Search This Blog

Friday, January 27, 2006

This Administration Could Use Some Artificial Intelligence III

Even as we suffer the whims of an administration bent on prying into innocent citizens’ lives, Michael Isikoff of Newsweek magazine unpacks yet another spying machine, this time at the Pentagon. “The Other Big Brother” article in the January 30 issue, talks about how the Counterintelligence Field Activity (CIFA) tracked a harmless demonstration at Halliburton’s Houston headquarters. You remember Halliburton…Dick Cheney’s old stomping grounds and the company that was investigated for favoritism in Iraq contracts.

CIFA is complemented by one of former deputy Defense secretary Paul Wolfowitz’s brainchilds: an operation code-named TALON for Threat and Local Observation Notice. It was created in 2003 to collect raw information about suspicious incidents. There goes another database of personal data. Isikoff states that these “…activities are the latest in a series of disclosures about secret government programs that spy on Americans in the name of national security.”

In a recent Village Voice article, “No Place to Hide” by Nat Hentoff, the late, Senator Frank Church is quoted from a 1975 investigation of the NSA. Paraphrased, the Senator did not want the U.S. to cross the line on tyranny and that the NSA—or any agency possessing the technology to spy on individuals—should operate within the law, with supervision. He goes on to comment how this “abyss” is a point…”from which there is no return.” We may very well be on the edge.

The article quotes another recent piece by Ruth Marcus from the Washington Post that confirms that the National Security Administration, prior to Frank Church’s investigation, had been using a “watch list” of American citizens and organizations in connection with foreign communications for years. As Hentoff put it: “After Frank Church died, Congress dozed as the NSA flourished.” My take is that “dozing” has become a Congressional lifestyle when the issue makes it convenient, and the American consumer’s privacy rights have been neatly tucked away in the current labyrinth of meaningless legislation.

Apparently NSA’s technological capabilities are supported with ties to U.S. telecommunications companies that control the telecom “switches,” through which the majority of U.S. phone calls and e-mail traffic flow. Meta-tags—also used by search engines to define the subject of a query—are employed by NSA to determine the basic substance of a communication. Taken further, the agency uses sophisticated algorithms—artificial intelligence/neural networks—to analyze the phone calls and e-mails to find the bad guys.

So what’s the general consensus on the administration’s spying antics? One of the GOP’s own, Senator Arlen Specter, Republican from Pennsylvania, has skepticism over Bush’s domestic eavesdropping, and will hold hearings on the matter. The Democrats, of course, are all giddy, but it remains to be seen if they can turn this into a meaningful investigation. In a recent AP-Ipsos poll, 56 percent of the respondents said the government should have to get court warrants to eavesdrop, even when a communication is tied to terrorism.

Quoting again from the Village Voice article, Nat Hentoff says Thomas Jefferson has the answer: “The people…are the only sure reliance for the preservation of our liberty.” If we don’t start hearing from the “people” soon, it’s going to be too late, and George Orwell’s reluctant prophesy in 1984 will be fulfilled.

Friday, January 20, 2006

This Administration Could Use Some Artificial Intelligence II

You might remember from my last post that artificial intelligence is an advanced computer technology that parallels the human brain in its ability to reason. The National Security Agency uses—as do many other government agencies and data brokers—very sophisticated algorithms that can manipulate mountains of data and answer almost any question asked about your lifestyle, buying habits, whereabouts and more.

In my 35 years in the junk mail industry, this science grew from almost an abacus mentality to what is today the monster of artificial intelligence. It can be used for good, such as determining certain medical diagnoses, instead of using animals. But it can also be turned on the consumer as a spying technique, which I have experienced repeatedly from my junk mail background.

The terrorist threat is real and must be dealt with, but within the law. Section 215 of the USA Patriot Act, considered by some as bad law, does allow these incursions into our privacy by the FBI in seeking personal records. Judging from the recent flare-ups in Congress over 215, it may never become permanent, and, perhaps, rightfully so. On the other hand, NSA’s spying on innocent citizens is a move far worse than what is allowed under Section 215.

Let’s be honest. Since the FBI confirmed in October of 2001 that fifteen of the nineteen 9/11 hijackers were Saudis, all eyes have been on the Muslim community in the U.S. And, that is made much simpler by the junk mail list industry. There are 1,776 ethnic lists on the market, according to list authority Standard Rate & Data; 408 of them identified as Muslim, 398 Islamic, and 323 Arab. All have a home address, many with telephone number and e-mail address.

