March 2002 - VOLUME 23 - NUMBER 3
C o r p o r a t e C a p t u r e o f t h e I n t e r n e t
By Wayne Madsen
of the Watchers
Privacy Protections Recede as the Purveyors
of Digital Security Technologies Capitalize
on September 11
In the wake of September 11, a wide array of corporations, with the
active encouragement of the U.S. government, are developing new and extremely
intrusive systems to capture personal data, biometric data and video information.
Prior to September 11, the proliferation of advanced digital technologies
had already led to severe encroachments on personal privacy, with medical,
financial and other personal information increasingly stored in commercial
databases and, often, available over the Internet to anyone willing to
pay a small fee.
Post-September 11, data and surveillance firms are eagerly seeking to
roll out a new generation of observational and tracking technologies and
products that will tear down many of the remaining veils on private activity.
Seizing on the heightened concern about security, the data and surveillance
firms argue that their technologies can help ensure safety.
Uncritical introduction of these technologies, they fear, will move society
far along the path to a scenario reminiscent of George Orwells 1984,
where Big Brother is everywhere, where telescreens are installed
in every room, every hallway, elevator, lift, every street, square, every
Not So Candid Cameras
Lau Technologies developed the Face in the Crowd facial identification
system used to scan the images of nearly 100,000 spectators at the 2001
Super Bowl in Tampa.
DARPA continues funding for the Human Identification at a Distance (HID)
Program that combines biometrics the use of biological identifiers
like fingerprints, iris scans and facial attributes with state-of-the-art
integrated camera systems. Visionics has incorporated such a system into
its FaceIt recognition system. HID technology has gone beyond simple facial
recognition capabilities to include the particular ways an individual
walks gaits, strides and other physical attributes of movement.
Other agencies are supporting video surveillance vendors. The FBI uses
a program called dTective that enhances the images of faces captured by
bank and automatic teller machine cameras during banking transactions.
The CIA, DARPA and the U.S. Army Intelligence and Security Command (INSCOM)
are working on a system that would transform television camera crews into
unwitting intelligence collectors for the United States. Virage Corporation
of Boston has jointly developed with the CIA and INSCOM a Video Text Audio
Processing (VTAP) tool that automatically searches and translates satellite
television news broadcasts. (Of special interest is Al Jazeera, the Arab
satellite network based in Doha, Qatar that achieved notoriety for its
interviews of Osama Bin Laden.) The VTAP program has a potential facial
recognition capability. One of Virages partners is Visionics Corporation,
the company that markets the FaceIt facial recognition system. According
to Visionics, the system can recognize faces at a distance, in a
crowd and at a glance and can automatically capture faces
in the field of view, extract them from their background and compare them
against a watchlist or database of certain individuals.
According to an INSCOM spokesperson, INSCOM is working with contractors
to improve the capability of closed circuit television HID programs to
scan crowd scenes from news broadcasts like those of Al Jazeera and identify
to U.S. intelligence and law enforcement those individuals of interest
who may be present at demonstrations. Presently, the HID programs require
a certain television picture quality to be able to accurately identify
individuals and match them to a database. But the agency expects to overcome
this problem soon. Then, advocates hope and critics worry, the improved
software will turn the cameras used by Al Jazeera, CNN, BBC and other
networks into virtual spy cameras.
Privacy advocates and civil libertarians should not expect too much sympathy
from the first head of the TSA, John Magaw, a former chief of the U.S.
Secret Service and Bureau of Alcohol, Tobacco and Firearms.
One of the priorities at the TSA is to overhaul the Federal Aviation
Administrations Computer Assisted Passenger Screening (CAPS) system.
A 1997 review by the Civil Rights Division of the Justice Department concluded
that CAPS did not record, nor give any consideration to, the race,
color, national or ethnic origin, religion or gender of airline passengers.
CAPS also does not include as a screening factor any passenger traits
that may be directly associated with such prohibited categories, such
as a passengers name or mode of dress.
A potential replacement for CAPS comes from International Consultants
on Targeted Security (ICTS). According to Ken Quinn, the attorney representing
ICTS in Washington, officials of the firm have already met with Magaw
and his top training people. ICTSs screening system profiles passengers
based on all of the prohibited categories that CAPS does not
Robert Poole, Jr., director of transportation studies for the Reason
Public Policy Institute, a pro-business and anti-regulation organization
based in Los Angeles, says it is absurd to apply screening to everybody
in an airport. He urges that the United States move to a three-tier screening
process, similar to that currently used by Israel. The first tier of passengers
would voluntarily participate in a Trusted Traveler Program administered
by the government. Passengers would undergo a security interview and security
background check. In return, they would be given a special ID card with
a biometric identifier that would speed them through the check-in process.
