automobile insurance, usage-based pricing of, 112
automobiles, black box recorders in, 14
autonomy, right to, 318
Awad, Nihad, 103
backdoors, 86, 120–21, 123, 147–48, 169, 182, 314
Baker, Stewart, 23
banks, data mining by, 137
base rate fallacy, 323–24
Bates, John, 172, 337
behavior:
anomalous, 39
data mining and, 38–40
Benkler, Yochai, 99, 341–42
Bentham, Jeremy, 32, 97
Beria, Lavrentiy, 92
Bermuda, NSA recording of all phone conversations in, 36
Berners-Lee, Tim, 210
Bill of Rights, 210
Bing, paid search results on, 113
Binney, Bill, 250, 274, 305
biometric data, 16, 211
BitLocker, 148, 215
Blue Coat, 82
Bluetooth IDs, 29
BND (German Intelligence), 77
BNP Paribas, 35–36
Booz Allen Hamilton, 80
Boston, Mass., 104
Boston Marathon bombings, 136, 138, 139
boyd, danah, 126, 178
Brazil, 188
Breivik, Anders, 229
Bremmer, Ian, 151
Brightest Flashlight Free, 46–47
Brin, David, 231
Broadwell, Paula, 42
browsers, 226
blocking cookies with, 49
Bryan, Leigh Van, 93
BT, 79
BULLRUN, 85
Bull SA, 81
Bureau of Alcohol, Tobacco, and Firearms, 69
Bush, George H. W., 230
Bush, George W., 230
business models, surveillance-based, 50, 56, 113–14, 206
Buzzfeed, 28–29
cable companies, surveillance by, 47–48
CALEA (Communications Assistance for Law Enforcement Act; 1994), 83, 120, 165
need for repeal of, 182
Callahan, Mary Ellen, 162–63
Cameron, David, 222, 228
Canada, in international intelligence partnerships, 76
Caproni, Valerie, 83
Carnegie Mellon University, 41
Carter, Jimmy, 230
cash registers, as computers, 14
cell phone metadata:
NSA collection of, 20–21, 36, 37, 62, 138, 339
Stanford University experiment on, 21–22
cell phones:
GPS-enabled, 3, 14
multiple functions of, 46
NSA’s remote activation of, 30
as surveillance devices, 1–3, 14, 28, 39, 46–47, 62, 100, 216–17, 219, 339
wiretapping of, 148
censorship, 94–95, 106–7, 187–88
self-, 95, 96
Census Bureau, US, 197
Central Intelligence Agency (CIA), 67
in domestic surveillance operations, 104
Senate Intelligence Committee hacked by, 102
Chambers, John, 122
Charter of Fundamental Rights of the European Union, 232, 364
chat services, 13, 83, 119, 226
government surveillance of, 29, 62, 81
checks and balances:
oversight and, 175
secrecy and, 100
Chicago Police Department, 160
China:
censorship in, 94, 95, 150–51, 187, 237
cyberattacks from, 42, 73, 132, 142, 148, 149, 180
50 Cent Party in, 114
mass surveillance by, 70, 86, 140, 209
Uighur terrorists in, 219, 287
ChoicePoint, 79, 116
Christie, Chris, 102
Church committee, 176
Cisco, 85, 122
Clapper, James, 129, 130, 336
Clinton, Hillary, 101, 106
Clinton administration, 120
Clipper Chip, 120–21
cloud computing, 5, 59, 60
consumer rights and, 60, 221
government surveillance and, 122
incriminating materials and, 59, 272
CNET, 125
Cobham, 3, 244
Code of Fair Information Practices (1973), 194
Code Pink, 104
Cohen, Jared, 4
COINTELPRO, 103
Cold War, 63, 71, 75, 207, 229
“collect,” NSA’s use of term, 129
Comcast, 358
as information middleman, 57
surveillance by, 48–49
commons, as lacking on Internet, 188–89
communication:
computers as devices for, 13–14
ephemeral vs. recorded, 127–29
Communications Assistance for Law Enforcement Act see CALEA
Communications Security Establishment Canada (CSEC), 40–41
Communists, Communism, 92–93