Now where would you go if you were the NSA and had captured a telephone call or e-mail containing the word, “jihad?” You’d go where the data is; a list that can match that telephone number or e-mail with a home address.

The big players are the giant data brokers like Acxiom, ChoicePoint and LexisNexis. Others who identify their customers as Arabs or Islamic are Harriet Carter catalog; Eddie Bauer; Smithsonian magazine; Entrepreneur magazine; Rodale, publishers of Prevention magazine; and Designer Checks. All completely legit, but just one more confirmation that your personal data, no matter what, is for sale.

The data brokers have developed a system for recognizing ethnic names from A to Z, and it is this process that junk mailers like Harriet Carter and Eddie Bauer use to identify and sell the ethnicity of their customers, even charging significantly for this right. They also know what products customers purchase and have the ability to enhance these names with a massive amount of demographic and personal data from the same data brokers. All of which is for sale, of course.

So how does this all impact on the NSA spying and FBI surveillance? I bought a book not too long after 9/11, Islam, A Short History, by Karen Armstrong, to try and understand what the people were thinking who did this. Because of Section 215 of the USA Patriot Act, which allows access to my purchase records, it is very likely that the NSA had my name on some list.

Further, there is a special friend I have made through blogging in Bangladesh, and he has some pretty strong opinions on U.S. global actions, some of which I agree with. We have shared numerous e-mails during 2005, some of which include his editorials critical of the U.S policy in Iraq. I have responded with some of my own criticisms. No doubt, those e-mails were intercepted.

I don’t recall any wiretaps or having been followed—if they did, they certainly got bored in a hurry—but I really can’t say for sure. If the Bush administration really wants to know what I stand for, all they have to do is call me. I’ll tell them it isn’t for some of the things they have been doing in the last four or five years.

Friday, January 13, 2006

This Administration Could Use Some Artificial Intelligence

I’ve stayed out of the Bush spy scandal because it didn’t really relate to what this blog is all about: your right to control your name and personal data. That is, until I read the latest article in the January 9 issue of Newsweek: “Full Speed Ahead” by Evan Thomas and Daniel Klaidman.

Tucked away on page 26 of the magazine piece was a reference to a secret project the National Security Agency is working on that involves data mining. In lay persons’ terms that means looking at all the data available—your name and personal information—and finding a pattern to how you conduct your everyday life. Of course, the exclaimed purpose in doing this is to catch the “bad guys.” Apparently, even if it snares the “good guys.”

According to New York Times reporter, James Risen, NSA was spying on 500 people in the U.S. each day for up to four years. Folks, that’s 730,000 individuals, and, this is overkill in anyone’s language. You can read Risen’s interview with NBC’s Andrea Mitchell: “Reporter defends release of NSA spy program.”

And then on Nightline January 10, a twenty-year employee of the NSA, Russell Tice, says the eavesdropping could include millions of Americans, if the agency used the full range of their technology. He goes on to indicate that the surveillance would occur if you placed any overseas communication.

I can shed more light on the sophisticated data mining techniques employed by government and business—sometimes called artificial intelligence, or neural networks—because I did this for twenty years in the junk mail industry. Data brokers like ChoicePoint and LexisNexis are the veterans of data mining and much of what the National Security Agency uses was probably developed by business. So exactly what happens to your name and private information when someone wants to pry into your affairs?

The data may be assembled from several locations, including data brokers, but the data mining—sometimes referred to as predictive modeling—will be done in one location where all the work is conducted by one or more individuals. Once the modeler collects the names and personal data on the profile of individuals to be analyzed, it is fed into the data mining software. Although this is somewhat oversimplified, the technician then “hits the button” that unleashes a technology that is just short of the human brain in its ability to reason; thus, the term “artificial intelligence.”

The scenario goes something like this. Borrowing again from the Russell Tice, Nightline interview, if you mentioned the word “jihad” in any of your overseas telephone or e-mail conversations, your name and private information would be set aside for close scrutiny. Based on what the data brokers know about you—and that is voluminous—the NSA can track almost every movement of your day.

