenge porn” is ridiculous. Any constitution worth its dime would protect individuals privacy so reliably, that common law with the purpose of permitting revenge porn would be immediately void because of being incompatible with the constitution.

Dirk Praet October 21, 2013 4:51 PM

We need to decide whether our data is a shared societal resource, a part of us that is inherently ours by right, or a private good to be bought and sold.

I believe “the right to be forgotten” as included in the proposed EU General Data Protection Regulation is a step in the right direction. If adopted as is, it would be a major blow for the current practices of both private and public entities tracking and data mining our every move. Needless to say that there is a gargantuan US lobby working to prevent this from happening.

roadie October 21, 2013 6:15 PM

“Power is not always or necessarily a denial of freedom”

Power corrupts. Absolute Power corrupts absolutely.

People in power come and go. Unlike people, technology evolves
f a s t.

roadie October 21, 2013 6:35 PM

… oh, and while I am at it.
governments are a thing of the past. There are only corporations and banks. They are atheist and money is their god, their religion, their purpose in life. Nothing else matters to them. They are not evil, they are run by people. Nothing is going to stop them except running out of money, or people who say “ok, I’ll do it”.

Jacob October 21, 2013 7:02 PM

What surprises me is that the NSA, with its vast data collection and analysis capabilities, do not actively go after the big spammers of the inetrnet. This could be a notable convergence of government/business/citizens act that will help all:
– the NSA who complains about the amount of noise in emailland
– business that loses much money on filtering, bandwidth and info-stealing malware
– citizens who are abused and exposed to malware by spammers.

This could be the PR coup that the agency sorely needs.

Scott October 21, 2013 7:32 PM

We know what we need to do, however it requires action from Congress. When Congress won’t even act on visible issues like the weak economy, how can we expect them to act on the invisible issues like the overreaching public and private sector surveilance? The USs politics are party-based, and this is one of the main problems, as I see it (the influence of money being another big one). We don’t know what we want, all we know is that it’s right vs left. Until we, the public, stops focusing on winning vs losing and starts focusing on specific objectives, we will get nowhere.

“The Creature has enslaved our town
But no one thinks to bring it down
Provided with so much distraction
The people can’t be moved to action”
“The Creature” by Sleepytime Gorilla Museum

bluecow October 21, 2013 7:35 PM

All the evidence points to cryptography as the firmament on which all the other social, legal, political adaption can be build. Secure the endpoints. Secure the channels.

People say using encryption is too hard. I don’t think they can face up to the fact that there is no other practical choice and they are all out of options.

The reality is stark, let’s not kid ourselves.

65535 October 21, 2013 8:10 PM

I’ll make my observations short because of others have covered my concerns. Our actions and locations are being recorded; stored and sold to both military sector and private sector. Unfortunately, the industrial-military partnership formed by the NSA and Google is weaponizing our data (using the NSA and Google as one of many possible examples). This weaponization of civilian data is dangerous and is against the Fourth Amendment. Here are three small steps to correct said situation:

  1. Stop granting corporations “immunity” from prosecution and lawsuits when they handover private and personal data to the government and the military.

  2. Stop the secret court orders and secret gag orders. If we are in a war – then declare war and martial law – if not then stop the military surveillance of US civilians. Allow the Yahoo, Google, and Microsoft to accurately report said court orders in their financial disclosures and other disclosures (these secret court orders require lawyers; legal fees and possible liabilities which should be disclosed).

  3. Disclose all Geo-location and other personal information to people who are having said information recorded and sent to repositories! Disclose this information similarly to FDA style of disclosures on food and medical products. As it stands most people who use Smartphone/iPhone type of products are unaware of the vast amount of information they are giving away – including the hot-button Geo-location information. Recording of Geo-location information is false advertising at the best and probably fraud and reckless endangerment at the worst.

Figureitout October 21, 2013 10:18 PM

Jacob
–While it sounds nice and most everyone can quickly identify spam, it will most likely turn into a reason to silence one’s speech. Do you have a universal accepted definition of “spam”? This may now be a way for “hidden comms in the clear”. So no, I think this is a problem that is ok; most can take measures to buy books (you can get good quality for very cheap and the data can’t be ‘hacked’ unless the printing press is compromised and maybe the gov’t hasn’t closed your library yet), limit time outside, not buy cable/internet/phone and cut off most spammers (advertisers cough). It’s a falsehood that cutting off some of these services is “impossible” in the modern world. Really, you may notice a nice clarity of mind cutting down on just 1; as well as taking some time to smell the roses (maybe the air smells like grease/sewage/exhaust though; I remember going to an old job early in the morning and knew I was close when I could smell the sewage combined w/ burning trash and roadkill that takes up all air you breath, no escaping it, I kid you not. Terrible.). Or you can walk around w/ bluetooth in your ear, “smart” phone in your face, “smart” watch on your wrist, google glass in your eyes and get throat ahemmed w/ adverts.

bluecow
–Yeah agreed, if the encryption happens almost immediately before a keylogger gets your plaintext or a peripheral blurts it out in radio waves; or you should be encrypting before.

