Who watches the watchers? Hackers, suggested former NSA technical director-turned-whistleblower William Binney. Otherwise, Binney sees all the government surveillance moving “toward a totalitarian state. I mean you've got the NSA doing all this collection of material on all of its citizens. That's what the SS, the Gestapo, the Stasi, the KGB, and the NKVD did.”
Sure there are supposedly safeguards in place to prevent surveillance abuses, and a Constitution in place that should have protected us from the sort of surveillance that needed safeguards, yet there is constant mission creep and countless abuses. There is talk of metadata being stored by phone companies instead of the government, talk of ending National Security Letters and even talk of reforming FISA [Foreign Intelligence Surveillance Act] courts, but Binney said it’s “like putting lipstick on a pig.” There’s no way to verify what intelligence agencies like the NSA or FBI say are true.
During an interview with Reason, Binney suggested that the watchers “should be drawn from the set of hackers inside of the United States and that these hackers should be rotated periodically so that they don't get infected by the existing structure, like Congress is. So that you would always have a fresh set of hackers in there trying to find out what they're doing wrong.”
Back in the 1990s, Binney helped create a “ThinThread” program that was capable of “watching” what NSA analysts do with data. Ironically, the “analysts objected to being monitored. Which is a joke, right? Considering what they're doing.”
While we may not know exactly what NSA analysts were doings in the 90s, we know what they are doing now thanks to Edward Snowden. “XKeyscore allows analysts to search with no prior authorization through vast databases containing emails, online chats, and the browsing histories of millions of individuals.” He told the Council of Europe, "This technology represents the most significant new threat to civil liberties in modern times."
Since there is no “judicial approval or prior review,” the “agency tracked citizens not involved in any nefarious activities.” Snowden added, that “anyone using non-encrypted communications might be targeted on the basis of their ‘religious beliefs, sexual or political affiliations, transactions with certain businesses’ and even ‘gun ownership’.” Although he “did not believe the NSA was engaged in ‘nightmare scenarios’,” such as compiling lists of all Christians, all gun owners, or all “homosexuals ‘to round them up and send them into camps’,” he said “the infrastructure allowing this to happen had been built.”
The government watches some “people who accidentally followed a wrong link, downloaded the wrong file, or simply visited an internet sex forum.” The Guardian’s coverage of Snowden highlighted how the U.S. government spied on human rights workers, but others are being tracked due to “guilt by association.”
While there’s nothing reasonable about “guilt by association,” there’s a reasonable chance it’s ripe for abuse. Such seems to be the case for a Stanford PhD student who was wrongfully added to the “no fly list” and numerous other watch lists. Dr. Rahinah Ibrahim went to court to get her name removed from the “no fly list;” an FBI agent accidentally added her to several secret lists tracking potential terrorists because he incorrectly filled out the paperwork. After reading an unredacted version of the court document, Techdirt wrote, “The US government has a ‘secret exception’ to the requirement that there be 'reasonable suspicion' to put someone in various terrorist databases.” What’s reasonable about having a secret exception to reasonable suspicion? Nothing.
Techdirt added, “What sort of country is this where there's a secret exception to ‘reasonable suspicion’ that will put you on a set of secret lists that get you treated like a terrorist for wanting to travel?” Perhaps the answer circles back around to Binney’s suggestion for hackers to be who watches the watchers? But then, what hackers…government hackers who might be afraid of the consequences of blowing the abuse whistle, or private contractor hackers with security clearances? There are also plenty of surveillance abuses to be found in the “secretive world of private intelligence contractors -- an estimated $56 billion-a-year industry consuming 70% of America's intelligence budget.”
Meanwhile in another big leap forward for surveillance, the EFF reported that the FBI will have 52 million photos in its Next Generation Identification (NGI) face recognition database by next year. The FBI’s NGI face recognition component was built by MorphoTrust, a company that also built “some of the largest face print databases in the world,” including a face recognition system for 35 state DMVs. You can tell if your state has verified your identity and added you into a facial recognition database by looking for a REAL ID gold star on your driver’s license.
The EFF said that almost one million of the 52 million face prints in the FBI database come from categories that were not explained in FBI documents, categories such as “750,000 images from a ‘Special Population Cognizant’ (SPC) category” and “215,000 images from ‘New Repositories’." Also by 2015, the FBI’s “database will include 4.3 million images taken for non-criminal purposes.”
Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a “mug shot” photo along with your fingerprints. If that’s the case, then the FBI will store both your face print and your fingerprints along with your biographic data.
The EFF says the bigger the dataset, the bigger the risk of false positives. Would a false positive of someone else perhaps land you on one or more watch lists? Don’t scoff; with guilt by association and a secret exception to do away with reasonable suspicion, as well as intelligence agencies sharing data to "connect the dots," it might be a rarity for a person to escape being watched. It's time for effective protections, not the type that looks good on paper, but the real deal that works to protect civil liberties. Are hackers the answer to who watches the watchers watching you?