Monthly Archives: March 2014
Posted by Amy MacPherson
A recent Snowden leak drew fire from Julian Assange’s legal advisor and civil liberty monitors around the world, as visitors to WikiLeaks learned they were being tracked by US government in addition to its architect. Stopping by the website was enough to get an IP address logged and from that information users can be identified, if the NSA wished to take the investigation further.
Days later in the United Kingdom, the news broke that British spies at GCHQ intercepted millions of Yahoo webcam chats. Images of civilians were collected for a facial recognition program, with little regard to their nationalities or compromising situations. Many users were captured during intimate encounters, proving nothing is sacred when it comes to privacy in the eyes of Big Brother.
In both cases journalists and constitutional experts condemned the intrusion, united in their arguments by a selection of key themes: The ambiguity of laws that govern digital spying allows for government abuse and due to secrecy, the public has no idea when its rights are being transgressed. The Five Eyes spy agencies answer to no one and without oversight, there is no recourse for abuse. Press freedom is essential to a functioning democracy and government surveillance of their communications is tantamount to intimidation, thereby quashing a reporter’s independence and ability to protect sources. Finally, the surveillance of civilians has crossed new lines, if they’re now being tracked due to reading public content. Some have said the government is making a list and checking it twice, without ever informing the innocent citizens they’re surveilling.
Where defence advocates cite the threat of terrorism, civil liberty groups accuse governments of going too far under the guise of national security. Photos of our neighbours sharing private moments don’t appear to keep a country safe and neither does detaining the mates of journalists. In the US and Egypt reporters have been criminalized for the act of recording and telling the truth. In Canada, a judge tasked with approving CSEC warrants admits his orders are being misrepresented and abused in the international arena.
At least, at some point along the way, a covert court, congressional or parliamentary committee condoned these actions. They had to evaluate evidence that justified a temporary suspension of civil rights in the name of human safety, before allowing the NSA, GCHQ or CSEC to proceed. Whether citizens disagree with the mode, the means or the reason, an authority of some sort provided guidance until we craft laws around metadata and what constitutes privacy in the modern age. There is a telephone number to call with complaints and the election ballot box collects everyone’s messages.
The process is slow, expensive and fraught with debauchery, but it does exist. Lawyers are pushing for new legislation to close extensive spying loopholes and journalists are right beside them, urging governments to restore respect for the press. But what if it’s not the government spying and the global public is subjected to the same risk?
This privacy saga has expanded through a series of new developments and regrettably I must use myself as the example. It’s rare for an investigative journalist to become part of the story and it is with great caution that I endeavour to do this. It’s also the only way I can relate these facts, through a collection of evidence that arose from my experience and carefully considered indignation.
On February 13, 2014, I published an article on FreeThePressCanada.org. It’s a special report that addresses government conflict and proposed oil fracking beside a nuclear waste repository along the shores of the Great Lakes system. This significant resource provides drinking water to millions of residents in Canada and the United States. As anticipated, it raised concern on both sides of the border and the response has been overwhelming.
I chose to publish on this website because I’m a freelancer and I control the content here. Although I’ve written for mainstream media and Canada’s national broadcaster, relationships are being questioned between the oil industry, government and news organizations in our country. This investigation was too consequential to relinquish to another party, in the event anyone could seek to suppress the information. Our press was free to the point of envy, but much has changed under the current administration. Today the government keeps an “Enemy List” and Canadian scientists aren’t the only names on it.
Due to my access, I was able to monitor the analytics and keep an eye on the story’s progression. I receive data indicating how many people have visited, what articles they’ve inspected, what country they hail from and if they arrived at the site from links posted at an alternate location (all information is anonymous and only tallies are provided).
Facebook, Twitter and Reddit account for the most common referrals. Sometimes the audience visits via forums, blogs or other news sites, where users are discussing the issue in a comment section and someone shares the link. Less frequently a referral may appear that I fail to recognize and six days after publishing, I noticed a curious entry.
The combination of “spotter” plus “alias to create” was enough to pique my interest. I tried visiting the page that showcased my work, only to find it contained a secure log-in for an incredibly powerful tech corporation. Since the area that contained my information was restricted to me, I set off to learn more about this company.
Spotter.com is impressive to say the least. At first glance they compile big data and work with matters of reputation management. They gather consumer feedback from platforms like social media and there are multiple competitors that do the same. Everyone using these network tools has come to accept that ads appear according to the same technology.
