Four ways your privacy is being invaded

Slowly but surely, government and telecommunications companies have forged a police-corporate surveillance complex

Salon
by Davis Rosen
This article originally appeared on AlterNet
September 11, 2012

Four ways your privacy is being invaded

Americans’ personal privacy is being crushed by the rise of a four-headed corporate-state surveillance system.  The four “heads” are: federal government agencies; state and local law enforcement entities; telecoms, web sites & Internet “apps” companies; and private data aggregators (sometimes referred to as commercial data warehouses).

Conventional analysis treats these four domains of data gathering as separate and distinct; government agencies focus on security issues and corporate entities are concerned with commerce. Some overlap can be expected as, for example, in case of a terrorist attack or an online banking fraud.  In both cases, an actual crime occurred.

But what happens when the boundary separating or restricting corporate-state collaboration, e.g., an exceptional crime-fighting incident, erodes and becomes the taken-for-granted operating environment, the new normal?  Perhaps most troubling, what happens when the traditional safeguards offered by “watchdog” courts or regulatory organizations no longer seem to matter?  What does it say that the entities designed to protect personal privacy rights seem to have either been effectively “captured” or become toothless tigers?

In President Eisenhower’s legendary 1960 farewell address, he warned of the potential power of the military-industrial complex.  Ike’s 20th century formulation represented the intertwining of the U.S. military and private contractors to achieve two complementary goals.  First, it sought to help corporations make guaranteed, cost-plus profits and to provide glide-path retirement programs for the military brass.  Second, it sought to influence Congress and thus shape foreign policy, helping fulfill the then just-emerging global imperialist strategy.

Today’s corporate-state surveillance complex demonstrates a comparable intertwining of U.S. policing forces and private companies in the monitoring of domestic life.  It is being implemented thanks to the technology fruits of a half-century of the military-industrial complex.  The Defense Department created the Internet and what it can do in Yemen it can do in Oakland. The global war on terrorism is coming home!

In the wake of the Great Recession, we are living through a great economic and social restructuring.  The global world order is shifting and, accordingly, America’s class and social relations are being reordered.  Occupy Wall Street’s formulation of the social crisis, the 1% vs. the 99%, has become the shorthand descriptor of this restructuring of American economic relations.  No time is better to impose high-tech social disciple then one marked by economic and social crisis.  The unanswered question is obvious:  Are we witnessing the formation of the high-tech police state?

* * *

To reiterate, the four-headed corporate-state surveillance hydra consists of (i) federal agencies; (ii) state and local law enforcement entities; (iii) telecoms, web sites & Internet “apps” companies; and (iv) private data aggregators.  The following overview sketches out the parameters of the ever-growing domestic spy state, how it’s being implemented and some of the more egregious examples of abuse of public trust if not the law.

#1 — Federal Surveillance

The attacks of 9/11 and the subsequent (and endless) “war on terror” continue to provide the rationale for an ever-expanding domestic security state.  The leading agencies gathering data on Americans (and others) include the National Security Agency (NSA), Department of Homeland Security (DHS) and Department of Defense (DoD) as well as the FBI and IRS.  In the wake of 9/11, the NSA took the lead in federal domestic cyber surveillance, but in 2010 the NSA ceded this authority to the DHS.

Personal information is gathered from a host of both public and private sources.  One source is “public records” that can range from birth, marriage and death records; court filings, arrest records, driver’s license information, property ownership registrations (e.g., car or house), tax records, professional licenses and even Securities and Exchange Commission filings.  Another source is “private” records from ChoicePoint and LexisNexis as well as credit reporting agencies such as Equifax, Experian Information Solutions and Trans Union LLC.

The most Kafkaesque example of federal tracking efforts has been the DHS Transportation and Safety Administration’s (TSA) No-Fly List.  As of 2011, it was estimated to contain about 10,000 names.  The list’s inherent absurdity was illustrated when, some years before his death, Ted Kennedy discovered he (as “T. Kennedy”) was on the list.

The No-Fly List is administered by the Terrorist Screening Center (TSC) which cannot reveal whether a particular person is on the list, nor does it have the authority to remove someone from the list — that’s up to the FBI. The TSC also manages what is known as the Terrorist Watch List. Administered by the FBI, the list, according to an ACLU estimate, consists of 1 million names and is continually expanding.

DHS also maintains the Automated Biometric Identification System (IDENT) that has the fingerprints, photographs and biographical information on 126 million people.

