Schneier on Security: Data and Goliath: Endnotes

Endnotes

Introduction

1It tracks where: David J. Crandall et al. (8 Dec 2010), “Inferring social ties from geographic coincidences,” Proceedings of the National Academy of Sciences of the United States of America 107, http://www.pnas.org/content/107/52/22436.short.

2The accumulated data: German politician Malte Spitz demonstrated the power of geolocation data by making six months of his daily whereabouts available to journalists. Zeit Online (Mar 2011), “Tell-all telephone,” Zeit Online, http://www.zeit.de/datenschutz/malte-spitz-data-retention.

2researchers were able: Manlio De Domenico, Antonio Lima, and Mirco Musolesi (18–19 Jun 2012), “Interdependence and predictability of human mobility and social interactions,” Nokia Mobile Data Challenge Workshop, Newcastle, UK, http://www.cs.bham.ac.uk/research/projects/nsl/mobility-prediction.

2Cell phone location analysis: Coordinating cell phone tower data with actual recorded wiretap audio is very strong evidence in court that a defendant is not credible, as he can be shown to be lying by his own words. This type of evidence was instrumental in convicting Scott Peterson of murdering his wife in 2002 after his mistress, Amber Frey, cooperated with police. Associated Press (27 Aug 2004), “Testimony in Peterson trial turns to evidence from computers,” USA Today, http://usatoday30.usatoday.com/news/nation/2004-08-27-peterson_x.htm.

2The police can “ping”: Evan Perez and Siobhan Gorman (15 Jun 2013), “Phones leave a telltale trail,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887324049504578545352803220058. Trevor Hughes (7 Dec 2013), “Cellphone data aided in solving two Larimer County murders,” Coloradoan, http://archive.coloradoan.com/article/20131207/NEWS01/312070068/Cellphone-data-aided-solving-two-Larimer-County-murders.

2police are using this data: They are overstating its accuracy, though, and convicting innocent people on the basis of the data. Economist (6 Sep 2014), “The two towers,” Economist, http://www.economist.com/news/united-states/21615622-junk-science-putting-innocent-people-jail-two-towers. Mike Masnick (9 Sep 2014), “Turns out cell phone location data is not even close to accurate, but everyone falls for it,” Tech Dirt, https://www.techdirt.com/articles/20140908/04435128452/turns-out-cell-phone-location-data-is-not-even-close-to-accurate-everyone-falls-it.shtml.

2the government of Ukraine: Heather Murphy (22 Jan 2014), “Ominous text message sent to protesters in Kiev sends chills around the Internet,” The Lede, New York Times, http://thelede.blogs.nytimes.com/2014/01/22/ominous-text-message-sent-to-protesters-in-kiev-sends-chills-around-the-internet.

2Michigan police sought information: Michael Isikoff (18 Feb 2010), “FBI tracks suspects’ cell phones without a warrant,” Newsweek, http://www.newsweek.com/fbi-tracks-suspects-cell-phones-without-warrant-75099.

2Companies use your phone: Steve Olenski (17 Jan 2013), “Is location based advertising the future of mobile marketing and mobile advertising?” Forbes, http://www.forbes.com/sites/marketshare/2013/01/17/is-location-based-advertising-the-future-of-mobile-marketing-and-mobile-advertising. John McDermott (20 Feb 2014), “Why the Web’s biggest players are gobbling up location-based apps,” Digiday, http://digiday.com/platforms/apple-google-microsoft-yahoo-are-betting-on-mobile.

2location data is so valuable: Anton Troianovski (21 May 2013), “Phone firms sell data on customers,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887323463704578497153556847658. Rachel King (13 Jul 2013), “ACLU: AT&T customer privacy at risk,” CIO Journal, Wall Street Journal Blogs, http://s.wsj.com/cio/2013/07/13/aclu-att-customer-privacy-at-risk.

2Companies like Sense Networks: Hiawatha Bray (8 Jul 2013), “Cellphone data mined to create personal profiles,” Boston Globe, http://www.bostonglobe.com/business/2013/07/07/your-cellphone-yourself/eSvTK1UCqNOE7D4qbAcWPL/story.html.

2Verint sells cell phone tracking systems: Craig Timberg (24 Aug 2014), “For sale: Systems that can secretly track where cellphone users go around the globe,” Washington Post, http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html.

2The company’s website: Verint (2014), “About Verint,” http://www.verint.com/about.

3“blind” call to a phone: Privacy International (2012), “Cobham sells monitoring centres, phone monitoring, technical surveillance and location monitoring technology. British export law doesn’t specifically regulate these technologies, so they can easily end up in the wrong hands,” https://www.privacyinternational.org/sii/cobham.

3The company boasts: The full list as of 2011 is Algeria, Australia, Austria, Belgium, Brunei, the Czech Republic, Georgia, Ghana, Ireland, Kuwait, Libya, Norway, Pakistan, Saudi Arabia, Singapore, the Slovak Republic, Spain, Sweden, Taiwan, Turkey, the United Kingdom, and the United States. Cobham (2011), “Tactical C4I systems: Eagle–Close Combat Radio (CCR),” https://s3.amazonaws.com/s3.documentcloud.org/documents/409237/115-cobham-tactical-c4i.pdf.

3Defentek . . . sells a system: Craig Timberg (24 Aug 2014), “For sale: Systems that can secretly track where cellphone users go around the globe,” Washington Post, http://www.washingtonpost.com/business/technology/for-sale-systems-that-can-secretly-track-where-cellphone-users-go-around-the-globe/2014/08/24/f0700e8a-f003-11e3-bf76-447a5df6411f_story.html.

3Tobias Engel demonstrated: Tobias Engel (9 Jan 2009), “Locating mobile phones using Signalling System #7,” Chaos Computer Club, http://berlin.ccc.de/~tobias/25c3-locating-mobile-phones.pdf.

3collect and sell it: Kevin J. O’Brien (28 Oct 2012), “Data-gathering via apps presents a gray legal area,” New York Times, http://www.nytimes.com/2012/10/29/technology/mobile-apps-have-a-ravenous-ability-to-collect-personal-data.html.

3HelloSpy is an app: There are quite a few of these tracking apps out there. HelloSpy is particularly blatant. Although the disclaimer on the home page states that it is designed for “ethical spying for parents,” or use on a “mobile device that you own or have proper consent to monitor,” the literature also trumpets its ability to operate in “stealth mode,” and has a page dedicated to marital infidelity. See http://hellospy.com.

3spy on his wife or girlfriend: StealthGenie is another spyware app. In 2014, its CEO was indicted and arrested for selling it in the US. Craig Timberg and Matt Zapatosly (29 Sep 2014), “Maker of StealthGenie, an app used for spying, is indicted in Virginia,” Washington Post, http://www.washingtonpost.com/business/technology/make-of-app-used-for-spying-indicted-in-virginia/2014/09/29/816b45b8-4805-11e4-a046-120a8a855cca_story.html.

3spy on their employees: Spencer E. Ange and Lauren Weber (22 Oct 2013), “Memo to workers: The boss is watching,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702303672404579151440488919138.

3cell phone location data: Barton Gellman and Ashkan Soltani (4 Dec 2013), “NSA tracking cellphone locations worldwide, Snowden documents show,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html. Ashkan Soltani and Barton Gellman (10 Dec 2013), “New documents show how the NSA infers relationships based on mobile location data,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2013/12/10/new-documents-show-how-the-nsa-infers-relationships-based-on-mobile-location-data. James Glanz, Jeff Larson, and Andrew W. Lehren (27 Jan 2014), “Spy agencies tap data streaming from phone apps,” New York Times, http://www.nytimes.com/2014/01/28/world/spy-agencies-scour-phone-apps-for-personal-data.html.

3even when they are turned off: We don’t know definitively whether this is true or not. Dana Priest (21 Jul 2013), “NSA growth fueled by need to target terrorists,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-growth-fueled-by-need-to-target-terrorists/2013/07/21/24c93cf4-f0b1-11e2-bed3-b9b6fe264871_story.html. Ryan Gallagher (22 Jul 2013), “NSA can reportedly track phones even when they’re turned off,” Slate, http://www.slate.com/s/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html.

4golden age of surveillance: As far as I know, this is Peter Swire’s term. Peter Swire and Kenesa Ahmad (28 Nov 2011), “‘Going dark’ versus a ‘golden age for surveillance,’” Center for Democracy and Technology, http://www.futureofprivacy.org/wp-content/uploads/Going-Dark-Versus-a-Golden-Age-for-Surveillance-Peter-Swire-and-Kenesa-A.pdf.

4“You have zero privacy anyway.”: Polly Sprenger (26 Jan 1999), “Sun on privacy: ‘Get over it,’” Wired, http://archive.wired.com/politics/law/news/1999/01/17538.

4US military defines surveillance: US Joint Chiefs of Staff (11 Aug 2011), “Joint Operations,” Joint Publication 3-0, http://fas.org/irp/doddir/dod/jp3_0.pdf.

4if you let us have all your data: Eric Schmidt and Jared Cohen (2013), The New Digital Age: Reshaping the Future of People, Nations and Business, Knopf, http://www.newdigitalage.com.

4That’s the NSA’s justification: No one ever explicitly refers to the bargain, but everyone argues that surveillance is necessary to keep us safe. Patricia Zengerle and Tabassum Zakaria (18 Jun 2013), “NSA head, lawmakers defend surveillance programs,” Reuters, http://www.reuters.com/article/2013/06/18/us-usa-security-idUSBRE95H15O20130618. Al Jazeera (29 Oct 2013), “NSA chief defends spy program in face of protest from allies,” Al Jazeera, http://america.aljazeera.com/articles/2013/10/29/nsa-chief-defendsspyprogramamidusriftwitheurope.html.

9We need to think: Technology critic Evgeny Morozov makes this point. Evgeny Morozov (22 Oct 2013), “The real privacy problem,” MIT Technology Review, http://www.technologyreview.com/featuredstory/520426/the-real-privacy-problem.

1: Data as a By-product of Computing

13uniquely identify your computer: Peter Eckersley (Jul 2010), “How unique is your web browser?” Proceedings of the 10th International Conference on Privacy Enhancing Technologies, Berlin, https://panopticlick.eff.org/browser-uniqueness.pdf.

14your smartphone pinpoints you: Paul A. Zandbergen (26 Jun 2009), “Accuracy of iPhone locations: A comparison of assisted GPS, WiFi and cellular positioning,” Transactions in GIS 13, http://onlinelibrary.wiley.com/doi/10.1111/j.1467-9671.2009.01152.x/abstract. Paul A. Zandbergen and Sean J. Barbeau (Jul 2011), “Positional accuracy of assisted GPS data from high-sensitivity GPS-enabled mobile phones,” Journal of Navigation 64, http://www.paulzandbergen.com/files/Zandbergen_Barbeau_JON_2011.pdf.

14Modern cars are loaded with computers: Ben Wojdyla (21 Feb 2012), “How it works: The computer inside your car,” Popular Mechanics, http://www.popularmechanics.com/cars/how-to/repair/how-it-works-the-computer-inside-your-car.

14Much of that is automatically recorded: Nate Cardozo (11 Feb 2013), “Mandatory black boxes in cars raise privacy questions,” Electronic Frontier Foundation, https://www.eff.org/press/releases/mandatory-black-boxes-cars-raise-privacy-questions.

14A self-driving car: Lucas Mearian (23 Jul 2013), “Self-driving cars could create 1GB of data a second,” Computer World, http://www.computerworld.com/s/article/9240992/Self_driving_cars_could_create_1GB_of_data_a_second.

14Embedded in digital photos: Benjamin Henne, Maximilian Koch, and Matthew Smith (3–7 Mar 2014), “On the awareness, control and privacy of shared photo metadata,” Distributed Computing & Security Group, Leibniz University, presented at the Eighteenth International Conference for Financial Cryptography and Data Security, Barbados, http://ifca.ai/fc14/papers/fc14_submission_117.pdf.

15If you upload the photo: This is a particularly creepy story about camera metadata. Mathew Honan (19 Jan 2009), “I am here: One man’s experiment with the location-aware lifestyle,” Wired, http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig.

15automatic payment systems, such as EZPass: Increasingly, governments are removing the anonymous cash option. Adrianne Jeffries (27 Mar 2013), “Golden Gate Bridge’s new cashless tollway promises convenience in exchange for privacy,” Verge, http://www.theverge.com/2013/3/27/4150702/golden-gate-bridges-new-cashless-tollway-promises-convenience-for-privacy. Anh Do (20 Mar 2014), “Orange County’s toll roads going cashless,” Los Angeles Times, http://www.latimes.com/local/lanow/la-me-ln-cashless-toll-roads-20140320-story.html. Trevor Pettiford (13 Jun 2014), “Veterans Expressway tolls to start going cashless,” Bay News 9, http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2014/6/13/veterans_expressway_.html. Martine Powers (17 Jul 2014), “Starting Monday, no more cash at Tobin tolls,” Boston Globe, http://www.bostonglobe.com/metro/2014/07/16/starting-monday-more-cash-tobin/WZKMDilsfLULQtYiGZCrEK/story.html.

15The smart thermostat: Nest (2012), “Nest Learning Thermostat,” http://certified.nest.com/resources/NEST_POS_brochure_r7_300.pdf.

15a smart refrigerator: Eliza Barclay (4 May 2012), “The ‘smart fridge’ finds the lost lettuce, for a price,” The Salt: What’s On Your Plate, NPR, http://www.npr.org/s/thesalt/2012/05/03/151968878/the-smart-fridge-finds-the-lost-lettuce-for-a-price.

15a smart air conditioner: Ry Crist (8 Jan 2014), “Haier’s new air conditioner is the first Apple-certified home appliance,” CNET, http://ces.cnet.com/8301-35306_1-57616915/haiers-new-air-conditioner-is-the-first-apple-certified-home-appliance.

16smart smoke and carbon monoxide detector: Heather Kelley (15 Jan 2014), “Google wants to run your home with Nest,” CNN, http://www.cnn.com/2014/01/15/tech/innovation/google-connect-home-nest.

16the smart power grid: US Department of Energy (2008), “The smart grid: An introduction,” http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/DOE_SG_Book_Single_Pages(1).pdf. US Department of Energy (2014), “What is the smart grid?” https://www.smartgrid.gov/the_smart_grid.

16when you’re having sex: Gregory Ferenstein, “How health trackers could reduce sexual infidelity,” Tech Crunch, http://techcrunch.com/2013/07/05/how-health-trackers-could-reduce-sexual-infidelity.

16Give the device more information: Fitabase (3 Dec 2013), “Privacy policy,” http://www.fitabase.com/Privacy.

16Many medical devices: Sarah E. Needleman (14 Aug 2012), “New medical devices get smart,” Wall Street Journal, http://online.wsj.com/news/articles/SB10000872396390444318104577587141033340190.

16It’s not just specialized devices: Sara M. Watson (10 Oct 2013), “The latest smartphones could turn us all into activity trackers,” Wired, http://www.wired.com/2013/10/the-trojan-horse-of-the-latest-iphone-with-the-m7-coprocessor-we-all-become-qs-activity-trackers.

16Companies like 23andMe: Thomas Goetz (17 Nov 2007), “23AndMe will decode your DNA for $1,000. Welcome to the age of genomics,” Wired, http://www.wired.com/medtech/genetics/magazine/15-12/ff_genomics. Elizabeth Murphy (14 Oct 2013), “Inside 23andMe founder Anne Wojcicki’s $99 DNA revolution,” Fast Company, http://www.fastcompany.com/3018598/for-99-this-ceo-can-tell-you-what-might-kill-you-inside-23andme-founder-anne-wojcickis-dna-r.

16personalized marketing: Charles Seife (27 Nov 2013), “23andMe is terrifying, but not for the reasons the FDA thinks,” Scientific American, http://www.scientificamerican.com/article/23andme-is-terrifying-but-not-for-reasons-fda.

16insurance companies may someday buy: Rebecca Greenfield (25 Nov 2013), “Why 23andMe terrifies health insurance companies,” Fast Company, http://www.fastcompany.com/3022224/innovation-agents/why-23andme-terrifies-health-insurance-companies.

16lifelogging apps: Leo Kelion (6 Jan 2014), “CES 2014: Sony shows off life logging app and kit,” BBC News, http://www.bbc.com/news/technology-25633647.

16it will include a video record: Alec Wilkinson (28 May 2007), “Remember this? A project to record everything we do in life,” New Yorker, http://www.newyorker.com/reporting/2007/05/28/070528fa_fact_wilkinson.

16Google Glass is the first wearable device: Jenna Wortham (8 Mar 2013), “Meet Memoto, the lifelogging camera,” New York Times Blogs, http://bits.blogs.nytimes.com/2013/03/08/meet-memoto-the-lifelogging-camera.

16Internet of Things: Ken Hess (10 Jan 2014), “The Internet of Things outlook for 2014: Everything connected and communicating,” ZDNet, http://www.zdnet.com/the-internet-of-things-outlook-for-2014-everything-connected-and-communicating-7000024930.

17smart cities: Georgina Stylianou (29 Apr 2013), “Idea to have sensors track everything in city,” Press (Christchurch), http://www.stuff.co.nz/the-press/business/the-rebuild/8606956/Idea-to-have-sensors-track-everything-in-city. Victoria Turk (Jul 2013), “City sensors: the Internet of Things is taking over our cities,” Wired, http://www.wired.co.uk/magazine/archive/2013/07/everything-is-connected/city-sensors.

17smart toothbrushes: Sam Byford (5 Jan 2014), “Kolibree’s smart toothbrush claims to track and improve your dental hygiene,” Verge, http://www.theverge.com/2014/1/5/5277426/kolibree-smart-toothbrush.

17smart light bulbs: Margaret Rhodes (23 Sep 2014), “Ex-Tesla and NASA engineers make a light bulb that’s smarter than you,” Wired, http://www.wired.com/2014/09/ex-tesla-nasa-engineers-make-light-bulb-thats-smarter.

17smart sidewalk squares: Charles Stross has discussed the implications of these. Charles Stross (25 Jun 2014), “YAPC::NA 2014 keynote: Programming Perl in 2034,” Charlie’s Diary, http://www.antipope.org/charlie/-static/2014/06/yapcna-2014-keynote-programmin.html.

17smart pill bottles: Valentina Palladino (8 Jan 2014), “AdhereTech’s smart pill bottle knows when you take, and miss, your medication,” Verge, http://www.theverge.com/2014/1/8/5289022/adheretech-smart-pill-bottle.

17smart clothing: Econocom (19 Sep 2013), “When fashion meets the Internet of Things,” emedia, http://.econocom.com/en/blog/when-fashion-meets-the-internet-of-things. Michael Knigge (28 Aug 2014), “Tagging along: Is Adidas tracking soccer fans?” Deutsche Welle, http://www.dw.de/tagging-along-is-adidas-tracking-soccer-fans/a-1788463.

17because why not?: We’ve seen this trend before. Digital clocks first became popular in the 1970s. Initially they were largely stand-alone devices—alarm clocks and watches—but as their price declined, they became embedded into other things: first your microwave, then your coffeepot, oven, thermostat, VCR, and television. Internet-enabled sensors are heading in that direction.

17Estimates put the current number: Natasha Lomas (9 May 2013), “10BN+ wirelessly connected devices today, 30BN+ in 2020’s ‘Internet Of Everything,’ says ABI Research,” Tech Crunch, http://techcrunch.com/2013/05/09/internet-of-everything.

17The hype level is pretty high: Valentina Palladino (10 Jan 2014), “Invisible intelligence: How tiny sensors could connect everything we own,” Verge, http://www.theverge.com/2014/1/10/5293778/invisible-intelligence-tiny-sensors-that-connect-everything.

17eyes and ears of the Internet: Ben Hammersley (Jul 2013), “When the world becomes the Web,” Wired, http://www.wired.co.uk/magazine/archive/2013/07/everything-is-connected/when-the-world-becomes-the-web.

17Smart streetlights will gather data: Newark Airport has installed these. Diane Cardwell (17 Feb 2014), “At Newark Airport, the lights are on, and they’re watching you,” New York Times, http://www.nytimes.com/2014/02/18/business/at-newark-airport-the-lights-are-on-and-theyre-watching-you.html.

17Cameras will only get better: Olga Kharif (31 Oct 2013), “As drones evolve from military to civilian uses, venture capitalists move in,” Washington Post, http://www.washingtonpost.com/business/as-drones-evolve-from-military-to-civilian-uses-venture-capitalists-move-in/2013/10/31/592ca862-419e-11e3-8b74-d89d714ca4dd_story.html.

17Raytheon is planning to fly a blimp: Paul McLeary (29 Jun 2014), “Powerful radar blimp to surveil Washington, Baltimore, out to sea,” Defense News, http://www.defensenews.com/article/20140629/DEFREG02/306290012/Powerful-Radar-Blimp-Surveil-Washington-Baltimore-Out-Sea.

17An e-mail system is similar: Some of that argument is here. Electronic Frontier Foundation (2014), “The government’s word games when talking about NSA domestic spying,” https://www.eff.org/nsa-spying/wordgames.

18an exabyte of data: This is based on the reasonable assumption that a page is 2 kilobytes. It’s not really fair, though, because so much of this data is voice, images, and video.

18creating more data per day: M. G. Siegler (4 Aug 2010), “Eric Schmidt: Every 2 days we create as much information as we did up to 2003,” Tech Crunch, http://techcrunch.com/2010/08/04/schmidt-data.

1876 exabytes of data will travel: Cisco (10 Jun 2014), “Cisco visual networking index: Forecast and methodology, 2013–2018,” http://www.cisco.com/c/en/us/solutions/collateral/service-provider/ip-ngn-ip-next-generation-network/white_paper_c11-481360.html.

18a petabyte of cloud storage will cost: Chris M. Evans (18 Apr 2014), “IAAS Series: Cloud storage pricing: How low can they go?” Architecting IT, http://.architecting.it/2014/04/18/iaas-series-cloud-storage-pricing-how-low-can-they-go.

18store every tweet ever sent: K. Young (6 Sep 2012), “How much would it cost to store the entire Twitter Firehose?” Mortar: Data Science at Scale, http://.mortardata.com/post/31027073689/how-much-would-it-cost-to-store-the-entire-twitter.

18every phone call ever made: Brewster Kahle (2013), “Cost to store all US phonecalls made in a year so it could be datamined,” https://docs.google.com/spreadsheet/ccc?key=0AuqlWHQKlooOdGJrSzhBVnh0WGlzWHpCZFNVcURkX0E#gid=0.

18In 2013, the NSA completed: James Bamford (15 Mar 2012), “The NSA is building the country’s biggest spy center (watch what you say),” Wired, http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all.

18third largest in the world: Forbes (19 Oct 2012), “The 5 largest data centers in the world,” Forbes, http://www.forbes.com/pictures/fhgl45ijg/range-international-information-hub.

18The details are classified: Kashmir Hill (24 Jul 2013), “Blueprints of NSA’s ridiculously expensive data center in Utah suggest it holds less info than thought,” Forbes, http://www.forbes.com/sites/kashmirhill/2013/07/24/blueprints-of-nsa-data-center-in-utah-suggest-its-storage-capacity-is-less-impressive-than-thought.

18cost $1.4 billion so far: Siobhan Gorman (21 Oct 2013), “Contractors fight over delays to NSA data center,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702303672404579149902978119902.

18Google has the capacity: Randall Munro (2013), “Google’s datacenters on punch cards,” What If? XKCD, https://what-if.xkcd.com/63.

19In 2011, Schrems demanded: Cyrus Farivar (15 Nov 2012), “How one law student is making Facebook get serious about privacy,” Ars Technica, http://arstechnica.com/tech-policy/2012/11/how-one-law-student-is-making-facebook-get-serious-about-privacy. Olivia Solon (28 Dec 2012), “How much data did Facebook have on one man? 1,200 pages of data in 57 categories,” BBC News, http://www.wired.co.uk/magazine/archive/2012/12/start/privacy-versus-facebook.

19Facebook sent him a CD: Schrems’s discovery led him to file a class action lawsuit against Facebook. Liat Clark (1 Aug 2014), “Facebook hit with international class action lawsuit,” Wired UK, http://www.wired.co.uk/news/archive/2014-08/01/facebook-class-action-lawsuit.

2: Data as Surveillance

20what we know about the NSA’s surveillance: Previous leakers include Thomas Drake, Mark Klein, and Bill Binney. Subsequent leakers have not been identified yet. Bruce Schneier (7 Aug 2014), “The US intelligence community has a third leaker,” Schneier on Security, https://www.schneier.com/blog/archives/2014/08/the_us_intellig.html.

20NSA collects the cell phone call records: Glenn Greenwald (5 Jun 2013), “NSA collecting phone records of millions of Verizon customers daily,” Guardian, http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order.

20One government defense: Barack Obama (7 Jun 2013), “Statement by the President,” US Executive Office of the President, http://www.whitehouse.gov/the-press-office/2013/06/07/statement-president. James R. Clapper (7 Jun 2013), “DNI statement on recent unauthorized disclosures of classified information,” Office of the Director of National Intelligence, http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information. Ed O’Keefe (6 Jun 2013), “Transcript: Dianne Feinstein, Saxby Chambliss explain, defend NSA phone records program,” Washington Post, http://www.washingtonpost.com/s/post-politics/wp/2013/06/06/transcript-dianne-feinstein-saxby-chambliss-explain-defend-nsa-phone-records-program.

20The intended point: Am I the only one who finds it suspicious that President Obama always uses very specific words? He says things like, “Nobody is listening to your telephone calls.” This leaves open the possibility that the NSA is recording, transcribing, and analyzing your phone calls—and, very occasionally, reading them. This is more likely to be true, and something a pedantically minded president could claim he wasn’t lying about.

21Collecting metadata on people: This is a good general article on the intimacy of metadata. Dahlia Lithwick and Steve Vladeck (22 Nov 2013), “Taking the ‘meh’ out of metadata,” Slate, http://www.slate.com/articles/news_and_politics/jurisprudence/2013/11/nsa_and_metadata_how_the_government_can_spy_on_your_health_political_beliefs.html.

21Phone metadata reveals: Edward W. Felten (23 Aug 2013), “Declaration of Professor Edward W. Felten,” American Civil Liberties Union et al. v. James R. Clapper et al., United States District Court, Southern District of New York (Case 1:13-cv-03994-WHP), https://www.aclu.org/files/pdfs/natsec/clapper/2013.08.26%20ACLU%20PI%20Brief%20-%20Declaration%20-%20Felten.pdf.

21It provides a window: Yves-Alexandre de Montjoye et al. (2–5 Apr 2013), “Predicting people personality using novel mobile phone-based metrics,” 6th International Conference on Social Computing, Behavioral-Cultural Modeling and Prediction, Washington, D.C., http://realitycommons.media.mit.edu/download.php?file=deMontjoye2013predicting-citation.pdf.

21It yields a detailed summary: IBM offers a class in analyzing phone call metadata. IBM Corporation (2014), “9T225G: Telephone analysis using i2 Analyst’s Notebook,” http://www-03.ibm.com/services/learning/content/ites.wss/zz/en?pageType=course_description&courseCode=9T225G&cc=.

21personal nature of what the researchers: Jonathan Mayer and Patrick Mutchler (12 Mar 2014), “MetaPhone: The sensitivity of telephone metadata,” Web Policy, http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata.

22Web search data is another source: While it seems obvious that this is data and not metadata, it seems to be treated as metadata by the NSA. I believe its justification is that the search terms are encoded in the URLs. The NSA’s XKEYSCORE slides talked about collecting “web-based searches,” which further indicates that the NSA considers this metadata. Glenn Greenwald (31 Jul 2013), “XKeyscore: NSA tool collects ‘nearly everything a user does on the internet,’” Guardian, http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data.

22The NSA claims it’s metadata: This demonstrates that the difference is more legal hairsplitting than anything else.

22When I typed “should I tell my w”: It’s the same with “should I tell my girlfriend.”

22Google knows who clicked: Arwa Mahdawi (22 Oct 2013), “Google’s autocomplete spells out our darkest thoughts,” Guardian, http://www.theguardian.com/commentisfree/2013/oct/22/google-autocomplete-un-women-ad-discrimination-algorithms.

22Google’s CEO Eric Schmidt admitted: Derek Thompson (1 Oct 2010), “Google’s CEO: ‘The laws are written by lobbyists,’” Atlantic, http://www.theatlantic.com/technology/archive/2010/10/googles-ceo-the-laws-are-written-by-lobbyists/63908.

23Your tweets tell the world: You can search for the sleep patterns of any Twitter user. Amit Agarwal (2013), “Sleeping Time,” Digital Inspiration, http://sleepingtime.org.

23Your buddy lists and address books: Two studies of Facebook social graphs show how easy it is to predict these and other personal traits. Carter Jernigan and Behram R. T. Mistree (5 Oct 2009), “Gaydar: Facebook friendships expose sexual orientation,” First Monday 14, http://firstmonday.org/article/view/2611/2302. Michal Kosinski, David Stillwell, and Thore Graepel (11 Mar 2013), “Private traits and attributes are predictable from digital records of human behavior,” Proceedings of the National Academy of Sciences of the United States of America (Early Edition), http://www.pnas.org/content/early/2013/03/06/1218772110.abstract.

23Your e-mail headers reveal: The MIT Media Lab tool Immersion builds a social graph from your e-mail metadata. MIT Media Lab (2013), “Immersion: A people-centric view of your email life,” https://immersion.media.mit.edu.

23Metadata can be much more revealing: Brian Lam (19 Jun 2013), “Phew, NSA is just collecting metadata. (You should still worry),” Wired, http://www.wired.com/2013/06/phew-it-was-just-metadata-not-think-again.

23metadata is far more meaningful: Edward W. Felten (23 Aug 2013), “Declaration of Professor Edward W. Felten,” American Civil Liberties Union et al. v. James R. Clapper et al., United States District Court, Southern District of New York (Case 1:13-cv-03994-WHP), https://www.aclu.org/files/pdfs/natsec/clapper/2013.08.26%20ACLU%20PI%20Brief%20-%20Declaration%20-%20Felten.pdf.

23“If you have enough metadata”: Alan Rusbridger (21 Nov 2013), “The Snowden leaks and the public,” New York Review of Books, http://www.nybooks.com/articles/archives/2013/nov/21/snowden-leaks-and-public.

23“We kill people based on metadata”: David Cole (10 May 2014), “‘We kill people based on metadata,’” New York Review of Books, http://www.nybooks.com/s/nyrblog/2014/may/10/we-kill-people-based-metadata.

23one spy for every 166 citizens: John O. Koehler (1999), Stasi: The Untold Story of the East German Secret Police, Westview Press, http://books.google.com/books?id=waxWwxY1tt8C.

24Roving wiretaps meant: Mary DeRosa (2005), “Section 206: Roving surveillance authority under FISA: A summary,” Patriot Debates, http://apps.americanbar.org/natsecurity/patriotdebates/section-206.

25The motivations are different: David Lyon makes this point. David Lyon (2003), Surveillance after September 11, Polity, http://www.polity.co.uk/book.asp?ref=0745631819.

25Another device allows me to see all the data: BrickHouse Security (2014), “iPhone / Android Spy Stick,” Skymall, https://www.skymall.com/iphone-%2F-android-spy-stick/28033GRP.html.

25I can buy a keyboard logger: Keyloggers.com (2014), “Top keyloggers of 2014 comparison and reviews,” http://www.keyloggers.com.

25I can buy call intercept software: Stealth Genie (2014), “Live call intercept,” http://www.stealthgenie.com/features/live-call-intercept.html.

25I can buy a remote-controlled drone helicopter: Amazon.com (2014), “DJI Phantom 2 Ready to Fly Quadcopter – With Zenmuse H3-2D Camera Gimbal: $959.00 (list $999),” Amazon.com, http://www.amazon.com/Dji-Phantom-Ready-Fly-Quadcopter/dp/B00H7HPU54.

25Professional surveillance devices: There are prototypes for flying sensors that resemble birds and insects, and even smaller sensors—no larger than dust particles—that will float around in the wind. Elisabeth Bumiller and Thom Shanker (19 Jun 2011), “War evolves with drones, some tiny as bugs,” New York Times, http://www.nytimes.com/2011/06/20/world/20drones.html. John W. Whitehead (15 Apr 2013), “Roaches, mosquitoes, and birds: The coming micro-drone revolution,” Rutherford Institute, https://www.rutherford.org/publications_resources/john_whiteheads_commentary/roaches_mosquitoes_and_birds_the_coming_micro_drone_revolution.

26Sprint charges law enforcement: Ashkan Soltani (9 Jan 2014), “The cost of surveillance,” http://ashkansoltani.org/2014/01/09/the-cost-of-surveillance. Kevin S. Bankston and Ashkan Soltani (9 Jan 2014), “Tiny constables and the cost of surveillance: Making cents out of United States v. Jones,” Yale Law Journal 123, http://yalelawjournal.org/forum/tiny-constables-and-the-cost-of-surveillance-making-cents-out-of-united-states-v-jones.

26FBI was required to: Carrie Johnson (21 Mar 2012), “FBI still struggling with Supreme Court’s GPS ruling,” NPR Morning Edition, http://www.npr.org/2012/03/21/149011887/fbi-still-struggling-with-supreme-courts-gps-ruling.

26the repossession business: Shawn Musgrave (5 Mar 2014), “A vast hidden surveillance network runs across America, powered by the repo industry,” BetaBoston/Boston Globe, http://betaboston.com/news/2014/03/05/a-vast-hidden-surveillance-network-runs-across-america-powered-by-the-repo-industry. Shawn Musgrave (5 Mar 2014), “Massive license plate location database just like Instagram, Digital Recognition Network insists,” BetaBoston/Boston Globe, http://betaboston.com/news/2014/03/05/massive-license-plate-location-database-just-like-instagram-digital-recognition-network-insists.

262.5 billion records: Vigilant Video (23 Feb 2009), “Site specific preparation sheet for LEARN V.4.0 server installation,” https://www.aclu.org/files/FilesPDFs/ALPR/texas/alprpra_portharthurPD_portarthurtx%20%287%29.pdf.

27In addition to repossession businesses: Cyrus Farivar (27 Feb 2012), “Your car, tracked: The rapid rise of license plate readers,” Ars Technica, http://arstechnica.com/tech-policy/2012/09/your-car-tracked-the-rapid-rise-of-license-plate-readers. Catherine Crump (18 Jul 2013), “You are being tracked: How license plate readers are being used to record Americans’ movements,” American Civil Liberties Union, https://www.aclu.org/files/assets/071613-aclu-alprreport-opt-v05.pdf.

27states’ driver’s license databases: Craig Timberg and Ellen Nakashima (16 Jun 2013), “State photo-ID databases become troves for police,” Washington Post, http://www.washingtonpost.com/business/technology/state-photo-id-databases-become-troves-for-police/2013/06/16/6f014bd4-ced5-11e2-8845-d970ccb04497_story.html.

27single national database: Josh Hicks (18 Feb 2014), “Homeland Security wants to build national database using license plate scanners,” Washington Post, http://www.washingtonpost.com/s/federal-eye/wp/2014/02/18/homeland-security-wants-to-build-national-database-using-license-plate-scanners. Dan Froomkin (17 Mar 2014), “Reports of the death of a national license-plate tracking database have been greatly exaggerated,” Intercept, https://firstlook.org/theintercept/2014/03/17/1756license-plate-tracking-database.

27In the UK, a similar government-run system: James Bridle (18 Dec 2013), “How Britain exported next-generation surveillance,” Medium, https://medium.com/matter-archive/how-britain-exported-next-generation-surveillance-d15b5801b79e. Jennifer Lynch and Peter Bibring (6 May 2013), “Automated license plate readers threaten our privacy,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/05/alpr.

27It enforces London’s: The police also get access to the data. Hélène Mulholland (2 Apr 2012), “Boris Johnson plans to give police access to congestion charge cameras,” Guardian, http://www.theguardian.com/politics/2012/apr/02/boris-johnson-police-congestion-charge.

27automatic face recognition: Dan Froomkin (17 Mar 2014), “Reports of the death of a national license-plate tracking database have been greatly exaggerated,” Intercept, https://firstlook.org/theintercept/2014/03/17/1756license-plate-tracking-database.

27the FBI has a database: US Federal Bureau of Investigation (15 Sep 2014), “FBI announces full operational capability of the next generation identification system,” http://www.fbi.gov/news/pressrel/press-releases/fbi-announces-full-operational-capability-of-the-next-generation-identification-system.

27Dubai police are integrating: William Maclean (2 Oct 2014), “Dubai detectives to get Google Glass to fight crime,” Reuters, http://www.reuters.com/article/2014/10/02/us-emirates-dubai-google-police-idUSKCN0HR0W320141002.

27the FBI can demand that data: Glenn Greenwald (5 Jun 2013), “NSA collecting phone records of millions of Verizon customers daily,” Guardian, http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order.

27tracking the movements of cars: Brandon Griggs (20 Aug 2013), “New Google Maps can help you avoid traffic,” CNN, http://www.cnn.com/2013/08/20/tech/mobile/google-waze-mobile-maps.

28If you’re reading this book on a Kindle: Alexandra Alter (19 Jul 2012), “Your e-Book is reading you,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702304870304577490950051438304.

28It just happens: The same thing happens when you watch videos on Netflix, Amazon, Hulu, or any other streaming video service.

28these actions generate surveillance records: Jennifer 8. Lee (21 Mar 2002), “Welcome to the database lounge,” New York Times, http://www.nytimes.com/2002/03/21/technology/welcome-to-the-database-lounge.html. Katie R. Holloman and D. Evan Ponder (2007), “Clubs, bars, and the driver’s license scanning system,” in Privacy in a Transparent World, ed. Amy Albert, Ethica Publishing, http://www.ethicapublishing.com/7CH5.htm.

28“How Privileged Are You?”: Buzzfeed (10 Apr 2014), “How privileged are you?” http://www.buzzfeed.com/regajha/how-privileged-are-you.

29Over two million people have taken that quiz: Caitlin Dewey (26 Jun 2014), “The scary, eye-opening truth of Internet tracking—on Buzzfeed quizzes, and everywhere else,” Washington Post, http://www.washingtonpost.com/news/the-intersect/wp/2014/06/26/the-scary-eye-opening-truth-of-internet-tracking-on-buzzfeed-quizzes-and-everywhere-else.

29sites like WebMD collect data: Marco D. Heusch (28 Oct 2013), “Privacy threats when seeking online health information,” JAMA Internal Medicine, http://archinte.jamanetwork.com/article.aspx?articleid=1710119.

29160 billion pieces annually: Ron Nixon (3 Jul 2013), “U.S. Postal Service logging all mail for law enforcement,” New York Times, http://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html.

29Drones are getting smaller: Ms. Smith (18 Jun 2012), “The future of drone surveillance: Cyborg insect drones,” Network World, http://www.networkworld.com/article/2222611/microsoft-subnet/the-future-of-drone-surveillance—swarms-of-cyborg-insect-drones.html.

29Face recognition is the easiest: Ravi Subban and Dattatreya P. Mankame (2014), “Human face recognition biometric techniques: Analysis and review,” Recent Advances in Intelligent Informatics: Advances in Intelligent Systems and Computing 235, http://link.springer.com/chapter/10.1007%2F978-3-319-01778-5_47.

29face recognition algorithms started: Chaochao Lu and Xiaoou Tang (15 Apr 2014), “Surpassing human-level face verification performance on LFW with GaussianFace,” arXiv:1404.3840 [cs.CV], http://arxiv.org/abs/1404.3840.

29iris scanners that work at a distance: Barry Fox (5 Feb 2007), “Invention: Covert iris scanner,” New Scientist, http://www.newscientist.com/article/dn11110-invention-covert-iris-scanner.html.

29gait recognition systems: Zhaoxiang Zhang, Maodi Hu, and Yunhong Wang (2011), “A survey of advances in biometric gait recognition,” Biometric Recognition, Lecture Notes in Computer Science 7098, Springer-Verlag, http://link.springer.com/chapter/10.1007%2F978-3-642-25449-9_19.

29contactless RFID chip cards: Katherine Albrecht (2008), “RFID tag: You’re it,” Scientific American (Sep 2008): 72–77, http://www.scientificamerican.com/article/how-rfid-tags-could-be-used. University of Washington College of Engineering (22 Feb 2008), “University launches RFID people tracking experiment,” RFID Journal, http://www.rfidjournal.com/articles/view?6924. Christopher Zara (8 Jan 2013), “Disney World’s RFID tracking bracelets are a slippery slope, warns privacy advocate,” International Business Times, http://www.ibtimes.com/disney-worlds-rfid-tracking-bracelets-are-slippery-slope-warns-privacy-advocate-1001790.

29Many retail stores are surreptitiously tracking: Quentin Hardy (7 Mar 2013), “Technology turns to tracking people offline,” New York Times, http://bits.blogs.nytimes.com/2013/03/07/technology-turns-to-tracking-people-offline.

29which aisles they walk down: Stephanie Clifford and Quentin Hardy (15 Jul 2013), “Attention, shoppers: Store is tracking your cell,” New York Times, http://www.nytimes.com/2013/07/15/business/attention-shopper-stores-are-tracking-your-cell.html. Brian Fung (19 Oct 2013), “How stores use your phone’s WiFi to track your shopping habits,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2013/10/19/how-stores-use-your-phones-wifi-to-track-your-shopping-habits. Latanya Sweeney (12 Feb 2014), “My phone at your service,” US Federal Trade Commission, http://www.ftc.gov/news-events/s/techftc/2014/02/my-phone-your-service.

29People can be tracked at public events: Bram Bonne et al. (4–7 Jun 2013), “WiFiPi: Involuntary tracking of visitors at mass events,” 14th International Symposium and Workshops on World of Wireless, Mobile and Multimedia Networks, Madrid, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6583443.

30The company quickly retracted the remarks: Jim Edwards (9 Jan 2014), “Ford exec retracts statements about tracking drivers with the GPS in their cars,” Business Insider, http://www.businessinsider.com/ford-jim-farley-retracts-statements-tracking-drivers-gps-2014-1.

30a lot of wiggle room for Ford: Curt Magleby (3 Feb 2014), Letter to the Honorable Al Franken, United States Senate, re: Collection of location information, http://www.franken.senate.gov/files/letter/140212FordResponse.pdf.

30Government Accountability Office report: US Government Accountability Office (6 Dec 2013), “In-car location-based services: Companies are taking steps to protect privacy, but some risks may not be clear to consumers,” Report to the Chairman, Subcommittee on Privacy, Technology and the Law, Committee on the Judiciary, US Senate, GAO-14-81, http://www.gao.gov/products/GAO-14-81.

30Radar in the terahertz range: British Broadcasting Corporation (10 Mar 2008), “Camera ‘looks’ through clothing,” BBC News, http://news.bbc.co.uk/2/hi/technology/7287135.stm. Rocco Parascandola (23 Jan 2013), “NYPD Commissioner says department will begin testing a new high-tech device that scans for concealed weapons,” New York Daily News, http://www.nydailynews.com/new-york/nypd-readies-scan-and-frisk-article-1.1245663. Carter M. Armstrong (17 Aug 2012), “The truth about terahertz,” IEEE Spectrum, http://spectrum.ieee.org/aerospace/military/the-truth-about-terahertz.

30Cameras can “listen” to phone conversations: Larry Hardesty (4 Aug 2014), “Extracting audio from visual information,” MIT News, http://newsoffice.mit.edu/2014/algorithm-recovers-speech-from-vibrations-0804. Abe Davis et al. (10–14 Aug 2014), “The visual microphone: Passive recovery of sound from video,” 41st International Conference on Computer Graphics and Interactive Techniques (SIGGRAPH 2014), Vancouver, British Columbia, http://people.csail.mit.edu/mrub/papers/VisualMic_SIGGRAPH2014.pdf.

30turn your cell phone’s microphone on remotely: Erik Kain (30 Dec 2013), “The NSA reportedly has total access to the Apple iPhone,” Forbes, http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone.

30body odor recognition systems: Shaun Waterman (9 Mar 2009), “DHS wants to use human body odor as biometric identifier, clue to deception,” UPI, http://www.upi.com/Top_News/Special/2009/03/09/DHS-wants-to-use-human-body-odor-as-biometric-identifier-clue-to-deception/UPI-20121236627329.

30identifying people by their typing style: Pranav Dixit (19 Aug 2014), “Banks now know who you are from how you type,” Gizmodo, http://gizmodo.com/your-phone-can-now-identify-you-based-on-how-you-type-1623733346.

30identifying people by their writing style: It’s called stylometry. Sadia Afroz et al. (18–21 May 2014), “Doppelgänger finder: Taking stylometry to the underground,” IEEE Symposium on Security & Privacy, Oakland, California, http://www.cs.gmu.edu/~mccoy/papers/oakland2014-underground.pdf.

30tens of millions of voiceprints: Raphael Satter (13 Oct 2014), “Voiceprints being harvested by the millions,” Associated Press, http://www.washingtonpost.com/business/technology/millions-of-voiceprints-quietly-being-harvested/2014/10/13/b34e291a-52af-11e4-b86d-184ac281388d_story.html. Raphael Satter (13 Oct 2014), “Banks harvest callers’ voiceprints to fight fraud,” Associated Press, http://www.washingtonpost.com/world/europe/banks-harvest-callers-voiceprints-to-fight-fraud/2014/10/13/715c6e56-52ad-11e4-b86d-184ac281388d_story.html.

30Store clerks will know your name: Nicola Clark (17 Mar 2014), “Airlines use digital technology to get even more personal,” New York Times, http://www.nytimes.com/2014/03/18/business/airlines-use-digital-technology-to-get-even-more-personal.html.

30Billboards will know who you are: Andrew Hough (10 Mar 2010), “‘Minority Report’ digital billboard ‘watches consumers shop,’” Telegraph, http://www.telegraph.co.uk/technology/news/7411249/Minority-Report-digital-billboard-watches-consumers-shop.html.

30Grocery store shelves will know: Clint Boulton (11 Oct 2013), “Snackmaker modernizes the impulse buy with sensors, analytics,” Wall Street Journal Blogs, http://s.wsj.com/cio/2013/10/11/snackmaker-modernizes-the-impulse-buy-with-sensors-analytics.

30Your car will know who is in it: This excellent science fiction short story explores some of these ideas. Ken Liu (Dec 2012), “The perfect match,” Lightspeed Magazine, http://www.lightspeedmagazine.com/fiction/the-perfect-match.

31Facebook tracks me: Bryan Acohido (15 Nov 2011), “Facebook tracking is under scrutiny,” USA Today, http://usatoday30.usatoday.com/tech/news/story/2011-11-15/facebook-privacy-tracking-data/51225112/1.

31It can probably make good guesses: Cotton Delo (22 Feb 2013), “Facebook to partner with Acxiom, Epsilon to match store purchases with user profiles,” Advertising Age, http://adage.com/article/digital/facebook-partner-acxiom-epsilon-match-store-purchases-user-profiles/239967.

31I try not to use Google search: I use DuckDuckGo, which does not collect personal information about its users. See https://duckduckgo.com.

31I use various blockers: Jonathan Mayer (17 Feb 2012), “Safari trackers,” Web Policy, http://webpolicy.org/2012/02/17/safari-trackers.

31Google has about a third: Benjamin Mako Hill (11 May 2014), “Google has most of my email because it has all of yours,” Copyrighteous, http://mako.cc/copyrighteous/google-has-most-of-my-email-because-it-has-all-of-yours.

32police forces have installed surveillance cameras: Mun Wong (4 May 2011), “Top 5 cities with the largest surveillance camera networks,” VinTech Journal, http://www.vintechnology.com/journal/uncategorized/top-5-cities-with-the-largest-surveillance-camera-networks. David Barrett (10 Jul 2013), “One surveillance camera for every 11 people in Britain, says CCTV survey,” Telegraph, http://www.telegraph.co.uk/technology/10172298/One-surveillance-camera-for-every-11-people-in-Britain-says-CCTV-survey.html. Thales Group (11 Apr 2014), “Mexico City, the world’s most ambitious urban security programme,” https://www.thalesgroup.com/en/worldwide/security/case-study/mexico-city-worlds-most-ambitious-urban-security-programme.

32That data is almost certainly digital: Seagate Technology LLC (2012), “Video surveillance storage: How much is enough?” http://m.seagate.com/files/staticfiles/docs/pdf/whitepaper/video-surv-storage-tp571-3-1202-us.pdf.

32Jeremy Bentham conceived of his “panopticon”: Jeremy Bentham (1791), The Panopticon, or the Inspection-House, T. Payne, http://cartome.org/panopticon2.htm.

32idea has been used as a metaphor: Oscar H. Gandy Jr. (1993), The Panoptic Sort: A Political Economy of Personal Information, Westview Press, http://books.google.com/books?id=wreFAAAAMAAJ.

32on the Internet and off: Tom Brignall III (2002), “The new panopticon: The Internet viewed as a structure of social control,” Tennessee Tech University, http://unpan1.un.org/intradoc/groups/public/documents/apcity/unpan003570.pdf.

32All of us are being watched: Ellen Nakashima (16 Jan 2007), “Enjoying technology’s conveniences but not escaping its watchful eyes,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2007/01/15/AR2007011501304.html.

3: Analyzing Our Data

33Target was right: Charles Duhigg (16 Feb 2012), “How companies learn your secrets,” New York Times, http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html.

33amassing and saving all kinds of data: Gregory Piatetsky (8 Dec 2013), “3 stages of Big Data,” KD Nuggets, http://www.kdnuggets.com/2013/12/3-stages-big-data.html.

33Barack Obama mined data extensively: Michael Scherer (7 Nov 2012), “Inside the secret world of the data crunchers who helped Obama win,” Time, http://swampland.time.com/2012/11/07/inside-the-secret-world-of-quants-and-data-crunchers-who-helped-obama-win.

33allowed academics to mine their data: Here are two examples. Lars Backstrom et al. (5 Jan 2012), “Four degrees of separation,” arXiv:1111.4570 [cs.SI], http://arxiv.org/abs/1111.4570. Russell B. Clayton (Jul 2014), “The third wheel: The impact of Twitter use on relationship infidelity and divorce,” Cyberpsychology, Behavior, and Social Networking 17, http://www.cs.vu.nl/~eliens/sg/local/cyber/twitter-infidelity.pdf.

