Bulk surveillance is going mainstream in the US, and inhumane tech is forthcoming

I’ve been impressed by Anil Dash’s writing on building “humane tech”. In “The Immortal Myths About Online Abuse” he challenges makers to rigorously think about the unexpected outcomes of their creations. This careful consideration of how technology affects others is seemingly absent in important silos of our local and federal governments. Why is that? The private and public sectors are being held to different standards. There should be one standard.

Author’s note: This article is long. There are about half as many words in this article as there were “sneak and peek” warrants issued in 2013 (although 100x as many words as “sneak and peek warrants” issued for terrorism related cases in the same year).

So why read it? Because now is a critical time to review the trends of 1) increasing surveillance, 2) the degrading means for accountability, and 3) the increasing impact surveillance is having on American citizens.

Did you know: Right now the FBI is pushing to expand the scope of warrantless National Security Letters (which compel companies to hand over data on customers, including American citizens) to include personal browsing history, session (logged in) history, among other types of personal data through legislation. One of the bills has passed Senate committee and is a seemingly perfunctory annual “intelligence authorization act”. In the same stroke, the FBI is pushing to limit the jurisdiction of an independent review board. FBI Director James Comey has suggested in congressional testimony that the expansion of NSL’s scope is merely fixing a “typo” in the law.

In the spirit of several important pieces of recent legislation, this essay is long, omnibus, and subtly links to important documents.

Part 1. Trends: How things look on the surveillance front.

On left: under the Bush Administration, James Comey threatened to resign (privately) as acting-US District Attorney over the unlawful nature of NSA programs. (Photo CSPAN) On right: Comey explains to the Senate Intel. Committee that the scope of National Security Letters must be broadened, meanwhile, the FBI’s been requesting email records without warrants for some time. (Photo CSPAN) The contrast between the pictures highlights what must be a pervasive belief in DC: that Americans will never call their bluff on what constitutes “going too far”.

The timing and prudence of having passed CISA legislation is questionable amid law enforcement’s push to expand surveillance data into the hands of more individuals.

Last year, lawmakers passed legislation to shield the private sector from liability of government’s potential misuse of bulk data on citizens acquired from companies for “cybersecurity” threats: [1],[2] that culminated in CISA, despite significant pushback from the private sector. So, the US tech sector pushed back on having legal immunity… but was given it anyway. CISA allows the information collected from companies to be used in prosecuting individuals under the Espionage Act, which has been used frequently as of late to suppress journalists and whistleblowers. The data shared between companies and the government under CISA is also exempt from Freedom of Information Act requests. Amendments were proposed to clarify the definition of “cybersecurity” and strike the FOIA exemption, but those amendments were shot down.

This not only means less pressure on the government to use bulk citizen data responsibly, it weakens tech firms’ ability to argue in court that they are harmed from such practices. [If you look at the (once-classified) transcript of a FISA case from 2008 — where Yahoo pushed back against government bulk email requests — the presiding judge makes one thing clear: Yahoo’s argument that the government’s actions financially harmed the company was tenuous and abstract. Such arguments are even harder to make now.]

The private sector has been pushing back for several years. Microsoft’s general counsel called US government surveillance an “advanced persistent threat” in 2013. As evidence of this, Microsoft has been building datacenters in Germany for the explicit reason of evading US surveillance powers, handing the proverbial keys (of some) of its own customers over to a German telecom, Deutsche Telekom.

For years Microsoft and many other companies argued in secret court battles against the surreptitious nature of the spying, and just last week Microsoft filed suit against the Department of Justice, arguing individual Americans at the very least have the right to know whether or not they’re being spied upon… at some point.

Part of Microsoft’s argument here, as I understand it, is that the company’s right to free speech is curtailed when an endless gag order silences the company. That intuitively makes sense.

On left: Press Secretary Joshua Earnest on Apple/FBI fight: “[FBI is] simply asking for something that would have an impact on this one device.” (Photo Pete Souza) On right: President Obama at SXSW on Apple/FBI fight: “it’s fetishizing our phones above every other value”. (Photo Pete Souza) That quote, intended to apply to Americans, is more aptly applied to the FBI and DoJ, but nonetheless underscores that this fight is about more than just one phone.

