Data and Goliath
Page 51
expanding role of, 24, 165
FISA Amendments Act and, 174–75, 273
foreign eavesdropping (SIGINT) by, 62–63, 76, 77, 122–23, 164–65, 186, 220
Germany surveilled by, 76, 77, 122–23, 151, 160–61, 183, 184
Gmail user data collected by, 62
historical data stored by, 36
history of, 62–63
inadequate internal auditing of, 303
innocent people surveilled by, 66–67
insecure Internet deliberately fostered by, 146–50, 182
international partnerships of, 76–77
Internet surveillance by, 22, 62, 64–65, 78, 86–87, 122–23, 149–50, 188, 207
keyword searches by, 38, 261
legal authority for, 65–66
location data used by, 3, 339
Multiprogram Research Facility of, 144
Muslim Americans surveilled by, 103
parallel construction and, 105, 305
Presidential Policy Directives of, 99–100
PRISM program of, 78, 84–85, 121, 208
proposed breakup of, 186–87
QUANTUM program of, 149–50, 329–30
relationship mapping by, 37–38
remote activation of cell phones by, 30
secrecy of, 99–100, 121, 122
SIGINT Enabling Project of, 147–49
Snowden leaks and, see Snowden, Edward
SOMALGET program of, 65
Syria’s Internet infrastructure penetrated by, 74, 150
Tailored Access Operations (TAO) group of, 72, 85, 144, 149, 187
UN communications surveilled by, 102, 183
National Security Agency, US (NSA) (continued)
Unitarian Church lawsuit against, 91
US citizens surveilled by, 64, 66, 175
US global standing undermined by, 151
Utah Data Center of, 18, 36
vulnerabilities stockpiled by, 146–47
National Security Letters (NSLs), 67, 84, 100, 207–8
Naval Criminal Investigative Service, 69
Naval Research Laboratory, US, 158
Nest, 15–16
Netcom, 116
Netflix, 43
Netsweeper, 82
New Digital Age, The (Schmidt and Cohen), 4
newsgroups, 119
New York City Police Department, 103–4
New York State, license plate scanning data stored by, 36
New York Times, Chinese cyberattack on, 73, 132, 142
New Zealand, in international intelligence partnerships, 76
Nigeria, 81
9/11 Commission Report, 139, 176
Nineteen Eighty-Four (Orwell), 59, 225
NinthDecimal, 39–40
NIST, see National Institute of Standards and Technology
Nixon, Richard, 230
NOBUS (nobody but us) vulnerabilities, 147, 181
Nokia, 81
nondisclosure agreements, 100
North, Oliver, 127–28
Norway, 2011 massacre in, 229–30
NSA, see National Security Agency, US
Oak Ridge, Tenn., 144
Obama, Barack, 33, 175
NSA review group appointed by, 176–77, 181
Obama administration:
Internet freedom and, 107
NSA and, 122
whistleblowers prosecuted by, 100–101, 179
obfuscation, 217–18
Occupy movement, 104
Ochoa, Higinio (w0rmer), 42–43
OECD Privacy Framework, 191–92, 197
Office of Foreign Assets Control, 36
Office of Personnel Management, US, 73
Off the Record, 83, 215
Olympics (2014), 70, 77
Onionshare, 216
openness, see transparency
opt-in vs. opt-out consent, 198
Orange, 79
Orbitz, 111
Organized Crime Drug Enforcement Task Forces, 69
Orwell, George, 59, 225
oversight, of corporate surveillance, see mass surveillance, corporate, solutions for, government regulation in
oversight, of government surveillance, 161–63, 169, 172–78
Oyster cards, 40, 262
packet injection, 149–50
PageRank algorithm, 196
Palmer Raids, 234
Panetta, Leon, 133
panopticon, 32, 97, 227
panoptic sort, 111
parallel construction, 105, 305
Pariser, Eli, 114–15
Parker, Theodore, 365
PATRIOT Act, see USA PATRIOT Act
