Tuesday, February 7, 2012

Privacy Threats The Constitution Can't Protect You From

I just read yet another fascinating and disturbing article by Alternet's Tana Ganeva - someone I've sourced on this blog before. The article in question, which certainly connects to many of the issues I've written on here over the years, is entitled "7 Privacy Threats the Constitution Can't Protect You Against".

Now, let's go through each, and I'll mix in some of what I have written on these topics in the past (and others I've cited), along with what Tana does in her article.

Interestingly, she begins with the Supreme Court case recently decided regarding GPS tracking of suspects without a warrant - an issue I've covered here in detail for over a year now.  She and I see this case, and the very limited (though correct) decision made by the court in a similar fashion. As I wrote just a couple weeks ago in response to the decision, "The fourth amendment isn’t completely dead after all! While this fundamental right to privacy is admittedly in tatters, the Supreme Court ruled yesterday that police must have a warrant in order to track someone using a GPS device....Unfortunately, the government will likely continue to insist that tracking the location of cell phones is unaffected by this ruling.

Certainly, the stand out Justice was Sonia Sotomayor, who went much further than her colleagues on the issue of privacy in the digital age - even making a case for revision of the “third-party” doctrine (i.e. we lose Fourth Amendment protection when we disclose certain information). She wrote, “More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers.”

As you can see, my concern immediately went to the question of law enforcement tracking things like cell phones - which wasn't addressed in the decision (except implicitly by Sotomayor). This matters because
in 2009 Sprint received 8 million law enforcement requests for GPS location data in just one year. This is what we already KNOW, let alone what might be the full scope of the problem.

Tana Ganeva goes deeper, as the cell phone is only one way we can be tracked now, writing:

The Jones case itself presents an outdated problem, because police don't really have to bother with the clumsy task of sneaking a device onto a car; at this point, private companies have shoehorned location trackers in most "smart" gadgets. Justice Alito pointed out that the more than 332 million phones and wireless devices in use in the US contain technology that transmits the user's location. Many cars feature GPS as well, thanks to OnStar navigation. 

Location is just the start. There has probably not been a single week since 2005 without a story about Facebook, or Google, or Verizon, or AT&T terrifying consumers and privacy advocates with some new way to collect too much information and then share it with other companies or authorities. The problem is that the law does not adequately address private information that has been shared with third parties, like credit card companies or Google, Facebook and the telecoms, Tien says.

As Sotomayor put it, "I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. " 

Now let's get to Tana's second "threat", which she calls "Cameras everywhere: License plate readers, movement tracking on cameras." 

This too is something I have tackled here on this blog, writing about the ever expanding reach of video surveillance cameras. Certainly, polls are also not on my side, as large majorities of Americans seem generally fine with having every movement of their existence on tape, and watched by someone. Of course, we know that cameras DON'T in fact reduce crime and we also know that governments and law enforcement DO abuse our civil liberties when given such authority to monitor us. Those are two BIG strikes in my mind.

I'm still not convinced however, that this general support for such technological surveillance is a done deal, and the argument in favor of FEWER cameras in FEWER locations is a lost one. I believe this to be true for a couple reasons. One, most Americans have no concept of just how often they are being watched or worse, for what purposes. Two, few Americans have any idea the level of abuses such "watchers" are capable of...and if the Bush Administration has taught us anything its that we can't trust government when they are given more power than they know what to do with. My guess is we are just scratching the surface, on issues ranging from wiretapping to surveillance to monitoring, and when that surface is broken, public opinion might just change on this topic.

What people may also not fully comprehend is that advanced monitoring systems such as the one at the Statue of Liberty are proliferating around the country. State-of-the-art surveillance is increasingly being used in more every-day settings. By local police and businesses. In banks, schools and stores. There are an estimated 30 million surveillance cameras now deployed in the United States shooting 4 billion hours of footage a week. Americans are being watched, all of us, almost everywhere.
Now let's get to what Tana has to say on this:

Thanks in part to a decade of Homeland Security grants, America's cities are teeming with cameras -- they're on subways, on buses, on store fronts, in restaurants, in apartment complexes, and in schools.  In New York, the NYCLU found a five-fold increase in the number of security cameras in one area of New York between 1998 and 2005, and that was before the Bloomberg administration -- inspired by London, most heavily surveilled city in the world -- pledged to install 3,000 cameras in lower Manhattan as part of the Lower Manhattan Security Initiative (this plan was expanded to midtown Manhattan as well). The cameras, which stream footage to a centralized location, are equipped with video analytics that can alert police to "suspicious" activity like loitering. The NYPD, and municipalities all over the country and world also make generous use of license plate readers (LPR) that can track car movement. 

