The Multinational Monitor

March 2002 - VOLUME 23 - NUMBER 3

C o r p o r a t e  C a p t u r e  o f  t h e  I n t e r n e t

The Business
of the Watchers
Privacy Protections Recede as the Purveyors
of Digital Security Technologies Capitalize
on September 11

By Wayne Madsen

In the wake of September 11, a wide array of corporations, with the active encouragement of the U.S. government, are developing new and extremely intrusive systems to capture personal data, biometric data and video information.

Prior to September 11, the proliferation of advanced digital technologies had already led to severe encroachments on personal privacy, with medical, financial and other personal information increasingly stored in commercial databases and, often, available over the Internet to anyone willing to pay a small fee.

Post-September 11, data and surveillance firms are eagerly seeking to roll out a new generation of observational and tracking technologies and products that will tear down many of the remaining veils on private activity.

Seizing on the heightened concern about security, the data and surveillance firms argue that their technologies can help ensure safety.
Privacy advocates counter that the security benefits are overblown, that initial privacy safeguards applied to the new technologies will inevitably fail or quickly be removed.

Uncritical introduction of these technologies, they fear, will move society far along the path to a scenario reminiscent of George Orwell’s 1984, where Big Brother is everywhere, “where telescreens are installed in every room, every hallway, elevator, lift, every street, square, every possible place.”

Not So Candid Cameras
The telescreen society predicted by Orwell is on the drawing boards of the cash-rich Defense Advanced Research Projects Agency (DARPA). The Pentagon’s chief research and development arm has been at the forefront of developing sophisticated facial recognition systems designed to be deployed in places like sports complexes, airports, train stations and busy street corners. DARPA has plied millions of dollars in seed money to facial recognition companies like Lau Technologies/Viisage, Identix and Visionics Corp. Seeing the lucrative profit potential in facial recognition systems, Identix, which is largely involved in fingerprint recognition systems, recently agreed to buy Visionics, a primary developer of facial recognition technologies.

Lau Technologies developed the “Face in the Crowd” facial identification system used to scan the images of nearly 100,000 spectators at the 2001 Super Bowl in Tampa.

DARPA continues funding for the Human Identification at a Distance (HID) Program that combines biometrics —the use of biological identifiers like fingerprints, iris scans and facial attributes — with state-of-the-art integrated camera systems. Visionics has incorporated such a system into its FaceIt recognition system. HID technology has gone beyond simple facial recognition capabilities to include the particular ways an individual walks — gaits, strides and other physical attributes of movement.

Other agencies are supporting video surveillance vendors. The FBI uses a program called dTective that enhances the images of faces captured by bank and automatic teller machine cameras during banking transactions. The CIA, DARPA and the U.S. Army Intelligence and Security Command (INSCOM) are working on a system that would transform television camera crews into unwitting intelligence collectors for the United States. Virage Corporation of Boston has jointly developed with the CIA and INSCOM a Video Text Audio Processing (VTAP) tool that automatically searches and translates satellite television news broadcasts. (Of special interest is Al Jazeera, the Arab satellite network based in Doha, Qatar that achieved notoriety for its interviews of Osama Bin Laden.) The VTAP program has a potential facial recognition capability. One of Virage’s partners is Visionics Corporation, the company that markets the FaceIt facial recognition system. According to Visionics, the system can “recognize faces at a distance, in a crowd and at a glance” and can “automatically capture faces in the field of view, extract them from their background and compare them against a watchlist or database of certain individuals.”

According to an INSCOM spokesperson, INSCOM is working with contractors to improve the capability of closed circuit television HID programs to scan crowd scenes from news broadcasts like those of Al Jazeera and identify to U.S. intelligence and law enforcement those individuals of interest who may be present at demonstrations. Presently, the HID programs require a certain television picture quality to be able to accurately identify individuals and match them to a database. But the agency expects to overcome this problem soon. Then, advocates hope and critics worry, the improved software will turn the cameras used by Al Jazeera, CNN, BBC and other networks into virtual spy cameras.

The Emerging Travel Surveillance Industry
The Aviation Security bill, signed into law last November by President Bush, creates a new Transportation Security Administration (TSA). The TSA, which could soon number more than 40,000 employees, is chartered to oversee security at every U.S. airport. Such a work force could increase by several thousand the number of federal agents with access to personal details in government and private sector databases. The key to access such data may be, if its proponents have their way, an interactive “smart” national ID card.

Privacy advocates and civil libertarians should not expect too much sympathy from the first head of the TSA, John Magaw, a former chief of the U.S. Secret Service and Bureau of Alcohol, Tobacco and Firearms.

One of the priorities at the TSA is to overhaul the Federal Aviation Administration’s Computer Assisted Passenger Screening (CAPS) system. A 1997 review by the Civil Rights Division of the Justice Department concluded that CAPS did “not record, nor give any consideration to, the race, color, national or ethnic origin, religion or gender of airline passengers. CAPS also does not include as a screening factor any passenger traits that may be directly associated with such prohibited categories, such as a passenger’s name or mode of dress.”