34Facebook can predict: The experiment correctly discriminates between homosexual and heterosexual men in 88% of cases, African Americans and Caucasian Americans in 95% of cases, and Democrats and Republicans in 85% of cases. Michal Kosinski, David Stillwell, and Thore Graepel (11 Mar 2013), “Private traits and attributes are predictable from digital records of human behavior,” Proceedings of the National Academy of Sciences of the United States of America, Early Edition, http://www.pnas.org/content/early/2013/03/06/1218772110.

34The company knows you’re engaged: Sara M. Watson (14 Mar 2012), “I didn’t tell Facebook I’m engaged, so why is it asking about my fiancé?” Atlantic, http://www.theatlantic.com/technology/archive/2012/03/i-didnt-tell-facebook-im-engaged-so-why-is-it-asking-about-my-fianc/254479.

34gay before you come out: Katie Heaney (19 Mar 2013), “Facebook knew I was gay before my family did,” BuzzFeed, http://www.buzzfeed.com/katieheaney/facebook-knew-i-was-gay-before-my-family-did.

34may reveal that to other people: Geoffrey A. Fowler (13 Oct 2012), “When the most personal secrets get outed on Facebook,” Wall Street Journal, http://online.wsj.com/news/articles/SB10000872396390444165804578008740578200224.

34it could get you killed: For a while in 2014, there was a flaw in the gay hookup app Grindr that would reveal the location of gay men anywhere in the world, including countries like Uganda, Russia, and Iran. John Aravosis (26 Aug 2014), “Popular gay dating app Grindr faces creepy security breach allegations,” America Blog, http://americablog.com/2014/08/grindr-users-unwittingly-giving-away-exact-location.html.

34when the ads are on track: Sara M. Watson (16 Sep 2014), “Ask the decoder: Stalked by socks,” Al Jazeera, http://america.aljazeera.com/articles/2014/9/16/the-decoder-stalkedbysocks.html.

34targeted at us specifically: Sylvan Lane (13 Aug 2014), “16 creepiest targeted Facebook ads,” Mashable, http://mashable.com/2014/08/13/facebook-ads-creepy.

35data mining is a hot technology: Guy Gugliotta (19 Jun 2006), “Data mining still needs a clue to be effective,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2006/06/18/AR2006061800524.html. Phillip Segal (28 Mar 2011), “Data mining is dumbed down intelligence,” Ethical Investigator, http://www.ethicalinvestigator.com/internet/data-mining-is-dumbed-down-intelligence. Ogi Ogas (8 Feb 2013), “Beware the big errors of ‘Big Data,’” Wired, http://www.wired.com/2013/02/big-data-means-big-errors-people.

35go backwards in time: Barton Gellman and Ashkan Soltani (18 Mar 2014), “NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html.

36Untangling this sort of wrongdoing: US Department of Justice (16 Dec 2009), “Credit Suisse agrees to forfeit $536 million in connection with violations of the International Emergency Economic Powers Act and New York State law,” http://www.justice.gov/opa/pr/2009/December/09-ag-1358.html. Office of the District Attorney, New York County (10 Dec 2012), “Standard Chartered Bank reaches $327 million settlement for illegal transactions,” http://manhattanda.org/node/3440/print. Office of the District Attorney, New York County (30 Jun 2014), “BNP Paribas Bank pleads guilty, pays $8.83 billion in penalties for illegal transactions,” http://manhattanda.org/node/4884/print.

36blood taken from riders years earlier: Scott Rosenfield (23 Jul 2013), “Top 3 finishers in 1998 Tour test positive,” Outside Online, http://www.outsideonline.com/news-from-the-field/Top-3-Finishers-in-1998-Tour-Test-Positive.html.

36a database called XKEYSCORE: Glenn Greenwald (21 Jul 2013), “XKeyscore: NSA tool collects ‘nearly everything a user does on the internet,’” Guardian, http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data. US National Security Agency (8 Jan 2007), “XKEYSCORE (training slides),” https://www.eff.org/document/2013-07-31-guard-xkeyscore-training-slides (page 2).

36One called MARINA: James Ball (30 Sep 2013), “NSA stores metadata of millions of web users for up to a year, secret files show,” Guardian, http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents.

36Another NSA database, MYSTIC: Ryan Devereaux, Glenn Greenwald, and Laura Poitras (19 May 2014), “Data pirates of the Caribbean: The NSA is recording every cell phone call in the Bahamas,” Intercept, https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas. Julian Assange (23 May 2014), “WikiLeaks statement on the mass recording of Afghan telephone calls by the NSA,” WikiLeaks, https://wikileaks.org/WikiLeaks-statement-on-the-mass.html.

36The NSA stores telephone metadata: David Kravets (17 Jan 2014), “Obama revamps NSA phone metadata spying program,” Wired, http://www.wired.com/2014/01/obama-nsa.

36If you use encryption: I do not know whether this includes all encrypted SSL sessions. My guess is that the NSA is able to decrypt a lot of SSL in real time. Matthew Green (2 Dec 2013), “How does the NSA break SSL?” A Few Thoughts on Cryptographic Engineering, http://.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html.

36NSA needed to increase its storage capacity: Barton Gellman and Ashkan Soltani (4 Dec 2013), “NSA tracking cellphone locations worldwide, Snowden documents show,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html.

36This is the point of: James Bamford (15 Mar 2012), “The NSA is building the country’s biggest spy center (watch what you say),” Wired, http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all.

36The FBI stores our data, too: Kevin Poulsen (27 Jan 2014), “If you used this secure webmail site, the FBI has your inbox,” Wired, http://www.wired.com/2014/01/tormail.

36The state of New York retains: Cyrus Farivar (27 Feb 2012), “Your car, tracked: The rapid rise of license plate readers,” Ars Technica, http://arstechnica.com/tech-policy/2012/09/your-car-tracked-the-rapid-rise-of-license-plate-readers. Steve Orr (26 Jul 2014), “New York knows where your license plate goes,” Democrat and Chronicle, http://www.democratandchronicle.com/story/news/2014/07/26/new-york-license-plate-readers/13179727.

37AT&T beat them all: Declan McCullagh (19 Mar 2013), “Cops: U.S. law should require logs of your text messages,” CNET, http://news.cnet.com/8301-13578_3-57575039-38/cops-u.s-law-should-require-logs-of-your-text-messages.

37three hops away from Alice: Philip Bump (17 Jul 2013), “The NSA admits it analyzes more people’s data than previously revealed,” Atlantic Wire, http://www.thewire.com/politics/2013/07/nsa-admits-it-analyzes-more-peoples-data-previously-revealed/67287.

37Making sense of the data: Jonathan Mayer writes about the difficulty of analyzing this data. Jonathan Mayer and Patrick Muchler (9 Dec 2013), “MetaPhone: The NSA three-hop,” Web Policy, http://webpolicy.org/2013/12/09/metaphone-the-nsa-three-hop.

37phone numbers common to unrelated people: Amy Davidson (16 Dec 2013), “The domino’s hypothetical: Judge Leon vs. the N.S.A.,” New Yorker, http://www.newyorker.com/news/amy-davidson/the-dominos-hypothetical-judge-leon-vs-the-n-s-a.

37NSA documents note: Barton Gellman and Laura Poitras (10 Jul 2013), “NSA slides explain the PRISM data-collection program,” Washington Post, http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents.

37total number of people being surveilled: Shane Harris (17 Jul 2013), “Three degrees of separation is enough to have you watched by the NSA,” Foreign Policy, http://complex.foreignpolicy.com/posts/2013/07/17/3_degrees_of_separation_is_enough_to_have_you_watched_by_the_nsa.

37President Obama directed the NSA: Tony Bradley (17 Jan 2014), “NSA reform: What President Obama said, and what he didn’t,” Forbes, http://www.forbes.com/sites/tonybradley/2014/01/17/nsa-reform-what-president-obama-said-and-what-he-didnt.

37This is what both the NSA: James Risen and Laura Poitras (20 Sep 2013), “NSA gathers data on social connections of U.S. citizens,” New York Times, http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html.

38One of Facebook’s most successful: Vauhini Vara (23 Aug 2007), “Facebook gets personal with ad targeting plan,” Wall Street Journal, http://online.wsj.com/news/articles/SB118783296519606151.

38Google . . . searches all of your Gmail: If either Google or Microsoft finds evidence of child pornography, it will report you to the police. Matthew Sparkes (4 Aug 2014), “Why Google scans your emails for child porn,” Telegraph, http://www.telegraph.co.uk/technology/google/11010182/Why-Google-scans-your-emails-for-child-porn.html. Leo Kelion (6 Aug 2014), “Microsoft tip leads to child porn arrest in Pennsylvania,” BBC News, www.bbc.co.uk/go/em/fr/-/news/technology-28682686.

38The NSA does something similar: The PCLOB has stated that NSA collection under Section 702 of the FISA Amendments Act does not collect on the basis of keywords, although that’s just one authority. And there’s a lot of room for weaseling. Privacy and Civil Liberties Oversight Board (2 Jul 2014), “Report on the surveillance program operated pursuant to Section 702 of the Foreign Intelligence Surveillance Act,” http://www.pclob.gov/All%20Documents/Report%20on%20the%20Section%20702%20Program/PCLOB-Section-702-Report.pdf. Jennifer Granick (11 Feb 2014), “Eight questions PCLOB should ask about Section 702,” Just Security, https://justsecurity.org/7001/questions-pclob-section-702.

38the NSA targets people: Jacob Appelbaum et al. (3 Jul 2014), “NSA targets the privacy-conscious,” Panorama, http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html.

38the NSA chains together hops: Marcy Wheeler (15 Oct 2013), “About that May 2007 FISC opinion,” Empty Wheel, http://www.emptywheel.net/2013/10/15/about-that-may-2007-fisc-opinion.

38the same location as a target: Marcy Wheeler (16 May 2014), “The ‘automated query’ at the telecoms will include ‘correlations,’” Empty Wheel, http://www.emptywheel.net/2014/05/16/the-automated-query-at-the-telecoms-will-include-correlations. Marcy Wheeler (28 Jun 2014), “NSA’s new-and-improved call chaining process, now with no calls required,” Empty Wheel, http://www.emptywheel.net/2014/06/28/nsas-new-and-improved-call-chaining-process-now-with-no-calls-required.

39The NSA uses cell phone location: The program is code-named CO-TRAVELLER. Barton Gellman and Ashkan Soltani (4 Dec 2013), “NSA tracking cellphone locations worldwide, Snowden documents show,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html.

39The NSA tracks the locations of phones: US National Security Administration (2012), “Summary of DNR and DNI Co-Travel analytics,” https://www.eff.org/files/2013/12/11/20131210-wapo-cotraveler_overview.pdf.

39The NSA has a program where it trawls: Julian Sanchez (11 Oct 2013), “Other uses of the NSA call records database: Fingerprinting burners?” Just Security, http://justsecurity.org/2013/10/11/nsa-call-records-database-fingerprinting-burners.

39The NSA collects data on people: Barton Gellman and Ashkan Soltani (4 Dec 2013), “NSA tracking cellphone locations worldwide, Snowden documents show,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html.

39phones that were used by a particular target: The technique is basically CO-TRAVELLER. If there’s a phone that is always in the same network as your primary phone, it’s likely to be found in your pocket. US Department of Justice (13 Feb 2012), “Criminal complaint,” United States of America v. Jose Aguijo, et al., (Case number under seal), United States District Court, Northern District of Illinois, Eastern Division, http://www.justice.gov/usao/iln/pr/chicago/2013/pr0222_01d.pdf.

39A single geofencing company: Hiawatha Bray (30 Apr 2014), “How location-based apps will shape the future of shopping,” Discover, http://s.discovermagazine.com/crux/2014/04/30/how-location-based-apps-will-shape-the-future-of-shopping.

39Microsoft does the same thing: Lauren Johnson (9 Jun 2014), “Why Microsoft is wrapping location-based ads around retail stores: Tests significantly lifted foot traffic,” Advertising Week, http://www.adweek.com/news/technology/why-microsoft-wrapping-location-based-ads-around-retail-stores-158189.

40Sense Networks uses location data: Hiawatha Bray (8 Jul 2013), “Cellphone data mined to create personal profiles,” Boston Globe, http://www.bostonglobe.com/business/2013/07/07/your-cellphone-yourself/eSvTK1UCqNOE7D4qbAcWPL/story.html.

40Vigilant Solutions . . . collect license plate data: Ali Winston (17 Jun 2014), “Plans to expand scope of license-plate readers alarm privacy advocates,” Center for Investigative Reporting, http://cironline.org/reports/plans-expand-scope-license-plate-readers-alarm-privacy-advocates-6451.

40the linking of identities: This article discusses the FBI’s plans to do just that. Electronic Privacy Information Center (Dec 2013), “The FBI’s Next Generation Identification program: Big Brother’s ID system?” Spotlight on Surveillance, https://epic.org/privacy/surveillance/spotlight/ngi.html.

40I have an Oyster card: There were concerns about tracking people by their Oyster cards when the technology was introduced in London in 2003. Aaron Scullion (25 Sep 2003), “Smart cards track commuters,” BBC News, http://news.bbc.co.uk/2/hi/technology/3121652.stm.

40the value of correlating different streams: Greg Weston, Glenn Greenwald, and Ryan Gallagher (30 Jan 2014), “CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents,” CBC News, http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881.

41display personal information: Alessandro Acquisti, Ralph Gross, and Fred Stutzman (4 Aug 2011), “Faces of Facebook: Privacy in the age of augmented reality,” Black Hat 2011, Las Vegas, Nevada, http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/acquisti-faces-BLACKHAT-draft.pdf.

41software that correlates data: Scott Ellart (7 Dec 1999), “System and method for converting data between data sets (US 5999937 A),” US Patent and Trademark Office, http://www.google.com/patents/US5999937.

41match your online profile: Cotton Delo (22 Feb 2013), “Facebook to partner with Acxiom, Epsilon to match store purchases with user profiles,” Advertising Age, http://adage.com/article/digital/facebook-partner-acxiom-epsilon-match-store-purchases-user-profiles/239967.

42ExactData can sell lists of people: Caroline Cooper and Claire Gordon (2 Apr 2014), “The people making money off your drinking habits and STDs,” Al Jazeera, http://america.aljazeera.com/watch/shows/america-tonight/articles/2014/4/2/the-people-makingmoneyoffyourdrinkinghabitsandstds.html.

42Chinese military hackers: Max Fisher (19 Feb 2013), “Chinese hackers outed themselves by logging into their personal Facebook accounts,” Washington Post, http://www.washingtonpost.com/s/worldviews/wp/2013/02/19/chinese-hackers-outed-themselves-by-logging-into-their-personal-facebook-accounts.

42Hector Monsegur: Paul Roberts (7 Mar 2012), “Chats, car crushes and cut ’n paste sowed seeds of LulzSec’s demise,” Threatpost, http://threatpost.com/chats-car-crushes-and-cut-n-paste-sowed-seeds-lulzsecs-demise-030712/76298.

42Paula Broadwell: Chris Soghoian (13 Nov 2012), “Surveillance and security lessons from the Petraeus scandal,” American Civil Liberties Union, https://www.aclu.org/blog/technology-and-liberty-national-security/surveillance-and-security-lessons-petraeus-scandal.

42A member of the hacker group Anonymous: Dan Oakes (12 Apr 2012), “Hacking case’s body of evidence,” Sydney Morning Herald, http://www.smh.com.au/technology/technology-news/hacking-cases-body-of-evidence-20120412-1wsbh.html.

43Israeli assassins were quickly identified: Ronen Bergman et al. (17 Jan 2011), “An eye for an eye: The anatomy of Mossad’s Dubai operation,” Der Spiegel, http://www.spiegel.de/international/world/an-eye-for-an-eye-the-anatomy-of-mossad-s-dubai-operation-a-739908.html.

43techniques for anonymizing data: Paul Ohm (13 Aug 2009), “Broken promises of privacy: Responding to the surprising failure of anonymization,” UCLA Law Review 57, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006.

43researchers were able to attach names: Michael Barbaro and Tom Zeller Jr. (9 Aug 2006), “A face is exposed for AOL Search No. 4417749,” New York Times, http://www.nytimes.com/2006/08/09/technology/09aol.html.

43Researchers were able to de-anonymize people: Arvind Narayanan and Vitaly Shmatikov (18–20 May 2008), “Robust de-anonymization of large sparse datasets,” 2008 IEEE Symposium on Security and Privacy, Oakland, California, http://dl.acm.org/citation.cfm?id=1398064 and http://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf.

43correlation opportunities pop up: Also for research purposes, in the mid-1990s the Massachusetts Group Insurance Commission released hospital records from state employees with the names, addresses, and Social Security numbers removed. Computer scientist Latanya Sweeney—then an MIT graduate student—demonstrated that she could de-anonymize records by correlating birth dates and ZIP codes with the voter registration database. Latanya Sweeney (Jun 1997), “Weaving technology and policy together to maintain confidentiality,” Journal of Law, Medicine and Ethics 25, http://onlinelibrary.wiley.com/doi/10.1111/j.1748-720X.1997.tb01885.x/abstract.

44just a city, town, or municipality: Latanya Sweeney (2000), “Simple demographics often identify people uniquely,” Carnegie Mellon University, Data Privacy Working Paper 3, http://dataprivacylab.org/projects/identifiability/paper1.pdf.

44Other researchers reported similar results: Philippe Golle (30 Oct 2006), “Revisiting the uniqueness of simple demographics in the US population,” 5th ACM Workshop on Privacy in the Electronic Society (WPES’06), Alexandria, Virginia, http://crypto.stanford.edu/~pgolle/papers/census.pdf.

44identify people from their anonymous DNA: Melissa Gymrek et al. (18 Jan 2013), “Identifying personal genomes by surname inference,” Science 339, http://www.sciencemag.org/content/339/6117/321.abstract. John Bohannon et al. (18 Jan 2013), “Genealogy databases enable naming of anonymous DNA donors,” Science 339, http://www.sciencemag.org/content/339/6117/262.

44Alfred Kinsey’s sex research data: Adam Tanner (11 Oct 2013), “Anonymous sex survey takers get identified in data dive,” Forbes, http://www.forbes.com/sites/adamtanner/2013/10/11/decoding-the-secrets-of-sex-data.

44It’s counterintuitive: Arvind Narayanan and Vitaly Shmatikov (Jun 2010), “Myths and fallacies of ‘personally identifiable information,’” Communications of the ACM 53, http://dl.acm.org/citation.cfm?id=1743558.

44We can be uniquely identified: Ryan Gallagher (25 Aug 2014), “The surveillance engine: How the NSA built its own secret Google,” Intercept, https://firstlook.org/theintercept/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton.

44four time/date/location points: Yves-Alexandre de Montjoye et al. (4 Feb 2013), “Unique in the crowd: The privacy bounds of human mobility,” Scientific Reports 3, Article 1376, http://www.nature.com/srep/2013/130325/srep01376/full/srep01376.html.

45these sorts of tweaks: I don’t mean to imply that it’s impossible to anonymize a data set, only that it’s very difficult to do correctly and easy to get wrong. So many people think that replacing sensitive data with random numbers is enough, but it’s not. Often, it doesn’t help at all.

45This is why regulation: Here’s an example of the DHS regulations. Mary Ellen Callahan (Mar 2012), “Handbook for safeguarding sensitive personally identifiable information,” US Department of Homeland Security, http://www.dhs.gov/sites/default/files/publications/privacy/Guidance/handbookforsafeguardingsensitivePII_march_2012_webversion.pdf.

4: The Business of Surveillance

46Brightest Flashlight Free: Casey Houser (16 Oct 2013), “Use your flashlight app for trick-or-treating,” Gazelle, https://www.gazelle.com/thehorn/2013/10/16/use-your-flashlight-app-for-trick-or-treating.

46the app collected location information: Cecilia Kang (5 Dec 2013), “Flashlight app kept users in the dark about sharing location data,” Washington Post, http://www.washingtonpost.com/business/technology/flashlight-app-kept-users-in-the-dark-about-sharing-location-data-ftc/2013/12/05/1be26fa6-5dc7-11e3-be07-006c776266ed_story.html.

46researchers discovered it in 2012: Jason Hong (30 Nov 2012), “Analysis of Brightest Flashlight Free for Android,” Jason Hong’s Confabulations, http://confabulator.blogspot.com/2012/11/analysis-of-brightest-flashlight-free.html.

46The US Federal Trade Commission got involved: US Federal Trade Commission (5 Dec 2013), “Android Flashlight app developer settles FTC charges it deceived consumers: ‘Brightest Flashlight’ app shared users’ location, device ID without consumers’ knowledge,” http://www.ftc.gov/news-events/press-releases/2013/12/android-flashlight-app-developer-settles-ftc-charges-it-deceived.

47we are offered a package deal: Sometimes surveillance is coerced. In order for me to get my warranty for a product, I often have to give up personal information to the company that built the product.

48Enterprises like DoubleClick: Within days of searching Google for a particular vacation location, I started receiving Travelocity ads for that location. I don’t even have a Travelocity account.

48Most of the companies tracking you: Peter Eckersley (21 Sep 2009), “How online tracking companies know most of what you do online (and what social networks are doing to help them),” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2009/09/online-trackers-and-social-networks.

48If you want to see who’s tracking you: Samuel Gibbs (28 Oct 2013), “Mozilla’s Lightbeam Firefox tool shows who’s tracking your online movements,” Guardian, http://www.theguardian.com/technology/2013/oct/28/mozilla-lightbeam-tracking-privacy-cookies.

48One reporter discovered that 105: Alexis Madrigal (29 Feb 2012), “I’m being followed: How Google—and 104 other companies—are tracking me on the web,” Atlantic, http://www.theatlantic.com/technology/archive/2012/02/im-being-followed-how-google-151-and-104-other-companies-151-are-tracking-me-on-the-web/253758.

48Dictionary.com installed over 200: Julia Angwin (30 Jul 2010), “The Web’s new gold mine: Your secrets,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052748703940904575395073512989404.

48The apps there track you: Scott Thurm and Yukari Iwatani Kane (18 Dec 2010), “Your apps are watching you,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052748704368004576027751867039730.

48The app required the ability: Andrew Cunningham (5 Jul 2013), “Samsung and Jay-Z give the Internet a master’s class in how not to make an app,” Ars Technica, http://arstechnica.com/gadgets/2013/07/samsung-and-jay-z-give-the-internet-a-masters-class-in-how-not-to-make-an-app.

48the Angry Birds game even collects: Frances Zhang, Fuming Shih, and Daniel Weitzner (4–8 Nov 2013), “No surprises: measuring intrusiveness of smartphone applications by detecting objective context deviations,” 12th ACM Workshop on Privacy in the Electronic Society (WPES’13), Berlin, Germany, http://dl.acm.org/citation.cfm?id=2517864.

48Broadband companies like Comcast: Douglas Rushkoff (6 Jul 2012), “Will your Internet provider be spying on you?” CNN, http://www.cnn.com/2012/07/06/opinion/rushkoff-online-monitoring. David Kravets (25 Feb 2013), “ISPs now monitoring for copyright infringement,” Wired, http://www.wired.com/2013/02/copyright-scofflaws-beware.

49Verizon, Microsoft, and others: Casey Johnston (3 Dec 2012), “How to get targeted ads on your TV? Try a camera in your set-top box,” Ars Technica, http://arstechnica.com/tech-policy/2012/12/how-to-get-targeted-ads-on-your-tv-a-camera-in-your-set-top-box. Christopher Zara (26 Jul 2013), “Is your cable box spying on you? Behavior-detecting devices from Verizon, Microsoft and others worry privacy advocates,” International Business Times, http://www.ibtimes.com/your-cable-box-spying-you-behavior-detecting-devices-verizon-microsoft-others-worry-privacy-1361587.

49It’s less Big Brother: It’s interesting that we commonly use ideas from fiction to talk about surveillance and privacy: something is Orwellian or Kafkaesque, or akin to Tolkien’s “Eye of Sauron.” Bruce Schneier (18 Apr 2014), “Metaphors of surveillance,” Schneier on Security, https://www.schneier.com/blog/archives/2014/04/metaphors_of_su.html.

49other ways to uniquely track you: Peter Eckersley (Jul 2010), “How unique is your web browser?” Proceedings of the 10th International Conference on Privacy Enhancing Technologies, https://panopticlick.eff.org/browser-uniqueness.pdf. Keaton Mowery and Hovav Shacham (24 May 2012), “Pixel perfect: Fingerprinting canvas in HTML5,” Web 2.0 Security and Privacy, San Francisco, California, http://cseweb.ucsd.edu/~hovav/papers/ms12.html. Julia Angwin (21 Jul 2014), “Meet the online tracking device that is virtually impossible to block,” Pro Publica, http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block. Gunes Acar et al. (10 Aug 2014), “The web never forgets: persistent tracking mechanisms in the wild,” ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html.

49Google tried to compel this: Google (5 Jul 2014), Post re: Removal of Google+ username restrictions, https://plus.google.com/+googleplus/posts/V5XkYQYYJqy.

49Facebook pretty much demands real names: Facebook has been reconsidering the policy after being confronted by users who are potentially endangered by it. Facebook (2014), “What names are allowed on Facebook?” https://www.facebook.com/help/112146705538576. Reed Albergotti (2 Oct 2014), “Facebook changes real-name policy after uproar from drag queens,” Wall Street Journal, http://online.wsj.com/articles/facebook-changes-real-name-policy-after-uproar-from-drag-queens-1412223040.

50It quickly became clear: People’s willingness to pay has changed somewhat. Lots of us are now used to paying small amounts, or even large amounts over time, for smartphone apps, but the surveillance aspect of Internet business has remained. Even apps you pay for spy on you.

50“Free” is a special price: Kristina Shampanier, Nina Mazar, and Dan Ariely (Dec 2007), “Zero as a special price: The true value of free products,” Marketing Science 26, http://web.mit.edu/ariely/www/MIT/Papers/zero.pdf.

50Free warps our normal sense: Scott Bradner (3 Aug 2010), “The price of free Internet: A piece of your soul,” Network World, http://www.networkworld.com/columnists/2010/080310bradner.html.

50Facebook has done it systematically: Kurt Opsahl (28 Apr 2010), “Facebook’s eroding privacy policy: A timeline,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2010/04/facebook-timeline.

50Facebook has also changed: This is an excellent interactive graphic. Matt McKeon (15 May 2010), “The evolution of privacy on Facebook,” http://mattmckeon.com/facebook-privacy.

50Google has done much the same: Associated Press (2 Apr 2013), “Timeline: A look at developments linked to Google privacy concerns,” CTV News, http://www.ctvnews.ca/sci-tech/timeline-a-look-at-developments-linked-to-google-privacy-concerns-1.1220927.

50Apple is somewhat of an exception: Rich Mogull (25 Jun 2014), “Why Apple really cares about your privacy,” Macworld, http://www.macworld.com/article/2366921/why-apple-really-cares-about-your-privacy.html.

50It uses iTunes purchase information: Charles Arthur (18 Sep 2014), “Apple’s Tim Cook attacks Google and Facebook over privacy flaws,” Guardian, http://www.theguardian.com/technology/2014/sep/18/apple-tim-cook-google-facebook-privacy-surveillance.

51It’s very big business for Amazon: Jay Greene (18 Mar 2014), “Amazon easing into $1 billion sideline business: ad sales,” Union Bulletin, http://union-bulletin.com/news/2014/mar/18/amazon-easing-1b-sideline-business-ad-sales. Nadia Tuma and Laura Simpson (23 Jan 2014), “Why Amazon’s data store doesn’t scare people—but Facebook’s does,” Advertising Age, http://adage.com/article/guest-columnists/americans-scared-amazon-s-data-store/290953.

52Companies have increasingly: Amy Harmon (24 Aug 2001), “As public records go online, some say they’re too public,” New York Times, http://www.nytimes.com/2001/08/24/nyregion/as-public-records-go-online-some-say-they-re-too-public.html. Mark Ackerman (26 Aug 2013), “Sales of public data to marketers can mean big $$ for governments,” CBS Denver, http://denver.cbslocal.com/2013/08/26/sales-of-public-data-to-marketers-can-mean-big-for-governments.

52data brokers like Acxiom: This is a good article on Acxiom. Natasha Singer (16 Jun 2012), “Mapping, and sharing, the consumer genome,” New York Times, http://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html.

52These companies buy: The World Privacy Forum estimates that there are about 4,000 data brokers. Pam Dixon (18 Dec 2013), “Testimony of Pam Dixon, Executive Director, World Privacy Forum, before the U.S. Senate Committee on Commerce, Science, and Transportation: What information do data brokers have on consumers, and how do they use it?” World Privacy Forum, http://www.worldprivacyforum.org/2013/12/testimony-what-information-do-data-brokers-have-on-consumers.

52The more data you produce: Craig Timberg (27 May 2014), “Brokers use ‘billions’ of data points to profile Americans,” Washington Post, http://www.washingtonpost.com/business/technology/brokers-use-billions-of-data-points-to-profile-americans/2014/05/27/b4207b96-e5b2-11e3-a86b-362fd5443d19_story.html.

52The breadth and depth: Wall Street Journal ran an excellent series that discussed the enormous amount of surveillance data different companies collect. Wall Street Journal, “What They Know” series index, http://online.wsj.com/public/page/what-they-know-digital-privacy.html.

52They collect everything: US Senate Committee on Commerce, Science, and Transportation, Office of Oversight and Investigations, Majority Staff (18 Dec 2013), “A review of the data broker industry: Collection, use, and sale of consumer data for marketing purposes,” Staff report for Chairman Rockefeller, http://consumercal.org/wp-content/uploads/2013/12/senate_2013_data_broker_report.pdf.

53Data brokers use your data: Lois Beckett (13 Sep 2013), “Everything we know about what data brokers know about you,” Pro Publica, https://www.propublica.org/article/everything-we-know-about-what-data-brokers-know-about-you.

53Acxiom can provide you with that: Natasha Singer (5 Sep 2013), “Acxiom lets consumers see data it collects,” New York Times, http://www.nytimes.com/2013/09/05/technology/acxiom-lets-consumers-see-data-it-collects.html.

53InfoUSA has sold lists: Charles Duhigg (20 May 2007), “Bilking the elderly, with a corporate assist,” New York Times, http://www.nytimes.com/2007/05/20/business/20tele.html.

53both brokers were fined by the FTC: US Senate Committee on Commerce, Science, and Transportation, Office of Oversight and Investigations, Majority Staff (18 Dec 2013), “A review of the data broker industry: Collection, use, and sale of consumer data for marketing purposes,” Staff report for Chairman Rockefeller, http://consumercal.org/wp-content/uploads/2013/12/senate_2013_data_broker_report.pdf.

53We use systems that spy on us: Joseph Turow (7 Feb 2012), “A guide to the digital advertising industry that’s watching your every click,” Atlantic, http://www.theatlantic.com/technology/archive/2012/02/a-guide-to-the-digital-advertising-industry-thats-watching-your-every-click/252667.

53If something is free: It’s not known who first said this. Jonathan Zittrain (21 Mar 2012), “Meme patrol: ‘When something online is free, you’re not the customer, you’re the product,’” The Future of the Internet and How to Stop It, http://s.law.harvard.edu/futureoftheinternet/2012/03/21/meme-patrol-when-something-online-is-free-youre-not-the-customer-youre-the-product.

53as Al Gore said: Nelson Wyatt (7 Nov 2013), “Former U.S. vice-president Al Gore predicts lawmakers will rein in surveillance,” Vancouver Sun, http://www.vancouversun.com/news/Former+vicepresident+Gore+predicts+lawmakers+will+rein/9129866/story.html.

53There’s a famous quote: Laurence Green (5 Jul 2010), “Why creativity will buy you more success than money,” Telegraph, http://www.telegraph.co.uk/finance/businessclub/7872084/Why-creativity-will-buy-you-more-success-than-money.html.

53If you know exactly who: At least, that’s the theory. There are people who argue that this isn’t as effective as one might think. Douglas Rushkoff (2013), Present Shock: When Everything Happens Now, Current, http://www.rushkoff.com/present-shock.

53a national lawn care company: Real Green Systems (2014), “Measurement Assistant: An online measuring software application combining aerial photography and measuring tools,” https://www.realgreen.com/measurement_assistant.html.

54This also works in political advertising: Nathan Abse (Oct 2012), “Big data delivers on campaign promise: Microtargeted political advertising in Election 2012,” Interactive Advertising Bureau, http://www.iab.net/media/file/Innovations_In_Web_Marketing_and_Advertising_delivery.pdf.

54Obama used big data: Michael Scherer (7 Nov 2012), “Inside the secret world of the data crunchers who helped Obama win,” Time, http://swampland.time.com/2012/11/07/inside-the-secret-world-of-quants-and-data-crunchers-who-helped-obama-win. Sasha Issenberg (19 Dec 2012), “How President Obama’s campaign used big data to rally individual voters,” MIT Technology Review, http://www.technologyreview.com/featuredstory/509026/how-obamas-team-used-big-data-to-rally-voters.

54This data is used to target: Ed Pilkington and Amanda Michel (17 Feb 2012), “Obama, Facebook and the power of friendship: The 2012 data election,” Guardian, http://www.theguardian.com/world/2012/feb/17/obama-digital-data-machine-facebook-election. Tanzina Vega (20 Feb 2012), “Online data helping campaigns customize ads,” New York Times, http://www.nytimes.com/2012/02/21/us/politics/campaigns-use-microtargeting-to-attract-supporters.html.

54A lot of commercial surveillance: Many data brokers now allow you to correct errors. Any corrections you make improve the quality of the data they sell to others. Your corrections help them, yet they depict it as some sort of right you now have.

54this information can be valuable: In 2014, Shutterfly sent e-mail congratulations to people who had just had a baby, and made some mistakes. The mistakes were what made the press. Kashmir Hill (14 May 2014), “Shutterfly congratulates a bunch of people without babies on their ‘new arrivals,’” Forbes, http://www.forbes.com/sites/kashmirhill/2014/05/14/shutterfly-congratulates-a-bunch-of-people-without-babies-on-their-new-arrivals.

54the data is enormously better: There’s a lot of anecdotal evidence about how wrong targeted advertising gets things, but much of that comes from the fact that we notice the mistakes more than we notice the bull’s-eyes.

54physical locations of people on Twitter: Jalal Mahmud, Jeffrey Nichols, and Clemens Drews (7 Mar 2014), “Home location identification of Twitter users,” arXiv:1403.2345 [cs.SI], http://arxiv.org/abs/1403.2345.

54surveillance-based advertising is oversold: This essay, for example, questions the effectiveness of Internet advertising. Derek Thompson (13 Jun 2014), “A dangerous question: Does Internet advertising work at all?” Atlantic, http://www.theatlantic.com/business/archive/2014/06/a-dangerous-question-does-internet-advertising-work-at-all/372704.

54one of the kids died in a car crash: In 2014, OfficeMax sent a promotional mailing addressed to “Mike Seay/Daughter Killed in Car Crash/Or Current Business.” That was a database error, but it illustrates the personal nature of data these data brokers collect. Amy Merrick (23 Jan 2014), “A death in the database,” New Yorker, http://www.newyorker.com/online/s/currency/2014/01/ashley-seay-officemax-car-crash-death-in-the-database.html.

54advertising that’s too targeted feels creepy: Blase Ur et al. (2 Apr 2012), “Smart, useful, scary, creepy: Perceptions of online behavioral advertising,” CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, https://www.cylab.cmu.edu/research/techreports/2012/tr_cylab12007.html.

55the “uncanny valley”: Farhad Manjoo (23 Aug 2012), “The uncanny valley of Internet advertising,” Slate, http://www.slate.com/articles/technology/technology/2012/08/the_uncanny_valley_of_internet_advertising_why_do_creepy_targeted_ads_follow_me_everywhere_i_go_on_the_web_.html. Sara M. Watson (16 Jun 2014), “Data doppelgängers and the uncanny valley of personalization,” Atlantic, http://www.theatlantic.com/technology/archive/2014/06/data-doppelgangers-and-the-uncanny-valley-of-personalization/372780.

55People are okay with sloppily: Mike Masnick (11 Mar 2008), “Where’s the line between personalized advertising and creeping people out?” Tech Dirt, http://www.techdirt.com/articles/20080311/121305499.shtml.

55“creepy” is relative: Blase Ur et al. (2 Apr 2012), “Smart, useful, scary, creepy: Perceptions of online behavioral advertising,” CyLab, Carnegie Mellon University, Pittsburgh, Pennsylvania, https://www.cylab.cmu.edu/research/techreports/2012/tr_cylab12007.html.

55depends a lot on our familiarity: Evan Selinger (22 Aug 2012), “Why do we love to call new technologies ‘creepy’?” Slate, http://www.slate.com/articles/technology/future_tense/2012/08/facial_recognition_software_targeted_advertising_we_love_to_call_new_technologies_creepy_.html. Omer Tene and Jules Polonetsky (16 Sep 2013), “A theory of creepy: Technology, privacy, and shifting social norms,” Yale Journal of Law & Technology, http://yjolt.org/theory-creepy-technology-privacy-and-shifting-social-norms.

55ads that follow us around: Sara M. Watson (16 Sep 2014), “Ask the decoder: Stalked by socks,” Al Jazeera, http://america.aljazeera.com/articles/2014/9/16/the-decoder-stalkedbysocks.html.

55click on a link to find out why: Mike Isaac (2 Nov 2011), “New Google ‘transparency’ feature aims to reduce ad-targeting creepiness,” Wired, http://www.wired.com/2011/11/google-ad-transparency-target. Todd Essig (27 Feb 2012), “‘Big Data’ got you creeped out? Transparency can help,” Forbes, http://www.forbes.com/sites/toddessig/2012/02/27/big-data-got-you-creeped-out-transparency-can-help.

55Recipients of these mailings: Charles Duhigg (19 Feb 2012), “How companies learn your secrets,” New York Times, http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html.

5650 million people have installed AdBlock Plus: Kashmir Hill (21 Aug 2013), “Use of ad blocking is on the rise,” Forbes, http://www.forbes.com/sites/kashmirhill/2013/08/21/use-of-ad-blocking-is-on-the-rise.

56the value of a single: Victor Luckerson (7 Mar 2014), “Twitter’s ad prices are in free fall,” Time, http://time.com/16032/twitter-ad-prices-decline. Brian Womack (16 Apr 2014), “Google revenue falls short of estimates, ad prices drop,” Bloomberg Business Week, http://www.businessweek.com/news/2014-04-16/google-revenue-falls-short-of-estimates-as-ad-prices-decline-1.

56a common commodity: Emily Steel (12 Jun 2013), “Companies scramble for consumer data,” Financial Times, http://link.ft.com/r/S4XZQQ/Z8K8I2/9ZND5E/972MV7/VTD3N8/SN/h. Ken Figueredo (19 Jun 2013), “Prices and value of consumer data,” More with Mobile, http://www.more-with-mobile.com/2013/06/prices-and-value-of-consumer-data.html.

56the value of each user: Tristan Louis (31 Aug 2013), “How much is a user worth?” Forbes, http://www.forbes.com/sites/tristanlouis/2013/08/31/how-much-is-a-user-worth.

56already reached the peak: Tim Hwang and Adi Kamdar (9 Oct 2013), “The theory of peak advertising and the future of the web,” Peakads.org, http://peakads.org/images/Peak_Ads.pdf. Tim Hwang (19 Mar 2014), “The Peak Advertising Institute,” Knight News Challenge, https://www.newschallenge.org/challenge/2014/feedback-review/the-peak-advertising-institute.

56I don’t think anyone knows: Doc Searls (23 Mar 2009), “After the advertising bubble bursts,” Doc Searls Weblog, http://s.law.harvard.edu/doc/2009/03/23/after-the-advertising-bubble-bursts.

56early tropes of the Internet: Moshe Yudkowsky (2005), The Pebble and the Avalanche: How Taking Things Apart Creates Revolutions, Berrett-Koehler Publishers, http://www.pebbleandavalanche.com.

56eBay connected buyers and sellers: Mark Graham (2008), “Warped geographies of development: The Internet and theories of economic development,” Geography Compass 2/3, http://www.geospace.co.uk/files/compass.pdf.

56music promotion and distribution: Mike Masnick (19 Jun 2013), “Hollywood’s new talking point: Gatekeepers are awesome,” Tech Dirt, https://www.techdirt.com/articles/20130613/18243923466/hollywoods-new-talking-point-gatekeepers-are-awesome.shtml.

56airline tickets: Alina M. Chircu and Robert J. Kauffman (1998), “Analyzing market transformation in the presence of Internet-driven disintermediation: The case of online travel reservation providers,” Management Information Systems Research Center, http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.196.4820&rep=rep1&type=pdf.

56in some cases—advertising: Tim Williams (3 Jun 2013), “The disintermediation of the advertising agency business,” LinkedIn, http://www.linkedin.com/today/post/article/20130603205503-2042198-the-disintermediation-of-the-agency-business.

57Google CEO Eric Schmidt said: Eric Schmidt and Jared Cohen (2013), The New Digital Age: Reshaping the Future of People, Nations and Business, Knopf, http://www.newdigitalage.com.

57A variety of economic effects: Carl Shapiro and Hal Varian (1998), Information Rules: A Strategic Guide to the Network Economy, Harvard Business Review Press, http://www.inforules.com.

57Google controls two-thirds: comScore (21 Jun 2014), “comScore releases June 2014 U.S. search engine rankings,” https://www.comscore.com/Insights/Market-Rankings/comScore-Releases-June-2014-US-Search-Engine-Rankings.

57have Facebook accounts: Maeve Duggan and Aaron Smith (30 Dec 2013), “Social media update 2013,” Pew Research Internet Project, http://www.pewinternet.org/2013/12/30/social-media-update-2013.

57Amazon controls about: Troy (12 May 2013), “Highlights from the U.S. Book Consumer Annual Review,” AALB.com’s Discussion Forum, http://aalbc.com/tc/index.php/topic/2051-highlights-from-the-us-book-consumer-annual-review.

57Comcast owns about: Trefis Team (24 Jul 2014), “Comcast earnings grow 15% on good broadband growth,” Forbes, http://www.forbes.com/sites/greatspeculations/2014/07/24/comcast-earnings-grow-15-on-good-broadband-growth.

58In 2001, eBay started hiding: Matthew Fordahl (2 Feb 2001), “eBay to hide members’ e-mail addresses,” ABC News, http://abcnews.go.com/Technology/story?id=98958.

58in 2011, it banned e-mail addresses: eBay (1 Oct 2011), “E-mail addresses and some links no longer permitted in listings,” http://pages.ebay.com/sellerinformation/news/links2011.html.

58in 2012, it banned them from user-to-user: eBay (2 Oct 2012), “Sellers: E-mail addresses and some URLs no longer allowed in member-to-member messages,” http://announcements.ebay.com/2012/10/sellers-e-mail-addresses-and-some-urls-no-longer-allowed-in-member-to-member-messages.

58Websites that profit from advertising: Steven Levy (22 Apr 2014), “Inside the science that delivers your scary-smart Facebook and Twitter feeds,” Wired, http://www.wired.com/2014/04/perfect-facebook-feed.

58sites that allow you to opt out: Nate Anderson (24 Jul 2008), “.06% opt out: NebuAd hides link in 5,000-word privacy policy,” Ars Technica, http://arstechnica.com/uncategorized/2008/07/06-opt-out-nebuad-hides-link-in-5000-word-privacy-policy.

58The relationship is more feudal: Bruce Schneier (26 Nov 2012), “When it comes to security, we’re back to feudalism,” Wired, http://www.wired.com/2012/11/feudal-security.

58We like having someone else: Rachel King (15 Oct 2012), “Consumers actually really like cloud storage, report says,” ZDNet, http://www.zdnet.com/consumers-actually-really-like-cloud-storage-report-says-7000005784.

59the rise of cloud computing: This is a good introduction to cloud computing. Michael Armbrust et al. (10 Feb 2009), “Above the clouds: A Berkeley view of cloud computing,” Technical Report No. UCB/EECS-2009-28, Electrical Engineering and Computer Sciences, University of California at Berkeley, http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf.

59they turn our data over: Both Google and Microsoft have turned child porn suspects over to the FBI on their own initiative. Robert Macpherson (4 Aug 2014), “Google defends child porn tip-offs to police,” Yahoo! News, http://news.yahoo.com/google-defends-child-porn-tip-offs-police-025343404.html. Leo Kelion (6 Aug 2014), “Microsoft tip leads to child porn arrest in Pennsylvania,” BBC News, http://www.bbc.com/news/technology-28682686.

59the rise of user devices: Jonathan Zittrain (2009), “Tethered appliances, software as service, and perfect enforcement,” in The Future of the Internet and How to Stop It, Yale University Press, http://dash.harvard.edu/bitstream/handle/1/4455262/Zittrain_Future%20of%20the%20Internet.pdf.

59Apple has rules about what software: Meg Albus (5 Sep 2013), “Don’t get rejected by Apple!” PBS Producer Exchange, https://projects.pbs.org/confluence/pages/viewpage.action?pageId=34046325.

59In 2009, Amazon automatically deleted: Brad Stone (18 Jul 2009), “Amazon erases Orwell books from Kindle,” New York Times, http://www.nytimes.com/2009/07/18/technology/companies/18amazon.html.

60vendors are moving to a subscription model: Sam Grobart (14 Nov 2013), “Software makers’ subscription drive,” Business Week, http://www.businessweek.com/articles/2013-11-14/2014-outlook-software-makers-subscription-drive.

60Adobe did that with Creative Cloud: David Pogue (17 Sep 2013), “Adobe’s software subscription model means you can’t own your software,” Scientific American, http://www.scientificamerican.com/article/adobe-software-subscription-model-means-you-cant-own-your-software.

60if I decide to abandon those services: Google is much better at letting users leave with their data than many other companies are.

60Political scientist Henry Farrell: Henry Farrell (Fall 2013), “The tech intellectuals,” Democracy 30, http://www.democracyjournal.org/30/the-tech-intellectuals.php.

60It’s not reasonable to tell people: This isn’t to say that these things are essential and that it’s impossible to get along without them. I don’t have a Facebook account. I know people who don’t have cell phones, and one person who doesn’t shop online at all. We do have a choice, but living without any of these things can be very difficult, both personally and professionally.

61Opting out just isn’t a viable choice: Jessica Goldstein (29 Apr 2014), “Meet the woman who did everything in her power to hide her pregnancy from Big Data,” Think Progress, http://thinkprogress.org/culture/2014/04/29/3432050/can-you-hide-from-big-data.

5: Government Surveillance and Control

62The documents from Snowden: Barton Gellman and Ashkan Soltani (14 Oct 2013), “NSA collects millions of e-mail address books globally,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html. Barton Gellman and Ashkan Soltani (30 Oct 2013), “NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html. Barton Gellman and Laura Poitras (7 Jun 2013), “U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program,” Washington Post, http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html.

62The NSA was formed in 1952: US Executive Office of the President (24 Oct 1952), Memorandum to Secretary of State and Secretary of Defense re: Communications Intelligence Agency, US National Security Agency, http://www.nsa.gov/public_info/_files/truman/truman_memo.pdf.

62US signals intelligence and codebreaking: Thomas L. Burns (1990), “The origins of the National Security Agency 1940–1952 (U),” Center for Cryptologic History, US National Security Agency, http://www.nsa.gov/public_info/_files/cryptologic_histories/origins_of_nsa.pdf.

63Secrets of fact: Several political scientists have written about the difference between secrets and mysteries, or puzzles and mysteries. Joseph S. Nye Jr. (Jul/Aug 1994), “Peering into the future,” Foreign Affairs, http://www.foreignaffairs.com/articles/50102/joseph-s-nye-jr/peering-into-the-future. Gregory F. Treverton (Sep 2001), “Reshaping national intelligence for an age of information,” Research Brief 5, European Union Center for California, http://eucenter.scrippscollege.edu/files/2011/06/Treverton-05.pdf.

63“Never again” was an impossible mandate: Dan Geer (9 Oct 2013), “Tradeoffs in cyber security,” http://geer.tinho.net/geer.uncc.9×13.txt.

63Modern government surveillance monitors: Under the 1978 FISA law that regulated NSA surveillance, targets inside the US had to be “agents of a foreign power.” When the law was amended in 2008 under the FAA—FISA Amendments Act—a target could be any foreigner.

63This latest mission rose in importance: Dana Priest (21 Jul 2013), “NSA growth fueled by need to target terrorists,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-growth-fueled-by-need-to-target-terrorists/2013/07/21/24c93cf4-f0b1-11e2-bed3-b9b6fe264871_story.html.

64If the NSA tapped: The NSA did that in 1984. William J. Broad (8 Nov 1998), “A tale of daring American submarine espionage,” New York Times, http://www.nytimes.com/1998/11/08/us/a-tale-of-daring-american-submarine-espionage.html.

64Google doesn’t store: Google (2014), “Data center locations,” https://www.google.com/about/datacenters/inside/locations/index.html.

64It has a larger intelligence budget: Barton Gellman and Greg Miller (29 Aug 2013), “U.S. spy network’s successes, failures and objectives detailed in ‘black budget’ summary,” Washington Post, http://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_story.html. Ewan MacAskill and Jonathan Watts (29 Aug 2013), “US intelligence spending has doubled since 9/11, top secret budget reveals,” Guardian, http://www.theguardian.com/world/2013/aug/29/us-intelligence-spending-double-9-11-secret-budget.

64The Internet’s physical wiring: Ryan Singel (10 Oct 2007), “NSA’s lucky break: How the U.S. became switchboard to the world,” Wired, https://web.archive.org/web/20071019223411/http://www.wired.com/politics/security/news/2007/10/domestic_taps. Christopher Mims (8 Jun 2013), “Why the NSA has access to 80% of online communication even if Google doesn’t have a ‘backdoor,’” Quartz, http://qz.com/92369/why-nsa-has-access-to-80-of-online-communication-even-if-google-doesnt-have-a-back-door.

