Resisting Big Data: Interfering With ‘Collaboration,’ Nonconsensually

Consider the various image-sharing databases online: Facebook’s photo stores, Instagram, Flickr. These contain trillions of photographs, petabytes of fragile digital data, growing daily, without limit; every day, millions of users worldwide upload the  images they capture on their phones and cameras to the cloud, there to be stored, processed, enhanced, shared, tagged, commented on. And to be used as learning data for facial recognition software–the stuff that identifies your ‘friends’ in your photos in case you want to tag them.

This gigantic corpus of data is a mere court-issued order away from being used by the nation’s law enforcement agencies to train their own facial surveillance software–to be used, for instance, in public space cameras, port-of-entry checks, correctional facilities, prisons etc. (FISA courts can be relied upon to issue warrants in response to any law enforcement agency requests; and internet service providers and media companies respond with great alacrity to government subpoenas.) Openly used and deployed, that is. With probability one, the NSA, FBI, and CIA have already ‘scraped’, using a variety of methods, these image data stores, and used them in the manner indicated. We have actively participated and collaborated, and continue to do so, in the construction of the world’s largest and most sophisticated image surveillance system. We supply the data by which we may be identified; those who want to track our movements and locations use this data to ‘train’ their artificial agents to surveil us, to report on us if we misbehave, trespass, or don’t conform to whichever spatial or physical or legal or ‘normative’ constraint happens to direct us at any given instant. The ‘eye’ watches; it relies for its accuracy on what we have ‘told’ it, through our images and photographs.

Now imagine a hacktivist programmer who writes a Trojan horse that infiltrates such photo stores and destroys all their data–permanently, for backups are also taken out. This is a ‘feat’ that is certainly technically possible; encryption will not prevent a drive from being formatted; and security measures of all kinds can be breached. Such an act of ‘hacktivism’ would be destructive; it would cause the loss of much ‘precious data’: memories and recollections of lives and the people who live them, all gone, irreplaceable.  Such an act of destruction would be justified, presumably, on the grounds that to do so would be to cripple a pernicious system of surveillance and control. Remember that your photos don’t train image recognition systems to recognize just you; they also train it to not recognize someone else as you; our collaboration does not just hurt us, it hurts others; we are complicit in the surveillance and control of others.

I paint this admittedly unlikely scenario to point attention to a few interesting features of our data collection and analysis landscape: a) we participate, by conscious action and political apathy, in the construction and maintenance of our own policing; b) we are asymmetrically exposed because our surveillers enjoy maximal secrecy while we can draw on none; c) collective, organized resistance is so difficult to generate that the most effective political action might be a quasi-nihilist act of loner ‘civil disobedience’–if you do not cease and desist from ‘collaborating,’ the only choice left to others still concerned about their freedom from surveillance might to be nonconsensually interrupt such collaboration.

Report On Brooklyn College Teach-In On ‘Web Surveillance And Security’

Yesterday, as part of ‘The Brooklyn College Teach-In & Workshop Series on Resistance to the Trump Agenda,’ I facilitated a teach-in on the topic of ‘web surveillance and security.’ During my session I made note of some of the technical and legal issues that are play in these domains, and how technology and law have conspired to ensure that: a) we live in a regime of constant, pervasive surveillance; b) current legal protections–including the disastrous ‘third-party doctrine‘ and the rubber-stamping of governmental surveillance ‘requests’ by FISA courts–are simply inadequate to safeguard our informational and decisional privacy; c) there is no daylight between the government and large corporations in their use and abuse of our personal information. (I also pointed my audience to James Grimmelmann‘s excellent series of posts on protecting digital privacy, which began the day after Donald Trump was elected and continued right up to inauguration. In that post, Grimmelmann links to ‘self-defense’ resources provided by the Electronic Frontier Foundation and Ars Technica.)

I began my talk by describing how the level of surveillance desired by secret police organizations of the past–like the East German Stasi, for instance–was now available to the NSA, CIA, and FBI, because of social networking systems; our voluntary provision of every detail of our lives to these systems is a spook’s delight. For instance, the photographs we upload to Facebook will, eventually, make their way into the gigantic corpus of learning data used by law enforcement agencies’ facial recognition software.