Corporations like Google have kept privacy czars at bay by reinforcing their policies to ensure this practice is anonymous. For no reason would this exercise in text mining become personal and connect with an individual. The advertising is based on general demographics and categories of interest.
However, in 2011 Spotter unveiled proprietary software that surpasses these capabilities. They sought the metadata and location of internet users to match with items they’ve posted, for the purpose of building a private database and tracking system. Whereas government collects IP addresses through judicial warrant or National Security Letter, this company obtains GPS coordinates for targets under private surveillance, directly from internet pages. Without legal clearance to capture this information like the NSA possesses, the only way for Spotter to achieve the same feat is by running script that may skirt the law and calls everything into question about the goals of big data.
This would barely represent the violation I was about to feel. My article was clearly entered within the Spotter monitoring centre, because that’s the location a visitor clicked a link to arrive at my page in the first place. I couldn’t know who was paying the company to keep tabs on my work and their main accounts weren’t particularly encouraging.
Prominently displayed on the Spotter site are logos for the European Commission, Dubai Courts, Air France, Coca-Cola and McDonald’s. That may account for a quarter of wealth in the world and suggests these services don’t come cheap. Spotter headquarters are located in France and they conduct business in the US, Canada, UK, Switzerland, Luxemburg, UAE and Qatar. Early literature mentions operations in Belgium, Denmark, Spain and Portugal as well.
Inspired to know more, my investigation continued. I quickly found it wasn’t just me this faceless observer was watching. If the public discussed my website their GPS was logged the same as WikiLeaks discovered. The only difference is the NSA claimed jurisdiction over Assange and in my case there was no court to grant a private company permission to pinpoint everyone in a journalist’s readership.
Armed with GPS coordinates the Spotter software then builds a map. Everyone who shares or speaks about the surveilled link may be tagged, to assess my reach as a reporter. In this way the technology resembles a worm-type virus, because those who visit can have their personal information seized and there is nothing I can do to stop a third party intrusion. The software updates reader responses in real time and can catalogue half a million entries per day.
This isn’t a matter of beefing up security or cleaning an infection from my site. It’s happening externally through Spotter and if I wasn’t alerted to the company, I would never have known about this peril. Whether sharing happens directly from my news site or somewhere else like Twitter, this program will penetrate the entire network to identify readers. The script to obtain the audience’s location is therefore infecting all of social media. One line is all it takes to be included, regardless of where it’s occurring.
Profiling Syntax and Tone
This software goes deeper than text or data mining. It also performs sentiment mining by analyzing the words for “syntax and tone”. A psychological profile of sorts has been assembled from my writing style and content. Again it’s the same for anyone who comments, to gauge how I’ve affected the pubic audience. A Spotter client is profiling everyone with an opinion related to my work, with as much depth as they’ve applied to me.
The definition of commenting includes any words associated with the link while sharing and resulting discussion with friends. These friends may not have posted the article, but if a response is entered their sentiments will be catalogued in addition to the person who did. Spotter proceeds to save these comments, along with everyone’s GPS. That means people who didn’t click the link can be caught in the same dragnet.
It doesn’t matter if you’re on a different continent with better privacy laws than North America. If you spoke negatively or positively about my investigations, this program will know the difference and add you to the watch-list database through the mapping module. There is no protection or discernment for members of government and if an elected official joins the conversation, the psychological meaning of their text will be analyzed the same as anyone else. In this sense, there is no such thing as diplomatic immunity from having one’s thoughts surveilled.
It’s important to understand that sentiment mining was already in development, but due to the early stages of this research, ethical arguments were only beginning as well. It was introduced as another anonymous tactic that didn’t focus on the individual, but when Spotter used this tech to target a specific journalist the mission became intensely personal. As they married this feature to hunting down my audience, it also personalized surveillance of the readership. No longer can anyone claim this effort was anonymous, because they save exchanges from those who comment to reference with GPS coordinates, from which they can be singled out. Everyone with a blog is equally being surveilled.
How The Data Is Used
Stunning by itself, this collection of data must serve a purpose to validate the cost of running an elaborate operation.