pen registers, 27
Peoria, Ill., 101
personalized advertising, see advertising, personalized
personally identifying information (PII), 45
Petraeus, David, 42
Petrobras, 73
Pew Research Center, 96
PGP encryption, 215, 216
photographs, digital, data embedded in, 14–15, 42–43
Pirate Party, Iceland, 333
Placecast, 39
police, see law enforcement, state and local
police states, as risk-averse, 229
political action, 7, 213, 222–24, 237–38
political campaigns:
data mining and, 33, 54
personalized marketing in, 54, 115–16, 233
political discourse, government surveillance and, 97–99
politics, politicians:
and fear of blame, 222, 228
technology undermined by, 213
Posse Comitatus Act (1878), 186
Postal Service, US, Isolation Control and Tracking program of, 29
Presidential Policy Directives, 99–100
prices, discrimination in, 109–10
PRISM, 78, 84–85, 121, 208
privacy, 125–33
algorithmic surveillance and, 129–31, 204
as basic human need, 7, 126–27
breaches of, 116–18, 192, 193–95
as fundamental right, 67, 92, 126, 201, 232, 238, 318, 333, 363–64
of healthcare data, 193
Internet and, 203–4, 230–31
loss of, 4, 7, 50–51, 96, 126
and loss of ephemerality, 127–29
“nothing to hide” fallacy and, 125
and proposed Consumer Privacy Bill of Rights, 201, 202
security and, 155–57
social norms and, 227, 230–33
third-party doctrine and, 67–68, 180
as trumped by fear, 228
undervaluing of, 7–8, 50, 156, 194, 203–4
Privacy and Civil Liberties Oversight Board, 176, 177
privacy enhancing technologies (PETs), 215–16, 217
Privacy Impact Notices, 198, 211
probable cause, 184
Protect America Act (2007), 275
public-private partnership, see mass surveillance, public-private partnership in
Qualcomm, 122
QUANTUM packet injection program, 149–50, 329–30
radar, high-frequency, 30
“ratters,” 117
Reagan, Ronald, 230
redlining, 109
Red October, 72
Regulation of Investigatory Powers Act (UK; 2000), 175
relationships, mapping of, 37–38
remote access Trojans (RATs), 117
resilience, systemic imperfections and, 163–64
retailers, data collected by, 14, 24, 51–52
revenge porn, 231
RFID chips, 29, 211
Richelieu, Cardinal, 92
rights, of consumers, see consumer rights
risk, police states as averse to, 229
risk management, 141–42
Robbins, Blake, 104
robotics, 54–55
Rogers, Michael, 75
Roosevelt, Franklin D., 229, 230
Rousseff, Dilma, 151
RSA Security, 73, 84
rule of law, 210, 212
Russia:
cyberwarfare and, 180
mandatory registration of bloggers in, 95
mass surveillance by, 70, 187, 188, 237
salience, 203–4
San Diego Police Department, 160
Sarkozy, Nicolas, 96
Saudi Arabia, 76, 187, 209
Saudi Aramco, 75
Schmidt, Eric, 4, 22, 57, 86, 125
schools, surveillance abuse in, 104
Schrems, Max, 19, 200
search engines, business model of, 113–14, 206
secrecy:
corporate surveillance and, 194
of government surveillance, 99–101, 121, 122, 170–71
legitimate, transparency vs., 332–33
security, 135–51
airplane, 93, 158
attack vs. defense in, 140–43
balance between civil liberties and, 135
complexity as enemy of, 141
cost of, 142
data mining as unsuitable tool for, 136–40
and deliberate insecurity of Internet, 146–50
encryption and, see encryption
fear and, 4, 7, 95–97, 135, 156–57, 171, 182–83, 222, 226, 227–30
hindsight and, 136
mass surveillance as harmful to, 7, 146–50
and misguided focus on spectacular events, 135
narrative fallacy in, 136
