The US government, and others, have plotted to bypass protections regarding search and surveillance, by finely parsing the words of the 4th amendment and weaseling around them – but, mostly, by just ignoring it. Privacy is for the rich and powerful, not for hoi polloi.

It used to make the blood of fury squirt from my ears, when some of us computer security practitioners were described as “privacy advocates.” We were never advocating privacy; we were advocating freedom from surveillance. There’s a subtle difference: privacy is an inevitable consequence of being free from surveillance – but if all you ask for is privacy, then the state can say, “oh, you’re fine – we’re not looking at the data we collect.” Just asking for privacy lets the state claim you authorized it (or it’s authorized) to build a retro-scope.

I suppose it doesn’t matter; it was all a foregone conclusion, anyway.

The surveillance state is in full deployment as it responds to what is merely mild civil unrest. None of what is going on threatens the integrity of the state (in fact, the state is currently the main threat to the state’s continued existence as a semi-democratic entity) – unfortunately, they are getting a chance to see if their gear works correctly. I’m actually not too worried about this because: 1) it doesn’t and 2) the forces of the state still lack the political resolve to be totalitarian. That sense of “a house divided” that you feel is the various parts of the state trying to decide if they’re willing to go “all in” behind Trump – which I don’t think is very likely. Luckily for us he’s got the charisma of a toad, and is brain-addled, beside. The machinery of the state is running on inertia, based on its various established missions – it doesn’t mean it’s not dangerous, but it’s all tactical; we’re probably very fortunate that Trump has packed the government with non-entities to cover his ass, rather than skilled authoritarians. So, the DHS, ICE, FBI, and the military have these fantastic weapons turned sort of vaguely toward the public, but they’re not using them quite effectively.

They are, however, using them.

The Intercept reports: [intercept]

While anonymous federal agents have thrown protesters into unmarked vans and fired tear gas at Portland’s mayor in recent days, an Air Force surveillance plane designed to carry state-of-the-art sensors typically reserved for war zones has circled the Oregon city’s outskirts from above.

The plane, a DO-328 “Cougar,” was spotted via the open source flight tracking website ADS-B Exchange, allowing the public to monitor its course. The Intercept reviewed this flight data, confirming tight, circular flights consistent with surveillance operations in and around Portland.

This is, unfortunately, nothing new. There were similar flights over Minneapolis during the troubles there, by CBP (Customs and Border Patrol) unarmed ‘reaper’ predator drones. [verge]

The drone’s callsign, CBP 104, identifies it as one of CBP’s older Predator B types, which are configured for overland surveillance. The primary sensors on these drones are electro-optical and infrared full-motion video cameras in a turret under the nose, though they can also capture still imagery using the Lynx synthetic aperture radar. They also have data links capable of sending this video and imagery back to control stations on the ground in near real-time.

What on earth would they do that for? Other than to feed the retro-scope?

If you recall Black Hawk Down it exposed some of how an early version of this system operates: it provides a god-like view of the battle-area that cowardly and incompetent field commanders can use to micro-manage their troops into another stunning clusterfuck. That probably sounds like a strong statement but consider: some strategic genius decided to strand 115 federal cops in a hostile city with a population of 600,000 increasingly angry people – and they’re watching the whole thing go down from 20,000 feet where they don’t have to worry about getting tarred and feathered. These guys are not warriors, they’re cops – and they’re rent-a-cops, at that.

But their gear is still intimidatingly competent: it’s hard for most of us to understand how good a drone-based camera can be. [pogo]

With its capacity for precise zooming at short distances, aerial surveillance can, in combination with other automated identification technologies, allow for effortless cataloging of individuals and their activities. There are two prominent automated identification technologies that could allow for easy identification from immense distances: automated license plate readers and facial recognition technology. These technologies are already in wide use by government agencies. U.S. Immigration and Customs Enforcement maintains a nationwide net of automated license plate readers to track individuals, and the FBI already maintains a facial recognition database of fifty percent of American adults and permits law enforcement from dozens of states to use it.

If you’re the kind of person who believes that the government has captive space aliens, you might also conclude that the conservative wing is being played to not want to wear face coverings because it interferes with face recognition. But: someone can collect all this stuff and then the question is whether they can do anything strategically useful with it.

It doesn’t take a lot of imagination to realize that what you’re looking at above is a fairly straightforward application for artificial intelligence classifiers. You just need a big training database, and they’ve got all of those. The FBI’s massive facial recognition database (most of which appears to have been gleaned from facebook plus those nifty cameras that they use to collect your portrait at drivers’ license offices and passport control coming into or out of the country) continues to grow, and probably still works about as badly as ever. But it doesn’t matter if it’s accurate because all they are trying to do is establish probably cause to grab your own data about what you do, and throw and stir that into the pot as well. By the time your phone number and your contacts list, all your facebook friends and email address are linked to form your circle of contacts, and those are evaluated as possible threats, they’ll decide whether to watch you – or your friends.

It gets worse, of course: the surveillance state has access to things like facebook and twitter, but it’s also got access to commercial entities that collect desirable data, so they can – sell it to the police. There are perhaps others who want this data (probably so they can spam you with stupid ads) but there’s one main customer for this: [verge]

Customs and Border Protection (CBP) purchased access to a commercial database that allows the agency to look up the historical location of vehicles nationwide without a warrant, according to a CBP document.