Spotter software combines the location and syntax analysis to determine a journalist’s risk and influence. Once they’ve identified a nuisance to their clients, a plan to deal with the problem is devised under the heading of reputation management. Attention to corporate persona is normally good for business when it’s used to resolve customer complaints or deal with emergencies. On the other hand, if used nefariously to stalk someone for political reasons, that ability can become a weapon in a hurry. History has proven this time and again, from the Glavlit to the Ministry of Public Enlightenment and Propaganda.
The company’s capacity to use this intel against individuals is reinforced by a decision-making segment within the Spotter Studio. The reason this monitoring occurs is so clients can prepare an effective defence of their interests and confront the source of unhappiness directly. The other option is promoting allied influencers to mitigate the damage, commonly referred to as “spin”.
A client can determine their own strategy, or they can employ a Spotter communications team to handle these reputation issues. The company notes a favoured tactic is winning over detractors and engaging them to promote the object of their criticism.
It would be up to a journalist, government employee, NGO, business or targeted entity, whether to accept these overtures or not. Perhaps an anti-nuclear or anti-fracking agency would come on board and begin touting the benefits of this energy, instead of criticizing it anymore. Perhaps a news producer would begin to deny stories that had a negative impact on their alliance, that was forged through negotiation with the vested Spotter client. Whatever the change in attitude, it likely doesn’t come free. If the individual doesn’t cooperate, it’s also conceivable there may be repercussions.
Although we must speculate about the intentions of anyone using this software, what can’t be overlooked is the intention to interfere with media. Journalism wasn’t meant to double as public relations for corporate interest and allowing intimidation through private surveillance destroys the constitutional ideal of press freedom at its core. Covertly collecting the GPS coordinates of readers should handily remove any benefit of the doubt, as it surpasses the NSA’s mandate and goes well beyond the confines of anonymity in metadata.
Spotter goes on to say that politicians use their services and the European Commission is front and centre on that list. It raises the question if a government actor is behind the surveillance of journalists and members of the public. With no oversight of companies that perform similar spying to that of intelligence agencies, we must ask if private watchers are contracted by bureaucrats to bypass procedures or keep monitoring off the record. In this respect Spotter may have more power than any government, because they’re free to target for money without needing to justify their actions. The more effective they are in helping a client defeat their opponent, the greater everyone’s year-end bonus.
Complicating this situation is the international structure being surveilled. While the Spotter company is based in France, I’m in Canada and the website in question is technically located in the United States. The client that watch-listed my work could be located in any country and my readership extends globally as well. Lawyers may have a heyday trying to sort this out, but meanwhile I have no recourse to shield myself or the informed citizens who support investigative journalism.
The public doesn’t realize they’re being run through behavioural diagnostics and mapped for reading the news. It’s as if a plague began the moment Spotter inputted my web address and I suspect major publications took priority over my platform. At this point a wiretap would be less intrusive for its reach and the implications extend to every profession that uses the internet. The government may track journalists suspected of telling too much, but a corporation will watch anyone they’re paid to study and both will be tracking a target’s entire network of contacts. The private version of this surveillance will also be more intrusive than what the Five Eyes are allowed to perform.
Without knowing which of these engaged Spotter to surveil my audience, I can only say that five days after being privately watch-listed, the US Department of Homeland Security called my house.
Blurred Lines Between Corporate and Government Spies
Most intriguing are Spotter’s quiet relationships. They have a longstanding history with the International Olympic Committee, providing surveillance and reputation management that covered the Sydney, Australia games. They assist prospective host cities by out-maneuvering the competition with proprietary intelligence. Their politically minded sports clients include the World Anti-Doping Agency, Rugby World Cup and Tour de France. If you spoke about any of these topics on the internet, there’s a chance your words were already added to the Spotter database for monitoring purposes. That means all your friends who responded too, along with a regular update of everyone’s movement.
In August 2011, Spotter announced a $7 million contract spanning four years with the European Commission. The company notes their previous affiliation and goes on to celebrate the most recent project, assessing European issues in the media. More important are the Decisional Analytics designed to navigate and steer opinion regarding policy matters. The monitoring for this database includes all 27 member states, as well as third party countries and any number of “influencers”.
By the end of 2012, Spotter secured another contract with the European Research Council. After demonstrating their software could deliver on its promises, the institution sought their services to develop a global media monitoring and analysis system. The term “media” includes all traditional forms, plus social media, blogs, forums and comment sections spanning the world wide web.
