The Surveillance State 2015- Part 1, by Kass Andrada

The history of liberty is a history of the limitation of governmental power, not the increase of it. Woodrow Wilson, 1912

The question of whether a surveillance society was looming on the horizon has been growing since Justice Douglas remarked in 1966, “We are rapidly entering the age of no privacy, where everyone is open to surveillance at all times; where there are no secrets from government.” [1] Early in the new millenium, only about 33% of Americans were concerned about their online data as of 2009. [2] Just a few years later, in 2015, polls show 54% disapprove of government surveillance of telephone and Internet data.[3] Most seem to feel that they have no control over their personal data, with only nine percent (9%) stating that they feel they have a lot of control over their data.[4] Those who have more knowledge of the degree of surveillance that exists are more likely to indicate that they have no control.[5]

More interesting still, only about half of people responding have anything more than the vaguest notion of just how much surveillance is actually occurring. Many seem to think that their Internet searches are private or can’t be connected to their name, or they believe the retention period for the information is somehow limited, although it is not.[6] About 55% don’t think their search engines or social media should be able to save any information about their activity at all.[7] However, this is divorced from reality. Every element of online activity is fully known to both civil and government entities. This article attempts to compile information about the extent of surveillance in the United States in 2015 in order to provide a snapshot of what is known about privacy in the modern era.

Private surveillance is not a new thing. Google street mappers were actually driving around collecting data from home and network structures including email, passwords, and other personal information for years between 2007 and 2012.[8] They only admitted this practice when sued by 38 states.[9] Google also admitted to bypassing privacy settings in the Safari browser, an action for which the Federal Trade Commission fined Google $22.5 million in 2012.[10]

The practice is not limited to Google.[11] “DropBox, Microsoft, Apple, Yahoo, FaceBook, Skype, —and others—all do pretty much the same thing: read user data and grant government access to it.”[12] The trend is accelerating with every generation of software. The new Windows 10 collects a massive amount of user data and sends it to Microsoft:

Cortana will not only remember all of your search history, but it will also collect information on the people you know, the places you go, your calendar details, your emails, IM messages, your text messages, your phone calls, and virtually everything else you do. That’s not to mention that the system sends “speech data” to Microsoft periodically. Microsoft is ambiguous as to what “speech data” is, so we don’t know if it is voice recordings or some other sort of information…[13]

More recently, it was discovered that certain models of televisions were actively “listening” to people’s domestic conversations and sending that data back across the Internet.[14] The “feature”, which was intended simply to allow voice commands to the television, can theoretically be disabled,[15] but within days experts were able to demonstrate how the microphones and detection features could be remotely activated and run behind browsers and other Internet functions to relay data continuously.[16] Further investigation suggested that all “wired” devices are moving toward data collection from voice navigators in XBox, Siri, Amazon Now, and others down to Nest home thermostats.[17] Internet providers have been using “supercookies” to track activity of every kind and let every website know your information.[18] Even if the provider isn’t tracking, many applications or “apps” are tracking (and selling or transferring) huge amounts of data that have nothing to do with the purported functionality of the app.[19] The people or entities to whom the information is sold or transferred isn’t revealed by the app, of course.

Only one Internet provider has offered more privacy, but they want to charge for it:

Recently, AT&T surprised everyone when it added a new option to its GigaPower fiber Internet service: privacy. Yes, for just $29 more a month AT&T promises it WON’T sell your search and browsing history to advertisers. How generous.[20]

This may have been related to the fact that, for decades, AT&T had been happily turning over massive amounts of data to the federal government:

Under a decades-old program with the government, telecom giant AT&T in 2003 led the way on a new collection capability that the National Security Agency said amounted to a “‘live’ presence on the global net” and would forward 400 billion Internet metadata records in one of its first months of operation, The New York Times reported.

The Fairview program was forwarding more than 1 million emails a day to the NSA’s headquarters in Fort Meade, Maryland, the newspaper reported. Meanwhile, the separate Stormbrew program, linked to Verizon and the former company MCI, was still gearing up to use the new technology, which appeared to process foreign-to-foreign traffic.