privacy and, 155–57
random vs. targeted attacks and, 142–43
risk management and, 141–42
social norms and, 227
surveillance and, 157–59
vulnerabilities and, 145–46
security cameras, see surveillance technology
self-censorship, 95
Senate, US, Intelligence Committee of, 102, 172, 339
Sensenbrenner, Jim, 174
Sense Networks, 2, 40
September 11, 2001, terrorist attacks, 63, 65, 136, 156, 169, 184, 207, 227, 229
SHAMROCK, 175
Shirky, Clay, 228, 231
Shutterfly, 269
Siemens, 81
SIGINT (signals intelligence), see National Security Agency, US, foreign eavesdropping by
SIGINT Enabling Project, 147–49
Silk Road, 105
Skype, 84, 148
SmartFilter, 82
smartphones:
app-based surveillance on, 48
cameras on, 41
as computers, 14
GPS tracking in, 3, 14, 216–17
MAC addresses and Bluetooth IDs in, 29
Smith, Michael Lee, 67–68
Snowden, Edward, 177, 178, 217
e-mail of, 94
Espionage Act and, 101
EU Parliament testimony of, 76
NSA and GCHQ documents released by, 6, 20, 40–41, 62, 65, 66, 67, 72, 74, 78, 96, 99–100, 121, 129, 144, 149, 150, 160–61, 172, 175, 182, 207, 223, 234, 238
Sochi Olympics, 70, 77
Socialists, Socialism, 92–93
social networking:
apps for, 51
customer scores and, 111
customer tracking and, 123
data collected in, 200–201
government surveillance of, 295–96
see also specific companies
social norms:
fear and, 227–30
liberty and, 227
mass surveillance and, 226–38
privacy and, 227, 230–33
security and, 227
software:
security of, 141, 146
subscription vs. purchase models for, 60
Solove, Daniel, 93
SOMALGET, 65
Sophos, 82
Sotomayor, Sonia, 95, 342
South Korea, cyberattack on, 75
spy gadgets, 25–26
SSL encryption, 85–86
SSL (TLS) protocol, 215
Standard Chartered Bank, 35–36
Staples, 110
Stasi, 23
Steinhafel, Gregg, 142
strategic oversight, 162, 172–77
StingRay surveillance system, 100, 165
Stross, Charles, 128
Stuxnet, 75, 132, 146
collateral damage from, 150
Supreme Court, US, 26, 180, 361–62
third-party doctrine and, 68
surveillance:
automatic, 31–32
benefits of, 8, 190
as business model, 50, 56, 113–14, 206
cell phones as devices for, 1–3, 14, 28, 39, 46–47, 62, 100, 216–17, 219, 339
constant, negative health effects of, 127
cost of, 23–26
espionage vs., 170, 183–84
government abuses of, 101–5
government-on-government, 63, 73, 74, 75, 76, 158
hidden, 28–30
legitimate needs for, 219–20
as loaded term, 4
mass, see mass surveillance
oversight and accountability in, 161–63, 169, 172–78
overt, 28, 30
perception of, 7–8
personal computers as devices for, 3–4, 5
politics and, 213
pre-Internet, 64, 71
principles of, 155–66
targeted, see targeted surveillance
transparency and, 159–61, 169, 170–71, 176
surveillance technology:
cameras, 14, 17, 31–32
cost of, 25–26
shrinking size of, 29
Suspicious Activity Reports (SAR), 138
Sweeney, Latanya, 44, 263–64
SWIFT banking system, 73
Swire, Peter, 160
Syria, 81
NSA penetration of Internet infrastructure in, 74, 150
System for Operative Investigative Measures (SORM; Russia), 70
tactical oversight, 162, 177–79
Tailored Access Operations group (TAO), 72, 85, 144, 149, 187
Taleb, Nassim, 136
Target, 33, 34, 55
security breach of, 142, 193
targeted advertising, see advertising, personalized
targeted surveillance:
mass surveillance vs., 5, 26, 139–40, 174, 179–80, 184, 186
PATRIOT Act and, 174
tax fraud, data mining and, 137
technology:
benefits of, 8, 190–91