Since the company admits to saving copies of all media and comments in a proprietary database, this may present legal problems in the United States and several countries that value copyright. In the Associated Press v. Meltwater case (2013), the court held that clipping copies wasn’t protected by fair-use doctrine and this practice was an infringement. My own site states that payment is required and yet I’m guaranteed that Spotter has taken my work without notification, compensation or permission. I certainly didn’t give them access to mine or the readership’s GPS, but they’ve taken that without anyone’s knowledge. A similar case in the UK had the opposite outcome, but surveilling the audience network along with geo-location metadata wasn’t considered among the issues.
This comprehensive data saved by Spotter is a new phenomenon that addresses more than copyright and assumes possession of the readership, in addition to diagnosing their behavioural tendencies and movement. It’s unknown how this would impact privacy laws in Canada, involving an untested example of researcher surveillance. The University of Montreal engaged Spotter to monitor names related to the school and devise a ranking system, based on their public influence.
Deepening the mystery regarding Spotter’s stature and authority, the company cites the UK Home Office as a high profile client in limited print material. This government ministry oversees national security, counter-terrorism and MI5. The latter works in concert with British spies at GCHQ, in partnership with the Five Eyes intelligence community including the NSA and CSEC. Therefore it’s possible a government client watch-listed me through a private mechanism that circumvented traditional approval.
The LexisNexis Connection
Behind every good surveillance company is an exceptionally skilled programmer and Spotter hired Olivier Massiot as its Chief Technology Officer. Prior to joining the team, he is credited with the development of text mining and analytics for a powerful American competitor, LexisNexis.
LexisNexis also treads a fine line between corporate intelligence, law and national security. They’re predominantly known for providing databases to universities and cataloguing case law plus legislation from each of the Five Eyes countries. QuickLaw is one of their proprietary services and it’s used by most lawyers in Canada to research trends and precedents.
What little is known about the company (that requires log-in to most pages) is trusted by all courts and prestigious schools in North America. Judges stateside may not realize that additional products in the suite are used to surveil them akin to journalists, however. Profiles are created to find weaknesses, bias and relationships about not only judges, but also opposing counsel, arbitrators and experts. This may involve checking assets, business registrations, deed transfers, licences, tax filings and social interaction with others.
We probably haven’t heard much about LexisNexis because they provide Advanced Government Solutions, although these services are available to the private sector as well. The client list includes: Attorneys General, Corrections, Parole and Probation, Courts and Judiciary, Health and Human Services, Municipal Attorneys, Regulatory and Administrative, Tax and Revenue, Law Enforcement, Defense, Intelligence and Homeland Security.
Working with 4,000 state, federal and local police departments, the company boasts about their ability to provide officers with investigative data that isn’t available through public records. This includes documentation of a target’s mental health without any effort to seek patient consent. They licence access to proprietary records that are described as “inaccessible to general law enforcement searching”. The exclusive information can then be shared across a private network for police investigators in the LexisNexis program.
As Spotter collects GPS coordinates for private customers, LexisNexis does the same for police. They also map relationships and analyze links between people that can be integrated with the force’s internal records. This raises another set of questions if law enforcement is allowed to possess private information that would “otherwise be inaccessible”.
In October 2013, LexisNexis released a Social Media Monitor that behaves similar to the product from Spotter. Police can highlight a geographic perimeter on any touchscreen device and this program will collect posts from users in the area. Surveillance can be set by keywords or target names and the software contains a predictive feature that PoliceOne editor, Doug Wyllie describes as resembling the Minority Report. With forward looking semantic technology, it attempts to assess the precognition of crime and no, it’s not a prototype.
On the Homeland Security front, comparative software monitors terrorist threats and hunts for fugitives who are trying to stay off the radar. Experts at LexisNexis assist the government with a customized repository for their abundant information, as well as access to the company’s records that were obtained both publicly and privately.
In service of the Department of Defense and National Security Agency, this multifaceted corporation collects, analyzes and “enriches” international data to help with greater insight. This may include social media and information about journalists, or anyone who landed in a geo-surveillance circle. An itemized contract with the government indicates they train spies and support staff how to operate the software as well.
It’s confusing that no conflict of interest was raised when LexisNexis sought to influence government policy. They’re employed to create these surveillance programs and in the next breath they help the intelligence community devise civil liberty and privacy rights, while compiling personal data about judges.
