Nearly three years after Edward Snowden’s explosive revelations, many Americans are once again losing a disproportionate amount of sleep over terrorism and seem ready to re-embrace extensive and extralegal surveillance as an ordinary fact of life.
Last week, it was revealed that the New York Police Department has secretly deployed Stingray devices, which vacuum up the location of mobile phones by posing as a cell tower, on a large scale and without first seeking a warrant. The NYCLU, through a freedom of information request, discovered that they had done so more than 1,000 times since 2008, picking up data not only on suspects but also on an untold number of innocently-bystanding New Yorkers’ en masse.
But this startling end run around the Fourth Amendment, like the recent revelation that NYPD uses X-ray vans that can see through buildings, has gotten little public attention. In large part, that's because law enforcement is exploiting returning public terrorism fears with very loud, panicked warnings that the problem is not too much surveillance but too little—that in particular, the encryption of iPhones and other technology is allowing for crime and terror suspects to “go dark” and avoid detection.
In the wake of last year's Paris attacks, New York Police Commissioner Bill Bratton took up CIA Director John Brennan and FBI Director James Comey’s national security state "going dark" hyperbole, using the bloodshed as a pretext to push for legislation that would force companies like Apple to create a backdoor into encrypted devices.
“ISIS, taking advantage of the technology that the head of the FBI has been complaining about, I’ve been complaining about, going dark, the ability to go dark, I think you’re going to see that playing a significant factor in this event,” Brennan said in November.
It was later reported that, in fact, the attackers used unencrypted text messages. And so the argument’s instrumental nature—a distraction—was further clarified: law enforcement is exploiting new surveillance technology, including the bulk collection of metadata; crafting loopholes in existing Fourth Amendment law; and keeping their fresh abuses a secret.
National security state defenders hide metadata collection programs and then, when they are exposed, are eager to downplay its significance, as President Obama put it with regard to the NSA’s dragnet: “Nobody is listening to your telephone calls.”
It is a rather artful exercise in propaganda. The media too often plays along.
“What law enforcement is saying, especially the FBI, [is] 'Well, we can’t get access to communications because they’re encrypted and this is hampering our law enforcement investigation',” says Jennifer Lynch, Senior Staff Attorney at the Electronic Frontier Foundation. “But what’s really happening is that law enforcement is relying more and more on metadata generated by our communications,” providing troves of information on a person’s location and relationships.
“That is more beneficial to law enforcement and it can’t be encrypted,” Lynch explains.
Security officials keep the public focus on the limits of surveillance rather than on its excesses; at the very same time, the frequent exposure of new surveillance capacities perversely functions to normalize those excesses. If widespread surveillance is ordinary, it cannot be shocking. Instead, the anomaly becomes whatever surveillance capability lies just beyond law enforcement's capability or authorization.
In October, President Obama announced that he would not back a move to require cop-accessible backdoors into encrypted devices, conceding Silicon Valley's point that doing so would leave them vulnerable to criminals and nefarious foreign governments. It now turns out, however, that this may have been another feint. Just yesterday, a federal magistrate judge in California ruled in favor of the government, ordering Apple to hack into San Bernardino shooter Syed Rizwan Farook's iPhone 5c for the FBI. Apple has refused to comply, saying the order to create such software, effectively a skeleton key, for one iPhone would in fact leave all iPhones vulnerable and make encryption a dead letter.
Your television might be tapped
Digging below the politically-weaponized rhetoric, it's clear that law enforcement and intelligence agencies have ample and growing opportunities to surveil not only telecommunications metadata but its content as well. Indeed, some cell-site simulators can also monitor call, text message and email content, according to the New York Times. But we can’t know for certain how Stingray or any device is being used: law enforcement, it’s now clear, treats new surveillance technologies as a secret until forced to do otherwise.
Cops have used Stingrays in recent years to catch criminal suspects minor and major but hide it from judges, defense attorneys—and also from a general public whose phone data is getting caught up in investigations. The secrecy is both breathtaking and by design: Agencies sign non-disclosure agreements with StingRay manufacturer Harris Corporation, or with the FBI, forbidding the disclosure of information about how the technology works and even that it played any given role in an investigation.
Instead of a warrant, police often seek a “pen register order,” an antiquated tool to secure call histories that does not require that police show probable cause. The secrecy imposed on Stingray is extreme, and it might not be anomalous. Rather, it suggests a real possibility that law enforcement is currently deploying other new surveillance capabilities in secret.
“I wonder if these NDAs are happening with other kinds of technologies,” says Lynch. “There’s gotta’ be something else on the horizon…The next thing could already be here.”
Particularly concerning is the possibility that law enforcement is secretly tapping into the so-called Internet of Things, the now standard consumer goods connected to the web—televisions, refrigerators, cars, watches, toys, alarm systems—which often capture audio and video. The possibility that these devices could be hacked or tapped is very real: Samsung has warned users of its smart TV that "spoken words" including "personal or other sensitive information...will be among the data captured and transmitted to a third party."
The police can look through walls and might be tapping your television, but security officials are still freaking out about dangerous people “going dark” on their encrypted iPhones. It appears to be “pure misdirection,” as Natasha Lomas writes at TechCrunch, geared to facilitate a “landgrab” of “as much access to data as possible…narrowing the debate to focus on specific technologies such as end-to-end encryption makes sense as a way to distract attention from other potential surveillance avenues, such as IoT and location metadata.”
The general public is increasingly caught up in a high-tech dragnet, from facial recognition technology that renders one’s likeness into a unique record to license-plate readers tracking people’s movements en masse and trawling for municipal debtors. If you’re inclined to trust the state to use these tools responsibly, consider that Los Angeles City Council has considered using readers to identify cars driving through areas known for prostitution, and then sending “Dear John” letters to the owners’ homes. What could go wrong?
Novel forms of police surveillance like Stingray have been emerging fast—much faster than courts have been able or willing to apply sensible Fourth Amendment safeguards governing their use. They are, however slowly, catching up. In recent years, the Supreme Court has ruled that placing a GPS device on a suspect’s car and using that to track the suspect’s movements constitutes a search, and also that police must generally obtain a warrant before searching a phone, in part because it includes locational data.
Law enforcement’s approach to Stingray, however, sets a disturbing precedent, suggesting that new surveillance devices will be deployed clandestinely as part of a legal strategy seeking to minimize the harm of future adverse rulings by lengthening a given technology’s period of ungoverned secrecy to the maximum.
In September, the Justice Department announced guidelines requiring agents to seek a warrant before using devices like stingray—except, however, for “exceptional circumstances.” That’s a big caveat, leaving open the possibility that DOJ might not enforce the rules—rules that could in any case be changed by a future Attorney General. The Department of Homeland Security's directive, according to the ACLU, is even more permissive.
Telecommunications are now integrated into nearly every facet of our daily lives, rendering even the most banal sundry into potential spyware. The Fourth Amendment, as traditionally applied to the search of homes, pockets and cars, has long been viewed by police as a procedural hindrance. Now, new technology offers law enforcement the irresistible temptation to omniscience. Only transparency, oversight and debate can ensure that constitutional safeguards survive the digital revolution.
Shares