In 2011, AT&T began handing over 1.1 billion domestic cellphone calling records a day to the NSA after “a push to get this flow operational prior to the 10th anniversary of 9/11,” according to an internal agency newsletter cited by the Times. Intelligence officials have told reporters in the past that, for technical reasons, the effort consisted mostly of landline phone records, the newspaper reported.[21]

Old law, the Electronic Communications Privacy Act from 1986, is largely ineffective because it allows old communications left on servers after six months to be deemed “abandoned” and therefore searchable by the government without a warrant.[22] U.S. government agencies have been aggressively obtaining that information and more, placing so many demands on so many tech companies that a number of the companies banded together to launch a website called “Reform Government Surveillance”.[23]

Cell phones and cell phone providers are also invading personal data like never before, despite the ACLU’s warnings:

Knowing where a person’s phone is located can reveal sensitive information, like when they go to the doctor or psychologist, what political activities they engage in, who they spend time with, and where they sleep at night. Law enforcement agencies can often obtain this personal information without ever getting a warrant from a judge. The federal government also invokes powerful surveillance authorities to collect this information and more, including our call records, contact lists, and even the contents of our text messages and calls.[24]

There is no requirement for a warrant for this information.[25] Government agencies bombard cell carriers for the information up to 100 times a day.[26]

No official information exists as to whether government agencies are engaging in similar data collection behavior,[27] however there would seem to be little reason to think otherwise, as they have been exposed spying on everyone including other world leaders.[28] Letters obtained from a senator’s request shows that it’s not just the NSA spying on U.S. citizens; it’s the FBI and CIA as well.[29] Examples of such activity are numerous, but more public revelations include the fact that Federal agencies built “phantom cell towers” in order to intercept cell phone transmissions from all sources within their range.[30] The technology was eventually miniaturized to a suitcase-sized package referred to as “Stingray”, which most federal agencies and at least 25 police departments use to trick cell phones into connecting with them and transmitting their calls and data to police or agency recording devices.[31] More significantly, the technology also turned off cell phone encryption and intercepted texts as well as calls.[32] Whatever is not immediately found out by U.S. operations within the United States is instead picked up by Great Britain or another U.S. ally and sent over to the U.S., who returns the favor by spying on the citizens of those nations, thereby neatly evading laws against such behavior.[33] Whatever the source, bulky voice files which are obtained, are reduced to fully searchable text files via sophisticated programs and then retained.[34]

References


[1]Dissent, Osborn v. US 385 US 341 (1966).


[2]http://www.wsj.com/articles/SB10001424052702304704504579432823496404570 retrieved July 30, 2015.


[3]http://www.pewresearch.org/fact-tank/2015/05/29/what-americans-think-about-nsa-surveillance-national-security-and-privacy/ Retrieved 7/30/15.


[4]Americans’ Views About Data Collection and Security http://www.pewinternet.org/2015/05/20/americans-views- about-data-collection-and-security/#few-feel-they-have-a-lot-of-control-over-how-much-information-is-collected-about-them-in-daily-life Retrieved 7/30/15


[5]Id.


[6]“…a Ponemon Institute survey of 1,000 Google users found that 89% thought that their searches were private and 77% thought Google searches could not reveal their personal identities – wrong on both accounts.” Why Google is the Biggest Threat to Americans’ Privacy; The Detailed Case from my House Testimony http://precursorblog.com/?q=content/why-google-biggest-threat-americans-privacy-the-detailed-case-my-house- testimony


[7]Americans’ Views About Data Collection and Security, Id.


[8]Google’s Wanton WarDriving Scandal: Fallout & Cover-up http://precursorblog.com/content/googles-wanton- wardriving-scandal-fallout-cover


[9]Google Concedes That Drive-By Prying Violated Privacy http://www.nytimes.com/2013/03/13/technology/google-pays-fine-over-street-view-privacy-breach.html?_r=0 Retrieved July 30, 2015.