The news that CBP is using such a system highlights a continuing trend in which law enforcement agencies turn to the commercial sector for access to data rather than collecting it themselves, and shows that little-regulated private surveillance networks are being used by the government.

Earlier this month, CBP published a new Privacy Impact Assessment (PIA) which said that since 2017, the agency had moved beyond using just cameras and license plate reader technology owned and operated by CBP itself and had moved to acquire access to commercial license plate databases.

The company in question is named “Vigilant” (nice, huh?) and it appears to be getting copies of tollway license plate data, parking garage license plate data, and may have its own detector systems scattered around. It turns out that a car with a bumpy thing on its roof (or black out windows and a bunch of gear inside) can drive around a metropolitan area and scan every license plate in the downtown zone in about 20 minutes. [KWCH12]

It is believed that those companies also sell their data to companies like Vigilant. Because, why not? The cops also have their own versions, as do CBP and DHS and basically every fucking three-letter agency that wants to collect data for their personal retro-scope. Here’s another reason I am no longer happy about cop body-cams: the body-cam data is fed into a facial recognition database and then you have a list of people who were possibly at a protest.

The picture above is almost certainly a sort of a lie, because the implication is that the resolution from the cameras is not particularly good. In fact, the current state of the art drone cameras are capable of producing a high-resolution image of every block of a downtown area, all the time, in real-time. One has to ask how it happens to be that none of these cameras seem to capture police being abusive, or corroborate accusations that the police murdered some civilian.

Now, I believe I have adequately illustrated the difference between privacy and freedom from surveillance. If you’re allowed privacy, it can mean that the police collect this stuff and just don’t look at it, unless, you know, they want to. If you are free from surveillance it would mean that none of this stuff is legal at all – whether it’s being captured by government agencies or civilian companies. That ship, as they say, has sailed and the government has video of everyone boarding and leaving the ship while it was at anchor.

Video from a commercial drone camera – “prosumer” drone – not a military/intelligence drone; those are better. [originally linked in the pogo article]

These technologies are fundamentally dual-use technology. They could be used to monitor and identify where the federal rent-a-cops are spending the night, where they live, who they are. The license plates of their cars would reveal that they are members of Enterprise car rental’s advantage club, and a hacker could pull the identities of the drivers and the source of their funds, instantly (since Enterprise scans both credit card and drivers’ license) – “we” could know everything about them, in minutes, too, down to the size of their underpants. Probably the most effective thing that “we” can do about these technologies is to demonstrate how they work by using the commercial versions, or by embedding in a federal agency that has access to them, and using them with intent to disclose their operation. For example, it appears the federal rent-a-cops are staying at the downtown Marriott in Portland – a drop camera fed into a facial recognition database would give a pretty good map of who they are, then check their facebook pages, create a couple of cop sockpuppets and get some friend requests sent. I used to know an information security guy whose hobby was infiltrating jihadi facebook groups (back before they figured out it was time to leave) using fairly simple methods. Apparently the stuff that the rent-a-cops talk about in their private groups is a lot of racist and nasty crap. Unfortunately, that sort of thing seems to have lost its power to shock.

Eventually, the people are going to have to embrace this sort of technology, as well. Places where it has been done (e.g.: the Waze GPS app’s speed trap warning system) really really piss off the authoritarians who believe that this stuff is only for them.

The Washington Post [wapo] describes a business that believes it is capable of offering complete real-time monitoring of an urban area:

What McNutt is trying to sell is not merely the latest techno-wizardry for police. He envisions such steep drops in crime that they will bring substantial side effects, including rising property values, better schools, increased development and, eventually, lower incarceration rates as the reality of long-term overhead surveillance deters those tempted to commit crimes.

He’s either naive or he’s a lying asshole – right now, the problem in many american cities is criminal police. Tell me how effectively this surveillance has reduced their tendency to violently suppressing citizens?

The military’s most advanced experimental research lab is developing a system that uses hundreds of cellphone cameras to watch 36-square-mile areas. McNutt offers his system – which uses 12 commercially available Canon cameras mounted in an array – as an effective alternative that’s cheap enough for local police departments to afford. He typically charges between $1,500 and $2,000 per hour for his services, including flight time, operation of the command center and the time that analysts spend assisting investigations.

Dayton police were enticed by McNutt’s offer to fly 200 hours over the city for a home-town discount price of $120,000. The city, with about 140,000 people, saw its police force dwindle from more than 400 officers to about 350 in recent years, and there is little hope of reinforcements.

“We’re not going to get those officers back,” Biehl, the police chief, said. “We have had to use technology as force multipliers.”

Ooh! I can tell you one of the big problems Dayton appears to have with its police: they have a police chief that uses soldier-terms like “force multiplier” – he’s not in Fallujah, he’s in a city he’s sworn to protect, not suppress and surveil.

One of the depressing truths about the information security business is that, about 20 seconds after 9/11, the money shifted to surveillance and development of offensive cyberwar tools. Many of us saw this coming, and our concerns were brushed aside because the money was just too damn good. It’s going to cost a lot of money and probably some blood, if this technology is to be rolled back. Attacking the drone bases is a good idea, as the Somalis demonstrate [guard] The best way to make these technologies unworkable is to raise the force protection costs to “astronomical” – which means embedding, rooting and trojaning the systems and networks, and monkey-wrenching the drones:

A US military base used to launch drones and a European military convoy have been hit in separate attacks in Somalia