U.S.-China Surveillance

This blog grew out of my dissertation work comparing the state dossier systems of the US and China. I finished and defended the dissertation in the summer of 2009. My research foci have changed a bit and so I’ve moved to what I expect to be a more topically diverse blog, Farr.all. It still focuses largely on surveillance and privacy issues but I’ll be introducing a wider range of topics soon.

As I prepare a paper abstract for submission to an upcoming conference on national intelligence ethics, I’ve been thinking more about the historical context in which new federal standards for US “suspicious activity reporting” (the ISE-SAR) can be understood. Suspicious Activity Reports (SARs) are an increasingly important tool of “domestic intelligence” distinct from the class of documents produced in the course of criminal investigations. Domestic intelligence has a fascinating history. Widespread abuses in the 50s, 60s and early 70s, chronicled in the 14-volume Church committee reports (excerpted below), led to a comprehensive set of policy changes designed to place constraints on the number of government personnel authorized to produce domestic intelligence. These constraints have been largely abandoned in the wake of the September 11th Attacks, especially with the passage of the Intelligence Reform and Terrorism Prevention Act of 2004.

The more recent historical thread of which SARs are a part includes the Terrorism Information and Prevention System (TIPS), Threat and Local Observation Notices (TALON), and the current Guardian and e-Guardian systems maintained by the FBI. Much of the activity we are seeing today appears reminiscent of intelligence abuses chronicled in the Church reports.

In 1975, Senator Frank Church (D-ID) chaired the “United States Senate Select Committee to Study Governmental Operations with Respect to Intelligence Activities.” Over a period of nine months, the committee interviewed more than 800 officials and held 250 executive and 21 public hearings, investigating widespread intelligence abuses by the CIA, FBI and NSA. The Church Committee’s 14 reports, issued between 1975 and 1976, have been called the most thorough investigation of US intelligence agencies ever released to the public.

Here is a selection from BOOK II, A. Violating and Ignoring the Law:

MAJOR FINDING

The Committee finds that the domestic activities of the intelligence community at times violated specific statutory prohibitions and infringed the constitutional rights of American citizens. 1 The legal questions involved in intelligence programs were often not considered. On other occasions, they were intentionally disregarded in the belief that because the programs served the “national security” the law did not apply. While intelligence officers on occasion failed to disclose to their superiors programs which were illegal or of questionable legality, the Committee finds that the most serious breaches of duty were those of senior officials, who were responsible for controlling intelligence activities and generally failed to assure compliance with the law.

Subfindings

(a) In its attempt to implement instructions to protect the security of the United States, the intelligence community engaged in some activities which violated statutory law and the constitutional rights of American citizens.

(b) Legal issues were often overlooked by many of the intelligence officers who directed these operations. Some held a pragmatic view of intelligence activities that did not regularly attach sufficient significance to questions of legality. The question raised was usually not whether a particular program was legal or ethical, but whether it worked.

(c) On some occasions when agency officials did assume, or were told, that a program was illegal, they still permitted it to continue. They justified their conduct in some cases on the ground that the failure of “the enemy” to play by the rules granted them the right to do likewise, and in other cases on the ground that the “national security” permitted programs that would otherwise be illegal.

(d) Internal recognition of the illegality or the questionable legality of many of these activities frequently led to a tightening of security rather than to their termination. Partly to avoid exposure and a public “flap,” knowledge of these programs was tightly held within the agencies, special filing procedures were used, and “cover stories” were devised.

(e) On occasion, intelligence agencies failed to disclose candidly their programs and practices to their own General Counsels, and to Attorneys General, Presidents, and Congress.

(f) The internal inspection mechanisms of the CIA and the FBI did not keep — and, in the case of the FBI, were not designed to keep — the activities of those agencies within legal bounds. Their primary concern was efficiency, not legality or propriety.

(g) When senior administration officials with a duty to control domestic intelligence activities knew, or had a basis for suspecting, that questionable activities had occurred, they often responded with silence or approval. In certain cases, they were presented with a partial description of a program but did not ask for details, thereby abdicating their responsibility. In other cases, they were fully aware of the nature of the practice and implicitly or explicitly approved it.

I will post a few more excerpts from the reports before drawing some parallels to the present SAR initiative.