Tana's third example is of biometrics - another topic I've covered here in depth. A few months back I posted a pretty extensive blog on Facial Recognition technology and the threat it poses to individual privacy. As I've done in the past, because I know not everyone can read every post, I'll repeat a few of my thoughts here today: For some backdrop on biometrics, you can check out a past post I did about another article, also by Tana, entitled 5 Unexpected Places You Can Be Tracked With Facial Recognition Technology. As I wrote then, this issue has particular interest to me due to California's recent fight that we (Consumer Federation of California) were deeply involved in - whether biometric identifiers should be used by the DMV (we were able, with a host of other groups, to stop them).

As for the larger concern over facial recognition technology, groups from the Privacy Rights Clearinghouse (PRC) to the ACLU to the Electronic Frontier Foundation to EPIC have all been very active in making the case that there is a very real threat to privacy at stake in determining just how, and when, this technology can be used.

Again, going back to a prior post, I wrote: "First, let me refresh everyone on the concept of biometric identifiers - like fingerprints, facial, and/or iris scans.  These essentially match an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template). The next time someone interacts with the system, it creates another computer file.

Now, here's Tana on this privacy creep:
After 9/11 many cities and airports rushed to boost their camera surveillance with facial recognition software. The tech proved disappointing, and after testing that hit a paltry 60 percent accuracy rate in one case (that's pretty bad if you're trying to figure out identity), many programs were abandoned. In the years since then, both private companies and university research labs funded with government grants have made vast improvements in facial recognition and iris scans, like 3-D face capture and "skinprint" technology (mapping of facial skin patterns). Iris scans can allegedly tell identical twins apart.

Many private companies shill these products directly to local law enforcement agencies, a business strategy that police tend to be pretty enthusiastic about. One such success story is the MORIS device, a gadget attached to an iPhone that can run face recognition software, take digital fingerprints and grab an iris scan at a traffic stop. Starting last fall, the MORIS device has been in use in police departments all over the country. 

Tana's next example is that of ever expanding government databases and the incredible amounts of private data they are accumulating on us. In this instance, I'll go straight to the article, she writes:

Privacy advocates point out that novel types of biometric technology like facial recognition and iris scans can be an unreliable form of ID in the field, but that has not discouraged government agencies from embarking on grand plans to hugely expand their biometric databases. The FBI's billion-dollar "Next Generation Identification" system (NGI) will house iris scans, palm prints, measures of voice and gait, records of tattoos, and scars and photos searchable with facial recognition technology when it's complete in 2014. The bulk of this information is expected to come from local law enforcement. 

There are a number of reasons why such technological identifiers should concerns us. So let's be real clear, creating a database with millions of facial scans and thumbprints raises a host of surveillance, tracking and security question - never mind the cost. And as you might expect, such identifiers are being utilized by entities ranging from Facebook to the FBI. In fact, the ACLU of California is currently asking for information about law enforcements’ use of information gathered from facial recognition technology (as well as social networking sites, book providers, GPS tracking devices, automatic license plate readers, public video surveillance cameras)."

Next up on Tana's list of 7 privacy threats is a new one for me, called "FAST (Future Attribute Screening Technology)". She writes, "Then there's the tech that's supposed to peer inside your head. In 2008, the Department of Homeland security lab tested a program called Future Attribute Screening Technology (FAST), designed to thwart criminal activity by predicting "mal-intent." Unsavory plans are supposed to reveal themselves through physiological tells like heart rate, pheromones, electrodermal activity, and respiratory measurements, according to a 2008 privacy impact assessment. 