64The goal of the NSA’s surveillance: Ewen MacAskill and James Ball (2 Nov 2013), “Portrait of the NSA: no detail too small in quest for total surveillance,” Guardian, http://www.theguardian.com/world/2013/nov/02/nsa-portrait-total-surveillance. Glenn Greenwald (2014), No Place to Hide: Edward Snowden, the NSA and the US Surveillance State, Macmillan, chap. 3, http://leaksource.info/2014/07/31/glenn-greenwalds-no-place-to-hide-nsa-documents-excerpts.

65no evidence to suggest: Of course, I don’t know for sure. Bill Binney, another NSA whistleblower, has said otherwise, but he has provided no evidence. Antony Loewenstein (10 Jul 2014), “The ultimate goal of the NSA is total population control,” Guardian, http://www.theguardian.com/commentisfree/2014/jul/11/the-ultimate-goal-of-the-nsa-is-total-population-control.

65we know it is doing so: Ryan Devereaux, Glenn Greenwald, and Laura Poitras (19 May 2014), “Data pirates of the Caribbean: The NSA is recording every cell phone call in the Bahamas,” Intercept, https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas. Julian Assange (23 May 2014), “WikiLeaks statement on the mass recording of Afghan telephone calls by the NSA,” WikiLeaks, https://wikileaks.org/WikiLeaks-statement-on-the-mass.html.

65The agency’s 2013 budget: Barton Gellman and Greg Miller (29 Aug 2013), “‘Black budget’ summary details U.S. spy network’s successes, failures and objectives,” Washington Post, http://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_story.html.

65it directly employs: Dana Priest (21 Jul 2013), “NSA growth fueled by need to target terrorists,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-growth-fueled-by-need-to-target-terrorists/2013/07/21/24c93cf4-f0b1-11e2-bed3-b9b6fe264871_story.html.

65many more as contractors: 70% of the intelligence budget goes to private firms; 483,000 contractors have top-secret clearance, representing 34% of the 1.4 million people cleared at that level. Robert O’Harrow Jr., Dana Priest, and Marjorie Censer (10 Jun 2013), “NSA leaks put focus on intelligence apparatus’s reliance on outside contractors,” Washington Post, http://www.washingtonpost.com/business/nsa-leaks-put-focus-on-intelligence-apparatuss-reliance-on-outside-contractors/2013/06/10/e940c4ba-d20e-11e2-9f1a-1a7cdee20287_story.html. Jonathan Fahey and Adam Goldman (10 Jun 2013), “Leak highlights key role of private contractors,” Associated Press, http://bigstory.ap.org/article/leak-highlights-key-role-private-contractors.

65the total for 2013 was $53 billion: Barton Gellman and Greg Miller (29 Aug 2013), “‘Black budget’ summary details U.S. spy network’s successes, failures and objectives,” Washington Post, http://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_story.html.

65the US spends $72 billion annually: Steven Aftergood (Mar 2014), “Intelligence budget data,” Federation of American Scientists Intelligence Resource Program, http://fas.org/irp/budget/index.html.

65the capabilities were developed: “We believe that the military missions in Iraq and Afghanistan have also had a large but difficult-to-measure impact on decisions about technical collection and communications technologies.” Richard A. Clarke et al. (12 Dec 2013), “Liberty and security in a changing world: Report and recommendations of The President’s Review Group on Intelligence and Communications Technologies,” US Executive Office of the President, p. 187, http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.

65Executive Order 12333: The feds call it “twelve triple-three.” US Executive Office of the President (4 Dec 1981), “Executive Order 12333—United States intelligence activities,” Federal Register, http://www.archives.gov/federal-register/codification/executive-order/12333.html. Alex Abdo (29 Sep 2014), “New documents shed light on one of the NSA’s most powerful tools,” Free Future, https://www.aclu.org/blog/national-security/new-documents-shed-light-one-nsas-most-powerful-tools.

65some protection for US citizens: Mark Jaycox (5 Nov 2013), “Three leaks, three weeks, and what we’ve learned about the US government’s other spying authority: Executive Order 12333,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/10/three-leaks-three-weeks-and-what-weve-learned-about-governments-other-spying.

65Section 215 of the USA PATRIOT Act: US Congress (2001), “USA Patriot Act Section 215,” http://www.gpo.gov/fdsys/pkg/BILLS-107hr3162enr/pdf/BILLS-107hr3162enr.pdf.

65a secret court interpreted this: Marcy Wheeler (14 Aug 2014), “George W. Bush’s false heroes: The real story of a secret Washington sham,” Salon, http://www.salon.com/2014/08/14/george_w_bushs_false_heroes_the_real_story_of_a_secret_washington_sham.

65Section 702 of the FISA: There’s also the Protect America Act (PAA) of 2007. It was overturned and replaced by the FAA, but any existing authorizations under PAA were grandfathered. We don’t know how many there are, so we don’t know how important this is. James Risen (6 Aug 2007), “Bush signs law to widen reach for wiretapping,” New York Times, http://www.nytimes.com/2007/08/06/washington/06nsa.html. Ryan Singel (6 Aug 2007), “Analysis: New law gives government six months to turn Internet and phone systems into permanent spying architecture,” Wired, http://www.wired.com/2007/08/analysis-new-la.

66The NSA has minimization rules: One Snowden document discusses the NSA minimization procedures. US National Security Agency (8 Jan 2007), “Minimization procedures used by the National Security Agency in connection with acquisitions of foreign intelligence information pursuant to Section 702 of the Foreign Intelligence Surveillance Act, as amended,” http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-b-nsa-procedures-document.

66The NSA does a lot of playing around: Jennifer Granick (25 Aug 2014), “Intercept reporting raises broader metadata minimization question,” Just Security, http://justsecurity.org/14327/intercept-reporting-raises-broader-metadata-minimization-question. Marcy Wheeler (26 Aug 2014), “SPCMA and ICREACH,” Empty Wheel, http://www.emptywheel.net/2014/08/26/spcma-and-icreach.

66A 2014 analysis: Barton Gellman, Julie Tate, and Ashkan Soltani (5 Jul 2014), “In NSA-intercepted data, those not targeted far outnumber the foreigners who are,” Washington Post, http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html.

67tightly connected with the NSA: Nadia Kayyali (21 May 2014), “How the NSA is transforming law enforcement,” Gizmodo, http://gizmodo.com/how-the-nsa-is-transforming-law-enforcement-1579438984.

67We know there is considerable sharing: Ryan Gallagher (25 Aug 2014), “The surveillance engine: How the NSA built its own secret Google,” Intercept, https://firstlook.org/theintercept/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton.

67initial legal basis: The most significant expansion of the NSA’s authority occurred in 2005, under the USA PATRIOT Improvement and Reauthorization Act. Some of the provisions have been struck down as unconstitutional.

68because Smith shared those phone numbers: John Villasenor (30 Dec 2013), “What you need to know about the third-party doctrine,” Atlantic, http://www.theatlantic.com/technology/archive/2013/12/what-you-need-to-know-about-the-third-party-doctrine/282721.

68a tool called an IMSI-catcher: IMSI is International Mobile Subscriber Identity, which is the unique serial number your cell phone broadcasts so that the cellular system knows where you are.

68the code name StingRay: AmberJack is another. “Stingray” is now used as a generic term for IMSI-catchers.

68collect identification and location: Joel Hruska (17 Jun 2014), “Stingray, the fake cell phone tower cops and carriers use to track your every move,” Extreme Tech, http://www.extremetech.com/mobile/184597-stingray-the-fake-cell-phone-tower-cops-and-providers-use-to-track-your-every-move.

68The FBI is so scared: Lauren Walker (23 Sep 2014), “New documents reveal information about police cellphone tracking devices,” Newsweek, http://www.newsweek.com/new-documents-reveal-information-about-police-cell-phone-tracking-devices-272746.

68instructs them to lie: Kim Zetter (19 Jun 2014), “Emails show feds asking Florida cops to deceive judges,” Wired, http://www.wired.com/2014/06/feds-told-cops-to-deceive-courts-about-stingray.

68federal marshals seized the documents: Nathan Freed Wessler (3 Jun 2014), “U.S. Marshals seize local cops’ cell phone tracking files in extraordinary attempt to keep information from public,” Free Future, https://www.aclu.org/blog/national-security-technology-and-liberty/us-marshals-seize-local-cops-cell-phone-tracking-files. Kim Zetter (3 Jun 2014), “U.S. Marshals seize cops’ spying records to keep them from the ACLU,” Wired, http://www.wired.com/2014/06/feds-seize-stingray-documents.

68The National Counterterrorism Center: National Counterterrorism Center (2007), “Terrorist Identities Datamart Environment (TIDE),” https://web.archive.org/web/20140712154829/http://www.nctc.gov/docs/Tide_Fact_Sheet.pdf. Richard A. Best Jr. (19 Dec 2011), “The National Counterterrorism Center (NCTC): Responsibilities and potential congressional concerns,” Congressional Research Service, http://fas.org/sgp/crs/intel/R41022.pdf. Matt Sledge (16 Feb 2013), “National Counterterrorism Center’s ‘terrorist information’ rules outlined in document,” Huffington Post, http://www.huffingtonpost.com/2013/02/15/national-counterterrorism-center-nctc-terrorist-information_n_2697190.html.

68a huge database of US citizens: Karen DeYoung (25 Mar 2007), “Terror database has quadrupled in four years,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2007/03/24/AR2007032400944.html.

68where the various watch lists: Julia Angwin (13 Dec 2013), “U.S. terrorism agency to tap a vast database of citizens,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887324478304578171623040640006.

69procedures for getting on these lists: Jeremy Scahill and Ryan Devereaux (5 Aug 2014), “Watch commander: Barack Obama’s secret terrorist-tracking system, by the numbers,” Intercept, https://firstlook.org/theintercept/article/2014/08/05/watch-commander.

69Tamerlan Tsarnaev was on this list: Eric Schmitt and Michael S. Schmidt (24 Apr 2013), “2 U.S. agencies added Boston bomb suspect to watch lists,” New York Times, http://www.nytimes.com/2013/04/25/us/tamerlan-tsarnaev-bomb-suspect-was-on-watch-lists.html.

69Organized Crime Drug Enforcement Task Forces: US Department of Justice (2014), “Organized Crime Drug Enforcement Task Forces,” http://www.justice.gov/criminal/taskforces/ocdetf.html.

69Comprehensive National Cybersecurity Initiative: US Executive Office of the President (2009), “The Comprehensive National Cybersecurity Initiative,” http://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative.

69Bureau of Alcohol, Tobacco, and Firearms: Robert Beckhusen (5 Apr 2013), “The ATF wants ‘massive’ online database to find out who your friends are,” Wired, http://www.wired.com/2013/04/atf-database.

69Even the Pentagon has spied: Lisa Myers, Douglas Pasternak, and Rich Gardella (14 Dec 2005), “Is the Pentagon spying on Americans?” NBC News, http://www.nbcnews.com/id/10454316/ns/nbc_nightly_news_with_brian_williams-nbc_news_investigates/t/pentagon-spying-americans. Marcy Wheeler (24 Jul 2007), “Cunningham, CIFA, and Cheney, a new chronology,” Empty Wheel, http://www.emptywheel.net/2007/07/24/cunningham-cifa-and-cheney-a-new-chronology.

69Naval Criminal Investigative Service: In 2014, a federal court ruled this practice illegal, and threw out a child pornography conviction based on it. Victoria Cavaliere (18 Sep 2014), “U.S. court rules Navy wrongfully monitored computers in child porn probe,” Reuters, http://www.reuters.com/article/idUSKBN0HD2EU20140918.

69the US has set up “fusion centers”: Robert Mueller (15 Nov 2004), “The FBI: Improving intelligence for a safer America,” address delivered to the Town Hall Los Angeles, Los Angeles, California, http://www.fbi.gov/news/speeches/the-fbi-improving-intelligence-for-a-safer-america. US Department of Homeland Security (4 Sep 2012), “Fusion centers handout,” http://www.dhs.gov/sites/default/files/publications/Fusion%20Centers%20Handout.pdf. US House of Representatives (Jul 2013), “Majority staff report on the national network of fusion centers,” Committee on Homeland Security, http://homeland.house.gov/sites/homeland.house.gov/files/documents/CHS%20SLFC%20Report%202013%20FINAL.pdf.

69local police access to: Torin Monahan (2010), “The future of security? Surveillance operations at Homeland Security fusion centers,” Social Justice 37, http://www.socialjusticejournal.org/archive/120_37_2-3/120_07Monahan.pdf.

69supposed to focus on terrorism: Priscilla M. Regan, Torin Monahan, and Krista Craven (3 Dec 2013), “Constructing the suspicious: Data production, circulation, and interpretation by DHS Fusion Centers,” Administration and Society, http://aas.sagepub.com/content/early/2013/11/29/0095399713513141.abstract.

69There’s minimal oversight: Michael German and Jay Stanley (Dec 2007), “What’s wrong with fusion centers?” American Civil Liberties Union, https://www.aclu.org/files/pdfs/privacy/fusioncenter_20071212.pdf. Sharon Bradford Franklin et al. (6 Sep 2012), “Recommendations for fusion centers: Preserving privacy and civil liberties while protecting against crime and terrorism,” Constitution Project, http://www.constitutionproject.org/pdf/fusioncenterreport.pdf.

69spied on political protesters: Colin Moynihan (22 May 2014), “Officials cast wide net in monitoring Occupy protests,” New York Times, http://www.nytimes.com/2014/05/23/us/officials-cast-wide-net-in-monitoring-occupy-protests.html. Mara Verheyden-Hilliard and Carl Messineo (5 May 2014), “Out of the shadows: The hidden role of the Fusion Centers in the nationwide spying operation against the Occupy movement and peaceful protest in America,” Partnership for Civil Justice, http://www.justiceonline.org/one-nation-under-surveillance/out-of-the-shadows-pcjf-report.pdf.

69Joint Terrorism Task Forces: US Federal Bureau of Investigation (2010), “Protecting America from terrorist attack: Our Joint Terrorism Task Forces,” http://www.fbi.gov/about-us/investigate/terrorism/terrorism_jttfs. US Department of Homeland Security (19 Dec 2013), “Fusion Centers and Joint Terrorist Task Forces,” http://www.dhs.gov/fusion-centers-and-joint-terrorism-task-forces.

69shrouded in extreme secrecy: American Civil Liberties Union (Sep 2013), “Unleashed and unaccountable: The FBI’s unchecked abuse of authority,” https://www.aclu.org/sites/default/files/assets/unleashed-and-unaccountable-fbi-report.pdf. Roberto Scalese (10 Apr 2014), “ACLU sues FBI, US attorney for Todashev, Task Force records,” Boston Globe, http://www.boston.com/news/local/massachusetts/2014/04/10/aclu-sues-fbi-attorney-for-todashev-task-force-records/MYWzetg75Zy3DIpLB1nyrO/story.html.

69investigating political activists: American Civil Liberties Union of Colorado (24 Aug 2010), “New documents confirm: FBI’s Joint Terrorism Task Force targets peaceful activists for harassment, political surveillance,” http://aclu-co.org/new-documents-confirm-fbis-joint-terrorism-task-force-targets-peaceful-activists-for-harassment-political-surveillance. Kevin Gosztola (4 Jul 2014), “FBI, JTTF and US Marshals are reportedly visiting political activists about thirty year-old case,” Dissenter, http://dissenter.firedoglake.com/2014/07/04/fbi-jttf-us-marshals-service-are-reportedly-visiting-political-activists-about-thirty-year-old-case.

69spreading anti-Islamic propaganda: Spencer Ackerman (23 Sep 2011), “New evidence of anti-Islam bias underscores deep challenges for FBI’s reform pledge,” Wired, http://www.wired.com/2011/09/fbi-islam-domination/all.

69harassing innocent civilians: Adam Gabbatt (1 Aug 2013), “New York woman visited by police after researching pressure cookers online,” Guardian, http://www.theguardian.com/world/2013/aug/01/new-york-police-terrorism-pressure-cooker. Carlos Miller (23 May 2014), “Terrorist Task Force cop visits man at home for photographing police buildings,” Photography Is Not a Crime, http://photographyisnotacrime.com/2014/05/23/terrorist-task-force-cop-visits-man-home-photographing-police-buildings. Steve Annear (11 Jul 2014), “ACLU files lawsuit after feds eye photographer’s ‘suspicious’ behavior,” Boston Magazine, http://www.bostonmagazine.com/news/blog/2014/07/11/aclu-james-prigoff-terrorism-task-force-lawsuit.

69listening posts in Oman: Duncan Campbell (3 Jun 2014), “Revealed: GCHQ’s beyond top secret Middle Eastern Internet spy base,” Register, http://www.theregister.co.uk/2014/06/03/revealed_beyond_top_secret_british_intelligence_middleeast_internet_spy_base.

69Cyprus: Nicky Hager and Stefania Maurizi (5 Nov 2013), “Cyprus: The home of British/American Internet surveillance in the Middle East,” L’Espresso, http://espresso.repubblica.it/inchieste/2013/11/04/news/the-history-of-british-intelligence-operations-in-cyprus-1.139978. Richard Norton-Taylor (28 Nov 2013), “Secret memos show efforts of MI5, MI6 and GCHQ to maintain Cyprus base,” Guardian, http://www.theguardian.com/uk-news/2013/nov/29/intelligence-mi5-mi6-gchq-cyprus-national-archives.

69Germany: Sven Becker et al. (18 Jun 2014), “New NSA revelations: Inside Snowden’s Germany file,” Der Spiegel, http://www.spiegel.de/international/germany/new-snowden-revelations-on-nsa-spying-in-germany-a-975441.html. Hubert Gude et al. (18 Jun 2014), “Spying together: Germany’s deep cooperation with the NSA,” Der Spiegel, http://www.spiegel.de/international/germany/the-german-bnd-and-american-nsa-cooperate-more-closely-than-thought-a-975445.html.

70France: Jacques Follorou and Glenn Greenwald (21 Oct 2013), “France in the NSA’s crosshair: Phone networks under surveillance,” Le Monde, http://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-phone-networks-under-surveillance_3499741_651865.html. Jacques Follorou and Franck Johannes (4 Jul 2013), “Revelations on the French Big Brother,” Société, http://www.lemonde.fr/societe/article/2013/07/04/revelations-on-the-french-big-brother_3442665_3224.html.

70Denmark: Ryan Gallagher (18 Jun 2014), “How secret partners expand NSA’s surveillance dragnet,” Intercept, https://firstlook.org/theintercept/article/2014/06/18/nsa-surveillance-secret-cable-partners-revealed-rampart-a.

70Australia: Jason Om (30 Oct 2013), “Spy expert says Australia operating as ‘listening post’ for US agencies including the NSA,” ABC News Australia, http://www.abc.net.au/news/2013-10-30/australia-acting-as-listening-post-for-us-spy-agencies/5056534.

70New Zealand: Glenn Greenwald and Ryan Gallagher (15 Sep 2014), “New Zealand launched mass surveillance project while publicly denying it,” Intercept, https://firstlook.org/theintercept/2014/09/15/new-zealand-gcsb-speargun-mass-surveillance.

70probably every other country: Craig Timberg (6 Jun 2014), “Vodafone reveals that governments are collecting personal data without limits,” Washington Post, http://www.washingtonpost.com/business/technology/governments-collecting-personal-data-without-limit-says-vodafone/2014/06/06/ff0cfc1a-edb4-11e3-9b2d-114aded544be_story.html.

70surveillance of Indonesia: Michael R. Gordon (7 Feb 2014), “Indonesia takes aim at Australia over spying on talks,” New York Times, http://www.nytimes.com/2014/02/18/world/asia/indonesia-takes-aim-at-australia-over-spying-but-not-the-us.html.

70Russia collects, stores, and analyzes: Andrei Soldatov and Irina Borogan (Fall 2013), “Russia’s surveillance state,” World Policy Journal, http://www.worldpolicy.org/journal/fall2013/Russia-surveillance. James A. Lewis (18 Apr 2014), “Reference note on Russian communications surveillance,” Center for Strategic and International Studies, http://csis.org/publication/reference-note-russian-communications-surveillance.

70built right into its Internet: The latest version, SORM 3, collects bulk surveillance data from all communications systems, providing both real-time and historical access. Andrei Soldatov and Irina Borogan (21 Dec 2012), “In ex-Soviet states, Russian spy tech still watches you,” Wired, http://www.wired.com/2012/12/russias-hand/all.

70the 2014 Sochi Olympics: Owen Matthews (12 Feb 2014), “Russia tests ‘total surveillance’ at the Sochi Olympics,” Newsweek, http://www.newsweek.com/2014/02/14/russia-tests-total-surveillance-sochi-olympics-245494.html. Joshua Kopstein (13 Feb 2014), “Sochi’s other legacy,” New Yorker, http://www.newyorker.com/tech/elements/sochis-other-legacy.

70this data is also used against: Gus Hosein (2010), “Privacy as a political right,” Index on Censorship 39, https://www.privacyinternational.org/reports/privacy-as-a-political-right/surveillance-of-political-movements#footnote5_5pc3hb7.

70China, too, attempts to monitor: James A. Lewis (2006), “The architecture of control: Internet surveillance in China,” Center for Strategic and International Studies, http://csis.org/files/media/csis/pubs/0706_cn_surveillance_and_information_technology.pdf.

70China also uses location information: Australian (4 Mar 2011), “China mobile phone tracking system attacked as ‘Big Brother’ surveillance,” Australian, http://www.theaustralian.com.au/news/world/china-mobile-phone-tracking-system-attacked-as-big-brother-surveillance/story-e6frg6so-1226015917086.

70turns mobile phones on remotely: Frank Langfitt (29 Jan 2013), “In China, beware: A camera may be watching you,” NPR Morning Edition, http://www.npr.org/2013/01/29/170469038/in-china-beware-a-camera-may-be-watching-you.

70monitors physical spaces: Calum MacLeod (3 Jan 2013), “China surveillance targets crime—and dissent,” USA Today, http://www.usatoday.com/story/news/world/2013/01/03/china-security/1802177.

70Messages containing words: Vernon Silver (8 Mar 2013), “Cracking China’s Skype surveillance software,” Bloomberg Business Week, http://www.businessweek.com/articles/2013-03-08/skypes-been-hijacked-in-china-and-microsoft-is-o-dot-k-dot-with-it.

7030,000 Internet police: John Markoff (1 Oct 2008), “Surveillance of Skype messages found in China,” New York Times, http://www.nytimes.com/2008/10/02/technology/internet/02skype.html.

70India: John Ribeiro (13 Jan 2011), “RIM allows India access to consumer BlackBerry messaging,” CIO, http://www.cio.com/article/654438/RIM_Allows_India_Access_to_Consumer_BlackBerry_Messaging. Amol Sharma (28 Oct 2011), “RIM facility helps India in surveillance efforts,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052970204505304577001592335138870. First Post (31 Dec 2012), “Telecos agree to real-time intercept for Blackberry messages,” First Post, http://tech.firstpost.com/news-analysis/telecos-agree-to-real-time-intercept-for-blackberry-messages-212476.html.

70Russia: Alexei Anishchuk (25 Apr 2011), “BlackBerry firm seeks security ‘balance’ in Russia,” Reuters, http://www.reuters.com/article/2011/04/25/us-blackberry-russia-idUSTRE73O1ZL20110425.

70Saudi Arabia: Al Jazeera (4 Aug 2010), “Saudi ban on BlackBerry from Friday,” Al Jazeera, http://www.aljazeera.com/news/middleeast/2010/08/2010844243386999.html.

70the UAE: Josh Halliday (18 Apr 2011), “UAE to tighten BlackBerry restrictions,” Guardian, http://www.theguardian.com/technology/2011/apr/18/uae-blackberry-e-mails-secure.

70Indonesia: Jakarta Post (15 Sep 2011), “Government asks RIM to open access to wiretap Blackberry users,” Jakarta Post, http://www.thejakartapost.com/news/2011/09/15/government-asks-rim-open-access-wiretap-blackberry-users.html.

70BlackBerry cut a deal with India: R. Jai Krishna (8 Aug 2012), “India sees resolution to BlackBerry dispute,” Wall Street Journal, http://online.wsj.com/news/articles/SB10000872396390443404004577576614174157698. British Broadcasting Corporation (11 Jul 2013), “India is ‘ready to use’ Blackberry message intercept system,” BBC News, http://www.bbc.com/news/technology-23265091.

71China helped Iran build surveillance: James Ball and Benjamin Gottlieb (25 Sep 2012), “Iran tightens online control by creating own network,” Guardian, http://www.theguardian.com/world/2012/sep/25/iran-state-run-internet.

71far more oppressive and totalitarian: H. J. Albrecht (2003), “Albrecht 2003—Rechtswirklichkeit und Effizienz der Überwachung der Telekommunikation nach den §§ 100a, 100b StPO und anderer verdeckter Ermittlungsmaßnahmen: Abschlussbericht,” Max Planck Institute for Foreign and International Criminal Law, http://www.gesmat.bundesgerichtshof.de/gesetzesmaterialien/16_wp/telekueberw/rechtswirklichkeit_%20abschlussbericht.pdf.

71the US has far more legal controls: Winston Maxwell and Christopher Wolf (23 May 2012), “A global reality: Governmental access to data in the cloud: A comparative analysis of ten international jurisdictions,” Hogan Lovells, http://www.cil.cnrs.fr/CIL/IMG/pdf/Hogan_Lovells_White_Paper_Government_Access_to_Cloud_Data_Paper_1_.pdf.

71countries like Thailand: David Stout (9 Jul 2014), “Thailand’s junta arrests an editor over a Facebook comment,” Time, http://time.com/2968680/thailand-junta-editor-facebook-thanapol-eawsakul-fah-diew-khan.

71India: British Broadcasting Corporation (20 Nov 2012), “India woman arrested over Facebook post in ‘shock,’” BBC News, http://www.bbc.com/news/world-asia-india-20405457. Agence France-Presse (19 Nov 2012), “Indians arrested for Facebook post on Mumbai shutdown,” South China Morning Post, http://www.scmp.com/news/asia/article/1086094/indians-arrested-facebook-post-mumbai-shutdown.

71Malaysia: Asia News Network (4 Jun 2013), “Woman detained for allegedly insulting Malaysian king on Facebook,” Straits Times, http://news.asiaone.com/News/Latest+News/Science+and+Tech/Story/A1Story20130604-427357.html.

71Iranian hacker broke into: It’s also possible that another government was behind the original attack, and the Iranians just piggybacked on that success. Hans Hoogstraaten et al. (13 Aug 2012), “Black Tulip: Report of the investigation into the DigiNotar Certificate Authority breach,” Project PR-110202, Fox-IT BV, http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2012/08/13/black-tulip-update/black-tulip-update.pdf.

71He passed this ability on to others: Somini Sangupta (11 Sep 2011), “Hacker rattles security circles,” New York Times, http://www.nytimes.com/2011/09/12/technology/hacker-rattles-internet-security-circles.html.

72300,000 Iranian Gmail accounts: Gregg Keizer (6 Sep 2011), “Hackers spied on 300,000 Iranians using fake Google certificate,” Computer World, http://www.computerworld.com/s/article/9219731/Hackers_spied_on_300_000_Iranians_using_fake_Google_certificate.

72a piece of malware called GhostNet: Information Warfare Monitor (29 Mar 2009), “Tracking GhostNet: Investigating a cyber espionage network,” Citizen Lab, Munk Centre for International Studies, University of Toronto, http://www.infowar-monitor.net/ghostnet.

72Flame is a surveillance tool: Ellen Nakashima (28 May 2012), “Newly identified computer virus, used for spying, is 20 times size of Stuxnet,” Washington Post, http://www.washingtonpost.com/world/national-security/newly-identified-computer-virus-used-for-spying-is-20-times-size-of-stuxnet/2012/05/28/gJQAWa3VxU_story.html.

72Red October: Dan Goodin (14 Jan 2013), “Massive espionage malware targeting governments undetected for 5 years,” Ars Technica, http://arstechnica.com/security/2013/01/red-Oct-computer-espionage-network-may-have-stolen-terabytes-of-data.

72Turla, which targeted: Peter Apps and Jim Finkle (7 Mar 2014), “Suspected Russian spyware Turla targets Europe, United States,” Reuters, http://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307.

72The Mask: Kaspersky Lab (10 Feb 2014), “Unveiling ‘Careto’: The masked APT,” Securelist, http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf.

72Iranian hackers have: Ellen Nakashima (29 May 2014), “Iranian hackers target U.S. officials,” Washington Post, http://www.washingtonpost.com/world/national-security/iranian-hackers-are-targeting-us-officials-through-social-networks-report-says/2014/05/28/7cb86672-e6ad-11e3-8f90-73e071f3d637_story.html.

72Tailored Access Operations group: Matthew M. Aid (10 Jun 2013), “Inside the NSA’s ultra-secret China hacking group,” Foreign Policy, http://www.foreignpolicy.com/articles/2013/06/10/inside_the_nsa_s_ultra_secret_china_hacking_group.

72TAO infiltrates computers remotely: Bruce Schneier (4 Oct 2013), “Attacking Tor: How the NSA targets users’ online anonymity,” Guardian, http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.

72TAO has developed specialized software: The code names for these programs are even cooler. And, most interestingly, this top-secret NSA document seems not to have come from Edward Snowden. Leaksource (30 Dec 2013), “NSA’s ANT Division catalog of exploits for nearly every major software/hardware/firmware,” http://leaksource.info/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware. Der Spiegel (29 Dec 2013), “Inside TAO: Documents reveal top NSA hacking unit,” Der Spiegel, http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html. Jacob Appelbaum, Judith Horchert, and Christian Stöcker (29 Dec 2013), “Shopping for spy gear: Catalog advertises NSA toolbox,” Der Spiegel, http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html.

7280,000 computers worldwide: Matthew M. Aid (15 Oct 2013), “The NSA’s new code breakers,” Foreign Policy, http://www.foreignpolicy.com/articles/2013/10/15/the_nsa_s_new_codebreakers.

73know a lot about China: This describes one of the Chinese military hacking units. Mandiant (18 Feb 2013), “APT1: Exposing one of China’s cyber espionage units,” http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf.

73against Google: Kim Zetter (13 Jan 2010), “Google hackers targeted source code of more than 30 companies,” Wired, http://www.wired.com/2010/01/google-hack-attack.

73against the Canadian government: Greg Weston (16 Feb 2011), “Foreign hackers attack Canadian government,” CBC News, http://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618.

73against the New York Times: Nicole Perlroth (31 Jan 2013), “Hackers in China attacked the Times for last 4 months,” New York Times, http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html.

73against the security company RSA: Riva Richmond (2 Apr 2011), “The RSA hack: How they did it,” New York Times, http://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it. Kelly Jackson Higgins (29 Mar 2012), “China hacked RSA, U.S. official says,” Information Week, http://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409.

73other US corporations: Ellen Nakashima (19 May 2014), “U.S. announces first charges against foreign country in connection with cyberspying,” Washington Post, http://www.washingtonpost.com/world/national-security/us-to-announce-first-criminal-charges-against-foreign-country-for-cyberspying/2014/05/19/586c9992-df45-11e3-810f-764fe508b82d_story.html.

73against the US military: Julian E. Barnes (4 Mar 2008), “Chinese hacking worries Pentagon,” Los Angeles Times, http://articles.latimes.com/2008/mar/04/world/fg-uschina4. Ellen Nakashima (27 May 2013), “Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies,” Washington Post, http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_story.html.

73Chinese government malware: We don’t know that the Chinese government was behind this, but the circumstantial evidence is pretty damning. Andy Greenberg (1 Apr 2013), “Evidence mounts that Chinese government hackers spread Android malware,” Forbes, http://www.forbes.com/sites/andygreenberg/2013/04/01/evidence-mounts-that-chinese-government-hackers-spread-android-malware.

73Chinese hackers breached: Ellen Nakashima and Lisa Rein (11 Jul 2014), “Chinese hack aims at federal workers’ data,” Washington Post, http://www.washingtonpost.com/world/national-security/chinese-hackers-go-after-us-workers-personal-data/2014/07/10/92db92e8-0846-11e4-8a6a-19355c7e870a_story.html.

73a long history of spying: Peter Schweizer (Jan/Feb 1996), “The growth of economic espionage: America is target number one,” Foreign Affairs, http://www.foreignaffairs.com/articles/51617/peter-schweizer/the-growth-of-economic-espionage-america-is-target-number-one.

73it does engage in economic espionage: David E. Sanger (20 May 2014), “With spy charges, U.S. treads fine line in fighting Chinese espionage,” New York Times, http://www.nytimes.com/2014/05/20/us/us-treads-fine-line-in-fighting-chinese-espionage.html. Jack Goldsmith (25 Mar 2013), “Why the USG complaints against Chinese economic cyber-snooping are so weak,” Lawfare, http://www.lawfareblog.com/2013/03/why-the-usg-complaints-against-chinese-economic-cyber-snooping-are-so-weak.

73Brazilian oil company Petrobras: O Globo (8 Sep 2013), “NSA documents show United States spied Brazilian oil giant,” O Globo, http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html.

73SWIFT international bank payment system: Der Spiegel (15 Sep 2013), “‘Follow the money’: NSA spies on international payments,” Der Spiegel, http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on-international-bank-transactions-a-922276.html.

73NSA claimed that the economic benefits: Kenneth W. Dam and Herbert S. Lin, eds. (1996), Cryptography’s Role in Securing the Information Society, National Academies Press, http://www.nap.edu/catalog.php?record_id=5131.

73an Italian cyberweapons manufacturer called Hacking Team: Morgan Marquis-Boire et al. (24 Jun 2014), “Police story: Hacking Team’s government surveillance malware,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant. William Anderson (24 Jun 2014), “Hacking Team 2.0: The story goes mobile,” Securelist, http://securelist.com/blog/research/63693/hackingteam-2-0-the-story-goes-mobile.

73Ethiopia used this software: Bill Marczak et al. (12 Feb 2014), “Hacking Team and the targeting of Ethiopian journalists,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2014/02/hacking-team-targeting-ethiopian-journalists. Craig Timberg (12 Feb 2014), “Foreign regimes use spyware against journalists, even in U.S.,” Washington Post, http://www.washingtonpost.com/business/technology/foreign-regimes-use-spyware-against-journalists-even-in-us/2014/02/12/9501a20e-9043-11e3-84e1-27626c5ef5fb_story.html.

74We labeled the Chinese actions: Andrew Jacobs, Miguel Helft, and John Markoff (13 Jan 2010), “Google, citing attack, threatens to exit China,” New York Times, http://www.nytimes.com/2010/01/13/world/asia/13beijing.html. David E. Sanger (6 May 2013), “U.S. blames China’s military directly for cyberattacks,” New York Times, http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html.

74sometimes invoking: New York Times (7 May 2013), “China and cyberwar (editorial),” New York Times, http://www.nytimes.com/2013/05/08/opinion/china-and-cyberwar.html. David E. Sanger and Elisabeth Bumiller (31 May 2011), “Pentagon to consider cyberattacks acts of war,” New York Times. http://www.nytimes.com/2011/06/01/us/politics/01cyber.html.

74more moderate language: Barack Obama (17 Jan 2014), “Obama’s speech on N.S.A. phone surveillance,” New York Times, http://www.nytimes.com/2014/01/18/us/politics/obamas-speech-on-nsa-phone-surveillance.html.

74the Chinese company Huawei: Michael S. Schmidt, Keith Bradsher, and Christine Hauser (8 Oct 2012), “U.S. panel cites risks in Chinese equipment,” New York Times, http://www.nytimes.com/2012/10/09/us/us-panel-calls-huawei-and-zte-national-security-threat.html.

74NSA has been doing exactly the same: US National Security Agency (24 Jun 2008), “SOUFFLETROUGH: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-souffletrough.jpg. US National Security Agency (24 Jun 2008), “FEED-TROUGH: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-feedthrough.jpg. US National Security Agency (24 Jun 2008), “JETPLOW: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-jetplow.jpg. US National Security Agency (24 Jun 2008), “HEADWATER: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-jetplow.jpg. US National Security Agency (24 Jun 2008), “HEADWATER: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-headwater.jpg. US National Security Agency (24 Jun 2008), “HALLUXWATER: ANT product data,” http://leaksource.files.wordpress.com/2013/12/nsa-ant-halluxwater.jpg.

74American-made equipment sold in China: Jeremy Hsu (26 Mar 2014), “U.S. suspicions of China’s Huawei based partly on NSA’s own spy tricks,” IEEE Spectrum, http://spectrum.ieee.org/tech-talk/computing/hardware/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks.

74international espionage and attack: In military terms, hacking for espionage is Computer Network Exfiltration—CNE—and hacking to cause damage is Computer Network Attack—CNA. Alexander Klimburg and Heli Tirmaa-Klaar (15 Apr 2011), “Cybersecurity and cyberpower: Concepts, conditions and capabilities for cooperation for action within the EU,” Directorate-General for External Policies of the Union, http://www.europarl.europa.eu/RegData/etudes/etudes/join/2011/433828/EXPO-SEDE_ET(2011)433828_EN.pdf. Alexander Klimburg (2 Sep 2014), “Shades of cyber grey: Espionage and attack in cyberspace,” Fletcher Forum of World Affairs, http://www.fletcherforum.org/2014/09/02/klimburg.

74Modern cyberespionage is a form of cyberattack: It is not, however, “cyberwar.” That term has been way overused in political discourse. For a good antidote, try this book. Thomas Rid (2013), Cyber War Will Not Take Place, Oxford University Press, http://thomasrid.org/no-cyber-war.

74nationwide Internet blackout: James Bamford (13 Aug 2014), “Edward Snowden: The untold story,” Wired, http://www.wired.com/2014/08/edward-snowden.

7430 countries have cyberwar divisions: Even more have cyberwar capabilities. George Mason University School of Public Policy (Feb 2014), “Cyber security export markets 2014,” Virginia Economic Development Partnership, http://exportvirginia.org/wp-content/uploads/2014/02/Report-on-Cyber-Security-Preface.pdf

75Estonia was the victim: Joshua Davis (21 Aug 2007), “Hackers take down the most wired country in Europe,” Wired, https://web.archive.org/web/20071019223411/http://www.wired.com/politics/security/magazine/15-09/ff_estonia.

75ex-Soviet republic of Georgia: John Markoff (13 Aug 2008), “Before the gunfire, cyberattacks,” New York Times http://www.nytimes.com/2008/08/13/technology/13cyber.html.

75South Korea was the victim: Matthew Weaver (8 Jul 2009), “Cyberattackers target South Korea and US,” Guardian, http://www.theguardian.com/world/2009/jul/08/south-korea-cyber-attack.

75a pro-Kremlin youth group: Charles Clover (11 Mar 2009), “Kremlin-backed group behind Estonia cyber blitz,” Financial Times, http://www.ft.com/cms/s/0/57536d5a-0ddc-11de-8ea3-0000779fd2ac.html.

75the only person convicted: Computer Weekly (13 Mar 2009), “Kids responsible for Estonia attack,” Computer Weekly, http://www.computerweekly.com/news/2240088733/Kids-responsible-for-Estonia-attack.

75Stuxnet is the first military-grade: David Kushner (26 Feb 2013), “The real story of Stuxnet,” IEEE Spectrum, http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet. Kim Zetter (2014), Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, Crown Publishers, http://books.google.com/books/?id=iBTpnQEACAAJ.

75It was launched in 2009: William J. Broad, John Markoff, and David E. Sanger (15 Jan 2011), “Israeli test on worm called crucial in Iran nuclear delay,” New York Times, http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html.

752012 attack against Saudi Aramco: Nicole Perlroth (23 Oct 2012), “In cyberattack on Saudi firm, U.S. sees Iran firing back,” New York Times, http://www.nytimes.com/2012/10/24/business/global/cyberattack-on-saudi-oil-firm-disquiets-us.html. Reuters (9 Dec 2012), “Aramco says cyberattack was aimed at production,” New York Times, http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-production.html.

76it makes sense to share data: Derek S. Reveron (Summer 2008), “Counterterrorism and intelligence cooperation,” Journal of Global Change and Governance 1, http://www.globalaffairsjournal.com/archive/Summer08/REVERON.pdf.

76It makes the best sense to join: Ross Anderson (23–24 Jun 2014), “Privacy versus government surveillance: Where network effects meet public choice,” 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, http://weis2014.econinfosec.org/papers/Anderson-WEIS2014.pdf.

76the Five Eyes: Nick Perry and Paisley Dodds (16 Jul 2013), “5-nation spy alliance too vital for leaks to harm,” Associated Press, http://bigstory.ap.org/article/experts-say-us-spy-alliance-will-survive-snowden.

76the Nine Eyes: Henrik Moltke and Sebastian Gjerding (4 Nov 2013), “Denmark part of NSA inner circle,” Information, http://www.information.dk/477405.

76the Fourteen Eyes: Der Spiegel (22 Jul 2013), “‘Key partners’: Secret links between Germany and the NSA,” Der Spiegel, http://www.spiegel.de/international/world/german-intelligence-worked-closely-with-nsa-on-data-surveillance-a-912355html. Hubert Gude et al. (18 Jun 2014), “Spying together: Germany’s deep cooperation with the NSA,” Der Spiegel, http://www.spiegel.de/international/germany/the-german-bnd-and-american-nsa-cooperate-more-closely-than-thought-a-975445.html.

76Belgium, Italy, Spain, and Sweden: Ewen MacAskill and James Ball (2 Nov 2013), “Portrait of the NSA: No detail too small in quest for total surveillance,” Guardian, http://www.theguardian.com/world/2013/nov/02/nsa-portrait-total-surveillance.

76the US partners with countries: Jay Solomon and Siobhan Gorman (21 May 2009), “Pakistan, India and U.S. begin sharing intelligence,” Wall Street Journal, http://online.wsj.com/news/articles/SB124287405244442187.

76regimes like Saudi Arabia’s: Ellen Knickmeyer and Siobhan Gorman (9 May 2012), “Behind foiled jet plot, stronger Saudi ties,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702304543904577394373945627482. Glenn Greenwald and Murtaza Hussain (25 Jul 2014), “The NSA’s new partner in spying: Saudi Arabia’s brutal state police,” Intercept, https://firstlook.org/theintercept/2014/07/25/nsas-new-partner-spying-saudi-arabias-brutal-state-police.

76this gives the NSA access: Edward Snowden (7 Mar 2014), “Statement to the European Parliament,” European Parliament, http://www.europarl.europa.eu/document/activities/cont/201403/20140307ATT80674/20140307ATT80674EN.pdf.

76the NSA spies on the Turkish government: Andy Müller-Maguhn et al. (31 Aug 2014), “A two-faced friendship: Turkey is ‘partner and target’ for the NSA,” Der Spiegel, http://www.spiegel.de/international/documents-show-nsa-and-gchq-spied-on-partner-turkey-a-989011.html. Laura Poitras et al. (31 Aug 2014), “How the NSA helped Turkey kill Kurdish rebels,” Intercept, https://firstlook.org/theintercept/2014/08/31/nsaturkeyspiegel.

76NSA spies on the government of . . . Germany: David E. Sanger (1 May 2014), “U.S. and Germany fail to reach a deal on spying,” New York Times, http://www.nytimes.com/2014/05/02/world/europe/us-and-germany-fail-to-reach-a-deal-on-spying.html. Mark Landler (2 May 2014), “Merkel signals that tension persists over U.S. spying,” New York Times, http://www.nytimes.com/2014/05/03/world/europe/merkel-says-gaps-with-us-over-surveillance-remain.html. Andy Müller-Maguhn et al. (14 Sep 2014), “Treasure map: The NSA breach of Telekom and other German firms,” Der Spiegel, http://www.spiegel.de/international/world/snowden-documents-indicate-nsa-has-breached-deutsche-telekom-a-991503.html.

76we spy on all of our partners: Many people believe that the US and the UK spy on each other’s citizens as a way of getting around their own domestic laws. It’s legal as long as they can convince themselves that it’s “inadvertent.”

76when the NSA touts its: Justin Elliott and Theodoric Meyer (23 Oct 2013), “Claim on ‘attacks thwarted’ by NSA spreads despite lack of evidence,” Pro Publica, http://www.propublica.org/article/claim-on-attacks-thwarted-by-nsa-spreads-despite-lack-of-evidence.

77The NSA gives Israel’s: Glenn Greenwald, Laura Poitras, and Ewen MacAskill (11 Sep 2013), “NSA shares raw intelligence including Americans’ data with Israel,” Guardian, http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents.

77Even historical enemies: Political considerations still matter. China has a serious problem with Uighur terrorists, and would certainly welcome US help in dealing with the threat. The US won’t help, of course, because continuing Uighur terrorism will help weaken China. Chien-peng Chung (2002), “China’s ‘war on terror’: September 11 and Uighur separatism,” Foreign Affairs, http://www.foreignaffairs.com/articles/58030/chien-peng-chung/chinas-war-on-terror-september-11-and-uighur-separatism. Elizabeth van Wie Davis (Jan 2008), “Uyghur Muslim ethnic separatism in Xinjiang, China,” Asia-Pacific Center for Security Studies, http://www.apcss.org/college/publications/uyghur-muslim-ethnic-separatism-in-xinjiang-china.

77After 9/11, Russia rebranded: John Laughland (8 Sep 2004), “The Chechens’ American friends,” Guardian, http://www.theguardian.com/world/2004/sep/08/usa.russia. Simon Shuster (19 Sep 2011), “How the war on terrorism did Russia a favor,” Time, http://content.time.com/time/world/article/0,8599,2093529,00.html. James Gordon Meek (19 Feb 2014), “The secret battles between US forces and Chechen terrorists,” ABC News, http://abcnews.go.com/Blotter/secret-battles-us-forces-chechen-terrorists/story?id=22580688.

77In 2011, Russia warned the US: Tom Winter (25 Mar 2014), “Russia warned U.S. about Tsarnaev, but spelling issue let him escape,” NBC News, http://www.nbcnews.com/storyline/boston-bombing-anniversary/russia-warned-u-s-about-tsarnaev-spelling-issue-let-him-n60836.

77We returned the favor: Laura Smith-Spart and Nick Paton Walsh (4 Feb 2014), “United States reveals ‘specific’ threats to Olympic Games,” CNN, http://www.cnn.com/2014/02/04/world/europe/russia-sochi-winter-olympics.

6: Consolidation of Institutional Control

78more an alliance of interests: Communications professor Robert M. McChesney called the symbiotic relationship between big data and big government “a marriage made in heaven, with dire implications for liberty and democracy.” Robert M. McChesney (2013), Digital Disconnect: How Capitalism Is Turning the Internet against Democracy, New Press, p. 21, http://books.google.com/books/?id=j_7EkTI8kVQC.

78the NSA gets direct access: We knew this even before Edward Snowden, from the previous NSA whistleblower Mark Klein. Mark Klein (8 Jun 2006), “Declaration of Mark Klein,” Hepting, et al., v. AT&T, et al., United States District Court, Northern District of California (No. C-06-0672-VRW), https://www.eff.org/files/filenode/att/Mark%20Klein%20Unredacted%20Decl-Including%20Exhibits.pdf. Ellen Nakashima (7 Nov 2007), “A story of surveillance,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2007/11/07/AR2007110700006.html.

79GCHQ pays telcos: James Ball, Luke Harding, and Juliette Garside (2 Aug 2013), “BT and Vodafone among telecoms companies passing details to GCHQ,” Guardian, http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq.

79Vodafone gives: Vodafone (2014), “Law enforcement disclosure report,” http://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement.html. Peter Svensson (9 Jun 2014), “Vodafone report sparks global surveillance debate,” Associated Press, http://bigstory.ap.org/article/cellphone-operator-wades-surveillance-debate. Juliette Garside (5 Jun 2014), “Vodafone reveals existence of secret wires that allow state surveillance,” Guardian, http://www.theguardian.com/business/2014/jun/06/vodafone-reveals-secret-wires-allowing-state-surveillance.

79French government eavesdrops: Jacques Follorou and Glenn Greenwald (25 Oct 2013), “France in the NSA’s crosshair: Wanadoo and Alcatel targeted,” Le Monde, http://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-wanadoo-and-alcatel-targeted_3499739_651865.html. Jacques Follorou (21 Mar 2014), “Espionnage: Comment Orange et les services secrets coopèrent,” Le Monde, http://www.lemonde.fr/international/article/2014/03/20/dgse-orange-des-liaisons-incestueuses_4386264_3210.html.

79About a dozen countries: British Broadcasting Corporation (8 Apr 2014), “Top EU court rejects EU-wide data retention law,” BBC News, http://www.bbc.com/news/world-europe-26935096.

79Internet cafes in Iran: Iran Media Program (8 Apr 2013), “Digital media: FATA polices Internet cafés with 20 new regulations,” Annenberg School for Communication, http://www.iranmediaresearch.org/en/blog/218/13/04/08/1322.

79Vietnam: Reporters Without Borders (2013), “Vietnam,” in Enemies of the Internet, http://surveillance.rsf.org/en/vietnam.

79India: Rama Lakshmi (1 Aug 2011), “India’s new Internet rules criticized,” Washington Post, http://www.washingtonpost.com/world/indias-new-internet-rules-criticized/2011/07/27/gIQA1zS2mI_story.html.

79US government bought data: Chris Jay Hoofnagle (1 Aug 2003), “Big Brother’s little helpers: How Choicepoint and other commercial data brokers collect, process, and package your data for law enforcement,” North Carolina Journal of International Law and Commercial Regulations 29, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=582302. Jon D. Michaels (6 Oct 2008), “All the president’s spies: Private-public intelligence partnerships in the war on terror,” California Law Review 96, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1279867.

79data from Torch Concepts: Matthew L. Wald (21 Feb 2004), “U.S. calls release of JetBlue data improper,” New York Times, http://www.nytimes.com/2004/02/21/business/21blue.html.

79a database of Mexican voters: CR Staff (1 May 2003), “U.S. government purchase data on Mexico’s 65 million registered voters,” Information Clearinghouse, http://www.informationclearinghouse.info/article3186.htm.

79US law requires financial institutions: US Financial Crimes Enforcement Network (11 May 2014), “Bank Secrecy Act requirements: A quick reference guide for money services business,” http://www.fincen.gov/financial_institutions/msb/materials/en/bank_reference.html.

