Mass Surveillance

[gemera]

Know the debate on security is immensely polarised - but what the heck!

I'm just wondering if the term "Mass Surveillance" is being used to sow unnecessary discord and paranoia.

After all, it is THIS term that is being used time and time again throughout the media with regard to Edward Snowden etc.

A check on the wiki entry for this term indicates that its origin was in the war-time surveillance of transatlantic phone calls, in which each and every call would indeed have been checked and monitored.

And, surveillance is the complete and targeted observation of a targets movements.

"Mass Surveillance" implies and is being interpreted by many people as the government thus tracking vast swathes of the population in detail.

Whereas my understanding of what is going on is that these systems merely sweep up vast quantities of data, into storage, where it remains largely completely unresolved.

In this respect we all have data like this - e.g. the telephone directory, containing thousands of names, addresses and telephone numbers - which means they are also somewhere on the NSA database.

Anyway - they have this massive database which is in fact a centralisation of the database repositories of many other sources - so exists anyway in some form.

And all they are doing is selecting specific targets which allow the algorithms to access the data to find connections relating to that specific target.

So as far as I can see NO mass surveillance is in fact going on. What there is, is "Mass Data Collection".

To describe the mere possession of data as "Mass Surveillance" I would have thought is a skewing of the truth and represents a negative characterisation of the reality.

[Yarin]

And all they are doing is selecting specific targets which allow the algorithms to access the data to find connections relating to that specific target.

So as far as I can see NO mass surveillance is in fact going on. What there is, is "Mass Data Collection".

To describe the mere possession of data as "Mass Surveillance" I would have thought is a skewing of the truth and represents a negative characterisation of the reality.

Agreed. I look forward to the day that the NSA extends their data collection to cameras in my bedroom. It's not like I would be under surveillance, if a crime or suspected terroism happens in my bedroom they can then query the database. After all, the government has proven it's honesty and integrity time and time again. It's great to know they're keeping us safe!

[gemera]

Well done for side stepping the issue.

So if you hate THIS government what government do you want?

[phantomotap]

I look forward to the day that the NSA extends their data collection to cameras in my bedroom.

O_o

Do you even read? The original poster is talking about "mass subservience"; the cameras are obviously in my bedroom.

Soma

[Edit]Yeah, I made a fat joke.[/Edit]

[phantomotap]

Well done for side stepping the issue.

O_o

Do you really not understand that the "Mass Data Collection" you are talking about is "Mass Surveillance"?

The data being collected by providers--like Google--are so ordered by laws in many jurisdictions; these "data retention" laws are so written specifically so that traffic analysis, "social engineering", and "mass surveillance" remains possible for at least six months and up to a few years.

There is no technical reason whatsoever for the raw data required by these laws to ever have been stored before destructive hashing. In fact, the requirement to store the raw data is considered by some providers--systems using "popstore" techniques for example--to be an unnecessary burden so dropped out of service in some jurisdictions.

Seriously, you are hereby invited to read the actual laws concerning "data retention" over the wide world; some of them specifically reference "mass surveillance".

Sure, the United States of America doesn't have the laws (Well, at least, they didn't last time I looked. However, most providers do offer such data through one or more programs.), but you are simply being naive if you think bodies in the USA aren't using such data for the same reasons.

Soma

[Yarin]

Well done for side stepping the issue.

I simply tried to expound on your line of thought.

So as far as I can see NO mass surveillance is in fact going on. What there is, is "Mass Data Collection".

I suppose then that we should stop calling the cameras out in front of one's local 7/11, "surveillance", but instead call it "data collection", considering most of the footage will never be checked by a human.

So if you hate THIS government what government do you want?

I didn't say I hate this government, but, how about a government that doesn't demand encryption keys for masses of innocent people's data with gag orders? I know, me and my crazy ideas of transparency.

[phantomotap]

I didn't say I hate this government, but, how about a government that doesn't demand encryption keys for masses of innocent people's data with gag orders?

O_o

With maybe a little "probably cause" and "court ordered warrant" thrown in for good measure?