A potential replacement for CAPS comes from International Consultants on Targeted Security (ICTS). According to Ken Quinn, the attorney representing ICTS in Washington, officials of the firm have already met with Magaw and his top training people. ICTS’s screening system profiles passengers based on all of the “prohibited categories” that CAPS does not consider.

Robert Poole, Jr., director of transportation studies for the Reason Public Policy Institute, a pro-business and anti-regulation organization based in Los Angeles, says it is “absurd to apply screening to everybody” in an airport. He urges that the United States move to a three-tier screening process, similar to that currently used by Israel. The first tier of passengers would voluntarily participate in a Trusted Traveler Program administered by the government. Passengers would undergo a security interview and security background check. In return, they would be given a special ID card with a biometric identifier that would speed them through the check-in process. Poole says such a system should be administered by the airlines, not the government. This would preclude the potential misuse of such information by government agencies, he says; and he argues the airlines should contractually agree with their customers not to make such frequent traveler security information available to outsiders like direct marketers.

Privacy advocates say such protections would be almost worthless. Airlines are likely to skirt such an outsider access rule, says Chris Hoofnagle of the Electronic Privacy Information Center (EPIC), a Washington, D.C.-based privacy watchdog group, by making personal security information available to their “corporate families” of affiliates and subsidiaries. “In this case, these family members will molest the data,” Hoofnagle says.

Poole foresees a second tier of passengers, infrequent travelers like vacationers and grandmothers who are obviously not risks, undergoing a limited profiling process. The third tier, passengers about whom very little is known, would be subject to intensive interviews and technical screening by millimeter wave back-scatter (clothing see-through devices). Poole says the Air Transport Association and Airport Council International are currently developing such screening models.

Ironically, biometric screening for passengers traveling to the United States was already in operation before the events of September 11. Booz Allen and Hamilton, the most ubiquitous of the private contractors in the surveillance-driven security field, developed a sophisticated border control database system for the CIA largely based on biometrics. Known as PISCES (Personal Identification Secure Comparison and Evaluation System), the “terrorist interdiction system” matches passengers inbound for the United States against facial images, fingerprints and biographical information at airports in 14 high-risk countries. A high-speed data network permits U.S. authorities to be informed of problems with inbound passengers. Although PISCES was operational in the months prior to September 11, it apparently failed to detect any of the terrorists involved in the attack.

Whatever screening system is ultimately agreed upon, it will certainly be a boon to security companies who will profit from the gathering of personal information on air travelers. Given the government’s past lackadaisical reaction towards misuse of personal information by both the public and private sectors, consumer and privacy watchdog groups expect to be pressed into exercising even greater vigilance.

Tessera Americana
In ancient Rome, a tessera was an identification tile that every slave was forced to wear or face possible execution. A number of companies are now eagerly proposing a tessera Americana — a national ID system for the United States. In this effort, the companies are supported by a chorus of members of Congress, including Senators Richard Durbin, D-Illinois, Dianne Feinstein, D-California, and Jon Kyl, R-Arizona.

Larry Ellison, CEO of Oracle, is one of the leading proponents of a national ID card system. Oracle, the world’s largest database vendor, owes its very existence to a Central Intelligence Agency contract awarded it in the 1970s. In September 2001, Ellison told San Francisco television station KPIX, “We need a national ID card with our photograph and thumbprint digitized and embedded in the ID card.” Ellison even agreed to provide the U.S. government the software to run such a system free of charge. However, Ellison’s offer is less altruistic than it appears. If the U.S. government bases a national ID system on his database product, every hardware and software vendor who would interface with the system would be required to license his software, which would become a de facto industry standard. Ellison stands to make billions of dollars if such a system is adopted.

Also waiting to cash in are the dozens of smart card vendors that are responding to Congressional clamor for a chip-based national ID card containing photographs, fingerprints, retinal patterns and even DNA data. In addition to the hundreds of millions of dollars that could be made from manufacturing smart cards for the U.S. population (with cards expected to cost between $6 and $10 each), stand alone smart card reader terminals costing around $300 each might be required at hundreds of thousands of locations around the country.

Because the United States has been slower than Europe to adopt smart cards for pay telephones, health care, vending machines and transportation, most smart card companies are European and they stand to make the most profit from a national ID card in the United States. These companies include Gemplus and ActivCard of France, Philips of the Netherlands, and Siemens and Giesecke & Devrient of Germany.

Electoral Purges and Personal Data Rifling
Any national ID card system would have at its core a massive inter-linked database replete with personal details of U.S. citizens. The information in the databases would likely be used to determine the eligibility of U.S. citizens for a number of privileges, including the right to vote. But databases often contain errors, and the consequences can be catastrophic. The problem of erroneous information was never more evident than in the 2000 Florida presidential election.

In 1998, Florida’s Secretary of State Katherine Harris undertook to cleanse the state’s electoral rolls of unqualified voters. The $4 million job of sifting through the rolls and purging them went to DBT Online (now known as Database Technologies), the Boca Raton, Florida-based subsidiary of Choice Point, Inc. Choice Point had originally spun off from the giant credit data firm Equifax. Using the massive criminal history, credit, motorist, insurance and other personal files amassed by its parent Choice Point and CDB Infotek, another Choice Point subsidiary, DBT determined that a number of Florida voters, mainly African-Americans, were not qualified to vote when, in fact, they were. Those ruled ineligible to vote included 8,000 Floridians listed as felons in a Texas database. However, many of the individuals were guilty of only misdemeanors and therefore should not have been stripped of their voting rights under Florida rules.