During the ensuing discussion I remarked that traditional activism directed at increasing privacy protections–or the enacting of ‘self-defense’ measures–should be part of a broader strategy aimed at reversing the so-called ‘asymmetric panopticon‘: citizens need to demand ‘surveillance’ in the other direction, back at government and corporations. For the former, this would mean pushing back against the current classification craze, which sees an increasing number of documents marked ‘Secret’ ‘Top Secret’ or some other risible security level–and which results in absurd sentences being levied on those who, like Chelsea Manning, violate such constraints; for the latter, this entails demanding that corporations offer greater transparency about their data collection, usage, and analysis–and are not able to easily rely on the protection of trade secret law in claiming that these techniques are ‘proprietary.’ This ‘push back,’ of course, relies on changing the nature of the discourse surrounding governmental and corporate secrecy, which is all too often able to offer facile arguments that link secrecy and security or secrecy and business strategy. In many ways, this might be the  most onerous challenge of all; all too many citizens are still persuaded by the ludicrous ‘if you’ve done nothing illegal you’ve got nothing to hide’ and ‘knowing everything about you is essential for us to keep you safe (or sell you goods’ arguments.

Note: After I finished my talk and returned to my office, I received an email from one of the attendees who wrote:

 

Nice Try NSA-Defenders (Not!)

There are two very bad arguments and one rather illiterate confusion making the rounds in the wake of the NSA surveillance scandal. I’ll consider each of them briefly.

First, we have the ‘it was legal’ argument: the surveillance was sanctioned by the Patriot Act, approved by FISA courts, and Congress was in the loop etc. Now, the elementary distinction between legality and morality, between what the law permits and proscribes and what we might consider the right thing to do is just that: elementary. The undergraduates in my Philosophy of Law classes don’t need to be introduced to the distinction between natural law and positive law or to the assigned readings which inquire into our supposed obligations to the law to understand and know this difference. Their lived lives have given them ample proof of this gap as have the most basic history lessons. (Slavery is everyone’s favorite example but many more can be found rather easily.) Indeed, why would we ever have impassioned debates about ‘bad laws’ that need to be revised if the ‘it’s legal’ argument was such a clincher?

Furthermore, the folks complaining about the NSA surveillance are not just complaining about the legality of this eavesdropping and surveillance: they are suggesting the application of some laws is an onerous imposition on them, one that grants the government too much power. They are suggesting this is a moment when the laws of the land require revisitation. This is especially true of the obnoxious Patriot Act. (In another context, consider the draconian Digital Millenium Copyright Act.) Or consider that FISA courts routinely approve all requests made to them, and that the NSA has seven days in which to mine data before it applies for a warrant. All of this is legal. Is it problematic? We could talk about it so long as we aren’t shut up by the ‘its legal’ argument.

Second, we have the vampire ‘if you have nothing to hide, then what do you have to worry about’ argument – it simply refuses to die. No matter how many times it is explained that privacy is not about the hiding of secrets but about the creation of a space within which a certain kind of human flourishing can take place, this hoary nonsequitur is dragged out and flogged for all it is worth. But let me try real quick: we need privacy because without it, very basic forms of life would not be possible. An important example of this is the personal relationship. For these to be built, maintained and enriched, privacy is required. We do not generate and sustain intimacy–emotional and sexual–under observation and analysis; we do so far away from the madding crowd. I am not doing anything illegal or secretive in the maintenance of my personal relationships but I would still like their details to be private. Hopefully, that’s clear. (Who am I kidding?)

Lastly, there is a dangerous conflation between paper records and electronic records. For instance, David Simon, the latest to join the ‘relax, its legal and being done to protect us’ brigade, runs an analogy with the Baltimore wiretaps carried out by the local police and concludes:

Here, too, the Verizon data corresponds to the sheets and sheets of printouts of calls from the Baltimore pay phones, obtainable with a court order and without any demonstration of probable cause against any specific individual.

Except that it doesn’t. Those ‘sheets and sheets’ do not correspond to the billions of digital records obtained from Verizon, which can be stored indefinitely and subjected to data analysis in a way that the hard-copy data cannot.

These arguments will be made again and again in this context; might as well get some brief refutations out there.

Glenn Greenwald is Not the Story; The Surveillance Is

The New York Times has an article on Glenn Greenwald, who has broken two stories on the NSA surveillance programs that now occupy most thinking people’s attention, which is titled thus: ‘Activist Blogger Is At The Center Of A Debate‘ on its front page. (The article’s title reads ‘ Blogger, With Focus on Surveillance, Is at Center of a Debate’). That headline, and the content of the story, tells us a great deal about what is wrong with modern journalism  and why civil liberties outrages aren’t so outrageous any more.