fall of, 63
complexity, as enemy of security, 141
Comprehensive National Cybersecurity Initiative, 69
computers, computing:
cash registers as, 14
as communication devices, 13–14
cost of, 24
data as by-product of, 3–4, 5, 13–19
increasing power of, 35
smartphones as, 14
see also electronic devices
Computer Security Act (1987), 187
COMSEC (communications security), 164–65
Congress, US, 237
NSA oversight by, 172–76
privacy laws and, 198–99
secrecy and, 100
“connect-the-dots” metaphor, 136, 139, 322
consent, as lacking in mass surveillance, 5, 20, 51
Consent of the Networked (MacKinnon), 210, 212
Constitution, US:
Bill of Rights of, 210
First Amendment of, 189
Fourth Amendment of, 67, 156, 170
warrant process and, 92, 179, 184
Consumer Privacy Bill of Rights (proposed), 201, 202
consumer rights:
cloud computing and, 30
data collection and, 192–93, 200–203, 211
convenience, surveillance exchanged for, 4, 49, 51, 58–59, 60–61
cookies, 47–48, 49
correlation of, 49
correlation, of data sets, 40–45, 49, 133, 263–64
Counterintelligence Field Activity, 69, 104
counterterrorism:
excessive secrecy in, 171
as FBI mission, 184, 186
fear and, 222, 226, 227–30
mass surveillance as ineffective tool in, 137–40, 228
as NSA mission, 63, 65–66, 184, 222
NSA’s claimed successes in, 325
Creative Cloud, 60
credit bureaus, as data brokers, 52
credit card companies, data collected by, 14, 23–24
credit card fraud, 116, 313
data mining and, 136–37
credit cards, RFID chips on, 29
credit scores, 112–13, 159, 196
Credit Suisse, 35–36
CREDO Mobile, 207
Cryptocat, 215
cryptography, see encryption
cultural change:
systemic imperfection and, 163–64
transparency and, 161
Customer Relations Management (CRM), 51–52
customer scores, 110–11
Cyber Command, US, 75, 146, 180–81, 186, 187
cybercrime, increasing scale of, 116–19, 142
cyber sovereignty, 187–88
cyberwarfare, 74–75, 81, 132, 220
arms race in, 180–81
attack vs. defense in, 140–43
collateral damage from, 150–51
military role in, 185–86
NIST’s proposed defensive role in, 186–87
see also Cyber Command, US
Dalai Lama, 72
Daniel, Jon, 101<
br />
data:
analysis of, see data mining
as by-product of computing, 3–4, 5, 13–19
historical, 35–37
increasing amount of, 18–19
see also metadata
data broker industry, 2, 5, 41, 48, 51–53, 79, 234
correction of errors in, 269
customer scores in, 110–11
lack of consent in, 5, 51
data collection, 234
accountability and, 193, 196, 197–99
benefits of, 8, 190
fiduciary responsibility and, 204–5
government regulation and, 197–99
harms from, 8
health and, 16
limits on, 191, 192, 199–200, 202, 206
NSA definition of, 129, 320
opt-in vs. opt-out consent in, 198
respect for context in, 201
rights of individuals in, 192–93, 200–203, 211, 232
salience of, 203–4
security safeguards in, 192, 193–95, 202, 211
from social networking sites, 200–201
specification of purpose in, 192
see also mass surveillance
Dataium, 195–96
data mining, 33–45
adversarial relationships and, 138–39
algorithmic-based, 129–31, 136–37, 159, 196
anonymity and, 42–45
correlation of data sets in, 40–45, 49, 133
credit card fraud and, 136–37
of historical data, 35–37
inferences from, see inferences, from data mining
limits on uses of, 191, 192, 195–97, 206
personalized advertising and, 33, 35, 38