Free speech, a shining virtue of the United States, also came under attack when the FBI attempted to compel Apple, through a dubious court order, to write code to defeat its own products’ security… for the ostensible purpose of accessing the work phone of the San Bernardino shooter.

With James Comey and Dianne Feinstein leading the charge on different fronts, the feds continue to push to expand surveillance on US citizens further.

Now we know that the NSA shares its warrantless surveillance data of American citizens with the FBI, IRS, DEA for reasons that go far beyond anti-terrorism. In the next section, we’ll dive into the repercussions of how this data is used to prosecute Americans (“parallel construction” aka total secrecy). There could have been limitations on this sharing to anti-terror, but instead the data can be used for domestic policing purposes.

On left: in 2014 Sen. Feinstein (D — California) rebuked the CIA for having accessed Senators’ data. (Photo David Lee) On right: Sen. Feinstein unveiled the Burr-Feinstein bill this year, which would mandate broken encryption for all Americans. Fortunately but not surprisingly Feinstein’s latest bill has been widely panned by technologists and now appears to have little support. (Photo)

The latest push is to broaden the scope of National Security Letters. NSLs are an astounding legal mechanism brought into mainstream use after 9/11 but around since 1978, which compel companies to secretly hand over data on American citizens without a warrant. In 2006, the USA PATRIOT Improvement and Reauthorization Act allowed for judicial review of an NSL. Nonetheless, they are still issued without a warrant.

(“How can NSLs authorize spying on Americans?” You might ask. Thanks to a legal theory known as the third-party doctrine, “spying on Americans” is different from “spying on Americans through a company’s records on Americans”. Technocrats will never publicly make this distinction. But in any case, this is why NSL’s limitations are crucial — they are the all-you-can-eat buffet of bulk surveillance.)

The ramifications of the latest push (happening now) are enormous, and as PCWorld reports: companies are pushing back. An excerpt:

The companies and groups have pointed out in a letter to senators that the new provisions would expand the types of records, known as Electronic Communication Transactional Records (ECTRs), which the Federal Bureau of Investigation can obtain using the NSLs. The ECTRs would include a variety of online information, such as IP addresses, routing and transmission information, session data, a person’s browsing history, email metadata, location information, and the exact date and time a person signs in or out of a particular online account.

The FBI is demonstrating here that it knows no limit to what it thinks is fair game.

Wanting to invoke NSLs to grab a US citizen’s personal browsing history is like the FBI saying: 1) Americans should have no expectation of privacy, 2.) Americans should also not expect warrants with surveillance. This is well beyond even what FISA courts allow.

So this is how far the FBI would like to take it. Knowing how far they’d like to take it is more important than if they can, in my view.

On left: President Bush signs into law the Patriot Act, pitched as a better way to fight terrorism. “This bill met with an overwhelming — overwhelming agreement in Congress, because it upholds and respects the civil liberties guaranteed by our Constitution,” he said, although the bill was over 360 pages long and few even had time to actually read it. Only one senator voted against it. The bill’s most invasive tool, “sneak and peek” warrants, have been used in terrorism-related cases only 0.5% of the time. That aspect of the law was never intended to sunset, but rather be a permanent change. Language could have limited the scope of the special warrants’ usage but wasn’t, and the special warrants have gone mainstream. On right: Unfortunately there’s no picture of Bush publicly disclosing the NSA spying programs of dubious legality to the American people, despite authorizing them with an executive order. President Bush came before the Snowden-era. There was no case made to the public for domestic spying. Fortunately, the first programs’ genesis story is now well documented (excellent PBS documentary) (note that this documentary came before more revelations of persecuted NSA whistleblowers, well beyond Snowden, Thomas Drake, William Edward Binney, and many others). (Photo Eric Draper)

Part 2. Impact: Problems, historical and current, with a.) domestic spying and b.) acting on bulk citizen records as a matter of general practice.

This all seems so rash, because, as we know, this country has recently emerged from a dark place, and the FBI played its own sinister role, with domestic spying as its primary instrument.

