Is Privacy Dead?
the police-corporate surveillance complex is tracking everything you do online and off
Americans’ personal privacy is being crushed by the rise of a four-headed corporate-state surveillance system. The four “heads” are: federal government agencies; state and local law enforcement entities; telecoms, Web sites and Internet “apps” companies; and private data aggregators (sometimes referred to as commercial data warehouses).
Conventional analysis treats these four domains of data gathering as separate and distinct; government agencies focus on security issues, and corporate entities are concerned with commerce. Some overlap can be expected as, for example, in case of a terrorist attack or an online banking fraud. In both cases, an actual crime occurred.
But what happens when the boundary separating or restricting corporate-state collaboration, e.g., an exceptional crime-fighting incident, erodes and becomes the taken-for-granted operating environment, the new normal? Perhaps most troubling, what happens when the traditional safeguards offered by “watchdog” courts or regulatory organizations no longer seem to matter? What does it say that the entities designed to protect personal privacy rights seem to have either been effectively “captured” or become toothless tigers?
In President Dwight Eisenhower’s legendary 1960 farewell address, he warned of the potential power of the military-industrial complex.
“In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex,” Eisenhower said. “We must never let the weight of this combination endanger our liberties or democratic processes. We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together.”
Ike’s 20th-century formulation represented the intertwining of the US military and private contractors to achieve two complementary goals. First, it sought to help corporations make guaranteed, cost-plus profits and to provide glide-path retirement programs for the military brass. Second, it sought to influence Congress and thus shape foreign policy, helping fulfill the then just-emerging global imperialist strategy.
Today’s corporate-state surveillance complex demonstrates a comparable intertwining of US policing forces and private companies in the monitoring of domestic life. It is being implemented thanks to the technology fruits of a half-century of the military-industrial complex. The Defense Department created the Internet, and what it can do in Yemen it can do in Oakland. The global war on terrorism is coming home!
In the wake of the Great Recession, we are living through a massive economic and social restructuring. The global world order is shifting and, accordingly, America’s class and social relations are being reordered. Occupy Wall Street’s formulation of the social crisis, the 1 percent vs. the 99 percent, has become the shorthand descriptor of this restructuring. No time is better to impose high-tech social discipline than one marked by economic and social crisis. The unanswered question is obvious: Are we witnessing the formation of the high-tech police state?
* * * * *
To reiterate, the four-headed corporate-state surveillance hydra consists of (i) federal agencies; (ii) state and local law enforcement entities; (iii) telecoms, Web sites and Internet “apps” companies; and (iv) private data aggregators. The following overview sketches out the parameters of the ever-growing domestic spy state, how it’s being implemented, and some of the more egregious examples of abuse of public trust, if not the law.
No. 1 — Federal Surveillance
The attacks of 9/11 and the subsequent (and endless) “War on Terror” continue to provide the rationale for an ever-expanding domestic security state. The leading agencies gathering data on Americans (and others) include the National Security Agency (NSA), Department of Homeland Security (DHS) and Department of Defense (DoD), as well as the FBI and IRS. In the wake of 9/11, the NSA took the lead in federal domestic cyber surveillance, but in 2010 the NSA ceded this authority to the DHS.
Personal information is gathered from a host of both public and private sources. One source is “public records,” which can range from birth, marriage and death records to court filings, arrest records, driver’s license information, property ownership registrations, tax records, professional licenses and even Securities and Exchange Commission filings. Another source is “private” records from ChoicePoint and LexisNexis, as well as credit reporting agencies, such as Equifax, Experian Information Solutions and Trans Union LLC.
The most Kafkaesque example of federal tracking efforts has been the DHS Transportation and Safety Administration’s (TSA) No-Fly List. As of 2011, it was estimated to contain about 10,000 names. The list’s inherent absurdity was illustrated when, some years before his death, Democratic US Sen. Ted Kennedy discovered he was on the list.
The No-Fly List is administered by the FBI’s Terrorist Screening Center, which cannot reveal whether a particular person is on the list and cannot remove someone from the list — that’s up to the FBI itself. The screening center also manages what is known as the Terrorist Watch List. Administered by the FBI, the list, according to an ACLU estimate, consists of 1 million names and is continually expanding.
DHS also maintains the Automated Biometric Identification System (IDENT), which contains fingerprints, photographs and biographical information on 126 million people.