political undermining of, 213
privacy enhancing (PETs), 215–16, 217
see also surveillance technology
telephone companies:
FBI demands for databases of, 27, 67
historical data stored by, 37, 67
NSA surveillance and, 122
transparency reports of, 207–8
see also cell phone metadata; specific companies
Teletrack, 53
TEMPORA, 79
Terrorism Identities Datamart Environment, 68, 136
terrorists, terrorism:
civil liberties vs., 135
government databases of, 68–69
as justification for mass surveillance, 4, 7, 170–71, 226, 246
mass surveillance as ineffective tool for detection of, 137–40, 228
and NSA’s expanded mission, 63, 65–66
terrorists, terrorism (continued)
overly broad definition of, 92
relative risk of, 332
Uighur, 219, 287
uniqueness of, 138
see also counterterrorism; security; September 11, 2001, terrorist attacks
thermostats, smart, 15
third-party doctrine, 67–68, 180
TLS (SSL) protocol, 215
TOM-Skype, 70
Tor browser, 158, 216, 217
Torch Concepts, 79
trade secrets, algorithms as, 196
transparency:
algorithmic surveillance and, 196
corporate surveillance and, 192, 194, 196, 202,
207–8
legitimate secrecy vs., 332–33
surveillance and, 159–61, 169, 170–71, 176
Transparent Society, The (Brin), 231
Transportation Security Administration, US (TSA), screening by, 136, 137, 159, 231, 321
Treasury, US, 36
Truman, Harry, 62, 230
trust, government surveillance and, 181–83
truth in lending laws, 196
Tsarnaev, Tamerlan, 69, 77, 139
Turkey, 76
Turla, 72
Twitter, 42, 58, 199, 208–9
metadata collected by, 23
Uber, 57
Uighur terrorists, 219, 287
Ukraine, 2, 39
Ulbricht, Ross (Dread Pirate Roberts), 105
“uncanny valley” phenomenon, 54–55
Underwear Bomber, 136, 139
UN High Commissioner on Human Rights, 96
Unit 8200, 77
United Kingdom:
anti-discrimination laws in, 93
data retention law in, 222
GCHQ of, see Government Communications Headquarters
in international intelligence partnerships, 76
Internet censorship in, 95
license plate scanners in, 27
mission creep in, 105
Regulation of Investigatory Powers Act (2000) of, 175
United Nations:
digital privacy resolution of, 232, 363–64
NSA surveillance of, 102, 183
United States:
data protection laws as absent from, 200
economic espionage by, 73
Germany’s relations with, 151, 234
intelligence budget of, 64–65, 80
NSA surveillance as undermining global stature of, 151
Stuxnet cyberattack by, 75, 132, 146, 150
Universal Declaration of Human Rights, 232
USA PATRIOT Act (2001), 105, 221, 227
Section 215 of, 65, 173–74, 208
Section 505 of, 67
US Cellular, 177
Usenet, 189
VASTech, 81
Verint, 2–3, 182
Verizon, 49, 67, 122
transparency reports of, 207–8
Veterans for Peace, 104
Vigilant Solutions, 26, 40
Vodafone, 79
voiceprints, 30
vulnerabilities, 145–46
fixing of, 180–81
NSA stockpiling of, 146–47
w0rmer (Higinio Ochoa), 42–43
Wall Street Journal, 110
Wanamaker, John, 53
“warrant canaries,” 208, 354
warrant process, 92, 165, 169, 177, 180, 183, 184, 342
Constitution and, 92, 179, 184
FBI and, 26, 67–68
NSA evasion of, 175, 177, 179
third-party doctrine and, 67–68, 180
Watson, Sara M., 55
Watts, Peter, 126–27
Waze, 27–28, 199
weapons of mass destruction, overly broad definition of, 92, 295
weblining, 109
WebMD, 29
whistleblowers:
as essential to democracy, 178
legal protections for, 162, 169, 178–79, 342
prosecution of, 100–101, 178, 179, 222