Data and Goliath (40 page)

Read Data and Goliath Online

Authors: Bruce Schneier

BOOK: Data and Goliath
5.16Mb size Format: txt, pdf, ePub

police forces have installed surveillance cameras:
Mun Wong (4 May 2011), “Top 5 cities with the largest surveillance camera networks,”
VinTech Journal
, http://www.vintechnology.com/journal/uncategorized/top-5-cities-with-the-largest-surveillance-camera-networks.
David Barrett (10 Jul 2013), “One surveillance camera for every 11 people in Britain,
says CCTV survey,”
Telegraph
, http://www.telegraph.co.uk/technology/10172298/One-surveillance-camera-for-every-11-people-in-Britain-says-CCTV-survey.html.
Thales Group (11 Apr 2014), “Mexico City, the world’s most ambitious urban security
programme,” https://www.thalesgroup.com/en/worldwide/security/case-study/mexico-city-worlds-most-ambitious-urban-security-programme.

That data is almost certainly digital:
Seagate Technology LLC (2012), “Video surveillance storage: How much is enough?”
http://m.seagate.com/files/staticfiles/docs/pdf/whitepaper/video-surv-storage-tp571-3-1202-us.pdf.

Jeremy Bentham conceived of his “panopticon”:
Jeremy Bentham (1791),
The Panopticon, or the Inspection-House
, T. Payne, http://cartome.org/panopticon2.htm.

idea has been used as a metaphor:
Oscar H. Gandy Jr. (1993),
The Panoptic Sort: A Political Economy of Personal Information
, Westview Press, http://books.google.com/books?id=wreFAAAAMAAJ.

on the Internet and off:
Tom Brignall III (2002), “The new panopticon: The Internet viewed as a structure
of social control,” Tennessee Tech University, http://unpan1.un.org/intradoc/groups//files/21/64/47/f216447/public/documents/apcity/unpan003570.pdf.

All of us are being watched:
Ellen Nakashima (16 Jan 2007), “Enjoying technology’s conveniences but not escaping
its watchful eyes,”
Washington Post
, http://www.washingtonpost.com/wp-dyn/content/article/2007/01/15/AR2007011501304.html.

3: ANALYZING OUR DATA

Target was right:
Charles Duhigg (16 Feb 2012), “How companies learn your secrets,”
New York Times
, http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html.

amassing and saving all kinds of data:
Gregory Piatetsky (8 Dec 2013), “3 stages of Big Data,”
KD Nuggets
, http://www.kdnuggets.com/2013/12/3-stages-big-data.html.

Barack Obama mined data extensively:
Michael Scherer (7 Nov 2012), “Inside the secret world of the data crunchers who
helped Obama win,”
Time
, http://swampland.time.com/2012/11/07/inside-the-secret-world-of-quants-and-data-crunchers-who-helped-obama-win.

allowed academics to mine their data:
Here are two examples. Lars Backstrom et al. (5 Jan 2012), “Four degrees of separation,”
arXiv:1111.4570 [cs.SI], http://arxiv.org/abs/1111.4570. Russell B. Clayton (Jul 2014),
“The third wheel: The impact of Twitter use on relationship infidelity and divorce,”
Cyberpsychology, Behavior, and Social Networking
17, http://www.cs.vu.nl/~eliens/sg/local/cyber/twitter-infidelity.pdf.

Facebook can predict:
The experiment correctly discriminates between homosexual and heterosexual men in
88% of cases, African Americans and Caucasian Americans in 95% of cases, and Democrats
and Republicans in 85% of cases. Michal Kosinski, David Stillwell, and Thore Graepel
(11 Mar 2013), “Private traits and attributes are predictable from digital records
of human behavior,”
Proceedings of the National Academy of Sciences of the United States of America, Early
Edition
, http://www.pnas.org/content/early/2013/03/06/1218772110.

The company knows you’re engaged:
Sara M. Watson (14 Mar 2012), “I didn’t tell Facebook I’m engaged, so why is it asking
about my fiancé?”
Atlantic
, http://www.theatlantic.com/technology/archive/2012/03/i-didnt-tell-facebook-im-engaged-so-why-is-it-asking-about-my-fianc/254479.

gay before you come out:
Katie Heaney (19 Mar 2013), “Facebook knew I was gay before my family did,”
BuzzFeed
, http://www.buzzfeed.com/katieheaney/facebook-knew-i-was-gay-before-my-family-did.

may reveal that to other people:
Geoffrey A. Fowler (13 Oct 2012), “When the most personal secrets get outed on Facebook,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
0872396390444165804578008740578200224.