Poole says such a system should be administered by the airlines, not the
government. This would preclude the potential misuse of such information
by government agencies, he says; and he argues the airlines should contractually
agree with their customers not to make such frequent traveler security
information available to outsiders like direct marketers.
Privacy advocates say such protections would be almost worthless. Airlines
are likely to skirt such an outsider access rule, says Chris Hoofnagle
of the Electronic Privacy Information Center (EPIC), a Washington, D.C.-based
privacy watchdog group, by making personal security information available
to their corporate families of affiliates and subsidiaries.
In this case, these family members will molest the data, Hoofnagle
Poole foresees a second tier of passengers, infrequent travelers like
vacationers and grandmothers who are obviously not risks, undergoing a
limited profiling process. The third tier, passengers about whom very
little is known, would be subject to intensive interviews and technical
screening by millimeter wave back-scatter (clothing see-through devices).
Poole says the Air Transport Association and Airport Council International
are currently developing such screening models.
Ironically, biometric screening for passengers traveling to the United
States was already in operation before the events of September 11. Booz
Allen and Hamilton, the most ubiquitous of the private contractors in
the surveillance-driven security field, developed a sophisticated border
control database system for the CIA largely based on biometrics. Known
as PISCES (Personal Identification Secure Comparison and Evaluation System),
the terrorist interdiction system matches passengers inbound
for the United States against facial images, fingerprints and biographical
information at airports in 14 high-risk countries. A high-speed data network
permits U.S. authorities to be informed of problems with inbound passengers.
Although PISCES was operational in the months prior to September 11, it
apparently failed to detect any of the terrorists involved in the attack.
Whatever screening system is ultimately agreed upon, it will certainly
be a boon to security companies who will profit from the gathering of
personal information on air travelers. Given the governments past
lackadaisical reaction towards misuse of personal information by both
the public and private sectors, consumer and privacy watchdog groups expect
to be pressed into exercising even greater vigilance.
Larry Ellison, CEO of Oracle, is one of the leading proponents of a national
ID card system. Oracle, the worlds largest database vendor, owes
its very existence to a Central Intelligence Agency contract awarded it
in the 1970s. In September 2001, Ellison told San Francisco television
station KPIX, We need a national ID card with our photograph and
thumbprint digitized and embedded in the ID card. Ellison even agreed
to provide the U.S. government the software to run such a system free
of charge. However, Ellisons offer is less altruistic than it appears.
If the U.S. government bases a national ID system on his database product,
every hardware and software vendor who would interface with the system
would be required to license his software, which would become a de facto
industry standard. Ellison stands to make billions of dollars if such
a system is adopted.
Also waiting to cash in are the dozens of smart card vendors that are
responding to Congressional clamor for a chip-based national ID card containing
photographs, fingerprints, retinal patterns and even DNA data. In addition
to the hundreds of millions of dollars that could be made from manufacturing
smart cards for the U.S. population (with cards expected to cost between
$6 and $10 each), stand alone smart card reader terminals costing around
$300 each might be required at hundreds of thousands of locations around
Because the United States has been slower than Europe to adopt smart
cards for pay telephones, health care, vending machines and transportation,
most smart card companies are European and they stand to make the most
profit from a national ID card in the United States. These companies include
Gemplus and ActivCard of France, Philips of the Netherlands, and Siemens
and Giesecke & Devrient of Germany.
In 1998, Floridas Secretary of State Katherine Harris undertook
to cleanse the states electoral rolls of unqualified voters. The
$4 million job of sifting through the rolls and purging them went to DBT
Online (now known as Database Technologies), the Boca Raton, Florida-based
subsidiary of Choice Point, Inc. Choice Point had originally spun off
from the giant credit data firm Equifax. Using the massive criminal history,
credit, motorist, insurance and other personal files amassed by its parent
Choice Point and CDB Infotek, another Choice Point subsidiary, DBT determined
that a number of Florida voters, mainly African-Americans, were not qualified
to vote when, in fact, they were. Those ruled ineligible to vote included
8,000 Floridians listed as felons in a Texas database. However, many of
the individuals were guilty of only misdemeanors and therefore should
not have been stripped of their voting rights under Florida rules.
