Menu Close

Tag: surveillance (page 1 of 2)

This website was archived on July 20, 2019. It is frozen in time on that date.
Exolymph creator Sonya Mann's active website is Sonya, Supposedly.
Artwork by Matt Brown.

Artwork by Matt Brown.

May 15, 2017

Snoop Unto Them As They Snoop Unto Us

Abruptly returning to a previous topic, here’s a guest dispatch from Famicoman (AKA Mike Dank) on surveillance and privacy. Back to the new focus soon.

The letter sat innocently in a pile of mail on the kitchen table. A boring envelope, nondescript at a glance, that would become something of a Schrödinger’s cat before the inevitable unsealing. The front of it bared the name of the sender, in bright, black letters — “U.S. Department of Justice — Federal Bureau of Investigations.” This probably isn’t something that most people would ever want to find in their mailbox.

For me, the FBI still conjures up imagery straight out of movies, like the bumbling group in 1995’s Hackers, wrongfully pursuing Dade Murphy and his ragtag team of techno-misfits instead of the more sinister Plague. While this reference is dated, I still feel like there is a certain stigma placed upon the FBI, especially by the technophiles who understand there is more to computing than web browsers and document editing. As laws surrounding computers become more sophisticated, we can see them turn draconian. Pioneers, visionaries, and otherwise independent thinkers can be reduced to little more than a prisoner number.

Weeks earlier, I had submitted a Privacy Act inquiry through the FBI’s Freedom of Information Act service. For years, the FBI and other three-letter-agencies have allowed people to openly request information on a myriad of subjects. I was never particularly curious about the outcome of a specific court case or what information The New York Times has requested for articles; my interests were a bit more selfish.

Using the FBI’s eFOIA portal through their website, I filled out a few fields and requested my own FBI file. Creating a FOIA request is greatly simplified these days, and you can even use free services, such as getmyfbifile.com, to generate forms that can be sent to different agencies. I only opted to pursue the FBI at this time, but could always query other agencies in the future.

The whole online eFOIA process was painless, taking maybe two minutes to complete, but I had hesitations as my cursor hovered over the final “Submit” button. Whether or not I actually went through with this, I knew that the state of the information the FBI had on me already wouldn’t falter. They either have something, or they don’t, and I think I’m ready to find out. With this rationalization, I decided to submit — in more ways than one.

The following days went by slowly and my mind seemed to race. I had read anecdotes from people who had requested their FBI file, and knew the results could leave me with more questions than answers. I read one account of someone receiving a document with many redactions, large swathes of blacked-out text, giving a minute-by-minute report of his activities with a collegiate political group. A few more accounts mentioned documents of fully-redacted text, pages upon pages of black lines and nothing else.

What was I in store for? It truly astonishes me that a requester would get back anything at all, even a simple acknowledgement that some record exists. In today’s society where almost everyone has a concern about their privacy, or at least an acknowledgement that they are likely being monitored in some way, the fact that I could send a basic request for information about myself seems like a nonsensical loophole in our current cyberpolitical climate. You would never see this bureaucratic process highlighted in the latest technothriller.

About two weeks after my initial request, there I was, staring at the letter sticking out from the mail stack on the kitchen table. All at once, it filled me with both gloom and solace. This was it, I was going to see what it spelled out, for better or worse. Until I opened it, the contents would remain both good and bad news. After slicing the envelope, I unfolded the two crisp pieces of paper inside, complete with FBI letterhead and a signature from the Record/Information Dissemination Section Chief. As I ingested the first paragraph, I found the line that I hoped I would, “We were unable to identify main records responsive to the FOIA.”

Relief washed over, and any images I had of suited men arriving in black vans to take me away subsided (back down to the normal levels of paranoia, at least). It was the best information I could have received, but not at all what I had expected. For over ten years, I have been involved in several offbeat Internet subcultures and groups, and more than a few sound reason enough to land me on someone’s radar. I was involved with a popular Internet-based hacking video show, held a role in a physical hacking group/meeting, hosted a Tor relay, experimented openly with alternative, secure mesh networks, sysop’d a BitTorrent tracker, and a few other nefarious things here and there.

