Let’s face it: we’re in an age of expanding universal surveillance and we are witnessing the slow death of privacy.
In an age where a single smartphone photo of a compromising event in your life can permanently ruin you, it’s painfully obvious that the continuing encroachment of Big Data into our lives won’t stop anytime soon. To that end, I have found it necessary on more than one occasion to explain to friends and coworkers the implications of collecting metadata from various data sources.
To understand the basics, we must first understand the terminology. Big data is described by Wikipedia as follows:
Big data is the term for a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications. The challenges include capture, curation, storage, search, sharing, transfer, analysis, and visualization. The trend to larger data sets is due to the additional information derivable from analysis of a single large set of related data, as compared to separate smaller sets with the same total amount of data, allowing correlations to be found to “spot business trends, determine quality of research, prevent diseases, link legal citations, combat crime, and determine real-time roadway traffic conditions.”
Bearing in-mind that the number one priority of any surveillance apparatus is to surveil everything, it should come as no surprise that in this day-and-age data as “simple” as metadata is readily-available and among the easiest data for both corporations and individuals to surrender. Common refrains often sound like “I have nothing to hide”, “It’s just metadata”, and “There’s no way they can crunch all of that data and get anything meaningful out of it.”
To demonstrate, let’s try a thought-experiment:
You have person A, whose name is Bob. Agency A knows nothing about Bob except that he potentially has a smart phone, uses email, and occasionally checks-in on Facebook. Given these three items, Agency A can secretly demand information from his cellular provider, email provider, and even from Facebook itself (if his profile isn’t already public in the first place). Along with demanding this information, Agency A also delivers a boiler-plate “gag order” that prevents any of the aforementioned companies from talking about what has just transpired.
Once Agency A has the metadata about Bob (GPS “pings” from his smart phone, access to emails, etc), as well as having checked Bob’s list of friends on Facebook for “potential terrorist ties” (along with their friends and their friends’ friends), Agency A can now start creating behavioral “maps” of Bob’s activities. Agency A knows that Bob sure likes Halal food (given how much time his smartphone says he spends there each week), probably has mental issues or employment problems (given how much corporate and personal email he sends each week), and probably has a mistress (given who he has as friends on Facebook and the inferred state of his marriage).
Starting to sound scary? It should.
Behavioral mapping is a relatively recent product of psychology and criminology, but is increasingly being applied to all manner of different disciplines including marketing, UI/UX (User Interface/User Experience) development, and (increasingly) security-related disciplines such as intelligence gathering and processing.
Once Agency A from our example has a behavioral map of Bob, it can start extrapolating based on certain heuristics or algorithms to begin computing how dangerous Bob might be to an established mission or set of political or military goals (let’s call this a “threat quotient”).
Now, you might be thinking “How do I become a threat?” It’s actually not known how a person is determined to be a threat, but what is known is that once you are determined to be a potential threat, Agency A might flag your identity on any one of more than a dozen “SECRET CLEARANCE” databases that are utilized by various agencies such as the TSA, Homeland Security, the FBI, the CIA, the NSA, or even the DOJ. This “flagging” is not only arbitrary, but also can be quite broad. You can be flagged for something as simple as purchasing or checking-out a book from the library that has been read by other individuals who have met the minimum “threat quotient” to be flagged in the databases previously mentioned. You could visit a foreign country for an extended period that other “threats” have visited, you could read certain websites, listen to certain music, or even “like” certain things on Facebook. It’s arbitrary, and it’s not even visible to the public.
Getting back to the primary topic of privacy and security-awareness, the only tried-and-true option to avoid being monitored is to take ownership and control of your information on the internet. By opting-out or disconnecting from various services such as Facebook, Google+, GMail, Yahoo Mail, and many others that have been brought under scrutiny for compliance with federal demands for information, you are depriving the very people who are surveilling you of the information that they need to track you and your behavior.
While few services exist that are as easy to use as those listed previously, there is something to be said for taking responsibility for the information being transmitted and stored digitally. Just as you would traditionally take ownership of your personal effects, your reputation, and what information is known about you, the same must occur for all persons concerned with security and privacy in this brave new (digital) world.
For a list of privacy-related alternatives and how you can take better control of your privacy and your data online, please visit the exceptional PrismBreak.org and make your voice heard! Your representatives (in whatever country you live in) need to hear your voice and must know that the price of security will not be paid for with the poisonous currency of unchallenged universal surveillance.