[10]Id.


[11]Pharmaceutical companies have been tracking user data or paying firms to track such data, since at least 2000 http://articles.latimes.com/2000/aug/17/business/fi-5801 Retrieved July 30, 2015.


[12]http://www.salon.com/2014/02/05/4_ways_google_is_destroying_privacy_and_collecting_your_data_partner/ Retrieved July 30, 2015.


[13]Cortana Is Listening Michael Justin Allen Sexton August 10, 2015. http://www.tomshardware.com/news/cortana-is-watching,29791.html#xtor=RSS-181


[14]http://money.cnn.com/2015/02/09/technology/security/samsung-smart-tv-privacy/


[15]http://www.cnet.com/how-to/samsung-smart-tv-spying/


[16]Your TV may be watching you By Bruce Schneier Updated 9:16 AM ET, Thu February 12, 2015 http://www.cnn.com/2015/02/11/opinion/schneier-samsung-tv-listening/


[17]http://mashable.com/2015/02/10/smart-devices-listening/


[18]Id.


[19]“Flashlight is designed do location tracking, read my calendar, use my camera, gain access to unique numbers that identify my phone, and then share data with a number of ad networks, including Google’s AdMob, iAd, and JumpTap.” The Hidden Privacy Threat of … Flashlight Apps? http://www.wired.com/2014/10/iphone-apps/


[20]What cellphone companies don’t want you to know http://www.usatoday.com/story/tech/columnist/komando/2015/03/13/cell-phone-privacy/70202468/


[21]http://wtop.com/politics/2015/08/report-documents-reveal-details-behind-att-nsa-partnership/


[22]“… right now, the ECPA considers remotely stored digital files more than 180 days old to be abandoned and forces service providers to hand over those files whenever law enforcement demands—without the need for a warrant. This means that all those old emails in your inbox aren’t granted basic due process protections.” Federal Agencies Fight for Warrantless Access to Emails http://reason.com/archives/2015/08/13/federal-agencies-fight- for-warrantless-a retrieved 8/14/15.


[23]Companies include Google, LinkedIn, facebook, Microsoft, AOL, Yahoo, Dropbox, Evernote. https://www.reformgovernmentsurveillance.com/ Companies include Google, LinkedIn, facebook, Microsoft, AOL, Yahoo, Dropbox, Evernote.


[24]Cell Phone Privacy https://www.aclu.org/issues/privacy-technology/internet-privacy/cell-phone-privacy Retrieved 8/10/15.


[25]Do Police Need a Warrant to See Where a Phone Is? http://www.theatlantic.com/technology/archive/2015/08/warrantless-cell-phone-location-tracking/400775/


[26]In its most recent annual report, AT&T said it received 64,703 requests for CSLI in 2014. And just in the first six months of this year, Verizon says it received more than 21,000 requests. That is, in 2015, a single carrier received more than 100 requests daily for the geographic history of an American’s life, as told through their location. Id.


[27]Information on PRISM collection, operating since 2007 exists in Wikipedia subject to the known limitations of that source https://en.wikipedia.org/wiki/PRISM_(surveillance_program)


[28]See inter alia http://www.cbsnews.com/feature/nsa-surveillance-exposed/ ; https://www.eff.org/nsa-spying; http://www.huffingtonpost.com/news/government-surveillance/ ; https://www.aclu.org/issues/national- security/privacy-and-surveillance/


[29]http://leaksource.info/2014/08/01/fbi-and-cia-use-backdoor-searches-of-nsa-data-to-warrentlessly-spy-on- americans-communications/


[30]http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/


[31]At least thirty-six more departments refused to answer whether they were using this technology. Id.


[32]http://www.newsweek.com/what-cell-ls-those-ominous-phony-towers-268589


[33]http://www.theregister.co.uk/2015/08/03/gchq_duncan_campbell/?page=3


[34]https://firstlook.org/theintercept/2015/05/05/nsa-speech-recognition-snowden-searchable-text/