I always tried to stay on the legal side of things, but that doesn’t mean that I don’t dabble with technologies that could be used for less than savory purposes. In some cases, just figuring out how something can be done was more rewarding than the thought of using it to commit an act or an exploit. Normal people (like friends and coworkers) might call me “suspicious” or tell me I was “likely on a list,” but I didn’t seem to be from what I could gather from the response in front of me.

When I turned back to read the second paragraph, I eyed an interesting passage, “By standard FBI practice and pursuant to FOIA exemption… and Privacy Act exemption… this response neither confirms or denies the existence of your subject’s name on any watch lists.” So maybe I was right to be worried. Maybe I am being watched. I would have no way of knowing. This “neither confirms or denies” response is called a Glomar, which means my information has the potential to be withheld as a matter of national security, or over privacy concerns.

Maybe they do have information on me after all. Even if I received a flat confirmation that there is nothing on me, would I believe it? What is to prevent a government organization from lying to me for “my own good”? How can I be expected to show any semblance of trust at face value? Now that all is said and done, I don’t know much more than I did when I started, and have little to show for the whole exchange besides an official request number and a few pieces of paper with boilerplate, cover-your-ass language.

If we look back at someone like Kevin Mitnick, the cunning social engineer who received a fateful knock on his hotel door right before being arrested in early 1995, we see a prime example of law enforcement pursuing someone not only for the actions they took, but the skills and knowledge they possess. Echoing Operation Sundevil, only five years prior, government agencies wanted to make examples out of their targets, and incite scare tactics to keep others in line.

I can’t help but think of “The Hacker Manifesto,” written by The Mentor (an alias used by Loyd Blankenship) in 1986. “We explore… and you call us criminals. We seek knowledge… and you call us criminals,” Blankenship writes shortly after being arrested himself. Even if I received a page of blacked-out text in the mail, would I be scared and change my habits? What if I awoke to a hammering on my door in the middle of the night? I still don’t know what to make of my response, but maybe I’ll submit another request again next year.

Knock, knock.

Header artwork by Matt Brown.

February 20, 2017

Speculative Revolutions

"this is how every revolution goes in one image" — @corpsemap

“this is how every revolution goes in one image” — @corpsemap

The revolution will be televised! Mainly on surveillance cameras, with footage piped live to police sitrooms. The official streams will be shoddily tapped by the guerrilla IT unit. Police HQ won’t especially mind, because keeping the riot scenes exclusive isn’t necessary.

As we’ve discussed previously, every camera is a surveillance camera when you’re a cop. People reflexively post their footage online, sometimes even helpfully geotagging it. At some point, captions will be run through sentiment analysis automatically, pegging possible insurgents.

So that’ll be fun. (Will be? Or is already being?)

Here’s a semi-related thought from Nils Gilman (who wrote “The Twin Insurgency”):

That the existing system is patently illegitimate alas does not mean that there must exist some self-evidently better alternative Order

He’s talking about US politics — who isn’t, these days — but the point applies in other contexts. Just because things are bad in a given situation doesn’t mean that there is actually a better option. Sometimes things are just bad.

It especially doesn’t mean that your speculative scheme would definitely work better. We’ve already implemented all the ideas with obviously minimal tradeoffs; the rest of the arguments aren’t one-sided (or at least they shouldn’t be).

It’s sort of grimly funny that so many utopian revolutions devolve into police states. Oh, the irony.

Threat level normal! Photo via torbakhopper, who attributes it to Scott Richard.

Photo via torbakhopper, who attributes it to Scott Richard.

January 12, 2017

I Hope You Like the NSA Because the NSA Sure Likes You

Today’s news about the NSA feels a little too spot-on. I hope the hackneyed scriptwriters for 2017 feel ashamed:

In its final days, the Obama administration has expanded the power of the National Security Agency to share globally intercepted personal communications with the government’s 16 other intelligence agencies before applying privacy protections.

The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.

The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.