Mike the goat October 21, 2013 11:38 PM

bluecow: yeah, I agree with you there. Another big concern of mine is hardware. If the NSA had that kind of budget you’d assume they would have also attempted and perhaps succeeded in modifying and weakening hardware. I suspect much of this was limited to ensuring there was always a side channel e.g. strengthening TEMPEST emanations.. Perhaps this is why LVDS became so popular in laptops 😉

name.withheld.for.obvious.reasons October 21, 2013 11:58 PM

@ martinr

The United States Constitution is a three part framework, the Declartion (self explanatory, the United States of America Constitution (the how), and the Bill of Rights (the what). As I see it the framers drafted the Bill of Rights to answer the issue of the fed being too powerful, the tenth amendment is evidence of that. It also codified the relationship between the sovereign and their government (here’s where I think the rails came off). Government now sees it itself as the grantee and guaranter of the people’s rights. It all started with “we’ll protect you frightened citizen!” No need to worry your government is here; and there under your bed, in your closet, on your TV, and attached to your electronic leash. Heal says your master, obey me or be left to the terrorists.

Loud October 22, 2013 2:06 AM

Bruce, I think that your focus on harvesting is wrong.

It would be more effective if the law forbid seeding users’ data instead of harvesting it.

We need a law that forbids handling or exposing other’s data more that strictly necessary to answer to them.

Mike the goat October 22, 2013 2:27 AM

name.withheld: not to mention central banking and The Fed printing money by the bucketload. The gold standard should never have been abandoned.

Mike the goat October 22, 2013 5:20 AM

I suppose it’s a hard sell to get the general public to care about privacy when they willingly give their date of birth, names of family members, relationship status, etc. to entities like Facebook and Google+. I expected the NSA disclosures to cause a hell of a ruckus domestically but that just hasn’t happened. Bruce – I am sure you’re surprised at the lackluster response?

Romer October 22, 2013 6:55 AM

“We need to decide whether our data is a shared societal resource, a part of us that is inherently ours by right, or a private good to be bought and sold.”

Asking that question is the first step.

On the first option of “shared societal resource” we (the public) have already been preempted by governments and business through the false construct of “metadata” (aka “exhaust” in the Big Data world). They have asserted through their demonstrable actions over the past decade that they believe every action on the Internet is a “shared societal resource.” But I think almost everyone reading this blog would vehemently disagree.

So of course it’s “ours,” and of course we do use it as a “private good” in, for example, the transactions we make with Google and Facebook: we turn over our “exhaust” and metadata in exchange for using those services.

There’s much more to this line of thinking, but unfortunately society not yet had an explicit discussion about it, at least in the USA. In light of the pervasive and egregious abuses by governments and businesses, it’s time for that to happen.

Muddy Road October 22, 2013 9:17 AM

General Alexander and his second have been fired. They will be gone by the end of the year. That’s the good news.

However, there are many to take his place and millions of followers who will say “OK, I’ll do it” as mentioned here. The Eternal World Cyber War is here. There is no going back now.

The reason there has been minimal reaction to the Snowden Revelations is people have not suffered enough to be angry and willing to fight for their rights, their freedom and simply to be “let alone” as Judge Brandeis so eloquently put it.

Who will be the first to give up the convenience of Google?

How many will be pummeled to electronic serfdom and slavery before it’s too much?

To be continued, for a very long time.

strangenet October 22, 2013 10:21 AM

@Muddy Road

Yes. This is the Berlin Wall moment for young tech aware people. Nothing will ever be the same again, the consequences of this are so enormous it is often difficult to comprehend them.

Figureitout October 22, 2013 10:33 AM

Who will be the first to give up the convenience of Google?
Muddy Road
–It’s hard, such a good search engine. I say give up your smart phone first; I get ridiculed almost every time I whip out my dumbo.

Mike the goat October 22, 2013 1:20 PM

Figureitout: have you tried using duckduckgo? We have no guarantee that they aren’t just as (if not more) evil as Google but at least they don’t have their fingers in innumerable pies.

name.withheld.for.obvious.reasons October 22, 2013 5:01 PM

—–BEGIN FISA/NSA HYPOCRISY ALERT—–
Version: pgg v0.2a

SOURCE: C-SPAN
House Resolution: 2083
TITLE: AMENDMENT TO EDUCATION ACT OF 1965
SUBJECT: Potential Use of NSA Databases used for Employment Screening?