Soma

[gemera]

O_o

Do you really not understand that the "Mass Data Collection" you are talking about is "Mass Surveillance"?


Soma

I'm here to be enlightened sir!

Ok I still see a massive difference between the two.

As far as I can see you are talking theoretically.

Theoretically it is possible for someone to follow the tracks. Theoretically it is possible for some kind of "mass surveillance".

There is a difference between that and actual surveillance.

Is your government at this moment actively surveying the collected data of large numbers of its citizens.

Is it ACTUALLY involved in mass surveillance.

[grumpy]

Collecting data and information is one part of surveillance (the act of keeping watch). Interpreting and understanding it is another part. The two parts can go together, but they can be separated in time.

Describing "data collection" as "surveillance" is therefore correct. One is a subset of the other.


The act of surveillance itself is not a problem. The purpose of the surveillance (or lack of purpose) can be a problem - what is intended to be done with the information? Even if the purpose is acceptable, is the information protected from access by others who would use it in unacceptable manners? If one has concerns about the purpose of the surveillance, or about whether the information gathered might intentionally or unintentionally be used for unacceptable purposes in future, then one option is to prevent surveillance or find countermeasures.


One real concern is that the extent of surveillance has increased substantially. Yes, a lot of the information being gathered is out there, but pulling it into a central repository allows associations to be made that couldn't be made before. It allows tools to be developed that draw conclusions from several items of information that were not possible until they were put together. The purpose of those activities drives whether those things are good or bad.

Surveillance is also not necessarily targeted. It can also be performed just because it is possible, until someone works out a way to use the information. The purpose might be just to gather information in the hope we can use it. Use it for what?

That potential for information fusion is a concern, particularly with large secretive organisations who are not disclosing their purpose, are gathering information "just in case", and may decide - in future - to use aggregated information that they have collected over a period of time. We can't necessarily predict how the policies of those organisations will change over time (the organisation might collect information today, but decide in future to use it in manners we would currently consider unacceptable or to provide that information to other who we would currently consider unacceptable). And that's assuming checks and balances in place. There is also potential for organisations or people to access the information by nefarious means.

The thing is, some surveillance is done for very good reasons (to support people, discourage criminal activity, prioritise design of better services). Not all is. Data gathered for good reasons can be misused.

While a lot of surveillance is benign, I think the growing surveillance fetish is a concern. A lot of surveillance is being done simply because it is possible and permitted, and because of a mindset of "we might be able to do something more with this in future". The worst case (the large collections of data and tools for working with that data gets into hands of people who would use it for unethical purposes) is pretty bad. Those who support surveillance tend to underplay that worst case. Those who are opposed tend to overplay it. The truth is somewhere in the middle.

[gemera]

Collecting data and information is one part of surveillance (the act of keeping watch). Interpreting and understanding it is another part. The two parts can go together, but they can be separated in time.

Describing "data collection" as "surveillance" is therefore correct. One is a subset of the other.

There is a massive actual difference between the two though!

e.g. by your definition YOU are under surveillance by the NSA.

Quick, grab the passport and head for the border!

Simply because your data or fragments of it are somewhere on their servers.

Whereas no one in the NSA has probably even heard of you.

No one is interested!

You are not actually under surveillance! No one is following you.

No one is watching you!

But agree that this technology is incredibly powerful and needs strong oversight and controls.

[phantomotap]

Is your government at this moment actively surveying the collected data of large numbers of its citizens.

O_o

Assuming your reference to the NSA as indicative, your government is "actively surveying the collected data of large numbers of its citizens".

You know, maybe the issue here isn't the "surveillance", but that you really think such comprehensive computer analysis is only "theoretical surveillance".

Have you ever heard of "Locard's Exchange Principle"? The idea applies so very much to the internet.

(You are probably aware of this, but I'm just making sure we start with some flare.)