79States like Illinois: Kenneth Lowe (29 Jun 2008), “Illinois made $64.3 million selling driver’s license information,” Herald-Review, http://herald-review.com/business/local/illinois-made-million-selling-driver-s-license-information/article_43c51a15-c885-575e-ac5d-0c01cc9acb6b.html.

79Ohio: Joe Guillen (11 Jul 2010), “Ohio collects millions selling driving records with your personal information,” Plain Dealer, http://www.cleveland.com/open/index.ssf/2010/07/ohio_collects_millions_selling.html.

79Texas: Tim Cushing (13 Feb 2013), “Texas DMV sells personal information to hundreds of companies; Drivers not allowed to opt-out,” Tech Dirt, http://www.techdirt.com/articles/20130212/21285321958/texas-dmv-sells-personal-information-to-hundreds-companies-drivers-not-allowed-to-opt-out.shtml.

79Florida: Jeff Weinsier (12 Oct 2011), “Florida makes $63M selling drivers’ info,” Local 10, http://www.local10.com/news/Florida-Makes-63M-Selling-Drivers-Info/3078462.

79voter registration data: Kim Zetter (11 Dec 2003), “For sale: The American voter,” Wired, http://archive.wired.com/politics/security/news/2003/12/61543.

79The UK government proposed: Rowena Maxon (18 Apr 2014), “HMRC to sell taxpayers’ financial data,” Guardian, http://www.theguardian.com/politics/2014/apr/18/hmrc-to-sell-taxpayers-data.

79UK National Health Service: Randeep Ramesh (19 Jan 2014), “NHS patient data to be made available for sale to drug and insurance firms,” Guardian, http://www.theguardian.com/society/2014/jan/19/nhs-patient-data-available-companies-buy.

79There’s a feedback loop: This has been called “data laundering.” Chris Jay Hoofnagle (2 Sep 2014), “The Potemkinism of privacy pragmatism,” Slate, http://www.slate.com/articles/technology/future_tense/2014/09/data_use_regulation_the_libertarian_push_behind_a_new_take_on_privacy.single.html.

80you can configure your browser: Geoff Duncan (9 Jun 2012), “Why Do Not Track may not protect anybody’s privacy,” Digital Trends, http://www.digitaltrends.com/mobile/why-do-not-track-may-not-protect-anybodys-privacy.

80It’s a bit different in Europe: European Parliament and Council of Europe (24 Oct 1995), “Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,” http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML. Council of Europe (Apr 2014), “Handbook on European data protection law,” http://www.echr.coe.int/Documents/Handbook_data_protection_ENG.pdf.

80data can flow from the EU: Zack Whittaker (25 Apr 2011), “Safe harbor: Why EU data needs ‘protecting’ from US law,” ZDNet, http://www.zdnet.com/blog/igeneration/safe-harbor-why-eu-data-needs-protecting-from-us-law/8801.

80public-private surveillance partnership: Jay Stanley (Aug 2004), “The surveillance-industrial complex,” American Civil Liberties Union, https://www.aclu.org/sites/default/files/FilesPDFs/surveillance_report.pdf.

801,931 different corporations: Dana Priest and William M. Arkin (19 Jul 2010), “A hidden world, growing beyond control,” Washington Post, http://projects.washingtonpost.com/top-secret-america/articles/a-hidden-world-growing-beyond-control.

8070% of the US intelligence budget: Robert O’Harrow Jr., Dana Priest, and Marjorie Censer (10 Jun 2013), “NSA leaks put focus on intelligence apparatus’s reliance on outside contractors,” Washington Post, http://www.washingtonpost.com/business/nsa-leaks-put-focus-on-intelligence-apparatuss-reliance-on-outside-contractors/2013/06/10/e940c4ba-d20e-11e2-9f1a-1a7cdee20287_story.html.

80Keith Alexander started: It seems unlikely that he would have had the spare time necessary to invent things directly applicable to his job. Shane Harris (29 Jun 2014), “The NSA’s cyber-king goes corporate,” Foreign Policy, http://www.foreignpolicy.com/articles/2014/07/29/the_crypto_king_of_the_NSA_goes_corporate_keith_alexander_patents. Conor Friedersdorf (31 Jul 2014), “Keith Alexander’s unethical get-rich-quick plan,” Atlantic, http://www.theatlantic.com/politics/archive/2014/07/keith-alexanders-unethical-get-rich-quick-plan/375367.

80He’s hired the NSA’s: Spencer Ackerman (17 Oct 2014), “Senior NSA official moonlighting for private security firm,” Guardian, http://www.theguardian.com/us-news/2014/oct/17/senior-nsa-official-moonlighting-private-cybersecurity-firm.

81FinFisher: Elaman-Gamma Group (2011), “German security solutions,” Wikileaks, https://s3.amazonaws.com/s3.documentcloud.org/documents/810435/313-elaman-product-list-finfisher.pdf.

81the FinFisher toolkit: Morgan Marquis-Boire and Bill Marczak (29 Aug 2012), “The smartphone who loved me: FinFisher goes mobile?” Citizen Lab, Munk School of Global Affairs, University of Toronto, http://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile. Nicole Perlroth (30 Aug 2012), “Software meant to fight crime is used to spy on dissidents,” New York Times, http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html.

81The Moroccan government: Bill Marczak et al. (17 Feb 2014), “Mapping Hacking Team’s ‘untraceable’ spyware,” Citizen Lab, Munk School of Global Affairs, Univers-ity of Toronto, https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware.

81arrested dissidents in Bahrain: Vernon Silver and Ben Elgin (22 Aug 2011), “Torture in Bahrain becomes routine with help from Nokia Siemens,” Bloomberg News, http://www.bloomberg.com/news/2011-08-22/torture-in-bahrain-becomes-routine-with-help-from-nokia-siemens-networking.html.

81The conference ISS World: Ms. Smith (10 Nov 2011), “Secret snoop conference for gov’t spying: Go stealth, hit a hundred thousand targets,” Network World, http://www.networkworld.com/article/2221080/microsoft-subnet/secret-snoop-conference-for-gov-t-spying—go-stealth—hit-a-hundred-thousand-targe.html. Jennifer Valentino-DeVries, Julia Angwin, and Steve Stecklow (19 Nov 2011), “Document trove exposes surveillance methods,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052970203611404577044192607407780. Vernon Silver (21 Dec 2011), “Spies fail to escape spyware in $5 billion bazaar for cyber arms,” Bloomberg News, http://www.bloomberg.com/news/2011-12-22/spies-fail-to-escape-spyware-in-5-billion-bazaar-for-cyber-arms.html.

81The 2014 brochure: ISS World Training (3–4 Mar 2014), “ISS World Middle East,” J. W. Marriott, Dubai, UAE, http://www.issworldtraining.com/iss_mea/Brochure01.pdf.

81Many countries send representatives: Privacy International has a list of who attended between 2006 and 2009. Privacy International (2012), “Surveillance Who’s Who,” https://www.privacyinternational.org/sww.

81There are similar conferences: Uwe Buse and Marcel Rosenbach (8 Dec 2011), “The transparent state enemy: Western surveillance technology in the hands of despots,” Der Spiegel, http://www.spiegel.de/international/world/the-transparent-state-enemy-western-surveillance-technology-in-the-hands-of-despots-a-802317.html.

81big US defense contractors: Visiongain (8 Jan 2013), “‘Global cyberwarfare market to be worth $16.96bn in 2013’ says Visiongain Report,” Reuters, http://www.reuters.com/article/2013/01/08/idUSnPre7f3zna+100+PRN20130108. James Bamford (12 Jun 2013), “The secret war,” Wired, http://www.wired.com/2013/06/general-keith-alexander-cyberwar/all.

81The French company Bull SA: Paul Sonne and Margaret Coker (30 Aug 2011), “Firms aided Libyan spies,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424053111904199404576538721260166388.

81Nigeria used the Israeli firm: Elbit Systems (24 Apr 2013), “Elbit Systems awarded a $40 million contract to supply a country in Africa with the Wise Intelligence Technology (WiT[TM]) System,” http://ir.elbitsystems.com/phoenix.zhtml?c=61849&p=irol-newsArticle&ID=1810121.

81Syria used the German company: Der Spiegel (11 Apr 2012), “Monitoring the opposition: Siemens allegedly sold surveillance gear to Syria,” Der Spiegel, http://www.spiegel.de/international/business/ard-reports-siemens-sold-surveillance-technology-to-syria-a-826860.html.

81the Italian company Area SpA: Ben Elgin and Vernon Silver (3 Nov 2011), “Syria crackdown gets Italy firm’s aid with U.S.-Europe spy gear,” Bloomberg News, http://www.bloomberg.com/news/2011-11-03/syria-crackdown-gets-italy-firm-s-aid-with-u-s-europe-spy-gear.html.

81The Gadhafi regime in Libya: Paul Sonne and Margaret Coker (30 Aug 2011), “Firms aided Libyan spies,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424053111904199404576538721260166388.

81systems used in Azerbaijan: Sarah Kendzior and Katy Pearce (11 May 2012), “How Azerbaijan demonizes the Internet to keep citizens offline,” Slate, http://www.slate.com/s/future_tense/2012/05/11/azerbaijan_eurovision_song_contest_and_keeping_activists_and_citizens_off_the_internet_.html.

81and Uzbekistan: Sarah Kendzior (Jul 2012), “Digital freedom of expression in Uzbekistan: An example of social control and censorship,” New America Foundation, http://newamerica.net/sites/newamerica.net/files/policydocs/KendziorFINAL7172012.pdf.

82There are few laws: Open Technology Institute (9 Dec 2013), “International agreement reached controlling export of mass and intrusive surveillance technology,” New America Foundation, http://oti.newamerica.net/posts/2013/international_agreement_reached_controlling_export_of_mass_and_intrusive_surveillance.

82built for corporate use: Uwe Buse and Marcel Rosenbach (8 Dec 2011), “The transparent state enemy: Western surveillance technology in the hands of despots,” Der Spiegel, http://www.spiegel.de/international/world/the-transparent-state-enemy-western-surveillance-technology-in-the-hands-of-despots-a-802317.html.

82US-based Blue Coat sells: The complete list is Afghanistan, Bahrain, Burma, China, Egypt, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, Singapore, South Korea, Syria, Thailand, Turkey, and Venezuela. Irene Poetranto et al. (9 Nov 2011), “Behind Blue Coat: Investigations of commercial filtering in Syria and Burma,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2011/11/behind-blue-coat. Irene Poetranto et al. (29 Nov 2011), “Behind Blue Coat: An update from Burma,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2011/11/behind-blue-coat-an-update-from-burma. Morgan Marquis-Boire et al. (15 Jan 2013), “Planet Blue Coat: Mapping global censorship and surveillance tools,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2013/01/planet-blue-coat-mapping-global-censorship-and-surveillance-tools.

82Netsweeper is a . . . filtering product: Adam Senft et al. (20 Feb 2014), “Internet filtering in a failed state: The case of Netsweeper in Somalia,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2014/02/internet-filtering-failed-state-case-netsweeper-somalia. Helmi Noman et al. (20 Jun 2013), “O Pakistan, we stand on guard for thee: An analysis of Canada-based Net-sweeper’s role in Pakistan’s censorship regime,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2013/06/o-pakistan.

82Fortinet is used to censor: Open Net Initiative (12 Oct 2005), “Internet filtering in Burma 2005,” https://opennet.net/sites/opennet.net/files/ONI_Burma_Country_Study.pdf. New Light of Myanmar (16 May 2004), “Prime minister attends ceremony to introduce Fortinet Antivirus Firewall,” New Light of Myanmar, http://www.myanmar.gov.mm/NLM-2004/May04/enlm/May16_h1.html.

82governments of Tunisia and Iran: Ben Arnoldy (10 Oct 2007), “When US-made ‘censorware’ ends up in iron fists,” Christian Science Monitor, http://www.csmonitor.com/2007/1010/p01s01-ussc.html.

82also allows the bad guys: United Nations Office on Drugs and Crime (Sep 2012), “The use of the Internet for terrorist purposes,” http://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf.

82facial recognition technology that Disney uses: Planet Biometrics (2 Mar 2011), “Biometrics cruise into the Disney Dream,” http://www.planetbiometrics.com/article-details/i/504.

83Communications Assistance for Law Enforcement Act: US Congress (2012), “Department of State Rewards Program Update and Technical Corrections Act of 2012,” Public Law 283, http://www.gpo.gov/fdsys/pkg/PLAW-112publ283/html/PLAW-112publ283.htm.

83The FBI is currently lobbying: Charlie Savage (7 May 2013), “U.S. weighs wide overhaul of wiretap laws,” New York Times, http://www.nytimes.com/2013/05/08/us/politics/obama-may-back-fbi-plan-to-wiretap-web-users.html.

83The FBI’s ultimate goal: Charlie Savage (27 Sep 2010), “U.S. tries to make it easier to wiretap the Internet,” New York Times, http://www.nytimes.com/2010/09/27/us/27wiretap.html.

83Lavabit was an e-mail service: Tim Rogers (Nov 2013), “The real story of Lavabit’s founder,” D Magazine, http://www.dmagazine.com/publications/d-magazine/2013/november/real-story-of-lavabit-founder-ladar-levison.

84Levison received a National Security Letter: Spencer Ackerman (9 Aug 2013), “Lavabit e-mail service abruptly shut down citing government interference,” Guardian, http://www.theguardian.com/technology/2013/aug/08/lavabit-e-mail-shut-down-edward-snowden. Ladar Levison (20 May 2014), “Secrets, lies and Snowden’s email: Why I was forced to shut down Lavabit,” Guardian, http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email.

84The agency can force you to modify: Declan McCullagh (24 Jul 2013), “Feds put heat on Web firms for master encryption keys,” CNET, http://www.cnet.com/news/feds-put-heat-on-web-firms-for-master-encryption-keys.

84Your business has been commandeered: Levison was threatened with arrest for shutting down Lavabit rather than letting the FBI have unfettered access to all of its users. Michael Isikoff (13 Aug 2013), “Lavabit.com owner: ‘I could be arrested’ for resisting surveillance order,” NBC News, http://www.nbcnews.com/news/other/lavabit-com-owner-i-could-be-arrested-resisting-surveillance-order-f6C10908072.

84US government convinced Skype: Serge Malenkovich (21 Mar 2013), “Does Big Brother watch your Skype?” Kaspersky Lab Daily, http://.kaspersky.com/skype-government-surveillance. James Risen and Nick Wingfield (20 Jun 2013), “Silicon Valley and spy agency bound by strengthening web,” New York Times, http://www.nytimes.com/2013/06/20/technology/silicon-valley-and-spy-agency-bound-by-strengthening-web.html.

84We don’t know what the changes were: Microsoft Corporation (13 Oct 2011), “Microsoft officially welcomes Skype,” Microsoft News Center, http://www.microsoft.com/en-us/news/press/2011/oct11/10-13skypepr.aspx.

84we know they happened: Glenn Greenwald (11 Jul 2013), “Microsoft handed the NSA access to encrypted messages,” Guardian, http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data.

84US government secretly threatened Yahoo: Craig Timberg (11 Sep 2014), “U.S. threatened massive fine to force Yahoo to release data,” Washington Post, http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html.

84the NSA paid RSA Security: Joseph Menn (20 Dec 2013), “Secret contract tied NSA and security industry pioneer,” Reuters, http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220.

85the NSA hacked into the trunk: Level 3 Communications has the NSA code name of “LITTLE.” As a general rule, if your service provider has an NSA code name, you’re probably screwed. Nicole Perlroth (25 Nov 2013), “N.S.A. may have hit Internet companies at a weak spot,” New York Times, http://www.nytimes.com/2013/11/26/technology/a-peephole-for-the-nsa.html.

85The angry response: Brandon Downey (30 Oct 2013), “This is the big story in tech today,” Google Plus, https://plus.google.com/+BrandonDowney/posts/SfYy8xbDWGG.

85The agency creates fake Facebook pages: Ryan Gallagher and Glenn Greenwald (12 Mar 2014), “How the NSA plans to infect ‘millions’ of computers with malware,” Intercept, https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware.

85intercepts Cisco equipment: Sean Gallagher (14 May 2014), “Photos of an NSA ‘upgrade’ factory show Cisco router getting implant,” Ars Technica, http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant. Sarah Silbert (16 May 2014), “Latest Snowden leak reveals the NSA intercepted and bugged Cisco routers,” Engadget, http://www.engadget.com/2014/05/16/nsa-bugged-cisco-routers.

85NSA’s BULLRUN program: James Ball, Julian Borger, and Glenn Greenwald (5 Sep 2013), “Revealed: How US and UK spy agencies defeat internet privacy and security,” Guardian, http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security. Nicole Perlroth, Jeff Larson, and Scott Shane (5 Sep 2013), “N.S.A. able to foil basic safeguards of privacy on Web,” New York Times, http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html.

86British, Russian, Israeli: Brian Krebs (28 May 2014), “Backdoor in call monitoring, surveillance gear,” Krebs on Security, http://krebsonsecurity.com/2014/05/backdoor-in-call-monitoring-surveillance-gear.

86they have employees secretly: Peter Maass and Laura Poitras (10 Oct 2014), “Core secrets: NSA saboteurs in China and Germany,” Intercept, https://firstlook.org/theintercept/2014/10/10/core-secrets.

86Eric Schmidt tried to reassure: Martin Bryant (7 Mar 2014), “Google is ‘pretty sure’ its data is now protected against government spying, Eric Schmidt says,” Next Web, http://thenextweb.com/google/2014/03/07/google-pretty-sure-protected-government-spying-eric-schmidt-says.

7: Political Liberty and Justice

91the First Unitarian Church of Los Angeles sued: David Greene (27 Jan 2014), “Deep dive into First Unitarian Church v. NSA: Why freedom of association matters,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2014/01/deep-dive-first-unitarian-church-v-nsa-why-freedom-association-matters.

91Today, the church is worried: Joshua Eaton (15 Aug 2014), “Challenging the surveillance state,” UU World, http://www.uuworld.org/ideas/articles/297088.shtml.

91Yochai Benkler likens NSA surveillance: Yochai Benkler (13 Sep 2013), “Time to tame the NSA behemoth trampling our rights,” Guardian, http://www.theguardian.com/commentisfree/2013/sep/13/nsa-behemoth-trampling-rights.

91Even the politically conservative: Economist (16 Nov 2013), “The recorded world: Every step you take,” Economist, http://www.economist.com/news/leaders/21589862-cameras-become-ubiquitous-and-able-identify-people-more-safeguards-privacy-will-be.

92which give prosecutors discretion: Harvey Silverglate and Tim Lynch (Jan/Feb 2010), “The criminalization of almost everything,” Cato Policy Report, http://www.cato.org/policy-report/januaryfebruary-2010/criminalization-almost-everything. Harvey Silverglate (2011), Three Felonies a Day: How the Feds Target the Innocent, Encounter Books, http://www.threefeloniesaday.com. G. H. Reynolds (8 Jul 2013), “Ham sandwich nation: Due process when everything is a crime,” Columbia Law Review 113, http://columbialawreview.org/ham-sandwich-nation_reynolds.

92overly broad material witness laws: Rose Ciotta (4 May 2003), “Critics see abuse of material-witness law,” Philadelphia Inquirer, http://articles.philly.com/2003-05-04/news/25460033_1_material-witness-law-material-witnesses-material-witness-statute. Anjana Malhotra (27 Jun 2005), “Witness to abuse: Human rights abuses under the Material Witness Law since September 11,” Human Rights Watch, http://www.hrw.org/sites/default/files/reports/us0605_0.pdf. Naureen Shah et al. (21 Jul 2014), “Illusion of justice: Human rights abuses in US terrorism prosecutions,” Human Rights Watch, http://www.hrw.org/node/126101.

92expansion of the legally loaded terms: In North Carolina, a sawed-off shotgun is defined as a weapon of mass destruction. Jonathan Lemire (30 Aug 2011), “North Carolina student charged with having weapon of mass destruction for toting sawed-off shotgun,” New York Daily News, http://www.nydailynews.com/news/national/north-carolina-student-charged-weapon-mass-destruction-toting-sawed-off-shotgun-article-1.950971. Chris Berendt (29 Oct 2013), “Meth lab seized in Newton Grove, three arrested,” Sampson Independent, http://www.clintonnc.com/news/home_top-news/2746038/Meth-lab-seized-in-Newton-Grove%3B-three-arrested.

92someone who donates $10: Louis Jacobson (9 Jul 2013), “What’s the definition of ‘terrorism’?” Politifact, http://www.politifact.com/truth-o-meter/article/2013/jul/09/whats-definition-terrorism.

93Daniel Solove calls the situation Kafkaesque: Daniel J. Solove (2004), The Digital Person: Technology and Privacy in the Information Age, New York University Press, http://docs.law.gwu.edu/facweb/dsolove/Digital-Person/text/Digital-Person-CH3.pdf.

93Surveillance data has been used: The DHS was—and might still be—monitoring social networking sites, watching for how people react to news that “reflects adversely” on the US government. Ellen Nakashima (13 Jan 2012), “DHS monitoring of social media worries civil liberties advocates,” Washington Post, http://www.washingtonpost.com/world/national-security/dhs-monitoring-of-social-media-worries-civil-liberties-advocates/2012/01/13/gIQANPO7wP_story.html.

93Irishman Leigh Van Bryan tweeted: British Broadcasting Corporation (31 Jan 2012), “Caution on Twitter urged as tourists barred from US,” BBC News, http://www.bbc.co.uk/news/technology-16810312.

93The government had been surveilling: Gerry Smith (25 Jun 2014), “How police are scanning all of Twitter to detect terrorist threats,” Huffington Post, http://www.huffingtonpost.com/2014/06/25/dataminr-mines-twitter-to_n_5507616.html.

93he was questioned for five hours: Philip Messing (13 Apr 2013), “JFK passenger detained after talking about ‘bomb’ sandwich,” New York Post, http://nypost.com/2013/04/13/jfk-passenger-detained-after-talking-about-bomb-sandwich.

93vague promises of international: This excellent essay makes that point. Praxis (17 Jan 2014), “The world is now an airport: Surveillance and social control,” Medium, https://medium.com/i-m-h-o/9a1e5268ff39.

93Police arrested him for the crime: Lauren Russell (24 Apr 2013), “When oversharing online can get you arrested,” CNN, http://www.cnn.com/2013/04/18/tech/social-media/online-oversharing-arrests.

93jailed because of a racist tweet: British Broadcasting Corporation (27 Mar 2012), “Fabrice Muamba: Racist Twitter user jailed for 56 days,” BBC News, http://www.bbc.co.uk/news/uk-wales-17515992.

93tasteless Facebook post: British Broadcasting Corporation (4 Jun 2014), “Man jailed for offensive Ann Maguire Facebook post,” BBC News, http://www.bbc.co.uk/news/uk-england-27696446.

94US military targets drone strikes: Jeremy Scahill and Glenn Greenwald (10 Feb 2014), “The NSA’s secret role in the U.S. assassination program,” Intercept, https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role. Cori Crider (4 Mar 2014), “Killing in the name of algorithms,” Al Jazeera, http://america.aljazeera.com/opinions/2014/3/drones-big-data-waronterrorobama.html.

94The second is “signature strikes”: John Kaag and Sarah Kreps (2014), Drone Warfare, Wiley, chap. 12, http://books.google.com/books?id=I8oOBAAAQBAJ.

94half of all kills were signature strikes: Richard Engel and Robert Windrem (5 Jun 2013), “CIA didn’t always know who it was killing in drone strikes, classified documents show,” NBC News, http://investigations.nbcnews.com/_news/2013/06/05/18781930-cia-didnt-always-know-who-it-was-killing-in-drone-strikes-classified-documents-show.

94surveillance that is essentially indefinite: Karen McVeigh (27 Aug 2013), “NSA surveillance program violates the constitution, ACLU says,” Guardian, http://www.theguardian.com/world/2013/aug/27/nsa-surveillance-program-illegal-aclu-lawsuit.

94the Great Firewall of China: Oliver August (23 Oct 2007), “The Great Firewall: China’s misguided—and futile—attempt to control what happens online,” Wired, http://www.oliveraugust.com/journalism_chinas-internet-heroes.htm.

94The goal is less to banish: Gary King, Jennifer Pan, and Margaret E Roberts (May 2013), “How censorship in China allows government criticism but silences collective expression,” American Political Science Review 107, http://gking.harvard.edu/publications/how-censorship-china-allows-government-criticism-silences-collective-expression.

94The firewall works pretty well: Caitlin Dewey (12 Aug 2013), “Wikipedia largely alone in defying Chinese self-censorship demands,” Washington Post, http://www.washingtonpost.com/s/worldviews/wp/2013/08/12/wikipedia-largely-alone-in-defying-chinese-self-censorship-demands.

94more government censorship on the Internet: Ronald Deibert et al., eds. (2010), Access Controlled: The Shaping of Power, Rights, and Rule in Cyberspace, MIT Press, http://mitpress.mit.edu/books/access-controlled. John D. Sutter (19 Jun 2012), “Google reports ‘alarming’ rise in government censorship requests,” CNN, http://www.cnn.com/2012/06/18/tech/web/google-transparency-report.

94France, Germany, and Austria censor: Forbes (25 Dec 2000), “Swastika.com,” Forbes, http://www.forbes.com/forbes/2000/1225/6616164s1.html.

95Vietnam’s “Decree 72”: British Broadcasting Corporation (1 Sep 2013), “Vietnam internet restrictions come into effect,” BBC News, http://www.bbc.com/news/world-asia-23920541.

95Many countries censor content: Ronald Deibert et al., eds, (2008), Access Denied: The Practice and Policy of Global Internet Filtering, MIT Press, http://mitpress.mit.edu/books/access-denied.

95The UK censors pornography: Ben Quinn (10 Oct 2011), “Biggest four UK ISPs switching to ‘opt-in’ system for pornography,” Guardian, http://www.theguardian.com/society/2011/oct/11/pornography-internet-service-providers. Anthony Faiola (28 Sep 2013), “Britain’s harsh crackdown on Internet porn prompts free-speech debate,” Washington Post, http://www.washingtonpost.com/world/europe/britains-harsh-crackdown-on-internet-porn-prompts-free-speech-debate/2013/09/28/d1f5caf8-2781-11e3-9372-92606241ae9c_story.html.

95the US censored WikiLeaks: Ewen MacAskill (1 Dec 2010), “WikiLeaks website pulled by Amazon after U.S. political pressure,” Guardian, http://www.theguardian.com/media/2010/dec/01/wikileaks-website-cables-servers-amazon.

95Russian law requiring bloggers: Neil MacFarquhar (6 May 2014), “Russia quietly tightens reins on web with ‘Bloggers Law,’” New York Times, http://www.nytimes.com/2014/05/07/world/europe/russia-quietly-tightens-reins-on-web-with-bloggers-law.html.

95Those who do the reporting: The deputizing of citizens to report on each other is toxic to society. It creates a pervasive fear that unravels the social bonds that hold society together. Bruce Schneier (26 Apr 2007), “Recognizing ‘hinky’ vs. citizen informants,” Schneier on Security, https://www.schneier.com/blog/archives/2007/04/recognizing_hin_1.html.

95Internet companies in China: Jason Q. Ng (12 Mar 2012), “How China gets the Internet to censor itself,” Waging Nonviolence, http://wagingnonviolence.org/feature/how-china-gets-the-internet-to-censor-itself.

95the more severe the consequences: Cuiming Pang (2008), “Self-censorship and the rise of cyber collectives: An anthropological study of a Chinese online community,” Intercultural Communication Studies 18, http://www.uri.edu/iaics/content/2008v17n3/05%20Cuiming%20Pang.pdf.

95Surveillance has a: Gregory L. White and Philip G. Zimbardo (May 1975), “The chilling effects of surveillance: Deindividuation and reactance,” Office of Naval Research/National Technical Information Service, http://www.dtic.mil/dtic/tr/fulltext/u2/a013230.pdf.

95The net result is that GPS: US Supreme Court (23 Jan 2012), “Decision,” United States v. Jones (No. 10-1259), http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=US&navby=case&vol=000&invol=10-1259#opinion1.

95Eben Moglen wrote: Eben Moglen (27 May 2014), “Privacy under attack: The NSA files revealed new threats to democracy,” Guardian, http://www.theguardian.com/technology/2014/may/27/-sp-privacy-under-attack-nsa-files-revealed-new-threats-democracy.

96Sources are less likely to contact: G. Alex Sinha (28 Jul 2014), “With liberty to monitor all,” Human Rights Watch, http://www.hrw.org/reports/2014/07/28/liberty-monitor-all.

96Lawyers working on cases: In 2014, we learned that the Australian Signals Directorate (ASD), Australia’s NSA counterpart, eavesdropped on communications between the US law firm Mayer Brown and its client the government of Indonesia. The ASD passed those communications to the NSA. James Risen and Laura Poitras (15 Feb 2014), “Spying by NSA ally entangled US law firm,” New York Times, http://www.nytimes.com/2014/02/16/us/eavesdropping-ensnared-american-law-firm.html.

96they worry that their conversations: G. Alex Sinha (28 Jul 2014), “With liberty to monitor all,” Human Rights Watch, http://www.hrw.org/reports/2014/07/28/liberty-monitor-all-0.

96Post-9/11 surveillance has caused: PEN America (2013), “Chilling effects: NSA surveillance drives U.S. writers to self-censor,” http://www.pen.org/sites/default/files/Chilling%20Effects_PEN%20American.pdf.

96A Pew Research Center study: The survey was taken just after the stories broke that the NSA was collecting telephone metadata from Verizon, and presumably from everyone else, and collecting Internet data from companies like Google, Yahoo, Facebook, Microsoft, and Twitter. Elizabeth Dwoskin (26 Aug 2014), “Survey: People don’t want to talk online about the NSA,” Wall Street Journal, http://s.wsj.com/digits/2014/08/26/survey-people-dont-want-to-talk-online-about-the-nsa.

96nearly half of Americans have changed: Amrita Jayakumar (2 Apr 2014), “Americans say they’re shopping less online. Blame the NSA,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2014/04/02/americans-say-theyre-shopping-less-online-blame-the-nsa.

96Surveillance has chilled Internet use: Dawinder S. Sidhu (2007), “The chilling effect of government surveillance programs on the use of the Internet by Muslim-Americans,” University of Maryland Law Journal of Race, Religion, Gender and Class 7, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1002145.

96groups like environmentalists: David Greene (6 Nov 2013), “EFF files 22 firsthand accounts of how NSA surveillance chilled the right to association,” Electronic Frontier Foundation, https://www.eff.org/press/releases/eff-files-22-firsthand-accounts-how-nsa-surveillance-chilled-right-association.

96After the Snowden revelations: Alex Marthews and Catherine Tucker (24 Mar 2014), “Government surveillance and Internet search behavior,” Social Science Research Network, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2412564.

96UN High Commissioner on Human Rights: United Nations High Commissioner for Human Rights (30 Jun 2014), “The right to privacy in the digital age,” http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf.

96French president Nicolas Sarkozy: Liz Klimas (22 Mar 2012), “Simply visiting terrorist websites could mean jail time in France,” Blaze, http://www.theblaze.com/stories/2012/03/22/simply-visiting-terrorist-websites-could-mean-jail-time-in-france.

97Think of how you act: Rachel Clark (11 Jul 2013), “‘Everything about everyone’: the depth of Stasi surveillance in the GDR,” View East, http://thevieweast.wordpress.com/2013/07/11/everything-about-everyone-the-depth-of-stasi-surveillance-in-the-gdr. Oka Efagene (20 Aug 2014), “Your calls may soon be monitored: NCC,” Pulse, http://pulse.ng/lifestyle/tech/security-vs-privacy-your-calls-may-soon-be-monitored-ncc-id3066105.html.

97There is value in dissent: Carl Joachim Friedrich (Oct 1939), “Democracy and dissent,” Political Quarterly 10, http://onlinelibrary.wiley.com/doi/10.1111/j.1467-923X.1939.tb00987.x/abstract.

97Defending this assertion: Bruce Schneier (2012), Liars and Outliers: Enabling the Trust That Society Needs to Thrive, Wiley, chap. 16, http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118143302.html.

98Frank Zappa said something similar: Frank Zappa and Peter Occhiogrosso (1989), The Real Frank Zappa Book, Poseidon Press, p. 185, http://books.google.com/books?id=FB0O_HCpBy0C.

98We need imperfect security: Washington University law professor Neil Richards makes the point that “new ideas often develop best away from the intense scrutiny of public exposure.” Neil M. Richards (May 2013), “The dangers of surveillance,” Harvard Law Review 126, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2239412.

98township can use aerial surveillance: The city of Baltimore uses aerial photography to look for building permit violations by comparing photographs over time with its database of issued permits. Doug Donovan (7 Sep 2004), “A bird’s-eye view of every part of the city,” Baltimore Sun, http://articles.baltimoresun.com/2004-09-07/news/0409070310_1_images-deck-aerial.

98replacing that judgment: Gregory Conti (4 Apr 2014), “A conservation theory of governance for automated law enforcement,” We Robot 2014, Coral Gables, Florida, http://robots.law.miami.edu/2014/wp-content/uploads/2013/06/Shay-etal-TheoryofConservation_final.pdf.

98Ubiquitous surveillance could lead: The “Cannibal Cop,” who chatted online with pals about raping and eating his wife and other women, but never acted on it, serves as an example. Daniel Beekman and Dareh Gregorian (1 Jul 2014), “‘Cannibal cop’ released into custody of his mother after conviction overturned in stunning reversal,” New York Daily News, http://www.nydailynews.com/new-york/nyc-crime/conviction-cannibal-nypd-overturned-article-1.1850334. Daniel Engber (2 Jul 2014), “The cannibal cop goes free, but what about the murderous mechanic?” Slate, http://www.slate.com/articles/news_and_politics/crime/2014/07/the_cannibal_cop_gilberto_valle_goes_free_what_about_michael_van_hise_and.html.

98Already law enforcement agencies: Walter L. Perry et al. (2013), “Predictive policing: The role of crime forecasting in law enforcement operations,” RAND Corporation, https://www.ncjrs.gov/pdffiles1/nij/grants/243830.pdf. US National Institute of Justice (13 Jan 2014), “Predictive policing research,” http://www.nij.gov/topics/law-enforcement/strategies/predictive-policing/Pages/research.aspx.

99This notion of making certain crimes: Michael L. Rich (Mar 2013), “Should we make crime impossible?” Harvard Journal of Law and Public Policy 36, http://www.harvard-jlpp.com/wp-content/uploads/2013/04/36_2_795_Rich.pdf.

99Yochai Benkler said: Yochai Benkler (4 Dec 2013), “System and conscience: NSA bulk surveillance and the problem of freedom,” Center for Research on Computation and Society, Harvard University, http://crcs.seas.harvard.edu/event/yochai-benkler-crcs-lunch-seminar and https://www.youtube.com/watch?v=6EUueRpCzpw.

99secrecy is necessary: William E. Colby (1976), “Intelligence secrecy and security in a free society,” International Security 1, http://people.exeter.ac.uk/mm394/Intelligence%20Secrecy%20and%20Security.pdf. James E. Knott (Summer 1975), “Secrecy and intelligence in a free society,” Studies in Intelligence 19, https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-csi/vol19no2/html/v19i2a01p_0001.htm.

99This notion of military secrecy: Pamela O. Long and Alex Roland (1994), “Military secrecy in antiquity and early medieval Europe: A critical reassessment,” History and Technology 11, http://www.tandfonline.com/doi/abs/10.1080/07341519408581866?journalCode=ghat20.

99recently has changed: Lewis A. Coser (Summer 1963), “The dysfunctions of military secrecy,” Social Problems 11, http://www.jstor.org/discover/10.2307/798801.

99In World War II, we extended: The secrecy and deception around D-Day is an excellent example. Jon S. Wendell (1997), “Strategic deception behind the Normandy invasion,” US Air Force, http://www.globalsecurity.org/military/library/report/1997/Wendell.htm. Dan Lamothe (6 Jun 2014), “Remembering the military secrecy and lies that made D-Day successful,” Washington Post, http://www.washingtonpost.com/news/checkpoint/wp/2014/06/06/remembering-the-military-secrecy-and-lies-that-made-d-day-successful.

99entire areas of knowledge: Steven Aftergood (Oct 1999), “Government secrecy and knowledge production: A survey of some general issues,” in Secrecy and Knowledge Production, ed. Judith Reppy, Cornell University Peace Studies Program Occasional Paper #23, http://large.stanford.edu/publications/crime/references/dennis/occasional-paper23.pdf. Francis B. Kapper (Oct 1999), “The role of government in the production and control of scientific and technical knowledge,” ibid. Koen Vermeir and Daniel Margocsy (Jun 2012), “States of secrecy: An introduction,” British Journal of the History of Science 45, http://journals.cambridge.org/action/displayAbstract?fromPage=online&aid=8608487&fileId=S0007087412000052.

99After 9/11, we generalized: Peter Galison (Autumn 2004), “Removing knowledge,” Critical Inquiry 31, http://www.fas.harvard.edu/~hsdept/bios/docs/Removing%20Knowledge.pdf.

99No one knows the exact number: Ibid.

99almost 5 million people: US Office of Management and Budget (Feb 2014), “Suitability and security processes review,” http://www.fas.org/sgp/othergov/omb/suitsec-2014.pdf.

99all the details of NSA surveillance: Director of National Intelligence Clapper: “Disclosure of this still-classified information regarding the scope and operational details of N.S.A. intelligence activities implicated by plaintiffs’ allegations could be expected to cause extremely grave damage to the national security of the United States.” James R. Clapper (20 Dec 2013), “Public declaration of James R. Clapper, Director of National Intelligence,” Jewel et al. v. National Security Agency et al. (08-cv-4873-JSW; Shubert, et al., v. Obama, et al. (07-cv-693-JSW), United States District Court for the Northern District of California, http://www.dni.gov/files/documents/1220/DNI%20Clapper%202013%20Jewel%20Shubert%20SSP%20Unclassified%20Signed%20Declaration.pdf.

100You weren’t even allowed: Post-Snowden, the secret FISA Court has declassified many of its more general rulings. Another thing that would never have happened had Snowden not done what he did.

100police requests for cell phone: Jennifer Valentino-DeVries (2 Jun 2014), “Sealed court files obscure rise in electronic surveillance,” Wall Street Journal, http://online.wsj.com/news/article_email/sealed-court-files-obscure-rise-in-electronic-surveillance-1401761770-lMyQjAxMTA0MDAwMzEwNDMyWj.

100The UK police won’t even admit: Joseph Cox (7 Aug 2014), “UK police won’t admit they’re tracking people’s phone calls,” Vice, http://motherboard.vice.com/read/uk-police-wont-admit-theyre-tracking-peoples-phone-calls.

100Those who receive such a letter: This is a fascinating first-person account of what it’s like to receive a National Security Letter. It was published anonymously, but was later revealed to be the work of Internet Archive founder Brewster Kahle. Anonymous (23 Mar 2007), “My National Security Letter gag order,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201882.html.

100the reason the FBI: Kim Zetter (3 Mar 2014), “Florida cops’ secret weapon: Warrantless cellphone tracking,” Wired, http://www.wired.com/2014/03/stingray. Kim Zetter (4 Mar 2014), “Police contract with spy tool maker prohibits talking about device’s use,” Wired, http://www.wired.com/2014/03/harris-stingray-nda.

100local police departments refuse: Darwin Bond-Graham and Ali Winston (30 Oct 2013), “All tomorrow’s crimes: The future of policing looks a lot like good branding,” SF Weekly, http://www.sfweekly.com/2013-10-30/news/predpol-sfpd-predictive-policing-compstat-lapd/full.

100The US has a complex: Jennifer K. Elsea (10 Jan 2013), “The protection of classified information: The legal framework,” Congressional Research Service, http://fas.org/sgp/crs/secrecy/RS21900.pdf.

100The executive branch abuses: Carrie Newton Lyons (2007), “The state secrets privilege: Expanding its scope through government misuse,” Lewis and Clark Law Review 99, http://www.fas.org/sgp/jud/statesec/lyons.pdf. Sudha Setty (Jul 2012), “The rise of national security secrets,” Connecticut Law Review 44, http://connecticutlawreview.org/files/2012/09/5.Setty-FINAL.pdf. D. A. Jeremy Telman (Mar 2012), “Intolerable abuses: Rendition for torture and the state secrets privilege,” Alabama Law Review 63, http://scholar.valpo.edu/cgi/viewcontent.cgi?article=1136&context=law_fac_pubs.

100The executive branch keeps secrets: Eric Lichtblau and Scott Shane (9 Jul 2006), “Ally warned Bush on keeping spying from Congress,” New York Times, http://www.nytimes.com/2006/07/09/washington/09hoekstra.html. Scott Shane (11 Jul 2009), “Cheney is linked to concealment of C.I.A. project,” New York Times, http://www.nytimes.com/2009/07/12/us/politics/12intel.html. Paul Lewis (31 Jul 2013), “White House unable to confirm if Congress briefed on NSA spy program,” Guardian, http://www.theguardian.com/world/2013/jul/31/white-house-congress-nsa-xkeyscore.

100The NSA keeps secrets: Barton Gellman (15 Aug 2013), “What to say, and not to say, to ‘our overseers,’” Washington Post, http://apps.washingtonpost.com/g/page/national/what-to-say-and-not-to-say-to-our-overseers/390.

100including Congress: Glenn Greenwald (4 Aug 2013), “Members of Congress denied access to basic information about NSA,” Guardian, http://www.theguardian.com/commentisfree/2013/aug/04/congress-nsa-denied-access.

100keep secrets from the rest of Congress: Spencer Ackerman (14 Aug 2013), “Intelligence committee urged to explain if they withheld crucial NSA document,” Guardian, http://www.theguardian.com/world/2013/aug/14/nsa-intelligence-committee-under-pressure-document.

100Secret courts keep their own secrets: Charlie Savage and Laura Poitras (11 Mar 2014), “How a court secretly evolved, extending U.S. spies’ reach,” New York Times, http://www.nytimes.com/2014/03/12/us/how-a-courts-secret-evolution-extended-spies-reach.html.

100even the Supreme Court: Emily Peterson (30 Sep 2011), “Under seal: Secrets at the Supreme Court,” Reporters Committee for Freedom of the Press, http://www.rcfp.org/browse-media-law-resources/news-media-law/news-media-law-summer-2011/under-seal-secrets-supreme-cour.

100President Obama has been: Cora Currier (30 Jul 2013), “Charting Obama’s crackdown on national security leaks,” Pro Publica, http://www.propublica.org/special/sealing-loose-lips-charting-obamas-crackdown-on-national-security-leaks.

101only three previous prosecutions: Leonard Downie Jr. and Sara Rafsky (Oct 2013), “Leak investigations and surveillance in post-9/11 America,” Committee to Protect Journalists, https://www.cpj.org/reports/2013/10/obama-and-the-press-us-leaks-surveillance-post-911.php. David Pozen (20 Dec 2013), “The leaky leviathan: Why the government condemns and condones unlawful disclosures of information,” Harvard Law Review 127, http://harvardlawreview.org/2013/12/the-leaky-leviathan-why-the-government-condemns-and-condones-unlawful-disclosures-of-information.

101Thomas Drake, an NSA whistleblower: Daniel Ellsberg (30 May 2014), “Snowden would not get a fair trial—and Kerry is wrong,” Guardian, http://www.theguardian.com/commentisfree/2014/may/30/daniel-ellsberg-snowden-fair-trial-kerry-espionage-act.

101Chelsea Manning was prohibited: David Dishneau (20 Jul 2012), “Manning largely barred from discussing WikiLeaks harm,” Associated Press, http://seattletimes.com/html/nationworld/2018724246_apusmanningwikileaks.html.

101Edward Snowden claims: The country is fairly evenly divided on this point. Seth Motel (15 Apr 2014), “NSA coverage wins Pulitzer, but Americans remain divided on Snowden leaks,” Pew Research Center, http://www.pewresearch.org/fact-tank/2014/04/15/nsa-coverage-wins-pulitzer-but-americans-remain-divided-on-snowden-leaks.

101John Kerry insisted that: Jonathan Topaz (28 May 2014), “John Kerry: Edward Snowden a ‘coward . . . traitor,’” Politico, http://www.politico.com/story/2014/05/edward-snowden-coward-john-kerry-msnbc-interview-nsa-107157.html.

101Hillary Clinton proclaimed: Phoebe Greenwood (4 Jul 2014), “Edward Snowden should have right to legal defense in US, says Hillary Clinton,” Guardian, http://www.theguardian.com/world/2014/jul/04/edward-snowden-legal-defence-hillary-clinton-interview.

101Both comments are examples: Daniel Ellsberg (30 May 2014), “Snowden would not get a fair trial—and Kerry is wrong,” Guardian, http://www.theguardian.com/commentisfree/2014/may/30/daniel-ellsberg-snowden-fair-trial-kerry-espionage-act. Trevor Timm (23 Dec 2013), “If Snowden returned to US for trial, could court admit any NSA leak evidence?” Boing Boing, http://boingboing.net/2013/12/23/snowden.html.

101His anger set off a series: Nate Anderson (13 May 2014), “How a mayor’s quest to unmask a foul-mouthed Twitter user blew up in his face,” Ars Technica, http://arstechnica.com/tech-policy/2014/05/how-a-mayors-quest-to-unmask-a-foul-mouthed-twitter-user-blew-up-in-his-face. Kim Zetter (12 Jun 2014), “ACLU sues after Illinois mayor has cops raid guy parodying him on Twitter,” Wired, http://www.wired.com/2014/06/peoria-mayor-twitter-parody.

102police in New Jersey routinely: Jenna Portnoy (19 Mar 2014), “Attorney General to State Police: Stop photographing protesters at Chris Christie town halls,” Star-Ledger, http://www.nj.com/politics/index.ssf/2014/03/attorney_general_to_state_police_stop_photographing_protesters_at_chris_christie_town_halls.html.

102the CIA illegally hacked: Mark Mazzetti and Carl Hulse (31 Jul 2014), “Inquiry by CIA affirms it spied on Senate panel,” New York Times, http://www.nytimes.com/2014/08/01/world/senate-intelligence-commitee-cia-interrogation-report.html.

102the NSA had been spying: Laura Poitras, Marcel Rosenbach, and Holger Stark (26 Aug 2013), “Codename ‘Apalachee’: How America spies on Europe and the UN,” Der Spiegel, http://www.spiegel.de/international/world/secret-nsa-documents-show-how-the-us-spies-on-europe-and-the-un-a-918625.html.

102two intercept operators in 2008: Brian Ross, Vic Walter, and Anna Schecter (9 Oct 2008), “Inside account of U.S. eavesdropping on Americans,” ABC News Nightline, http://abcnews.go.com/Blotter/exclusive-inside-account-us-eavesdropping-americans/story?id=5987804.

102again from Snowden in 2014: Cyrus Farivar (17 Jul 2014), “Snowden: NSA employees routinely pass around intercepted nude photos,” Ars Technica, http://arstechnica.com/tech-policy/2014/07/snowden-nsa-employees-routinely-pass-around-intercepted-nude-photos.

102agents sometimes spy on people: Siobhan Gorman (23 Aug 2013), “NSA officers spy on love interests,” Wall Street Journal Washington Wire, http://s.wsj.com/washwire/2013/08/23/nsa-officers-sometimes-spy-on-love-interests.

102the agency broke its own privacy rules: US National Security Agency (3 May 2012), “NSAW SID intelligence oversight quarterly report: First quarter calendar year 2012 (1 Jan–31 Mar 2012),” http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB436/docs/EBB-044.pdf.

102the real number is probably: The NSA is deliberately not automating its auditing system, which means it finds only as many violations as it decides to put people on the task. Marcy Wheeler (20 Aug 2013), “If NSA commits database query violations, but nobody audits them, do they really happen?” Empty Wheel, http://www.emptywheel.net/2013/08/20/if-nsa-commits-database-query-violations-but-nobody-audits-them-do-they-really-happen.

102tried to induce him: Shaun Usher (5 Jan 2012), “Like all frauds your end is approaching,” Letters of Note, http://www.lettersofnote.com/2012/01/king-like-all-frauds-your-end-is.html.

103the FBI’s COINTELPRO: US Senate (26 Apr 1976), “Final report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities, United States Senate, Book II: Intelligence activities and the rights of Americans,” US Government Printing Office, p. 213, https://archive.org/details/finalreportofsel02unit.

103US has spied on the Occupy: Michael S. Schmidt and Colin Moynihan (24 Dec 2012), “FBI counterterrorism agents monitored Occupy movement, records show,” New York Times, http://www.nytimes.com/2012/12/25/nyregion/occupy-movement-was-investigated-by-fbi-counterterrorism-agents-records-show.html. Beau Hodai (9 Jun 2013), “Government surveillance of Occupy movement,” Sourcewatch, http://www.sourcewatch.org/index.php/Government_Surveillance_of_Occupy_Movement.

103pro- and anti-abortion activists: Charlie Savage and Scott Shane (16 Dec 2009), “Intelligence improperly collected on U.S. citizens,” New York Times, http://www.nytimes.com/2009/12/17/us/17disclose.html.

103peace activists: American Civil Liberties Union (25 Oct 2006), “ACLU uncovers FBI surveillance of Maine peace activists,” https://www.aclu.org/national-security/aclu-uncovers-fbi-surveillance-maine-peace-activists.

103other political protesters: American Civil Liberties Union (29 Jun 2010), “Policing free speech: Police surveillance and obstruction of First Amendment-protected activity,” https://www.aclu.org/files/assets/Spyfiles_2_0.pdf. Linda E. Fisher (2004), “Guilt by expressive association: Political profiling, surveillance and the privacy of groups,” Arizona Law Review 46, http://www.arizonalawreview.org/pdf/46-4/46arizlrev621.pdf. US Department of Justice (Sep 2010), “A review of the FBI’s investigations of certain domestic advocacy groups,” http://www.justice.gov/oig/special/s1009r.pdf.

103The NSA and FBI spied: Glenn Greenwald and Murtaza Hussain (9 Jul 2014), “Under surveillance: Meet the Muslim-American leaders the FBI and NSA have been spying on,” Intercept, https://firstlook.org/theintercept/article/2014/07/09/under-surveillance.