A look back. On left: J. Edgar Hoover, FBI Director ‘35-‘72 — infamous for having dirt on political enemies, was in power through the McCarthy and COINTELPRO years, which led to wiretapping laws after his departure to curb government powers. (Photo) On right: The FBI turned domestic spying against Dr. Martin Luther King, Jr. when it sent him a ‘suicide letter’ threatening blackmail. (Photo)

But maybe…

Maybe today’s FBI shows restraint in how it deploys its surveillance technologies. Maybe, given the tech-age we live in, police forces and intel agencies are smart with this kind of data. Maybe we, as a society are uniformly past the problems of systemic racism and other forms of discrimination, and therefore can transcend the limitations on government search and seizure set in place by the Constitution, notwithstanding the questionable legality of such programs. Maybe the use of such technologies augments, rather than hinders, the judicial process. Maybe taking the findings of bulk surveillance into the court of law brings a clearer picture to jury trials, where suspects’ guilt or innocence is to be fairly determined. Maybe we face a never-before-seen enemy, capable of destroying our society, and maybe allowing for ubiquitous surveillance helps us eradicate that enemy. Maybe this should be the generation that finally rids the country of pedophilia and maybe allowing for ubiquitous surveillance helps us eliminate that scourge. Maybe the free press in the US has the tools and support it needs to hold the government in check and educate the public. And maybe the system for whistleblowers works and gets the support it needs to hold the government in check when it oversteps.

On left: 1964 election ad spot. Communism and nuclear war was the existential threat throughout the Cold War. (Photo) On right: Several years of patient police work led to the successful assassination of Osama Bin Laden. Today, terrorism is the existential threat, providing the public story and “mandate” for the Patriot Act and every surveillance bill and classified spying program since. (Photo)

Fortunately for the sake of this conversation, the current-day FBI, Department of Justice, and NSA have shown the American people their hand (time and time again).

Over the past several years the FBI and Department of Justice, have, through anti-terrorism grants financed for local law enforcement the acquisition of cellphone-data intercepting units called Stingrays. While some restrictions have been put in place for federal usage, those restrictions don’t apply to local law enforcement.

These police forces have accepted money for this privacy-invading tech and used it against American citizens (including at public demonstrations) in complete secrecy with virtually no oversight, for years. Ostensibly an anti-terrorism tool, it has been employed for non-terrorism purposes by local police. This technology is, by its very nature, bulk surveillance, catching all cell signals within its radius of effect — and as stated above, restrictions vary by jurisdiction.

Transparency would help in situations like this. But to make matters worse, the FBI/DoJ have intervened in court cases to prevent the public (and the defense lawyers) from understanding how the evidence used in trials was discovered — going so far as to amend court records or even discard evidence rather than disclose its origins.

Can police forces be held accountable for using bulk surveillance tech when the very evidence of having used it is withheld from public scrutiny?

As we know from so many examples over recent years: all police forces are not created equal. Systemic discrimination exists, with pockets in the United States suffering to an extreme degree.

Regardless… the Department of Justice and FBI have shown a desire and willingness to enable surveillance at the local level. This practice, in their view, is not just OK but something worth undermining the judicial system in order to preserve.

In an ongoing effort fueled at the federal level: all surveillance is vigorously kept secret. Above we mentioned the underhanded tactics in court to maintain the secrecy of Stingray tech.

Just this week, the FBI sued the city of Seattle to prevent it from disclosing where the feds had deployed surveillance cameras. The program sounds like one which should be under public scrutiny, as the deployment of these technologies tends to discriminate against certain populations (jump to the Efficacy section for more on this).

(It’s also worth noting that, with or without federal grants, local police forces can source spyware technology directly from companies who supply it, out of their own pockets.)

Through a formalized process within US law enforcement called Parallel Construction, field agents and prosecution teams are expected to limit the disclosure of evidence in the discovery stage of a trial. They are expected to build their case around the original evidence without ever disclosing… the original evidence. As we venture head-first into an always-connected world, more and more evidence-gathering methods are classified: 1) computer exploits, 2) physically distributed tech like Stingrays, 3) NSA-collected information which is now to be used for domestic policing, and 4) evidence collected through National Security Letters …. phew that was a mouthful. When such evidence is included, vague jargon is used to describe the specific methodology of its acquisition — or, if that fails, the evidence is still withheld. This practice is commonplace now and indisputably muddies the judicial process for all Americans.