During the July 4, 2012, holiday weekend, Pres. Obama quietly released a new Executive Order, “Assignment of National Security and Emergency Preparedness Communications Functions.” While ostensibly seeking to ensure the continuity of government communications during a national emergency, it grants new powers to the DHS over telecom.  It permits the agency to collect public communications information and the authority to seize private facilities when necessary.  The Executive Order is legislation through the back door, the Obama Administration’s effort to implement a law that Congress rejected in 2011.

Parallel to the DHS efforts, the FBI maintains a number of operations tracking Americans.  The Integrated Automated Fingerprint Identification System (IAFIS) keeps fingerprint records of some 62 million people; it makes this resource available to 43 states and 5 other federal agencies. Soon, the agency will switch over to the NGI (Next Generation Initiative), which will contain face recognition searchable photos, iris scans, fingerprints, palm prints, and a record of scars and tatoos.  The FBI coordinates the Combined DNA Index System (CODIS) that has DNA evidence from blood and saliva sample on more than 10 million people.  In addition, the FBI maintains the Nationwide Suspicious Activity Reporting Initiative (SAR) that includes some 160,000 reports on people who allegedly acted suspiciously.

(These activities are separate from the recent revelation from AntiSec that found on a FBI agent laptop a database of 12 million Apple device owners’ users unique identify, including owner’s personal information.)

In 2004, Congress established the National Counterterrorism Center (NCTC) to serve as the “center for joint operational planning and joint intelligence, staffed by personnel from the various agencies.”   It maintains the Terrorist Identities Datamart Environment (TIDE) that includes records on an estimated 740,000 people.  Federal authorities claim that less than 2 percent of the people on file are US citizens or legal permanent residents. Earlier this year, Att. Gen. Eric Holder extended the agency’s ability to maintain private information about U.S. citizens when there is no suspicion that they are involved in terrorism from 180 days to five years.

The NSA’s authority overrides 4th Amendment guarantees safeguarding a citizen’s right from unreasonable search and seizure through what is known as a National Security Letter (NSL). In 2008, Congress revised the Foreign Intelligence Surveillance Act freeing the NSA from the bothersome requirement of having to prove probable cause before intercepting a person’s phone calls, text messages or emails from someone in the U.S. suspected of involvement with terrorism.  Between 2000 and 2010 (excluding 2001 and 2002 for which no records are available), the FBI was issued 273,122 NSLs; in 2010, 24,287 letters were issued pertaining to 14,000 U.S. residents.

In June 2011, the DoD originally launched a pilot program, the Defense Industrial Base (DIB) Cyber Pilot, with 20 private companies.  It would allow intelligence agencies to share threat information with private military contractors.  Among the companies who participated were Lockheed Martin, Northrop Grumman and Raytheon as well as telcos AT&T, Verizon and CenturyLink.  The telcos filter incoming email for malicious software.  In May 2012, DoD and DHS announced plans to expand the program to 200 participants and the DoD estimates that approximately 8,000 firms could potentially participate.

DoD is aggressively promoting the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), which recently passed the House and is now before the Senate.  Under this law, there would be a significant expansion in sharing of information related to “cyber hacking” (a very ill-defined term) between federal agencies, including DoD, NSA and DHS, and private companies.  The information to be shared would cover both classified and unclassified data.  The ostensible purpose of such data sharing would be to protect the nation’s telecom networks and customers from hack-attacks.  Sure.

#2 — State and Local Law Enforcement

On July 9th, Rep. Ed Markey (D-MA) released the first set of findings from the House’s Bipartisan Congressional Privacy Caucus.  It found that over 1.3 million federal, state and local law enforcement data requests were made to cellphone companies for personal records in 2011.  Among the tracking information provided to law enforcement entities were: geo-locational or GPS data, 911 call responses, text message content, billing records, wiretaps, PING location data and what are known as cell tower “dumps” (i.e., a carrier provides all the phones numbers of cell users that connect with a discrete tower during a discrete period of time).

In a separate and equally revealing disclosure, the ACLU found that, based on records from over 200 local law enforcement agencies, most law enforcement groups that engaged in cell-phone tracking did not obtain a warrant, subpoena or other court order.