103The New York Police Department: Associated Press (2012), “Highlights of AP’s Pulitzer Prize-winning probe into NYPD intelligence operations,” Associated Press, http://www.ap.org/media-center/nypd/investigation, and http://www.ap.org/Index/AP-In-The-News/NYPD.

104Boston’s fusion center spied: Kade Crockford (25 May 2014), “Documents show Boston’s ‘antiterrorism’ fusion center obsessively documented Occupy Boston,” Privacy SOS, http://privacysos.org/node/1417. Carol Rose and Kade Crockford (30 May 2014), “When police spy on free speech, democracy suffers,” Cognoscenti, http://cognoscenti.wbur.org/2014/05/30/boston-regional-intelligence-center-carol-rose-kade-crockford.

104the city teamed with IBM: Luke O’Neil (13 Aug 2014), “Beantown’s Big Brother: How Boston police used facial recognition technology to spy on thousands of music festival attendees,” Noisey, http://noisey.vice.com/blog/beantowns-big-brother.

104Pentagon’s Counterintelligence Field Activity: Lisa Myers, Douglas Pasternak, and Rich Gardella (14 Dec 2005), “Is the Pentagon spying on Americans?” NBC News, http://www.nbcnews.com/id/10454316/ns/nbc_nightly_news_with_brian_williams-nbc_news_investigates/t/pentagon-spying-americans. Marcy Wheeler (24 Jul 2007), “Cunningham, CIFA, and Cheney, a new chronology,” Empty Wheel, http://www.emptywheel.net/2007/07/24/cunningham-cifa-and-cheney-a-new-chronology.

104collecting data on the porn-viewing habits: Glenn Greenwald, Ryan Grim, and Ryan Gallagher (26 Nov 2013), “Top-secret document reveals NSA spied on porn habits as part of plan to discredit ‘radicalizers,’” Huffington Post, http://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html.

104fake Facebook page: Chris Hamby (6 Oct 2014), “Government set up a fake Facebook page in a woman’s name,” Buzzfeed, http://www.buzzfeed.com/chrishamby/government-says-federal-agents-can-impersonate-woman-online.

104School administrators installed spyware: William Bender (23 Feb 2010), “Lawyer: L. Merion is mum on number of webcam pictures,” Philadelphia Inquirer, http://articles.philly.com/2010-02-23/news/24957453_1_webcam-laptops-students.

105This turned out to be a dead end: Eric Lichtblau and James Risen (23 Jun 2006), “Bank data is sifted by U.S. in secret to block terror,” New York Times, http://www.nytimes.com/2006/06/23/washington/23intel.html. Loek Essers (3 Jul 2014), “EU court orders more transparency over US-EU terrorist finance tracking program,” PC World, http://www.pcworld.com/article/2450760/eu-court-orders-more-transparency-over-useu-terrorist-finance-tracking-program.html. Monika Ermert (23 Oct 2013), “European Parliament: No more bank data transfers to US for anti-terror investigations,” Intellectual Property Watch, http://www.ip-watch.org/2013/10/23/european-parliament-no-more-bank-data-transfers-to-us-for-anti-terror-investigations.

105far more commonly used: ACLU (7 Mar 2002), “How the USA-Patriot Act expands law enforcement “sneak and peek” warrants,” https://www.aclu.org/technology-and-liberty/how-usa-patriot-act-expands-law-enforcement-sneak-and-peek-warrants. Trevor Timm (26 Oct 2011), “Ten years after the Patriot Act, a look at the three most dangerous provisions affecting ordinary Americans,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act.

105surveillance against drug smugglers: The NSA has been sharing information with the DEA since the 1970s. James Bamford (2008), The Shadow Factory: The Ultra-Secret NSA from 9/11 to Eavesdropping on America, Doubleday, http://books.google.com/books?id=8zJmxWNTxrwC.

105DEA staff were instructed: John Shiffman and Kristina Cooke (5 Aug 2013), “U.S. directs agents to cover up program used to investigate Americans,” Reuters, http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805. Hanni Fakhoury (6 Aug 2013), “DEA and NSA team up to share intelligence, leading to secret use of surveillance in ordinary investigations,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering. John Shiffman and David Ingram (7 Aug 2013), “IRS manual detailed DEA’s use of hidden intel evidence,” Reuters, http://www.reuters.com/article/2013/08/07/us-dea-irs-idUSBRE9761AZ20130807.

105NSA’s term is: NSA whistleblower Bill Binney described it thus: “. . . when you can’t use the data, you have to go out and do a parallel construction, [which] means you use what you would normally consider to be investigative techniques, [and] go find the data. You have a little hint, though. NSA is telling you where the data is . . . .” Alexa O’Brien (30 Sep 2014), “Retired NSA technical director explains Snowden docs,” Second Sight, http://www.alexaobrien.com/secondsight/wb/binney.html.

105Dread Pirate Roberts: Brian Krebs (14 Oct 2014), “Silk Road lawyers poke holes in FBI’s story,” Krebs on Security, http://krebsonsecurity.com/2014/10/silk-road-lawyers-poke-holes-in-fbis-story.

105surveillance intended to nab terrorists: Rob Evans and Paul Lewis (26 Oct 2009), “Police forces challenged over files held on law-abiding protesters,” Guardian, http://www.theguardian.com/uk/2009/oct/26/police-challenged-protest-files.

105all sorts of minor criminal cases: Gordon Rayner and Richard Alleyne (12 Apr 2008), “Council spy cases hit 1,000 a month,” Telegraph, http://www.telegraph.co.uk/news/uknews/1584808/Council-spy-cases-hit-1000-a-month.html. Sarah Lyall (24 Oct 2009), “Britons weary of surveillance in minor cases,” New York Times, http://www.nytimes.com/2009/10/25/world/europe/25surveillance.html.

105Israel, for instance: James Bamford (16 Sep 2014), “Israel’s NSA scandal,” New York Times, http://www.nytimes.com/2014/09/17/opinion/israels-nsa-scandal.html.

105A system that is overwhelmingly powerful: This essay makes that point. Daniel Davies (23 Sep 2014), “Every single IT guy, every single manager . . . ,” Crooked Timber, http://crookedtimber.org/2014/09/23/every-single-it-guy-every-single-manager.

106Hillary Clinton gave a speech: Hillary Rodham Clinton (21 Jan 2010), “Internet freedom,” Foreign Policy, http://www.foreignpolicy.com/articles/2010/01/21/internet_freedom.

106US State Department funds: US Department of State (2014), “Internet freedom,” http://www.state.gov/e/eb/cip/netfreedom/index.htm.

106one of the defenses: British Broadcasting Corporation (2 Jun 2014), “‘We are being watched’ say Egyptians on social media,” BBC News, http://www.bbc.com/news/s-trending-27665568.

106Indians are worried: Jayshree Bajoria (5 Jun 2014), “India’s snooping and Snowden,” India Real Time, http://s.wsj.com/indiarealtime/2014/06/05/indias-snooping-and-snowden.

106Both China and Russia: Shannon Tiezzi (28 Mar 2014), “China decries US ‘hypocrisy’ on cyber-espionage,” Diplomat, http://thediplomat.com/2014/03/china-decries-us-hypocrisy-on-cyber-espionage. Xinhua News Agency (11 Jul 2014), “Putin calls US surveillance practice ‘utter hypocrisy,’” China Daily, http://www.chinadaily.com.cn/world/2014-07/11/content_17735783.htm.

107Facebook’s Mark Zuckerberg: Mark Zuckerberg (13 Mar 2014), “As the world becomes more complex . . . ,” Facebook, https://www.facebook.com/zuck/posts/10101301165605491.

8: Commercial Fairness and Equality

108Accretive Health is: Office of the Minnesota Attorney General (19 Jan 2012), “Attorney General Swanson sues Accretive Health for patient privacy violations,” Office of the Minnesota Attorney General, http://www.ag.state.mn.us/Consumer/PressRelease/120119AccretiveHealth.asp.

108settled a Minnesota lawsuit: Tony Kennedy and Maura Lerner (31 Jul 2012), “Accretive is banned from Minnesota,” Star-Tribune, http://www.startribune.com/lifestyle/health/164313776.html.

109companies use surveillance data: Kate Crawford and Jason Schultz (2014), “Big data and due process: Toward a framework to redress predictive privacy harms,” Boston College Law Review 55, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2325784.

109“Redlining” is a term: Marc Hochstein (26 Jun 2000), “Wells kills web link after Acorn sues,” American Banker, http://www.americanbanker.com/issues/165_119/-128168-1.html. Gary A. Hernandez, Katherine J. Eddy, and Joel Muchmore (Fall 2001), “Insurance weblining and unfair discrimination in cyberspace,” Southern Methodist University Law Review 54, http://heinonline.org/HOL/LandingPage?collection=journals&handle=hein.journals/smulr54&div=91.

109easier to do on the Internet: Bill Davidow (5 Mar 2014), “Redlining for the 21st century,” Atlantic, http://www.theatlantic.com/business/archive/2014/03/redlining-for-the-21st-century/284235.

109Wells Fargo bank created: Michael Liedtke (22 Jun 2000), “Lawsuit alleges Wells Fargo uses Internet to promote discrimination,” Los Angeles Times, http://articles.latimes.com/2000/jun/22/business/fi-43532. Ronna Abramson (23 Jun 2000), “Wells Fargo accused of ‘redlining’ on the Net,” Computer World, http://www.computerworld.com/article/2596352/financial-it/wells-fargo-accused-of—redlining—on-the-net.html.

109This practice is called weblining: Marcia Stepanek (3 Apr 2000), “Weblining,” Bloomberg Businessweek, http://www.businessweek.com/2000/00_14/b3675027.htm. Casey Johnston (10 Oct 2013), “Denied for that loan? Soon you may thank online data collection,” Ars Technica, http://arstechnica.com/business/2013/10/denied-for-that-loan-soon-you-may-thank-online-data-collection.

109report on big data concluded: US Executive Office of the President (1 May 2014), “Big data: Seizing opportunities, preserving values,” http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf.

110Uber’s surge pricing: Uber had to modify its pricing so as not to run afoul of New York State’s prohibitions against price-gouging during emergencies. Mike Isaac (8 Jul 2014), “Uber reaches deal with New York on surge pricing in emergencies,” New York Times, http://bits.blogs.nytimes.com/2014/07/08/uber-reaches-agreement-with-n-y-on-surge-pricing-during-emergencies. Peter Himler (12 Aug 2014), “UBER: So cool, yet so uncool,” Forbes, http://www.forbes.com/sites/peterhimler/2014/08/12/uber-so-cool-but-so-uncool.

110different prices and options: Jennifer Valentino-DeVries, Jeremy Singer-Vine, and Ashkan Soltani (24 Dec 2012), “Websites vary prices, deals based on users’ information,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887323777204578189391813881534. Michael Schrage (29 Jan 2014), “Big data’s dangerous new era of discrimination,” Harvard Business Review, http://s.hbr.org/2014/01/big-datas-dangerous-new-era-of-discrimination.

110Depending on who you are: Emily Steele and Julia Angwin (4 Aug 2010), “On the Web’s cutting edge, anonymity in name only,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052748703294904575385532109190198.

110other companies . . . are also adjusting prices: Jennifer Valentino-DeVries, Jeremy Singer-Vine, and Ashkan Soltani (24 Dec 2012), “Websites vary prices, deals based on users’ information,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887323777204578189391813881534.

110we all have a customer score: Pam Dixon and Robert Gellman (2 Apr 2014), “The scoring of America: How secret consumer scores threaten your privacy and your future,” World Privacy Forum, http://www.worldprivacyforum.org/wp-content/uploads/2014/04/WPF_Scoring_of_America_April2014_fs.pdf.

110a series of recruiting ads: Jessica E. Vascellaro (7 Mar 2011), “TV’s next wave: Tuning in to you,” Wall Street Journal, http://online.wsj.com/articles/SB10001424052748704288304576171251689944350.

111Orbitz highlighted different prices: Dana Mattioli (23 Aug 2012), “On Orbitz, Mac users steered to pricier hotels,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702304458604577488822667325882.

111different offers based on: Bill McGee (3 Apr 2013), “Do travel deals change based on your browsing history?” USA Today, http://www.usatoday.com/story/travel/columnist/mcgee/2013/04/03/do-travel-deals-change-based-on-your-browsing-history/2021993.

111Many sites estimate: Michael Fertik (15 Jan 2013), “The rich see a different Internet than the poor,” Scientific American, http://www.scientificamerican.com/article/rich-see-different-internet-than-the-poor.

111women feel less attractive on Mondays: Lucia Moses (2 Oct 2013), “Marketers should take note of when women feel least attractive: What messages to convey and when to send them,” Adweek, http://www.adweek.com/news/advertising-branding/marketers-should-take-note-when-women-feel-least-attractive-152753. Kim Bates (4 Oct 2013), “Beauty vulnerability: What got lost in translation,” Adweek, http://www.adweek.com/news/advertising-branding/beauty-vulnerability-what-got-lost-translation-152909.

111different ages and genders respond: Frank N. Magid Associates (2011), “How America shops and spends 2011,” Newspaper Association of America, http://www.naa.org/docs/newspapermedia/data/howamericashopsandspends_2011.pdf. Nielsen (8 Mar 2013), “Does gender matter?” http://www.nielsen.com/us/en/insights/news/2013/does-gender-matter-.html.

111Lenddo is a Philippine company: Katie Lobosco (27 Aug 2013), “Facebook friends could change your credit score,” CNN, http://money.cnn.com/2013/08/26/technology/social/facebook-credit-score.

111American Express has reduced: Carrie Teegardin (21 Dec 2008), “Card companies adjusting credit limits: For some, lowering based on where they shop,” Atlanta Journal-Constitution, https://web.archive.org/web/20110728060844/http://www.ajc.com/news/content/business/stories/2008/12/21/creditcards_1221.html.

111the “panoptic sort”: Oscar H. Gandy Jr. (1993), The Panoptic Sort: A Political Economy of Personal Information, Westview Press, http://books.google.com/books?id=wreFAAAAMAAJ.

111power to use discriminatory criteria: This paper discusses all the different ways companies can discriminate with big data. Solon Barocas and Andrew D. Selbst (14 Sep 2014), “Big data’s disparate impact,” Social Science Research Network, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2477899.

112High-end restaurants: Casey Johnston (13 Apr 2014), “When the restaurant you Googled Googles you back,” Ars Technica, http://arstechnica.com/staff/2014/04/when-the-restaurant-you-googled-googles-you-back.

112If you allow your insurance company: Hilary Osborne (13 Aug 2012), “Aviva to trial smartphone car insurance technology,” Guardian, http://www.theguardian.com/money/2012/aug/13/aviva-trial-smartphone-car-insurance-technology. Randall Stross (25 Nov 2012), “So you’re a good driver? Let’s go to the monitor,” New York Times, http://www.nytimes.com/2012/11/25/business/seeking-cheaper-insurance-drivers-accept-monitoring-devices.html. Brad Tuttle (6 Aug 2013), “Big data is my copilot: Auto insurers push devices that track driving habits,” Time, http://business.time.com/2013/08/06/big-data-is-my-copilot-auto-insurers-push-devices-that-track-driving-habits.

112distributing Fitbits to its employees: Nancy Gohring (7 Jul 2014), “This company saved $300k on insurance by giving employees Fitbits,” CiteWorld, http://www.citeworld.com/article/2450823/internet-of-things/appirio-fitbit-experiment.html.

112several schools are requiring: Lee Crane (5 Sep 2013), “Gym class is about to get even worse for the athletically dis-inclined,” Digital Trends, http://www.digitaltrends.com/sports/gym-class-is-about-to-get-even-worse-for-the-athletically-dis-inclined. Emily Miels (28 May 2014), “Heart rate monitors allow Memorial High School students to get the most out of their workouts,” Leader-Telegram, http://www.leadertelegram.com/news/front_page/article_ec2f0b72-e627-11e3-ac95-0019bb2963f4.html. Katie Wiedemann (14 Aug 2014), “Heart rate monitors now required in Dubuque P.E. classes,” KCRG, http://www.kcrg.com/subject/news/heart-rate-monitors-now-required-in-dubuque-physical-education-classes-20140814.

112Hewlett-Packard analyzed: Joel Schechtman (14 Mar 2013), “Book: HP piloted program to predict which workers would quit,” Wall Street Journal, http://s.wsj.com/cio/2013/03/14/book-hp-piloted-program-to-predict-which-workers-would-quit.

112Workplace surveillance is: This paper gives an excellent overview of workplace surveillance. Alex Roxenblat, Tamara Kneese, and danah boyd (8 Oct 2014), “Workplace surveillance,” Data and Society Research Institute, http://www.datasociety.net/pubs/fow/WorkplaceSurveillance.pdf.

112our employer is the most dangerous: Ellen Messmer (31 Mar 2010), “Feel like you’re being watched at work? You may be right,” Network World, http://www.networkworld.com/article/2205938/data-center/feel-like-you-re-being-watched-at-work—you-may-be-right.html. Ann Bednarz (24 Feb 2011), “Pay no attention to that widget recording your every move,” Network World, http://www.networkworld.com/article/2200315/data-breach/pay-no-attention-to-that-widget-recording-your-every-move.html. Josh Bersin (25 Jun 2014), “Quantified self: Meet the quantified employee,” Forbes, http://www.forbes.com/sites/joshbersin/2014/06/25/quantified-self-meet-the-quantified-employee.

112corporate electronic communications: This is an excellent review of workplace monitoring techniques and their effects on privacy. Corey A. Ciocchetti (2010), “The eavesdropping employer: A twenty-first century framework for employee monitoring,” Daniels College of Business, University of Denver, http://www.futureofprivacy.org/wp-content/uploads/2010/07/The_Eavesdropping_Employer_%20A_Twenty-First_Century_Framework.pdf.

112new field called “workplace analytics”: Don Peck (20 Nov 2013), “They’re watching you at work,” Atlantic, http://www.theatlantic.com/magazine/archive/2013/12/theyre-watching-you-at-work/354681. Hannah Kuchler (17 Feb 2014), “Data pioneers watching us work,” Financial Times, http://www.ft.com/intl/cms/s/2/d56004b0-9581-11e3-9fd6-00144feab7de.html.

112For some people, that’s okay: A friend told me about her feelings regarding personalized advertising. She said that, as an older woman, she keeps getting ads for cosmetic medical procedures, drugs for “old” diseases, and other things that serve as a constant reminder of her age. She finds it unpleasant. Lynn Sudbury and Peter Simcock (2008), “The senior taboo? Age based sales promotions, self-perceived age and the older consumer,” European Advances in Consumer Research 8, http://www.acrwebsite.org/volumes/eacr/vol8/eacr_vol8_28.pdf.

113people are refraining from looking up: Deborah C. Peel (7 Feb 2014), “Declaration of Deborah C. Peel, M.D., for Patient Privacy Rights Foundation in support of Plaintiffs’ Motion for Partial Summary Judgment,” First Unitarian Church et al. v. National Security Agency et al. (3:13-cv-03287 JSW), United States District Court for the Northern District of California, https://www.eff.org/files/2013/11/06/allplaintiffsdeclarations.pdf.

113surveillance data is being used: Andrew Odlyzko (5–6 Jun 2014), “The end of privacy and the seeds of capitalism’s destruction,” Privacy Law Scholars Conference, Washington, D.C., http://www.law.berkeley.edu/plsc.htm.

113In their early days: Paddy Kamen (5 Jul 2001), “So you thought search engines offer up neutral results? Think again,” Toronto Star, http://www.commercialalert.org/issues/culture/search-engines/so-you-thought-search-engines-offer-up-neutral-results-think-again.

113search engines visually differentiated: Gary Ruskin (16 Jul 2001), Letter to Donald Clark, US Federal Trade Commission, re: Deceptive advertising complaint against AltaVista Co., AOL Time Warner Inc., Direct Hit Technologies, iWon Inc., LookSmart Ltd., Microsoft Corp. and Terra Lycos S.A., Commercial Alert, http://www.commercialalert.org/PDFs/SearchEngines.pdf. Heather Hippsley (27 Jun 2002), Letter to Gary Ruskin re: Complaint requesting investigation of various Internet search engine companies for paid placement and paid inclusion programs, US Federal Trade Commission, http://www.ftc.gov/sites/default/files/documents/closing_letters/commercial-alert-response-letter/commercialalertletter.pdf.

113Google is now accepting money: Danny Sullivan (30 May 2012), “Once deemed evil, Google now embraces ‘paid inclusion,’” Marketing Land, http://marketingland.com/once-deemed-evil-google-now-embraces-paid-inclusion-13138.

114FTC is again taking an interest: Michael Cooney (25 Jun 2013), “FTC tells Google, Yahoo, Bing, others to better differentiate ads in web content searches,” Network World, http://www.networkworld.com/community/blog/ftc-tells-google-yahoo-bing-others-better-differentiate-ads-web-content-searches. Mary K. Engle (24 Jun 2013), “Letter re: Search engine advertising practices,” US Federal Trade Commission, http://www.ftc.gov/sites/default/files/attachments/press-releases/ftc-consumer-protection-staff-updates-agencys-guidance-search-engine-industryon-need-distinguish/130625searchenginegeneralletter.pdf.

114Payments for placement: Josh Constine (3 Oct 2012), “Facebook now lets U.S. users pay $7 to promote posts to the news feeds of more friends,” Tech Crunch, http://techcrunch.com/2012/10/03/us-promoted-posts.

114increasing voter turnout: Robert M. Bond et al. (13 Sep 2012), “A 61-million-person experiment in social influence and political mobilization,” Nature 489, http://www.nature.com/nature/journal/v489/n7415/full/nature11421.html.

114It would be hard to detect: Jonathan Zittrain explores this possibility. Jonathan Zittrain (1 Jun 2014), “Facebook could decide an election without anyone ever finding out,” New Republic, http://www.newrepublic.com/article/117878/information-fiduciary-solution-facebook-digital-gerrymandering.

114Facebook could easily tilt: Many US elections are very close. A 0.01% change would have elected Al Gore in 2000. In 2008, Al Franken beat Norm Coleman in the Minnesota Senate race by only 312 votes.

114Google might do something similar: Robert Epstein (23-26 May 2013), “Democracy at risk: Manipulating search rankings can shift voters’ preferences substantially without their awareness,” 25th Annual Meeting of the Association for Psychological Science, Washington, D.C., http://aibrt.org/downloads/EPSTEIN_and_Robertson_2013-Democracy_at_Risk-APS-summary-5-13.pdf.

114sinister social networking platform: “When the amount of information is so great, so transparent, so pervasive, you can use absolutely nothing but proven facts and still engage in pure propaganda, pure herding.” Dan Geer, quoted in Jonathan Zittrain (20 Jun 2014), “Engineering an election,” Harvard Law Review Forum 127, http://harvardlawreview.org/2014/06/engineering-an-election.

114China does this: Ai Weiwei (17 Oct 2012), “China’s paid trolls: Meet the 50-Cent Party,” New Statesman, http://www.newstatesman.com/politics/politics/2012/10/china%E2%80%99s-paid-trolls-meet-50-cent-party. Mara Hvistendahl (22 Aug 2014), “Study exposes Chinese censors’ deepest fears,” Science 345, http://www.sciencemag.org/content/345/6199/859.full. Gary King, Jennifer Pan, and Margaret E. Roberts (22 Aug 2014), “Reverse-engineering censorship in China: Randomized experimentation and participant observation,” Science 345, http://www.sciencemag.org/content/345/6199/1251722.

114Samsung has done much: Philip Elmer-DeWitt (16 Apr 2013), “Say it ain’t so, Samsung,” Fortune, http://fortune.com/2013/04/16/say-it-aint-so-samsung.

114Many companies manipulate: Bryan Horling and Matthew Kulick, (4 Dec 2009), “Personalized search for everyone,” Google Official Blog, http://googleblog.blogspot.com/2009/12/personalized-search-for-everyone.html. Tim Adams (19 Jan 2013), “Google and the future of search: Amit Singhal and the Knowledge Graph,” Guardian, http://www.theguardian.com/technology/2013/jan/19/google-search-knowledge-graph-singhal-interview.

114The first listing in a Google search: Chitika Online Advertising Network (7 Jun 2013), “The value of Google result positioning,” https://cdn2.hubspot.net/hub/239330/file-61331237-pdf/ChitikaInsights-ValueofGoogleResultsPositioning.pdf.

114the Internet you see: Joseph Turow (2013), The Daily You: How the New Advertising Industry Is Defining Your Identity and Your Worth, Yale University Press, http://yalepress.yale.edu/yupbooks/book.asp?isbn=9780300165012.

115the “filter bubble”: Eli Pariser (2011), The Filter Bubble: What the Internet Is Hiding from You, Penguin Books, http://www.thefilterbubble.com.

115on a large scale it’s harmful: Cass Sunstein (2009), Republic.com 2.0, Princeton University Press, http://press.princeton.edu/titles/8468.html.

115We don’t want to live: To be fair, this trend is older and more general than the Internet. Robert D. Putnam (2000), Bowling Alone: The Collapse and Revival of American Community, Simon and Schuster, http://bowlingalone.com.

115Facebook ran an experiment: Adam D. I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock (17 Jun 2014), “Experimental evidence of massive-scale emotional contagion through social networks,” Proceedings of the National Academy of Sciences of the United States of America 111, http://www.pnas.org/content/111/24/8788.full.

115women feel less attractive: Lucia Moses (2 Oct 2013), “Marketers should take note of when women feel least attractive: What messages to convey and when to send them,” Adweek, http://www.adweek.com/news/advertising-branding/marketers-should-take-note-when-women-feel-least-attractive-152753.

115companies want to better determine: Mark Buchanan (17 Aug 2007), “The science of subtle signals,” strategy+business magazine, http://web.media.mit.edu/~sandy/Honest-Signals-sb48_07307.pdf.

115That gives them enormous power: All of this manipulation has the potential to be much more damaging on the Internet, because the very architecture of our social systems is controlled by corporations. Harvard law professor Lawrence Lessig has written about computing architecture as a mechanism of control. Lawrence Lessig (2006), Code: And Other Laws of Cyberspace, Version 2.0, Basic Books, http://codev2.cc.

115Candidates and advocacy groups: Ed Pilkington and Amanda Michel (17 Feb 2012), “Obama, Facebook and the power of friendship: The 2012 data election,” Guardian, http://www.theguardian.com/world/2012/feb/17/obama-digital-data-machine-facebook-election. Tanzina Vega (20 Feb 2012), “Online data helping campaigns customize ads,” New York Times, http://www.nytimes.com/2012/02/21/us/politics/campaigns-use-microtargeting-to-attract-supporters.html. Nathan Abse (Oct 2012), “Big data delivers on campaign promise: Microtargeted political advertising in Election 2012,” Interactive Advertising Bureau, http://www.iab.net/media/file/Innovations_In_Web_Marketing_and_Advertising_delivery.pdf.

116They can also fine-tune: Sasha Issenberg (19 Dec 2012), “How President Obama’s campaign used big data to rally individual voters,” MIT Technology Review, http://www.technologyreview.com/featuredstory/509026/how-obamas-team-used-big-data-to-rally-voters.

116more efficiently gerrymander: Micah Altman, Karin MacDonald, and Michael MacDonald (2005), “Pushbutton gerrymanders: How computing has changed redistricting,” in Party Lines: Competition, Partisanship, and Congressional Redistricting, ed. Thomas E. Mann and Bruce E. Cain, Brookings Institution Press, http://openscholar.mit.edu/sites/default/files/dept/files/pushbutton.pdf. Robert Draper (19 Sep 2012), “The league of dangerous mapmakers,” Atlantic, http://www.theatlantic.com/magazine/archive/2012/10/the-league-of/309084. Tracy Jan (23 Jun 2013), “Turning the political map into a partisan weapon,” Boston Globe, http://www.bostonglobe.com/news/nation/2013/06/22/new-district-maps-reaped-rewards-for-gop-congress-but-cost-fewer-moderates-more-gridlock/B6jCugm94tpBvVu77ay0wJ/story.html.

116fundamental effects on democracy: Arch Puddington (9 Oct 2013), “To renew American democracy, eliminate gerrymandering,” Freedom House, http://www.freedomhouse.org/blog/renew-american-democracy-eliminate-gerrymandering. Press Millen (20 Jul 2014), “With NC gerrymandering, democracy is the loser,” News Observer, http://www.newsobserver.com/2014/07/20/4014754/with-nc-gerrymandering-democracy.html.

116Kevin Mitnick broke into: John Markoff (16 Feb 1995), “A most-wanted cyberthief is caught in his own web,” New York Times, http://www.nytimes.com/1995/02/16/us/a-most-wanted-cyberthief-is-caught-in-his-own-web.html.

116hackers broke into: Robert O’Harrow Jr. (17 Feb 2005), “ID data conned from firm,” Washington Post, http://www.washingtonpost.com/wp-dyn/articles/A30897-2005Feb16.html.

116hackers broke into Home Depot’s: Brian Krebs (2 Sep 2014), “Banks: Credit card breach at Home Depot,” Krebs on Security, http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot. Robin Sidel (18 Sep 2014), “Home Depot’s 56 million card breach bigger than Target’s,” Wall Street Journal, http://online.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571.

116from JPMorgan Chase: Dominic Rushe (3 Oct 2014), “JP Morgan Chase reveals massive data breach affecting 76m households,” Guardian, http://www.theguardian.com/business/2014/oct/02/jp-morgan-76m-households-affected-data-breach.

116criminals have legally purchased: Brian Krebs (20 Oct 2013), “Experian sold consumer data to ID theft service,” Krebs on Security, http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service.

116Cybercrime is older than the Internet: M. E. Kabay (2008), “A brief history of computer crime: An introduction for students,” Norwich University, http://www.mekabay.com/overviews/history.pdf.

116Or he files a fake tax return: This is becoming a huge problem in the US. Michael Kranish (16 Feb 2014), “IRS is overwhelmed by identity theft fraud,” Boston Globe, http://www.bostonglobe.com/news/nation/2014/02/16/identity-theft-taxpayer-information-major-problem-for-irs/7SC0BarZMDvy07bbhDXwvN/story.html. Steve Kroft (21 Sep 2014), “Biggest IRS scam around: Identity tax refund fraud,” CBS News, http://www.cbsnews.com/news/irs-scam-identity-tax-refund-fraud-60-minutes.

117Government databases: In 2014, we learned that Chinese hackers broke into a database containing personal information about US security-clearance holders. We don’t know whether these were criminals looking for information to help them commit fraud, or government intelligence personnel looking for information to help them coerce people in positions of access. Michael S. Schmidt, David E. Sanger, and Nicole Perlroth (9 Jul 2014), “Chinese hackers pursue key data on U.S. workers,” New York Times, http://www.nytimes.com/2014/07/10/world/asia/chinese-hackers-pursue-key-data-on-us-workers.html.

117many more data vulnerabilities: This is just an example. A piece of malware infected over 1,000 companies in 2014, stealing credit card details. Many of the companies infected did not know they were victims. Nicole Perlroth (8 Sep 2014), “Home Depot data breach could be the largest yet,” New York Times, http://bits.blogs.nytimes.com/2014/09/08/home-depot-confirms-that-it-was-hacked.

117arrested in 2010 for “sextortion”: Richard Winton (1 Sep 2011), “‘Sextortion’: 6 years for O.C. hacker who victimized women, girls,” Los Angeles Times, http://latimesblogs.latimes.com/lanow/2011/09/sextortion-six-years-for-oc-hacker-who-forced-women-to-give-up-naked-pics-.html.

117The most insidious RATs: Nate Anderson (10 Mar 2013), “Meet the men who spy on women through their webcams,” Ars Technica, http://arstechnica.com/tech-policy/2013/03/rat-breeders-meet-the-men-who-spy-on-women-through-their-webcams.

117computer companies that spied: Kashmir Hill (25 Sep 2012), “FTC says rent-to-own computers captured couples having sex,” Forbes, http://www.forbes.com/sites/kashmirhill/2012/09/25/ftc-its-not-cool-to-put-spyware-on-rent-to-own-computers-without-customer-consent. Dara Kerr (22 Oct 2013), “Aaron’s computer rental chain settles FTC spying charges,” CNET, http://www.cnet.com/news/aarons-computer-rental-chain-settles-ftc-spying-charges.

9: Business Competitiveness

119I wrote my first book: The book had a 1994 copyright date, but was published in October 1993. Bruce Schneier (1994), Applied Cryptography: Protocols, Algorithms, and Source Code in C, Wiley, https://www.schneier.com/book-applied.html.

119It was a big deal: Wired (Apr 1996), “On newsstands now: Crypto catalog,” Wired, http://archive.wired.com/wired/archive/4.04/updata.html.

120over 250 cryptography products: Stephen T. Walker (12 Oct 1993), “Oral testimony by Stephen T. Walker, President, Trusted Information Systems, Inc., for Subcommittee on Economic Policy, Trade and Environment, Committee on Foreign Affairs, US House of Representatives,” http://fas.org/irp/congress/1993_hr/931012_walker_oral.htm.

120It was a scare story: Here are some references for the current scare story in action. Ellen Nakashima (26 Jul 2014), “Proliferation of new online communications services poses hurdles for law enforcement,” Washington Post, http://www.washingtonpost.com/world/national-security/proliferation-of-new-online-communications-services-poses-hurdles-for-law-enforcement/2014/07/25/645b13aa-0d21-11e4-b8e5-d0de80767fc2_story.html. Orin Kerr (19 Sep 2014), “Apple’s dangerous game,” Washington Post, http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/19/apples-dangerous-game. Brent Kendall (25 Sep 2014), “FBI director raises concerns about smartphones,” Wall Street Journal, http://online.wsj.com/articles/fbi-director-raises-concerns-about-smartphone-security-plans-1411671434.

120They passed the CALEA law: FBI director Louis Freeh put it this way: “We’re in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge’s authority where we can get there if somebody is planning a crime.” A similar quote from the FBI’s general counsel from 2010 was in Chapter 6. Brock N. Meeks (12 May 1995), “Jacking in from the narco-terrorist encryption port,” CyberWire Dispatch, http://www.cyberwire.com/cwd/cwd.95.05.12a.html.

120This was marketed as “key escrow”: Wayne Madsen (Nov 1994), “The Clipper controversy,” Information Systems Security 3, http://www.sciencedirect.com/science/article/pii/1353485894900973. Matt Blaze (5–9 Dec 2011), “Key escrow from a safe distance: Looking back at the Clipper Chip,” 27th Annual Computer Security Applications Conference, Orlando, Florida, http://www.crypto.com/papers/escrow-acsac11.pdf.

120device with the Clipper Chip: The US military had something similar from the NSA since 1987: the STU-III. Department of Defense Security Institute (Feb 1997), “STU-III handbook for industry,” http://www.tscm.com/STUIIIhandbook.html.

120Nobody wanted encryption: Hal Abelson et al. (Jun 1999), “The risks of key recovery, key escrow, and trusted third-party encryption,” World Wide Web Journal 2, https://www.schneier.com/paper-key-escrow.html.

120The US government was the only: Crypto Museum (2014), “AT&T TSD-3600-E Telephone Encryptor,” http://www.cryptomuseum.com/crypto/att/tsd3600.

120other key escrow initiatives: Dorothy E. Denning and Dennis K. Branstad (Mar 1996), “A taxonomy for key escrow encryption systems,” Communications of the ACM 39, http://faculty.nps.edu/dedennin/publications/Taxonomy-CACM.pdf.

121over 800 encryption products: Lance J. Hoffman et al. (10 Jun 1999), “Growing development of foreign encryption products in the face of U.S. export regulations,” Report GWU-CPI-1999-02, Cyberspace Policy Institute, George Washington University School of Engineering and Applied Science, http://cryptome.org/cpi-survey.htm.

121the crypto wars: This is a good account of those times. Steven Levy (May 1993), “Crypto rebels,” Wired, http://archive.wired.com/wired/archive/1.02/crypto.rebels_pr.html.

121NSA surveillance is costing: These three aspects were discussed in this document. Danielle Kehl et al. (29 Jul 2014), “Surveillance costs: The NSA’s impact on the economy, Internet freedom and cyberspace,” Open Technology Institute, New America Foundation, http://www.newamerica.net/publications/policy/surveillance_costs_the_nsas_impact_on_the_economy_internet_freedom_cybersecurity.

121the PRISM program: Barton Gellman and Laura Poitras (7 Jun 2013), “U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program,” Washington Post, http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html.

121US cloud companies were losing: David Gilbert (4 Jul 2013), “Companies turn to Switzerland for cloud storage following NSA spying revelations,” International Business Times, http://www.ibtimes.co.uk/business-turns-away-dropbox-towards-switzerland-nsa-486613.

121moving their data outside the US: Ellen Messmer (8 Jan 2014), “NSA scandal spooking IT pros in UK, Canada,” Network World, http://www.networkworld.com/article/2173190/security/nsa-scandal-spooking-it-pros-in-uk—canada.html.

121NSA revelations made executives: NTT Communications (28 Mar 2014), “NSA after-shocks: How Snowden has changed ICT decision-makers’ approach to the cloud,” http://nsaaftershocks.com/wp-content/themes/nsa/images/NTTC_Report_WEB.pdf.

121Estimates of how much business: Daniel Castro (5 Aug 2013), “How much will PRISM cost the U.S. cloud computing industry?” Information Technology and Innovation Foundation, http://www.itif.org/publications/how-much-will-prism-cost-us-cloud-computing-industry. Andrea Peterson (7 Aug 2013), “NSA snooping could cost U.S. tech companies $35 billion over three years,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2013/08/07/nsa-snooping-could-cost-u-s-tech-companies-35-billion-over-three-years.

122Forrester Research believes: James Staten (14 Aug 2013), “The cost of PRISM will be larger than ITIF projects,” James Staten’s Blog, http://s.forrester.com/james_staten/13-08-14-the_cost_of_prism_will_be_larger_than_itif_projects.

122Cisco reported: Christopher Mims (14 Nov 2013), “Cisco’s disastrous quarter shows how NSA spying could freeze US companies out of a trillion-dollar opportunity,” Quartz, http://qz.com/147313/ciscos-disastrous-quarter-shows-how-nsa-spying-could-freeze-us-companies-out-of-a-trillion-dollar-opportunity.

122AT&T also reported: Anton Troianovski, Thomas Gryta, and Sam Schechner (30 Oct 2013), “NSA fallout thwarts AT&T,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702304073204579167873091999730.

122IBM lost sales in China: Wolf Richter (17 Oct 2013), “NSA revelations kill IBM hardware sales in China,” Testosterone Pit, http://www.testosteronepit.com/home/2013/10/17/nsa-revelations-kill-ibm-hardware-sales-in-china.html.

122So did Qualcomm: Spencer E. Ante (22 Nov 2013), “Qualcomm CEO says NSA fallout impacting China business,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702304337404579214353783842062.

122Verizon lost a large German: Mark Scott (26 Jun 2014), “Irked by NSA, Germany cancels deal with Verizon,” New York Times, http://www.nytimes.com/2014/06/27/business/angered-by-nsa-activities-germany-cancels-verizon-contract.html.

122There’s more: Stephen L. Carter (13 Feb 2014), “U.S. tech’s costly trust gap,” Bloomberg BusinessWeek, http://www.businessweek.com/articles/2014-02-13/nsa-snooping-backlash-could-cost-u-dot-s-dot-tech-companies-billions. Claire Cain Miller (22 Mar 2014), “N.S.A. spying imposing cost on tech firms,” New York Times, http://www.nytimes.com/2014/03/22/business/fallout-from-snowden-hurting-bottom-line-of-tech-companies.html.

122wrote to the Obama administration: Ashley Lau (18 May 2014), “Cisco chief urges Obama to curb NSA surveillance activity,” Reuters, http://www.reuters.com/article/2014/05/18/cisco-systems-nsa-idUSL1N0O40F420140518.

122the NSA intercepts: Sean Gallagher (14 May 2014), “Photos of an NSA ‘upgrade’ factory show Cisco router getting implant,” Ars Technica, http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant.

122Mark Zuckerberg said it best: Dominic Rushe (11 Sep 2013), “Zuckerberg: US government ‘blew it’ on NSA surveillance,” Guardian, http://www.theguardian.com/technology/2013/sep/11/yahoo-ceo-mayer-jail-nsa-surveillance.

122trying to build a domestic cloud: Cornelius Rahn (13 Sep 2011), “Deutsche Telekom wants ‘German cloud’ to shield data from U.S.,” Bloomberg News, http://www.bloomberg.com/news/2011-09-13/deutsche-telekom-wants-german-cloud-to-shield-data-from-u-s-.html.

123German courts have recently ruled: Allison Grande (20 Nov 2013), “Google’s policies violate German privacy law, court says,” Law 360, http://www.law360.com/articles/490316/google-s-policies-violate-german-privacy-law-court-says.

123Facebook: Loek Essers (18 Feb 2014), “Facebook must comply with German data protection law, court rules,” PC World, http://www.pcworld.com/article/2098720/facebook-must-comply-with-german-data-protection-law-court-rules.html.

123Apple: Loek Essers (7 May 2013), “Berlin court: Apple’s privacy policy violates German protection law,” Macworld, http://www.macworld.com/article/2038070/apples-privacy-policy-violates-german-data-protection-law-berlin-court-rules.html.

123banning all US companies: Der Spiegel (5 Aug 2013), “NSA blowback: German minister floats US company ban,” Der Spiegel, http://www.spiegel.de/international/business/german-minister-on-eu-company-ban-for-privacy-violation-a-914824.html.

123Data privacy is shaping up: Krista Hughes (27 Mar 2014), “Data privacy shapes up as a next-generation trade barrier,” Reuters, http://www.reuters.com/article/2014/03/27/us-usa-trade-tech-analysis-idUSBREA2Q1K120140327.

123We also don’t know: Many US tech executives are worried about protectionism against their companies. Stephen Lawson (8 Oct 2014), “Jitters over US surveillance could break the Internet, tech executives warn,” IT World, http://www.itworld.com/security/440886/jitters-over-us-surveillance-could-break-internet-tech-leaders-warn.

123stepping in to take advantage: Georg Mascolo and Ben Scott (Oct 2013), “Lessons from the summer of Snowden: The hard road back to trust,” Open Technology Institute, New America Foundation, http://www.newamerica.net/sites/newamerica.net/files/policydocs/NAF-OTI-WC-SummerOfSnowdenPaper.pdf. Mark Scott (11 Jun 2014), “European firms turn privacy into sales pitch,” New York Times, http://bits.blogs.nytimes.com/2014/06/11/european-firms-turn-privacy-into-sales-pitch.

123hundreds of non-US companies: ProtonMail is a Swiss company that is offering e-mail services that are beyond the reach of the NSA. John Biggs (23 Jun 2014), “ProtonMail is a Swiss secure mail provider that won’t give you up to the NSA,” Tech Crunch, http://techcrunch.com/2014/06/23/protonmail-is-a-swiss-secure-mail-provider-that-wont-give-you-up-to-the-nsa.

123A 2000 study found: Jonathan W. Palmer, Joseph P. Bailey, and Samer Faraj (Mar 2000), “The role of intermediaries in the development of trust on the WWW: The use and prominence of trusted third parties and privacy statements,” Journal of Computer-Mediated Communication 5, http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2000.tb00342.x/full.

123customers were willing to pay more: Janice Y. Tsai et al. (Jun 2007), “The effect of online privacy information on purchasing behavior: An experimental study,” 6th Workshop on the Economics of Information Security (WEIS), Pittsburgh, Pennsylvania, http://weis2007.econinfosec.org/papers/57.pdf.

123there are exceptions: Cadie Thompson (7 Mar 2014), “Want privacy online? Start-ups bet users are ready to pay,” NBC News, http://www.nbcnews.com/tech/security/want-privacy-online-start-ups-bet-users-are-ready-pay-n47186.

123not tracking its users: DuckDuckGo, http://www.duckduckgo.com.

123Ello is a social network: Sharon Profis (26 Sep 2014), “10 things to know about Ello, the ad-free social network,” CNET, http://www.cnet.com/how-to/what-is-ello-the-ad-free-social-network.

10: Privacy

125The most common misconception: This article from 1979, for example, looks at privacy as a way to conceal facts about oneself in order to inflate one’s reputation. Richard A. Posner (1979), “Privacy, secrecy and reputation,” Buffalo Law Review 28, http://chicagounbound.uchicago.edu/cgi/viewcontent.cgi?article=2832&context=journal_articles.

125this makes no sense: Daniel Solove regularly demolishes the “nothing to hide” argument. Daniel J. Solove (Nov/Dec 2007), “‘I’ve got nothing to hide’ and other misunderstandings of privacy,” San Diego Law Review 44, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565. Daniel J. Solove (15 May 2011), “Why privacy matters even if you have ‘nothing to hide,’” Chronicle of Higher Education, https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461.

125Google CEO Eric Schmidt: Huffington Post (25 May 2011), “Google CEO on privacy (VIDEO): ‘If you have something you don’t want anyone to know, maybe you shouldn’t be doing it,’” Huffington Post, http://www.huffingtonpost.com/2009/12/07/google-ceo-on-privacy-if_n_383105.html.

125Schmidt banned employees: Elinor Mills (14 Jul 2005), “Google balances privacy, reach,” CNET, http://news.cnet.com/Google-balances-privacy,-reach/2100-1032_3-5787483.html. Randall Stross (28 Aug 2005), “Google anything, so long as it’s not Google,” New York Times, http://www.nytimes.com/2005/08/28/technology/28digi.html.

125Facebook’s Mark Zuckerberg: Bobbie Johnson (10 Jan 2010), “Privacy no longer a social norm, says Facebook founder,” Guardian, http://www.theguardian.com/technology/2010/jan/11/facebook-privacy.

125bought the four houses: Brian Bailey (11 Oct 2013), “Mark Zuckerberg buys four houses near his Palo Alto home,” San Jose Mercury News, http://www.mercurynews.com/business/ci_24285169/mark-zuckerberg-buys-four-houses-near-his-palo-alto-home.

125few secrets we don’t tell someone: Peter E. Sand (Spring/Summer 2006), “The privacy value,” I/S: A Journal of Law and Policy 2, http://moritzlaw.osu.edu/students/groups/is/files/2012/02/5-Sand.pdf.

126We use pseudonyms: Judith Donath (2014), The Social Machine: Designs for Living Online, MIT Press, https://encrypted.google.com?id=XcgmnwEACAAJ.

126a remarkable naïveté: David Kirkpatrick (2010), The Facebook Effect: The Inside Story of the Company That Is Connecting the World, Simon and Schuster, https://www.facebook.com/thefacebookeffect.

126Privacy is an inherent human right: Eben Moglen defines privacy in three parts: “First is secrecy, or our ability to keep the content of our messages known only to those we intend to receive them. Second is anonymity, or secrecy about who is sending and receiving messages, where the content of the messages may not be secret at all. It is very important that anonymity is an interest we can have both in our publishing and in our reading. Third is autonomy, or our ability to make our own life decisions free from any force that has violated our secrecy or our anonymity.” Eben Moglen (27 May 2014), “Privacy under attack: The NSA files revealed new threats to democracy,” Guardian, http://www.theguardian.com/technology/2014/may/27/-sp-privacy-under-attack-nsa-files-revealed-new-threats-democracy. George Washington University Law School professor Daniel J. Solove divides privacy into six parts: “(1) the right to be let alone; (2) limited access to the self; (3) secrecy; (4) control of personal information; (5) personhood; and (6) intimacy.” Daniel J. Solove (Jul 2002), “Conceptualizing privacy,” California Law Review 90, http://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?article=1408&context=californialawreview.

126Internet ethnographer danah boyd: danah boyd (2014), It’s Complicated: The Social Lives of Networked Teens, Yale University Press, p. 76, http://www.danah.org/books/ItsComplicated.pdf.

126When we lose privacy: This dystopia has been explored in fiction. Dave Eggers (2013), The Circle, Knopf, http://www.mcsweeneys.net/articles/a-brief-q-a-with-dave-eggers-about-his-new-novel-the-circle.

126You may know this feeling: Helen Nissenbaum (Fall 2011), “A contextual approach to privacy online,” Daedalus 11, http://www.amacad.org/publications/daedalus/11_fall_nissenbaum.pdf. Alexis C. Madrigal (29 Mar 2012), “The philosopher whose fingerprints are all over the FTC’s new approach to privacy,” Atlantic, http://www.theatlantic.com/technology/print/2012/03/the-philosopher-whose-fingerprints-are-all-over-the-ftcs-new-approach-to-privacy/254365.

126Privacy violations are intrusions: George E. Panichas (May 2014), “An intrusion theory of privacy,” Res Publica 20, http://link.springer.com/article/10.1007%2Fs11158-014-9240-3.

126strong physiological basis for privacy: Peter H. Klopfer and Daniel I. Rubenstein (Summer 1977), “The concept privacy and its biological basis,” Journal of Social Issues 33, https://www.princeton.edu/~dir/pdf_dir/1977_Klopfer_Rubenstein_JSocIssues.pdf.

127Surveillance makes us feel like prey: Peter Watts (9 May 2014), “The scorched earth society: A suicide bomber’s guide to online privacy,” Symposium of the International Association of Privacy Professionals, Toronto, Ontario, http://www.rifters.com/real/shorts/TheScorchedEarthSociety-transcript.pdf.

127Studies show that we are: Sidney M. Jourard (Spring 1966), “Some psychological aspects of privacy,” Law and Contemporary Problems 31, http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=3110&context=lcp. Stephen T. Margulis (Jul 2003), “Privacy as a social issue and behavioral concept,” Journal of Social Issues 59, http://onlinelibrary.wiley.com/doi/10.1111/1540-4560.00063/abstract.

127Surveillance strips us of our dignity: James Q. Whitman (Apr 2004), “The two western cultures of privacy: Dignity versus liberty,” Yale Law Journal 113, http://www.yalelawjournal.org/article/the-two-western-cultures-of-privacy-dignity-versus-liberty.

127It threatens our very selves: Michael P. Lynch (22 Jun 2013), “Privacy and the threat to the self,” New York Times, http://opinionator.blogs.nytimes.com/2013/06/22/privacy-and-the-threat-to-the-self.