This is what fetishizing “catching the bad guy” looks like. Our country has, as one if its finest moments, John Adams defending a Redcoat who fired into a crowd, killing 5 Americans. How have we gone so far astray? One explanation is that law enforcement has lobbied more aggressively and relentlessly for powers than the people have lobbied to preserve them. One way you could describe this phenomenon: an advanced persistent threat.

On left: Shortly before Edward Snowden leaked NSA documents to the press, Director of National Intelligence James Clapper testified before Congress, saying the NSA had “not wittingly” collected “any type of data at all on millions or hundreds of millions of Americans”. (Photo CSPAN) After the Snowden leaks, Clapper said he hadn’t understood the question. Apparently “get out of jail free” cards are a real thing. On right: Three years later, James Clapper, still Director of National Intelligence, expressed his frustration that Edward Snowden had sped up the rate of encryption “by seven years”. (Photo)

Maybe when pitching the American people on bulk surveillance in congressional testimony, an NSA officer can use the tagline: “Welcome to the surveillance era, where defendants can’t have an expectation of knowing how evidence is brought against them.” NSA officials should also openly declare that they’ve lost control over the data they collect on Americans, since other law enforcement agencies now have routine access to it for domestic policing purposes. The surface area of access is enormous. Again, this is not a surveillance regime which can be held accountable.

FISA.

And finally, a look at a facet of the criminal justice system which has been with us for decades but barely scrutinized until the post-Snowden years, the FISA court. The Foreign Intelligence Surveillance Act of 1978 meant to allow wiretapping on phone calls made between foreigners and people within this country.

Imagine a court that was responsible for authorizing swaths of intelligence involving Americans, but also heard the very cases disputing the legal nature of its own authorizations and only held secret trials. You are imagining the FISA court.

As technology progressed with time, FISA’s scope came to include more forms of communication.

Despite a 99.97% approval rate for surveillance requests, these requests were only to include Americans who were communicating with someone outside the country. It’s important to note that researchers from Harvard and Boston University have shown it would be possible to circumvent this restriction by rerouting Internet traffic abroad.

This remains an aspect of the surveillance regime which can not be held accountable.

Civil asset forfeiture, recklessness in federal and local law enforcement.

We should also look at the restraint, or lack thereof, at an institutional level within local and federal law enforcement.

When a path of least resistance offers a way around the courts, federal and local police have shown they will take it. With National Security Letters, which don’t require a warrant to be issued, the FBI is currently pushing to make that path wider.

But with a process known as Civil Asset Forfeiture, the feds and local police routinely take overbearing action before courts are ever involved. This is an important phenomenon to cite here because 1) it’s well-documented, 2) it’s become an ingrained facet in the cultures of local and federal law enforcement, 3) it’s a lazy alternative to actual police work which keeps us safe. Last year, more was confiscated through civil asset forfeiture than was stolen by burglars in the US. Even in the cases where people were proven to be guilty of a crime: the entire premise of the practice is a slap in the face to American justice — “innocent until proven guilty”.

But there’s been an epidemic of civil asset forfeiture affecting people never even charged with a crime. The Washington Post’s 2014 reporting found:

61,998 cash seizures made on highways and elsewhere since 9/11 without search warrants or indictments through the Equitable Sharing Program, totaling more than $2.5 billion. State and local authorities kept more than $1.7 billion of that while Justice, Homeland Security and other federal agencies received $800 million. Half of the seizures were below $8,800.

Far from having limitations on how this money can be spent, one sheriff likened his department’s use of the money to buying “toys” with “pennies from heaven” (in a 2012 Columbia MS review board hearing). John Oliver did his best to make light of the subject last year. The feds temporarily halted the program late last year for unrelated reasons, but resumed it again this year. Civil asset forfeiture is a process by which you can lose everything you’ve worked for, before you even stand trial… if you ever stand trial. As John Oliver notes, the people robbed by the police often don’t have enough resources to fight back in trial.

Police forces are exploiting new technologies to make civil asset forfeiture even easier. I’ve refrained from using this term, but what the hell: this what a police state looks like. We’ve arrived. Maybe we lose sight of it because it hasn’t affected us personally yet but with civil asset forfeiture you can just look at the numbers to know there’s a problem.

Cognitive dissonance has crept over the nation, and technocrats must believe that the American people will never call their bluff.