I successfully defended my dissertation, “Suspect until Proven Guilty, a problematization of state dossier systems,” late this past August and just recently started work as a post-doc at NYU’s Department of Media, Culture and Communication. Now that my dissertation is done and I’ve had time to settle in to my new routine of research and teaching, I’m ready to resume blogging about privacy, surveillance, and dossier systems, particularly as they relate to the United States and China. My present work is focused on the United States, in particular the US Information Sharing Environment, which I’ll be writing about in my next post.

Former National Security Agency analyst turned whistleblower Russell Tice appeared on Keith Olberman’s Countdown last night, making new claims about the extent of NSA domestic surveillance during the Bush administration. Tice told Olberman that the NSA program was not only much wider than previous revelations suggested, targeting virtually everyone in America, but also that one operation he was involved in specifically targeted journalists.

Last week, a Supreme Court ruling deserving of much more attention than it has received to date, added to the steady erosion of Fourth Amendment protections Americans have been suffering since the September 11th attacks. Just how much the ruling has diluted the Fourth Amendment is open to debate, but there is little doubt that constitutional protections against unreasonable search and seizure are weaker after the January 14th Herring v United States (decision, pdf) decision than they were before.

The case involved the police search of Alabama resident Bennie Dean Herring’s truck. After a local crime database indicated Herring was wanted for arrest in a neighboring county, police searched his truck, finding methamphetamines and and an illegal firearm. Minutes after the search, attempting to retrieve the original arrest warrant from the system, police realized that the warrant had expired five months earlier.

Herring later challenged his arrest in court, arguing that the exclusionary principle of the Fourth Amendment, which prevents evidence obtained in an illegal search from being presented in court, applied in his case.

In the Supreme Court ruling, the 5-4 majority held “When police mistakes leading to an unlawful search are the result of isolated negligence attenuated from the search, rather than systemic error or reckless disregard of constitutional requirements,the exclusionary rule does not apply.”

In their unsuccessful Amicus brief to the court, EPIC warned that in an age where the use of electronic databases is increasing, removing database errors from the exclusionary principle would extinguish a key motivation for accuracy.

To allow law enforcement agencies to rely on inaccurate data will exacerbate further a problem that implicates both the fairness of the criminal justice system as well as the design and operation of government information systems….to permit a good faith reliance on data that is inaccurate, incomplete, or out of date will actually exacerbate the problem and increase the likelihood of unfair treatment in the criminal justice system.

Tom Goldstein at SCOTUS Blog points out a key aspect of how the decision might impact police conduct:

The opinion has nothing to do with the fact that the error here is one of recordkeeping. It applies fully to negligence by police officers in their day-to-day determination whether there is probable cause to conduct a search. If the officer makes an objectively reasonable mistake – i.e., he is merely negligent – the exclusionary rule does not apply to whatever evidence he finds. Put another way, the Supreme Court today extended the good faith exception to ordinary police conduct….

The rubber will hit the road in cases in which the officers’ error is one of fact, not law. Herring is such a case – the officer is said to have reasonably relied on the information provided by a police warrant clerk. But what about the more common circumstance in which an officer, based on information not provided by anyone else, negligently but erroneously concludes that probable cause exists. For example, the officer believes that an individual is wanted for arrest but doesn’t call to confirm that fact, or the officer believes that a bag contains marijuana but a closer inspection would have shown otherwise. In the past, those cases would have automatically triggered the exclusionary rule – the Fourth Amendment violation required exclusion.

A recent blog post by Hal Roberts at the The Berkman Center for Internet & Society raises concerns about popular anonymizing and censorship circumvention services DynaWeb FreeGate, GPass, and FirePhoenix selling their individual user data to third parties. In the post, Roberts infers from a curiously-worded FAQ entry at Edoors.com that these three partner services in the Global Internet Freedom Consortium (GIFC) were willing to sell individual user data to the highest bidder.

And the data about circumventing users is much more sensitive than the data about most ISP users. These are the histories of users browsing sites that are not only blocked (and therefore mostly sensitive in one way or another) but blocked by an authoritarian country with an active policy and practice of persecuting dissidents. The mere act of anyone, let alone projects proclaiming themselves for internet freedom, storing this data is very bad practice. Any data that is stored can be potentially be shared or stolen. The best way to make sure that dangerous data like this does not get into the wrong hands is not to store it in the first place.

