Data and Goliath (68 page)

Boston, Mass., 104

Boston Marathon bombings, 136, 138, 139

boyd, danah, 126, 178

Brazil, 188

Breivik, Anders, 229

Bremmer, Ian, 151

Brightest Flashlight Free, 46–47

Brin, David, 231

Broadwell, Paula, 42

browsers, 226

blocking cookies with, 49

Bryan, Leigh Van, 93

BT, 79

BULLRUN, 85

Bull SA, 81

Bureau of Alcohol, Tobacco, and Firearms, 69

Bush, George H. W., 230

Bush, George W., 230

business models, surveillance-based, 50, 56, 113–14, 206

Buzzfeed, 28–29

cable companies, surveillance by, 47–48

CALEA (Communications Assistance for Law Enforcement Act; 1994), 83, 120, 165

need for repeal of, 182

Callahan, Mary Ellen, 162–63

Cameron, David, 222, 228

Canada, in international intelligence partnerships, 76

Caproni, Valerie, 83

Carnegie Mellon University, 41

Carter, Jimmy, 230

cash registers, as computers, 14

cell phone metadata:

NSA collection of, 20–21, 36, 37, 62, 138, 339

Stanford University experiment on, 21–22

cell phones:

GPS-enabled, 3, 14

multiple functions of, 46

NSA’s remote activation of, 30

as surveillance devices, 1–3, 14, 28, 39, 46–47, 62, 100, 216–17, 219, 339

wiretapping of, 148

censorship, 94–95, 106–7, 187–88

self-, 95, 96

Census Bureau, US, 197

Central Intelligence Agency (CIA), 67

in domestic surveillance operations, 104

Senate Intelligence Committee hacked by, 102

Chambers, John, 122

Charter of Fundamental Rights of the European Union, 232, 364

chat services, 13, 83, 119, 226

government surveillance of, 29, 62, 81

checks and balances:

oversight and, 175

secrecy and, 100

Chicago Police Department, 160

China:

censorship in, 94, 95, 150–51, 187, 237

cyberattacks from, 42, 73, 132, 142, 148, 149, 180

50 Cent Party in, 114

mass surveillance by, 70, 86, 140, 209

Uighur terrorists in, 219, 287

ChoicePoint, 79, 116

Christie, Chris, 102

Church committee, 176

Cisco, 85, 122

Clapper, James, 129, 130, 336

Clinton, Hillary, 101, 106

Clinton administration, 120

Clipper Chip, 120–21

cloud computing, 5, 59, 60

consumer rights and, 60, 221

government surveillance and, 122

incriminating materials and, 59, 272

CNET, 125

Cobham, 3, 244

Code of Fair Information Practices (1973), 194

Code Pink, 104

Cohen, Jared, 4

COINTELPRO, 103

Cold War, 63, 71, 75, 207, 229

“collect,” NSA’s use of term, 129

Comcast, 358

as information middleman, 57

surveillance by, 48–49

commons, as lacking on Internet, 188–89

communication:

computers as devices for, 13–14

ephemeral vs. recorded, 127–29

Communications Assistance for Law Enforcement Act
see
CALEA

Communications Security Establishment Canada (CSEC), 40–41

Communists, Communism, 92–93

fall of, 63

complexity, as enemy of security, 141

Comprehensive National Cybersecurity Initiative, 69

computers, computing:

cash registers as, 14

as communication devices, 13–14

cost of, 24

data as by-product of, 3–4, 5, 13–19

increasing power of, 35

smartphones as, 14

see also
electronic devices

Computer Security Act (1987), 187

COMSEC (communications security), 164–65

Congress, US, 237

NSA oversight by, 172–76

privacy laws and, 198–99

secrecy and, 100

“connect-the-dots” metaphor, 136, 139, 322

consent, as lacking in mass surveillance, 5, 20, 51

Consent of the Networked
(MacKinnon), 210, 212

Constitution, US:

Bill of Rights of, 210

First Amendment of, 189

Fourth Amendment of, 67, 156, 170

warrant process and, 92, 179, 184

Consumer Privacy Bill of Rights (proposed), 201, 202

consumer rights:

cloud computing and, 30

data collection and, 192–93, 200–203, 211

convenience, surveillance exchanged for, 4, 49, 51, 58–59, 60–61

cookies, 47–48, 49

correlation of, 49

correlation, of data sets, 40–45, 49, 133, 263–64

Counterintelligence Field Activity, 69, 104

counterterrorism:

excessive secrecy in, 171

as FBI mission, 184, 186

fear and, 222, 226, 227–30

mass surveillance as ineffective tool in, 137–40, 228

as NSA mission, 63, 65–66, 184, 222

NSA’s claimed successes in, 325

Creative Cloud, 60

credit bureaus, as data brokers, 52

credit card companies, data collected by, 14, 23–24

credit card fraud, 116, 313

data mining and, 136–37

credit cards, RFID chips on, 29

credit scores, 112–13, 159, 196

Credit Suisse, 35–36

CREDO Mobile, 207

Cryptocat, 215

cryptography,
see
encryption

cultural change:

systemic imperfection and, 163–64

transparency and, 161

Customer Relations Management (CRM), 51–52

customer scores, 110–11

Cyber Command, US, 75, 146, 180–81, 186, 187

cybercrime, increasing scale of, 116–19, 142

cyber sovereignty, 187–88

cyberwarfare, 74–75, 81, 132, 220

arms race in, 180–81

attack vs. defense in, 140–43

collateral damage from, 150–51

military role in, 185–86

NIST’s proposed defensive role in, 186–87

see also
Cyber Command, US

Dalai Lama, 72

Daniel, Jon, 101

data:

analysis of,
see
data mining

as by-product of computing, 3–4, 5, 13–19

historical, 35–37

increasing amount of, 18–19

see also
metadata

data broker industry, 2, 5, 41, 48, 51–53, 79, 234

correction of errors in, 269

customer scores in, 110–11

lack of consent in, 5, 51

data collection, 234

accountability and, 193, 196, 197–99

benefits of, 8, 190

fiduciary responsibility and, 204–5

government regulation and, 197–99

harms from, 8

health and, 16

limits on, 191, 192, 199–200, 202, 206

NSA definition of, 129, 320

opt-in vs. opt-out consent in, 198

respect for context in, 201

rights of individuals in, 192–93, 200–203, 211, 232

salience of, 203–4

security safeguards in, 192, 193–95, 202, 211

from social networking sites, 200–201

specification of purpose in, 192

see also
mass surveillance

Dataium, 195–96

data mining, 33–45

adversarial relationships and, 138–39

algorithmic-based, 129–31, 136–37, 159, 196

anonymity and, 42–45

correlation of data sets in, 40–45, 49, 133

credit card fraud and, 136–37

of historical data, 35–37

inferences from,
see
inferences, from data mining

limits on uses of, 191, 192, 195–97, 206

personalized advertising and, 33, 35, 38

political campaigns and, 33, 54

quality assurance and, 34, 54, 136–37, 192, 194, 202

relationship mapping in, 37–38

security threats and, 136–40

tax fraud and, 137

data storage:

capacity for, 18–19

cloud-based, 5, 59

limits on, 191, 199–200, 206

low cost of, 5, 18, 24, 144, 206

“save everything” model of, 34

Datensparsamkeit
, 200

de-anonymizing, by correlation of data sets, 43–44, 263–64

Declaration of the Rights of Man and of the Citizen, 210

Defense Department, US:

Counterintelligence Field Activity of, 69, 104

Cyber Command of, 75

domestic surveillance by, 69, 184

Defentek, 3

delete, right to, 201–2

democracy:

government surveillance and, 6, 95, 97–99, 161–62, 172–73

whistleblowers as essential to, 178

demographic information, data brokers and, 52

denial-of-service attacks, 75

Department of Homeland Security, US, 27, 162–63, 295–96

deportation, discrimination and, 93

DigiNotar, hacking of, 71–72

direct marketing, 52

discrimination:

corporate surveillance and, 109–13

government surveillance and, 4, 6, 93, 103–4

in pricing, 109–10

DNA sequencing, 16

de-anonymizing of, 44

DNS injection, 150–51

Doctorow, Cory, 217

“Do Not Track” debate, 80

Do Not Track law, California, 233

DoNotTrackMe, 49

“Don’t Ask Don’t Tell” policy, 197

DoubleClick, 48

Drake, Thomas, 101

Dread Pirate Roberts (Ross Ulbricht), 105

drone helicopters, 25, 29

micro-, 253

drone strikes, mass surveillance and, 94

Drug Enforcement Administration (DEA), 104, 105

Dubai, 27, 43

DuckDuckGo, 124

due process, 168, 184

Duffy, Tim, 227

East Germany, 23

eBay, 57–58

Economist
, 91

EDGEHILL, 85

education, collection of data and, 8

Eisenhower, Dwight D., 230

Elbit Systems, 81

Elcomsoft, 150

electronic devices, vendor control of, 59–60

Ello, 124

Ellsberg, Daniel, 101

e-mail, 119, 226

local vs. cloud storage of, 31

Emanuel, Rahm, 234

encryption, 85–86, 224, 344

backdoors and, 86, 120–21, 123, 147–48, 169, 182, 314

business competitiveness and, 119–24

increased corporate use of, 208, 224

individual use of, 215

key length in, 143

NIST and, 186–87

NSA and, 144, 186

NSA undermining of standards for, 148–49

secrecy and, 171

value of, 143–44

Engel, Tobias, 3

Environmental Protection Agency (EPA), pollution regulation by, 194–95

ephemerality, of communication, 127–29

Epsilon, 41

Equifax, 53

error rates, in data mining, 34, 54, 136–37, 269

espionage, 63, 73, 74, 76, 158

surveillance vs., 170, 183–84

Espionage Act (1917), 101

Estonia, cyberattacks on, 75, 132

Ethiopia, 73

European Charter, 169

European Court of Justice, 202, 222

European Parliament, 76

European Union (EU), 195, 200, 202, 226, 238

Charter of Fundamental Rights of, 232, 364

Data Protection Directive of, 19, 79, 80, 159, 191, 209

data retention rules in, 222

Exact Data, 42

executive branch:

abuses of power by, 234–35

secrecy of, 100, 170

Executive Order 12333, 65, 173

Facebook, 58, 59, 93, 198

customer scores and, 111

data collection by, 19, 31, 41, 123, 200, 201, 204

as information middleman, 57

manipulation of posts on, 115

paid placements on, 114

real name policy of, 49

Facebook, surveillance by:

data-based inferences of, 34, 258

Like button and, 48

relationship mapping by, 37–38

tagged photo database of, 41

face recognition, automatic, 27, 29, 31, 41, 211

fair information practices, 194, 211

fair lending laws, 196

false positives, 137, 138, 140, 323–24

Farrell, Henry, 60

FASCIA, 3

fatalism, mass surveillance and, 224–25

fear:

government surveillance and, 4, 7, 95–97, 135, 156–57, 182–83, 222, 226, 227–30

media and, 229

politicians and, 222, 228

privacy trumped by, 228

social norms and, 227–30

Federal Bureau of Investigation (FBI):

CALEA and, 83, 120

COINTELPRO program of, 103

cost to business of surveillance by, 121–22

counterterrorism as mission of, 184, 186

data mining by, 42

GPS tracking by, 26, 95

historical data stored by, 36

illegal spying by, 175

IMSI-catchers used by, 165

legitimate surveillance by, 184

Muslim Americans surveilled by, 103

PATRIOT Act and, 173–74

phone company databases demanded by, 27, 67

surveillance of all communications as goal of, 83

warrantless surveillance by, 67–68, 209

wiretapping by, 24, 27, 83, 171

Federal Communications Commission (FCC), 198

Federal Trade Commission, US (FTC), 46–47, 53, 117, 198

Feinstein, Diane, 172

Ferguson, Mo., 160

fiduciary responsibility, data collection and, 204–5

50 Cent Party, 114

FileVault, 215

filter bubble, 114–15

FinFisher, 81

First Unitarian Church of Los Angeles, 91

FISA (Foreign Intelligence Surveillance Act; 1978), 273

FISA Amendments Act (2008), 171, 273, 275–76

Section 702 of, 65–66, 173, 174–75, 261

FISA Court, 122, 171

NSA misrepresentations to, 172, 337

secret warrants of, 174, 175–76, 177

transparency needed in, 177

fishing expeditions, 92, 93

Fitbit, 16, 112

Five Eyes, 76

Flame, 72

FlashBlock, 49

flash cookies, 49

Ford Motor Company, GPS data collected by, 29

Foreign Intelligence Surveillance Act (FISA; 1978), 273

see also
FISA Amendments Act

Forrester Research, 122

Fortinet, 82

Fox-IT, 72

France, government surveillance in, 79