John* tapped out a simple text message to his wife in January 2016. “I love you,” it read.
But this wasn’t the only message she saw. Unbeknownst to John, his wife had bugged his smart phone. She was spying on John, eavesdropping on all of his texts and multimedia messages, and tracking his every move through the device’s GPS.
She was also stealing all of John’s photos. In one slightly blurred picture, John, a police officer in a small town in the southwestern United States, is knelt over a suspect, who is face down on the curb. In another photograph, John is taking a selfie wearing a dress shirt and a black tie. A third picture shows an email exchange with Facebook’s law enforcement help team, revealing that John was requesting data on a target of an investigation.
These messages and pictures, including some of the couple’s more intimate moments, were taken directly from John’s cellphone by his wife, using a piece of consumer surveillance software made by American company Retina-X. In an ironic twist, the software is called PhoneSheriff.
John is just one of tens of thousands of individuals around the world who are unwitting targets of powerful, relatively cheap spyware that anyone can buy. Ordinary people—lawyers, teachers, construction workers, parents, jealous lovers—have bought malware to monitor mobile phones or computers, according to a large cache of hacked files from Retina-X and FlexiSpy, another spyware company.
The breaches highlight how consumer surveillance technology, which shares some of the same capabilities and sometimes even the same code as spy software used by governments, has established itself with the everyday consumer. And it would appear no small number of people are willing to use this technology on their partners, spouses, or children.
In other words, surveillance starts at home.
A civil war between news and opinion has broken out at the New York Times.
In a Times op-ed posted online Friday, Louise Mensch, a writer and former member of the UK Parliament, gives her suggestion for what questions the House Intelligence Committee should ask as it holds hearings on Russia’s influence in the US election. Mensch offers Times readers reason to trust her expertise: “In November, I broke the story that a Foreign Intelligence Surveillance Act court had issued a warrant that enabled the F.B.I. to examine communications between ‘U.S. persons’ in the Trump campaign relating to Russia-linked banks,” she writes.
On Twitter, Times reporters lashed out.
“Please note that the NYT newsroom disagrees,” national security reporter Charlie Savage tweeted. Savage highlighted from his report this month knocking down the FISA claim: “To date, reporters for The New York Times with demonstrated sources in that world have been unable to corroborate that the court issued any such order.”
The core of the dispute is whether the FISA court granted a warrant, which the Times and Washington Post have not reported, though the BBC and McClatchy have. The Guardian reported about a June FISA request but stopped short at confirming the supposed October one was granted.
When WikiLeaks released more than 8,000 files about the CIA’s global hacking programs this month, it dropped a tantalizing clue: The leak came from private contractors. Federal investigators quickly confirmed this, calling contractors the likeliest sources. As a result of the breach, WikiLeaks editor Julian Assange said, the CIA had “lost control of its entire cyberweapons arsenal.”
Intelligence insiders were dismayed. Agencies “take a chance with contractors” because “they may not have the same loyalty” as officers employed by the government, former CIA director Leon Panetta lamented to NBC.
But this is a liability built into our system that intelligence officials have long known about and done nothing to correct. As I first reported in 2007, some 70 cents of every intelligence dollar is allocated to the private sector. And the relentless pace of mergers and acquisitions in the spies-for-hire business has left five corporations in control of about 80 percent of the 45,000 contractors employed in U.S. intelligence. The threat from unreliable employees in this multibillion-dollar industry is only getting worse.
WikiLeaks on Tuesday released a trove of purported CIA documents hailed by security expert Jessalyn Radack as “in same category as [the] biggest leaks of classified info by [whistleblowers] Chelsea Manning and Edward Snowden.”
Indeed, Snowden himself described the leak as “genuinely a big deal” on Twitter. “Looks authentic,” the National Security Agency (NSA) whistleblower added. The New York Times also described the documents’ authenticity as “likely.”
The Times went on to describe the bombshell revelations included in the trove of documents:
Among other disclosures that, if confirmed, would rock the technology world, the WikiLeaks release said that the CIA and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp, and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”
Tuesday’s release of documents comprise part one of a series, WikiLeaks wrote in a press statement. This first installment, titled “Year Zero,” contains “8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Va.,” according to WikiLeaks.
Newly released by WikiLeaks today is a collection of CIA documents referred to as “Vault 7,” detailing the CIA’s hacking and surveillance technology development. The current release spans “Year 0” of the program, with several more years of documents expected to be released.
Officially called “Weeping Angel,” the program sought 0-day exploits in myriad technology, including not just computers and routers, but things like smartphones and even Smart TVs, with documents showing the CIA could make a Samsung-branded TV go into a “fake-off” mode, where it would appear to be turned off, but its microphone was active and the CIA could listen in to everything happening.
The same was true of the phones targeted, with the CIA having what is said to be a large cache of exploits against both Apple and Android-based phones, exploits they carefully kept guarded from the manufacturers of the phones so that the flaws were never properly repaired. The phone breaches were focused in part on having an OS-level exploit that would render security features in encrypted applications useless,
Also among the efforts, the CIA was trying to hack into cars, with an eye toward gaining remote control over cars anywhere in the world, leading to speculation that the cars would be made to “assassinate” the drivers in an undetectable manner.
[…] There are still many ways in which information from Trump Tower phone calls could end up in the hands of intelligence agents or law enforcement officials — even without any knowledge on Obama’s part.
First, they may have come upon Trump Tower phone calls if a targeted foreign agent was on the other end of the line — this method comes from the Foreign Intelligence Surveillance Court, or FISA court. Or Trump Tower digital chatter might have shown up while authorities dug through the vast quantities of data hoovered up via more sweeping foreign surveillance programs.
Second, the FBI could also have asked for a so-called “pen register” or “trap and trace device,” which record only the parties involved in a phone call. These requests have a lower bar for approval.
While it’s unknown whether any of these scenarios occurred, it’s “very likely that the people in the Obama administration had access to the communication of senior Trump officials in the run-up to the election, because they have very, very broad authority,” said Cindy Cohn, executive director of the Electronic Frontier Foundation, which has advocated for revising surveillance laws.
And given the ongoing FBI-led investigation into potential ties between Trump’s associates and Russian officials, it’s plausible that law enforcement officials and intelligence agencies had an interest in — or simply came across — the communications in Trump Tower, specialists said. The government is also investigating an alleged Russian plot to use cyberattacks and disinformation to help Trump win.
Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was resisted by law enforcement or, in some instances, had been banned.
The program, involving a tool called Greyball, uses data collected from the Uber app and other techniques to identify and circumvent officials who were trying to clamp down on the ride-hailing service. Uber used these methods to evade the authorities in cities like Boston, Paris and Las Vegas, and in countries like Australia, China and South Korea.
Greyball was part of a program called VTOS, short for “violation of terms of service,” which Uber created to root out people it thought were using or targeting its service improperly. The program, including Greyball, began as early as 2014 and remains in use, predominantly outside the United States. Greyball was approved by Uber’s legal team.
Greyball and the VTOS program were described to The New York Times by four current and former Uber employees, who also provided documents. The four spoke on the condition of anonymity because the tools and their use are confidential and because of fear of retaliation by Uber.
Donald Trump has inherited the most powerful machine for spying ever devised. How this petty, vengeful man might wield and expand the sprawling American spy apparatus, already vulnerable to abuse, is disturbing enough on its own. But the outlook is even worse considering Trump’s vast preference for private sector expertise and new strategic friendship with Silicon Valley billionaire investor Peter Thiel, whose controversial (and opaque) company Palantir has long sought to sell governments an unmatched power to sift and exploit information of any kind. Thiel represents a perfect nexus of government clout with the kind of corporate swagger Trump loves. The Intercept can now reveal that Palantir has worked for years to boost the global dragnet of the NSA and its international partners, and was in fact co-created with American spies.
Peter Thiel became one of the American political mainstream’s most notorious figures in 2016 (when it emerged he was bankrolling a lawsuit against Gawker Media, my former employer) even before he won a direct line to the White House. Now he brings to his role as presidential adviser decades of experience as kingly investor and token nonliberal on Facebook’s board of directors, a Rolodex of software luminaries, and a decidedly Trumpian devotion to controversy and contrarianism. But perhaps the most appealing asset Thiel can offer our bewildered new president will be Palantir Technologies, which Thiel founded with Alex Karp and Joe Lonsdale in 2004.
Palantir has never masked its ambitions, in particular the desire to sell its services to the U.S. government — the CIA itself was an early investor in the startup through In-Q-Tel, the agency’s venture capital branch. But Palantir refuses to discuss or even name its government clientele, despite landing “at least $1.2 billion” in federal contracts since 2009, according to an August 2016 report in Politico. The company was last valued at $20 billion and is expected to pursue an IPO in the near future. In a 2012 interview with TechCrunch, while boasting of ties to the intelligence community, Karp said nondisclosure contracts prevent him from speaking about Palantir’s government work.
With mere days left before President-elect Donald Trump takes the White House, President Barack Obama’s administration just finalized rules to make it easier for the nation’s intelligence agencies to share unfiltered information about innocent people.
New rules issued by the Obama administration under Executive Order 12333 will let the NSA—which collects information under that authority with little oversight, transparency, or concern for privacy—share the raw streams of communications it intercepts directly with agencies including the FBI, the DEA, and the Department of Homeland Security, according to a report today by the New York Times.
That’s a huge and troubling shift in the way those intelligence agencies receive information collected by the NSA. Domestic agencies like the FBI are subject to more privacy protections, including warrant requirements. Previously, the NSA shared data with these agencies only after it had screened the data, filtering out unnecessary personal information, including about innocent people whose communications were swept up the NSA’s massive surveillance operations.
The hysteria about Russian hacking of the Democratic National Committee and the Republican National Committee servers and the phishing scam run on Hillary Clinton’s campaign manager, John Podesta, is short on evidence and high in self-righteousness. Much of the report issued Friday was old boilerplate about the Russia Today cable channel, which proves nothing.
My complaint is that American television news reports all this as if it is The First Time in History Anyone has Acted like This. But the head of the Republican Party in the early 1970s hired burglars to do the same thing– break into the Watergate building and get access to DNC documents in hopes of throwing an election. Dick Nixon even ordered a second break-in. And it took a long time for Republican members of Congress to come around to the idea that a crime had been committed; if it hadn’t been for the Supreme Court, Nixon might have served out his term.
In the past decade and a half, the US National Security Agency has been deployed for hacking purposes not, as the cover story would have it, for counter-terrorism (there isn’t much evidence that they’re any good at that), but to gain political advantage over allies.
Amy Goodman and Juan Gonzalez speak to Marc Rotenberg, executive director of the Electronic Privacy Information Center, about the murder case revolving around James Andrew Bates and the police warrant that seeks to obtain data from his Amazon Echo. (Democracy Now!)
- Amazon resists warrants for Echo data in Arkansas murder case
- Alexa Is Listening, But Amazon Values Privacy And Gives You Control
- Your Honor, I’d Like to Call My Next Witness – Amazon Echo
- Murder case will test privacy rights of Amazon Echo users
- Amazon Echo search warrant could spur new prosecution methods, expert says
Councils were given permission to carry out more than 55,000 days of covert surveillance over five years, including spying on people walking dogs, feeding pigeons and fly-tipping, the Guardian can reveal.
A mass freedom of information request has found 186 local authorities – two-thirds of the 283 that responded – used the government’s Regulation of Investigatory Powers Act (Ripa) to gather evidence via secret listening devices, cameras and private detectives.
Among the detailed examples provided were Midlothian council using the powers to monitor dog barking and Allerdale borough council gathering evidence about who was guilty of feeding pigeons.
In late October, a group of Maryland legislators met with police officials, attorneys, privacy advocates, and policy analysts to discuss creating a legal framework to govern aerial surveillance programs such as the one the Baltimore Police Department had been using to track vehicles and individuals through the city since January.
“What, if anything, are other states doing to address this issue?” Joseph Vallerio, the committee’s chairman, asked the panel.
“Nothing,” replied David Rocah, an attorney with the ACLU. “Because no one has ever done this before.”
The Baltimore surveillance program broke new ground by bringing wide-area persistent surveillance—a technology that the military has been developing for a decade—to municipal law enforcement. The police department kept the program secret from the public, as well as from the city’s mayor and other local officials, until it was detailed in August by Bloomberg Businessweek. Privacy advocates, defense attorneys, and some local legislators called for the program to be suspended immediately, until the technology could be evaluated in public hearings.
But in the three months since the public discussion began, the police have continued to use the surveillance plane to monitor large events, such as the Baltimore Marathon, and essential questions remain unanswered. The police continue to classify the program as an ongoing trial, but the private company that operates it for the police—Persistent Surveillance Systems—doesn’t have a permanent contract and no specific regulations govern its operations.
In 2007, Syrians could only access the internet through state-run servers, and services like Microsoft Hotmail and Facebook were sometimes blocked. But Bashar al-Assad, who had been head of the Syrian Computer Society before becoming president, knew the internet would inevitably spread more, and he knew he had to tighten his grip over it.
On October 2, 2007, the head of the government-owned Syria Telecommunications Establishment, or STE, put out a call for companies to develop a surveillance system that would monitor all data flowing on the Syrian internet.
The tender listed a series of “services that must be monitored,” including web browsing, email, chat rooms, instant messaging, internet VOIP calls, encrypted HTTPS web connections, and the use of VPNs.
In the remote Australian outback, multinational companies are embarking on a secretive new kind of mining expedition.
Rio Tinto has long mined the Pilbara region of Western Australia for iron ore riches but now the company is seeking to extract a rather different kind of resource – its own employees, for data.
Thousands of Rio Tinto personnel live in company-run mining camps, spending not just work hours but leisure and home time in space controlled by their employer – which in this emerging era of smart infrastructure presents the opportunity to hoover up every detail of their lives.
Rio Tinto is no stranger to using technology to improve efficiency, having replaced human-operated vehicles with automated haul trucks and trains controlled out of a central operations centre in Perth.
The company is embarking on an attempt to manage its remaining human workers in the same way, and privacy advocates fear it could set a precedent that extends well beyond the mining industry.
The Snooper’s Charter became law on the 29th of November 2016 meaning that the United Kingdom now has by far the most invasive state surveillance laws of any nation in the developed world.
The invasive domestic snooping legislation means that the UK state will attempt to maintain a massive database recording the Internet browsing history of every person in the UK, innocent or guilty. They will then allow dozens and dozens of government agencies and quangos to trawl through this database looking for dirt.
Of course it makes sense to allow the secret services to look into what suspected terrorists are plotting, but this legislation doesn’t just do that. It goes much much further. The first thing it does is presume that every single UK citizen is a potential criminal who needs to be spied on, then it allows all kinds of non-terrorism related agencies to trawl through people’s Internet browsing histories.
As the looming specter of a Donald Trump presidency continues to terrify minority groups throughout the United States, one industry is greeting the new administration with open arms.
Speaking at a physical surveillance trade show on Wednesday, two representatives from the Security Industry Association (SIA) – which lobbies the government on behalf of surveillance tech manufacturers – laid out the myriad ways Trump could be great news for their members’ bottom line. Overall, the near-certainty that Trump will increase spending on defense border security means it’s a great time to be in the surveillance world.
Jake Parker, the director of government relations at SIA, and Joe Hoellerer, manager of government relations at SIA, spoke at a side event during ISC East, the largest physical surveillance trade conference in the northeast. SIA represents about 700 different companies, and although Trump hadn’t announced any cabinet appointments yet, Parker addressed some of the names that had been floated.
This week a law was passed that silently rips privacy from the modern world. It’s called the Investigatory Powers Act.
Under the guise of counter-terrorism, the British state has achieved totalitarian-style surveillance powers – the most intrusive system of any democracy in history. It now has the ability to indiscriminately hack, intercept, record, and monitor the communications and internet use of the entire population.
The hundreds of chilling mass surveillance programmes revealed by Edward Snowden in 2013 were – we assumed – the result of a failure of the democratic process. Snowden’s bravery finally gave Parliament and the public the opportunity to scrutinise this industrial-scale spying and bring the state back into check.
But, in an environment of devastatingly poor political opposition, the Government has actually extended state spying powers beyond those exposed by Snowden – setting a “world-leading” precedent.
- UK politicians approve ‘extreme surveillance’ law
- Why the Investigatory Powers Act is a privacy disaster waiting to happen
- Snooper’s Charter is set to become law: how the Investigatory Powers Bill will affect you
- UN privacy chief: UK surveillance bill is ‘worse than scary’
- Facebook, Google, Twitter unite to attack ‘snoopers’ charter’
A global conference of senior military and intelligence officials taking place in London [last week] revealed how governments increasingly view social media as “a new front in warfare” and a tool for the Armed Forces.
The overriding theme of the event is the need to exploit social media as a source of intelligence on civilian populations and enemies; as well as a propaganda medium to influence public opinion.
A report from the American Civil Liberties Union (ACLU) last month revealed how a CIA-funded tool, Geofeedia, was already being used by police to conduct surveillance of Facebook, Twitter and Instagram to monitor activists and protesters.
Although Facebook and Twitter both quickly revoked Geofeedia’s access to their social feeds, the conference proves that social media surveillance remains a rapidly growing industry with no regulatory oversight. And its biggest customers are our own governments.
They called it Project X. It was an unusually audacious, highly sensitive assignment: to build a massive skyscraper, capable of withstanding an atomic blast, in the middle of New York City. It would have no windows, 29 floors with three basement levels, and enough food to last 1,500 people two weeks in the event of a catastrophe.
But the building’s primary purpose would not be to protect humans from toxic radiation amid nuclear war. Rather, the fortified skyscraper would safeguard powerful computers, cables, and switchboards. It would house one of the most important telecommunications hubs in the United States — the world’s largest center for processing long-distance phone calls, operated by the New York Telephone Company, a subsidiary of AT&T.
The building was designed by the architectural firm John Carl Warnecke & Associates, whose grand vision was to create a communication nerve center like a “20th century fortress, with spears and arrows replaced by protons and neutrons laying quiet siege to an army of machines within.”
Construction began in 1969, and by 1974, the skyscraper was completed. Today, it can be found in the heart of lower Manhattan at 33 Thomas Street, a vast gray tower of concrete and granite that soars 550 feet into the New York skyline. The brutalist structure, still used by AT&T and, according to the New York Department of Finance, owned by the company, is like no other in the vicinity. Unlike the many neighboring residential and office buildings, it is impossible to get a glimpse inside 33 Thomas Street. True to the designers’ original plans, there are no windows and the building is not illuminated. At night it becomes a giant shadow, blending into the darkness, its large square vents emitting a distinct, dull hum that is frequently drowned out by the sound of passing traffic and wailing sirens.
For many New Yorkers, 33 Thomas Street — known as the “Long Lines Building” — has been a source of mystery for years. It has been labeled one of the city’s weirdest and most iconic skyscrapers, but little information has ever been published about its purpose.
A bill giving the UK intelligence agencies and police the most sweeping surveillance powers in the western world has passed into law with barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside.
The Investigatory Powers Act, passed on Thursday, legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US.
The security agencies and police began the year braced for at least some opposition, rehearsing arguments for the debate. In the end, faced with public apathy and an opposition in disarray, the government did not have to make a single substantial concession to the privacy lobby.
US whistleblower Edward Snowden tweeted: “The UK has just legalised the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”
- The Snooper’s Charter passed into law this week – say goodbye to your privacy
- Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
- Why the Investigatory Powers Act is a privacy disaster waiting to happen
- Investigatory Powers Bill passed by Parliament with powers to secretly grab journalists’ call records intact
Juan Gonzalez and Amy Goodman speak to Craig Aaron, president and CEO of Free Press, about the $85 billion proposed mega-merger of telecommunications giant AT&T and Time Warner. They also speak to Adam Schwartz, a senior lawyer at the Electronic Frontier Foundation, about U.S. police departments paying AT&T millions to spy on Americans. (Democracy Now!)
FBI director James Comey set off a torrent of criticism late last week when he directly inserted himself into the presidential campaign with a vague letter to Congress about the reopening of Clinton email case. His conduct has shocked many observers across the political spectrum, but the only thing truly surprising about this episode is that people are only now realizing how power-hungry and dangerous Comey actually is.
During his stints in the Bush and Obama administration Comey has continually taken authoritarian and factually dubious public stances both at odds with responsible public policy and sometimes the law. The Clinton case is not an aberration, it’s part of a clear pattern.
Liberals were once enthralled when Obama appointed the Republican as FBI chief in 2013. They talked about Comey as if he was above reproach because of his role as acting attorney general under George W Bush, when he threatened to resign over an aspect of the president’s illegal warrantless wiretapping program.
[…] Increasingly, the skills developed by spying and waging cyberwarfare don’t stay in the military. Unit 8200 is a feeder school to the private surveillance industry in Israel, the self-proclaimed “startup nation” — and the products those intelligence veterans create are sold to governments around the world to spy on people. While the companies that Unit 8200 veterans run say their technologies are essential to keeping people safe, privacy advocates warn their products undermine civil liberties.
In August, Privacy International, a watchdog group that investigates government surveillance, released a report on the global surveillance industry. The group identified 27 Israeli surveillance companies — the highest number per capita of any country in the world. (The United States leads the world in sheer number of surveillance companies: 122.) Unit 8200 veterans either founded or occupy high-level positions in at least eight of the Israeli surveillance companies named by Privacy International, according to publicly available information. And that list doesn’t include companies like Narus, which was founded by Israeli veterans of Unit 8200 but is now owned by Boeing, the American defense contractor. (Privacy International categorized Narus as an American company because it’s headquartered in California.) Narus technology helped AT&T collect internet traffic and billions of emails and forward that information to the National Security Agency, according to reporting in Wired magazine and documents from the Snowden archive.
“It is alarming that surveillance capabilities developed in some of the world’s most advanced spying agencies are being packaged and exported around the world for profit,” said Edin Omanovic, a research officer at Privacy International. “The proliferation of such intrusive surveillance capabilities is extremely dangerous and poses a real and fundamental threat to human rights and democratization.”
[…] The idea of a UAE-based company recruiting an army of cyberwarriors from abroad to conduct mass surveillance aimed at the country’s own citizens may sound like something out of a bad Bond movie, but based on several months of interviews and research conducted by The Intercept, it appears DarkMatter has been doing precisely that.
Most of those who spoke with The Intercept asked to remain anonymous, citing nondisclosure agreements, fear of potential political persecution in the UAE, professional reprisals, and loss of current and future employment opportunities. Those quoted anonymously were speaking about events based on their direct experience with DarkMatter.
Margaritelli isn’t the only one who insists that DarkMatter isn’t being truthful about its operations and recruitment. More than five sources with knowledge of different parts of the company told The Intercept that sometime after its public debut last November, DarkMatter or a subsidiary began aggressively seeking skilled hackers, including some from the United States, to help it accomplish a wide range of offensive cybersecurity goals. Its work is aimed at exploiting hardware probes installed across major cities for surveillance, hunting down never-before-seen vulnerabilities in software, and building stealth malware implants to track, locate, and hack basically any person at any time in the UAE, several sources explained. As Margaritelli described it in an email to me, “Basically it’s big brother on steroids.”
Telecommunications giant AT&T is selling access to customer data to local law enforcement in secret, new documents released on Monday reveal.
The program, called Hemisphere, was previously known only as a “partnership” between the company and the US Drug Enforcement Agency (DEA) for the purposes of counter-narcotics operations.
It accesses the trove of telephone metadata available to AT&T, who control a large proportion of America’s landline and cellphone infrastructure. Unlike other providers, who delete their stored metadata after a certain time, AT&T keeps information like call time, duration, and even location data on file for years, with records dating back to 2008.
But according to internal company documents revealed Monday by the Daily Beast, Hemisphere is being sold to local police departments and used to investigate everything from murder to Medicaid fraud, costing US taxpayers millions of dollars every year even while riding roughshod over privacy concerns.
Soon, foreign visitors to the United States will be expected to tell U.S. authorities about their social media accounts.
U.S. Customs and Border Protection wants to start collecting “information associated with your online presence” from travelers from countries eligible for a visa waiver, including much of Europe and a handful of other countries. Earlier this summer, the agency proposed including a field on certain customs forms for “provider/platform” and “social media identifier,” making headlines in the international press. If approved by the Office of Management and Budget, the change could take effect as soon as December.
Privacy groups in recent weeks have pushed back against the idea, saying it could chill online expression and gives DHS and CBP overbroad authority to determine what kind of online activity constitutes a “risk to the United States” or “nefarious activity.”
The United Nations special rapporteur on the right to freedom of opinion and expression wrote last month that the scope of information being collected was “vague and open-ended,” and that he was “concerned” that with the change, “government officials might have largely unfettered authority to collect, analyze, share and retain personal and sensitive information about travelers and their online associations.”
You just wanted to shop for a birthday cake in peace—instead, you got ads that follow you around the internet, and coupons in your email that remember exactly which products you clicked on. So you shut down your computer, stick your hands into your pockets, and walk to the store. Here, among the throngs of shoppers, you may feel more anonymous than you do behind a screen unburdened by cookies and tracking pixels, and you can browse in peace.
Except not really. If you brought your smartphone, its GPS probably tattled on you before you even walked through the doors. Take your phone out and it might start picking up inaudible sounds broadcast throughout the store to pinpoint your location and send you targeted ads. Surveillance cameras hidden in light fixtures track your movement through the aisles, and could even be using facial-recognition software to understand your preferences and habits and attach them to your personal profile.
For the past five years or so, brick-and-mortar retail stores have been trying to catch up with their online counterparts in tracking and personalization. Joseph Turow, a professor of communication at the University of Pennsylvania, has been studying the marketing and advertising industries for decades. He chronicled the most recent developments in retail surveillance for his forthcoming book, “The Aisles Have Eyes,” which will be released by Yale University Press in January.