political campaigns and, 33, 54
quality assurance and, 34, 54, 136–37, 192, 194, 202
relationship mapping in, 37–38
security threats and, 136–40
tax fraud and, 137
data storage:
capacity for, 18–19
cloud-based, 5, 59
limits on, 191, 199–200, 206
low cost of, 5, 18, 24, 144, 206
“save everything” model of, 34
Datensparsamkeit, 200
de-anonymizing, by correlation of data sets, 43–44, 263–64
Declaration of the Rights of Man and of the Citizen, 210
Defense Department, US:
Counterintelligence Field Activity of, 69, 104
Cyber Command of, 75
domestic surveillance by, 69, 184
Defentek, 3
delete, right to, 201–2
democracy:
government surveillance and, 6, 95, 97–99, 161–62, 172–73
whistleblowers as essential to, 178
demographic information, data brokers and, 52
denial-of-service attacks, 75
Department of Homeland Security, US, 27, 162–63, 295–96
deportation, discrimination and, 93
DigiNotar, hacking of, 71–72
direct marketing, 52
discrimination:
corporate surveillance and, 109–13
government surveillance and, 4, 6, 93, 103–4
in pricing, 109–10
DNA sequencing, 16
de-anonymizing of, 44
DNS injection, 150–51
Doctorow, Cory, 217
“Do Not Track” debate, 80
Do Not Track law, California, 233
DoNotTrackMe, 49
“Don’t Ask Don’t Tell” policy, 197
DoubleClick, 48
Drake, Thomas, 101
Dread Pirate Roberts (Ross Ulbricht), 105
drone helicopters, 25, 29
micro-, 253
drone strikes, mass surveillance and, 94
Drug Enforcement Administration (DEA), 104, 105
Dubai, 27, 43
DuckDuckGo, 124
due process, 168, 184
Duffy, Tim, 227
East Germany, 23
eBay, 57–58
Economist, 91
EDGEHILL, 85
education, collection of data and, 8
Eisenhower, Dwight D., 230
Elbit Systems, 81
Elcomsoft, 150
electronic devices, vendor control of, 59–60
Ello, 124
Ellsberg, Daniel, 101
e-mail, 119, 226
local vs. cloud storage of, 31
Emanuel, Rahm, 234
encryption, 85–86, 224, 344
backdoors and, 86, 120–21, 123, 147–48, 169, 182, 314
business competitiveness and, 119–24
increased corporate use of, 208, 224
individual use of, 215
key length in, 143
NIST and, 186–87
NSA and, 144, 186
NSA undermining of standards for, 148–49
secrecy and, 171
value of, 143–44
Engel, Tobias, 3
Environmental Protection Agency (EPA), pollution regulation by, 194–95
ephemerality, of communication, 127–29
Epsilon, 41
Equifax, 53
error rates, in data mining, 34, 54, 136–37, 269
espionage, 63, 73, 74, 76, 158
surveillance vs., 170, 183–84
Espionage Act (1917), 101
Estonia, cyberattacks on, 75, 132
Ethiopia, 73
European Charter, 169
European Court of Justice, 202, 222
European Parliament, 76
European Union (EU), 195, 200, 202, 226, 238
Charter of Fundamental Rights of, 232, 364
Data Protection Directive of, 19, 79, 80, 159, 191, 209
data retention rules in, 222
Exact Data, 42
executive branch:
abuses of power by, 234–35
secrecy of, 100, 170
Executive Order 12333, 65, 173
Facebook, 58, 59, 93, 198
customer scores and, 111
data collection by, 19, 31, 41, 123, 200, 201, 204
as information middleman, 57
manipulation of posts on, 115
paid placements on, 114
real name policy of, 49
Facebook, surveillance by:
data-based inferences of, 34, 258
Like button and, 48
relationship mapping by, 37–38
tagged photo database of, 41
face recognition, automatic, 27, 29, 31, 41, 211
