When sensors are used without our knowledge or against our will, they become instruments of surveillance. Most of the sensors to create a seamless snooping system are already in place, but the data -- credit-card transactions, passport scans at borders, emails, and phone calls -- are held by a scattered array of organizations. Linking it all together, sifting through it and assembling dossiers is, for government intelligence agencies and law enforcement, a killer app for smart cities.
If that wasn’t yet clear, it became abundantly so when Vice Admiral John Poindexter returned to public service in 2002 to launch total information awareness (TIA), the Pentagon’s effort to datamine the global war on terror. Poindexter was an odd choice to head the program -- his conviction in 1990 for lying to Congress about the Iran-Contra affair, while later reversed, subjected the program to increased scrutiny by civil-rights watchdogs.
Total information awareness was just as ominous as it sounds. At its heart was an effort to build what the Defense Department described as a “virtual, centralized, grand database” of government records, commercial transactions, and intercepted private communications. This data would be used to compute risk profiles of foreign visitors and American citizens alike, and mine it all for patterns of terrorist activity. Under intense scrutiny over another aspect of the program -- a virtual market for trading predictions about geopolitical events, which people believed terrorists might use to profit from their own crimes -- Congress defunded the project just as it was ramping up in 2003.
In the meantime, however, much of the technology agenda of total information awareness has been implemented by other governments and private firms around the world. In an odd geographic reconfiguration of power and control, every move, transaction, and message of city dwellers is now secreted away by fiber-optics to become feedstock for pattern-matching algorithms grinding away in exurban server farms. Once havens of anonymity, big cities are fast becoming digital fishbowls. But while TIA’s grand database sought to find traces of terror cells in big data, the real value of all this covert watching is more mundane. It’s about money.
It starts in our pockets. Mobile devices, like the iPhone, keep a running record of where we’ve been. Apple quietly disclosed this practice in 2010, but it didn’t make headlines until a year later when security experts Alasdair Allan and Pete Warden created a tool for users to easily access and map it. The data wasn’t just comprehensive and detailed; it was unencrypted and copied to every machine you synced with. Owners of non-Apple smartphones smirked, but a half-year later, another scandal broke over the widespread use of Carrier iQ software on other manufacturers’ devices. And Carrier iQ didn’t just track location. As documented by Trevor Eckhart, a systems administrator living in Connecticut, it also tracked dropped calls and every single click and keystroke made by the owner. Wireless companies claimed this data was indispensable for troubleshooting technical problems, but privacy watchdogs were stunned by its level of detail.
Most phones allow you to turn off location tracking, but mobile devices can also be used to track us passively, without our knowledge or consent, through systems that monitor the unique wireless beacons phones send out as they communicate with nearby towers. One such system, called Footpath, is sold by Portsmouth, England–based path intelligence. As the 2011 holiday shopping season approached, American consumers were surprised to learn Forest City Commercial Management, an operator of shopping malls, had deployed Footpath to track shoppers in California and Virginia. To map our movements, Footpath relies on a carefully placed array of listening posts to track mobile devices as they wander around a building. By triangulating the beacons sent by our phones to nearby cell towers, our location can be pinpointed with an accuracy of “a few meters” (the company doesn’t publicly specify beyond that), enough to know how you move from store to store, your “dwell time” spent inside, the sequence of shops visited, and even movements between sections inside large department stores. Footpath probably gets paid on both sides -- it can sell the demographics to retailers, as well as to mall operators who can use it to negotiate higher rents. Other than a sign at the mall entrance inviting shoppers to opt out by turning off their phones, the system is invisible, passive, and undetectable. Google and Nokia are also working on their own indoor positioning systems, and wireless chip manufacturer Broadcom is building features to support it in its products. “Acting like a glorified pedometer,” one tech blogger explains, “this Broadcom chip could almost track your movements without wireless network triangulation.” Using a navigational technique known as “dead reckoning” (the same way your car updates your position in a tunnel when it can’t receive signals from GPS satellites), “it simply has to take note of your entry point (via GPS), and then count your steps (accelerometer), direction (gyroscope), and altitude (altimeter).”