127Oliver North learned this: They were subpoenaed in the Iran-Contra affair. Michael Tackett (14 Feb 1987), “Computer log tells Iran tale: Printouts give probers memos by key officials,” Chicago Tribune, http://articles.chicagotribune.com/1987-02-14/news/8701120148_1_nsc-staff-professional-office-system-profs.

128Bill Gates learned this: Elizabeth Wasserman (17 Nov 1998), “Gates deposition makes judge laugh in court,” CNN, http://edition.cnn.com/TECH/computing/9811/17/judgelaugh.ms.idg.

128100 female celebrities learned it: Bill Hutchinson (31 Aug 2014), “Jennifer Lawrence, other celebrities have nude photos leaked on Internet after massive hacking scandal,” New York Daily News, http://www.nydailynews.com/entertainment/gossip/jennifer-lawrence-celebrities-nude-photos-leaked-internet-article-1.1923369.

128Some bars record the IDs: The company Servall Biometrics markets driver’s license scanners for this purpose. Servall Biometrics (2014), “ClubSecurity: ID scanners for bars and nightclubs,” http://www.servallbiometrics.com/index.php/products.

128Charles Stross described this: Charles Stross (14 May 2007), “Shaping the future,” Charlie’s Diary, http://www.antipope.org/charlie/-static/2007/05/shaping_the_future.html.

128We won’t forget anything: A Ted Chiang short story explores this idea. Ted Chiang (Fall 2013), “The truth of fact, the truth of feeling,” Subterranean Press Magazine, http://subterraneanpress.com/magazine/fall_2013/the_truth_of_fact_the_truth_of_feeling_by_ted_chiang.

128Having everything recorded: Communication scholar Harold Innis first described the bias inherent in different forms of communication. He noted that some mediums preserved communication in time, while others worked across space. These properties led to different forms of control and social engagement. Harold Innis (1951), The Bias of Communication, University of Toronto Press, http://books.google.com?id=egwZyS26booC.

128We misremember: The research here is fascinating. We even forget details of important events. Several researchers studied people’s memories of where they were when the space shuttle exploded, the O. J. Simpson verdict was announced, and the terrorist attacks of 9/11 occurred. John Neil Bohannon III (Jul 1988), “Flashbulb memories for the space shuttle disaster: A tale of two theories,” Cognition 29, http://www.sciencedirect.com/science/article/pii/0010027788900364. Heike Schmolck, Elizabeth A. Buffalo, and Larry R. Squire (Jan 2000), “Memory distortions develop over time: Recollections of the O. J. Simpson trial verdict after 15 and 32 months,” Psychological Science 11, http://psycnet.apa.org/psycinfo/2000-15144-007. Jennifer M. Talarico and David C. Rubin (Sep 2003), “Confidence, not consistency, characterizes flashbulb memories,” Psychological Science 14, http://911memory.nyu.edu/abstracts/talarico_rubin.pdf. Andrew R. A. Conway et al. (Jul 2008), “Flashbulb memory for 11 September 2001,” Applied Cognitive Psychology 23, http://onlinelibrary.wiley.com/doi/10.1002/acp.1497/abstract.

128Even minor infractions: Michelle Natividad Rodriguez and Maurice Emsellem (Mar 2011), “65 million need not apply: The case for reforming criminal background checks for employment,” National Employment Law Project, http://www.nelp.org/page/-/65_Million_Need_Not_Apply.pdf.

128Losing the ephemeral: Wendy Hui Kyong Chun (Autumn 2008), “The enduring ephemeral, or the future is a memory,” Critical Inquiry 35, http://www.ucl.ac.uk/art-history/events/past-imperfect/chun-reading.

129That’s just plain wrong: Bruce Schneier (27 Feb 2014), “NSA robots are ‘collecting’ your data, too, and they’re getting away with it,” Guardian, http://www.theguardian.com/commentisfree/2014/feb/27/nsa-robots-algorithm-surveillance-bruce-schneier.

129all sorts of NSA word games: Electronic Frontier Foundation (2013), “The government’s word games when talking about NSA domestic spying,” https://www.eff.org/nsa-spying/wordgames. Trevor Timm (14 Aug 2013), “A guide to the deceptions, misinformation, and word games officials use to mislead the public about NSA surveillance,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/08/guide-deceptions-word-games-obfuscations-officials-use-mislead-public-about-nsa.

129The word “collect”: A 1982 procedures manual says, “. . . information shall be considered as ‘collected’ only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties.” And “. . . data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form.” US Department of Defense, Office of the Under Secretary of Defense for Policy (Dec 1982), “Procedures governing the activities of DoD intelligence components that affect United States persons,” DoD 5240-1R, p. 15, http://www.fas.org/irp/doddir/dod/d5240_1_r.pdf.

129It doesn’t mean collect: The DoD even cautions against thinking about and using words accurately. “Procedure 2 introduces the reader of DoD 5240.1-R to his or her first entry into the ‘maze’ of the regulation. To begin the journey, it is necessary to stop first and adjust your vocabulary. The terms and words used in DoD 5240.1-R have very specific meanings, and it is often the case that one can be led astray by relying on the generic or commonly understood definition of a particular word.” US Defense Intelligence Agency, Defense HUMINT Service (Aug 2004), Intelligence Law Handbook, Defense Intelligence Management Document CC-0000-181-95, https://www.aclu.org/files/assets/eo12333/DIA/Intelligence%20Law%20Handbook%20Defense%20HUMINT%20Service.pdf.

129All those books are stored: Andrea Mitchell (9 Jun 2013), “Transcript of Andrea Mitchell’s interview with Director of National Intelligence James Clapper,” NBC News, http://www.nbcumv.com/mediavillage/networks/nbcnews/pressreleases?pr=contents/press-releases/2013/06/09/nbcnewsexclusiv1370799482417.xml.

129Clapper asserts he didn’t lie: Ron Wyden (12 Mar 2013), “Wyden in intelligence hearing on GPS surveillance & Nat’l Security Agency collection,” YouTube, https://www.youtube.com/watch?v=QwiUVUJmGjs.

129no human reads those Gmail messages: Google (2014), “Ads in Gmail,” https://support.google.com/mail/answer/6603?hl=en.

130You might be told: In 2010, the TSA assured us that its full-body scanners were not saving data. Documents released to the Electronic Privacy Information Center showed that the scanners were shipped with hard drives and USB ports. Ginger McCall (3 Aug 2010), “Documents reveal that body scanners routinely store and record images,” Electronic Privacy Information Center, http://epic.org/press/EPIC_Body_Scanner_Press_Release_08_03_10.pdf. Declan McCullagh (4 Aug 2010), “Feds admit storing checkpoint body scan images,” CNET, http://www.cnet.com/news/feds-admit-storing-checkpoint-body-scan-images. US Transportation Security Administration (6 Aug 2010), “TSA response to ‘Feds admit storing checkpoint body scan images,’” TSA Blog, http://.tsa.gov/2010/08/tsa-response-to-feds-admit-storing.html.

130The primary difference: This is why we’re not worried about Furbies, but would be if they contained recording devices. Although for a while, the NSA was worried. British Broadcasting Corporation (13 Jan 1999), “Furby toy or Furby spy?” BBC News, http://news.bbc.co.uk/2/hi/americas/254094.stm.

131If you do object: Bruce Schneier (21 Oct 2013), “Why the NSA’s defense of mass data collection makes no sense,” Atlantic, http://www.theatlantic.com/politics/archive/2013/10/why-the-nsas-defense-of-mass-data-collection-makes-no-sense/280715.

131The means to perform identification: Bruce Schneier (2000), Secrets and Lies: Digital Security in a Networked World, Wiley, chap. 9, http://www.wiley.com/WileyCDA/WileyTitle/productCd-0471453803.html.

132We can’t even be sure: Charles Glaser (1 Jun 2011), “Deterrence of cyber attacks and U.S. national security,” Report GW-CSPRI-2011-5, George Washington University Cyber Security Policy and Research Institute, http://www.cspri.seas.gwu.edu/uploads/2/1/3/2/21324690/2011-5_cyber_deterrence_and_security_glaser.pdf. Joseph S. Nye Jr. (May 2010), “Cyber power,” Harvard Kennedy School, Belfer Center for Science and International Affairs, http://belfercenter.ksg.harvard.edu/files/cyber-power.pdf.

132The 2007 cyberattack against Estonia: Charles Clover (11 Mar 2009), “Kremlin-backed group behind Estonia cyber blitz,” Financial Times, http://www.ft.com/cms/s/0/57536d5a-0ddc-11de-8ea3-0000779fd2ac.html. Christian Love (12 Mar 2009), “Kremlin loyalist says launched Estonia cyber-attack,” Reuters, http://www.reuters.com/article/2009/03/12/us-russia-estonia-cyberspace-idUSTRE52B4D820090312.

132It took analysts months: Nicole Perlroth (31 Jan 2013), “Hackers in China attacked the Times for last 4 months,” New York Times, http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html.

132who was behind Stuxnet: William J. Broad, John Markoff, and David E. Sanger (15 Jan 2011), “Israeli test on worm called crucial in Iran nuclear delay,” New York Times, http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html. David E. Sanger (1 Jun 2012), “Obama order sped up wave of cyberattacks against Iran,” New York Times, http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html.

132proposals to eliminate anonymity: Limiting anonymity doesn’t eliminate trolls. People’s behavior online is complicated, and more a function of the loosening of social restrictions than of anonymity. John Suler (Jun 2004), “The online disinhibition effect,” Cyber Psychology and Behavior 7, http://online.liebertpub.com/doi/abs/10.1089/1094931041291295.

133annoys countries like China: Philipp Winter and Stefan Lindskog (6 Aug 2012), “How the Great Firewall of China is blocking Tor,” Second USENIX Workshop on Free and Open Communications on the Internet, Bellevue, Washington, https://www.usenix.org/system/files/conference/foci12/foci12-final2.pdf.

133Leon Panetta said publicly: Leon Panetta (11 Oct 2012), “Remarks by Secretary Panetta on cybersecurity to the Business Executives for National Security, New York City,” US Department of Defense, http://www.defense.gov/transcripts/transcript.aspx?transcriptid=5136.

11: Security

135we tend to focus on rare: Bruce Schneier (17 May 2007), “Virginia Tech lesson: Rare risks breed irrational responses,” Wired, http://archive.wired.com/politics/security/commentary/securitymatters/2007/05/securitymatters_0517.

135we fear terrorists more: Washington’s Blog (15 Aug 2014), “You’re nine times more likely to be killed by a police officer than a terrorist,” Washington’s Blog, http://www.washingtonsblog.com/2014/08/youre-nine-times-likely-killed-police-officer-terrorist.html.

136connect-the-dots metaphor: Spencer Ackerman (13 Dec 2013), “NSA review to leave spying programs largely unchanged, reports say,” Guardian, http://www.theguardian.com/world/2013/dec/13/nsa-review-to-leave-spying-programs-largely-unchanged-reports-say.

136That doesn’t stop us: When we look back at an event and see all the evidence, we often believe we should have connected the dots. There’s a name for that: hindsight bias. The useful bits of data are obvious after the fact, but were only a few items in a sea of millions of irrelevant data bits beforehand. And those data bits could have been assembled to point in a million different directions.

136the “narrative fallacy”: Nassim Nicholas Taleb (2007), “The narrative fallacy,” in The Black Swan: The Impact of the Highly Improbable, Random House, chap. 6, http://www.fooledbyrandomness.com.

136The TSA’s no-fly list: Associated Press (2 Feb 2012), “U.S. no-fly list doubles in one year,” USA Today, http://usatoday30.usatoday.com/news/washington/story/2012-02-02/no-fly-list/52926968/1.

136the watch list: Eric Schmitt and Michael S. Schmidt (24 Apr 2013), “2 U.S. agencies added Boston bomb suspect to watch list,” New York Times, https://www.nytimes.com/2013/04/25/us/tamerlan-tsarnaev-bomb-suspect-was-on-watch-lists.html.

136Detecting credit card fraud: E. W. T. Ngai et al. (Feb 2011), “The application of data mining techniques in financial fraud detection: A classification framework and an academic review of literature,” Decision Support Systems 50, https://www.sciencedirect.com/science/article/pii/S0167923610001302. Siddhartha Bhattacharyya et al. (Feb 2011), “Data mining for credit card fraud: A comparative study,” Decision Support Systems 50, https://www.sciencedirect.com/science/article/pii/S0167923610001326.

136a billion active credit cards: Erika Harrell and Lynn Langton (12 Dec 2013), “Victims of identity theft 2012,” US Bureau of Justice Statistics, http://www.bjs.gov/index.cfm?ty=pbdetail&iid=4821.

137the IRS uses data mining: US Government Accountability Office (2013), “Offshore tax evasion: IRS has collected billions of dollars, but may be missing continued evasion,” Report GAO-13-318, http://www.gao.gov/assets/660/653369.pdf. IBM Corporation (2011), “New York State Tax: How predictive modeling improves tax revenues and citizen equity,” https://www.ibm.com/smarterplanet/us/en/leadership/nystax/assets/pdf/0623-NYS-Tax_Paper.pdf.

137the police use it: Walter L. Perry et al. (2013), “Predictive policing: The role of crime forecasting in law enforcement operations,” RAND Corporation, https://www.ncjrs.gov/pdffiles1/nij/grants/243830.pdf.

137Terrorist plots are different: John Mueller and Mark G. Stewart (2011), Terror, Security, and Money: Balancing the Risks, Benefits, and Costs of Homeland Security, Oxford University Press, chap. 2, http://books.google.com/books?id=jyYGL2jZBC4C.

137even highly accurate . . . systems: Jeff Jonas and Jim Harper (11 Dec 2006), “Effective counterterrorism and the limited role of predictive data mining,” Cato Institute, http://www.cato.org/publications/policy-analysis/effective-counterterrorism-limited-role-predictive-data-mining. Fred H. Cate (Summer 2008), “Government data mining: The need for a legal framework,” Harvard Civil Rights-Civil Liberties Law Review 43, http://www.law.harvard.edu/students/orgs/crcl/vol43_2/435-490_Cate.pdf.

137false positives completely overwhelm: G. Stuart Mendenhall and Mark Schmidhofer (Winter 2012-13), “Screening tests for terrorism,” Regulation, http://object.cato.org/sites/cato.org/files/serials/files/regulation/2013/1/v35n4-4.pdf. Corey Chivers (6 Jun 2013), “How likely is the NSA PRISM program to catch a terrorist?” Bayesian Biologist, http://bayesianbiologist.com/2013/06/06/how-likely-is-the-nsa-prism-program-to-catch-a-terrorist. Marcy Wheeler (15 Jun 2013), “The inefficacy of Big Brother: Associations and the terror factory,” Empty Wheel, http://www.emptywheel.net/2013/06/15/the-inefficacy-of-big-brother-associations-and-the-terror-factory.

137millions of people will be falsely accused: In statistics, this is called the base rate fallacy, and it applies in other domains as well. For example, even highly accurate medical tests are problematic as screening tools if the incidence of the disease is sufficiently rare in the general population. I am deliberately not walking you through the math. Those who are interested can read the details. Jeff Jonas and Jim Harper (11 Dec 2006), “Effective counterterrorism and the limited role of predictive data mining,” Cato Institute, http://object.cato.org/sites/cato.org/files/pubs/pdf/pa584.pdf.

138“you need the haystack”: J. D. Tuccille (19 Jul 2013), “Why spy on everybody? Because ‘you need the haystack to find the needle,’ says NSA chief,” Reason, http://reason.com/blog/2013/07/19/why-spy-on-everybody-because-you-need-th.

138adding much more noise: Mike Masnick (15 Oct 2013), “Latest revelations show how collecting all the haystacks to find the needle makes the NSA’s job harder,” Tech Dirt, https://www.techdirt.com/articles/20131014/17303424880/latest-revelations-show-how-collecting-all-haystacks-to-find-data-makes-nsas-job-harder.shtml.

138so much irrelevant data: Chris Young (12 Mar 2012), “Military intelligence redefined: Big Data in the battlefield,” Forbes, http://www.forbes.com/sites/techonomy/2012/03/12/military-intelligence-redefined-big-data-in-the-battlefield.

138NSA’s eavesdropping program: Matt Briggs (7 Jun 2013), “Data mining: PRISM, NSA and false positives: Update,” William M. Briggs, http://wmbriggs.com/blog/?p=8239.

138thousands of tips: Lowell Bergman et al. (17 Jan 2006), “Spy agency data after Sept. 11 led F.B.I. to dead ends,” New York Times, http://www.nytimes.com/2006/01/17/politics/17spy.html.

138Suspicious Activity Reports: US Government Accountability Office (26 Mar 2013), “Information sharing: Additional actions could help ensure that efforts to share terrorism-related suspicious activity reports are effective,” Report GAO-13-233, http://www.gao.gov/assets/660/652995.pdf.

138led to just one success: Yochai Benkler (8 Oct 2013), “Fact: The NSA gets negligible intel from Americans’ metadata. So end collection,” Guardian, http://www.theguardian.com/commentisfree/2013/oct/08/nsa-bulk-metadata-surveillance-intelligence. Peter Bergen (Jan 2014), “Do NSA’s bulk surveillance programs stop terrorists?” New America Foundation, http://newamerica.net/publications/policy/do_nsas_bulk_surveillance_programs_stop_terrorists.

138that was probably trumped up: Marcy Wheeler (12 Dec 2013), “Did DOJ prosecute Basaaly Moalin just to have a Section 215 ‘success’?” Empty Wheel, http://www.emptywheel.net/2013/12/12/did-doj-prosecute-basaaly-moalin-just-to-have-a-section-215-success.

138Each rare individual: Airplane security provides many examples. In 2001, Richard Reid put a bomb in his shoe, and the primary effect is that we’ve all had to take our shoes off at airports since then.

139Several analyses: Francis Gouillart (10 Jun 2013), “Big data NSA spying is not even an effective strategy,” Fortune, http://management.fortune.cnn.com/2013/06/10/big-data-nsa-spying-is-not-even-an-effective-strategy. Ed Pilkington and Nicholas Watt (12 Jun 2013), “NSA surveillance played little role in foiling terror plots, experts say,” Guardian, http://www.theguardian.com/world/2013/jun/12/nsa-surveillance-data-terror-attack. Washington’s Blog (13 Jun 2013), “The dirty little secret about mass surveillance: It doesn’t keep us safe,” Washington’s Blog, http://www.washingtonsblog.com/2013/06/the-dirty-little-secret-about-nsa-spying-it-doesnt-work.html.

139Data mining is simply the wrong tool: Jeffrey W. Seifert (3 Apr 2008), “Data mining and homeland security: An overview,” Congressional Research Service, http://www.fas.org/sgp/crs/homesec/RL31798.pdf.

139enabled the NSA to prevent 9/11: Peter Bergen (30 Dec 2013), “Would NSA surveillance have stopped 9/11 plot?” CNN, http://www.cnn.com/2013/12/30/opinion/bergen-nsa-surveillance-september-11.

139wasn’t able to prevent: Simon Shuster (19 Apr 2013), “The brothers Tsarnaev: Clues to the motives of the alleged Boston bombers,” Time, http://world.time.com/2013/04/19/the-brothers-tsarnaevs-motives.

139The NSA collected data: Marcy Wheeler (12 Apr 2014), “The day after government catalogs data NSA collected on Tsarnaevs, DOJ refuses to give Dzhokhar notice,” Empty Wheel, http://www.emptywheel.net/2014/04/12/the-day-after-government-catalogs-data-nsa-collected-on-tsarnaevs-doj-refuses-to-give-dzhokhar-notice.

139failures were the result: National Commission on Terrorist Attacks (2004), The 9/11 Commission Report: Final Report of the National Commission on Terrorist Activities upon the United States, http://www.gpo.gov/fdsys/pkg/GPO-911REPORT/pdf/GPO-911REPORT.pdf.

139Mass surveillance didn’t catch: Dan Eggen, Karen DeYoung, and Spencer S. Hsu (27 Dec 2009), “Plane suspect was listed in terror database after father alerted U.S. officials,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2009/12/25/AR2009122501355.html.

139the liquid bombers . . . were captured: Dominic Casciani (7 Sep 2009), “Liquid bomb plot: What happened,” BBC News, http://news.bbc.co.uk/2/hi/uk_news/8242479.stm.

139comes from targeted surveillance: The NSA has touted 54 terrorist successes, but this number doesn’t pass scrutiny. Most weren’t actually terrorist plots, and they were mostly outside the US. Justin Elliott and Theodoric Meyer (23 Oct 2013), “Claim on ‘attacks thwarted’ by NSA spreads despite lack of evidence,” Pro Publica, http://www.propublica.org/article/claim-on-attacks-thwarted-by-nsa-spreads-despite-lack-of-evidence.

140FBI identifies potential terrorist plots: Kevin Strom and John Hollywood (2010), “Building on clues: Examining successes and failures in detecting U.S. terrorist plots,” Institute for Homeland Security Solutions, http://sites.duke.edu/ihss/files/2011/12/Building_on_Clues_Strom.pdf.

140the money we’re wasting: Bruce Schneier (8 Sep 2005), “Terrorists don’t do movie plots,” Wired, http://archive.wired.com/politics/security/commentary/securitymatters/2005/09/68789.

141the attacker has the advantage: Bruce Schneier (2012), Liars and Outliers: Enabling the Trust That Society Needs to Thrive, Wiley, chap. 16, http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118143302.html.

141It’s easier to break things: Ross Anderson (2 Oct 2001), “Why information security is hard: An economic perspective,” University of Cambridge Computer Laboratory, http://www.acsac.org/2001/papers/110.pdf. Matthew Miller, Jon Brickey, and Gregory Conti (29 Nov 2012), “Why your intuition about cyber warfare is probably wrong,” Small Wars Journal, http://smallwarsjournal.com/jrnl/art/why-your-intuition-about-cyber-warfare-is-probably-wrong.

141Complexity is the worst enemy: Bruce Schneier (19 Nov 1999), “A plea for simplicity: You can’t secure what you don’t understand,” Information Security, https://www.schneier.com/essay-018.html.

141Software security is generally poor: Edward Tufte (2003), “Why producing good software is difficult,” Edward Tufte Forum, http://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0000D8. James Kwak (8 Aug 2012), “Software runs the world: How scared should we be that so much of it is so bad?” Atlantic, http://www.theatlantic.com/business/archive/2012/08/software-runs-the-world-how-scared-should-we-be-that-so-much-of-it-is-so-bad/260846.

142retailer Target Corporation: Michael Riley et al. (13 Mar 2014), “Missed alarms and 40 million stolen credit card numbers: How Target blew it,” Bloomberg Businessweek, http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data.

142a catastrophe for the company: Elizabeth A. Harris et al. (17 Jan 2014), “A sneaky path into Target customers’ wallets,” New York Times, http://www.nytimes.com/2014/01/18/business/a-sneaky-path-into-target-customers-wallets.html.

142its CEO, Gregg Steinhafel, resigned: Elizabeth A. Harris (6 May 2014), “Faltering Target parts ways with chief,” New York Times, http://www.nytimes.com/2014/05/06/business/target-chief-executive-resigns.html.

142Compare this with the: Nicole Perlroth (31 Jan 2013), “Hackers in China attacked the Times for last 4 months,” New York Times, http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html.

144Multiprogram Research Facility: Its current goal is exaflop computation speeds, or one quintillion operations per second. James Bamford (15 Mar 2012), “The NSA is building the country’s biggest spy center (watch what you say),” Wired, http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all.

144It secretly inserts weaknesses: Bruce Schneier (4 Oct 2013), “Attacking Tor: How the NSA targets users’ online anonymity,” Guardian, http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.

144“endpoint security is so terrifically weak”: Glenn Greenwald and Edward Snowden (17 Jun 2013), “Edward Snowden: NSA whistleblower answers reader questions,” Guardian, http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower.

145Discoverers can sell vulnerabilities: The ethics of this is discussed here. Serge Egelman, Cormac Herley, and Paul C. van Oorschot (9-12 Sep 2013), “Markets for zero-day exploits: Ethics and implications,” New Security Paradigms Workshop, Banff, Alberta, Canada, http://www.nspw.org/papers/2013/nspw2013-egelman.pdf.

145a robust market in zero-days: Stefan Frei (5 Dec 2013), “The known unknowns: Empirical analysis of publicly-unknown security vulnerabilities,” NSS Labs, https://www.nsslabs.com/system/files/public-report/files/The%20Known%20Unknowns_1.pdf.

145both governments and: Andy Greenberg (21 Mar 2012), “Meet the hackers who sell spies the tools to crack your PC (and get paid six-figure fees),” Forbes, http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees. Both Russia and North Korea are big spenders when it comes to zero-days. Nicole Perlroth and David E. Sanger (13 Jul 2013), “Nations buying as hackers sell flaws in computer code,” New York Times, http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html. Office of the Secretary of Defense (4 Feb 2014), “Military and security developments involving the Democratic People’s Republic of North Korea 2013,” http://www.defense.gov/pubs/North_Korea_Military_Power_Report_2013-2014.pdf.

145discoverers can sell to criminals: Dancho Danchev (2 Nov 2008), “Black market for zero day vulnerabilities still thriving,” ZDNet, http://www.zdnet.com/blog/security/black-market-for-zero-day-vulnerabilities-still-thriving/2108.

145Undiscovered zero-day vulnerabilities: Here is the most important research into that question. Eric Rescorla (7 Feb 2005), “Is finding security holes a good idea?” RTFM, Inc., http://www.rtfm.com/bugrate.pdf. Sandy Clark et al. (6–10 Dec 2010), “Familiarity breeds contempt: The honeymoon effect and the role of legacy code in zero-day vulnerabilities,” 26th Annual Computer Security Applications Conference, Austin, Texas, http://dl.acm.org/citation.cfm?id=1920299. Andy Ozment and Stuart E”>http://www.rtfm.com/bugrate.pdf. Sandy Clark et al. (6–10 Dec 2010), “Familiarity breeds contempt: The honeymoon effect and the role of legacy code in zero-day vulnerabilities,” 26th Annual Computer Security Applications Conference, Austin, Texas, http://dl.acm.org/citation.cfm?id=1920299. Andy Ozment and Stuart E. Schechter (11 May 2006), “Milk or wine: Does software security improve with age?” MIT Lincoln Laboratory, https://research.microsoft.com/pubs/79177/milkorwine.pdf.

146economics of software development: This is even worse with embedded devices and the Internet of Things. Bruce Schneier (6 Jan 2014), “The Internet of Things is wildly insecure—and often unpatchable,” Wired, http://www.wired.com/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem.

146how the NSA and GCHQ think: James Ball, Julian Borger, and Glenn Greenwald (5 Sep 2013), “Revealed: How US and UK spy agencies defeat internet privacy and security,” Guardian, http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security.

146We know the NSA: These four points were made in this document. Danielle Kehl et al. (29 Jul 2014), “Surveillance costs: The NSA’s impact on the economy, Internet freedom and cyberspace,” Open Technology Institute, New America Foundation, http://www.newamerica.net/publications/policy/surveillance_costs_the_nsas_impact_on_the_economy_internet_freedom_cybersecurity.

146the White House tried to clarify: Michael Daniel (28 Apr 2014), “Heartbleed: Understanding when we disclose cyber vulnerabilities,” White House Blog, http://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities.

146Stuxnet, used four zero-days: Ryan Naraine (14 Sep 2010), “Stuxnet attackers used 4 Windows zero-day exploits,” ZDNet, http://www.zdnet.com/blog/security/stuxnet-attackers-used-4-windows-zero-day-exploits/7347.

147agency jargon NOBUS: Andrea Peterson (4 Oct 2013), “Why everyone is left less secure when the NSA doesn’t help fix security flaws,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2013/10/04/why-everyone-is-left-less-secure-when-the-nsa-doesnt-help-fix-security-flaws.

147it discloses and closes: David E. Sanger (12 Apr 2014), “Obama lets N.S.A. exploit some Internet flaws, officials say,” New York Times, http://www.nytimes.com/2014/04/13/us/politics/obama-lets-nsa-exploit-some-internet-flaws-officials-say.html. Kim Zetter (15 Apr 2014), “Obama: NSA must reveal bugs like Heartbleed, unless they help the NSA,” Wired, http://www.wired.com/2014/04/obama-zero-day.

147how to make NOBUS decisions: There have been some attempts. Andy Ozment (2–3 Jun 2005), “The likelihood of vulnerability rediscovery and the social utility of vulnerability hunting,” Workshop on Economics and Information Security, Cambridge, Massachusetts, http://infosecon.net/workshop/pdf/10.pdf.

147They’re inherently destabilizing: Robert Axelrod and Rumen Iliev (28 Jan 2014), “Timing of cyber conflict,” Proceedings of the National Academy of Sciences of the United States of America 111, http://www.pnas.org/content/early/2014/01/08/1322638111.full.pdf.

147Backdoors aren’t new: This is a nice nontechnical description of backdoors. Serdar Yegulalp (13 Jun 2014), “Biggest, baddest, boldest software backdoors of all time,” Tech World, http://www.techworld.com.au/slideshow/547475/pictures_biggest_baddest_boldest_software_backdoors_all_time.

147the US government is deliberately: James Ball, Julian Borger, and Glenn Greenwald (5 Sept 2013), “Revealed: How US and UK spy agencies defeat Internet privacy and security,” Guardian, http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security. Guardian (5 Sep 2013), “Project Bullrun—classification guide to the NSA’s decryption program,” Guardian, http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide, http://cryptome.org/2013/09/nsa-bullrun-2-16-guardian-13-0905.pdf.

147One of the NSA documents: US National Security Agency (2012), “SIGINT Enabling Project,” http://www.propublica.org/documents/item/784285-sigint-enabling-project.html.

148The NSA also pressured Microsoft: Lorenzo Franceschi-Bicchierai (11 Sep 2013), “Did the FBI lean on Microsoft for access to its encryption software?” Mashable, http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor.

148Deliberately created vulnerabilities: Jesse Emspak (16 Aug 2012), “FBI surveillance backdoor might open door to hackers,” NBC News, http://www.nbcnews.com/id/48695618/ns/technology_and_science-security/t/fbi-surveillance-backdoor-might-open-door-hackers. Ben Adida et al. (17 May 2013), “CALEA II: Risks of wiretap modifications to endpoints,” Center for Democracy and Technology, https://www.cdt.org/files/pdfs/CALEAII-techreport.pdf. Bruce Schneier (29 May 2013), “The FBI’s new wiretap plan is great news for criminals,” Foreign Policy, http://www.foreignpolicy.com/articles/2013/05/29/the_fbi_s_new_wiretapping_plan_is_great_news_for_criminals.

148Government-mandated access: Susan Landau (2011), Surveillance or Security? The Risks Posed by New Wiretapping Technologies, MIT Press, http://mitpress.mit.edu/books/surveillance-or-security. New York Times (21 Sep 2013), “Close the NSA’s backdoors,” New York Times, http://www.nytimes.com/2013/09/22/opinion/sunday/close-the-nsas-back-doors.html.

148Ericsson built this: Vassilis Prevelakis and Diomidis Spinellis (29 Jun 2007), “The Athens affair,” IEEE Spectrum, http://spectrum.ieee.org/telecom/security/the-athens-affair.

148Something similar occurred in Italy: Alexander Smoltczyk (5 Oct 2006), “Eavesdropping on La Bella Vita: Listening quietly in Italy,” Der Spiegel, http://www.spiegel.de/international/spiegel/eavesdropping-on-la-bella-vita-listening-quietly-in-italy-a-440880.html. John Leyden (14 Apr 2008), “Preatoni breaks silence over Telecom Italia spying probe,” Register, http://www.theregister.co.uk/2008/04/14/telecom_italia_spying_probe_update.

148Chinese hackers exploited: Bruce Schneier (23 Jan 2010), “U.S. enables Chinese hacking of Google,” CNN, http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html.

148every phone switch sold: Susan Landau (23 Mar 2012), “The large immortal machine and the ticking time bomb,” Social Sciences Resarch Network (republished Nov 2013 in Journal of Telecommunications and High Tech Law 11), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2028152.

148NSA regularly exploits: Lawrence Lessig (20 Oct 2014), “Institutional corruption and the NSA: Lawrence Lessig interviews Edward Snowden at Harvard Law,” LeakSourceInfo/YouTube, http://www.youtube.com/watch?v=DksIFG3Skb4.

148Bermuda phone system: Ryan Devereaux, Glenn Greenwald, and Laura Poitras (19 May 2014), “Data pirates of the Caribbean: The NSA is recording every cell phone call in the Bahamas,” Intercept, https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas.

148Another objective of the SIGINT: US National Security Agency (2012), “SIGINT Enabling Project,” http://www.propublica.org/documents/item/784285-sigint-enabling-project.html.

149NSA influenced the adoption: Craig Timberg and Ashkan Soltani (14 Dec 2013), “NSA cracked popular cellphone encryption,” Washington Post, http://www.washingtonpost.com/business/technology/by-cracking-cellphone-code-nsa-has-capacity-for-decoding-private-conversations/2013/12/13/e119b598-612f-11e3-bf45-61f69f54fc5f_story.html.

149a backdoored random number generator: Dan Shumow and Niels Ferguson (21 Aug 2007), “On the possibility of a backdoor in the NIST SP800-90 Dual_EC_PRNG,” Microsoft Corporation, http://rump2007.cr.yp.to/15-shumow.pdf. Matthew Green (18 Sep 2013), “The many flaws of Dual_EC_DRBG,” Cryptography Engineering, http://.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html. D.W. (18 Sep 2013), “Explaining weakness of Dual_EC_PRNG to wider audience?” Cryptography Stack Exchange, https://crypto.stackexchange.com/questions/10417/explaining-weakness-of-dual-ec-drbg-to-wider-audience.

149the NSA masquerades: Ryan Gallagher and Glenn Greenwald (12 Mar 2014), “How the NSA plans to infect ‘millions’ of computers with malware,” Intercept, https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware.

149The UK’s GCHQ can find: Glenn Greenwald (14 Jul 2014), “Hacking online polls and other ways British spies seek to control the Internet,” Intercept, https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet.

149just better-funded hacker tools: Bruce Schneier (21 May 2014), “The NSA is not made of magic,” Schneier on Security, https://www.schneier.com/blog/archives/2014/05/the_nsa_is_not_.html.

149Academics have discussed ways: Nicholas Weaver (13 Mar 2014), “A close look at the NSA’s most powerful Internet attack tool,” Wired, http://www.wired.com/2014/03/quantum. Matt Brian (20 Jun 2014), “Hackers use Snowden leaks to reverse-engineer NSA surveillance devices,” Engadget, http://www.engadget.com/2014/06/20/nsa-bugs-reverse-engineered.

149one top-secret program: Bruce Schneier (4 Oct 2013), “Attacking Tor: How the NSA targets users’ online anonymity,” Guardian, http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.

149technology that allows: We have learned a lot about QUANTUM since my initial story. Nicholas Weaver (13 Mar 2014), “A close look at the NSA’s most powerful attack tool,” Wired, http://www.wired.com/2014/03/quantum. Claudio Guarnieri (24 Jan 2014), “The Internet is compromised,” Medium, https://medium.com/@botherder/the-internet-is-compromised-4c66984abd7d. Der Spiegel (30 Dec 2013), “NSA-Dokumente: So bernimmt der Geheimdienst fremde Rechner,” Der Spiegel, http://www.spiegel.de/fotostrecke/nsa-dokumente-so-uebernimmt-der-geheimdienst-fremde-rechner-fotostrecke-105329.html. Der Spiegel (30 Dec 2013), “NSA-Dokumente: So knackt der Geheimdienst Internetkonten,” Der Spiegel, http://www.spiegel.de/fotostrecke/nsa-dokumente-so-knackt-der-geheimdienst-internetkonten-fotostrecke-105326.html.

149Chinese government uses: Nicholas Weaver, Robin Sommer, and Vern Paxson (8–11 Feb 2009), “Detecting forged TCP reset packets,” Network and Distributed System Security Symposium (NDSS 2009), San Diego, California, http://www.icir.org/vern/papers/reset-injection.ndss09.pdf.

149Hacking Team sells: Morgan Marquis-Boire (15 Aug 2014), “Schrodinger’s cat video and the death of clear-text,” Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-text. Morgan Marquis-Boire (15 Aug 2014), “You can get hacked just by watching this cat video on YouTube,” Intercept, https://firstlook.org/theintercept/2014/08/15/cat-video-hack. Cora Currier and Morgan Marquis-Boire (30 Oct 2014), “Secret manuals show the spyware sold to despots and cops worldwide,” Intercept, https://firstlook.org/theintercept/2014/10/30/hacking-team.

150there are hacker tools: Airpwn (27 May 2009), “Airpwn 1.4,” Sourceforge, http://airpwn.sourceforge.net/Airpwn.html.

150Techniques first developed: Tom Simonite (19 Sep 2012), “Stuxnet tricks copied by computer criminals,” MIT Technology Review, http://www.technologyreview.com/news/429173/stuxnet-tricks-copied-by-computer-criminals.

150software that Elcomsoft sells: Andy Greenberg (2 Sep 2014), “The police tool that pervs use to steal nude pics from Apple’s iCloud,” Wired, http://www.wired.com/2014/09/eppb-icloud.

150once-secret techniques: Mobistealth (2014), “Ultimate cell phone monitoring software,” http://www.mobistealth.com.

150Stuxnet’s target was Iran: Jarrad Shearer (26 Feb 2013), “W32.Stuxnet,” Symantec Corporation, http://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99.

150computers owned by Chevron: Matthew J. Schwartz (12 Nov 2012), “Cyber weapon friendly fire: Chevron Stuxnet fallout,” Information Week, http://www.darkreading.com/attacks-and-breaches/cyber-weapon-friendly-fire-chevron-stuxnet-fallout/d/d-id/1107339.

150industrial plants in Germany: Robert McMillan (14 Sep 2010), “Siemens: Stuxnet worm hit industrial systems,” Computer World, http://www.computerworld.com/s/article/9185419/Siemens_Stuxnet_worm_hit_industrial_systems.

150failure of an Indian satellite: Jeffrey Carr (29 Sep 2010), “Did the Stuxnet worm kill India’s Insat-4B satellite?” Forbes, http://www.forbes.com/sites/firewall/2010/09/29/did-the-stuxnet-worm-kill-indias-insat-4b-satellite.

150Internet blackout in Syria: James Bamford (13 Aug 2014), “Edward Snowden: The untold story,” Wired, http://www.wired.com/2014/08/edward-snowden.

150a technique called DNS injection: Anonymous (Jul 2012), “The collateral damage of internet censorship by DNS injection,” ACM SIGCOMM Computer Communication Review 42, http://www.sigcomm.org/sites/default/files/ccr/papers/2012/July/2317307-2317311.pdf.

151public revelations of the NSA’s activities: Ian Bremmer (18 Nov 2013), “Lost legitimacy: Why governing is harder than ever,” Foreign Affairs, http://www.foreignaffairs.com/articles/140274/ian-bremmer/lost-legitimacy.

151US interests have been significantly harmed: Vivienne Walt (30 Jun 2013), “European officials infuriated by alleged NSA spying on friendly diplomats,” Time, http://world.time.com/2013/06/30/european-officials-infuriated-by-alleged-nsa-spying-on-friendly-diplomats. Anne Gearan (21 Oct 2013), “Report that NSA collected French phone records causing diplomatic headache for U.S.,” Washington Post, http://www.washingtonpost.com/world/national-security/report-that-nsa-collected-french-phone-records-causing-diplomatic-headache-for-us/2013/10/21/bfa74f22-3a76-11e3-a94f-b58017bfee6c_story.html. Zachary Keck (31 Oct 2013), “Outrage over NSA spying spreads to Asia,” Diplomat, http://thediplomat.com/2013/10/outrage-over-nsa-spying-spreads-to-asia. Matthew Karnitschnig (9 Feb 2014), “NSA flap strains ties with Europe,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424052702303874504579372832399168684.

151Relations between the US: David E. Sanger (1 May 2014), “U.S. and Germany fail to reach a deal on spying,” New York Times, http://www.nytimes.com/2014/05/02/world/europe/us-and-germany-fail-to-reach-a-deal-on-spying.html. Mark Landler (2 May 2014), “Merkel signals that tension persists over U.S. spying,” New York Times, http://www.nytimes.com/2014/05/03/world/europe/merkel-says-gaps-with-us-over-surveillance-remain.html.

151Brazil’s president: Juan Forero (17 Sep 2013), “NSA spying scandal spoils dinner at the White House for Brazil’s president,” Washington Post, http://www.washingtonpost.com/world/nsa-spying-scandal-spoils-dinner-at-the-white-house-for-brazils-president/2013/09/17/24f5acf6-1fc5-11e3-9ad0-96244100e647_story.html.

12: Principles

156if our personal spaces and records: These issues are explored in these books. Daniel Solove (2011), Nothing to Hide: The False Tradeoff between Privacy and Security, Yale University Press, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1827982. Susan Landau (2011), Surveillance or Security? The Risks Posed by New Wiretapping Technologies, MIT Press, http://mitpress.mit.edu/books/surveillance-or-security.

156When the security versus privacy: The psychology of security explains a lot of our behavior. Bruce Schneier (11–14 Jun 2008), “The psychology of security,” in Serge Vaudenay, ed., Progress in Cryptology: AFRICACRYPT 2008: First International Conference on Cryptology in Africa, Casablanca, Morocco, Proceedings, Springer, https://www.schneier.comhttps://www.schneier.com/wp-content/uploads/2015/08/paper-psychology-of-security.pdf. Daniel Gardner (2008), The Science of Fear: Why We Fear Things We Shouldn’t—And Put Ourselves in Greater Danger, Penguin, http://books.google.com/books?id=bmyboRubog4C.

156The government basically said: Of course, costs can affect different people in different ways. Politicians fear that they’ll get blamed for future attacks, so they have an incentive to push for lots of visible security measures. Citizens, especially members of unpopular political and religious groups, become the obvious targets for surveillance, but lack a strong, coherent voice to fight back. And large security programs are expensive, benefiting government contractors and the politicians they support.

157find an acceptable trade-off: This paper tries to model that with game theory. Tiberiu Dragu (Feb 2011), “Is there a trade-off between security and liberty? Executive bias, privacy protections, and terrorism prevention,” American Political Science Review 105, http://journals.cambridge.org/download.php?file=%2FPSR%2FS0003055410000614a.pdf&code=193cd836312527364579326df0a7aa58.

157We need to recognize: Susan Landau (2011), Surveillance or Security? The Risks Posed by New Wiretapping Technologies, MIT Press, http://mitpress.mit.edu/books/surveillance-or-security.

158Tor is an excellent example: Electronic Frontier Foundation (28 Nov 2012), “How to help protect your online anonymity using Tor,” https://www.eff.org/sites/default/files/filenode/Basic_Tor_Intro_Guide_FNL.pdf.

158the NSA is continually trying: Everyone else is too, of course. Roger Dingledine (30 Jul 2014), “Tor security advisory: ‘Relay early’ traffic confirmation attack,” Tor Project Blog, https://.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack.

158has been unsuccessful: US National Security Agency (8 Jan 2007), “Tor Stinks,” http://cryptome.org/2013/10/nsa-tor-stinks.pdf.

158the FBI was hacking into: Kevin Poulsen (5 Aug 2014), “Visit the wrong website and the FBI could end up in your computer,” Wired, http://www.wired.com/2014/08/operation_torpedo.

158both the NSA and the GCHQ: Leo Kelion (22 Aug 2014), “NSA and GCHQ agents ‘leak Tor bugs,’ alleges developer,” BBC News, http://www.bbc.com/news/technology-28886462.

158Governments have always spied: Anthony Zurcher (31 Oct 2013), “Roman Empire to the NSA: A world history of government spying,” BBC News, http://www.bbc.com/news/magazine-24749166.

158spy stories in the Old Testament: John M. Cardwell (Winter 1978), “A Bible lesson on spying,” Studies in Intelligence, http://southerncrossreview.org/44/cia-bible.htm.

158We don’t (yet) design: There is an important and complicated discussion that needs to happen about the relative risks of terrorism, and how much damage terrorists can do with the technologies available to them, but it is beyond the scope of this book. Bruce Schneier (14 Mar 2013), “Our security models will never work—no matter what we do,” Wired, http://www.wired.com/2013/03/security-when-the-bad-guys-have-technology-too-how-do-we-survive.

159both corporations and governments: Of course, the process of trusting is far less rational than that. Bruce Schneier (2012), Liars and Outliers: Enabling the Trust That Society Needs to Thrive, Wiley, http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118143302.html.

159too much information is exempted: Isolated bubbles of secrecy are always required in any organization, so that people within the organization can do their job properly: votes in a tenure committee, or deliberations preceding a controversial decision. Making things like this transparent can suppress some of the independence of the decision-making process. Deciders will be more concerned about how their decision processes will look to outsiders than they will be with making a good decision.

159we cannot judge the fairness: Adrian J. Lee and Sheldon H. Jacobson (May 2012), “Addressing passenger risk uncertainty for aviation security screening,” Transportation Science 46, http://pubsonline.informs.org/doi/abs/10.1287/trsc.1110.0384. Susan Stellin (21 Oct 2013), “Security check now starts long before you fly,” New York Times, http://www.nytimes.com/2013/10/22/business/security-check-now-starts-long-before-you-fly.html. Alissa Wickham (7 Mar 2014), “TSA halts program to screen passengers’ online data,” Law 360, http://www.law360.com/articles/516452/tsa-halts-program-to-screen-passengers-online-data.

159the IRS’s algorithms: Amber Torrey (Apr 2008), “The discriminant analysis used by the IRS to predict profitable individual tax return audits,” Bryant University, http://digitalcommons.bryant.edu/cgi/viewcontent.cgi?article=1000&context=honors_mathematics.

160the existing power imbalance: This is the problem with David Brin’s transparent society: transparency is not value-free. When a police officer demands to see your ID, your being able to see his ID doesn’t balance things out. David Brin (1998), The Transparent Society: Will Technology Force Us to Choose between Privacy and Freedom? Basic Books, http://www.davidbrin.com/transparentsociety1.html.

160the same with transparency and surveillance: Iceland’s Pirate Party (yes, it’s a real political party) put it extremely well in 2014: “The individual’s right to privacy means protecting the powerless from the abuse of the more powerful, and transparency means opening the powerful to the supervision of the powerless.” Paul Fontaine (19 Aug 2014), “Prime Minister learns what ‘transparency’ means,” Grapevine, http://grapevine.is/news/2014/08/19/prime-minister-learns-what-transparency-means.

160Institutional transparency reduces: There are, of course, exceptions to this rule. There is value in ankle monitors for people convicted of crimes, even though that reduces the power of the criminals being monitored.

160Transparency doesn’t come easily: Peter Watts (9 May 2014), “The scorched earth society: A suicide bomber’s guide to online privacy,” Symposium of the International Association of Privacy Professionals, Toronto, Ontario, http://www.rifters.com/real/shorts/TheScorchedEarthSociety-transcript.pdf.

160police harass and prosecute: Ray Sanchez (19 Jul 2010), “Growing number of prosecutions for videotaping the police,” ABC News, http://abcnews.go.com/US/TheLaw/videotaping-cops-arrest/story?id=11179076.

160some jurisdictions have: Those laws are unconstitutional. Kathryn Marchocki (25 May 2014), “Court rules Free State project president had right to film Weare police during a traffic stop,” New Hampshire Union Leader, http://www.unionleader.com/apps/pbcs.dll/article?AID=/20140525/NEWS07/140529379.

160Cops in Chicago have: David Lepeska (27 Dec 2011), “When police abuse surveillance cameras,” CityLab, http://www.citylab.com/politics/2011/12/surveillance-cameras-threat-police-privacy/806.

160San Diego Police Department: Sara Libby (18 Aug 2014), “Even when police do wear cameras, don’t count on seeing the footage,” CityLab, http://www.citylab.com/crime/2014/08/even-when-police-do-wear-cameras-you-cant-count-on-ever-seeing-the-footage/378690.

160police routinely prevented protesters: Chris Matyszczyk (14 Aug 2014), “Ferguson, Mo., unrest tests legal right to film police,” CNET, http://www.cnet.com/news/ferguson-unrest-tests-legal-right-to-film-police. Hillel Italie (19 Aug 2014), “Ferguson arrests include at least 10 journalists,” Associated Press, http://abcnews.go.com/Entertainment/wireStory/ferguson-arrests-include-10-journalists-25044845.

160Los Angeles police even: Cyrus Farivar (8 Apr 2014), “LAPD officers monkey-wrenched cop-monitoring gear in patrol cars,” Ars Technica, http://arstechnica.com/tech-policy/2014/04/lapd-officers-monkey-wrenched-cop-monitoring-gear-in-patrol-cars.

160declining half-life of secrets: Peter Swire (5–6 Jun 2014), “The declining half-life of secrets and the future of signals intelligence,” 7th Privacy Law Scholars Conference, Washington, D.C., http://www.law.berkeley.edu/plsc.htm.

160the NSA spied on the cell phone: Jacob Appelbaum et al. (23 Oct 2013), “Berlin complains: Did US tap Chancellor Merkel’s mobile phone?” Der Spiegel, http://www.spiegel.de/international/world/merkel-calls-obama-over-suspicions-us-tapped-her-mobile-phone-a-929642.html. Ian Traynor, Philip Oltermann, and Paul Lewis (23 Oct 2013), “Angela Merkel’s call to Obama: Are you bugging my mobile phone?” Guardian, http://www.theguardian.com/world/2013/oct/23/us-monitored-angela-merkel-german.

161It was a private men’s club: This excellent book on Soviet spy Kim Philby talks about the clubbiness in spy agencies. Ben Macintyre (2014), A Spy among Friends: Kim Philby and the Great Betrayal, Crown, http://books.google.com/books?id=wIzIAgAAQBAJ.

161Moving from employer to employer: Charles Stross (18 Aug 2013), “Spy kids,” Foreign Policy, http://www.foreignpolicy.com/articles/2013/08/28/spy_kids_nsa_surveillance_next_generation.