During the July 4, 2012, holiday weekend, President Barack Obama quietly released a new Executive Order, “Assignment of National Security and Emergency Preparedness Communications Functions.” While ostensibly seeking to ensure the continuity of government communications during a national emergency, it grants new powers to the DHS over telecom, permitting the agency to collect public communications information and giving it authority to seize private facilities when necessary. The Executive Order is legislation through the back door, the Obama administration’s effort to implement a law that Congress rejected in 2011.
Parallel to the DHS efforts, the FBI maintains a number of operations that actively track Americans. The Integrated Automated Fingerprint Identification System (IAFIS) keeps fingerprint records of some 62 million people; it makes this resource available to 43 states and five other federal agencies. Soon, the agency will switch over to the Next Generation Initiative, which will contain face recognition searchable photos, iris scans, fingerprints, palm prints and a record of scars and tattoos.
The FBI also coordinates the Combined DNA Index System (CODIS), which has DNA evidence from blood and saliva samples on more than 10 million people, and maintains the Nationwide Suspicious Activity Reporting Initiative that includes some 160,000 reports on people who allegedly acted suspiciously.
(These activities are separate from the recent revelation from AntiSec, which found on an FBI agent’s laptop a database of 12 million Apple device owners’ unique user identities, including owners’ personal information.)
In 2004, Congress established the National Counterterrorism Center (NCTC) to serve as the “center for joint operational planning and joint intelligence, staffed by personnel from the various agencies,” according to its Web site. It maintains the Terrorist Identities Datamart Environment (TIDE), which includes records on an estimated 740,000 people. Federal authorities claim that less than 2 percent of the people on file are US citizens or legal permanent residents. Earlier this year, US Attorney General Eric Holder extended the agency’s ability to maintain private information about US citizens when there is no suspicion they are involved in terrorism from 180 days to five years.
The NSA’s authority overrides Fourth Amendment guarantees safeguarding a citizen from unreasonable search and seizure through what is known as a National Security Letter (NSL). In 2008, Congress revised the Foreign Intelligence Surveillance Act, freeing the NSA from the bothersome requirement of having to prove probable cause before intercepting a person’s phone calls, text messages or emails from someone in the US suspected of involvement with terrorism. Between 2000 and 2010 (excluding 2001 and 2002, for which no records are available), the FBI was issued 273,122 NSLs; in 2010, 24,287 letters were issued pertaining to 14,000 US residents.
In June 2011, the DoD launched a pilot program, the Defense Industrial Base (DIB) Cyber Pilot, with 20 private companies, allowing intelligence agencies to share threat information with private military contractors. Among the companies that participated were Lockheed Martin, Northrop Grumman and Raytheon, as well as telecommunication companies AT&T, Verizon and CenturyLink. The telecoms filter incoming email for malicious software. In May 2012, DoD and DHS announced plans to expand the program to 200 participants and the DoD estimates that approximately 8,000 firms could potentially participate.
Meanwhile, the DoD is aggressively promoting the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), which recently passed the House and is now before the Senate. Under this law, there would be a significant expansion in sharing of information related to “cyber hacking” (a very ill-defined term) between federal agencies, including DoD, NSA and DHS, and private companies. The information to be shared would cover both classified and unclassified data. The ostensible purpose of such data sharing would be to protect the nation’s telecom networks and customers from hack-attacks. Sure.
No. 2 — State and Local Law Enforcement
On July 9, US Rep. Ed Markey (D-Mass.) released the first set of findings from the House’s Bipartisan Congressional Privacy Caucus. It found that more than 1.3 million federal, state and local law enforcement data requests were made to cell phone companies for personal records in 2011. Among the tracking information provided to law enforcement entities were: geo-locational, or GPS data, 911 call responses, text message content, billing records, wiretaps, PING location data and what are known as cell tower “dumps” (i.e., a carrier provides all the phone numbers of cell users that connect with a discrete tower during a discrete period of time).
In a separate and equally revealing disclosure, the ACLU found that, based on records from more than 200 local law enforcement agencies, most law enforcement groups that engaged in cell-phone tracking did not obtain a warrant, subpoena or other court order.
The Associated Press received a Pulitzer Prize in 2011 for revealing the role played by the New York Police Department’s (NYPD) secret demographics unit. It had undertaken a federally funded, multimillion-dollar, multi-state surveillance program of Muslims in the metro-NY area, citizens and non-citizens alike. Most recently, The AP reported that, based on the testimony of one of the program’s senior executives, the NYPD failed to identify a single attack or threat.
Another NYPD anti-terrorist program, known as the Domain Awareness System (DAS), was developed as a commercial partnership between the NYPD and Microsoft at an estimated cost of $30 million to $40 million. With DAS, investigators can track individuals or incidents (like a suspicious package) through live video feeds from some 3,000 CCTV cameras and 2,600 radiation substance detectors, check license plate numbers, pull up crime reports and cross-check all information against criminal and terrorist databases. It seems Big Brother has become America’s new normal.
One area in which local government and private interests come together involves the use of automatic license plate recognition devices. In New York and other cities throughout the country, LPR cameras are being mounted on lampposts, bridges and police patrol cars to capture images of license plates. These photos are then shared with the National Insurance Crime Bureau, which represents hundreds of insurance companies. Thus, private location data of US citizens are being acquired and shared with commercial entities without their knowledge or consent.
No. 3 — Telecom, Web sites and Internet “Apps” Companies
Rep. Markey’s disclosure revealed a lucrative scheme involving the security state outsourcing data gathering to 10 major telecommunications companies, including AT&T, Verizon and T-Mobile. These companies made million of dollars supplying law enforcement agencies with personal telecom information.
However, a far bigger issue involves most of the major Web sites, including Google, Facebook, Amazon and iTunes, which systematically collect user data and commercialize it for corporate purposes; the telecoms engage in the same practice.
Many Web companies fulfill government requests for a user’s personal information, but Google is one of the few companies that publicly reveal such requests. Most recently, it reported that during the second-half of 2011, US government agencies made 12,243 requests and that it complied with 93 percent of them (11,386). This amounts to about 2,000 requests a month; what’s going on?
Wireless devices are two-way technologies. In addition to uploaded valuable personal data, wireless customers are sitting ducks for downloaded junk. Most Smartphone users are unaware that when they download a “free” app, they are downloading a Trojan horse.
According to a recent study by Lookout Mobile Security, more than half of the free apps embed advertising in their offerings and that these offerings are provided by ad networks. It estimates that 5 percent of all Smartphone apps (representing 80 million downloads) are embedded with “aggressive” ad networks that can change bookmark settings and deliver ads outside the app they are embedded in. Games, and especially Google Play, had the highest rate of ad placements. The data from all these apps are being collected, analyzed and exploited for commercial gain.
No. 4 — Private Data Aggregators
Private sector tracking can be divided between three types of companies. One consists of those companies that facilitate commercial transactions, such as the ostensible bank-like Visa or PayPal. A second consists of the ad agencies (most notably Google) which capture personal data through “click-throughs” and “cookies.” Finally, private data aggregators like ChoicePoint, Intelius, Lexis Nexis and US Search Profile collect personal data, repackage it and offer it for sale. They acquire, slice and dice your personal information as if they were running sausage factories and your personal life were the unlucky pig. Together, they prove that nothing private is secret — the whole world is watching!
These companies track one’s every keystroke, online order and bill payment, every word and/or phrase in every email, even one’s every mobile movement through GPS tracking. Data capture involves everything from your personal Social Security number, phone calls, arrest record, credit card transactions and online viewing preferences as well as your medical and insurance records and even personal prescriptions.
* * * * *
The US Constitution, adopted on Sept. 17, 1787, reserved privacy to a citizen’s person, home and property; the Fourth Amendment prohibits illegal search and seizure. In the intervening 225 years between then and now, the notion of personal privacy has been radically transformed, especially in light of technological advances and the globalization of the marketplace. The Constitution was written in a pre-industrial, agrarian era, yet still informs decisions made in a post-modern world.
The Supreme Court’s 1967 decision in Katz v. US established a link between the modes of telecommunication and personal privacy that illuminates today’s debate over the limits of privacy in the post-modern age. Today, the ruling seems all but forgotten.
In that case, Charles Katz had used a public pay phone booth to place illegal gambling bets. In writing for the majority, Justice Potter Stewart noted, “One who occupies [a telephone booth], shuts the door behind him and pays the toll that permits him to place a call is surely entitled to assume that the words he utters into the mouthpiece will not be broadcast to the world.”