Really? Expanding the NSA’s power, so soon after the Snowden plotline? A move like this might be exciting in an earlier season, but at this point the show is just demoralizing its viewers. Especially after making the rule that no one can turn off their TV, ever, it just seems cruel.

At least the Brits have it worse? I dunno, that doesn’t make me feel better, since America likes to import UK culture. (It’s one of our founding principles!)

Now is a good time to donate to the Tor Project, is what I’m saying.

In other news, researchers can pull fingerprints from photos and use the data to unlock your phone, etc. Throwback: fingerprints are horrible passwords.

Remember, kids, remaining in your original flesh at all is a poor security practice.

Header photo via torbakhopper, who attributes it to Scott Richard.

Facebook as a global panopticon. Artwork by Joelle L.

Facebook as a global panopticon. Artwork by Joelle L.

January 8, 2017

Reclaiming the Panopticon

The following is Tim Herd’s response to the previous dispatch about sousveillance.

A tech executive was quoted saying something like, “Privacy is dead. Deal with it.” [According to the Wall Street Journal, it was Scott McNealy of Sun Microsystems. He said, “You have zero privacy anyway. Get over it.”]

I think he’s right, for most working definitions of “privacy”. I think that security professionals, privacy advocates, etc, are fighting rearguard actions and they will lose eventually.

Less than a year after Amazon rolls out Alexa, cops pull audio from it to get evidence for a conviction. That microphone is on 24/7, and in full knowledge of this people still buy them.

Why?

Information is valuable. The same technology that lets me look up photos of your house for shits and grins, or to stalk you, is what powers Google Maps.

Privacy and these new technologies will, and have already, come into conflict. The value of the new tech is way, way more than the value of the privacy lost.

This can devolve into 1984 lightning fast. On the other hand, think about this: “Probably the best-known recent example of sousveillance is when Los Angeles resident George Holliday videotaped police officers beating Rodney King after he had been stopped for a traffic violation.” [From the Steve Mann paper.]

The same surveillance tech that makes us spied on all the time, makes other people spied on all the time. I can’t get up to no good, but cops can’t either.

It’s a tool, and it all depends on how it’s used.

Take me, for example. With a handful of exceptions that I am not putting to paper, there is nothing in my life that is particularly problematic. If the government were spying on me 24/7, it wouldn’t even matter. I have nothing to hide.

(I understand the implications regarding wider social norms. I’m working under the assumption that That Ship Has Sailed.)

The people who do have things to hide, well, we made that shit illegal for a reason. Why should I care when they get burned? That’s the whole goddamn point of the law.

(Aside: I believe that the more strictly enforced a law is, the better it is for everyone overall, because consistency of expectations is important. I bet that the roads would be much safer and more orderly if every single time anyone sped, ever, they automatically got a speeding ticket. Always. No matter what. No cat-and-mouse games with cops, no wondering which lights have speed cameras. Just a dirt-simple law. Here is the rule. Follow it and we are fine. Break it and you will always lose. So many problems are caused by people trying to game the rules, break them whenever possible, and follow them only when they have to.)

(Continued aside: Obviously shit would hit the fan if we started automatically 100% enforcing every traffic law. But you better believe that within a month of that policy being rolled out nationwide, speed limits would rise by at least 50%.)

The reason we care about surveillance is that a lot of things are more illegal than we think they should be.

Obvious example: In a world of perfect surveillance, 50% of California gets thrown in federal prison for smoking weed.

All of this is build-up to my hypothesis:

  • The fully surveilled world is coming, whether we like it or not.
  • This will bring us a ton of benefits if we’re smart and brave enough to leverage it.
  • This will bring an unprecedented ability for authorities to impose on us and coerce us, if we are not careful.

Which brings me to the actual thesis: Libertarianism and formal anarchy is going to be way more important in the near future, to cope with this. In a world of perfect surveillance, every person in San Francisco can be thrown in prison if a prosecutor feels like it. Because, for example, literally every in-law rental is illegal (unless they changed the law).

The way you get a perfect surveillance world without everyone going to prison is drastic liberalization of criminal law, drastic reduction of regulatory law, and live-and-let-live social norms that focus very precisely on harms suffered and on restorative justice.

A more general idea that I am anchoring everything on: A lot of people think tech is bad, but that is because they do not take agency over it. Tech is a tool with unimaginable potential for good… if you take initiative and use it. If you sit back and just wait for it to happen, it goes bad.

If you sit back and wait as Facebook starts spying on you more and more, then you will get burned. But if instead you take advantage of it and come up with a harebrained scheme to find dates by using Facebook’s extremely powerful ad-targeting technology… you will benefit so hard.

Header artwork depicting Facebook as a global panopticon by Joelle L.

Stolen from My Second or Third Skin.

Stolen from My Second or Third Skin.

January 6, 2017

Watch Yourself

Let’s talk about sousveillance again. For those not familiar with the word, it literally translates to “undersight” — as opposed to oversight. Surveillance is perpetrated by an authority; sousveillance is perpetrated by the people. The unwashed masses, if you will.

Steve Mann (no relation) led the paper that coined the term. It came out in 2003! They had no idea about Instagram! What’s interesting is how much the connotations of “sousveillance” have morphed since Mann and his colleagues first came up with it. Here’s their original conception:

Organizations have tried to make technology mundane and invisible through its disappearance into the fabric of buildings, objects and bodies. The creation of pervasive ubiquitous technologies — such as smart floors, toilets, elevators, and light switches — means that intelligence gathering devices for ubiquitous surveillance are also becoming invisible […]. This re-placement of technologies and data conduits has brought new opportunities for observation, data collection, and sur/sousveillance, making public surveillance of private space increasingly ubiquitous.

All such activity [until now] has been surveillance: organizations observing people. One way to challenge and problematize both surveillance and acquiescence to it is to resituate these technologies of control on individuals, offering panoptic technologies to help them observe those in authority. […]

Probably the best-known recent example of sousveillance is when Los Angeles resident George Holliday videotaped police officers beating Rodney King after he had been stopped for a traffic violation. The ensuing uproar led to the trial of the officers (although not their conviction) and serious discussion of curtailing police brutality […]. Taping and broadcasting the police assault on Rodney King was serendipitous and fortuitous sousveillance. Yet planned acts of sousveillance can occur, although they are rarer than organizational surveillance. Examples include: customers photographing shopkeepers; taxi passengers photographing cab drivers; citizens photographing police officers who come to their doors; civilians photographing government officials; residents beaming satellite shots of occupying troops onto the Internet. In many cases, these acts of sousveillance violate [either explicit or implicit rules] that ordinary people should not use recording devices to record official acts.

Sousveillance was supposed to be a way to Fight the Man, to check the power of the state. Unfortunately, many governments’ surveillance apparatuses* were poised to take advantage of the compulsive documenting habit that smartphones added to daily life.

For example, the NSA has wonderful SIGINT. Theoretically they can mine Facebook and its ilk for whatever insights they might want to extract. Encryption mitigates this problem, but it’s not clear by how much. Anything that’s publicly available online can be scraped.

So now you have n00bs posting photos of protests on Twitter and accidentally exposing people with open warrants. Elle Armageddon wrote a two-part “OPSEC for Activists” guide, but by default the attendees of unplanned, uncoordinated events aren’t going to follow the rules.

Welp ¯\_(ツ)_/¯

*I thought it would be “apperati” too, but as it turns out, no. See this and this.

Image credit: My Second or Third Skin by Claire Carusillo.

Photo by Ryuichi Miwa. This probably doesn't depict anything related to koseki.

Photo by Ryuichi Miwa. This probably doesn't depict anything related to koseki.

November 1, 2016

Sousveillance on a Blockchain

Compared to the Western world, Japan has an efficient and comprehensive bureaucratic apparatus for determining individuals’ legal identities:

The koseki is Japan’s family registration system. All legally significant transitions in a person’s life — births, deaths, marriages, divorces, adoptions, even changes of gender — are supposed to be registered in a koseki; in fact, registration is what gives them legal effect. An extract of a person’s koseki serves as the Official Document that confirms to the Rest of the World basic details about their identity and status.