161Recall that five million: US Office of Management and Budget (Feb 2014), “Suitability and security processes review,” http://www.fas.org/sgp/othergov/omb/suitsec-2014.pdf.

161Younger people are much more comfortable: USC Annenberg School for Communication and Journalism (22 Apr 2013), “Is online privacy over? Findings from the USC Annenberg Center for the Digital Future show millennials embrace a new online reality,” USC Annenberg News, http://annenberg.usc.edu/News%20and%20Events/News/130422CDF_Millennials.aspx. Mary Madden et al. (21 May 2013), “Teens, social media, and privacy,” Pew Research Internet Project, http://www.pewinternet.org/files/2013/05/PIP_TeensSocialMediaandPrivacy_PDF.pdf.

161tougher sell convincing this crowd: To be fair, we don’t know whether this is a substantive difference between this generation and older generations, or whether this is a simple age-cohort effect that will change as they get older and have more secrets that matter.

161we should strive for transparency: I think of institutional secrecy rather like chemotherapy. Yes, the cancer treatment would kill the patient slowly, but it kills the cancer cells faster, and is therefore a net benefit. If we could find an effective cancer treatment that wasn’t so toxic, we would dump chemo in a minute. Anytime we can find a less harmful substitute for institutional secrecy, we should use it.

162This was nicely explained: Charlie Rose, Inc. (29 Jul 2013), “General Michael Hayden, former director of the NSA and the CIA and principal with the Chertoff Group,” The Charlie Rose Show, http://www.charlierose.com/watch/60247615.

163organizations are less likely: Nassim Nicholas Taleb and Constantine Sandis (1 Oct 2013), “The skin in the game heuristic for protection against tail events,” Review of Behavioral Economics 1, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2298292.

164Advancing technology adds: Any complex system that is both nonlinear and tightly coupled will have catastrophic failures. Charles Perrow (1984), Normal Accidents: Living with High-Risk Technologies, Princeton University Press, https://encrypted.google.com/books?id=VC5hYoMw4N0C.

164If systemic imperfections: Supposedly it’s therapeutic to think this way. Kevin Griffin (23 Sep 2011), “Step 9 of Buddhist addiction recovery: The freedom of imperfection,” Huffington Post, http://www.huffingtonpost.com/kevin-griffin/buddhist-addiction-recovery-step-9_b_958708.html.

164If something is going to fail: Yacov Y. Haimes (Apr 2009), “On the definition of resilience in systems,” Risk Analysis: An International Journal 29, http://onlinelibrary.wiley.com/doi/10.1111/j.1539-6924.2009.01216.x/abstract.

164resilience comes from: Jesse Robbins et al. (Nov 2012), “Resilience engineering: Learning to embrace failure,” Communications of the ACM 55, http://queue.acm.org/detail.cfm?id=2371297.

164I am advocating for: Some ideas are here. Warigia Bowman and L. Jean Camp (Apr 2013), “Protecting the Internet from dictators: Technical and policy solutions to ensure online freedoms,” Innovation Journal 18, http://www.innovation.cc/scholarly-style/warigia_camp_bowman5edits18vi1a3.pdf.

164the NSA has been entrusted: James Bamford (2002), Body of Secrets: Anatomy of the Ultra-Secret National Security Agency, Anchor, http://www.randomhouse.com/features/bamford/author.html.

165Jack Goldsmith, a Harvard law: Jack Goldsmith (12 Apr 2014), “Cyber paradox: Every offensive weapon is a (potential) chink in our defense—and vice versa,” Lawfare, http://www.lawfareblog.com/2014/04/cyber-paradox-every-offensive-weapon-is-a-potential-chink-in-our-defense-and-vice-versa.

165StingRay might have been: Stephanie K. Pell and Christopher Soghoian (15 May 2014), “Your secret Stingray’s no secret anymore: The vanishing government monopoly over cell phone surveillance and its impact on national security and consumer privacy,” Harvard Journal of Law and Technology (forthcoming), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2437678.

165dozens of these devices: Kim Zetter (3 Sep 2014), “Phone firewall identifies rogue cell towers trying to intercept your calls,” Wired, http://www.wired.com/2014/09/cryptophone-firewall-identifies-rogue-cell-towers. Ashkan Soltani and Craig Timberg (17 Sep 2014), “Tech firm tries to pull back curtain on surveillance efforts in Washington,” Washington Post, http://www.washingtonpost.com/world/national-security/researchers-try-to-pull-back-curtain-on-surveillance-efforts-in-washington/2014/09/17/f8c1f590-3e81-11e4-b03f-de718edeb92f_story.html.

13: Solutions for Government

167President Obama set up: Richard A. Clarke et al. (12 Dec 2013), “Liberty and security in a changing world: Report and recommendations of the President’s Review Group on Intelligence and Communications Technologies,” US Executive Office of the President, http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.

167“Necessary and Proportionate” principles: Electronic Frontier Foundation (May 2014), “Necessary and proportionate: International principles on the applications of human rights law to communications surveillance: Background and supporting legal analysis,” https://en.necessaryandproportionate.org.

168International Principles: Electronic Frontier Foundation (5 Jan 2014), “13 international principles on the application of human rights to communication surveillance,” https://necessaryandproportionate.org/files/2014/01/05/13p-onepagerfinal.pdf.

170Since 9/11, the Bush and Obama: To take one example, Director of National Intelligence James Clapper said, “Disclosing information about the specific methods the government uses to collect communications can obviously give our enemies a ‘playbook’ of how to avoid detection.” Associated Press (9 Jun 2013), “Intelligence chief James Clapper defends Internet spying program,” New York Daily News, http://www.nydailynews.com/news/politics/intelligence-chief-james-clapper-defends-internet-spying-program-article-1.1367423.

170And sometimes we need: In 2014, we learned that Israel intercepted diplomatic communications between US Secretary of State John Kerry and various countries in the Middle East. Der Spiegel (3 Aug 2014), “Wiretapped: Israel eavesdropped on John Kerry in Mideast talks,” Der Spiegel, http://www.spiegel.de/international/world/israel-intelligence-eavesdropped-on-phone-calls-by-john-kerry-a-984246.html.

170Criminals can read up: Conor Friedersdorf (18 Mar 2014), “Why isn’t the Fourth Amendment classified as top secret?” Atlantic, http://www.theatlantic.com/politics/archive/2014/03/why-isnt-the-fourth-amendment-classified-as-top-secret/284439.

170Yet the police regularly manage: Remember that much of this came as a reaction to police abuse. It isn’t that the police are less likely to abuse the rules; it’s that we’ve had longer to develop rules to control them.

171Terrorists don’t cause: Bruce Schneier (31 Jul 2012), “Drawing the wrong lesson from horrific events,” CNN, http://www.cnn.com/2012/07/31/opinion/schneier-aurora-aftermath/index.html.

171We have to design systems: IT security people call nontransparent security systems “security by obscurity.” Good security design is the opposite of that: it works even if all the details are made public. Bruce Schneier (15 May 2002), “Secrecy, security, and obscurity,” Crypto-Gram, https://www.schneier.com/crypto-gram-0205.html#1.

171the US gave up trying: Michael J. Selgelid (Sep 2009), “Governance of dual-use research: An ethical dilemma,” Bulletin of the World Health Organization 87, http://www.who.int/bulletin/volumes/87/9/08-051383/en. Carl Zimmer (5 Mar 2012), “Amateurs are new fear in creating mutant virus,” New York Times, http://www.nytimes.com/2012/03/06/health/amateur-biologists-are-new-fear-in-making-a-mutant-flu-virus.html. Michael Specter (12 Mar 2012), “The deadliest virus,” New Yorker, http://www.newyorker.com/magazine/2012/03/12/the-deadliest-virus. Arturo Casadevall (Jan/Feb 2014), “Redaction of sensitive data in the publication of dual use research of concern,” mBio 5, http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3884058.

171Military thinkers now realize: Beth M. Kaspar (Aug 2001), “The end of secrecy? Military competitiveness in the age of transparency,” Occasional Paper No. 23, Center for Strategy and Technology, Air War College, Air University, Maxwell Air Force Base, Alabama, http://www.fas.org/sgp/eprint/kaspar.pdf.

172The NSA has justified: US National Security Agency (31 Oct 2013), “NSA’s activities: Valid foreign intelligence targets are the focus,” http://www.nsa.gov/public_info/press_room/2013/NSA_Activities_Valid_FI_Targets.pdf.

172We know from recently declassified: In one opinion, Judge Bates held that the “NSA exceeded the scope of authorized acquisition continuously.” Spencer Ackerman (19 Nov 2013), “FISA court order that allowed NSA surveillance is revealed for first time,” Guardian, http://www.theguardian.com/world/2013/nov/19/court-order-that-allowed-nsa-surveillance-is-revealed-for-first-time. Yochai Benkler (16 Oct 2013), “How the NSA and FBI foil weak oversight,” Guardian, http://www.theguardian.com/commentisfree/2013/oct/16/nsa-fbi-endrun-weak-oversight. John D. Bates (3 Oct 2011), “Memorandum opinion,” (case title and number redacted), US Foreign Intelligence Surveillance Court, https://www.aclu.org/files/assets/fisc_opinion_10.3.2011.pdf. Marcy Wheeler (22 Aug 2014), “This is why you can’t trust the NSA. Ever,” Week, http://theweek.com/article/index/266785/this-is-why-you-cant-trust-the-nsa-ever.

172The NSA has gamed the rules: Peter Wallsten (10 Aug 2013), “Lawmakers say obstacles limited oversight of NSA’s telephone surveillance program,” Washington Post, http://www.washingtonpost.com/politics/2013/08/10/bee87394-004d-11e3-9a3e-916de805f65d_story.html.

172Members of Congress can’t: Glenn Greenwald (4 Aug 2013), “Members of Congress denied access to basic information about NSA,” Guardian, http://www.theguardian.com/commentisfree/2013/aug/04/congress-nsa-denied-access.

172They can only bring along: Ailsa Chang (11 Jun 2013), “What did Congress really know about NSA tracking?” All Things Considered, NPR, http://www.npr.org/s/itsallpolitics/2013/06/11/190742087/what-did-congress-really-know-about-nsa-tracking.

172they’re lobbied heavily: Ron Wyden (29 Jan 2014), “Wyden statement at Senate Intelligence Committee’s open hearing,” http://www.wyden.senate.gov/news/press-releases/wyden-statement-at-senate-intelligence-committees-open-hearing.

172Senator Dianne Feinstein: Dianne Feinstein (28 Oct 2013), “Feinstein statement on intelligence collection of foreign leaders,” http://www.feinstein.senate.gov/public/index.cfm/2013/10/feinstein-statement-on-intelligence-collection-of-foreign-leaders.

172Congressman Alan Grayson: Alan Grayson (25 Oct 2013), “Congressional oversight of the NSA is a joke. I should know, I’m in Congress,” Guardian, http://www.theguardian.com/commentisfree/2013/oct/25/nsa-no-congress-oversight.

172In 2014, I was invited: Bruce Schneier (16 Jan 2014), “Today I briefed Congress on the NSA,” Schneier on Security, https://www.schneier.com/blog/archives/2014/01/today_i_briefed.html.

173There’s also political risk: Peter Wallsten (10 Aug 2013), “Lawmakers say obstacles limited oversight of NSA’s telephone surveillance program,” Washington Post, http://www.washingtonpost.com/politics/2013/08/10/bee87394-004d-11e3-9a3e-916de805f65d_story.html. Glenn Greenwald (4 Aug 2013), “Members of Congress denied access to basic information about NSA,” Guardian, http://www.theguardian.com/commentisfree/2013/aug/04/congress-nsa-denied-access.

173Executive Order 12333: John Napier Tye (18 Jul 2014), “Meet Executive Order 12333: The Reagan rule that lets the NSA spy on Americans,” Washington Post, http://www.washingtonpost.com/opinions/meet-executive-order-12333-the-reagan-rule-that-lets-the-nsa-spy-on-americans/2014/07/18/93d2ac22-0b93-11e4-b8e5-d0de80767fc2_story.html. Charlie Savage and Alicia Parlapiano (13 Aug 2014), “Two sets of rules for surveillance, within U.S. and on foreign soil,” New York Times, http://www.nytimes.com/interactive/2014/08/13/us/two-sets-of-rules-for-surveillance.html. Ellen Nakashima and Ashkan Soltani (23 Jul 2014), “Privacy watchdog’s next target: The least-known but biggest aspect of NSA surveillance,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2014/07/23/privacy-watchdogs-next-target-the-least-known-but-biggest-aspect-of-nsa-surveillance. Charlie Savage (13 Aug 2014), “Reagan-era order on surveillance violates rights, says departing aide,” New York Times, http://www.nytimes.com/2014/08/14/us/politics/reagan-era-order-on-surveillance-violates-rights-says-departing-aide.html.

173It is supposed to: Alex Abdo (29 Sep 2014), “New documents shed light on one of the NSA’s most powerful tools,” Free Future, https://www.aclu.org/blog/national-security/new-documents-shed-light-one-nsas-most-powerful-tools.

173the president believed: Marcy Wheeler (7 Dec 2007), “Whitehouse reveals smoking gun of White House claiming not to be bound by any law,” Empty Wheel, https://www.emptywheel.net/2007/12/07/whitehouse-rips-the-white-house.

173The example the administration: Justin Elliott (17 Jun 2013), “Remember when the Patriot Act debate was all about library records?” Pro Publica, http://www.propublica.org/article/remember-when-the-patriot-act-debate-was-about-library-records.

174Eventually they decided to argue: Mike Masnick (17 Sep 2013), “Court reveals ‘secret interpretation’ of the Patriot Act, allowing NSA to collect all phone call data,” Tech Dirt, https://www.techdirt.com/articles/20130917/13395324556/court-reveals-secret-interpretation-patriot-act-allowing-nsa-to-collect-all-phone-call-data.shtml.

174Even Congressman Jim Sensenbrenner: Andrea Peterson (11 Oct 2013), “Patriot Act author: ‘There has been a failure of oversight,’” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2013/10/11/patriot-act-author-there-has-been-a-failure-of-oversight.

174“It’s like scooping up”: Jennifer Valentino-DeVries and Siobhan Gorman (8 Jul 2013), “Secret court’s redefinition of ‘relevant’ empowered vast NSA data-gathering,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887323873904578571893758853344.

175We saw this in the 1970s: US Senate (23 Apr 1976), “Final report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities: National Security Agency Surveillance affecting Americans,” US Government Printing Office, http://www.aarclibrary.org/publib/church/reports/book3/pdf/ChurchB3_10_NSA.pdf.

175the same thing happened in the UK: Caspar Bowden (23 Aug 2012), “Submission to the Joint Committee on the draft Communications Data Bill,” http://www.academia.edu/6002584/Submission_to_the_Joint_Committee_on_the_draft_Communications_Data_Bill.

175It was intentionally drafted: During one recent litigation, one judge called it a “difficult if not impenetrable statute,” and the government’s own attorney called it “convoluted legislation.” Owen Bowcott (18 Jul 2014), “Intelligence services ‘creating vast databases’ of intercepted emails,” Guardian, http://www.theguardian.com/uk-news/2014/jul/18/intelligence-services-email-database-internet-tribunal.

175didn’t actually legalize mass surveillance: EU law also applies to the UK, and mass surveillance under RIPA violates the European Convention on Human Rights. Nick Hopkins (28 Jan 2014), “Huge swath of GCHQ mass surveillance is illegal, says top lawyer,” Guardian, http://www.theguardian.com/uk-news/2014/jan/28/gchq-mass-surveillance-spying-law-lawyer.

175President Obama tried to reassure: President Obama said that the NSA programs were “under very strict supervision by all three branches of government.” Barack Obama (7 Jun 2013), “Transcript: Obama’s remarks on NSA controversy,” Wall Street Journal, http://s.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy.

175His statement was deeply misleading: Electronic Privacy Information Center (2014), “Foreign Intelligence Surveillance Act court orders 1979–2014,” https://epic.org/privacy/wiretap/stats/fisa_stats.html.

176telephone metadata collection program: The ACLU discusses why this needs to be reformed. American Civil Liberties Union (2014), “Reform the Patriot Act Section 215,” https://www.aclu.org/free-speech-national-security-technology-and-liberty/reform-patriot-act-section-215.

176bulk records collection: The ACLU also discusses why this needs to be reformed. Jameel Jaffer (19 Mar 2014), “Submission of Jameel Jaffer, Deputy Legal Director, American Civil Liberties Union,” Privacy and Civil Liberties Oversight Board Public Hearing on Section 702 of the FISA Amendments Act, http://www.pclob.gov/Library/Meetings-Events/2014-March-19-Public-Hearing/Testimony_Jaffer.pdf.

176There’s just too much secrecy: There was a telling exchange at a US Senate Intelligence Committee hearing between Senator Ron Wyden of Oregon and then NSA director Keith Alexander. Wyden asked Alexander whether the NSA collected Americans’ cell phone location data in bulk. Alexander replied that the NSA did not collect it under the authority delineated in Section 215 of the PATRIOT Act. Wyden then asked Alexander whether the NSA collected it under any other authority. Alexander refused to answer. Robyn Greene (27 Sep 2013), “It’s official: NSA wants to suck up all American’s phone records,” Washington Markup, https://www.aclu.org/blog/national-security/its-official-nsa-wants-suck-all-americans-phone-records.

176When companies refuse: Marcy Wheeler (14 Aug 2014), “The majority of 215 orders come from Internet companies that refuse NSLs,” Empty Wheel, http://www.emptywheel.net/2014/08/14/the-bulk-of-215-orders-come-from-internet-companies-that-refuse-nsls.

176the NSA has repeatedly threatened: Marcy Wheeler (23 Jun 2014), “The single branch theory of oversight,” Cato Unbound, http://www.cato-unbound.org/2014/06/23/marcy-wheeler/single-branch-theory-oversight.

176They produced: Richard A. Clarke et al. (12 Dec 2013), “Liberty and security in a changing world: Report and recommendations of the President’s Review Group on Intelligence and Communications Technologies,” US Executive Office of the President, http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.

176President Obama agreed: Barack Obama (17 Jan 2014), “Remarks by the President on review of signals intelligence,” US Executive Office of the President, http://www.whitehouse.gov/the-press-office/2014/01/17/remarks-president-review-signals-intelligence.

176In 2004, Congress created: Garrett Hatch (27 Aug 2012), “Privacy and Civil Liberties Oversight Board: New independent agency status,” Congressional Research Service, http://www.fas.org/sgp/crs/misc/RL34385.pdf.

176The group’s 2014 report: Privacy and Civil Liberties Oversight Board (2 Jul 2014), “Report on the surveillance program operated pursuant to Section 702 of the Foreign Intelligence Surveillance Act,” http://www.pclob.gov/All%20Documents/Report%20on%20the%20Section%20702%20Program/PCLOB-Section-702-Report.pdf.

176It was widely panned: American Civil Liberties Union (2 Jul 2014), “Government privacy watchdog signs off on much of NSA warrantless wiretapping program,” https://www.aclu.org/national-security/government-privacy-watchdog-signs-much-nsa-warrantless-wiretapping-program. Jennifer Granick (2 Jul 2014), “Did PCLOB answer my eight questions about Section 702?” Just Security, http://justsecurity.org/12516/pclob-answer-questions-section-702.

176We need meaningful rules: Frederick A. O. Schwarz Jr. (12 Mar 2014), “Why we need a new Church Committee to fix our broken intelligence system,” Nation, http://www.thenation.com/article/178813/why-we-need-new-church-committee-fix-our-broken-intelligence-system.

177Contrary to what many: This is one example. Gregory Conti, Lisa Shay, and Woodrow Hartzog (Summer 2014), “Deconstructing the relationship between privacy and security,” IEEE Technology and Society Magazine 33, http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6824305.

177Secret warrants don’t work: Jameel Jaffer (19 Mar 2014), “Submission of Jameel Jaffer, Deputy Legal Director, American Civil Liberties Union,” Privacy and Civil Liberties Oversight Board Public Hearing on Section 702 of the FISA Amendments Act, http://www.pclob.gov/Library/Meetings-Events/2014-March-19-Public-Hearing/Testimony_Jaffer.pdf.

177Some surveillance orders bypass: Privacy SOS (10 Dec 2013), “No evidence, no worries: on the use of secret subpoenas,” http://www.privacysos.org/node/1263.

177Start with the FISA Court: Andrew Nolan, Richard M. Thompson II, and Vivian S. Chu (25 Oct 2013), “Introducing a public advocate into the Foreign Intelligence Surveillance Act’s courts: Select legal issues,” Congressional Research Service, http://fas.org/sgp/crs/intel/advocate.pdf. Stephen I. Vladeck et al. (29 May 2013), “The case for a FISA ‘Special Advocate,’” Constitution Project, http://www.constitutionproject.org/wp-content/uploads/2014/05/The-Case-for-a-FISA-Special-Advocate_FINAL.pdf. Covington & Burling (May 2014), “The constitutionality of a public advocate for privacy,” http://www.insideprivacy.com/files/2014/07/The-Constitutionality-of-a-Public-Advocate-for-Pri.pdf.

177more steps are needed: Joel Reidenberg (2 Nov 2013), “The data surveillance state in the US and Europe,” Wake Forest Law Review (forthcoming), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2349269.

177Snowden was rebuffed repeatedly: Edward Snowden (7 Mar 2014), “Statement to European Parliament,” http://www.europarl.europa.eu/document/activities/cont/201403/20140307ATT80674/20140307ATT80674EN.pdf.

178Other law enforcement agencies: Merrick Bobb (16 Nov 2005), “Internal and external police oversight in the United States,” Police Assessment Resource Center, http://www.parc.info/client_files/altus/10-19%20altus%20conf%20paper.pdf.

178more transparency, the better: Michael P. Weinbeck (3 Jun 2010), “Watching the watchmen: Lessons for federal law enforcement from America’s cities,” William Mitchell Law Review 36, http://www.wmitchell.edu/lawreview/documents/12.weinbeck.pdf. Eduardo L. Calderon and Maria Hernandez-Figueroa (Jan 2013), “Citizen oversight committees in law enforcement,” California State University Fullerton Center for Public Policy, http://cpp.fullerton.edu/cpp_policeoversight_report.pdf.

178democracies need to be leaky: David Pozen (20 Dec 2013), “The leaky leviathan: Why the government condemns and condones unlawful disclosures of information,” Harvard Law Review 127, http://harvardlawreview.org/2013/12/the-leaky-leviathan-why-the-government-condemns-and-condones-unlawful-disclosures-of-information. Rahul Sagar (20 Dec 2013), “Creaky leviathan: A comment on David Pozen’s Leaky Leviathan,” Harvard Law Review Forum 127, http://cdn.harvardlawreview.org/wp-content/uploads/pdfs/forvol127_sagar.pdf.

178whistleblowing the civil disobedience: These two essays make this point. danah boyd (19 Jul 2013), “Whistleblowing is the new civil disobedience: Why Edward Snowden matters,” apophenia, http://www.zephoria.org/thoughts/archives/2013/07/19/edward-snowden-whistleblower.html. William E. Scheuerman (Sep 2014), “Whistleblowing as civil disobedience: The case of Edward Snowden,” Philosophy and Social Criticism 40, http://psc.sagepub.com/content/40/7/609.abstract.

178The NGO Human Rights Watch: G. Alex Sinha (28 Jul 2014), “With liberty to monitor all,” Human Rights Watch, http://www.hrw.org/reports/2014/07/28/liberty-monitor-all-0.

178whistleblowers provide another oversight: Rahul Sagar (2013), Secrets and Leaks: The Dilemma of State Secrecy, Princeton University Press, http://press.princeton.edu/titles/10151.html.

178Just as we have laws: Mary-Rose Papandrea (Mar 2014), “Leaker traitor whistleblower spy: National security leaks and the First Amendment,” Boston University Law Review 94, http://www.bu.edu/bulawreview/files/2014/05/PAPANDREA.pdf.

178Once they are in place: Bruce Schneier (6 Jun 2013), “What we don’t know about spying on citizens: Scarier than what we know,” Atlantic, http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607.

178The clever thing about this: Yochai Benkler delineated criteria that the courts can use to decide this. Yochai Benkler (Jul 2014), “A public accountability defense for national security leakers and whistleblowers,” Harvard Review of Law and Policy 8, http://benkler.org/Benkler_Whistleblowerdefense_Prepub.pdf.

178Someone like Snowden: Yochai Benkler makes the case that the smartest thing the US could do is to give Edward Snowden immunity and let him return to the US. Yochai Benkler (8 Sep 2014), “Want to reform the NSA? Give Edward Snowden immunity,” Atlantic, http://www.theatlantic.com/politics/archive/2014/09/want-to-reform-the-nsa-give-edward-snowden-immunity/379612/2.

179We encourage individuals: US Department of Labor (2014), “The Whistleblower Protection Programs,” http://www.whistleblowers.gov.

179we need to protect whistleblowing: Glenn Reynolds has some ideas on how to maximize the benefits of whistleblowing while minimizing the harm. Glenn Reynolds (15 Sep 2014), “Don’t fear the leaker: Thoughts on bureaucracy and ethical whistleblowing,” Social Sciences Research Network, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2496400.

179Axel Arnbak said about: Axel Arnbak (30 Sep 2013), “The question lawyers don’t ask: Can law address total transnational surveillance?” Congress on Privacy and Surveillance, Lausanne, Switzerland, http://ic.epfl.ch/privacy-surveillance.

1792014 UN report concluded: Ben Emmerson (23 Sep 2014), “Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism,” United Nations General Assembly, Sixty-ninth session, Agenda item 68(a), https://docs.google.com/document/d/18U1aHmKx9jfDQjCZeAUYZdRjl6iF4QjuS_aJO2Uy7NY/edit?pli=1.

180a baby step in this direction: Kim Zetter (22 Oct 2013), “Court rules probable-cause warrant required for GPS trackers,” Wired, http://www.wired.com/2013/10/warrant-required-gps-trackers.

180another in 2014: Robert Barnes (25 Jun 2014), “Supreme Court says police must get warrants for most cellphone searches,” Washington Post, http://www.washingtonpost.com/national/supreme-court-police-must-get-warrants-for-most-cellphone-searches/2014/06/25/e2ff1326-fc6b-11e3-8176-f2c941cf35f1_story.html.

180we need to overturn: Orin Kerr and Greg Nojeim (1 Aug 2012), “The data question: Should the third-party records doctrine be revisited?” ABA Journal, http://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited. Colleen Maher Ernst (Jan 2014), “A proposed revision of the third-party doctrine,” Harvard Journal of Law and Public Policy 37, http://www.harvard-jlpp.com/wp-content/uploads/2014/01/37_1_329_Maher.pdf. Richard M. Thompson II (5 Jun 2014), “The Fourth Amendment third-party doctrine,” Congressional Research Service, http://fas.org/sgp/crs/misc/R43586.pdf.

180The police should need a warrant: Currently, Justice Sotomayor is the only Supreme Court justice who has written in favor of making these changes. Richard M. Thompson II (5 Jun 2014), “The Fourth Amendment third-party doctrine,” Congressional Research Service, http://fas.org/sgp/crs/misc/R43586.pdf.

180also hoarding vulnerabilities: In 2014, the Russians used a zero-day vulnerability in Windows to spy on both NATO and the Ukrainian government. Ellen Nakashima (13 Oct 2014), “Russian hackers use ‘zero-day’ to hack NATO, Ukraine in cyber-spy campaign,” Washington Post, http://www.washingtonpost.com/world/national-security/russian-hackers-use-zero-day-to-hack-nato-ukraine-in-cyber-spy-campaign/2014/10/13/f2452976-52f9-11e4-892e-602188e70e9c_story.html.

181Some people believe the NSA: Cory Doctorow (11 Mar 2014), “If GCHQ wants to improve national security it must fix our technology,” Guardian, http://www.theguardian.com/technology/2014/mar/11/gchq-national-security-technology. Dan Geer (2013), “Three policies,” http://geer.tinho.net/three.policies.2013Apr03Wed.PDF.

181Others claim that this would: David E. Sanger (29 Apr 2014), “White House details thinking on cybersecurity flaws,” New York Times, http://www.nytimes.com/2014/04/29/us/white-house-details-thinking-on-cybersecurity-gaps.html.

181President Obama’s NSA review group: It’s recommendation 30. Richard A. Clarke et al. (12 Dec 2013), “Liberty and security in a changing world: Report and recommendations of The President’s Review Group on Intelligence and Communications Technologies,” US Executive Office of the President, http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.

181I have made this point myself: Bruce Schneier (19 May 2014), “Should U.S. hackers fix cybersecurity holes or exploit them?” Atlantic, http://www.theatlantic.com/technology/archive/2014/05/should-hackers-fix-cybersecurity-holes-or-exploit-them/371197.

181This is what the NSA: Michael Daniel (28 Apr 2014), “Heartbleed: Understanding when we disclose cyber vulnerabilities,” White House Blog, http://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities. David E. Sanger (28 Apr 2014), “White House details thinking on cybersecurity flaws,” New York Times, http://www.nytimes.com/2014/04/29/us/white-house-details-thinking-on-cybersecurity-gaps.html. Christopher Joye (8 May 2014), “Interview transcript: Former head of the NSA and commander of the US cyber command, General Keith Alexander,” Australian Financial Review, http://www.afr.com/Page/Uuid/b67d7b3e-d570-11e3-90e8-355a30324c5f.

182why the technical community: Bruce Schneier (5 Sep 2013), “The US government has betrayed the internet. We need to take it back,” Guardian, http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying. Stephen Farrell (2013), “Pervasive monitoring is an attack,” Internet Engineering Task Force Trust, Network Working Group, http://tools.ietf.org/pdf/draft-farrell-perpass-attack-00.pdf.

182the FBI is continually trying: Charlie Savage (27 Sep 2010), “U.S. tries to make it easier to wiretap the Internet,” New York Times, http://www.nytimes.com/2010/09/27/us/27wiretap.html. Ryan Singel (17 Feb 2011), “FBI pushes for surveillance backdoors in Web 2.0 tools,” Wired, http://www.wired.com/2011/02/fbi-backdoors. Valerie Caproni (17 Feb 2011), “Statement before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security, Washington, D.C.,” US Federal Bureau of Investigation, http://www.fbi.gov/news/testimony/going-dark-lawful-electronic-surveillance-in-the-face-of-new-technologies.

182and to each other’s: This isn’t new. In the 1980s and 1990s, the NSA inserted backdoors into the hardware encryption products sold by the Swiss company Crypto AG. Scott Shane and Tom Bowman (4 Dec 1995), “Rigging the game,” Baltimore Sun, http://cryptome.org/jya/nsa-sun.htm. Wayne Madsen (Winter 1998), “Crypto AG: The NSA’s Trojan whore?” Covert Action Quarterly 63, http://mediafilter.org/caq/cryptogate.

182observers have concluded: Christopher Ketcham (27 Sep 2008), “An Israeli Trojan horse,” Counterpunch, http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse. James Bamford (3 Apr 2012), “Shady companies with ties to Israel wiretap the U.S. for the NSA,” Wired, http://www.wired.com/2012/04/shady-companies-nsa/all. Richard Sanders (Spring 2012), “Israeli spy companies: Verint and Narus,” Press for Conversion! 66, http://coat.ncf.ca/P4C/66/spy.pdf.

182Security has to come first: Back in the 1990s, the National Academies made the same recommendation: “Recommendation 1—No law should bar the manufacture, sale, or use of any form of encryption within the United States. Specifically, a legislative ban on the use of unescrowed encryption would raise both technical and legal or constitutional issues. Technically, many methods are available to circumvent such a ban; legally, constitutional issues, especially those related to free speech, would be almost certain to arise, issues that are not trivial to resolve. Recommendation 1 is made to reinforce this particular aspect of the Administration’s cryptography policy.” Kenneth W. Damm and Herbert S. Lin, eds. (1995), Cryptography’s Role in Securing the Information Society, National Academies Press, http://www.nap.edu/catalog.php?record_id=5131.

182law enforcement officials: Bruce Schneier (4 Oct 2014), “Stop the hysteria over Apple encryption,” CNN, http://edition.cnn.com/2014/10/03/opinion/schneier-apple-encryption-hysteria/index.html.

183exactly one involved kidnapping: Administrative Office of the US Courts (11 Jun 2014), “Table 3: Major offenses for which court-authorized intercepts were granted pursuant to 18 U.S.C. 2519 January 1 through December 31, 2013,” from Wiretap Report 2013, http://www.uscourts.gov/Statistics/WiretapReports/wiretap-report-2013.aspx.

183there’s no evidence that encryption: Andy Greenberg (2 Jul 2014), “Rising use of encryption foiled cops a record 9 times in 2013,” Wired, http://www.wired.com/2014/07/rising-use-of-encryption-foiled-the-cops-a-record-9-times-in-2013.

183They have the right and ability: Steven Bellovin et al. (6–7 Jun 2013), “Lawful hacking: Using existing vulnerabilities for wiretapping on the Internet,” Privacy Legal Scholars Conference, Berkeley, California, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107.

183the NSA eavesdropped on: Jacob Appelbaum et al. (23 Oct 2013), “Berlin complains: Did US tap Chancellor Merkel’s mobile phone?” Der Spiegel, http://www.spiegel.de/international/world/merkel-calls-obama-over-suspicions-us-tapped-her-mobile-phone-a-929642.html. Ian Traynor, Philip Oltermann, and Paul Lewis (23 Oct 2013), “Angela Merkel’s call to Obama: Are you bugging my mobile phone?” Guardian, http://www.theguardian.com/world/2013/oct/23/us-monitored-angela-merkel-german.

183the NSA spied on embassies: Ewan MacAskill and Julian Borger (30 Jun 2013), “New NSA leaks show how US is bugging its European allies,” Guardian, http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies. Glenn Greenwald (2014), No Place to Hide: Edward Snowden, the NSA and the US Surveillance State, Macmillan, http://glenngreenwald.net.

183the NSA spied on the UN: Laura Poitras, Marcel Rosenbach, and Holger Stark (26 Aug 2013), “Codename ‘Apalachee’: How America spies on Europe and the UN,” Der Spiegel, http://www.spiegel.de/international/world/secret-nsa-documents-show-how-the-us-spies-on-europe-and-the-un-a-918625.html.

184It’s actually stabilizing: Uncertainties between exploit and attack can lead to unwanted escalations. Herbert Lin (Fall 2012), “Escalation dynamics and conflict termination in cyberspace,” Strategic Studies Quarterly 6, http://www.au.af.mil/au/ssq/2012/fall/lin.pdf.

184The increasing militarization: Peter B. Kraska (Jan 2007), “Militarization and policing: Its relevance to 21st century police,” Policing 1, http://cjmasters.eku.edu/sites/cjmasters.eku.edu/files/21stmilitarization.pdf. John Paul and Michael L. Birzer (Mar 2008), “The militarization of the American police force: A critical assessment,” Critical Issues in Justice and Politics 1, http://www.suu.edu/hss/polscj/journal/V1N1.pdf#page=25. Abigail R. Hall and Christopher J. Coyne (Spring 2013), “The militarization of U.S. domestic policing,” Independent Review 17, http://www.independent.org/pdf/tir/tir_17_04_01_hall.pdf. Matthew Witt (Mar 2013), “Morewell than Orwell: Paramilitarization in the United States post-9/11,” Journal of 9/11 Studies 36, http://www.journalof911studies.com/resources/2013WittVol36Mar.pdf.

184that’s a topic for another book: This is a good one to start with. Radley Balko (2013), Rise of the Warrior Cop: The Militarization of America’s Police Forces, Public Affairs Press, http://books.google.com/books?id=M3KSMQEACAAJ.

184he would extend some: Barack Obama (17 Jan 2014), “Transcript of President Obama’s Jan. 17 speech on NSA reforms,” Washington Post, http://www.washingtonpost.com/politics/full-text-of-president-obamas-jan-17-speech-on-nsa-reforms/2014/01/17/fa33590a-7f8c-11e3-9556-4a4bf7bcbd84_story.html.

185when you’re being attacked in cyberspace: Scott Charney (30 Apr 2010), “Rethinking the cyber threat: A framework and path forward,” Microsoft Corporation, http://www.microsoft.com/en-us/download/details.aspx?id=747.

185the Internet doesn’t have borders: On the blurring between crimes and acts of war. Benjamin J. Priester (24 Aug 2007), “Who is a ‘terrorist’? Drawing the line between criminal defendants and military enemies,” Florida State University College of Law, Public Law Research Paper No. 264, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1009845.

185A “cybersiege” mentality is becoming: Far too many people use this emotionally charged term. Richard Behar (13 Oct 2008), “World Bank under cybersiege in ‘unprecedented crisis,’” FOX News, http://www.foxnews.com/story/2008/10/13/world-bank-under-cyber-siege-in-unprecedented-crisis. Scott Harkey (3 Jul 2012), “Our view: Arizona must rise to challenge of cybersiege,” East Valley Tribune, http://www.eastvalleytribune.com/opinion/article_fcfd880c-a421-11e0-a8e5-001cc4c002e0.html. Kaspersky Lab (2014), “Under cybersiege: What should America do?” Kaspersky Government Cybersecurity Forum, http://kasperskygovforum.com.

185These tend to be totalitarian: Here’s a proposal to institute a sort of “cyber draft” to conscript networks in the event of a cyberwar. Susan W. Brenner and Leo L. Clarke (Oct 2010), “Civilians in cyberwarfare: Conscripts,” Vanderbilt Journal of Trans-national Law 43, http://www.vanderbilt.edu/jotl/manage/wp-content/uploads/Brenner-_Final_1.pdf.

186The 1878 Posse Comitatus Act: RAND Corporation (20 Mar 2001), “Overview of the Posse Comitatus Act,” in Preparing the U.S. Army for Homeland Security, http://www.rand.org/content/dam/rand/pubs/monograph_reports/MR1251/MR1251.AppD.pdf. Charles Doyle and Jennifer K. Elsea (16 Aug 2012), “The Posse Comitatus Act and related matters: The use of the military to execute civilian law,” Congressional Research Service, http://www.fas.org/sgp/crs/natsec/R42659.pdf.

186In the US, that’s Cyber Command: Rhett A. Hernandez (Oct 2012), “U.S. Army Cyber Command: Cyberspace for America’s force of decisive action,” Army, http://connection.ebscohost.com/c/articles/82115370/u-s-army-cyber-command-cyberspace-americas-force-decisive-action.

186NSA’s defensive capabilities: In recent decades, the NSA has been doing more to provide data and communications security to US private companies. The companies need government help, but it needs to be much more public. Susan Landau (29 Sep 2014), “Under the radar: NSAs efforts to secure private-sector telecommunications infrastructure,” Journal of National Security Law and Policy, http://jnslp.com/2014/09/29/under-the-radar-nsas-efforts-to-secure-private-sector-telecommunications-infrastructure.

187The Computer Security Act of 1987: Robert A. Roe et al. (11 Jun 1987), “Computer Security Act of 1987: Report,” Committee on Science, Space, and Technology, US House of Representatives, https://beta.congress.gov/congressional-report/107th-congress/senate-report/239/1. Electronic Privacy Information Center (2014), “Computer Security Act of 1987,” http://epic.org/crypto/csa.

187They want an Internet that recognizes: Milton Mueller (21 Jun 2012), “Threat analysis of the WCIT part 4: The ITU and cybersecurity,” Internet Governance Project, http://www.internetgovernance.org/2012/06/21/threat-analysis-of-the-wcit-4-cybersecurity.

188Countries like Brazil: Brazil’s government even proposed a law mandating this, but then backed down. Esteban Israel and Anthony Boadle (28 Oct 2013), “Brazil to insist on local Internet data storage after U.S. spying,” Reuters, http://www.reuters.com/article/2013/10/28/net-us-brazil-internet-idUSBRE99R10Q20131028. Anthony Boadle (18 Mar 2014), “Brazil to drop local data storage rule in Internet bill,” Reuters, http://www.reuters.com/article/2014/03/19/us-brazil-internet-idUSBREA2I03O20140319.

188and Germany: Michael Birnbaum (1 Nov 2013), “Germany looks at keeping its Internet, e-mail traffic inside its borders,” Washington Post, http://www.washingtonpost.com/world/europe/germany-looks-at-keeping-its-internet-e-mail-traffic-inside-its-borders/2013/10/31/981104fe-424f-11e3-a751-f032898f2dbc_story.html.

188Russia passed a law in 2014: Charles Maynes (11 Jul 2014), “Russia tightens Internet screws with ‘server law,’” Deutsche Welle, http://www.dw.de/russia-tightens-internet-screws-with-server-law/a-17779072. Adrien Henni (12 Jul 2014), “New personal data storage rules to affect both foreign and domestic players—but still no “Chinese wall” surrounding Russia,” East-West Digital News, http://www.ewdn.com/2014/07/12/new-personal-data-storage-rules-to-affect-both-foreign-and-domestic-players-but-no-chinese-wall-surrounding-russia.

188We don’t perceive: Jacquelyn Burkell et al. (2 Jan 2014), “Facebook: Public space, or private space?” Information, Communication and Society, http://www.tandfonline.com/doi/abs/10.1080/1369118X.2013.870591.

189But because we didn’t bother: Even if we had, we would have found that the agreement was vague, and gave the company the right to do whatever it wanted . . . and to change the agreement at will without notice or consent.

189These laws don’t apply: Scott Lybarger (1999), “Conduit or forum? Regulatory metaphors for the Internet,” Free Speech Yearbook 37, http://www.tandfonline.com/doi/abs/10.1080/08997225.1999.10556239.

189things we say on Facebook: Noah D. Zatz (Fall 1998), “Sidewalks in cyberspace: Making space for public forums in the electronic environment,” Harvard Journal of Law & Technology 12, http://jolt.law.harvard.edu/articles/pdf/v12/12HarvJLTech149.pdf. Laura Stein (Jan 2008), “Speech without rights: The status of public space on the Internet,” Communication Review 11, http://www.tandfonline.com/doi/abs/10.1080/10714420801888385. Lyrissa Lidsky (Dec 2011), “Public forum 2.0,” Boston University Law Review 91, http://www.bu.edu/law/central/jd/organizations/journals/bulr/volume91n6/documents/LIDSKY.pdf.

14: Solutions for Corporations

191what sorts of inventions: It is much more likely that we will invent our way out of the ecological disaster that is climate change than conserve our way out of it. Bjørn Lomborg (2001), The Skeptical Environmentalist: Measuring the Real State of the World, Cambridge University Press, https://encrypted.google.com/books?id=JuLko8USApwC.

1911980 OECD Privacy Framework: Organization for Economic Cooperation and Development (2013), “The OECD privacy framework,” http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf.

191EU Data Protection Directive: European Parliament and Council of Europe (24 Oct 1995), “Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,” http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML. Neil Robinson et al. (2009), “Review of the European Data Protection Directive,” Report TR-710-ICO, Information Commissioner’s Office, RAND Corporation, http://ico.org.uk/~/media/documents/library/data_protection/detailed_specialist_guides/review_of_eu_dp_directive.ashx.

191American corporations: Karlin Lillington (14 May 2014), “Analysis: Google takes another hit with EU privacy rulings,” Irish Times, http://www.irishtimes.com/business/sectors/technology/analysis-google-takes-another-hit-with-eu-privacy-rulings-1.1793749. Price Waterhouse Coopers (Jul 2014), “EU data protection reforms: Challenges for businesses,” http://www.pwc.com/en_US/us/risk-assurance-services/publications/assets/pwc-eu-data-protection-reform.pdf.

191bringing that law up to date: European Commission (25 Jan 2012), “Commission proposes a comprehensive reform of the data protection rules,” http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm. European Commission (25 Jan 2012), “Why do we need an EU data protection reform?” http://ec.europa.eu/justice/data-protection/document/review2012/factsheets/1_en.pdf. European Commission (12 Mar 2014),”Progress on EU data protection now irreversible following European Parliament vote,” http://europa.eu/rapid/press-release_MEMO-14-186_en.htm.

192OECD Privacy Framework (1980): Organization for Economic Cooperation and Development (2013), “The OECD privacy framework,” http://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf.

193By raising the cost of privacy breaches: This is a good introduction to the economics of data privacy. Tyler Moore (2011), “Introducing the economics of cybersecurity: Principles and policy options,” in Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, National Academies Press, http://cs.brown.edu/courses/csci1800/sources/lec27/Moore.pdf.

193doing this in the US with healthcare data: Healthcare data breach violations, and accompanying fines, are common. Patrick J. O’Toole, Corey M. Dennis, and Douglas Levy (28 Mar 2014), “Best practices for avoiding data breach liability,” Michigan Lawyers Weekly, http://milawyersweekly.com/news/2014/03/28/commentary-best-practices-for-avoiding-data-breach-liability.

193it’s starting to happen here: Sasha Romanosky, David Hoffman, and Alessandro Acquisti (25–26 Jun 2012), “Empirical analysis of data breach litigation,” 11th Annual Workshop on the Economics of Information Security, Berlin, Germany, http://weis2012.econinfosec.org/papers/Romanosky_WEIS2012.pdf.

193Target is facing several lawsuits: Target Corporation is a defendant in multiple lawsuits stemming from its 2013 data breach. Alex Williams (23 Dec 2013), “Target may be liable for up to $3.6 billion for card data breach,” Tech Crunch, http://techcrunch.com/2013/12/23/target-may-be-liable-for-up-to-3-6-billion-from-credit-card-data-breach. Lance Duroni (3 Apr 2014), “JPML centralizes Target data breach suits in Minn.,” Law360, http://www.law360.com/articles/524968/jpml-centralizes-target-data-breach-suits-in-minn.

193banks are being sued: Brian Krebs (8 Jan 2014), “Firm bankrupted by cyberheist sues bank,” Krebs on Security, http://krebsonsecurity.com/2014/01/firm-bankrupted-by-cyberheist-sues-bank. Brian Krebs (20 Jun 2014), “Oil Co. wins $350,000 cyberheist settlement,” Krebs on Security, http://krebsonsecurity.com/2014/06/oil-co-wins-350000-cyberheist-settlement. Brian Krebs (13 Aug 2014), “Tenn. firm sues bank over $327K cyberheist,” Krebs on Security, http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist.

194These cases can be complicated: Here’s one proposal. Maurizio Naldi, Marta Flamini, and Giuseppe D’Acquisto (2013), “Liability for data breaches: A proposal for a revenue-based sanctioning approach,” in Network and System Security (Lecture Notes in Computer Science Volume 7873), Springer, http://link.springer.com/chapter/10.1007%2F978-3-642-38631-2_20.

194There’s a parallel with how: Much has been written about what privacy regulation can learn from environmental regulation. Dennis D. Hirsch (Fall 2006), “Protecting the inner environment: What privacy regulation can learn from environmental law,” Georgia Law Review 41, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1021623. Ira S. Rubinstein (2011), “Privacy and regulatory innovation: Moving beyond voluntary codes,” I/S, A Journal of Law and Policy for the Information Society 6, http://www.ftc.gov/sites/default/files/documents/public_comments/privacy-roundtables-comment-project-no.p095416-544506-00022/544506-00022.pdf.

194The US Code of Fair Information Practices: Willis H. Ware et al. (Jul 1973), “Records, computers and the rights of citizens: Report of the Secretary’s Advisory Committee on Automated Personal Data Systems,” DHEW Publication (OS) 73-94, US Department of Health, Education and Welfare, http://www.justice.gov/sites/default/files/opcl/docs/rec-com-rights.pdf.

195Making companies liable for breaches: There would need to be some exception for free and open-source software, and other instances where the user does not have any contractual relationship with the software vendor.

195The relevant term from economics: Giuseppe Dari-Matiacci and Nuno Garoupa (May 2009), “Least cost avoidance: The tragedy of common safety,” Journal of Law, Economics, and Organization 25, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=560062. Paul Rosenzweig (5 Nov 2013), “Cybersecurity and the least cost avoider,” Lawfare, http://www.lawfareblog.com/2013/11/cybersecurity-and-the-least-cost-avoider.

195personal information about you: The notion of ownership is actually very complicated. Ali M. Al-Khouri (Nov 2012), “Data ownership: Who owns ‘my data’?” International Journal of Management and Information Technology 2, http://www.id.gov.ae/assets/FNukwmhbQ4k.pdf.aspx. Jacob M. Victor (Nov 2013), “The EU General Data Protection Regulation: Toward a property regime for protecting data privacy,” Yale Law Journal 123, http://www.yalelawjournal.org/comment/the-eu-general-data-protection-regulation-toward-a-property-regime-for-protecting-data-privacy.

195They pay for this information: Jennifer Valentino-DeVries and Jeremy Singer-Vine (7 Dec 2012), “They know what you’re shopping for,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887324784404578143144132736214. Jeremy Singer-Vine (7 Dec 2012), “How Dataium watches you,” Wall Street Journal, http://s.wsj.com/digits/2012/12/07/how-dataium-watches-you.

196transparency trumps proprietary claims: Frank Pasquale (21 Apr 2009), “The troubling trend toward trade secret-protected ranking systems,” Chicago Intellectual Property Colloquium, Chicago, Illinois, http://www.chicagoip.com/pasquale.pdf.

196more algorithms can be made public: Ethan Zuckerman (5 Sep 2012), “TSA pre-check, fairness and opaque algorithms,” My Heart’s in Accra, http://www.ethanzuckerman.com/blog/2012/09/05/tsa-pre-check-fairness-and-opaque-algorithms.

196there are ways of auditing algorithms: Daniel Weitzner (29–30 Jan 2014), “The jurisprudence of accountability,” 2nd International Workshop on Accountability: Science, Technology and Policy, Cambridge, Massachusetts, http://dig.csail.mit.edu/2014/AccountableSystems2014/abs/weitzner-account-jurisprudence-abs.pdf. Ed Felten (19 Mar 2014), “Algorithms can be more accountable than people,” Freedom to Tinker, https://freedom-to-tinker.com/blog/felten/algorithms-can-be-more-accountable-than-people. Ed Felten (12 Sep 2012), “Accountable algorithms,” Freedom to Tinker, https://freedom-to-tinker.com/blog/felten/accountable-algorithms.

