Category: intelligence

Everyday prejudices mean Canadians end up on watchlists

Another great audit report from the Office of the Privacy Commissioner here in Canada, investigating the Financial Transactions and Reports Analysis Centre of Canada (Fintrac) has just been released. Fintrac, created in 2001 in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and now with even more extended powers, operates a databases which is supposed to contain details of those suspected of supporting terrorism or money laundering (often on behalf of major criminal and terrorist groups).

However, there is a good story in The Globe and Mail today which leads on the most worrying aspect identified by the audit, which is that in many cases, the Fintrac database is massively overreliant on unsubstantiated suspicions from low-level functionaries in banks, insurance firms and credit agencies. Some of these ‘suspicions’ were clearly simple prejudice as they appeared to be based entirely on ethnicity. Part of the problem is that there are no clear guidelines as to what constitutes a reasonable suspicion in the legislation.

But being put on the database can have serious consequences, firstly because of the potential penalties involved (up to $2m CAN fines and 5-years imprisonment) and secondly, because the information in the Fintrac database can be accessed by Canadian Security Intelligence Service (CSIS), the Royal Canadian Mounted Police  (the RCMP – Canada’s FBI) or shared with overseas police and intelligence services. In the latter case, as we already know, mounting errors can result in innocent people being subject to ever more harsh treatment including being excluded from countries, placed on no-fly lists or even the UN1267 ‘known terrorists and affiliates’ list, as well as, in the worst cases, opening them up to extraordinary rendition, imprisonment and torture.

Jennifer Stoddart, the current Privacy Commissioner, has a well-deserved reputation getting positive changes made, so let’s hope she can persuade Fintrac to get this sorted out pretty soon.

The Biggest Database in the World

James Bamford has a superb review of the new book by Matthew Aid about the US National Security Agency (NSA) in the New York Review of Books this month. What seems to be causing a stir around the intelligence research (and computing) community is the reference to a report by the MITRE corporation into a the information needs of the NSA in relation to new central NSA data repository being constructed in the deserts of Utah. The report, which is being rather speculative, says that IF the trend for increasing numbers of sensors collecting all kinds of information continues, then the kind of storage capacity required would be in the range of yottabytes by 2015 – as CrunchGear blog points out: there are “a thousand gigabytes in a terabyte, a thousand terabytes in a petabyte, a thousand petabytes in an exabyte, a thousand exabytes in a zettabyte, and a thousand zettabytes in a yottabyte. In other words, a yottabyte is 1,000,000,000,000,000GB.” However CrunchGear misses the ‘ifs’ in the report as some of the comments on the story point out. There is no doubt however, that the NSA will have some technical capabilities that are way beyond what the ordinary commercial market currently provides and it’s probably useless to speculate just how far beyond. Perhaps more important in any case, are the technologies and techniques required to sort such a huge amount of information into usable data and to create meaningful categories and profiles from it – that is where the cutting edge is. The size of storage units is not really even that interesting… The other interesting thing here is the hint of competition within US intelligence that never seems to stop: just a few months back, the FBI was revealed to have its Investigative Data Warehouse (IDW) plan. Data Warehouses or repositories seem to be the current fashion in intelligence: whilst the whole rest of the world moves more towards ‘cloud computing’ and more open systems, they collect it all and lock it down.

Canadian Internet Snooping Law

I’ve noted before that there seems to be a concerted push around the world by governments to introduce comprehensive new telecoms surveillance laws that force telecommunications and Internet Service Providers (ISPs) to record, store, and provide access to and/or share with state intelligence agencies, the traffic and/or communications data of their customers (in other words, users like us). What is noticeably here is that there is a particular logic that appears in the arguments of governments who are attempting to persuade their parliaments or people of the need for such laws. This logic that is firstly, circular and self-referential, in that it makes reference to the fact that other governments have passed such laws as if this in itself provides some compelling reason for the law to be passed in their own country. The second part of this is a king of competitive disadvantage arguments that flows from the first argument: if ‘we’ don’t have this law, then somehow we are falling behind in a never openly discussed intelligence-capability race that will hit national technological innovation too.

The media often seem oblivious to what seems obvious, and hence the story on the CTV news site today with reference to Canada’s currently proposed communications law that would allow the Canadian Security and Intelligence Service (CSIS) warrantless access to such the data from Internet and telecoms providers. They consider it to be ‘unexpected’ that the parliamentary Security Intelligence Review Committee has come out in support of the bill. Looking at the reasons why though, they are exactly what one would expect if one has been following the debates around the world and contain exactly the logics I have outlined. The story notes that the committee “points out that governments in the United States and Europe have already passed laws requiring co-operation between security agencies and online service providers” (without, incidentally, pointing out that these remain enormously controversial, or that other governments have abandoned some of their attempts) and later that “intelligence technology… requires continued access to new talent and innovative research.” However they won’t go into details as it is a “very sensitive matter.”