Greenwald is most emphatically not at the ‘center’ of any debate. He is not the story; the surveillance program is. But surely, some background on the reporter who broke the story would let readers evaluate his credibility? I’m afraid this claim does not withstand closer scrutiny even though it smacks of a pleasing epistemic rectitude: ‘all we are doing is investigating the source of this story’. To focus on him  is a a straightforward misdirection of journalistic effort. The New York Times should be concentrating on uncovering more details about the surveillance programs in the Greenwald articles, but not about Greenwald himself.

(Incidentally, just for good measure, the New York Times article includes a couple of ad-hominem slams against Greenwald:

Gabriel Schoenfeld, a national security expert and senior fellow at the Hudson Institute who is often on the opposite ends of issues from Mr. Greenwald, called him, “a highly professional apologist for any kind of anti-Americanism no matter how extreme.”

Mr. Sullivan wrote in an e-mail: “I think he has little grip on what it actually means to govern a country or run a war. He’s a purist in a way that, in my view, constrains the sophistication of his work.”

There is praise for Greenwald too, but all of this is really besides the point.)

The correct thing for New York Times journalists to do at this point is to get to work on verifying the authenticity of the documents that Greenwald’s source has made public and to explain to their readers:  what their legal and political implications are; how these programs fit into the context of the surveillance that the previous administration kicked off; what the relevant sections of the Patriot Act are; whether the defenses made by administration officials stand up to scrutiny or not; and so on. The New York Times has done some of these things, but my point is that at this moment, those  ought to be its exclusive focus. There is a chance here for a serious journalist to expose the workings of a provably out-of-control government; anything else is a distraction at this stage.

This kind of missing-the-point is not restricted to the focus on Greenwald. Consider for instance, the stories on the Bradley Manning trial. As Matt Taibbi points out, most media outlets are obsessed by his personal background and are rather spectacularly missing the forest for the trees:

The CNN headline read as follows: “Hero or Traitor? Bradley Manning’s Trial to Start Monday.” NBC went with “Contrasting Portraits of Bradley Manning as Court-Martial Opens.”

Unsurprisingly, the citizenry marches on, its attention diverted.

The Spying Will Continue Until Morale Improves

The New York Times, picking up on a Guardian story by Glenn Greenwald, reports that:

The Obama administration is secretly carrying out a domestic surveillance program under which it is collecting business communications records involving Americans under a hotly debated section of the Patriot Act, according to a highly classified court order disclosed on Wednesday night.

The order, signed by Judge Roger Vinson of the Foreign Intelligence Surveillance Court in April, directs aVerizon Communications subsidiary, Verizon Business Network Services, to turn over “on an ongoing daily basis” to the National Security Agency all call logs “between the United States and abroad” or “wholly within the United States, including local telephone calls.”

This policy is a straightforward continuance of the Bush administration’s massive surveillance effort, similarly directed by the NSA in co-operation with telecommunications companies. The scope of the order indicates the data collection is indiscriminate: it is not directed, targeted or narrowly focused. (The court order does limit the data collection by time.) Rather, it is a broad sweep, a trawl to net the NSA’s desired catch. This is not surveillance to confirm a hypothesis; this is surveillance to try to frame one. This is not surveillance as an aid to detective work; this is surveillance as an integral component of that work. As Greenwald notes:

FISA court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

Especially interesting, I think, is the reaction to the story. By that I do not mean the reactions of politicians, journalists, and privacy advocates. Rather, if one is allowed to believe that comments on the New York Times story are at all reflective of the ‘word on the street’, then a couple of apologetic samples are depressingly interesting.

For instance, ‘pjd’ from Westford writes:

I’m surprised that no one has noted the dates in the order. The order was signed on 4/25/2013 which is ten days after the Boston Marathon bombing.

This response is emblematic of the ‘it’s justified because of the terrorists.’ Never mind that nothing about the Boston bombers seems to indicate any kind of widespread conspiracy that would justify such a massive surveillance effort.

And ‘Kurt’ from NY writes:

Ordinarily, this kind of data collection could be interpreted as overly broad and a threat to civil liberties….But, again, given just how disturbing it seems on its face, if a judge is willing to make such an order and Congress is aware of it, it would seem to suggest that there is legitimate need in response to specific threat. Which would also say that, given the security classification it has been given, for this matter to be public knowledge as it now is is possibly injurious to national security.

Here we have the standard ‘the government must have a reason even if they aren’t telling us, and that’s fine by me.’ The trust displayed here in a judicial and executive branch that have done nothing to justify it is touching.

And this statement by the Obama Administration is equally risible:

The information acquired does not include the content of any communications or the name of any subscriber.  It relates exclusively to metadata, such as a telephone number or the length of a call.

Why is this not even remotely comforting?