197There’s been a concerted: Examples include Microsoft Corporation and the World Economic Forum. Craig Mundie (Mar/Apr 2014), “Privacy pragmatism: Focus on data use, not data collection,” Foreign Affairs 93, http://www.foreignaffairs.com/articles/140741/craig-mundie/privacy-pragmatism. William Hoffman et al. (May 2014), “Rethinking personal data: A new lens for strengthening trust,” World Economic Forum, http://reports.weforum.org/rethinking-personal-data. William Hoffman et al. (May 2014), “Rethinking personal data: Trust and context in user-centred data ecosystems,” World Economic Forum, http://reports.weforum.org/rethinking-personal-data. William Hoffman et al. (May 2014), “Rethinking personal data: Trust and context in user-centred data ecosystems,” World Economic Forum, http://www3.weforum.org/docs/WEF_RethinkingPersonalData_TrustandContext_Report_2014.pdf. William H. Dutton et al. (May 2014), “The Internet trust bubble: Global values, beliefs and practices,” World Economic Forum, http://www3.weforum.org/docs/WEF_InternetTrustBubble_Report2_2014.pdf. Fred H. Cate, Peter Cullen, and Viktor Mayer-Schonberger (Mar 2014), “Data protection principles for the 21st century: Revising the 1980 OECD Guidelines,” Oxford Internet Institute, University of Oxford, http://www.oii.ox.ac.uk/publications/Data_Protection_Principles_for_the_21st_Century.pdf. President’s Council of Advisors on Science and Technology (May 2014), “Big data and privacy: A technology perspective,” http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-_may_2014.pdf.

197the privacy harms come from: Chris Jay Hoofnagle (2 Sep 2014), “The Potemkinism of privacy pragmatism,” Slate, http://www.slate.com/articles/technology/future_tense/2014/09/data_use_regulation_the_libertarian_push_behind_a_new_take_on_privacy.single.html.

198One intriguing idea has been: A. Michael Froomkin (23 Feb 2014), “Regulating mass surveillance as privacy pollution: Learning from environmental impact statements,” University of Miami, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2400736.

198The regulatory agencies: Julie Brill (2 Jun 2014), “Weaving a tapestry to protect privacy and competition in the age of Big Data,” European Data Protection Supervisor’s Workshop on Privacy, Consumer Protection and Competition in the Digital Age, Brussels, Belgium, http://www.ftc.gov/system/files/documents/public_statements/313311/140602edpsbrill2.pdf. Jules Polonetsky and Omer Tene (6 Dec 2012), “It’s not how much data you have, but how you use it: Assessing privacy in the context of consumer data integration,” Future of Privacy Forum, http://www.futureofprivacy.org/wp-content/uploads/FPF-White-Paper-Its-Not-How-Much-Data-You-Have-But-How-You-Use-It_FINAL.pdf.

198what the United States needs: European Union (9 Dec 2013), “National data protection authorities,” http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

199Other applications prefer having: Alon Halevy, Peter Norvig, and Fernando Pereira (Mar/Apr 2009), “The unreasonable effectiveness of data,” IEEE Intelligent Systems 24, https://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/35179.pdf.

199Twitter . . . is giving its data: Doug Gross (7 Jan 2013), “Library of Congress digs into 170 billion tweets,” CNN, http://www.cnn.com/2013/01/07/tech/social-media/library-congress-twitter.

200the German language: Martin Fowler (12 Dec 2013), “Datensparsamkeit,” http://martinfowler.com/bliki/Datensparsamkeit.html.

200The US is the only Western country: Of course, legal protections do not necessarily translate to actual protection. In 2011, the German government was found to be using a Trojan to spy on German citizens, in violation of its very strong data protection laws. As we’ve learned again and again, no law can secure us from a government that refuses to abide by it. Chaos Computer Club (8 Oct 2011), “Chaos Computer Club analyzes government malware,” http://ccc.de/en/updates/2011/staatstrojaner.

200We do have protections for certain: DLA Piper (7 Mar 2013), “Data protection laws of the world,” http://files.dlapiper.com/files/Uploads/Documents/Data_Protection_Laws_of_the_World_2013.pdf. Theodore J. Kobus III and Gonzalo S. Zeballos (19 Feb 2014), “2014 international compendium of data privacy laws,” Baker Hostetler, http://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/International-Compendium-of-Data-Privacy-Laws.pdf.

200Google has my lifelong search history: I can get at some of it if I have search history enabled. Dave Greenbaum (12 Jul 2014), “Google’s new account history page helps further control your privacy,” Life Hacker, http://lifehacker.com/googles-new-account-history-page-helps-further-control-1603125500.

200Medtronic maintains that data: Hugh Campos (19 Nov 2011), “Hugo Campos fights for the right to open his heart’s data,” TEDxCambridge, Cambridge, Massachusetts, http://tedxtalks.ted.com/video/TEDxCambridge-Hugo-Campos-fight.

200different types of data: Bruce Schneier (Jul/Aug 2010), “A taxonomy of social networking data,” IEEE Security & Privacy 8 (4), http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5523874.

201you could either make your Facebook: Blake Ross (13 Sep 2011), “Improved friend lists,” Facebook, https://www.facebook.com/notes/facebook/improved-friend-lists/10150278932602131.

201Tweets are either direct messages: Tony Bradley (13 Oct 2010), “Think your tweet is private? Think again,” PC World, http://www.pcworld.com/article/207710/think_your_twitter_dm_is_private_think_again.html.

201Instagram posts can be either: Leslie Meredith (15 Jan 2013), “Why you should make Instagram private before Saturday,” NBC News, http://www.nbcnews.com/tech/internet/why-you-should-make-instagram-private-saturday-f1B7987618.

201Pinterest pages have public: Serge Malenkovich (25 Jan 2013), “How to protect your privacy on Pinterest,” Kaspersky Lab Daily, http://.kaspersky.com/protect-your-privacy-on-pinterest.

201In 2014, a presidential review group: US Executive Office of the President (1 May 2014), “Big data: Seizing opportunities, preserving values,” http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf.

201Jaron Lanier proposes a scheme: Jaron Lanier (2013), Who Owns the Future? Simon and Schuster, http://books.google.com/books?id=w_LobtmRYmQC.

202US Consumer Privacy Bill of Rights: US Executive Office of the President (Feb 2012), “Consumer data privacy in a networked world: A framework for protecting privacy and promoting innovation in the global digital economy,” http://www.whitehouse.gov/sites/default/files/privacy-final.pdf.

202the EU is currently grappling with: European Commission (8 Jul 2014), “Factsheet on the ‘Right to be Forgotten’ ruling (C-131/12),” http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf.

202European Court of Justice ruled: Rory Cellan-Jones (13 May 2014), “EU court backs ‘right to be forgotten’ in Google case,” BBC News, http://www.bbc.com/news/world-europe-27388289. Court of Justice of the European Union (13 May 2014), “Judgment in Case C-131/12: Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González,” http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf.

202This caused a torrent of people: Jane Wakefield (15 May 2014), “Politician and pedophile ask Google to ‘be forgotten,’” BBC News, http://www.bbc.com/news/technology-27423527.

203this is an important right: Alessandro Mantelero (Jun 2013), “The EU Proposal for a General Data Protection Regulation and the roots of the ‘right to be forgotten,’” Computer Law and Security Review 29, http://www.sciencedirect.com/science/article/pii/S0267364913000654.

203What they’re consenting to: There have been lots of experiments to demonstrate this. Patricia A. Norberg, Daniel R. Horne, and David A. Horne (Summer 2007), “The privacy paradox: Personal information disclosure intentions versus behaviors,” Journal of Consumer Affairs 41, http://onlinelibrary.wiley.com/doi/10.1111/j.1745-6606.2006.00070.x/abstract. Leslie K. John, Alessandro Acquisti, and George Loewenstein (6 Jul 2009), “The best of strangers: Context-dependent willingness to divulge personal information,” Social Sciences Research Network, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1430482. Susan Waters and James Ackerman (Oct 2011), “Exploring privacy management on Facebook: Motivations and perceived consequences of voluntary disclosure,” Journal of Computer-Mediated Communication 17, http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2011.01559.x/full. Fred Stutzman, Ralph Gross, and Alessandro Acquisti (Apr 2013), “Silent listeners: The evolution of privacy and disclosure on Facebook,” Journal of Privacy and Confidentiality 4, https://www.cylab.cmu.edu/news_events/news/2013/acquisti-7-year-study-facebook-privacy.html.

204systems we use are deliberately: It turns out that it’s surprisingly easy to manipulate people into ignoring their privacy concerns. Idris Adjerid et al. (22 Mar 2013), “Sleights of privacy: Framing, disclosures, and the limits of transparency,” SOUPS ’13: Proceedings of the Ninth Symposium on Usable Privacy and Security, http://www.heinz.cmu.edu/~acquisti/papers/acquisti-sleights-privacy.pdf.

204Companies will be less inclined: Sara M. Watson (29 Apr 2014), “If customers knew how you use their data, would they call it creepy?” HBR Blog Network, http://s.hbr.org/2014/04/if-customers-knew-how-you-use-their-data-would-they-call-it-creepy.

204And users will be less likely: Chris Jay Hoofnagle and Jan Whittington (28 Feb 2014), “Free: Accounting for the costs of the Internet’s most popular price,” UCLA Law Review 61, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2235962.

204Notice, choice, and consent: Kirsten Martin (2 Dec 2013), “Transaction costs, privacy, and trust: The laudable goals and ultimate failure of notice and choice to respect privacy online,” First Monday 18, http://firstmonday.org/ojs/index.php/fm/article/view/4838/3802.

205We need information fiduciaries: Near as I can tell, this idea has been independently proposed by two law professors. Jerry Kang et al. (Mar 2012), “Self-surveillance privacy,” Iowa Law Review 97, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1729332. Jack M. Balkin (5 Mar 2014), “Information fiduciaries in the digital age,” Balkinization, http://balkin.blogspot.co.uk/2014/03/information-fiduciaries-in-digital-age.html.

205comparable to investment advisors: Jonathan Zittrain (1 Jun 2014), “Facebook could decide an election without anyone ever finding out,” New Republic, http://www.newrepublic.com/article/117878/information-fiduciary-solution-facebook-digital-gerrymandering.

205Dan Geer proposed that Internet: Dan Geer (9 Oct 2013), “Tradeoffs in cyber security,” http://geer.tinho.net/geer.uncc.9×13.txt.

206Surveillance became the business model: The inventor of the pop-up ad has apologized. Ethan Zuckerman (14 Aug 2014), “The Internet’s own original sin,” Atlantic, http://www.theatlantic.com/technology/archive/2014/08/advertising-is-the-internets-original-sin/376041.

206a lot of research on building privacy: Ann Cavoukian (Jan 2011), “Privacy by Design: The 7 foundational principles,” Privacy by Design, http://www.privacybydesign.ca/content/uploads/2009/08/7foundationalprinciples.pdf. US Federal Trade Commission (Mar 2012), “Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers,” http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf.

206Companies like Google and Facebook: Ingrid Lunden (30 Sep 2013), “Digital ads will be 22% of all U.S. ad spend in 2013, mobile ads 3.7%; total global ad spend in 2013 $503B,” Tech Crunch, http://techcrunch.com/2013/09/30/digital-ads-will-be-22-of-all-u-s-ad-spend-in-2013-mobile-ads-3-7-total-gobal-ad-spend-in-2013-503b-says-zenithoptimedia. Marketing Charts (23 Dec 2013), “Data dive: US TV ad spend and influence (Updated—Q3 2013 data),” http://www.marketingcharts.com/wp/television/data-dive-us-tv-ad-spend-and-influence-22524.

206Journalist James Kunstler calls this: James Kunstler (21 Oct 2005), “The psychology of previous investment,” Raise the Hammer, http://www.raisethehammer.org/article/181.

207Some fought in court: Charlie Savage (14 May 2014), “Phone company pushed back against NSA’s data collection, court papers show,” New York Times, http://www.nytimes.com/2014/05/15/us/politics/phone-company-pushed-back-against-nsas-data-collection-court-papers-show.html. Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data bind,” New York Times, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html.

207Many computer companies: Ewen MacAskill (9 Sep 2013), “Yahoo files lawsuit against NSA over user data requests,” Guardian, http://www.theguardian.com/world/2013/sep/09/yahoo-lawsuit-nsa-surveillance-requests. Mike Masnick (27 Jan 2014), “Feds reach settlement with Internet companies allowing them to report not nearly enough details on surveillance efforts,” Tech Dirt, https://www.techdirt.com/articles/20140127/17253826014/feds-reach-settlement-with-internet-companies-allowing-them-to-report-not-nearly-enough-details-surveillance-efforts.shtml. Spencer Ackerman (3 Feb 2014), “Microsoft, Facebook, Google and Yahoo release US surveillance requests,” Guardian, http://www.theguardian.com/world/2014/feb/03/microsoft-facebook-google-yahoo-fisa-surveillance-requests.

207Google says it turned over: Google (2014), “Transparency report,” https://www.google.com/transparencyreport/userdatarequests/US.

207starting with CREDO Mobile: Brian Fung (9 Jan 2014), “The first phone company to publish a transparency report isn’t AT&T or Verizon,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2014/01/09/the-first-phone-company-to-publish-a-transparency-report-isnt-att-or-verizon.

207Verizon, for example, reports: Verizon (22 Jan 2014), “Verizon transparency report,” http://transparency.verizon.com/us-data.

207every three months Verizon: Glenn Greenwald (5 Jun 2013), “NSA collecting phone records of millions of Verizon customers daily,” Guardian, http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order.

208Apple announced that it would inform: Craig Timberg (1 May 2014), “Apple, Facebook, others defy authorities, notify users of secret data demands,” Washington Post, http://www.washingtonpost.com/business/technology/apple-facebook-others-defy-authorities-increasingly-notify-users-of-secret-data-demands-after-snowden-revelations/2014/05/01/b41539c6-cfd1-11e3-b812-0c92213941f4_story.html.

208Microsoft and Google have teamed: Jacob Siegal (30 Aug 2013), “Microsoft, Google team up to sue federal government over NSA spying,” BGR, http://bgr.com/2013/08/30/microsoft-google-nsa-lawsuit.

208Yahoo is doing the same: Ewan MacAskill (9 Sep 2013), “Yahoo files lawsuit against NSA over user data requests,” Guardian, http://www.theguardian.com/world/2013/sep/09/yahoo-lawsuit-nsa-surveillance-requests. Kevin Collier (15 Jul 2013), “Yahoo wins court order to release records of its fight against PRISM,” Daily Dot, http://www.dailydot.com/news/yahoo-prism-court-win-fisa-declassified. Craig Timberg (11 Sep 2014), “U.S. threatened massive fine to force Yahoo to release data,” Washington Post, http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html.

208companies are employing “warrant canaries”: Cyrus Farivar (5 Nov 2013), “Apple takes strong privacy stance in new report, publishes rare ‘warrant canary,’” Ars Technica, http://arstechnica.com/tech-policy/2013/11/apple-takes-strong-privacy-stance-in-new-report-publishes-rare-warrant-canary.

208valiant and clever effort: In fact, Apple’s canary disappeared in the report following the one where it debuted. No one is sure what it means. Jeff John Roberts (18 Sep 2014), “Apple’s ‘warrant canary’ disappears, suggesting new Patriot Act demands,” Gigaom, https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands.

208many companies are stepping up: The Electronic Frontier Foundation is keeping a scorecard. Nate Cardozo, Parker Higgins, and Kurt Opsahl (13 Mar 2014), “Update: Encrypt the Web report: Who’s doing what,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what.

208After Google learned that the NSA: Sean Gallagher (6 Nov 2013), “Googlers say “F*** you” to NSA, company encrypts internal network,” Ars Technica, http://arstechnica.com/information-technology/2013/11/googlers-say-f-you-to-nsa-company-encrypts-internal-network.

208After Yahoo learned that the NSA: Barton Gellman and Ashkan Soltani (14 Oct 2013), “NSA collects millions of e-mail address books globally,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html.

208both Yahoo: Andrea Peterson, Barton Gellman, and Ashkan Soltani (14 Oct 2013), “Yahoo to make SSL encryption the default for Webmail users. Finally,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2013/10/14/yahoo-to-make-ssl-encryption-the-default-for-webmail-users-finally.

208and Microsoft: Craig Timberg, Barton Gellman, and Ashkan Soltani (26 Nov 2013), “Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic,” Washington Post, http://www.washingtonpost.com/business/technology/microsoft-suspecting-nsa-spying-to-ramp-up-efforts-to-encrypt-its-internet-traffic/2013/11/26/44236b48-56a9-11e3-8304-caf30787c0a9_story.html.

208Several large e-mail providers: Some examples. Danny Yadron (3 Jun 2014), “Comcast to encrypt email for security,” Wall Street Journal, http://online.wsj.com/articles/comcast-to-encrypt-email-for-security-1401841512. Mikey Campbell (13 Jun 2014), “Apple will soon encrypt iCloud emails in transit between service providers,” Apple Insider, http://appleinsider.com/articles/14/06/13/apple-will-soon-encrypt-icloud-emails-in-transit-between-service-providers-.

208Other companies are doing more: Nate Cardozo, Parker Higgins, and Kurt Opsahl (13 Mar 2014), “Update: Encrypt the web report: Who’s doing what,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what. Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data bind,” New York Times, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html.

208Both iPhones and Android phones: In late 2014, Apple modified its system so everything is encrypted. Android phones had encryption capability since 2011, but Google made it the default in 2014 to match Apple. David E. Sanger and Brian X. Chen (26 Sep 2014), “Signaling post-Snowden era, new iPhone locks out NSA,” New York Times, http://www.nytimes.com/2014/09/27/technology/iphone-locks-out-the-nsa-signaling-a-post-snowden-era-.html. Craig Timberg (18 Sep 2014), “Newest Androids will join iPhones in offering default encryption, blocking police,” Washington Post, http://www.washingtonpost.com/s/the-switch/wp/2014/09/18/newest-androids-will-join-iphones-in-offering-default-encryption-blocking-police.

208Google is now offering: Google (3 Jun 2014), “Transparency report: Protecting emails as they travel across the web,” Google Official Blog, http://googleblog.blogspot.com/2014/06/transparency-report-protecting-emails.html.

208Yahoo secretly fought the NSA: Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data bind,” New York Times, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html. Craig Timberg (11 Sep 2014), “U.S. threatened massive fine to force Yahoo to release data,” Washington Post, http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html.

208Twitter unsuccessfully fought: Kim Zetter (28 Aug 2012), “Twitter fights back to protect ‘Occupy Wall Street’ protester,” Wired, http://www.wired.com/2012/08/twitter-appeals-occupy-order. Tiffany Kary (14 Sep 2012), “Twitter turns over Wall Street protester posts under seal,” Bloomberg News, http://www.bloomberg.com/news/2012-09-14/twitter-turns-over-wall-street-protester-posts-under-seal.html.

209Facebook is fighting a court order: Vindu Goel and James C. McKinley Jr. (26 Jun 2014), “Forced to hand over data, Facebook files appeal,” New York Times, http://www.nytimes.com/2014/06/27/technology/facebook-battles-manhattan-da-over-warrants-for-user-data.html.

209none of the big e-mail providers: Amicus curiae briefs were filed by three nonprofit organizations: EFF, ACLU, and Empeopled LLC. Electronic Frontier Foundation (24 Oct 2013), “Brief of amicus curiae,” United States of America v. Under Seal 1; Under Seal 2 [Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth Circuit, https://www.eff.org/document/lavabit-amicus. American Civil Liberties Union (25 Oct 2013), “Brief of amicus curiae,” United States of America v. Under Seal 1; Under Seal 2 [Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth Circuit, https://www.aclu.org/sites/default/files/assets/stamped_lavabit_amicus.pdf. Empeopled LLC (24 Oct 2013), “Brief of amicus curiae,” United States of America v. Under Seal 1; Under Seal 2 [Lavabit], Case Nos. 13-4625, 13-4626, United States Court of Appeals for the Fourth Circuit, http://justsecurity.org/wp-content/uploads/2013/10/empeopled-lavabit-amicus.pdf.

209On four occasions in the early 2000s: Rebecca MacKinnon (2006), “‘Race to the bottom’: Corporate complicity in Chinese Internet censorship,” Human Rights Watch, http://www.hrw.org/reports/2006/china0806/5.htm.

209lobbying for legislative restrictions: Thomas Lee (25 May 2014), “Mind your business: Slow flex of tech’s lobbying muscle,” San Francisco Chronicle, http://www.sfgate.com/technology/article/Mind-Your-Business-Slow-flex-of-tech-s-lobbying-5504172.php. Joseph Menn (5 Jun 2014), “U.S. technology companies beef up security to thwart mass spying,” Reuters, http://www.reuters.com/article/2014/06/05/us-cybersecurity-tech-idUSKBN0EG2BN20140605. Reform Government Surveillance (2014), https://www.reformgovernmentsurveillance.com.

209The EU has been trying to pass: Zack Whittaker (4 Feb 2013), “Privacy groups call on US government to stop lobbying against EU data law changes,” ZDNet, http://www.zdnet.com/privacy-groups-call-on-us-government-to-stop-lobbying-against-eu-data-law-changes-7000010721. James Fontanella-Khan (26 Jun 2013), “Brussels: Astroturfing takes root,” Financial Times, http://www.ft.com/cms/s/0/74271926-dd9f-11e2-a756-00144feab7de.html. David Meyer (12 Mar 2014), “Web firms face a strict new set of privacy rules in Europe: Here’s what to expect,” Gigaom, http://gigaom.com/2014/03/12/web-firms-face-a-strict-new-set-of-privacy-rules-in-europe-heres-what-to-expect.

210a new Magna Carta: Tim Berners-Lee (Dec 2010), “Long live the Web,” Scientific American, http://www.cs.virginia.edu/~robins/Long_Live_the_Web.pdf.

210that imposes responsibilities: Jemima Kiss (11 Mar 2014), “An online Magna Carta: Berners-Lee calls for bill of rights for web,” Guardian, http://www.theguardian.com/technology/2014/mar/12/online-magna-carta-berners-lee-web.

210the prevailing political philosophy: Thomas Hobbes (1651), Leviathan, Printed for Andrew Crooke, http://www.gutenberg.org/files/3207/3207-h/3207-h.htm.

210John Locke argued: John Locke (1690), Two Treatises of Government, Printed for Awnsham Churchill, http://books.google.com/books/?id=LqA4nQEACAAJ.

211Madrid Privacy Declaration (2009): The Public Voice (3 Nov 2009), “The Madrid Privacy Declaration,” International Conference of Data Protection and Privacy Commissioners, Madrid, Spain, http://privacyconference2011.org/htmls/adoptedResolutions/2009_Madrid/2009_M1.2.pdf.

212Rebecca MacKinnon makes this point: Rebecca MacKinnon (2012), Consent of the Networked: The Worldwide Struggle for Internet Freedom, Basic Books, http://www.owlasylum.net/owl_underground/social/ConsentoftheNetworked.pdf.

15: Solutions for the Rest of Us

214Law professor Eben Moglen wrote: Eben Moglen (27 May 2014), “Privacy under attack: The NSA files revealed new threats to democracy,” Guardian, http://www.theguardian.com/technology/2014/may/27/-sp-privacy-under-attack-nsa-files-revealed-new-threats-democracy.

214I’m going to break them down: Sociologist Gary Marx cataloged 11 different ways people resist surveillance; I’m going to be drawing on his taxonomy in this section. Gary T. Marx (May 2003), “A tack in the shoe: Neutralizing and resisting the new surveillance,” Journal of Social Issues 59, http://web.mit.edu/gtmarx/www/tack.html.

215Privacy enhancing technologies: R. Jason Cronk (25 Nov 2013), “Thoughts on the term ‘privacy enhancing technologies,’” Privacy Maverick, http://privacymaverick.com/2013/11/25/thoughts-on-the-term-privacy-enhancing-technologies.

215Privacy Badger: Jon Brodkin (2 May 2014), “EFF ‘Privacy Badger’ plugin aimed at forcing websites to stop tracking users,” Ars Technica, http://arstechnica.com/information-technology/2014/05/eff-privacy-badger-plugin-aimed-at-forcing-websites-to-stop-tracking-users.

215and others: Electronic Privacy Information Center (2014), “EPIC online guide to practical privacy tools,” http://epic.org/privacy/tools.html.

215Remember that the private browsing: Sara M. Watson (24 Sep 2014), “Ask the Decoder: How private is private browsing, really?” Al Jazeera, http://america.aljazeera.com/articles/2014/9/24/private-browsing.html.

215Microsoft’s BitLocker: Microsoft Corporation (21 Aug 2013), “BitLocker overview,” http://technet.microsoft.com/en-us/library/hh831713.aspx.

215Apple’s FileVault: Apple Corporation (Aug 2012), “Best practices for deploying FileVault 2,” http://training.apple.com/pdf/WP_FileVault2.pdf.

215I recommended TrueCrypt: James Lyne (29 May 2014), “Open source crypto TrueCrypt disappears with suspicious cloud of mystery,” Forbes, http://www.forbes.com/sites/jameslyne/2014/05/29/open-source-crypto-truecrypt-disappears-with-suspicious-cloud-of-mystery.

215a chat encryption program: Nikita Borisov, Ian Goldberg, and Eric Brewer (28 Oct 2004), “Off-the-record communication, or, Why not to use PGP,” ACM Workshop on Privacy in the Electronic Society (WPES’04), Washington, D.C., https://otr.cypherpunks.ca/otr-wpes.pdf.

215Google is now offering encrypted e-mail: Stephan Somogyi (3 Jun 2014), “Making end-to-end encryption easier to use,” Google Online Security Blog, http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html.

215TLS—formerly SSL—is a protocol: Tim Dierks and Eric Rescorla (17 Apr 2014), “The Transport Layer Security (TLS) Protocol Version 1.3,” Internet Engineering Task Force Trust, Network Working Group, http://tools.ietf.org/html/draft-ietf-tls-rfc5246-bis-00.

215You can make sure it’s always on: Electronic Frontier Foundation (2014), “HTTPS Everywhere,” https://www.eff.org/Https-everywhere.

215go on the Internet to find out: Here’s a good guide. Electronic Privacy Information Center (2014), “EPIC online guide to practical privacy tools,” http://epic.org/privacy/tools.html.

216very annoying to use: Peter Bright and Dan Goodin (14 Jun 2013), “Encrypted e-mail: How much annoyance will you tolerate to keep the NSA away?” Ars Technica, http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away.

216The standards bodies that run the Internet: Here’s the Internet Engineering Task Force’s statement on security and pervasive monitoring. Jari Arkko and Stephen Farrell (7 Sep 2014), “Security and pervasive monitoring,” Internet Engineering Task Force, https://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring.

216various proxies can be used: Mirimir (2014), “Advanced privacy and anonymity using VMs, VPN’s, Tor, etc,” IVPN, https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-1.

216The program Onionshare: Andy Greenberg (21 May 2014), “Free app lets the next Snowden send big files securely and anonymously,” Wired, http://www.wired.com/2014/05/onionshare.

217cell phones in a refrigerator: Most modern refrigerators are not metal boxes, and don’t make good Faraday cages. Check the details of your model before trying this yourself.

217hire someone to walk behind your car: John Farrier (16 Apr 2014), “What is a job that exists only in your country?” Neatorama, http://www.neatorama.com/2014/04/16/What-Is-a-Job-That-Exists-Only-in-Your-Country.

217face paint to fool facial recognition: Robinson Meyer (24 Jul 2014), “Anti-surveillance camouflage for your face,” Atlantic, http://www.theatlantic.com/features/archive/2014/07/makeup/374929. Joseph Cox (14 Sep 2014), “The rise of the anti-facial recognition movement,” Kernel, http://kernelmag.dailydot.com/issue-sections/features-issue-sections/10247/anti-facial-recognition-movement.

217special clothing to confuse drones: Adam Harvey (2013), “Stealth wear,” AH Projects, http://ahprojects.com/projects/stealth-wear.

217there are lots of tricks: A good list of techniques is here. Finn Brunton and Helen Nissenbaum (2 May 2011), “Vernacular resistance to data collection and analysis: A political theory of obfuscation,” First Monday 15, http://firstmonday.org/article/view/3493/2955.

217puts rocks in his shoes: That trick also appears in Robert A. Heinlein’s Double Star. Robert A. Heinlein (1956), Double Star, Doubleday, http://books.google.com/books?id=bnoGAQAAIAAJ.

218your kids do it all the time: danah boyd et al. (7 Nov 2011), “Why parents help their children lie to Facebook about age: Unintended consequences of the ‘Children’s Online Privacy Protection Act,’” First Monday 16, http://firstmonday.org/ojs/index.php/fm/article/view/3850/3075.

218that was socially awkward: Overcoming this awkwardness is important. There’s a story where a customer refused to give Comcast a reason why he was disconnecting. At first, it seems rude. But when you think about it, Comcast is not entitled to this information. Xeni Jardin (14 Jul 2014), “Listen to Comcast torture Ryan Block and Veronica Belmont as they try to cancel service,” Boing Boing, http://boingboing.net/2014/07/14/listen-to-comcast-torture-ryan.html.

219You’ll find your own sweet spot: Julia Angwin wrote an excellent account of her year-long quest to evade surveillance in the Internet age. Julia Angwin (2014), Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, Times Books, http://books.google.com/books?id=bbS6AQAAQBAJ.

219Geopolitical conflicts aren’t going away: Stewart Baker makes this point. Stewart A. Baker (29 Oct 2013), “Potential amendments to the Foreign Intelligence Surveillance Act,” Testimony before the Permanent Select Committee on Intelligence of the United States House of Representatives, http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Baker10292013.pdf.

220NSA director General Keith Alexander said: David E. Sanger (13 Aug 2013), “NSA leaks make plan for cyberdefense unlikely,” New York Times, http://www.nytimes.com/2013/08/13/us/nsa-leaks-make-plan-for-cyberdefense-unlikely.html.

220You’re going to be affected: DLA Piper (7 Mar 2013), “Data protection laws of the world,” DLA Piper, http://files.dlapiper.com/files/Uploads/Documents/Data_Protection_Laws_of_the_World_2013.pdf.

221because Microsoft is a US company: In 2014, Microsoft unsuccessfully challenged a US demand for data stored solely in Ireland. The court demanded that the company turn it over to the US government. The decision is currently stayed while it is being appealed. Joseph Ax (31 Jul 2014), “U.S. judge orders Microsoft to submit customer’s emails from abroad,” Reuters, http://www.reuters.com/article/2014/07/31/usa-tech-warrants-idUSL2N0Q61WN20140731.

221The UK wants similar access: Guardian (19 Sep 2014), “Former UK ambassador to the United States given data-access role,” Guardian, http://www.theguardian.com/technology/2014/sep/19/sir-nigel-shienwald-data-access-role-david-cameron.

221Apple’s business model protects: Rich Mogull (25 Jun 2014), “Why Apple really cares about your privacy,” Macworld, http://www.macworld.com/article/2366921/why-apple-really-cares-about-your-privacy.html. Charles Arthur (18 Sep 2014), “Apple’s Tim Cook attacks Google and Facebook over privacy flaws,” Guardian, http://www.theguardian.com/technology/2014/sep/18/apple-tim-cook-google-facebook-privacy-surveillance.

221Do you trust a company: European countries allow for far more permissive government access than the US does. Cyrus Farivar (13 Oct 2013), “Europe won’t save you: Why e-mail is probably safer in the US,” Ars Technica, http://arstechnica.com/tech-policy/2013/10/europe-wont-save-you-why-e-mail-is-probably-safer-in-the-us.

222European Court of Justice struck down: James Kanter (8 Apr 2014), “European court rejects data retention rules, citing privacy,” New York Times, http://www.nytimes.com/2014/04/09/business/international/european-court-rejects-data-retention-rules-citing-privacy.html.

222the UK government rushed through: David Meyer (17 Jul 2014), “The UK’s ‘emergency’ DRIP surveillance law is now a done deal,” Gigaom, http://gigaom.com/2014/07/17/the-uks-emergency-drip-surveillance-law-is-now-a-done-deal.

222It was an ugly political railroad job: Ray Corrigan (11 Jul 2014), “Mass surveillance and scared politicians,” B2fxxx, http://b2fxxx.blogspot.com/2014/07/mass-surveillance-and-scared-politicians.html.

223sites that identify surveillance cameras: No CCTV, http://www.no-cctv.org.uk/camera_locations/default.asp. The CCTV Treasure Hunt, http://cctvtreasurehunt.wordpress.com. NYC Surveillance Camera Project, http://www.mediaeater.com/cameras.

224South Korean teachers objecting: Christian (24 Jun 2004), “After the Saturday large demonstration against NEIS South Korean government shows how it understand the democracy,” Jinbo, http://act.jinbo.net/drupal/node/5819. Seoyong Kim and Sunhee Kim (Oct 2004), “The conflict over the use of information technology in South Korean schools,” Innovation 17, http://ajou.ac.kr/~seoyong/paper/Seoyong%20Kim-2004-The%20Conflict%20Over%20the%20Use%20of%20Information%20Technology.pdf.

224German consumers opposing: IBM Corporation (16 Dec 2004), “METRO Group’s Future Store takes German public by storm—thanks to wireless technology,” ftp://ftp.software.ibm.com/software/solutions/pdfs/10704035_Metro_cs_1b.pdf. Kim Zetter (28 Feb 2004), “Germans protest radio-ID plans,” Wired, http://archive.wired.com/techbiz/media/news/2004/02/62472. Jan Libbenga (1 Mar 2004), “German revolt against RFID,” Register, http://www.theregister.co.uk/2004/03/01/german_revolt_against_rfid.

224Facebook users objecting: K. C. Jones (17 Feb 2009), “Facebook’s terms of use draw protest,” Information Week, http://www.informationweek.com/software/social/facebooks-terms-of-use-draw-protest/d/d-id/1076697. Bobbie Johnson and Afua Hirsch (18 Feb 2009), “Facebook backtracks after online privacy protest,” Guardian, http://www.theguardian.com/technology/2009/feb/19/facebook-personal-data.

224US airline travelers objecting to: Ashley Halsey III and Derek Kravitz (25 Nov 2010), “Protests of TSA airport pat-downs, body scanners don’t delay Thanksgiving travel,” Washington Post, http://www.washingtonpost.com/wp-dyn/content/article/2010/11/24/AR2010112406989.html. Jason Keyser (25 Oct 2012), “TSA quietly removing some full body scanners,” Associated Press, http://bigstory.ap.org/article/government-replaces-body-scanners-some-airports-0.

224It’s how worldwide change happens: It’s the idea of incremental change, or muddling through. Charles E. Lindblom (Spring 1959), “The science of ‘muddling through,’” Public Administration Review 19, http://www.jstor.org/stable/973677.

16: Social Norms and the Big Data Trade-off

227No one in Congress read it: Paul Blumenthal (2 Mar 2009), “Congress had no time to read the USA PATRIOT Act,” Sunlight Foundation, http://sunlightfoundation.com/blog/2009/03/02/congress-had-no-time-to-read-the-usa-patriot-act.

227almost everyone in the country: Leonie Huddy and Stanley Feldman (Sep 2011), “Americans respond politically to 9/11: Understanding the impact of the terrorist attacks and their aftermath,” American Psychologist 66, http://www.ncbi.nlm.nih.gov/pubmed/21823777.

227tried to improve the messaging: Tim Dawson (9 Jun 2014), “More like the Stasi than James Bond,” National Union of Journalists, http://www.nuj.org.uk/news/more-like-the-stasi-than-james-bond.

227if listeners are scared of terrorists: Joseph H. Campos III (7 Sep 2013), “Memory and remembrance: The diffusion of fear, horror and terror into control and legitimacy,” At the Interface, Mansfield College, Oxford, UK, http://www.inter-disciplinary.net/at-the-interface/wp-content/uploads/2013/07/camposfhtpaper.pdf.

228more congressional oversight: Jack Goldsmith (9 Aug 2013), “Reflections on NSA oversight, and a prediction that NSA authorities (and oversight, and transparency) will expand,” Lawfare, http://www.lawfareblog.com/2013/08/reflections-on-nsa-oversight-and-a-prediction-that-nsa-authorities-and-oversight-and-transparency-will-expand.

228Fear trumps privacy: Donna G. Bair-Mundy (Aug 2009), “Of terrorists, tyrants, and social turmoil: A competing-fears theoretical model for the evolution of law relating to telecommunication privacy vis-a-vis law enforcement surveillance in America,” University of Hawai’i at Manoa, http://books.google.com/books?id=8LveYgEACAAJ. Samuel Best et al. (Dec 2012), “Al Qaeda versus Big Brother: Anxiety about government monitoring and support for domestic counterterrorism policies,” Political Behavior 34, http://link.springer.com/article/10.1007%2Fs11109-011-9177-6. Keven G. Ruby (2012), Society, State, and Fear: Managing National Security at the Boundary between Complacency and Panic, University of Chicago Press, http://books.google.com/books?id=UPILnwEACAAJ.

228If strong enough, it trumps all: Dawn Rothe and Stephen L. Muzzatti (Nov 2004), “Enemies everywhere: Terrorism, moral panic, and U.S. civil society,” Critical Criminology 12, http://www.researchgate.net/publication/227209259_Enemies_Everywhere_Terrorism_Moral_Panic_and_US_Civil_Society/file/32bfe50d3c7fe0d03b.pdf. David Rothkopf (6 Aug 2013), “The real risks,” Foreign Policy, http://www.foreignpolicy.com/articles/2013/08/06/the_real_risks_war_on_terror.

228they believe they have to do: It’s CYA security. Bruce Schneier (22 Feb 2007), “Why smart cops do dumb things,” Wired, http://archive.wired.com/politics/security/commentary/securitymatters/2007/02/72774.

228Keeping the fear stoked: Leaked NSA talking points specifically reference 9/11: “I much prefer to be here today explaining these programs, than explaining another 9/11 event that we were not able to prevent.” Jason Leopold (30 Oct 2013), “Revealed: NSA pushed 9/11 as key ‘sound bite’ to justify surveillance,” Al Jazeera, http://america.aljazeera.com/articles/2013/10/30/revealed-nsa-pushed911askeysoundbitetojustifysurveillance.html.

228Clay Shirky has noted: Clay Shirky (14 Mar 2010), Remarks at South by Southwest (SXSW), Austin, TX, quoted in Kevin Kelly (2 Apr 2010), “The Shirky principle,” Kevin Kelly, http://kk.org/thetechnium/2010/04/the-shirky-prin.

228And then the laws will change: Stewart Baker (24 Feb 2014), Remarks at 2014 Executive Security Action Forum Annual Meeting, RSA Conference, San Francisco, California.

228Jack Goldsmith again: Jack Goldsmith (9 Aug 2013), “Reflections on NSA oversight, and a prediction that NSA authorities (and oversight, and transparency) will expand,” Lawfare, http://www.lawfareblog.com/2013/08/reflections-on-nsa-oversight-and-a-prediction-that-nsa-authorities-and-oversight-and-transparency-will-expand.

229we need to take risks: I think the people of North Korea and Cuba are safe from terrorist attacks, but at what price?

229It’s not just politicians: Bruce Schneier (17 May 2007), “Virginia Tech lesson: Rare risks breed irrational responses,” Wired, http://archive.wired.com/politics/security/commentary/securitymatters/2007/05/securitymatters_0517

229We also need to counter the notion: The phrase is much older, from a Supreme Court decision. “The choice is not between order and liberty. It is between liberty with order and anarchy without either. There is danger that, if the Court does not temper its doctrinaire logic with a little practical wisdom, it will convert the constitutional Bill of Rights into a suicide pact.” US Supreme Court (16 May 1949), Opinion, Terminiello v. Chicago, http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=us&vol=337&invol=1.

229a sentiment based in fear: Linda Greenhouse (22 Sep 2002), “Suicide pact,” New York Times, http://www.nytimes.com/2002/09/22/weekinreview/the-nation-suicide-pact.html.

229What it says is something like this: There’s even a book with the title. Richard A. Posner (2006), Not a Suicide Pact: The Constitution in a Time of National Emergency, Oxford University Press, http://books.google.com/books?id=hP6PAAAAMAAJ.

229massacre in Norway: Richard Orange (14 Apr 2012), “‘Answer hatred with love’: How Norway tried to cope with the horror of Anders Breivik,” Guardian, http://www.theguardian.com/world/2012/apr/15/anders-breivik-norway-copes-horror. Balazs Koranyi and Victoria Klesty (26 Apr 2012), “Tens of thousands protest at Norway Breivik trial,” Reuters, http://in.reuters.com/article/2012/04/26/norway-breivik-protest-idINDEE83P0B720120426. Tim Cushing (26 Jul 2012), “One year after the Breivik massacre, Norway continues to fight terrorism with democracy, openness and love,” Tech Dirt, https://www.techdirt.com/articles/20120724/20363519819/one-year-after-breivik-massacre-norway-continues-to-fight-terrorism-with-democracy-openness-love.shtml.

230Indomitability is the correct response: Bruce Schneier (7 Jan 2012), “Our reaction is the real security failure,” AOL News, https://www.schneier.com/essays/archives/2010/01/our_reaction_is_the.html.

230There’s hope for the US: John Mueller and Mark G. Stewart (2011), Terror, Security, and Money: Balancing the Risks, Benefits, and Costs of Homeland Security, Oxford University Press, chap. 9, http://books.google.com/books?id=l1IrmjCdguYC&pg=PA172.

230it’s well past time to move beyond fear: I even wrote a book with that title. Bruce Schneier (2003), Beyond Fear: Thinking Sensibly about Security in an Uncertain World, Wiley, http://books.google.com/books/about/?id=wuNImmQufGsC.

230shift in Americans’ perceptions: Nate Silver (10 Jul 2013), “Public opinion shifts on security-liberty balance,” Fivethirtyeight, New York Times, http://fivethirtyeight.blogs.nytimes.com/2013/07/10/public-opinion-shifts-on-security-liberty-balance.

230Our personal definitions of privacy: New York University law professor Helen Nissenbaum argues that privacy can only be properly understood in terms of context and expectations. Helen Nissenbaum (Fall 2011), “A contextual approach to privacy online,” Daedalus 11, http://www.amacad.org/publications/daedalus/11_fall_nissenbaum.pdf. Alexis C. Madrigal (29 Mar 2012), “The philosopher whose fingerprints are all over the FTC’s new approach to privacy,” Atlantic, http://www.theatlantic.com/technology/print/2012/03/the-philosopher-whose-fingerprints-are-all-over-the-ftcs-new-approach-to-privacy/254365.

230They’re different in the US: This means there will always be some regional differences in the Internet, although its international nature necessitates more homogeneity.

230Lawyers look up potential jurors: Sarah Grider Cronan and Neal F. Bailen (5 Apr 2007), “‘Should I Google the jury?’ and other ethical considerations,” Section of Litigation, American Bar Association, http://apps.americanbar.org/litigation/committees/products/articles/0407_cronan.html.

230people look up each other: Samantha Henig (Mar 2013), “Why you should stop Googling your dates,” Glamour, http://www.glamour.com/sex-love-life/2013/03/why-you-should-stop-googling-your-dates. This video shows how creepy this sort of thing can get. Mario Contreras (29 May 2014), “Meet in a public place,” Vimeo, http://vimeo.com/96870066.

230Google stalking: Andrea Bartz and Brenna Ehrlich (7 Dec 2011), “The dos and don’ts of Googling people,” CNN, http://www.cnn.com/2011/12/07/tech/social-media/netiquette-google-stalking.

231Julian Assange’s old OKCupid: Joe Coscarelli (12 Dec 2010), “Does Julian Assange have a profile on OKCupid?” Village Voice, http://s.villagevoice.com/runninscared/2010/12/does_julian_ass.php.

231Revenge porn . . . is an extreme example: Economist (5 Jun 2014), “Misery merchants,” Economist, http://www.economist.com/news/international/21606307-how-should-online-publication-explicit-images-without-their-subjects-consent-be.

231Mug shot extortion sites: David Kravets (15 Jul 2013), “Mugshot-removal sites accused of extortion,” Wired, http://www.wired.com/2013/07/mugshot-removal-extortion. David Segal (6 Oct 2013), “Mugged by a mug shot online,” New York Times, http://www.nytimes.com/2013/10/06/business/mugged-by-a-mug-shot-online.html.

231This is essentially the point of: David Brin (1998), The Transparent Society: Will Technology Force Us to Choose between Privacy and Freedom? Basic Books, http://www.davidbrin.com/transparentsociety1.html.

231Clay Shirky pointed out: Emily Nussbaum (12 Feb 2007), “Say everything,” New York Magazine, http://nymag.com/news/features/27341.

231grow up with more surveillance: Jessy Irwin (7 Oct 2014), “Grooming students for a lifetime of surveillance,” Model View Culture, http://modelviewculture.com/pieces/grooming-students-for-a-lifetime-of-surveillance.

231schools with ID checks: Some schools are requiring students to wear electronic badges: the same technology that farmers use with livestock. Associated Press (11 Oct 2010), “Houston-area schools tracking students with radio frequency badges,” Dallas Morning News, http://www.dallasnews.com/news/education/headlines/20101011-Houston-area-schools-tracking-students-with-6953.ece.

232Privacy is recognized as a fundamental right: United Nations (10 Dec 1948), “The Universal Declaration of Human Rights,” http://www.un.org/en/documents/udhr.

232European Convention on Human Rights: The convention was revised in 2010. European Court of Human Rights (1 Jun 2010), “European Convention of Human Rights,” Council of Europe, http://www.echr.coe.int/documents/convention_eng.pdf.

232It’s in the US Constitution: Doug Linder (2014), “Exploring constitutional conflicts: The right of privacy,” University of Missouri, Kansas City, http://law2.umkc.edu/faculty/projects/ftrials/conlaw/rightofprivacy.html.

232It’s part of the 2000 Charter: European Union (18 Dec 2000), “Charter of Fundamental Rights of the European Union,” http://ec.europa.eu/justice/fundamental-rights/charter/index_en.htm.

232the UN General Assembly approved: The document reaffirms “the human right to privacy, according to which no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, and the right to the protection of the law against such interference, and recognizing that the exercise of the right to privacy is important for the realization of the right to freedom of expression and to hold opinions without interference, and is one of the foundations of a democratic society.” United Nations General Assembly (21 Jan 2014), “Resolution adopted by the General Assembly on 18 December 2013, 68/167, The right to privacy in the digital age,” http://www.un.org/ga/search/view_doc.asp?symbol=A/RES/68/167.

232Charter of Fundamental Rights: The charter was declared in 2000, but didn’t have full force of law until it was ratified as part of the Treaty of Lisbon in 2009. European Union (18 Dec 2000), “Charter of Fundamental Rights of the European Union,” http://ec.europa.eu/justice/fundamental-rights/charter/index_en.htm.

233privacy is not something to be traded: Benjamin Franklin said, “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”

234There’s an opportunity for real change: Marcia Stepanek (8 Aug 2013), “The Snowden effect: An opportunity?” Stanford Social Innovation Review, http://www.ssireview.org/blog/entry/the_snowden_effect_an_opportunity.

234Rahm Emanuel said: Gerald F. Seib (21 Nov 2008), “In crisis, opportunity for Obama,” Wall Street Journal, http://online.wsj.com/news/articles/SB122721278056345271.

235group interest against self-interest: Bruce Schneier (2012), Liars and Outliers: Enabling the Trust That Society Needs to Thrive, Wiley, http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118143302.html.

236humanity will benefit: Charles Safran et al. (Jan/Feb 2007), “Toward a national framework for the secondary use of health data: An American Medical Informatics Association white paper,” Journal of the American Medical Informatics Association 14, https://www.sciencedirect.com/science/article/pii/S106750270600212X. Peter B. Jensen, Lars J. Jensen, and Søren Brunak (Jun 2012), “Mining electronic health records: Towards better research applications and clinical care,” Nature Reviews: Genetics 13, http://www.dartmouth.edu/~cbbc/courses/bio270/PDFs-13S/Tim_Byounggug.pdf.

236analyzes the study habits: Reynol Junco (2014), Engaging Students through Social Media: Evidence Based Practices for Use in Student Affairs, Wiley/Jossey-Bass, http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118647459.html.

236OKCupid has been experimenting: Christian Rudder (28 Jul 2014), “We experiment on human beings!” OK Trends, http://.okcupid.com/index.php/we-experiment-on-human-beings. Christian Rudder (4 Sep 2014), “When websites peek into private lives,” Wall Street Journal, http://online.wsj.com/articles/when-websites-peek-into-private-lives-1409851575.

236it’s hard to justify: Mark Weinstein (2 Sep 2014), “OKCupid, that’s OKStupid,” Huffington Post, http://www.huffingtonpost.com/mark-weinstein/okcupid-thats-okstupid_b_5739812.html.

236value in our collective data: US Executive Office of the President (2013), “Digital government: Building a 21st century platform to better serve the American people,” http://www.whitehouse.gov/sites/default/files/omb/egov/digital-government/digital-government.html. Microsoft Corporation (27 Mar 2013), “State and local governments adopt Microsoft Dynamics CRM to improve citizen service delivery,” Microsoft News Center, http://www.microsoft.com/en-us/news/press/2013/mar13/03-27dynamicscrmpr.aspx.

237we need to get involved: The UK’s GCHQ explicitly fears this debate. One of the Snowden documents repeatedly talks about avoiding a “damaging public debate” about the extent of surveillance. James Ball (25 Oct 2013), “Leaked memos reveal GCHQ efforts to keep mass surveillance secret,” Guardian, http://www.theguardian.com/uk-news/2013/oct/25/leaked-memos-gchq-mass-surveillance-secret-snowden.

237I often turn to a statement: It is actually his paraphrase of an older statement by the abolitionist Theodore Parker, from 1853: “I do not pretend to understand the moral universe, the arc is a long one, my eye reaches but little ways. I cannot calculate the curve and complete the figure by experience of sight; I can divine it by conscience. But from what I see I am sure it bends towards justice.” garson (15 Nov 2012), “The arc of the moral universe is long but it bends toward justice,” Quote Investigator, http://quoteinvestigator.com/2012/11/15/arc-of-universe.

up to Data and Goliath

Sidebar photo of Bruce Schneier by Joe MacInnis.