And absent from this debate as usual is the fact that this is not just a question of ‘national security’ if you set up these systems, you feed the US National Security Agency too. Canadian intelligence is still bound by agreements made after WW2, particularly the CANUSA agreement on Signals Intelligence (SIGINT), later incorporated into the UKUSA structure. And as we all know, right now, the USA does not always have the same strategic interests as Canada (the issue of arctic sovereignty is just one example). If this bill is passed, it’s a license for US spies, not just Canadian ones.

UK state spy program targets innocent

The headline may not come as any surprise but a damning report has been released on a key strand of the British government’s counterterrrorism strategy, Preventing Violent Extremism (or just ‘Prevent’). £140m (around $200m US) has been allocated to this program but much of it seems to have been devoted not to combatting nascent Islamic extremism (which is the stated aim) but MI5 simply collecting masses of information on entirely innocent British Muslims – information that will be kept until they are 100 years old! Part of this is because of the tenuous nature of the strategy in the first place: how would one define or identify those who are not terrorists but might become so? Will it be, as in cases reported by The Guardian, the student who attends a lecture on the conditions in Gaza or Muslim men with mental health problems? And much of this depends on teachers and lecturers reporting students. Therefore the program would seem inevitably to encourage suspicion and distrust, as Arun Kundnani writes and as the general tone of left and civil liberties critique has reinforced. But opposition has come from all sides: Pauline Neville-Jones, the Conservative shadow security minister, but also former chair of the Joint Intelligence Committee and political director of the Foreign Office, has also condemned the whole approach of New Labour, which she argues is rooted in the identification of discrete ‘communities’ who share similar characteristics. This can of course be the basis of a form of multiculturalism, but at times of increased security and suspicion it seems all to easy for it to morph into what is effectively racial profiling…

CIA buys into Web 2.0 monitoring firm

Wired online has a report that the US Central Intelligence Agency has bought a significant stake in a market research firm called Visible Technologies that specializes in monitoring new social media such as blogs, mirco-blogs, forums, customer feedback sites and social networking sites (although not closed sites like Facebook – or at least that’s what they claim).  This is interesting but it isn’t surprising – most of what intelligence agencies has always been sifting through the masses of openly available information out there – what is now called open-source intelligence – but the fact is that people are putting more of themselves out their than ever before, and material that you would never have expected to be of interest to either commercial or state organisations is now there to be mined for useful data.

(thanks, once again to Aaron Martin for this).

Reclaim your data!

A new campaign launches on the 1st October in Europe to reclaim your data from the European police authorities.

Now in Europe, national police databases systems, the Schengen Information System (SIS) on immigration and border control, the files of Europol and more, are planned to be integrated following the Prüm Treaty and the so-called ‘Stockholm Programme’ (now in preparation for European Council vote in December this year).

As the organisers make clear, this does not just concern people convicted of any crime, but all immigrants, political protestors arrested at demonstrations, all the many entirely innocent people included on the UK’s National DNA Database – or any other national police database that includes data on the innocent, etc. What’s more, as a result of pre-existing (and originally secretly negotiated) agreements with the USA, the data will also be shared with the FBI and other US intelligence agencies.

So – first of all, protest! In what ever way you can. And secondly, as the campaign suggests:

“to anyone who would like to know what the police (think they) know about you, or simply to register your dissent, we recommend exercising your right to access your own data by sending a request for information to the relevant police authority in your country. The digest received in response will help to give us an idea of the full extent of police access to citizen data, as well as serving as a starting point for getting your data out of the computer systems, by legal or political means.”

Further details here (in English and German).

German-language document generator for data requests.

MI5 in all kinds of trouble…

The British internal security service, MI5, has found itself in all kinds of trouble this week. First there was the report of the inquiry into the intelligence aspects of the 7/7 bombings in London. Although the report ‘cleared’ MI5 of wrongdoing (which was hardly unexpected!), it is clear that there was a catalogue of intelligence failures resulting from aspects as varied as a lack of funding, poor communication between MI5 and police, and simple mistake in judging the seriousness of the activities of those who came to the notice of MI5, particularly the two eventual bombers, Mohammed Sidique Khan and Shehzad Tanweer.

Then today, there have been serious allegations made in The Independent of the MI5 trying recruitment by blackmail on young British Muslims. Basically the modus operandi was to approach the potential informant and tell them that they were suspected of terrorist activities or terrorist sympathies, but that if they cooperated with MI5 then this would be overlooked. However if they refused then their ‘terrorist connections’ would be made more widely known.

All of this, as if it needed pointing out again, leads to the the clear conclusion that the security services need better and more transparent oversight, as well as clearer direction, and yes, perhaps more money (if they can behave themselves). The point is that properly controlled and justified targeted surveillance of genuine suspects (like Khan and Tanweer) is exactly what a security service should do, whereas mass preemptive surveillance (a la Met Police) or random blackmail is not. In fact the latter would tend to be counterproductive as in general, they will increase distrust in government and in particular, drive more young Muslims towards extremism.