Likewise, this company represents the energy industry and it’s impossible for a target to know if they’ve been watch-listed by a corporate client or the Five Eyes collaboration. A disturbing scenario exists in Canada and CSEC is deflecting criticism for sharing intelligence about activists with oil tycoons, offending public perception in the same manner.
LexisNexis also analyzes the news, but it appears Spotter goes one step further by personalizing surveillance of the journalist and audience. In the LexisNexis example, metadata is extracted from internet pages and the same situation could arise if they choose to follow Europe’s lead in the future.
In any event, the information is collected in bulk and when the same technique was applied to telephone metadata, the President’s advisory council admonished the NSA for breaking a good, long list of constitutional protections. If widespread surveillance of telephone data was seen to have a chilling effect on freedom of speech and association, then it stands to reason the unrestrained collection of online information would be equal if not more offensive.
When all else fails, LexisNexis is a go-to source for political campaigns. A candidate can purchase their services to surveil the competition with every intrusive tool previously mentioned. A framework of personal and business associates will be unearthed, from basic assets to global sanction lists. If they’re not busy digging up the dirt, they will also help with PAC registration forms. Another conflict of interest appears imminent and the Harper government in Canada has announced its intention to use similar technology in the next election.
Should a client go awry and require legal assistance, LexisNexis offers Council Benchmarking to decide if the cost is worth defending or better to settle with a complainant. The justice of these matters seems to have little bearing, when a decision is made by crunching the fees and odds with computerized analytics.
It must be reiterated that I would not have known about this company if Spotter didn’t hire their text mining and analytics developer. Spotter is also connected to the LexisNexis database, sharing private resources to accommodate client wishes while bringing this relationship full circle.
Metadata or Democracy?
Growing the team hasn’t been easy according to Spotter executive, Frédéric Marcoul. Recruitment agencies didn’t produce the type of developer they were seeking and the company began canvassing the winners of gamer coding competitions. This tactic resembles the NSA’s presence at hacking conferences and raises eyebrows, still.
Despite this challenge, corporate and government spies have no trouble collecting the public’s information and tracking individual movements over time. In the absence of a warrant this behaviour is downright dangerous and civil liberty is non-existent for more than journalists. So far the debate has centred on privacy and freedom of speech, but this involves freedom of thought and association, not to mention voting and justice. In the wrong hands these programs could terrorize an innocent life and judges aren’t sheltered from it either.
Technology doesn’t know the difference between right and wrong, nor does it possess a moral compass. As governments drag their heels about modernizing defence and privacy legislation, every person on the internet is being profiled and catalogued for the highest bidder. There is no regulation regarding how the data is used and watchers now control the levers of democracy more than any elected official.
No online newspaper can protect readers from being surveilled, let alone their staff. No blog or forum is safe. If a client has a web address to input, then no website is immune to spying. Celebrities on Twitter are also at risk, because the company profits from sharing their metadata and the policy makes users agree to this.
Law enforcement can monitor citizens by the same means, but we must remember that any private client can do the equivalent. In fact, police that lack this warrantless spying would be at a disadvantage, if corporate customers chose to surveil them as individuals for their own reasons. It’s a double-edged sword and the only winners are companies that traffic this information without restraint, authority, oversight or allegiance to anything but profit.
These lists extend globally, as do the targets being monitored. You might be an Average Joe who lives on Main Street, but rest assured that if you read this article, someone is likely paying attention. Next week a new client could purchase your data and this process will repeat for as long as intelligence agencies lobby to let it continue. In the meantime the public is at its most vulnerable and world leaders have been rendered impotent by the very power they sought to wield. If there is anything remotely amusing about this, it’s that twenty-year-old gamers took the reins from political veterans. I dare say it’s time to take them back though.
Tags: #cdnpoli, behaviour analysis, Canada, constitutional rights, CSEC, democracy, Europe, European Commission, first amendment, Free The Press Canada, freedom of association, freedom of the press, freedom of thought, GCHQ, GPS, internet metadata, journalists, judges, media surveillance, metadata, metadata or democracy, NSA, precognition of crime, press freedom, privacy, privacy laws, private surveillance, public surveillance, researcher surveillance, sentiment mining, social media, social media monitor, social media surveillance, Spotter, spying, surveillance, telephone metadata, text mining, United States, watch-list