Over at The Intercept Peter Maas has a fascinating article that turns the tables on one of the people at the NSA who takes pride in his job conducting surveillance on people and finding out all that they can about them. He had been invited by the NSA to be the ‘Socrates of SIGINT’ (SIGINT stands for Signals Intelligence) and to blog internally and ‘write a philosophically minded column about signals intelligence’.
After first getting information about him from whistleblower Edward Snowden, Maass used public sources to find out enormous amounts of information.
Socrates was an evangelical Christian for seven years, got married at 19, divorced at 27 and remarried not long after. He is now a registered Democrat and lives in a Maryland suburb with his son and wife, a public school teacher. I’ve seen the inside of their house, thanks to a real estate listing; the home, on a cul de sac, has four bedrooms, is more than 2,000 square feet, and has a nice wooden deck. I’ve also seen pictures of their son, because Socrates and his wife posted family snapshots on their Facebook accounts. His wife was on Twitter.
Conducting surveillance can be a creepily invasive procedure, as Socrates discovered while peering into the digital life of his first diplomatic target, and as I discovered while collecting information about him. In the abstract, surveillance might seem an antiseptic activity — just a matter of figuring out whether a valid security reason exists to surveil a target and then executing a computer command and letting the algorithms do the rest. But it’s not always that clinical.
Maass says that the NSA defends its work by ‘anonymizing’ the data it collects and removing identifying characteristics. But as he showed, this is a largely meaningless exercise.
Anonymization is problematic, however, because it doesn’t always work. It is entirely possible that a reader of this story could make a few lucky or smart guesses and data-mine their way to Socrates’ name. There is a whole area of data research that’s known as re-identification, which consists of matching anonymized data with actual names. Even if anonymization did work, there’s a creepiness to knowing everything about a person even if you don’t know their name. Look at this story — it’s invasive without disclosing Socrates’ name, isn’t it? I could dial up the invasiveness, too. Would you like to know the asking price of the house he lives in? Would you like to know the names of the schools where his wife has worked? Would you like to see the pictures of their son or their house? Know the name of their dog? Their dates of birth? The branch of the military Socrates served in and his dates of service? There is so much I can tell you about Socrates without telling you his name. You don’t need to code if you want to hack into someone’s life. We are all hackers now.
Maass is right. Although I do not know who Socrates ‘really’ is in terms of his name, I feel that I understand him better than I do about most of my acquaintances and it does feel kind of weird.
Sometimes I meet people for the first time and upon hearing my name, they say that they read my blog. I always feel a little odd at that moment since it is clear that they have, or think they have, quite a bit of knowledge and understanding about me and I know nothing about them. That information inequality can be a bit disconcerting for someone like me who sees himself as essentially a private person but I am getting used to it.
Trickster Goddess says
I used to work in the film industry. On the first movie I worked on, when Brian Dennehy walked onto the set the first time, his face was so familiar I felt I knew him well and was about to greet him as an old friend. Then I stopped myself and remembered I didn’t really know him and he definitely didn’t know me.
It was an odd moment of cognitive dissonance in realizing that knowing about a famous person is not the same as knowing them and that that knowledge is completely asymmetrical.
Marcus Ranum says
Maass says that the NSA defends its work by ‘anonymizing’ the data it collects and removing identifying characteristics
That is, of course, a lie. And I can actually prove it. The proof is simple: suppose you built a system that actually did anonymize the data that was collected, and that system then coughed up: “subject [hashcode] is suspected of plotting to import drugs” Now what? That information is completely useless unless you can somehow tie that hashcode to the subject. Which is only possible if the subject is not actually anonymized.
What NSA means is that they don’t anonymize the data at all; they anonymize portions of the outputs from their analytic routines. The analogy would be this: suppose I have a copy of the local yellow pages. And I have a search algorithm that extracts phone numbers and then infers the business type using an algorithm that attempts to map business name and address to business type. When I search for “dope dealer” it returns the phone numbers but not the addresses and business names. Then, I suppose, I could do the dance of getting a subpoena for the mapping between the phone number and the business name -- or I could look in my database. Which do you think NSA does?
Al Dente says
A couple of years ago I looked up a relative on the internet because I wanted his address so I could send him a Christmas card. Within 30 minutes I discovered that he had been in arrears with a student loan, that his car was due for a service check, and he needed to make an appointment for a tooth cleaning. This internet thing can give lots of information if you know how to look for it.
Marcus Ranum says
Al Dente:
This internet thing can give lots of information if you know how to look for it.
Just wait for the “internet of things” -- it’ll be even worse.
We can tell you didn’t brush your teeth last night! http://www.amazon.com/SmartSeries-Bluetooth-Electric-Rechargeable-Toothbrush/dp/B00O8ODHOA/ref=sr_1_1?s=hpc&ie=UTF8&qid=1439341269&sr=1-1&keywords=bluetooth+toothbrush
left0ver1under says
When I saw the headline, I thought this was going to be about the PRC dictatorship reading the White House’s emails. Same thing, really.
http://www.nbcnews.com/news/us-news/china-read-emails-top-us-officials-n406046