The Associated Press received a 2011 Pulitzer Prize for revealing the role played by the New York Police Department’s (NYPD) secret demographics unit.  It undertook a federally funded, multi-million-dollar, multi-state surveillance program of Muslims in the metro-NY area, involving citizens and noncitizens alike.   Most recently, the AP reported that, based on the testimony of one of the program’s senior executives, the NYPD failed to identify a single attack or threat.

Another NYPD anti-terrorist program is known as the Domain Awareness System (DAS).  It was developed as a commercial partnership between the NYPD and Microsoft at an estimated cost of $30 to $40 million.  With DAS, investigators can track individuals or incidents (e.g., a suspicious package) through live video feeds from some 3,000 CCTV cameras, 2,600 radiation substance detectors, check license plate numbers, pull up crime reports and cross-check all information against criminal and terrorist databases.  Big Brother has become America’s new normal.

One area in which local government and private interests come together involves automatic license plate recognition.  In New York and other cities through the country, LPR cameras are being mounted on lampposts, bridges and police patrol cars and capture images of license plates.  These photos are a being shared with the National Insurance Crime Bureau that represents hundreds of insurance companies.  Thus, private location data of U.S. citizens are being acquired and shared with commercial entities without their knowledge or consent.

#3 – Telecom, Web Sites & Internet “Apps” Companies

Rep. Markey disclosure revealed a lucrative scheme involving the security state outsourcing data gathering to ten major telecommunications companies, including AT&T, Verizon and T-Mobile.  These companies made million of dollars supplying law enforcement agencies with personal telecom information.

However, a far bigger issue involves most of the major websites, including Google, Facebook, Amazon and iTunes, that systematically collect user data and commercializes it for corporate purposes; the telecoms engage in the same practice.

Many web companies fulfill government requests for a user’s personal information, but Google is one of the few companies that publicly reveal such requests.  Most recently, it reported that during the second-half of 2011, U.S. government agencies made 12,243 requests and that it complied with 93 percent of them (11,386).  This is 1,000 a month; what’s going on?

Wireless devices are two-way technologies.  In addition to uploaded valuable personal data, wireless customers are sitting ducks for downloaded junk. Most smartphone users are unaware that when they download a “free” app they are downloading a Trojan horse.

According to a recent study by Lookout Mobile Security, more than half of the free apps embed advertising in their offerings and that these offerings are provided by ad networks.  It estimates that 5 percent of all smartphone apps (representing 80 million downloads) are embedded with “aggressive” ad networks that can change bookmark settings and deliver ads outside the app they are embedded in.  Games, and especially Google Play, had the highest rate of ad placements.  The data from all these apps are being collected, analyzed and exploited for commercial gain.

#4 – Private Data Aggregators

Private sector tracking can be divided between three types of companies.  One consists of those companies that facilitate commercial transactions, the ostensible bank like Visa or PayPal.  A second consists of the ad agencies (most notably Google) that capture personal data through “click-throughs” and “cookies.” Finally, private data aggregators like ChoicePoint, Intelius, Lexis Nexis and US Search Profile that collect personal data, repackage it and offering it for sale.  They acquire, slice & dice your personal information as if they were running sausage factories – and your personal life is the unlucky pig Together, they prove that nothing private is secret: the whole world is watching!

These companies track one’s every keystroke, every order and bill payment one makes, every word and/or phrase in one’s emails, even one’s every mobile movement through GPS tracking.  Data capture involves everything from your personal Social Security number, phone calls, arrest record, credit card transactions and online viewing preferences as well as your medical and insurance records and even personal prescriptions.

* * *

The Constitution was adopted on September 17, 1787, and reserved privacy to a citizen’s person, home and property; the 4th Amendment prohibits illegal search and seizure.   In the intervening 225 years, the notion of personal privacy has been radically transformed, especially in light of technological advances and the globalization of the marketplace.  It was written in a pre-industrial, agrarian era and informs decisions made in a post-modern world.

Today, the Supreme Court’s 1967 decision, Katz v. U.S. (389 US 347), is all but forgotten.  It established a link between the modes of telecommunication and personal privacy that illuminates today’s debate over the limits of privacy in the post-modern age.

In this case, Charles Katz used a public pay phone booth to place illegal gambling bets.  In writing for the majority, Justice Potter Stewart noted, “One who occupies [a telephone booth], shuts the door behind him, and pays the toll that permits him to place a call is surely entitled to assume that the words he utters into the mouthpiece will not be broadcast to the world.”