Since the posting, both Peter Li, head of technology at GIFC and Bill Xia, CEO of DynaWeb, have stated that none of the partner sites sell individual user data. In a comment posted at Roberts’ blog, Li states:

We apologize for the confusion here. The anti-censorship ranking service is provided by one of the GIFC partners. It only publishes the popularity ranks of destination websites users visit through our anti-censorship tools. It is similar to alexa.com but is only limited to anti-censorship web traffic.

The ranking service is not authorized to access, nor can it access, the data users transmit on the wire. It is not authorized to release logs containing information on the websites any individual user visits either.

The FAQ for the ranking service was not written properly, as originally “user” there meant website owners who may be interested in getting detailed statistics on how their websites are visited through our anti-censorship tools. We apologize that we have overlooked the wording.

The GIFC partner who runs the ranking service, the World Gates’ Inc, has been notified, and that FAQ entry has been removed. Thank you for discovering the problem.

Given the solid reputations of the people involved, I have no cause to question or doubt this explanation. The entire incident, however, raises some important questions about anonymizing services and private VPNs and the danger of misplaced trust. It also leaves some questions unanswered about how user data is stored by these individual circumvention services and how such data might become accessible to state policing organizations at some future date. I agree with Roberts that the only way to ensure that data is not available is “not to store it in the first place.” To date, there are no laws in the US that require ISPs or web service providers to store user data, so such a service remains within the realm of possibility, at least for the time being.

A federal appeals court in Oregon will hold a hearing next month on a government appeal of a 2007 judicial ruling that said the Foreign Intelligence Surveillance Act (FISA) is unconstitutional.

Full story at Secrecy News.

Studying how the U.S. government maintains records on its residents is not a simple matter of identifying “the dossier system” and following its history. According to the GAO, as of 2004, there were more than 122 data mining systems in over 50 government agencies and departments containing personally identifiable information on U.S. citizens. The names of individual systems change frequently, making it difficult for researchers to follow their development and evolution. Attempting to make sense of the overall system, how data from one system is produced and how it flows into other systems, requires familiarity with a dizzying array of acronyms and code names that have cast a patina of confusion over the system as a whole.

Even government officials responsible for administering these systems appear confused over terminology. During a 2006 Senate Judiciary Committee hearing, senator Patrick Leahy asked FBI director Robert Mueller if his agency’s Investigative Data Warehouse (IDW) system linked to the Automated Targeting System (ATS) run by the Department of Homeland Security (DHS). The conversation has a bit of a who’s on first quality:

LEAHY: Does the IDW database share information or otherwise interface with the ATS data- mining program?
MUELLER: The ATS data-mining program? I’m not familiar with what you’re referring to, sir.
LEAHY: Just talking about the ATS.
MUELLER: You mean DHS?
LEAHY: The DHS — well, they call it ATS. I realize we’re using acronyms, but this is the one that checks on everybody crossing our borders. And you have the Department of Homeland Security’s automated targeting system.
Does your database interface with that? Does it share information with it?
MUELLER: I do not believe so. But, again, I would have to go back and check. I do not believe so.

The most comprehensive effort to date to map the overall “domestic intelligence” system of the U.S. is this map produced by the RAND corporation as part of its 2008 monograph, “Reorganizing U.S. Domestic Intelligence.”

RAND Map of US Domestic Intelligence (pdf)

For hardcore surveillance wonks, this map is a true treasure trove. The map identifies and shows key connections between federal departments and agencies and their data systems — extant, proposed and decommissioned — as well as private sector entities.

As useful as this map is, it’s not without its weaknesses. Perhaps most importantly, the map gives no sense of hierarchy, suggesting that all data systems are somehow equal. Some systems have a higher “document gravity,” meaning that records from other systems tend to flow into them. A perfect example of this would be the Investigative Data Warehouse (IDW) which the FBI has claimed will store “all data than can be legally stored together.” One could imagine a map layout in which those systems with the highest document gravity appeared at the bottom, while those with the least gravity and narrowest topical coverage appeared at the top. This of course, might make it difficult to keep systems clustered within their respective institutions, but it would help journalist watchdogs and activists focus on the most important systems. Another problem with the map is that, although it shows explicit data sharing paths between systems, it obscures their developmental relationships.