it could get you killed:
For a while in 2014, there was a flaw in the gay hookup app Grindr that would reveal
the location of gay men anywhere in the world, including countries like Uganda, Russia,
and Iran. John Aravosis (26 Aug 2014), “Popular gay dating app Grindr faces creepy
security breach allegations,”
America Blog
, http://americablog.com/2014/08/grindr-users-unwittingly-giving-away-exact-location.html.

when the ads are on track:
Sara M. Watson (16 Sep 2014), “Ask the decoder: Stalked by socks,” Al Jazeera, http://america.aljazeera.com/articles/2014/9/16/the-decoder-stalkedbysocks.html.

targeted at us specifically:
Sylvan Lane (13 Aug 2014), “16 creepiest targeted Facebook ads,”
Mashable
, http://mashable.com/2014/08/13/facebook-ads-creepy.

data mining is a hot technology:
Guy Gugliotta (19 Jun 2006), “Data mining still needs a clue to be effective,”
Washington Post
, http://www.washingtonpost.com/wp-dyn/content/article/2006/06/18/AR2006061800524.html.
Phillip Segal (28 Mar 2011),
“Data mining is dumbed down intelligence,”
Ethical Investigator
, http://www.ethicalinvestigator.com/internet/data-mining-is-dumbed-down-intelligence.
Ogi Ogas (8 Feb 2013), “Beware the big errors of ‘Big Data,’”
Wired
, http://www.wired.com/2013/02/big-data-means-big-errors-people.

go backwards in time:
Barton Gellman and Ashkan Soltani (18 Mar 2014), “NSA surveillance program reaches
‘into the past’ to retrieve, replay phone calls,”
Washington Post
, http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html.

Untangling this sort of wrongdoing:
US Department of Justice (16 Dec 2009), “Credit Suisse agrees to forfeit $536 million
in connection with violations of the International Emergency Economic Powers Act and
New York State law,” http://www.justice.gov/opa/pr/2009/December/09-ag-1358.html.
Office of the District Attorney, New York County (10 Dec 2012), “Standard Chartered
Bank reaches $327 million settlement for illegal transactions,” http://manhattanda.org/node/3440/print.
Office of the District Attorney, New York County (30 Jun 2014), “BNP Paribas Bank
pleads guilty, pays $8.83 billion in penalties for illegal transactions,” http://manhattanda.org/node/4884/print.

blood taken from riders years earlier:
Scott Rosenfield (23 Jul 2013), “Top 3 finishers in 1998 Tour test positive,”
Outside Online
, http://www.outsideonline.com/news-from-the-field/Top-3-Finishers-in-1998-Tour-Test-Positive.html.

a database called XKEYSCORE:
Glenn Greenwald (21 Jul 2013), “XKeyscore: NSA tool collects ‘nearly everything a
user does on the internet,’”
Guardian
, http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data.
US National Security Agency (8 Jan 2007), “XKEYSCORE (training slides),” https://www.eff.org/document/2013-07-31-guard-xkeyscore-training-slides
(page 2).

One called MARINA:
James Ball (30 Sep 2013), “NSA stores metadata of millions of web users for up to
a year, secret files show,”
Guardian
, http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents.

Another NSA database, MYSTIC:
Ryan Devereaux, Glenn Greenwald, and Laura Poitras (19 May 2014), “Data pirates of
the Caribbean: The NSA is recording every cell phone call in the Bahamas,”
Intercept
, https://firstlook.org/theintercept/article/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas.
Julian Assange (23 May 2014), “WikiLeaks statement on the mass recording of Afghan
telephone calls by the NSA,”
WikiLeaks
, https://wikileaks.org/WikiLeaks-statement-on-the-mass.html.

The NSA stores telephone metadata:
David Kravets (17 Jan 2014), “Obama revamps NSA phone metadata spying program,”
Wired
, http://www.wired.com/2014/01/obama-nsa.

If you use encryption:
I do not know whether this includes all encrypted SSL sessions. My guess is that
the NSA is able to decrypt a lot of SSL in real time. Matthew Green (2 Dec 2013),
“How does the NSA break SSL?”
A Few Thoughts on Cryptographic Engineering
, http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html.

NSA needed to increase its storage capacity:
Barton Gellman and Ashkan Soltani (4 Dec 2013), “NSA tracking cellphone locations
worldwide, Snowden documents show,”
Washington Post
, http://www.washingtonpost.com/world/national-security/nsa-tracking-cellphone-locations-worldwide-snowden-documents-show/2013/12/04/5492873a-5cf2-11e3-bc56-c6ca94801fac_story.html.

This is the point of:
James Bamford (15 Mar 2012), “The NSA is building the country’s biggest spy center
(watch what you say),”
Wired
, http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all.