Let's play a game; do you have an account with a popular social network? (I'm going to assume you do because we follow a hypothetical path.) The odds are, you do have such an account, and the odds are also that you have at least a few people associated with your account who don't even try to be secure with their information. You may think it a non-issue, but that relationship gives me an attack suffice. (In fact, you and everyone you know adds to the attack surface.) So, I don't know who you are "in real life", but one of the people you associate with online does know, and if I can't find out by looking at tagged photographs, I need only look further down the tree. Eventually, someone will tell me a scrap of information I can use that will "trickle uphill", and I can find a way to extort something out of you with that information.

You are aware this sort of thing can be done with intent by an interested party, yes?

Your argument is, essentially, because there is no interested party available there is no "mass surveillance"?

Am I on the same page?

You are simply wrong that the algorithms work while an interested party is "electing specific targets"; for the surveillance algorithms to work, they have to find a "chink in the armor", and that "chink" often will not come from the "target". They have computerized "social engineering"; they look at your friends; they look at what your friends may say about you; they find any opening they can so that they may have direct access to the "target".

I now invite you to study the "Harvard Dialect Survey". With some, relatively simple, comparative analysis, living on a few computers, the study managed to find a suitable set of associations between dialect and region to the point that the quiz can often pinpoint down the town where an individual was raised.

You are probably going to argue that "That was a voluntary survey!".

How much information do people who know you volunteer? Have you ever confided of a crime to someone you know? Do they have a "Facebook" account? A lot of where you go, how long you are there, how often you go, and what you do while you are there is recorded by someone if not you.

I can guess your thinking of something like "Well, that isn't really "mass surveillance" because people aren't looking at the processed result." or "Well, most of that information will be tossed because a lack of interest in the business of you.".

What difference does it make if someone may not look at it? The surveillance has still happened. The surveillance "footage" still exists. You don't magic the existence of the surveillance "footage" away by saying "no one looked at it". Whomever owns the "footage" doesn't have to look at the "footage" until they need it, but when they do need it, the "footage" already exists because, yes, many government bodies are actively processing data to find the "footage". You say that "no one is following you", but they don't have to follow you until they take interest in you because you are telling them it is okay for them to have "footage" of everything you have done. How willing are you, really, to say that "potential surveillance" isn't surveillance?

That is the problem with your view; you are giving a pass to surveillance just because it hasn't yet been used against you. You shouldn't want surveillance in violation of your rights to exist in the first place. The fact is, it just doesn't matter if such "Mass Data Collection" has been viewed or specifically targeted; the "Mass Data Collection" will have already happened by the time it will be used against you. The surveillance has already happened whether you think so or not; those "fragments" you aren't wary of have already marked you. You say "No one is watching you!", but they don't need to specifically watch you if you are okay with them watching everyone; they'll have the "data or fragments of it" they need when they start watching you.

Soma

[gemera]

So now we appear to be agreeing that in the place of "Mass Surveillance" the correct term would be "Potential Mass Surveillance".

Which is NOT mass surveillance. Which is the whole point of my original post. This term has been used to sex-up the reality of what is actually going on, is being used by media outlets all over the place, and is distorting the truth. There is enough paranoia about on this issue as it is!

Do we want serious debate about the conduct of our secret services to be mired in half-truths, paranoia and misunderstanding?

Actually I'm against having my data collected by any organisation. I'm just realistic enough to understand its going to happen.

[phantomotap]

So now we appear to be agreeing that in the place of "Mass Surveillance" the correct term would be "Potential Mass Surveillance".

O_o

No. I said that you were only saying that because no surveillance has yet been used against you.

I also said that you were horribly wrong.

There is enough paranoia about on this issue as it is!

Knowing that people are harvesting data which may be used against me makes me paranoid?

Knowing that surveillance materials are being stored about everything I do online makes me paranoid?

*shrug*

Well, okay, feel free to call me paranoid, but I'd be chuffed if you didn't accuse me of agreeing with you.

Soma

[gemera]

The reference to paranoia was not,not, not a personal attack but in reference to the general zeitgeiss.

[phantomotap]

The reference to paranoia was not,not, not a personal attack but in reference to the general zeitgeiss.

O_o

Fair enough, I apologize for getting defensive.

Soma