Data and Goliath (70 page)

mission creep and, 104–5

oversight and accountability in, 161–63, 169

in Russia, 70, 187, 188, 237

mass surveillance, government (
continue
d
)

secrecy of, 99–101, 121, 122

subversion of commercial systems in, 82–87

in UK, 69, 79

US hypocrisy about, 106

see also
mass surveillance, public-private partnership in;
specific agencies

mass surveillance, government, solutions for, 7, 168–89

adequacy and, 168

and breakup of NSA, 186–87

due process and, 168, 184

illegitimate access and, 169, 177

integrity of systems and, 169, 181–82

international cooperation and, 169, 180, 184

judicial authority and, 168, 179–80

legality and, 168, 169

legitimacy and, 168

limitation of military role in, 185–86

lobbying and, 222

“Necessary and Proportionate” principles of, 167, 168–69

necessity and, 168

oversight and, 169, 172–78

proportionality and, 168

separation of espionage from surveillance in, 183–84

targeted surveillance and, 179–80, 184, 186

transparency and, 169, 170–71, 176

trust and, 181–83

user notification and, 168

whistleblowers and, 169, 178–79

mass surveillance, individual defenses against, 7, 213–25

avoidance in, 214

blocking technologies in, 214–17

breaking surveillance technologies, 218–19

distortion in, 217–18

fatalism as enemy of, 224–25

political action and, 213, 222–24, 237–38

mass surveillance, public-private partnership in, 6, 25, 78–87, 207

government subversion of commercial systems in, 82–87

nondisclosure agreements and, 100

privately-made technology in, 81–82, 100

sale of government data in, 79–80

and value neutrality of technology, 82

material witness laws, 92

McCarthyism, 92–93, 229, 234

McConnell, Mike, 80

McNealy, Scott, 4

media:

fear and, 229

pre-Internet, 15

medical devices, Internet-enabled, 16

medical research, collection of data and, 8

Medtronic, 200

memory, fallibility of, 128, 320

Merkel, Angela, 151, 160–61, 183, 184

metadata, 216

from cell phones,
see
cell phone metadata

data vs., 17, 23, 35, 251

from Internet searches, 22–23

in mass surveillance, 20–23, 67

from tweets, 23

Michigan, 2, 39

Microsoft, 49, 59–60, 84, 148, 221, 272, 359

customer loyalty to, 58

government demands for data from, 208, 359

increased encryption by, 208

transparency reports of, 207

Mijangos, Luis, 117

military, US:

ban on domestic security role of, 185–86

Chinese cyberattacks against, 73

“Don’t Ask Don’t Tell” policy of, 197

drone strikes by, 94

see also
Army, US; Cyber Command, US; Defense Department, US

MINARET, 175

Minority Report
(film), 98

mission creep, 104–5, 163

Mitnick, Kevin, 116

Moglen, Eben, 95, 318

money transfer laws, 35–36

Monsegur, Hector, 42

Mori, Masahiro, 55

MS Office, 60

Multiprogram Research Facility, 144

Muslim Americans, government surveillance of, 103–4

MYSTIC, 36

Napolitano, Janet, 163

Narent, 182

narrative fallacy, 136

Nash equilibrium, 237

Natanz nuclear facility, Iran, 75

National Academies, 344

National Counterterrorism Center, 68

National Health Service, UK, 79

National Institute of Standards and Technology (NIST), proposed takeover of cryptography
and computer security programs by, 186–87

National Reconnaissance Office (NRO), 67

National Security Agency, US (NSA):

backdoors inserted into software and hardware by, 147–48

Bermuda phone conversations recorded by, 23

“Black Budget” of, 65

cell phone metadata collected by, 20–21, 36, 37, 62, 138, 339

“collect” as defined by, 129, 320

“collect it all” mentality of, 64–65, 138

COMSEC (communications security) mission of, 164–65, 346

congressional oversight of, 172–76

“connect-the-dots” metaphor of, 136, 139

cost to US businesses of surveillance by, 121–22, 151

counterterrorism mission of, 63, 65–66, 184, 222

counterterrorism successes claimed by, 325

cryptanalysis by, 144

cyberattacks by, 149–50

drug smugglers surveilled by, 105

economic espionage by, 73

encryption programs and, 85–86, 120–21

encryption standards deliberately undermined by, 148–49

expanding role of, 24, 165

FISA Amendments Act and, 174–75, 273

foreign eavesdropping (SIGINT) by, 62–63, 76, 77, 122–23, 164–65, 186, 220

Germany surveilled by, 76, 77, 122–23, 151, 160–61, 183, 184

Gmail user data collected by, 62

historical data stored by, 36

history of, 62–63

inadequate internal auditing of, 303

innocent people surveilled by, 66–67

insecure Internet deliberately fostered by, 146–50, 182

international partnerships of, 76–77

Internet surveillance by, 22, 62, 64–65, 78, 86–87, 122–23, 149–50, 188, 207

keyword searches by, 38, 261

legal authority for, 65–66

location data used by, 3, 339

Multiprogram Research Facility of, 144

Muslim Americans surveilled by, 103

parallel construction and, 105, 305

Presidential Policy Directives of, 99–100

PRISM program of, 78, 84–85, 121, 208

proposed breakup of, 186–87

QUANTUM program of, 149–50, 329–30

relationship mapping by, 37–38

remote activation of cell phones by, 30

secrecy of, 99–100, 121, 122

SIGINT Enabling Project of, 147–49

Snowden leaks and,
see
Snowden, Edward

SOMALGET program of, 65

Syria’s Internet infrastructure penetrated by, 74, 150

Tailored Access Operations (TAO) group of, 72, 85, 144, 149, 187

UN communications surveilled by, 102, 183

National Security Agency, US (NSA) (
continue
d
)

Unitarian Church lawsuit against, 91

US citizens surveilled by, 64, 66, 175

US global standing undermined by, 151

Utah Data Center of, 18, 36

vulnerabilities stockpiled by, 146–47

National Security Letters (NSLs), 67, 84, 100, 207–8

Naval Criminal Investigative Service, 69

Naval Research Laboratory, US, 158

Nest, 15–16

Netcom, 116

Netflix, 43

Netsweeper, 82

New Digital Age, The
(Schmidt and Cohen), 4

newsgroups, 119

New York City Police Department, 103–4

New York State, license plate scanning data stored by, 36

New York Times
, Chinese cyberattack on, 73, 132, 142

New Zealand, in international intelligence partnerships, 76

Nigeria, 81

9/11 Commission Report, 139, 176

Nineteen Eighty-Four
(Orwell), 59, 225

NinthDecimal, 39–40

NIST,
see
National Institute of Standards and Technology

Nixon, Richard, 230

NOBUS (nobody but us) vulnerabilities, 147, 181

Nokia, 81

nondisclosure agreements, 100

North, Oliver, 127–28

Norway, 2011 massacre in, 229–30

NSA,
see
National Security Agency, US

Oak Ridge, Tenn., 144

Obama, Barack, 33, 175

NSA review group appointed by, 176–77, 181

Obama administration:

Internet freedom and, 107

NSA and, 122

whistleblowers prosecuted by, 100–101, 179

obfuscation, 217–18

Occupy movement, 104

Ochoa, Higinio (w0rmer), 42–43

OECD Privacy Framework, 191–92, 197

Office of Foreign Assets Control, 36

Office of Personnel Management, US, 73

Off the Record, 83, 215

Olympics (2014), 70, 77

Onionshare, 216

openness,
see
transparency

opt-in vs. opt-out consent, 198

Orange, 79

Orbitz, 111

Organized Crime Drug Enforcement Task Forces, 69

Orwell, George, 59, 225

oversight, of corporate surveillance,
see
mass surveillance, corporate, solutions for, government regulation in

oversight, of government surveillance, 161–63, 169, 172–78

Oyster cards, 40, 262

packet injection, 149–50

PageRank algorithm, 196

Palmer Raids, 234

Panetta, Leon, 133

panopticon, 32, 97, 227

panoptic sort, 111

parallel construction, 105, 305

Pariser, Eli, 114–15

Parker, Theodore, 365

PATRIOT Act,
see
USA PATRIOT Act

pen registers, 27

Peoria, Ill., 101

personalized advertising,
see
advertising, personalized

personally identifying information (PII), 45

Petraeus, David, 42

Petrobras, 73

Pew Research Center, 96

PGP encryption, 215, 216

photographs, digital, data embedded in, 14–15, 42–43

Pirate Party, Iceland, 333

Placecast, 39

police,
see
law enforcement, state and local

police states, as risk-averse, 229

political action, 7, 213, 222–24, 237–38

political campaigns:

data mining and, 33, 54

personalized marketing in, 54, 115–16, 233

political discourse, government surveillance and, 97–99

politics, politicians:

and fear of blame, 222, 228

technology undermined by, 213

Posse Comitatus Act (1878), 186

Postal Service, US, Isolation Control and Tracking program of, 29

Presidential Policy Directives, 99–100

prices, discrimination in, 109–10

PRISM, 78, 84–85, 121, 208

privacy, 125–33

algorithmic surveillance and, 129–31, 204

as basic human need, 7, 126–27

breaches of, 116–18, 192, 193–95

as fundamental right, 67, 92, 126, 201, 232, 238, 318, 333, 363–64

of healthcare data, 193

Internet and, 203–4, 230–31

loss of, 4, 7, 50–51, 96, 126

and loss of ephemerality, 127–29

“nothing to hide” fallacy and, 125

and proposed Consumer Privacy Bill of Rights, 201, 202

security and, 155–57

social norms and, 227, 230–33

third-party doctrine and, 67–68, 180

as trumped by fear, 228

undervaluing of, 7–8, 50, 156, 194, 203–4

Privacy and Civil Liberties Oversight Board, 176, 177

privacy enhancing technologies (PETs), 215–16, 217

Privacy Impact Notices, 198, 211

probable cause, 184

Protect America Act (2007), 275

public-private partnership,
see
mass surveillance, public-private partnership in

Qualcomm, 122

QUANTUM packet injection program, 149–50, 329–30

radar, high-frequency, 30

“ratters,” 117

Reagan, Ronald, 230

redlining, 109

Red October, 72

Regulation of Investigatory Powers Act (UK; 2000), 175

relationships, mapping of, 37–38

remote access Trojans (RATs), 117

resilience, systemic imperfections and, 163–64

retailers, data collected by, 14, 24, 51–52

revenge porn, 231

RFID chips, 29, 211

Richelieu, Cardinal, 92

rights, of consumers,
see
consumer rights

risk, police states as averse to, 229

risk management, 141–42

Robbins, Blake, 104

robotics, 54–55

Rogers, Michael, 75

Roosevelt, Franklin D., 229, 230

Rousseff, Dilma, 151

RSA Security, 73, 84

rule of law, 210, 212

Russia:

cyberwarfare and, 180

mandatory registration of bloggers in, 95

mass surveillance by, 70, 187, 188, 237

salience, 203–4

San Diego Police Department, 160

Sarkozy, Nicolas, 96

Saudi Arabia, 76, 187, 209

Saudi Aramco, 75

Schmidt, Eric, 4, 22, 57, 86, 125

schools, surveillance abuse in, 104

Schrems, Max, 19, 200

search engines, business model of, 113–14, 206

secrecy:

corporate surveillance and, 194

of government surveillance, 99–101, 121, 122, 170–71

legitimate, transparency vs., 332–33

security, 135–51

airplane, 93, 158

attack vs. defense in, 140–43

balance between civil liberties and, 135

complexity as enemy of, 141

cost of, 142

data mining as unsuitable tool for, 136–40

and deliberate insecurity of Internet, 146–50

encryption and,
see
encryption

fear and, 4, 7, 95–97, 135, 156–57, 171, 182–83, 222, 226, 227–30

hindsight and, 136

mass surveillance as harmful to, 7, 146–50

and misguided focus on spectacular events, 135

narrative fallacy in, 136

privacy and, 155–57

random vs. targeted attacks and, 142–43

risk management and, 141–42

social norms and, 227

surveillance and, 157–59

vulnerabilities and, 145–46

security cameras,
see
surveillance technology

self-censorship, 95

Senate, US, Intelligence Committee of, 102, 172, 339

Sensenbrenner, Jim, 174

Sense Networks, 2, 40

September 11, 2001, terrorist attacks, 63, 65, 136, 156, 169, 184, 207, 227, 229

SHAMROCK, 175

Shirky, Clay, 228, 231

Shutterfly, 269

Siemens, 81

SIGINT (signals intelligence),
see
National Security Agency, US, foreign eavesdropping by