Choice Point later admitted that it made a mistake when it provided the erroneous list from Texas to Florida. If even a small percentage of the disenfranchised African Americans had been able to vote, both the Florida election and the electoral college could have been tipped in favor of Vice President Al Gore.

While Choice Point got egg on its face with the Florida election, it definitely sees a new lease on life in providing personal data to hungry government law enforcement and intelligence agencies, especially if the data is used to verify information contained in a gigantic national ID card database.

That prospect has already triggered a legal complaint filed with the U.S. Departments of Justice and Treasury by EPIC. The privacy group alleges that the government’s use of personal information enables agencies like the FBI, Internal Revenue Service, and Secret Service to obtain confidential information on citizens in violation of the Privacy Act of 1974. According to a travel security industry insider, if the TSA adopts the ICTS passenger profiling system, computer terminals at airport check-in points would link directly to government databases containing information from public sources like the FBI and private sources like Choice Point. If Choice Point repeats the Florida fiasco and makes erroneous information available to the federal government for passenger screening purposes, innocent passengers could find themselves denied permission to board flights.

Data Miners Abound
Choice Point, along with Oracle, Microsoft, Booz, Allen and Hamilton, and a rival of Choice Point, Information Builders, were front and center at a Homeland Security seminar and exhibition held in Washington this past December. The homeland security gathering saw hundreds of government officials with procurement authority eagerly approaching the security vendors to seek information on their offerings and products.

And it has not just been contractors and procurement officials eager to feed at the homeland security budget trough. Representative Curt Weldon, R-Pennsylvania, is pushing the Bush administration and Homeland Security Chief Tom Ridge to establish a National Operations and Analysis Hub (NOAH), a supercomputer-based Internet data mining system that would assist the military and intelligence community in pulling information of interest from the world wide web. For years, Weldon has maneuvered to win Congressional support for a supercomputer project led by Science Applications International Corporation (SAIC), a major defense and intelligence contractor. The project, called HUBS (Hospitals, Universities, Businesses and Schools), links computer systems in Delaware, New Jersey, Maryland and Pennsylvania. HUBS was the brainchild of Dr. Da Hsuan Feng, Weldon’s former technical adviser on the House Subcommittee on Military Research and Development, which Weldon chairs. Dr. Feng is now a vice president of SAIC at the firm’s King of Prussia facility, also situated in Weldon’s district. SAIC not only manages HUBS, which has received more than $25 million in federal financing, but stands to profit from NOAH, which Weldon proposes be headquartered in his district.

For its part, the FBI, by trying to amass even greater amounts of personal data, is whittling away at federal and state privacy laws. FBI Director Robert Mueller told a January meeting of U.S. mayors in Washington that his bureau required a new communication system to “digitize information and share information more quickly and widely.” One of the stumbling blocks in sharing information contained in the FBI-run National Crime Information Center (NCIC) computer is that current federal statutes prevent it from being expanded to include information from states and local governments without prior Congressional approval. Also, state privacy laws limit the types of personal information that can be collected and with whom it can be shared. Bills recently submitted in Congress will remedy this situation by providing state and local police access to FBI-held information, including contents of wiretapped phone calls and e-mail, bugged conversations, raw evidence collected by grand juries, and information derived from the CIA and other U.S. intelligence agencies.

The Feeling of Being Unfree
September 11 has sped government and corporate reliance on the formula for the most intrusive penetration of people’s zones of privacy: the intensified use of biometrics and the combination and centralization of data bases containing profoundly personal information.

Commenting on newly announced plans for surveillance cameras on the Mall in Washington, D.C., New York Times columnist William Safire wrote in February, “These used to be the Great Unwatched, free people conducting their private lives; now they are under close surveillance by hundreds of hidden cameras. A zoom lens enables the watchers to focus on the face of a tourist walking toward the Washington Monument or Lincoln Memorial.”

The Mall cameras are connected to 200 cameras in public schools, and will soon be connected with video surveillance in subways and parks and images obtained by a private firm that photographs cars running red lights (used by the District as the basis for traffic tickets sent by mail), and perhaps with private cameras in banks, apartment buildings and shopping malls.

“Is this the kind of world we want?” Safire asks.

“The promise is greater safety; the tradeoff is government control of individual lives. Personal security may or may not be enhanced by this all-seeing eye and ear, but personal freedom will surely be sharply curtailed. To be watched at all times, especially when doing nothing seriously wrong, is to be afflicted with a creepy feeling. That is what is felt by a convict in an always-lighted cell. It is the pervasive, inescapable feeling of being unfree.”

Wayne Madsen is a senior fellow of the Electronic Privacy Information Center (EPIC) in Washington, D.C. and Washington correspondent for Intelligence Online. Research for this article was supported by a grant from the Fund for Constitutional Government.