using it to find everyone who was near a planned labor union protest site. The FBI
has used this data to find phones that were used by a particular target but not otherwise
associated with him.
Corporations do some of this as well. There’s a technique called geofencing that marketers
use to identify people who are near a particular business so as to deliver an ad to
them. A single geofencing company, Placecast, delivers location-based ads to ten million
phones in the US and UK for chains like Starbucks, Kmart, and Subway. Microsoft does
the same thing to people passing within ten miles of some of its stores; itworks with the company NinthDecimal. Sense Networks uses location data to create individual
profiles.
CORRELATING DIFFERENT DATA SETS
Vigilant Solutions is one of the companies that collect license plate data from cameras.
It has plans to augment this system with other algorithms for automobile identification,
systems of facial recognition, and information from other databases. The result would
be a much more powerful surveillance platform than a simple database of license plate
scans, no matter how extensive, could ever be.
News stories about mass surveillance are generally framed in terms of data collection,
but miss the story about data correlation: the linking of identities across different
data sets to draw inferences from the combined data. It’s not just that inexpensive
drones with powerful cameras will become increasingly common. It’s the drones plus
facial recognition software that allows the system to identify people automatically,
plus the large databases of tagged photos—from driver’s licenses, Facebook, newspapers,
high school yearbooks—that will provide reference images for that software. It’s also
the ability to correlate that identification with numerous other databases, and the
ability to store all that data indefinitely. Ubiquitous surveillance is the result
of multiple streams of mass surveillance tied together.
I have an Oyster card that I use to pay for public transport while in London. I’ve
taken pains to keep it cash-only and anonymous. Even so, if you were to correlate
the usage of that card with a list of people who visit London and the dates—whether
that list is provided by the airlines, credit card companies, cell phone companies,
or ISPs—I’ll bet that I’m the only person for whom those dates correlate perfectly.
So my “anonymous” movement through the London Underground becomes nothing of the sort.
Snowden disclosed an interesting research project from the CSEC—that’s the Communications
Security Establishment Canada, the country’s NSA equivalent—that demonstrates the
value of correlating different streams of surveillance information to find people
who are deliberately trying to evade detection.
A CSEC researcher, with the cool-sounding job title of “tradecraft developer,” started
with two weeks’ worth ofInternet identification data: basically, a list of user IDs that logged on to various
websites. He also had a database of geographic locations for different wireless networks’
IP addresses. By putting the two databases together, he could tie user IDs logging
in from different wireless networks to the physical location of those networks. The
idea was to use this data to find people. If you know the user ID of some surveillance
target, you can set an alarm when that target uses an airport or hotel wireless network
and learn when he is traveling. You can also identify a particular person who you
know visited a particular geographical area on a series of dates and times. For example,
assume you’re looking for someone who called you anonymously from three different
pay phones. You know the dates and times of the calls, and the locations of those
pay phones. If that person has a smartphone in his pocket that automatically logs
into wireless networks, then you can
has used this data to find phones that were used by a particular target but not otherwise
associated with him.
Corporations do some of this as well. There’s a technique called geofencing that marketers
use to identify people who are near a particular business so as to deliver an ad to
them. A single geofencing company, Placecast, delivers location-based ads to ten million
phones in the US and UK for chains like Starbucks, Kmart, and Subway. Microsoft does
the same thing to people passing within ten miles of some of its stores; itworks with the company NinthDecimal. Sense Networks uses location data to create individual
profiles.
CORRELATING DIFFERENT DATA SETS
Vigilant Solutions is one of the companies that collect license plate data from cameras.
It has plans to augment this system with other algorithms for automobile identification,
systems of facial recognition, and information from other databases. The result would
be a much more powerful surveillance platform than a simple database of license plate
scans, no matter how extensive, could ever be.
News stories about mass surveillance are generally framed in terms of data collection,
but miss the story about data correlation: the linking of identities across different
data sets to draw inferences from the combined data. It’s not just that inexpensive
drones with powerful cameras will become increasingly common. It’s the drones plus
facial recognition software that allows the system to identify people automatically,
plus the large databases of tagged photos—from driver’s licenses, Facebook, newspapers,
high school yearbooks—that will provide reference images for that software. It’s also
the ability to correlate that identification with numerous other databases, and the
ability to store all that data indefinitely. Ubiquitous surveillance is the result
of multiple streams of mass surveillance tied together.
I have an Oyster card that I use to pay for public transport while in London. I’ve
taken pains to keep it cash-only and anonymous. Even so, if you were to correlate
the usage of that card with a list of people who visit London and the dates—whether
that list is provided by the airlines, credit card companies, cell phone companies,
or ISPs—I’ll bet that I’m the only person for whom those dates correlate perfectly.
So my “anonymous” movement through the London Underground becomes nothing of the sort.
Snowden disclosed an interesting research project from the CSEC—that’s the Communications
Security Establishment Canada, the country’s NSA equivalent—that demonstrates the
value of correlating different streams of surveillance information to find people
who are deliberately trying to evade detection.
A CSEC researcher, with the cool-sounding job title of “tradecraft developer,” started
with two weeks’ worth ofInternet identification data: basically, a list of user IDs that logged on to various
websites. He also had a database of geographic locations for different wireless networks’
IP addresses. By putting the two databases together, he could tie user IDs logging
in from different wireless networks to the physical location of those networks. The
idea was to use this data to find people. If you know the user ID of some surveillance
target, you can set an alarm when that target uses an airport or hotel wireless network
and learn when he is traveling. You can also identify a particular person who you
know visited a particular geographical area on a series of dates and times. For example,
assume you’re looking for someone who called you anonymously from three different
pay phones. You know the dates and times of the calls, and the locations of those
pay phones. If that person has a smartphone in his pocket that automatically logs
into wireless networks, then you can
Similar Books