Despite Congress’ objections to total information awareness, law enforcement is finding the honeypot of personal data wireless carriers is accumulating irresistible. According to information filed in response to a congressional investigation in 2012, AT&T alone received over 260,000 requests for subscriber location data from American law enforcement organizations in 2011, compared to just over 125,000 in 2007 -- more than doubling while the company’s subscriber base grew by less than 50 percent over the same period. The company now employs more than one hundred full-time workers to respond to law enforcement requests. As the New York Times reported, “the widened cell surveillance cut across all levels of government -- from run-of-the-mill street crimes handled by local police departments to financial crimes and intelligence investigations at the state and federal levels.”
In many parts of the world, mass urban surveillance is overt and often welcomed. In recent years Chinese authorities have implemented two of the largest urban surveillance projects ever attempted. In November 2010, without public objection, the city of Chongqing launched an effort, inauspiciously dubbed “Peaceful Chongqing,” to install some 500,000 video cameras that will soon watch every street corner and plaza in the giant metropolis, keeping an eye on more than 6 million people. No doubt the municipal government (under the thumb of law-and-order mayor Bo Xilai, who has since been removed from power on suspicion of corruption) was inspired by the success of a similar network of over 25,000 cameras in the Arab Emirate of Dubai that revealed frame-by-frame how foreign assassins infiltrated the al Bustan Rotana Hotel to kill Hamas leader Mahmoud al-Mabhouh in January 2010. From the first known use of closed-circuit television cameras to monitor crowds in London’s Trafalgar Square during a state visit by the king and queen of Thailand in 1960, urban video surveillance has come a long way. The Brookings Institution calculates that today it would cost $300 million in storage capacity to capture a year’s worth of footage from Chongqinq’s vast camera network. But by 2020, thanks to the steady decline of cost for digital storage devices, that figure could be just $3 million per year. “For the first time ever,” they warn, “it will become technologically and financially feasible for authoritarian governments to record nearly everything that is said or done within their borders -- every phone conversation, electronic message, social media interaction, the movements of nearly every person and vehicle, and video from every street corner.” What’s worse is the active involvement of American firms like Cisco, which is supplying the city with network technology optimized for video transmission for an undisclosed sum.
Other Chinese cities have their own ideas about tracking citizens’ phones and, as with so many things, intend to do it on a scale unmatched by any nation. In march 2011 city officials in Beijing announced that a comprehensive program for tracking the populace’s 17 million mobile phones would be put in place for real-time traffic management. Perhaps reflecting the greater global scrutiny of China’s new would-be world capital, or shifting values among its new middle class, the Beijing project was greeted by Chinese newspapers as an invasion of privacy.
The extent to which mass urban surveillance will be tolerated in smart cities will differ around the world. Government, with varying degrees of citizen input, will need to strike a balance between the costs of intrusion and the benefits of early detection. In the European Union, for instance, strong legal protections for the privacy of personal information draw clear lines (for companies at least) on how data can be collected, stored, and reused. In much of urban Asia, historically speaking, privacy is a new luxury. The differing reactions to surveillance in China’s wealthy coastal cities and its industrializing core are as different as what you’d expect between San Francisco and Boise. Governments will play their hands differently. Autocratic elites like those that rule much the Persian Gulf region look at surveillance and data mining as a force multiplier that gives them leverage over terrorists, criminal organizations, oppressed minorities, and guest workers. Americans seem resigned to muddle through, leaving the courts to settle conflicts over digital surveillance and privacy on a case-by-case basis.