Does someone making a call on a wireless device today have comparable rights as someone in a phone booth a half-century ago?  Are the keystrokes an individual enters on a personal computer or a smartphone equivalent to an old-fashion voice call?  And what of the personal information an individual provides to a 3rd party like a credit-card company, insurance company and telephone, wireless and Internet service provider?

The Katz decision was farsighted for the mid-20th century and one can only hope that its insight will inform the debate over 21st century digital technology and communications.  More so, it serves as an analogy for contemporary notions of social life and their reasonable expectations of privacy.

However, war has long provided the rationale for the imposition of state tyranny.  World War I hysteria found expression in the Espionage Act of 1917 and the Palmer Raids of 1920; World War II hysteria resulted in the mass roundup and imprisonment of 120,000 Japanese and Japanese-Americans; the Cold War gave us anti-Communism.

One consequence of 9/11 is that Constitutionally protected privacy rights have come under increasing threat from both private corporations and government entities.  These two domains, the private and the state, traditionally function as separate, if not parallel, worlds.  Since 9/11, both domains have not only been very busy collecting raw digital and other information on ordinary Americans, but have increasingly joined forces.

In the marketplace of valued data, one’s digital self (or selves) is increasingly being sliced and diced, collated and repackaged, as an ever more exact commodity.  Nothing about a person’s electronic self, whether a credit-card purchase, parking ticket, GPS location, medical record or viewing practices, is private.

The military-industrial complex formalized the fiction that separates the corporate and the federal, serving as the revolving door for deals mae and rewarded.  A permanent militarized state is now engaged in wars against “terrorists,” good-old foreign cyber-espionage with China, Iran, Russia and others, battles with criminal gangs, cyber hackers (like Anonymous) and whistle-blowers.  The same technologies being employed to fight the war on terror internationally are being imposed on Americans in their most private, personal lives.

The police-corporate surveillance “complex” is being consolidated, drawing ever-closer corporate tracking and government surveillance.  These entities collect data sent from different devices, that takes different forms and use different distribution networks.  Such devices include a phone or smartphone, PC or tablet; they are separate from the network one employs, whether wireline, wireless or cable; and are distinct from the type of information one communicates, from email message, commercial transaction and social network connection to video download and medical records.  Nevertheless, in our increasingly digitally mediated universe, all 1s and 0s are alike.

Today, nearly all the personal data gathering that takes place does so under one of two conditions.  First, it is done by a consumer under the “terms of use” required by a take-it-or-leave-it offer for whatever service is offered (e.g., making a call, use of an iPhone, doing a Google search, ordering a book through Amazon).  Second, it is ostensibly done “legally” by a law enforcement agency with a court order (or without such legal niceties).

The line between the corporate and the government is eroding.  There seems to be a widening two-way street between law-enforcement entities (both federal or local) and private companies over information sharing.  One form of working relation is ostensibly passive, a fee for service arrangement, as when a telco provides a user’s GPS tracking data or Google supplies user data.  The information is provided when the company receives a court-approved request.  However, as the ACLU found, cordial relations between law enforcement entities and telecoms often bypass legal niceties.

A second form of information sharing comes from the more traditional out-sourcing deal, the apparent collusion between a federal government agency and one of its former spymasters, former CIA director Richard Helms. His Virginia-based company, Abraxas Corp., created TrapWire correlates video surveillance with other data, including criminal and terrorist watch lists, facial recognition profiles, license plate information, stolen vehicles reports and other event data.  It was acquired by San Diego-based, Cubic Corp., in 2010 for $124 million in cash.

A third form is the partnership, a for-profit venture between a local government and a major corporation.  Welcome to Domain Awareness System in which the NYPD and Microsoft entered into a commercial venture.  A flurry of press releases and TV appearances promoted the venture of Mayor Bloomberg 21st century capitalism.  It would be interesting to examine the final financial projections to see what New York’s rate-of-return would be given its estimated $30 to $40 million investment.

Earlier this year, in Jones v. U.S., the Supreme Court ruled that the police are required to get a warrant before attaching a Global Position System (GPS) device a suspect’s car.  In its decision, the Court rejected the Obama Justice Department’s claim that citizens have no expectation of privacy in public places.  This decision may provide the rationale for a redrawing of the lines protecting privacy, communication and personal information.

Direct Link:  http://www.salon.com/2012/09/11/four_ways_your_privacy_is_being_invaded/