Govt10: The surveillance state and society (v1.0)

Key reference is Prof Paul Rosenzweig of George Washington University. 

Every day, for good or ill, what you do and what you say is under scrutiny—scrutiny from your friends, your coworkers, and your family, but also from the U.S. government, foreign governments, and large commercial data collectors (which could be accessible to governments under certain circumstances. Or the data may be sold to generate income). Also, bad actors or rogue states have increasingly targeted, with the intent to steal, central repositories of personal data with cyber-attacks. There are also many central stores of such data in most organizational databases which are potential targets for cyberattacks. 

Three trends are driving the growth of surveillance capabilities.

• The proliferation of new sensor platforms. Around the globe, we have new and innovative ways of capturing information and data. They range from license plate readers and citywide television camera systems to drones, searchable DNA record stores, personal information capture and storage via many devices, apps and websites, email apps, social media apps, geolocation systems, fingerprint capture and matching system, facial capture and recognition systems, and other novel ways of collecting data.
• The increased power of data analytics to do correlation analysis and searches of disparate data streams. Powered by Moore’s law—the seemingly perpetual doubling of processing capacity—algorithms today can find patterns in immense volumes of data, and it could increasingly be augmented by AI for even more complex analytics. They often consider billions, if not trillions, of data points as part of the analysis. The cloud has millions of computers and forms an even larger pool of processors to perform even more complex analytics.
• The ever-decreasing costs of data storage. We can imagine a world in which everything is digitized and stored permanently.

The result of all of this is we are in a defining moment with a need for a fundamental restructuring of the relationship between the government and the individual and of rights with regards to commercial data collection. Technology develops so fast that it far outstrips the capability of law and policy to adapt, leaving new surveillance techniques in an ungoverned, lawless domain. Meanwhile, the need for secrecy in some of our surveillance operations makes it difficult, if not impossible, for citizens to be fully informed about what their government is doing in their name. There is also a inherent tension between secrecy and transparency, security and freedom/privacy/civil liberties, ethical and practical, accountability and effectiveness, and limited government and effective government. These are hard conflicts to resolve and often there are big conflicts between executive departments or between the legislature, courts and/or the executive or by individuals launching lawsuits before a resolution is arrived at. Lastly there is investigative journalism and scrutiny by organizations like the ACLU. 

 Surveillance comes in three basic forms. Physical, electronic (also called signals), and Dataveillance (byproduct of internet and global communications systems and includes personally identifiable information - PII). As the storehouses and transmissions of PII and other data have grown, so have commercial and government efforts to use this for their own purposes. Also, PII stores are ripe for for picking by cyber thieves. The government used all of these forms in a coordinated way to track down and eliminate Bin Laden. TSA automatically uses the PII entered during your plane reservation to check against the TSDB database of persons of interest who could be potential threats (called the secure flights program). This was upheld by the courts. But what if there is a mistake in the no-fly list? A number of individuals were unable to fly for years. A court verdict upheld the rights of individuals to have a process to have their names removed from the list.  

 In China, surveillance is quite pervasive and accepted as normal and is at one end. In Europe, there is far more emphasis on individual rights and is at the other end. The US is somewhere in-between. In the US, a lot of focus is on who is watching the watchers, and appropriate oversight. Nobody wants a German style Stasi system to emerge here. 

There are many documented abuses and excesses that were surfaced by the Church/Pike/Rockefeller commissions in mid-70's with program names like MOCKINGBIRD, MINARET, HTLINGUAL, and COINTELPRO. George H W Bush when CIA director laid down the marker that the CIA will never again form contractual relationship with media for propaganda purposes. The Keith court case upheld by the Powell supreme court established that a court approved warrant was needed before domestic electronic surveillance even for national security threats. 

Post 9/11 the office of the DNI (Director of National Intelligence) was created to coordinate across 17 intelligence agencies. Also, the NCTC (National Counter Terrorism Center) was also created to connect all the dots with representation from both the intelligence agencies and law enforcement agencies. The PATRIOT Act of 2001 tore down the wall between law enforcement and intelligence officials so that they can share information and work together to help prevent attacks. It also made it more difficult for terrorists to launder money in the US. Some of it is permanent while other parts have lapsed or struck down. Critics point out that it forgoes the need for credible proof of criminal activity to indefinitely detain a suspected terrorist. It weakens public oversight of the US government, law enforcement, and intelligence agencies. It also potentially subjects US citizens not under suspicion of terrorism or any other criminal activity to increased surveillance measures. The Patriot Act was not renewed in 2020 and another act called the Freedom act of 2015 that rights many of the Patriots acts abuses is currently in effect. 