The 2008 privacy assessment, though, only addressed the initial laboratory testing of FAST's prophesying sensors on volunteers. According to a report in the journal Nature, sometime last year DHS also tested the technology in a large, undisclosed area in the northeastern US. 

Tana's 6th threat is none other than those mechanical war criminals called Drones! Apparently, they do more than just bomb innocent women and children around the world, but in fact, are perfect domestic spying devices too. She writes, "An ACLU report from December says that local law enforcement officials are pushing for domestic use of the new technology, as are drone manufacturers. As Glenn Greenwald points out, drone makers "continuously emphasize to investors and others that a major source of business growth for their drone products will be domestic, non-military use." 

Right now drones range in size from giant planes to hummingbird-sized, the ACLU report says, with the technology improving all the time. Some can be operated by only one officer, and others by no one at all. The report points to all the sophisticated surveillance technology that can take flight on a drone, including night vision, video analytics ("smart" surveillance that can track activities, and with improvements in biometrics, specific people), massive zoom, and the creepy see-through imaging, currently in development. 

And finally, Tana's 7th privacy threat are what she terms "Super drones that know who you are!" She goes on to explain, writing:

In September, Wired reported that the military has given out research grants to several companies to spruce up their drones with technology that lets them identify and track people on the move, or "tagging, tracking, and locating" (TTL). Noah Shachtman writes:

Perhaps the idea of spy drones already makes you nervous. Maybe you’re uncomfortable with the notion of an unblinking, robotic eye in the sky that can watch your every move. If so, you may want to click away now. Because if the Army has its way, drones won’t just be able to look at what you do. They’ll be able to recognize your face — and track you, based on how you look. If the military machines assemble enough information, they might just be able to peer into your heart.

One company claims it can equip drones with facial recognition technology that lets them build a 3-D model of a face based on a 2-D image, which would then allow the drone to ID someone, even in a crowd. They also say that if they can get a close enough look, they can tell twins apart and reveal not only individuals' identity but their social networks, reports Wired. That's not all. Shachtman continues: 

The Army also wants to identify potentially hostile behavior and intent, in order to uncover clandestine foes. Charles River Analytics is using its Army cash to build a so-called “Adversary Behavior Acquisition, Collection, Understanding, and Summarization (ABACUS)” tool. The system would integrate data from informants’ tips, drone footage, and captured phone calls. Then it would apply “a human behavior modeling and simulation engine” that would spit out “intent-based threat assessments of individuals and groups.” In other words: This software could potentially find out which people are most likely to harbor ill will toward the U.S. military or its objectives. Feeling nervous yet?

To answer that final question, yes...I do feel nervous. I've written a lot on this blog about what it means to live in a society without ANY privacy. As I have said, such a society, one we are rapidly approaching, has ramifications that go far deeper than simply "being watched" or feeling uneasy. What we are talking about is freedom itself...and the way such an all seeing surveillance state stifles dissent and dis-empowers citizens.

As I have written here before, "Whether its the knowledge that everything we do on the internet is followed and stored, that we can be wiretapped for no reason and without a warrant or probable cause, that smart grid systems monitor our daily in home habits and actions, that our emails can be intercepted, that our naked bodies must be viewed at airports and stored, that our book purchases can be accessed (particularly if Google gets its way and everything goes electronic), that street corner cameras are watching our every move (and perhaps drones too), and that RFID tags and GPS technology allow for the tracking of clothes, cars, and phones (and the list goes on)...what is certain is privacy itself is on life support in this country...and without privacy there is no freedom. I also fear how such a surveillance society stifles dissent and discourages grassroots political/social activism that challenges government and corporate power...something that we desperately need more of in this country, not less."

As Bruce Schneier, a security and privacy expert once wrote, "...lack of privacy shifts power from people to businesses or governments that control their information. If you give an individual privacy, he gets more power…laws protecting digital data that is routinely gathered about people are needed. The only lever that works is the legal lever...Privacy is a basic human need…The real choice then is liberty versus control.”

We would do well to - sooner rather than later - to recognize the inherent and fundamental value that privacy provides ANY claimed democracy. Without one there can not be the other...

No comments: