America's Spy State: How the Telecoms Sell Out Your Privacy
You need to know one simple truth: you have no privacy with regard to your electronic communications.
Nothing you do online, via a wireline telephone or over a wireless device is outside the reach of government security agencies and private corporations. Your ostensible personal communication -- whether a phone call, an email, a search, visiting a website, a credit card purchase, a 140 character Tweet, a movie download or a Facebook friending -- is a public commodity, subject to the dictates of the security state and market opportunists.
Corporate surveillance has begun to raise consumer, Congressional and regulatory concerns – a major case, Amnesty v. Clapper, is now before the Supreme Court. One can only wonder why it is not an issue in this year’s election?
Corporate spying takes a variety of forms. GPS tracking over a wireless device is widespread. Google’s efforts to commercialize its users’ keystrokes resulted in a $25,000 fine from the Federal Communications Commission (FCC). Potentially more consequential, a growing chorus of criticism over its recently introduced data-harvesting program seems to have contributed to a Federal Trade Commission (FTC) investigation of Google; the FTC retained Beth Wilkinson, a high-powered outside counsel, to oversee a possible anti-trust prosecution of the company. On March 1st, Google introduced a new program that collects user data from its 60 services. Google stores “cookies” (i.e., code that compiles a record of an individual’s web browsing history) on a growing number of communications devices, whether a home PC, tablet, smartphone and a growing number of TV sets. These cookies track every website a person visits or function s/he uses. As the New York Times wrote, “The case has the potential to be the biggest showdown between regulators and Silicon Valley since the government took on Microsoft 14 years ago.
The surveillance state is a multi-headed hydra. Corporate spying is intimately linked to the surveillance state, an omnipresent system consisting of federal, state and local security agencies. This spying system is made up of many of the leading private telecommunications and Internet companies working closely with the Department of Justice (DoJ), NSA, FBI, DHS, FCC and still other entities. This increasingly integrated federal system is complemented by an ever-growing army of state and local police “intelligence” agencies. Individual entities work either on their own, together with others and/or with private companies, many that financially benefit from commercial data harvesting.
Jon Michaels, a law professor at UCLA, warned in an invaluable 2008 study: “[P]articipating corporations have been instrumental in enabling U.S. intelligence officials to conduct domestic surveillance and intelligence activities outside of the congressionally imposed framework of court orders and subpoenas, and also outside of the ambit of inter-branch oversight.” His warning rings louder in 2012.
“All the President's Spies: Private-Public Intelligence Partnerships in the War on Terror,”
The attacks of 9/11 provided the rationale for the institutionalization of the security state. Now, a decade later, the U.S. is in a perpetual state of war, fighting threats both foreign and domestic, thus providing the ongoing rationale for expanding surveillance.
The principle vehicle for this policing action is the National Security Letter (NSL), an administrative demand letter or subpoena requiring neither probable cause nor judicial oversight. In effect, an NSL overrides 4th Amendment guarantees safeguarding an American’s right from unreasonable search and seizure. Between 2000 and 2010 (excluding 2001 and 2002 for which no records are available), the FBI was issued 273,122 NSLs; in 2010, 24,287 letters were issued pertaining to 14,000 U.S. residents. (Nicholas Merrill received an NSL; his experience should be a warning to us all.)
Even more alarming, if a company, journalist, person or attorney receives an NSL, they are barred from informing anyone, including the press, about the order. And the NSL is but one of an expanding number of means employed by the surveillance state to spy on an ever-growing, in effect unknowable, number of Americans.
The policies of today’s security state were instituted by a Republican, George W. Bush, and continued with even-greater vigilance by a Democrat, Barack Obama. Whoever wins in November will, if the economic suffering persists and austerity further imposed, the security state will be extended, particularly to spy on alleged domestic “threats.”
* * *
21st century surveillance is a multi-headed hydra united by a string of 0s and 1s.
Some of this spying is banal. Two U.S. malls -- Promenade Temecula in southern California and Short Pump Town Center in Richmond, VA – are tracking guests’ movements by monitoring the signals from their cell phones. Using a FootPath Technology’s application, the malls capture a guest’s phone’s unique identification number and follow a shopper’s path from store to store.
Some of this spying is sci-fi. According to a CNET report, the FBI has used an innovative means of electronic surveillance in criminal investigations. It remotely activates a mobile phone's microphone and uses it to eavesdrop on a nearby conversation. The technique is known as a "roving bug" and was approved for use by top DoJ officials in a New York organized crime case.
And some of this spying is good-old business as usual. The ACLU uncovered a lucrative scheme involving the security state outsourcing data gathering to the major telecommunications companies. The documents provides detailed information on the practices of Alltel, AT&T, Verizon, T-Mobile, Sprint/Nextel, Microsoft/Skype, Vonage, U.S. Wireless, Comcast, Embarq and Cricket.
The major telcos charge hundreds of dollars per wireline telephone wiretap and charge extra for the tracking of voicemail, text messages, GPS locations and other services. Profiles of some of these activities and the fees charged follow:
-- AT&T – charges a $325 per wiretap activation fee, plus $5 per day for data and $10 for audio; it gets $150 for access to a target’s voicemail; it charges $75 per “tower dump” (these allow police to see the numbers of every user accessing a certain cell tower and charges are on a per hour basis, with a minimum of two hours); location tracking costs $100 to activate and then $25 a day.
-- Verizon -- charges a $50 administrative fee plus $700 per month, per wiretap, per target; it charges $50 for access to text messages; it charges between $30 and $60 per hour for each cell tower dump; it doesn’t charge police in “emergency cases, nor do we charge law enforcement for historical location information in non-emergency cases.” The company insists that it doesn’t “make a profit from any of the data requests from law enforcement.”
-- T-Mobile – charges law enforcement a flat fee of $500 per target per wiretap; it charges $150 per cell tower dump per hour; and charges a much pricier $100 per day for location tracking.
-- Sprint/Nextel – charges $400 per wiretap per “market area” and per “technology” as well as a $10 per day fee, capped at $2,000; it also charges $120 for pictures or video, $60 for email, $60 for voice mail and $30 for text messages; it also charges $50 per tower dump and $30 per month per target for location tracking. The company says it doesn’t charge law enforcement for data requests in “exigent circumstances.” It adds: “Fees are charged to law enforcement in other circumstances such as court ordered requests and it’s important to note that any fee charged is for recovery of cost required to support these law enforcement requests 24/7.”
Equally revealing, the ACLU uncovered a DoJ chart detailing how long wireless companies retain personal data. Some of what it details follows:
-- AT&T -- keeps data indefinitely per cell towers used by a phone call; text messages are kept for 5 to 7 years, although it claims no to retain the text message content; and ISP session and destination info is only retained per non-public ISPs for 72 hours and not retained if a public ISP is used.
-- Verizon -- stores cell-site data for "1 rolling year"; holds onto text message detail for "1 rolling year" and actual text content for 3 to 5 days; it keeps ISP session information for 1 year but ISP browsing destination history information for 90 days.
-- T-Mobile -- does not retain the message content, but hangs onto your text details for "pre-paid: 2 years; post-paid: 5 years"; it does not keep ISP browsing destination history information.
-- Sprint/Nextel -- keep cell-site data for 18 to 24 months and stores ISP addresses and browsing history for 60 days.
-- Virgin Mobile (owned by Sprint) -- keeps text detail for "60 to 90 days" and the text message content for 90 days; it claims that a search warrant is required with "text of text" request"; it does not keep ISP browsing destination history information.
Christopher Soghoian, a leading Internet security scholar, provides an invaluable overview of this situation in a recent talk he gave at TED X.
* * *
The ACLU, through Freedom of Information requests, secured documents revealing that more than 200 police departments around the country have been engaged in (often warrantless) surveillance activities. Local and state police regularly track cell phone locations. Perhaps more disturbing, local police brass often instructs their officers to not discuss cell-tracking technology with the public.
As the ACLU reminds all Americans: “Traditionally, the government should have to obtain a warrant based upon probable cause before tracking cell phones. That is what is necessary to protect Americans' privacy, and it is also what is required under the Constitution." Those days are quickly slipping away.
A sampling of how state and local police employ surveillance tools is revealing.
Arizona – localities have acquired cell surveillance tracking equipment to avoid the time and expense of working through the commercial carrier.
California -- state prosecutors advised local police departments on ways to get carriers to “clone” a phone and download text messages while it is turned off.
Michigan – police are using "extraction devices" to download data from the cell phones of motorists that they pull over; extractions take place even if the motorists that are pulled over are not accused of doing anything wrong. In addition, a cell locator was used to find a stabbing victim who was in a basement hiding from his attacker.
Nevada, North Carolina and other states -- police departments have gotten wireless carriers to track cellphone signals back to cell towers as part of nonemergency investigations.
* * *
In 2004, Mark Klein, a recently retired AT&T technician, revealed that in 2003 the NSA built a secret room at the company’s San Francisco facility on Folsom Street. The facility’s purpose was to monitor and copy all phone calls, emails, web browsing and other Internet traffic to and from AT&T customers and provides the information to the NSA. This story exposed the deeply hidden secret about federal surveillance of ordinary Americans known as the warrantless wiretap.