On left: Richard Nixon sits with Barry Goldwater, whom he would endorse in the failed ’64 election less than two weeks after Goldwater voted against the Civil Rights Act. Four years later, Nixon would successfully run for president, selling Americans on his “secret plan” to end the Vietnam War, while in secret sabotaging LBJ’s Vietnam peace talks through clandestine operations. Center: Richard Nixon announces drugs as “public enemy #1”, setting in motion an expensive, decades-long effort which has led to the highest incarceration rate in the world along with much of the privacy-invading tech we see today. This effort categorizes marijuana as a Class 1 drug, same as heroine. On right: in perhaps the greatest irony in US presidential history, Richard Nixon’s process of spying on all White House conversations (the tapes, pictured above) led to the greatest transparency possible when their existence was made known to the public, forcing his resignation for domestic spying on political opponents. His legacy as the father of the war on drugs remains as relevant today as ever. Fortunately, the tapes left an uncensored (well, mostly uncensored) record of who he was: a rabid racist and conspirator of destroying political enemies.

Higher Education

As if undermining the criminal justice system weren’t enough (through suppressing the origin of evidence), in the Silk Road case, the FBI showed its willingness to coercively enlist those in higher education. Security researchers at Carnegie Mellon University had their work seized through a subpoena for the investigation. So security experts in higher education should know: as they toil to improve, through research, the state of security and privacy for the world at large, their work is under threat of forfeiture to government.

International Data Sharing

While our opaque intelligence and law enforcement agencies are determined to catch pedophiles (a just goal), they themselves store and share an unreported (we really don’t know the extent of it) number of sexually explicit images through data-sharing agreements between the NSA and the UK’s GCHQ at the very least, with probably more through other “5-Eyes” nations. It’s important to note that in the Yahoo webcam debacle linked to above: this program did not have as its mission to defeat child pornography, it was just incidentally contributing to the problem. This program went on for years, and collected millions of webcam photos indiscriminately. Here’s the link again. This fast and l̶o̶o̶s̶e̶ furious way of handling bulk surveillance data through data-sharing agreements with other nations has been going on for years without the consent or knowledge of the American people. Who knows how many other programs like this exist; I’d wager at least a few. So, while the FBI shares surveillance tech with local law enforcement, the NSA sharing bulk data with other nations.

What if the British were to misuse data on Americans? Would we know? Could we prosecute? Or would such crimes be harmless because no one would be aware of them. As crazy as it sounds, that kind of reasoning “what you don’t know can’t hurt you” has been posited by a federal judge in a secret court before. But the pernicious bit is that as surveillance data creeps into domestic policing, its use does affect us directly, but because of gag orders, parallel construction, and other classified methods, the average American can’t blame surveillance. At least in Stasi Germany you could look in your rearview mirror and see a tail. In the US, the system is carefully constructed so that you can’t (legally) show that surveillance is playing a role in your life.

Of course the method of collecting and storing doesn’t mean the people in charge are completely misguided. Surely most have good intentions, and they’ve found themselves at a point in history that has stemmed from the crazy Bush Administration years where other countries were either “with us, or with the terrorists”. But all of this can’t simply be explained away by the new reality that is terrorism. The completely opaque nature of these organizations should always be troubling to citizens: who looks at our pictures? Who’s advised on these issues? Want to ask questions? Too bad: all of these programs are classified. It’s practically impossible to even have a court of law formally recognize their existence even if the public knows about them (via the Snowden leaks in this case). Classification puts bulk surveillance outside the reach of even the law. And now the FBI wants to put it into even greater mainstream use.

Checks and Balances: whistleblowers and the free press during the Obama Administration years

At least the government has a system in place to protect whistleblowers who share their concerns. After all, they are our best defense to check the power of law enforcement and intelligence communities.

The Obama administration has used the Espionage Act more than any administration in history, has been overtly hostile toward the press, and has quietly argued against Freedom of Information Act (FOIA) reform, a vitally important part of modern-day journalism in the US. In fact, it took a FOIA lawsuit to uncover the Obama administration’s secret lobbying against it — which was sheepishly admitted to after the fact.