fair information practices, 194, 211
fair lending laws, 196
false positives, 137, 138, 140, 323–24
Farrell, Henry, 60
FASCIA, 3
fatalism, mass surveillance and, 224–25
fear:
government surveillance and, 4, 7, 95–97, 135, 156–57, 182–83, 222, 226, 227–30
media and, 229
politicians and, 222, 228
privacy trumped by, 228
social norms and, 227–30
Federal Bureau of Investigation (FBI):
CALEA and, 83, 120
COINTELPRO program of, 103
cost to business of surveillance by, 121–22
counterterrorism as mission of, 184, 186
data mining by, 42
GPS tracking by, 26, 95
historical data stored by, 36
illegal spying by, 175
IMSI-catchers used by, 165
legitimate surveillance by, 184
Muslim Americans surveilled by, 103
PATRIOT Act and, 173–74
phone company databases demanded by, 27, 67
surveillance of all communications as goal of, 83
warrantless surveillance by, 67–68, 209
wiretapping by, 24, 27, 83, 171
Federal Communications Commission (FCC), 198
Federal Trade Commission, US (FTC), 46–47, 53, 117, 198
<
br /> Feinstein, Diane, 172
Ferguson, Mo., 160
fiduciary responsibility, data collection and, 204–5
50 Cent Party, 114
FileVault, 215
filter bubble, 114–15
FinFisher, 81
First Unitarian Church of Los Angeles, 91
FISA (Foreign Intelligence Surveillance Act; 1978), 273
FISA Amendments Act (2008), 171, 273, 275–76
Section 702 of, 65–66, 173, 174–75, 261
FISA Court, 122, 171
NSA misrepresentations to, 172, 337
secret warrants of, 174, 175–76, 177
transparency needed in, 177
fishing expeditions, 92, 93
Fitbit, 16, 112
Five Eyes, 76
Flame, 72
FlashBlock, 49
flash cookies, 49
Ford Motor Company, GPS data collected by, 29
Foreign Intelligence Surveillance Act (FISA; 1978), 273
see also FISA Amendments Act
Forrester Research, 122
Fortinet, 82
Fox-IT, 72
France, government surveillance in, 79
France Télécom, 79
free association, government surveillance and, 2, 39, 96
freedom, see liberty
Freeh, Louis, 314
free services:
overvaluing of, 50
surveillance exchanged for, 4, 49–51, 58–59, 60–61, 226, 235
free speech:
as constitutional right, 189, 344
government surveillance and, 6, 94–95, 96, 97–99
Internet and, 189
frequent flyer miles, 219
Froomkin, Michael, 198
FTC, see Federal Trade Commission, US
fusion centers, 69, 104
gag orders, 100, 122
Gamma Group, 81
Gandy, Oscar, 111
Gates, Bill, 128
gay rights, 97
GCHQ, see Government Communications Headquarters
Geer, Dan, 205
genetic data, 36
geofencing, 39–40
geopolitical conflicts, and need for surveillance, 219–20
Georgia, Republic of, cyberattacks on, 75
Germany:
Internet control and, 188
NSA surveillance of, 76, 77, 122–23, 151, 160–61, 183, 184
surveillance of citizens by, 350
US relations with, 151, 234
Ghafoor, Asim, 103
GhostNet, 72
Gill, Faisal, 103
Gmail, 31, 38, 50, 58, 219
context-sensitive advertising in, 129–30, 142–43
encryption of, 215, 216
government surveillance of, 62, 83, 148
GoldenShores Technologies, 46–47
Goldsmith, Jack, 165, 228
Google, 15, 27, 44, 48, 54, 221, 235, 272
customer loyalty to, 58
data mining by, 38
data storage capacity of, 18
government demands for data from, 208
impermissible search ad policy of, 55
increased encryption by, 208
as information middleman, 57
linked data sets of, 50
NSA hacking of, 85, 208
PageRank algorithm of, 196
Data and Goliath Page 49