The house of reprentatives may be amended bills that have a state agency component with requirements for background checks. This is based on suspension and conjecture but I see a pattern. I have two issues with this:

  1. Language appears in legislation that requires only suspension is required to act (taken from HR 2083). And, the requirement that periodic background checks occur every five years.
  2. The expansive use of data, its enablement in law without contavening privacy or disclosure policy. There should be a requirement that applies to personnel–affected by federal law–has to apply to congress.

—–END FISA/NSA HYPOCRISY ALERT—–

averageeuro October 22, 2013 6:55 PM

@Figureitout + Muddy Road

As a euro I gave up google over the Snowden Affair as part of my de-tox program from amerifag corporations. I like america and capitalism and democracy but your fascist government can suck my pixelated expletive. You are germany in the 1930s to me.

Every thing american, even the good things are tainted by association. I am allergic to you. You’re fucking radioactive. No hard feelings but I would prefer to put a gun to my head than visit the ‘United States’. I see people visiting on holidays has to give their fingerprints .You want a urine sample while you’re at it? I want no part in your bullshit

This is not just me, all my euro friends feel this way

voip/mobile:-
Simply stopped doing these. Being tracked everywhere forever in return for having Angry Birds and call convenience is a shitty deal pure and simple

email:-
There are plenty of fantastic very cheap 5-10 bucks per year webmail services. I use bitmessage or pgp for anything remotely connected to politics

search engine:-
startpage

news:-
reddit’s news, slashdot, any thing that is an aggregator by people making submissions

shopping:-
I now buy anything I’d normally buy from amazon or ebay with cash in local shops which often begets lots of advance ordering or online with bitcoin.

general comms:-
TORify and proxify everything above.

I am not paranoid. Your government is. Yeah I mad. Young euros like me aren’t going to forget your bullshit. Not ever. We can’t wait until your shit system collapses from its own cancer.

Romer October 22, 2013 7:42 PM

@Muddy Road 9:17 AM: “Who will be the first to give up the convenience of Google?”

Me? No probably not the first, maybe the 100th.

I started to untangle myself from the Googleverse on June 7th. All mail archives downloaded and deleted, all data removed, Earth and Picasa uninstalled, Android locational services disabled, and more. It’s been somewhat involved over the last several months, and still not completely done (Google Analytics is pervasive everywhere).

Facebook? No account, never even been there. Yahoo? Stopped using it many years ago. Microsoft? Haven’t used their online stuff since 1990’s Hotmail.

Back to using my own hosted domain with email service at a credible provider that publicly expresses pissed-offedness about privacy breaches. Don’t feel like running my own sendmail again.

The point is to stop paying for these “free” services with the coin of always-on everywhere Internet surveillance.

Pull the plug. Pay with real money, not free surveillance. It’s the only way to be heard and to get it to stop.

The big question is when will they start paying us for our “metadata” and “data exhaust” with real money? The day will come, promise.

Figureitout October 22, 2013 11:58 PM

averageeuro
–Wow, well put. We don’t want a urine sample, we want to squeeze your ballsack…That’s basically a list of what all people could do w/ a minor hassle and have a big impact on the effort/cost to turn you into a product to be used, abused, and slaughtered. You don’t need to lecture me, I’ve lived in Belgium for 1.5 years and made friends from many countries all over, I could rattle off the countries, basically most all except Antarctica. Was good friends w/ all of them and loved some of the accents/culture. I could easily meld w/ Belgian culture, mostly b/c I’m a decent “football” player; I was one of if not the best at my school for my age, eventually they would catch my tricks playing long enough. Imagine being stuck here, it sucks; however long-term economically I would take it over Europe b/c you guys are running out of space.

So all I would say is to not label all Americans as being a part of the gov’ts actions, in fact most Americans don’t do anything about it b/c if you do you’re either a derper or will be labeled a terrorist and dealt with. Our system will collapse and bring yours down w/ it.

Mike the goat October 23, 2013 2:54 AM

Figureitout: I have a big problem with being fingerprinted at immigration. It seems that this is only going to get worse unless we all collectively take a stand against what amounst to unconstitutional government behavior. Given the lack of response in the general public to the Snowden disclosures (and the public support for the heinous war crimes committed by US drones on foreign soil) I am not holding my breath.

Romer October 23, 2013 6:25 AM

Brian M. October 21, 2013 1:29 PM: “I am not Google’s customer, I am its packaged product.”

Over the last 50 years that’s been the dominant business model for the magazine and newspaper publishing business, a business which Google has almost entirely usurped from an advertising perspective.

