This brings me back to the Hundredpercent American. To some extent he is a pet of mine. I have always rather liked him, because he has some promising qualities. For instance, he has enormous hospitality. I used to feel personally complimented by the amazing warm-hearted hospitality showered on me by Americans.
[…]
When I realized it, I began to say to myself, “This is not a recognition of my own particular merits. Nor is it quite a mania. There is something bigger behind it. An enormous social instinct must be seeking satisfaction through it.”
Then I considered your rage for publicity. An American has no sense of privacy. He does not know what it means. There is no such thing in the country.
George Bernard Shaw
The future of political science in America
Metropolitan Opera House, NYC
11 April 1933
In 1999, I attended the 4th Annual HTCIA Conference, whose international participants read like alphabet soup. Janet Reno was a keynote speaker. Her speech was primarily a diatribe against allowing the export of stronger encryption. Amazingly, over a decade later, US encryption regulations still only allows the export of products that support minimal encryption (i.e., 40 or 56-bit).
The 1999 conference took place in the fall in San Diego and the buzz among conference attendees was the FBI’s newly minted internet wiretapping program, code-named, Carnivore, an offshoot of their previous 7-year-old program, Omnivore. The source code of the latter was obtained and released into the wilds shortly thereafter. A link to its location, posted to a hacker listsrv.
I had an opportunity to briefly review the code. At the time, I had just finished designing and implementing a cyber profiling tool suite which grew out of the need to help identify and locate people engaged in aggressive cyberstalking. As such, I was well aware of the challenges cyber profiling posed.
In reviewing the Omnivore code, I had little belief that its successor, Carnivore, would accomplish the then stated goal. After all, Omnivore was rudimentary, something a high school sophomore might write in a coding assignment. The premise was to trigger on a predefined list of keywords, storing flagged correspondence in a database for later examination. Otherwise put, the program was nothing more than a glorified packet sniffer.
It did not take someone well-versed in cyber profiling to recognize the uselessness of this implementation. People were soon adding the “obvious” keywords to their sigfiles: an electronic thumbing of noses to the US Government’s attempt to spy on netizens.
Interestingly, or perhaps, not so, I was one of a handful of civilians in attendance at the 1999 conference. Meal seating arrangements landed me with various TLA government personnel, and our conversation strayed to the much whispered about Carnivore. I thought it humorous that these men actually believed their program would help them to identify potential terrorist cells. Even with a program that could fill in a number of blanks, it still required a human to do intense and time-consuming real life investigation.
After explaining the intricacies of cyber profiling 101, a then Secret Service Senior Special Agent handed me his card, asking me to contact him regarding the possible purchase of my tool suite. My response was likely inappropriate. I asked if the Secret Service actually followed up on all uttered threats against the president. Very solemnly, he responded, “Of course.” I was quite naturally thinking of off-the-cuff wise cracks, so the first thing that came to mind, “Wow, you must be really busy.” He was unsurprisingly unimpressed. I lost a potential sale. I was not and am not even remotely heartbroken.
In the midst of the public firestorm over the mass wiretapping efforts, Electronic Privacy Information Center (EPIC), a grass-roots self-appointed privacy watch-dog group, filed and received Carnivore documents under the FOIA. Carnivore was later renamed to DCS-1000, and eventually replaced with off-the-shelf software.
By 2009, the media was hyping social software, touting using real names as opposed to previously oft-used nyms. The gullible public fell for what was basically a ploy by the social network companies to convince prospective users to sign up under their legal names. Thereby providing advertisers much sought after user data.
Data became the new gold, and data brokers, such as Spokeo, were the new gold miners, scraping data from the public facing profiles, where users shared their daily lives with complete strangers. These companies partnered with background investigation agencies, such as Intelius, creating a powerful tool for intruding upon people’s not-so-private lives.
In the meantime, government agencies jumped at the chance for doing their own form of data mining. One such example came in the form of a Persona Management RFP issued by the USAF. The primary gist was to create a means to generate fake, yet believable, Facebook personas that could be used to connect to, and monitor targeted individuals. Something of this nature would have little chance of succeeding, except collecting connections seemed to be the meme of the day. That is, the more connections, er, friends, a person could garner, the more they could tout how popular they were. As such, people accepted “friend invites” with wild abandon. True social butterflies, I suppose.
Then, there’s geolocation and the concept of checking-in. Whether it involves a wifi enabled device broadcasting its position to area routers as a user goes about their daily business, checking in at specific locations, including location data in pictures and posts, tracking web movement, or monitoring people’s movements in stores via the bluetooth enabled iBeacon. As with social network data brokers, geolocation data brokers, such as simpleGeo have collected vast amounts of location data. Data to be added to the ever-growing data store on netizens.
Now, as then, perplexingly, the general public appears to be surprised that government agencies are still playing surveillance spy games. With a primary difference, people are handing them most of their information on a silver platter, via checking in, in conjunction with their daily, and sometimes hourly updates on social networking sites. Add to this the increased sophistication of cyber profiling. For example, view something on Amazon, and see an ad for that item in a New York Times article. And lest we forget, location aware searching.
This isn’t to say government intrusion is okay, rather, to highlight the ways in which various internet companies are making it easy for them to do so. Otherwise put, to effectively fight the privacy battle, requires demanding changes to online privacy laws, and the ways in which companies are allowed to track users, as well as changing sharing habits. While at the same time repealing the law that allowed wide-spread government snooping in the first place.