The key oversight mechanisms in place today are congressional oversight (the senate and house select intelligence committees), the second is senate confirmation of key intelligence positions in the executive, the third is congressional control of the purse, the fourth is congressional power to do an investigation, and the fifth is FISA act and the FISC court. The FISC court entertains applications submitted by the United States Government for approval of electronic surveillance, physical search, and other investigative actions for what is substantially foreign intelligence purposes and to authorize surveillance of foreign agents (even Americans). Lastly there are investigative journalists and organizations like the ACLU keeping watch. 

But today the threats from surveillance have increased substantially by big data analytics, and the laws have not caught up.  There is a huge amount of your financial data in corporate databases. Every click you make, website you visit, cell phone geo locations, phone call metadata, or purchases are cataloged and stored somewhere. What is even more problematic is companies that collect such information often sell it and the government is one buyer. This is magnified by how pervasive it is. The NCIC is a centralized computerized index of criminal justice information (i.e.- criminal record history information, fugitives, stolen properties, missing persons).  But data aggregators have also amassed birth records, marriage records, credit records, conviction records, real estate transactions, liens, and bridal registries among others.  One company for example holds on average 1500 data points on each adult!! All this information can be integrated together to form a very clear picture of you. It could be used to find new threats or under unscrupulous hands be used to find information about political opponents or protesters. Political candidates often use commercial and other data to create targeting campaigns. ATS - a big data system - is used by homeland security to screen incoming passengers into the US to identify those who should more thoroughly be interrogated, and it has been quite successful. Today, big data is a part of your life, whether you like it or not. 

Three pieces of more modern data need further clarification and are areas for more policy formulation - biometric data, geolocation data and the internet of things. I will do so now.  

Biometric data include iris recognition, fingerprint recognition, DNA matching (most accurate), voice recognition, hand geometry recognition, gait recognition, and facial recognition. There are many places where one’s identity has to be clearly verified or identified.  Identification systems provide a score of how close the match is and have different degrees of accuracy. Biometric systems require an enrollment process where the biometric is stored in a searchable form. For it to be useful, the database has to be accurate and comprehensive. Facial recognition and fingerprint recognition is increasingly used for identification in a widespread way with cell phones, including actions and transactions initiated with other companies with that cellphone. Facial recognition and voice recognition and gait recognition can be done with samples taken covertly without the subject's permission. DNA matching is interesting because even if you are not in the database, it will match against a blood relative and make an estimate of the relative's relationship to you. The supreme court ruled that the DNA sample may be collected even merely after an arrest. There are also stores in ancestry companies like 23andme and ancestry.com. Biometric data poses a host of policy questions.  

Geolocation devices allow you or an object to be tracked quite accurately (with today's technology within less than 10 feet!!). These include GPS trackers attached to vehicles, your cell phone including texts and voice messages from that phone, and very small trackers like air tags for kids, pets, keys, wallets, luggage, etc.  GPS also is used in navigation systems. Some apps in your cellphone constantly emit location data. The supreme court ruled that trackers cannot be used by law enforcement without oversight. But voluntarily given data including cellphone data can be shared with law enforcement with a subpoena. But there is a host of policy questions posed by geo location data. 

Communication capabilities are showing up in very small devices and also household appliances (called internet of things) all over the place. Insulin pumps, cameras, toasters, thermostats, electricity meters, refrigerators, glucose continuous monitoring devices, even items tagged in a store. These are not very secure and can easily be hacked. Also, they can generate huge quantities of data in aggregate. The companies that own the data are interested on its commercial value and not too focused or have the incentive for privacy or security. There is a host of policy questions posed by internet of things. 

Look towards the future and examine the possibilities of quantum computing, human-computer interfaces, and artificial intelligence. These technological changes are going to require each of us to make decisions about privacy and security for ourselves and future generations. Government also will belatedly struggle to formulate appropriate policies as each challenge arises. Not too worried about the US government since there is good oversight. But a vulnerability is a Wanna-Be-Dictator can become the president. He could potentially subvert the oversight processes that keeps the US system in check, by withholding information to congress or covertly weaponize the data against political enemies. Technology has given a dictator in some other country the tools for full surveillance. But I am very afraid of cyber criminals and rogue states getting access to the troves of US data. My next essay is on cybercrime and cyber wars.