Mass surveillance, designed to protect smart cities, may actually put their residents at great risk. Once assembled, stockpiles of personal data are a honeypot for criminals. Theft of personal data is now endemic and epic in scale -- just a single breach of security in April 2011 led to the theft of over 75 million user records from the Sony PlayStation Network, an online community for computer gamers. The stolen data included users’ names, addresses, passwords, credit-card numbers, and birth dates.
Even the surveillance specialists seem overwhelmed. At the peak of the Carrier iQ scandal, information surfaced that much of the tracking was being done by extra code inserted by phone manufacturers. Carrier iQ’s executives were flummoxed to find their software had been hacked by their own customers. “We’re as surprised as anybody to see all that information flowing,” remarked Carrier iQ marketing director Andrew Coward. As Slate’s Farhad Manjoo put it, “these innocent explanations are exactly why you should worry that your phone is secretly invading your privacy: Between the manufacturer, the carrier, the O.S. maker, and all the other hands that touched your phone, there are more than enough opportunities to add software that overreaches, either benignly or with some malicious purpose.”
Private surveillance systems that connect to the cloud are open targets too. Trendnet, a company that provides surveillance solutions for homes and businesses, was compromised in early 2012. Links to live streams from thousands of its cameras were posted to hacker sites. As one report described the breach, “Some of the more interesting camera feeds included a laundromat in Los Angeles, a bar and grill in Virginia, living rooms in Korea and Hong Kong, offices in Moscow, a Newark man watching the football game in a Giants jersey, and the inside of a turtle cage.”
If all of this summons thoughts of George Orwell’s fictional dystopia "1984," you’re not alone. In an August 2011 ruling that blocked the U.S. government’s attempted warrantless seizure of subscriber location data from Verizon Wireless during a criminal investigation, federal judge Nicholas Garaufis wrote, “While the government’s monitoring of our thoughts may be the archetypical Orwellian intrusion, the government’s surveillance of our movements over a considerable time period through new technologies, such as the collection of cell-site-location records, without the protections of the Fourth Amendment, puts our country far closer to Oceania than our Constitution permits.”
Take Cisco’s vision of Songdo (and by extension the new China), an urban civilization powered by ubiquitous two-way video screens, and fold in the latest in biometrics. It would be hard to design a more flawless replica of Orwell’s “telescreen,” which pumped out propaganda while watching vigilantly for hints of dissent. As Orwell wrote in "1984," “It was terribly dangerous to let your thoughts wander when you were in any public place or within range of a telescreen. The smallest thing could give you away. A nervous tic, an unconscious look of anxiety, a habit of muttering to yourself -- anything that carried with it the suggestion of abnormality, of having something to hide. In any case, to wear an improper expression on your face... was itself a punishable offense. There was even a word for it in Newspeak: Facecrime, it was called.” Peaceful Chongqing is just a warm-up for Cisco. The market for surveillance products in China is growing at double-digit rates. It’s a future where police, bureaucrats, employers, and hackers may look out from every screen we look into.
We’d like to think of smart technology as a benevolent omniscience, always acting in our interests. That’s certainly the pitch by technology giants, governments, and start-ups alike. But the proliferation of surveillance mechanisms isn’t an accident. Governments, who ought to be the ones drawing a line to protect us, can’t keep themselves away from the stuff. It’s so tempting that even after Congress shut down the Pentagon’s Total Information Awareness program in 2003, the National Security Agency went on to build a clandestine version of the same monitoring system, even borrowing some of TIA’s own prototype technology. As the Brookings report on Peaceful Chongqing concluded, “Governments with a history of using all of the tools at their disposal to track and monitor their citizens will undoubtedly make full use of this capability once it becomes available.” The study purported to deal only with authoritarian states, but it might just as easily have included the United States.
In our rush to build smart cities on a foundation of technologies for sensing and control of the world around us, should we be at all surprised when they are turned around to control us?
Excerpted from "Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia" by Anthony M. Townsend. Copyright © 2013 by Anthony M. Townsend. With permission of the publisher, W.W. Norton & Company, Inc.