Need to prove when you were born? Koseki extract. Need to show you have parental authority to apply for a child’s passport? Koseki extract. Want to commit bigamy? Good luck; the authorities will refuse to register a second marriage if your registry shows you are still encumbered with a first.

Compared to “event-based” Official Documents (birth certificates, divorce decrees and so forth) that prevail in places like America, the koseki is more accurate. An American can use a marriage certificate to show he got married on a particular date in the past but would struggle to prove he is still married today. A koseki extract, on the other hand, can do just that.

Part of me wants to say, “Now throw it on a blockchain!”

But actually what I should talk about is how much of my life is not Officially Documented at all. Who knows what the NSA and the rest of the alphabet soup have in their sneaky little archives (actually massive archives) but I’m insignificant so information about me wouldn’t be catalogued anyway.

When it comes to Genuine Official Documents, I exist and that’s just about it. Birth certificate, driver’s license, and… expired passport? What else do people even have?

On the internet it’s a different story. Some pundits talk about social media as a kind of performative sousveillance. I think “sousveillance” is an unnecessarily loaded word, but it’s true that many of us compulsively self-document. Facebook even has a “major life events” feature (that I personally never use, but it pops up on my timeline frequently).

The vast majority of posts are inane. People grip about this — “I don’t care what you had for breakfast!” — but it also ensures that there’s plenty of material to sift through. Insights can be gleaned, my friends, especially if you cross-reference separate feeds. You could learn so much about me by combing through my 16k+ tweets! Especially when combined with my Instagram.

Maybe we should throw all these social networks on a blockchain and use that as our universal record? If I’ve learned anything from heartfelt Medium posts it’s that anything you could possibly put on a blockchain should be formatted that way.

Header photo by Ryuichi Miwa. It probably doesn’t depict anything related to koseki.

September 25, 2016

Personalities, Bought and Sold

Sara Watson wrote about the contradictory selves that each of us scatters around on the internet:

I catch glimpses of her in side­bars and banners, in the branded ads creeping into my infi­nite scrolls. She surfaces in recom­men­da­tions and person­al­ized results — fleeting encoun­ters unless captured by screen­shot.

She is a pixe­lated, auto­mated portrait of myself. She is frag­ments, an amal­ga­ma­tion I see in the digital mirror. She’s me, now through a glass darkly.

She is a pastiche of my patched-together digital detritus. She is my browsing history, my status updates, my GPS loca­tions, my responses to marketing mail, my credit card trans­ac­tions, and my public records.

Artwork by Matt Lyon.

Artwork by Matt Lyon.

As a pretty public person who makes a living writing (or at least tries to), I struggle with this. I don’t care about the personal effect that ~surveillance capitalism~ has on me (I do care about the political effects, don’t worry!) because let’s be real, the personal effect is nil. I just get advertised to a little more effectively. But it does frustrate me that my public persona is so fractured.

There’s cyberpunk me, which you get exposed to via this newsletter, and which also comes out in the chat group, on Twitter, and on Hacker News. There’s business-y me on Twitter, my website, and occasionally Facebook. But I have a whole separate sphere of interests centered on makeup and other “girly” stuff, expressed via Instagram and Reddit.

I feel really weird when I “cross the streams” by talking about makeup on Twitter or whatever. I’m not presenting something cohesive, from a branding perspective. And since clients come from everywhere, that potentially threatens my livelihood, or at least de-optimizes it.

There are always tradeoffs. The internet and social media have been such a boon to me, especially since I do not function well in normal office environments, but constantly pitching myself to anyone who drops by is exhausting.

August 23, 2016

Program or Be Programmed; UX or Be UX’d

Artwork by GLAS-8.

Artwork by GLAS-8.

Aboniks posted this blockbuster comment on artificial consciousness in the Cyberpunk Futurism chat group:

Pondering how the digital brain-in-a-jar might practice good mental hygiene.