Does someone making a call on a wireless device today have comparable rights to someone in a phone booth a half-century ago? Are the keystrokes an individual enters on a personal computer or a Smartphone equivalent to an old-fashioned voice call? And what of the personal information an individual provides to a third party like a credit-card company, insurance company or telephone, wireless and Internet service provider?
The Katz decision was farsighted for the mid-20th century, and one can only hope that its insight will inform the debate over 21st-century digital technology and communications. More so, it serves as an analogy for contemporary notions of social life and reasonable expectations of privacy.
War, however, has long provided the rationale for the imposition of state tyranny. World War I hysteria found expression in the Espionage Act of 1917 and the Palmer Raids of 1920; World War II hysteria resulted in the mass roundup and imprisonment of 120,000 Japanese and Japanese-Americans; the Cold War gave us anti-Communism.
One consequence of 9/11 is that constitutionally protected privacy rights have come under increasing threat from both private corporations and government entities. The private sector and the state traditionally function as separate, if not parallel, worlds. Since 9/11, both domains have not only been very busy collecting raw digital and other information on ordinary Americans, but have increasingly joined forces.
In the marketplace of valued data, one’s digital self (or selves) is increasingly being sliced and diced, collated and repackaged as an ever more exact commodity. Nothing about a person’s electronic self, whether a credit-card purchase, parking ticket, GPS location, medical records or viewing practices, is private.
The military-industrial complex formalized the fiction that separates the corporate and the federal, serving as the revolving door for deals made and rewarded. A permanent militarized state is now engaged in wars against “terrorists,” good-old foreign cyber-espionage with China, Iran, Russia and others, battles with criminal gangs, cyber hackers (like the well-known group known as Anonymous) and whistleblowers. The same technologies being employed to fight the war on terror internationally are being imposed on Americans’ most private, personal lives.
The police-corporate surveillance “complex” is being consolidated, drawing ever-closer corporate tracking and government surveillance. These entities collect data sent from different devices, which take different forms and use different distribution networks. Such devices include a phone or Smartphone, PC or tablet; they are separate from the network one employs, whether wire line, wireless or cable, and are distinct from the type of information one communicates, from email message, commercial transaction and social network connection to video download and medical records. Nevertheless, in our increasingly digitally mediated universe, all 1s and 0s are alike.
The line between the corporate and the government is eroding. There seems to be a widening two-way street between law-enforcement entities federal and local and private companies over information sharing. One form of working relation is a passive fee-for-service arrangement, such as when a telecom provides a user’s GPS tracking data or Google supplies user data. The information is provided when the company receives a court-approved request. However, as the ACLU found, cordial relations between law enforcement entities and telecoms often bypass legal terms of agreement.
A second form of information sharing comes from the more traditional outsourcing deal, which was the case in the apparent collusion between a federal government agency and one of its former spymasters, former CIA Director Richard Helms. His Virginia-based company, Abraxas Corp., created TrapWire, which correlates video surveillance with other data, including criminal and terrorist watch lists, facial recognition profiles, license plate information, stolen vehicles reports and other event data. It was acquired by San Diego-based Cubic Corp. in 2010 for $124 million in cash.
A third form of data sharing is partnership, a for-profit venture between a local government and a major corporation. Welcome to Domain Awareness System, in which the NYPD and Microsoft entered into a commercial venture. A flurry of press releases and TV appearances promoted the venture of New York Mayor Michael Bloomberg 21st-century capitalism. It would be interesting to examine the final financial projections to see what New York’s rate-of-return would be given its estimated $30 million to $40 million investment.
Earlier this year, in Jones v. US, the Supreme Court ruled that the police are required to get a warrant before attaching a Global Position System (GPS) device to a suspect’s car. In its decision, the court rejected the Obama Justice Department’s claim that citizens have no expectation of privacy in public places. This decision could ultimately provide the rationale for a redrawing of the lines protecting privacy, communication and personal information. n
David Rosen writes the Media Current blog for Filmmaker and regularly contributes to CounterPunch, Huffington Post and the Brooklyn Rail. Check out DavidRosenWrites; he can be reached at firstname.lastname@example.org
By David Rosen