U.S.-China Surveillance

Here are a couple excerpts from a press release yesterday from China’s mInfo corporation, “What were China’s 450 million mobile users ‘Searching’ for in 2006?” (Xinhua-PRNewswire):

Data published by mInfo are based on actual usage information over the last year across its SMS, WAP, kJava and IM mobile search systems. mInfo is the only provider in China offering search over all four models enabling nearly all mobile users in China to access its service. This gives it a much broader view on what users are looking for versus most other vendors that only provide WAP-based search….

In general, mobile searchers are looking for answers surrounding their daily lives. mInfo’s data shows that searches were spread fairly evenly amongst the basic subject areas of Local Search (41%), Informational Search (31%) and Rich Content Search (28%). Local search involves finding directory information for locations such as bars, hotels and ATMs. Informational search relates to finding things such as stock quotes, sports scores, price promotions and flight schedules. Rich content search relates to finding ring tones, pictures, mp3, games, etc. mInfo offers over 30 search categories within these three areas. Mobile search traffic seems to pick up each day around noon and ramps steadily until about 10pm when traffic peaks. Fridays and Saturdays are the most heavily trafficked days for mobile search services.

It is easy to read this press release as simply further testimony of the nature of the online business today, that no matter what country you live in, providers of web search services are going to store (and perhaps sell) detailed data of user behavior. Indeed, as a general rule, search engines based in the U.S. keep track of individual user behavior over extended periods of time. Google, for example, assigns individual PCs with unique identifiers stored in cookies that can last several years. And with the addition of web-based email services via these same providers, maintaining the stream of an individual’s identity through successive computers becomes a relatively trivial task.

The mishandled release of aggregate search data by AOL, with the unique (cookie, PC) embedded ID numbers included, now seems to be immortalized at the infamous AOLStalker.com.

As one browses the interface at AOLStalker, it is easy to quickly identify a range of unique IDs who searched for any keyword or phrase of interest. Divorce? Term paper? Explosives? The site gives you a list of IDs who searched the term in chronological order. By clicking on an ID, you than get a view of ALL of that IDs search terms over extended periods of time.

After spending some time at AOLStalker, it is easy to get captivated by the very detailed individual stories that a string of keyword searches can tell. Consider the story of AOL user 9486162, that CNET reporter Declan McCullagh recounted.

AOL user 9486162 appears to live near Edisto Beach, S.C., and could be a poker aficionado who’s a fan of the University of Kentucky’s football team. User 9486162 rarely used his or her AOL account for searching in March, but was preoccupied with one disturbing topic on April 26:
university of kentucky football
hold’em poker school
ways to kill yourself
suicide by natural gas
how to kill oneself by natural gas
assisted suicide
suicide by overdosing
how long does carbon monoxide poisoning take to kill a person
over dose ways to commit suicide
university of kentucky 2007 football recruits
texas hold’em poker on line seminars
employment needed- louisville ky

The mInfo press release (excerpted above) suggests that this kind of cell phone data might be more centrally aggregated in China than in the U.S. and it is no stretch to think that Chinese agencies with intelligence needs might have unrestricted real-time access. The public security bureau, for example, might identify a person of interest who searched for the keywords “Tibet” and “democracy” and then could either check their IP address or work from telltale “local searches” associated with the same ID to locate them physically.

At the same time, as we become increasingly aware of the creeping surveillance in the United States, anyone concerned is likely to come to an obvious question: What is the possibility that AOLStalker is but a fraction of what is actively in use by U.S domestic intelligence agencies? What is the possibility, for example, that intelligence organizations could watch searches across multiple search engines (MSN, Yahoo, Google) in near real-time or scan their massive archives at leisure for patterns of the past?

It is right about here where the standard “if you aren’t a terrorist, then you have nothing to worry about” response is trotted out. Though I cringe when I hear it, I recognize that a lot of otherwise intelligent and good people really believe this at some level. Let’s consider, though, some scenarios of a less than perfect world, where people and institutions might take advantage of such knowledge.

I’m not suggesting that the following scenario is likely to happen, or that the Bush administration would act in this way, but the scenario has a certain plausibility to it, given the continuing history, for example, of wars, peace groups and abuse of government policing powers.

A country about to embark on a war with dwindling financial and human resources decides that it needs to institute a mandatory draft system after decades of voluntary service. Concerned that a high percentage of the target population may attempt to evade the draft, the state takes steps to reduce their chances for successful exit. They announce the draft publicly, while actively monitoring the search streams across the five most popular search engines. In the minutes following the announcement, IDS searching for “flight reservations” or “ID falsification” are immediately flagged, and then inspected via the key-word search stream. From the IP address and keyword stream, they are able to not only pinpoint the locations of potential draft dodgers but develop a psychological profile of sorts of the people who may be thinking about escape. Using the general profile, public diplomacy/propaganda messages are crafted to put doubt and fear into this population and increase their threshold for action. If more immediate control is needed, individual credit card accounts are then frozen, to limit mobility, while law enforcement in the local area is alerted.

While the need for survival and ontological security is completely understandable, we must be very careful when acceding increased surveillance powers to our trusted institutions. As the power to surveil increases, so does the potential for abuse. If we combine Orwell with Foucault we get “absolute knowledge corrupts absolutely.”