Choice Point later admitted that it made a mistake when it provided the
erroneous list from Texas to Florida. If even a small percentage of the
disenfranchised African Americans had been able to vote, both the Florida
election and the electoral college could have been tipped in favor of
Vice President Al Gore.
While Choice Point got egg on its face with the Florida election, it
definitely sees a new lease on life in providing personal data to hungry
government law enforcement and intelligence agencies, especially if the
data is used to verify information contained in a gigantic national ID
That prospect has already triggered a legal complaint filed with the
U.S. Departments of Justice and Treasury by EPIC. The privacy group alleges
that the governments use of personal information enables agencies
like the FBI, Internal Revenue Service, and Secret Service to obtain confidential
information on citizens in violation of the Privacy Act of 1974. According
to a travel security industry insider, if the TSA adopts the ICTS passenger
profiling system, computer terminals at airport check-in points would
link directly to government databases containing information from public
sources like the FBI and private sources like Choice Point. If Choice
Point repeats the Florida fiasco and makes erroneous information available
to the federal government for passenger screening purposes, innocent passengers
could find themselves denied permission to board flights.
And it has not just been contractors and procurement officials eager
to feed at the homeland security budget trough. Representative Curt Weldon,
R-Pennsylvania, is pushing the Bush administration and Homeland Security
Chief Tom Ridge to establish a National Operations and Analysis Hub (NOAH),
a supercomputer-based Internet data mining system that would assist the
military and intelligence community in pulling information of interest
from the world wide web. For years, Weldon has maneuvered to win Congressional
support for a supercomputer project led by Science Applications International
Corporation (SAIC), a major defense and intelligence contractor. The project,
called HUBS (Hospitals, Universities, Businesses and Schools), links computer
systems in Delaware, New Jersey, Maryland and Pennsylvania. HUBS was the
brainchild of Dr. Da Hsuan Feng, Weldons former technical adviser
on the House Subcommittee on Military Research and Development, which
Weldon chairs. Dr. Feng is now a vice president of SAIC at the firms
King of Prussia facility, also situated in Weldons district. SAIC
not only manages HUBS, which has received more than $25 million in federal
financing, but stands to profit from NOAH, which Weldon proposes be headquartered
in his district.
For its part, the FBI, by trying to amass even greater amounts of personal
data, is whittling away at federal and state privacy laws. FBI Director
Robert Mueller told a January meeting of U.S. mayors in Washington that
his bureau required a new communication system to digitize information
and share information more quickly and widely. One of the stumbling
blocks in sharing information contained in the FBI-run National Crime
Information Center (NCIC) computer is that current federal statutes prevent
it from being expanded to include information from states and local governments
without prior Congressional approval. Also, state privacy laws limit the
types of personal information that can be collected and with whom it can
be shared. Bills recently submitted in Congress will remedy this situation
by providing state and local police access to FBI-held information, including
contents of wiretapped phone calls and e-mail, bugged conversations, raw
evidence collected by grand juries, and information derived from the CIA
and other U.S. intelligence agencies.
Commenting on newly announced plans for surveillance cameras on the Mall
in Washington, D.C., New York Times columnist William Safire wrote in
February, These used to be the Great Unwatched, free people conducting
their private lives; now they are under close surveillance by hundreds
of hidden cameras. A zoom lens enables the watchers to focus on the face
of a tourist walking toward the Washington Monument or Lincoln Memorial.
The Mall cameras are connected to 200 cameras in public schools, and
will soon be connected with video surveillance in subways and parks and
images obtained by a private firm that photographs cars running red lights
(used by the District as the basis for traffic tickets sent by mail),
and perhaps with private cameras in banks, apartment buildings and shopping
Is this the kind of world we want? Safire asks.
The promise is greater safety; the tradeoff is government control of individual lives. Personal security may or may not be enhanced by this all-seeing eye and ear, but personal freedom will surely be sharply curtailed. To be watched at all times, especially when doing nothing seriously wrong, is to be afflicted with a creepy feeling. That is what is felt by a convict in an always-lighted cell. It is the pervasive, inescapable feeling of being unfree.
Wayne Madsen is a senior fellow of the Electronic Privacy Information Center (EPIC) in Washington, D.C. and Washington correspondent for Intelligence Online. Research for this article was supported by a grant from the Fund for Constitutional Government.