You’d need a hardwired system of I/O and R/W restrictions in place to protect the core data that made up the “youness”. A “youness ROM”, perhaps. If that analogy holds up, then maybe my grandmother’s case is akin to a software overlay suddenly failing. Firmware crash. But I’m not convinced brains are so amenable to simple analogy. The processing and the storage that goes on in our heads doesn’t seem to be modular in the same sense that our digital tools are.

Anyway, if your software and hardware (however they’re arranged and designed) are capable of perfect simulation then they are equally capable of perfect deception. There may be a difference between simulation and deception, but I can’t think of a way to put it that doesn’t seem… forced.

So, for the rest of your “life”, your entire experience is UX, in the tech-bro sense of the word.

“Program or be programmed,” as Rushkoff would say. If you’re not the UX designer, you’re hopelessly vulnerable. Who are the UX designers, then? Who decides where the experience stops and the “youness” starts? Who defines that border to protect you? Another Zuckerberg running a perpetual game of three-card Monte with the privacy policy?

Maybe not an individual, but something more monolithic, ending in “SA” or “Inc”? Will there be an equivalent of Snowden or Assange to expose their profit-driven compromises in our storage facility fail-safes and leak news of government interference in the development process of our gullibility drivers?

Will we be allowed to believe them?

(Lightly edited for readability.)

She wondered where the expression “surf the net” came from. Of course Sarah knew what surfing was, but why “net”? Did it used to have something to do with catching fish?

She was fourteen and relatively popular. Her classmates though she was nice and mildly funny. Sarah knew because of the survey reports.

Harry, the troublemaker, would shoot caustic messages into their class channel. “Who surveys the surveyors?” he asked.

Finally Allison answered — Allison was more popular than Sarah, so she looked up to her — “You are so fucking boring. Get off your history kick and live in the real world, Harry. Like the rest of us. No one cares what the surveyors think. We saw them for like five minutes.”

He shot back, “You know those surveys determine your job trajectory, right?”

Allison told him she thought the test-writers knew what they were doing. Harry called her a regime sycophant. Then the teacher stepped in and reminded them that hostility was inappropriate for this venue.

Four years later, at eighteen, Sarah wondered what ended up happening to Harry. But only for a couple of minutes. Then she went back to work.

May 15, 2016

Struggling Against Systems

“In some ways the Puritans seem to have taken the classic dystopian bargain — give up all freedom and individuality and art, and you can have a perfect society without crime or violence or inequality.” — Scott Alexander

“By preying on the modern necessity to stay connected, governments can reduce our dignity to something like that of tagged animals, the primary difference being that we paid for the tags and they’re in our pockets.” — Edward Snowden

If the Puritans pursued the “classic dystopian bargain”, maybe we’re pursuing the dystopian bargain nouveau. It’s not quite the opposite, but not far from it. We’ve given up all freedom by embracing ideological tribalism and accepting ubiquitous infotainment as a panacea, instead of agitating for the rights nominally promised by our two-faced governments. Who elected Janus? Why haven’t we kicked him out of office?

Graphic via The Intercept.

Graphic via The Intercept.

The rise of mass surveillance, enabled by SIGINT technology, is a good proxy for the government’s lack of respect for its citizens.

Sometimes my commentary on these issues can come across as anti-privacy or maybe pro-surveillance, because lots of the paranoid hacker-types I hang out with overestimate their threat models. So yes, I do want people to lighten up, and I’m pretty pessimistic about the prospect of “normies” using Tor and PGP.

But on the other hand, it’s terrifying that the NSA vacuums up all the information in the world. (International friends: your governments do it too, and they collaborate with the NSA when possible.) It’s terrifying that encryption is under fire. It’s terrifying that people get nigh disappeared in prison. I don’t know what to do with this world.

Maybe the answer is nihilism.

« Older posts

Disclosure

Exolymph is a member of the Amazon Associates program. If you click on an Amazon link from this site and subsequently buy something, Exolymph will receive a small commission (at no cost to you).

Recents Posts

Search

© 2019 Exolymph. All rights reserved.

Theme by Anders Norén.