The Patriot Act, a draconian, anti-terrorist piece of legislation hurriedly enacted on October 26, 2001, legitimized the use of warrantless surveillance by federal agencies on U.S. citizens who the government suspected of communicating with a hostile foreign national. The Act allows the FBI to obtain telecommunication, financial and credit records without a court order.
In the wake of the popular outrage over the revelations of AT&T-NSA spying, the Congress amended the Foreign Intelligence Surveillance Act (FISA) in 2008 to retroactively grant U.S. companies immunity from being sued by their customers when they conduct warrantless wiretaps and provide the information to government agencies.
In a recent article in Wired, James Bamford described in detail the NSA’s new “Utah Data Center,” a massive complex that will serve as a global surveillance hub. In the article, Bamford cites a revelation from William Binney, a former NSA senior official and now a whistleblower, that the agency has intercepted “between 15 and 20 trillion” communications (or “transactions” in NSA-speak) over the last decade.
The federal government draws its authority to spy on citizen from a Prohibition-era Supreme Court decision, Olmstead vs. U.S. The Court found that federal wiretapping of the private telephone conversations of a bootlegger without a prior court warrant and the subsequently use of this information as evidence in court did not violate the defendant’s 4th or 5th Amendments protections.
The 1994 adoption of the Communications Assistance for Law Enforcement Act (CALEA) extended federal spying authority.
The Act requires telecommunications carriers to provide “back doors” so that law enforcement agencies and federal intelligence organizations can capture any domestic or international telephone conversations carried over their networks. In 2004, the FCC extended these provisions to apply to broadband networks. Thus, spying expanded from conventional telephone calls to Internet services (e.g., VoIP services like Vonage), peer-to-peer systems (e.g., Skype), caller-ID spoofing (i.e., false number posting) and phone-number portability.
The FBI began building its high-tech surveillance system, the Digital Collection System Network (DCSNet), in 1997. Documents obtained by the Electronic Freedom Foundation (EFF) reveal that DCSNet can execute near-instantaneous wiretaps on almost any telephone, cellphone and Internet communications device. It also connects FBI wiretapping facilities to switches controlled by wireline operators, VoIP companies and cellular providers.
DCSNet allows the FBI to monitor recorded phone calls and messages in real time, create master wiretap files, send digital recordings to translators, track the location of targets in real time using cell-tower information and stream intercepts to mobile surveillance vans. Sprint operates the system over a private, secure and self-contained backbone.
The FBI is now urging Internet companies not to oppose a new proposal that would further extend backdoor access to social-networking websites as well instant messaging and e-mail. It would apply spying requirements to Facebook, Twitter and Xbox Live, among many others. The new provisions would apply to encrypted VoIP software from European firms like the Lichtenstein-based Secfone, available on Android-OS devices.
* * *
The battle over what were once considered sacred Constitutional privacy provisions is heating up.
The Cyber Intelligence Sharing and Protection Act (CISPA) is making its way through Congress; House of Representatives passed it and the Senate is now considering it. Pres. Obama has come out in opposition, warning that he will veto it, insisting: "legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens." As currently drafted, CISPA would undermine the Obama administration’s principal Internet proposal, Consumer Privacy Bill of Rights.
CISPA is conceived as supplanting all current privacy laws by ordering all telecoms, Internet service providers (ISPs) and applications companies to hand over all personal data to the NSA and other federal agencies. Civil liberties groups like the EFF warn that the proposed Act lacks meaningful due process or judicial oversight and will essentially end Constitutional protections against unreasonable electronic search and surveillance.
How this surveillance shell game plays out will likely depend on how the Supreme Court rules in Amnesty v. Clapper. The ACLU is representing a broad coalition of attorneys and human rights, labor, legal and media organizations to determine the limits to federal warrantless wiretapping under FISA.
In 2009, a New York judge dismissed the ACLU’s original suit on the grounds that its clients, including Amnesty International, couldn’t prove that their communications would be monitored under the new law. In 2011, a federal appeals court reversed the 2009 ruling and, in May 2012, the Obama administration asked the Supreme Court to re-impose the state’s right to warrantless wiretaps and other surveillance practices on the basis of national security.
It’s a flip-of-a-coin to prognosticate on how the Court will decide this case. Will it replay it sweeping, conservative Citizens United decision or will it follow the privacy protections extended in the recent Jones decision prohibited GPS tracking of an alleged drug dealer? Stay tuned.
Today’s spy-state recalls the World War I era “red scare,” marked by the roundup of immigrant anarchists and socialist and, in many cases, their deportation. Similarly, it resonates with the anti-communism of the post-World War II era, the age of J. Edgar Hoover, Joe McCarthy and Richard Nixon. Today’s politicians, both Democrat and Republican, know how to play the security card to appease popular fears during a period of profound economic restructuring.