The DOD’s decommissioned Threat and Local Observation Notice (TALON) reporting system, for example, is shown organizationally connected to the now defunct Counter-intelligence Field Activity (CIFA) and is linked as a data source for the also defunct Joint Protection Enterprise Network (JPEN) system (RAND’s map appears to have been produced before CIFA and JPEN were formally shut down, showing only TALON with an X through it). Although the precursor system to the DOD-wide standard TALON reports, the Air Force’s Eagle Eyes System, appears in the map, it is separated by six degrees, connected only via the DOD hub itself. A map that focused more on the evolution of the overall dossier system might show the Eagle Eyes system flowing into TALON/JPEN and then flowing into the FBI’s Guardian/eGuardian system, where DOD TALON reports are now filed. This case is particularly interesting because the basic threat reporting model adopted by the Department of Defense appears to have been transferred across institutional boundaries to the FBI. This is an excellent example of how former boundaries between record keeping systems and their parent institutions in the U.S. are disappearing, and how innovations within one agency can now more easily be adopted by other agencies due to a reduction in both policy and technological constraints.

An interesting post in the Financial Times today talks about a new online surveillance trend in China, led by the Beijing-based company TRS Information Technology, that shifts from searching for politically sensitive keywords to “advanced text mining solutions enabling censors to monitor and forecast public opinion.” The article appears to takes a negative view of this development, suggesting that it’s just another step toward a world of complete surveillance:

With pride, he sees his company’s algorithms helping drive internet surveillance to perfection. “There are many different demands – early warning, policy support, competitive spying between government departments. In the end, this will create a whole industry.”

If this represents a shift, however, from targeting individual trouble makers to attempting to read and predict shifts in overall public opinion, I’m not sure how this is a step backward. Although the article is painfully short on details, a quick look at the company’s own web site suggests the technology, called InfoRadar, is much like that offered by Umbria, the social media analysis division of J.D. Power and Associates.

A new policy for Internet cafe users to register with their real names, announced last March, appears now to be implemented on a widespread basis within the city. First time visitors to a particular Internet cafe locale must have their pictures taken and their national ID cards scanned before sitting down at a terminal. The data is sent to and stored at the Beijing Cultural Law Enforcement Agency. An article released by Xinhua news agency last week regarding the new practice is worth reproducing in full here.

Photo, ID required in Beijing Internet cafes

When Zhang Lihong entered Suosi Internet cafe in Xicheng District, Beijing Oct. 16, she noticed something new on the counter- a machine with a digital camera and scanner.

“Please have your photo taken, and your ID card scanned here,” the clerk stood up and said.

Zhang was confused and wanted to know why she had to do this. The clerk explained that authorities are trying to crack down on Internet misuse in the city.

The 24-year-old’s photo and a copy of her resident identity card were sent to the Municipal Law Enforcement Agency of Beijing and placed in a file.

Zhang was then given a four-digit password, escorted to a computer, and told to enter her information on an interface to activate the computer.

“You don’t need to go through the same process again when you visit Internet cafes like us,” the clerk explained. “By providing your ID number, you can check in after we verify your filed information.”

Zhang smiled as she started to surf the Internet.

“This is a reasonable measure. You spend two minutes and you can enjoy a healthier virtual world,” she said. “Today, there are many hackers, net rumors being spread around and people sending erotic content. Now that users have their images taken, they dare not do bad things.”

A spokeswoman from the Municipal Law Enforcement Agency of Beijing said 1,500 Internet cafes in 14 districts and counties of the city have the same device. It is called the Beijing Internet Cafe Customer Registration Device.

“By the middle of December, Internet cafes in another four districts and counties of Beijing will receive these devices,” said the spokeswoman who wanted to remain anonymous.

“The new device annoyed me a lot at first,” said Li Yunfei, the manager of Suosi Internet Cafe. “80% of my customers just went away when they saw the device. My cafe was like an empty classroom.”

After a month, people become used to it, however, and Li’s turnover recovered.

“After all, I need to use it, or I will be fined and will lose my reputation,” Li said.

Jia Fei, the manager of Hailetong Internet Cafe, a chain with more than 500 computers, believes the new system makes his work more efficient.

“Now I can easily track the exact online time of my customers and when they switch to other computers,” Jia said. “If someone commits Internet crimes, I can help the police to pin him.”

Ma Zhengnan expressed relief when she heard about the new devices outside an Internet cafe near her 18-year-old son’s high school.

“This can keep students away from indulging in computer games,” Ma said.

However, some netizens dislike the law enforcement initiative.

“I will not go to Internet cafes any more,” said Li Weiwei. “Who knows if my personal information is being exposed to people with bad motives.”

(Xinhua News Agency October 17, 2008)