Court rules against police precautionary surveillance

In another chapter in the current struggle over the means of visual representation, the UK Court of Appeal has made an important ruling that could affect the future of police surveillance tactics. In a case brought by anti-arms trade protestor, Andrew Wood (no relation!), the judges ruled that the Metropolitan Police should destroy photographs taken of Mr Wood at the AGM of giant dataveillance conglomerate, Reed Elsevier ( the BBC calls them a ‘publisher’ but that’s a rather archaic and inaccurate term for what Reed Elsevier does, which is to collect, analyse, organise and trade in personal and business data of all kinds).  Reed Elsevier had been involved with running arms trade exhibitions through a subsidiary at the time.

The ruling argued that the police should not take and retain pictures of people who were not suspected of any current wrongdoing, but whom the police considered might do so in the future. According to the BBC, the Met had argued that its actions “were reasonable in helping officers to detect crimes that may have occurred in the past or may do so in the future.” But that is exactly the kind of blanket risk-management-based way of thinking that allows almost any preemptive or precautionary mass surveillance to be justified, and it is quite right that the Court should have ruled that it should be controlled. It is about time that a ruling like this was made.

The one cautionary note here is that the Met will be appealing this to the House of Lords, and no doubt beyond if that fails, so watch this space…

FBI data warehouse revealed by EFF

Tenacious FoI and ‘institutional discovery’ work both in and out of the US courts by the Electronic Frontier Foundation has resulted in the FBI releasing lots of information about its enormous dataveillance program, based around the Investigative Data Warehouse (IDW). 

The clear and comprehensible report is available from EFF here, but the basic messages are that:

  •  the FBI now has a data warehouse with over a billion unique documents or seven times as many as are contained in the Library of Congress;
  • it is using content management and datamining software to connect, cross-reference and analyse data from over fifty previously separate datasets included in the warehouse. These include, by the way, both the entire US-VISIT database, the No-Fly list and other controversial post-9/11 systems.
  • The IDW will be used for both link and pattern analysis using technology connected to the Foreign Terrorist Tracking Task Force (FTTTF) prgram, in other words Knowledge Disovery in Databases (KDD) software, which will through connecting people, groups and places, will generate entirely ‘new’ data and project links forward in time as predictions.

EFF conclude that datamining is the future for the IDW. This is true, but I would also say that it was the past and is the present too. Datamining is not new for the US intelligence services, indeed many of the techniques we now call datamining were developed by the National Security Agency (NSA). There would be no point in the FBI just warehousing vast numbers of documents without techniques for analysing and connecting them. KDD may well be more recent for the FBI and this phildickian ‘pre-crime’ is most certainly the future in more ways than one…

There is a lot that interests me here (and indeed, I am currently trying to write a piece about the socio-techncial history of these massive intelligence data analysis systems), but one issue is whether this complex operation will ‘work’ or whether it will throw up so many random and worthless ‘connections’ (the ‘six-degrees of Kevin Bacon’ syndrome) that it will actually slow-down or damage actual investigations into real criminal activities. That all depends on the architecture of the system, and that is something we know little about, although there are a few hints in the EFF report…

(thanks to Rosamunde van Brakel for the link)

USA, EU and UK all investing in advanced biometrics

News from various sources has revealed that the United State, the European Union and the United Kingdom are all preparing to invest further large sums in advanced biometrics and surveillance research.

According to an anonymous message to Slashdot, in the USA, Department of Justice requisitions for the coming year show “$233.9 million in funding for an ‘Advanced Electronic Surveillance’ project, and $97.6 million to establish the ‘Biometric Technology Center.'”  The former is largely to deal with the problems of intercepting Voice-over-Internet Protocol (VoIP) communications – like Skype. The latter is what Slashdot  calls a “vast database of personal data including fingerprints, iris scans and DNA which the FBI calls the Next Generation Identification” for the FBI. In other words, the architecture of the proposed ‘Server in the Sky’ system, which The Guardian revealed last year – for some notes on this and other systems under development, see here.

Meanwhile Owen Bowcott in The Guardian today has a story which puts together various bits and pieces from the EU’s FP7 Security theme research budget and UK security investment. In the UK, there is to be £15 million spent on updating UK biometric security for embassies, and more interestingly other unspecified ‘surveillance’ purposes, and in addition, rolling out of facial recognition systems to more UK airports. As we know, the controlled environments of airports where people are required to look at cameras, are one of the few place where this technology works properly.

This provides a rather tenuous link to the headline of the Guardian story which is an EU-funded study into brain-scanning (yet again) called Humabio (Human Monitoring and Authentication using Biodynamic Indicators and Behaviourial Analysis). There are lots of these about, and one of them may work sooner or later, but it is worth pointing out that people have been putting out ‘we will soon have brain scanning’ stories since the 1980s and like, nuclear fusion, it always seems to be 5 or 10 years in the future. Brain-scanning seems to be the technology of the future… always has been, always will be?