Reporting on US intelligence agencies is an uphill battle. Take for example law enforcement’s seizing of Associated Press telephone records in reporting on the Central Intelligence Agency. The White House’s initial claim was that it had no knowledge of the action; if true, that’s even more worrisome and speaks to the recklessness of law enforcement. In any case, it had a chilling effect on the actual reporting being done.

A reporter of the NSA and CIA (James Risen of the New York Times and LA Times) is repeatedly subpoenaed for his sources and threatened with jail time until October 2014 when Attorney General Holder said “no reporter’s going to jail as long as I’m attorney general.” This makes James Risen one of just a handful of Americans who have actually called law enforcement’s bluff on “what constitutes going too far”, and it took him to the brink.

It’s important to note here that law enforcement loves broad definitions. Some examples: NSA analysts need to be 51% sure you’re not an American to act on FISA-collected information relating to you. “Anti-terrorism” bills and grants routinely extend into non-terrorism domains. “Due process” means little given rampant civil forfeiture abuse. So what about “reporter”?

A problematic but potentially helpful federal shield law effort arose in the wake of these and other crackdowns but never passed.

An NSA data-sharing partner, GCHQ, has, according to leaked internal documents, official policies allowing for targeting the communications of lawyers and journalists.

How can investigative reporters fulfill their duty in covering the NSA if they can be spied on by intelligence agencies? It seems patently obvious that journalists fall under the umbrella of the US surveillance regime like all other citizens.

On left: Snowden begins the public discussion on domestic spying in America, from a hotel in Hong Kong. (Photo) On right: Snowden tells John Oliver about the NSA’s “dick pic” problem, from an undisclosed location in Russia. Before his disclosures he had a comfortable life, making roughly $200K/year, and lived in sunny Hawaii with his family. (Photo)

As NSA bulk surveillance programs came onto the scene in the early 2000’s, several employees decided to do something. NSA engineers William Binney, Edward Loomis, and J. Kirke Wiebe; and Diane Roark, who served on the House Intelligence Committee, filed a complaint with the DoD Inspector General. Their houses were subsequently raided by the FBI and their patriotism called into question by their friends and family. They couldn’t speak about the nature of their concerns to allay those suspicions. Thomas Drake was a high-level NSA administrator who also complained to the NSA Inspector General and DoD Inspector General and was ignored, so he went to the press, and also had his house raided.

These whistleblowers felt conflicted over bulk surveillance projects that could have included protections for US citizens, but didn’t. Despite sound reasoning behind questioning the legality of the NSA programs and despite the trepidation of NSA’s chief Hayden over such programs, the NSA lacked the gumption to 1) pause work on the programs, 2) make a case before Congress, or 3) make a case to the American people for their existence: instead acting only on President Bush’s executive order for years.

But the NSA had an opportunity to bring the case to the American people, when whistleblower Russ Tice tried to raise the issues with Congress in 2005. (Tice was fired by the NSA.) Instead, in 2006 the NSA Inspector General released a report that found “no evidence” to support Tice’s claims. That’s rich.

Lives of these whistleblowers were turned upside down because they attempted to bring the case to the American people, but the NSA denied at the time there was any case worth being made.

Enter Edward Snowden. According to documents revealed in a recent FOIA request (and Snowden’s own claims), Edward Snowden blew the whistle within the NSA, talking face-to-face with officials about his concerns. This is despite the NSA’s initial claim to the public that such questions had been limited to a single email: a claim which was explicitly made to discredit Snowden.

The beleaguered system for whistleblowing on the NSA may benefit from a comparison to a similarly broken whistleblowing system in the finance world. In the banking world, people recognized there was a problem and did something about it. With the Dodd-Frank Act, (some) whistleblowers in the banking world are rewarded with real incentives, including a % claim of damages from an SEC action or straight cash. Politicians brag about the impressive results. On the NSA side, it’s not clear how, even after an executive order was signed in 2012 to protect intelligence-community whistleblowers, a public discussion could have ever occurred about the NSA spying programs affecting Americans which were already in place. The order protects whistleblowers that report fraud, waste, and abuse but also protects the classified information, and “abuse” is a subjective term that fellow intelligence community members would responsible for judging.