The FBI stores our data, too:
Kevin Poulsen (27 Jan 2014), “If you used this secure webmail site, the FBI has your
inbox,”
Wired
, http://www.wired.com/2014/01/tormail.

The state of New York retains:
Cyrus Farivar (27 Feb 2012), “Your car, tracked: The rapid rise of license plate
readers,”
Ars Technica
, http://arstechnica.com/tech-policy/2012/09/your-car-tracked-the-rapid-rise-of-license-plate-readers.
Steve Orr (26 Jul 2014), “New York knows where your license plate goes,”
Democrat and Chronicle
, http://www.democratandchronicle.com/story/news/2014/07/26/new-york-license-plate-readers/13179727.

AT&T beat them all:
Declan McCullagh (19 Mar 2013), “Cops: U.S. law should require logs of your text
messages,”
CNET
, http://news.cnet.com/8301-13578_3-57575039-38/cops-u.s-law-should-require-logs-of-your-text-messages.

three hops away from Alice:
Philip Bump (17 Jul 2013), “The NSA admits it analyzes more people’s data than previously
revealed,”
Atlantic Wire
, http://www.thewire.com/politics/2013/07/nsa-admits-it-analyzes-more-peoples-data-previously-revealed/67287.

Making sense of the data:
Jonathan Mayer writes about the difficulty of analyzing this data. Jonathan Mayer
and Patrick Muchler (9 Dec 2013), “MetaPhone: The NSA three-hop,”
Web Policy
, http://webpolicy.org/2013/12/09/metaphone-the-nsa-three-hop.

phone numbers common to unrelated people:
Amy Davidson (16 Dec 2013), “The domino’s hypothetical: Judge Leon vs. the N.S.A.,”
New Yorker
, http://www.newyorker.com/news/amy-davidson/the-dominos-hypothetical-judge-leon-vs-the-n-s-a.

NSA documents note:
Barton Gellman and Laura Poitras (10 Jul 2013), “NSA slides explain the PRISM data-collection
program,”
Washington Post
, http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents.

total number of people being surveilled:
Shane Harris (17 Jul 2013), “Three degrees of separation is enough to have you watched
by the NSA,”
Foreign Policy
, http://complex.foreignpolicy.com/posts/2013/07/17/3_degrees_of_separation_is_enough_to_have_you_watched_by_the_nsa.

President Obama directed the NSA:
Tony Bradley (17 Jan 2014), “NSA reform: What President Obama said, and what he didn’t,”
Forbes
, http://www.forbes.com/sites/tonybradley/2014/01/17/nsa-reform-what-president-obama-said-and-what-he-didnt.

This is what both the NSA:
James Risen and Laura Poitras (20 Sep 2013), “NSA gathers data on social connections
of U.S. citizens,”
New York Times
, http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html.

One of Facebook’s most successful:
Vauhini Vara (23 Aug 2007), “Facebook gets personal with ad targeting plan,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB118783296519606151.

Google . . . searches all of your Gmail:
If either Google or Microsoft finds evidence of child pornography, it will report
you to the police. Matthew Sparkes (4 Aug 2014),
“Why Google scans your emails for child porn,”
Telegraph
, http://www.telegraph.co.uk/technology/google/11010182/Why-Google-scans-your-emails-for-child-porn.html.
Leo Kelion (6 Aug 2014), “Microsoft tip leads to child porn arrest in Pennsylvania,”
BBC News
, www.bbc.co.uk/go/em/fr/-/news/technology-28682686.

The NSA does something similar:
The PCLOB has stated that NSA collection under Section 702 of the FISA Amendments
Act does not collect on the basis of keywords, although that’s just one authority.
And there’s a lot of room for weaseling. Privacy and Civil Liberties Oversight Board
(2 Jul 2014), “Report on the surveillance program operated pursuant to Section 702
of the Foreign Intelligence Surveillance Act,” http://www.pclob.gov/All%20Documents/Report%20on%20the%20Section%20702%20Program/PCLOB-Section-702-Report.pdf.
Jennifer Granick (11 Feb 2014), “Eight questions PCLOB should ask about Section 702,”
Just Security
, https://justsecurity.org/7001/questions-pclob-section-702.

the NSA targets people:
Jacob Appelbaum et al. (3 Jul 2014), “NSA targets the privacy-conscious,”
Panorama
, http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html.

Other books

Killer of Men by Christian Cameron
Haunting Secrets by Marie Higgins
The Hotwife Summer by Arnica Butler
Marital Affair by Jasmine Black
Her Last Assassin by Victoria Lamb
When It's Right by Jennifer Ryan
Hated by Fournier, C
The Next Accident by Lisa Gardner
The Brothers by Masha Gessen