In the (declining) magazine business, your particular demographic profile is the product being sold to advertisers. Publishers run frequent surveys to make sure that their demographic profile (aka “you”) remains a viable product to sell to advertisers.

Most people think of Google as a search and email company, when in fact it’s in the advertising business, and yes, the product that’s being sold is you.

You have been monetized.

H. Meadows October 23, 2013 9:51 AM

@Romer:

@Muddy Road 9:17 AM: “Who will be the first to give up the convenience of Google?”

Me? No probably not the first, maybe the 100th.

Actually I was never much of a consumer of any Google products except for their main search page, and that took some training to get out of;-P…I used to navigate to google.com rather reflexively so I eventually started using bing just because it was easier to type than e.g. duckduckgo. I still use google scholar for school work though so not completely free from them:-)

Google Analytics is very pervasive by the way (together with doubleclick which is also owned by Google), so if you have an account with them (and you use your real name and details with that) it will be easy for them to tie your web surfing habits to your actual person.

Funny how Google stock is worth so much considering that their main revenue sources are not from IT manufacturing or IT services (like traditional IT companies). Are they making a lot of money on peoples data then, and if so, who are they selling it to?

Or is it government instances (funds etc) that keep buying Googles stock as a way to thank them?

Melvin October 23, 2013 11:33 AM

A sharp distinction needs to be made between private data mining, and even surveillance, and surveillance/datamining done by the government at all levels.

In economics, there is a difference between what people want, and what “they say they want.” Of all the complaints about Google etc., the company is giving people want they want. If you are so inclined to counter this “user as serf” model, you can go to DuckDuckGo, for example, and people HAVE NOT responded en masse, because they don’t want to. I think, outside of fraud, misrepresentation and contract breach laws, the privacy laws should not be applied to private business.

Government agencies are an other matter, because you have no choice at all.

lp640 October 23, 2013 11:40 AM

@H. Meadows

just because it was easier to type than e.g. duckduckgo.

Try ddg.gg, even shorter.

@Muddy Road

Who will be the first to give up the convenience of Google?

Count me in. Hadn’t been an avid google user before I had withdrawn from their services (I used Search mainly) almost completely (that was even before the Snowden). Nor am I now.

Melvin October 23, 2013 11:49 AM

When people use Google, the assumption is that they are signed in. Wouldn’t using Google NOT signed in, blocking third party cookies, and clearing browser caches at least daily stop, or at least reduce a lot of this identifiable data mining?

H. Meadows October 23, 2013 1:51 PM

@Melvin:
When people use Google, the assumption is that they are signed in. Wouldn’t using Google NOT signed in, blocking third party cookies, and clearing browser caches at least daily stop, or at least reduce a lot of this identifiable data mining?

Its a bit problematic if you do have a Google account – for one thing you would have to be willing to sign in separately to each session (if you have signed in previously, your Google ID is in the cookie that can be accessed by Google Search) and do all your searches before you sign in (or clear the cookies after you have signed in but that would sign you out)…

Additionally many sites seem to use JavaScript-based identification methods to identify users based on the fonts on the system.

An article by Bruce can be found about this here:

https://www.schneier.com/blog/archives/2010/01/tracking_your_b.html

Some more recent work on this can be seen here:

Top Websites Secretly Track Your Device Fingerprint
http://spectrum.ieee.org/tech-talk/telecom/internet/top-websites-secretly-track-your-browser-fingerprint

Melvin October 23, 2013 4:17 PM

@H. Meadows

But you can use a “clean” browser, with all the caches cleared, and do you searches, close the browser and clear history on close, like in Firefox, so clearing the cache EVERY time, to step it up a little. You then log in later to your needed services, like checking Gmail, and then log out, and close out the program and clear the cache.

You could also download Chromium binaries, Opera, Firefox, and Google Chrome and cycle through them, since HDD space is cheap, in addition to using IE.

I guess you could also randomly remove foreign fonts into a folder on the desktop, and put them back when needed.

Frankly, I’m putting this out there, but I feel like I am revealing secrets! If these randomization techniques get popular, it’s good time before something else appears.

Figureitout October 23, 2013 5:54 PM

going to get worse unless we all collectively take a stand against what amounst to unconstitutional government behavior.
Mike the goat
–Meh, lead the charge; I gave up. Won’t change anything. Just get guns/ammo/food/water.

Figureitout October 23, 2013 8:19 PM

Mike the goat
–Not to be dismissive, but I’m still in school b/c I just didn’t like the policy arena and no matter what I did people will just blank stare at you or not put in their fair share of work or participate or grasp the importance. It’s too frustrating.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.