Let us pause and reflect on a profound reality. Just three years ago, the average congressman had no idea about the scope of NSA spying, having to ask and receive cryptic, untruthful answers about it. Today, this same NSA-collected, privacy-stripped data is being used by the FBI for the purposes of non-terrorism related policing. I wonder if the NSA engineers who built this system knew what they were contributing to…

Efficacy of surveillance

If 1) free speech and the free press, 2) the judicial system, 3) higher education, 4) property rights, and 5) the system for whistleblowers are all under persistent attack from law enforcement, it had better be worth it.

Obama’s own 2013 panel investigation found little evidence of the effectiveness of bulk surveillance, and the rebuttal from Senator Feinstein at the time was found lacking. Other reports within US law enforcement also spoke to the lack of substantive leads generated by the programs.

A recently uncovered secret report from UK’s MI5 program shows the agency complaining about being inundated with data. The agency warned a potential “intelligence failure” may result from the deluge of bulk data.

Just this week, the US Government Accountability Office released a report that called into question the FBI’s lack of privacy protections and accuracy of its facial recognition database, which now contains over 411 million photos of Americans, including 173 million driver’s license photos.

Acting on large pools of collected data effectively and without bias is extraordinarily difficult.

The most sophisticated intel orgs in the world have trouble with false positives (where a pool of data is screened for suspicious people, erroneously catching innocent people in the process), but when local DAs/sheriffs and the judicial system itself (for sentencing guidance) try to act on bulk citizen datasets, we must fear all kinds of unintended bias.

What does a criminal look like? (I can imagine a few cops wouldn’t hesitate to answer.)

Do results from bulk-data analysis carry authority because of the size of the dataset from which they were derived? (Another trick question.)

Has surveillance technology itself been deployed in a fair and indiscriminate manner?

Does the person making decisions based off the results of bulk-data analysis know (or acknowledge) the limitations of the analysis itself?

ProPublica did a study recently that rigorously assessed the results of sentencing-guidance software, increasingly used in courtrooms by judges. Here’s their methodology. In risk scores (that ostensibly measure the likelihood of repeat offenses) they found significant bias against black defendants when reviewing against historical data.

Experts will say that making the haystack bigger just makes it harder to find the needle. But sometimes the haystack itself only gets bigger for certain groups of Americans.

For example, as license plate reader technology comes to more local police forces across the nation, the EFF has found it’s been deployed (in the cases studied) in low-income neighborhoods more frequently than affluent ones. Not all haystacks are created equally.

More concerning is the standard practice of rolling out surveillance tech in complete secrecy. Just this week, the FBI sued the city of Seattle to prevent it from disclosing where the feds had deployed surveillance cameras. The FBI/DoJ have repeatedly intervened in court cases using obstructionist tactics to keep a lid on Stingray deployment. So, how does the EFF, ACLU, ProPublica, etc run a study on the fairness of the deployment of these technolgoies? They can’t!

Does the surveillance regime (at local and federal levels) have the capability to hold itself accountable? How many demographic statisticians are employed by local police forces? Maybe they outsource the data munging work, but that’s simply an abnegation of their public responsibility… has led to bias in other cases anyway. Is it responsible to call surveillance tech humane knowing that its deployment has been executed with blissful ignorance?

The Veil and what “Could have been”

But there’s a veil, which will always exist, that allows law enforcement to point to important threats we don’t know about. They have an incredibly important role: keeping us safe, which shouldn’t be diminished. “Not on my watch” is a fair sentiment to harbor, knowing an untold number of people wish to destroy American lives at scale. Talking about pending investigations of course could compromise real police work. That will never change.

But limitations on surveillance and police powers should exist. Increasingly they don’t.

How many times must we note that a law “could have… but didn’t (include limitations on applicability to terrorism)”, or some NSA program “could have… but didn’t (include privacy protections)”, or some technocrat “could have… but wasn’t (held responsible for lying, overreach, or negligence)”, or some whistleblower “could have… but wasn’t (protected)”, or some journalist “could have… but wasn’t (given privacy to do his or her job)”, or there “could have been… but weren’t (limitations on the use of bulk data)”?

These important questions attack problems tangential to the fight against terrorism and can’t afford to be ignored, otherwise we may enter an era of inhumane tech. Given the body of evidence the FBI, DoJ, Congress, and NSA have provided to the American people: we can say these questions have not been taken seriously.