Start with what time you get up in the morning, because they know your occupation, where you work, where you live, and how long it takes you to get to work. They know if you exercise, how many kids you get ready for school, including their ages, and if you have a pet to feed. They have your make and model of car, the balance due, and where it is financed.

Your bank account records can be searched for large deposits, or your mortgage looked at for any unusual activity. Credit card charges reveal just about anything you have done, or any place you have traveled, eaten, or attended for entertainment. If you are a frequent traveler or take cruises, they know where you go and for how long you are gone. If you invest in a suspicious stock or contribute to a charity on NSA’s list, that will be noted.

There are records of your drinking, gambling and smoking habits, and what your political preferences are. It is known if you are a veteran, whether you own a gun or a camera, what music you like, what food you eat, and which magazines and books you read. Any ailments you have are documented, and as many as 150 medications you might be taking.

There’s more, and I will cover this in my next post. The focus will be on the ability of the junk mail list industry to target certain ethnic groups, and how this personal data can be accessed by the FBI, thanks to Section 215 of the USA Patriot Act. It is one of the provisions recently fought over passionately in Congress.

Friday, January 06, 2006

The Annual Business "Cover Your A_ _" Barrage

Talking about junk mail. The “This is how we protect your privacy” CYA's are hitting the mailbox at an alarming rate; great for the U.S. Postal Service but pure confusion for the poor consumer. Have you ever tried to read one, much less understand it? I’m going to try by analyzing a notice just received from Chase Bank, who recently acquired Bank One.

The first question of the privacy notice is: “What information do you have about me?” Chase’s answer is they capture info from your requests, transactions and credit history. They specify your income, account balances and a credit bureau report. My interpretation is they have a lot of private information on you, anything that you revealed to Chase or they can find out about you, and the three items mentioned are just the tip of the iceberg.

Question two: “How do you safeguard information about me?” The answer is it is kept under physical, electronic or procedural controls that comply with or exceed government standards. Further, they authorize employees, agents and contractors to get information about you only when they need it to do their work. And, Chase requires companies working for them to protect your information, using it only to perform Chase requested services. My take on this is that industry security is at a minimum based on the Bank of America lost tapes, a wide range of people have access to your data, and companies like ChoicePoint agree to protect your information.

Question three: “Is information about me shared within your family of companies?” Their answer: “Yes.” Then, “We may share information about you within our family as required or permitted by law.” Interpreted…supposedly it helps them in their marketing efforts on other products, and supposedly you get the same security as in the answer to number two.

Question four: “Is information about me shared with service providers and financial companies outside your family of companies?” Chase answer: Another emphatic “Yes.” But only as permitted by “that law,” they add. Companies included are in the marketing field and outside financial organizations with which Chase has certain agreements. My explanation…”that law” quoted is the same one that permitted at least one-hundred data breaches in 2005, exposing 54 million private consumer records.

Question five: “Is information about me shared with non-financial companies outside your family of companies?” There’s that decided “Yes” again. And, under “that law” we just analyzed in number four. The companies included are retailers, auto dealers, auto makers, direct marketers, membership clubs and publishers. Quick diagnosis tells me that Chase can “share” your information with a large number of businesses outside their firm, but, only as permitted by “that law.”

Question six: “Is information about me shared in any other ways?” “Yes” number four. Once again, “that law” is resurrected as their mandate for this catch-all provision. They share your data to protect you against fraud, respond to subpoenas, service your account, report to credit bureaus and with your consent. My response is that sharing your data is the basic reason the fraud exists to begin with. And folks, never, I repeat, never, ever give your consent for any personal data release over which you do not have complete control.

Question seven: “What choices do I have about information sharing?” There are two. The first is a classic argument for giving consumers control over their names and private information. Paraphrased…you can tell Chase not to share information about you outside the company but they still will, as “required” or “permitted” by “that law.” In the second choice, you can restrict data such as income, credit history, loans or employment being shared with the family of companies. But, of course, they still will share things like your name and address, bank transactions and balances, as well as surveys to which you might respond “within the family.”

It’s that term, “within their family of companies,” that worries me most about all these privacy policy notices. Most large organizations in the business community have subsidiaries established to handle specific functions such as marketing. They can operate as independent entities with profit and loss responsibility to the parent. I worked with one such company in the junk mail industry, and I can tell you that the marketing people were privy to just about every piece of data at the corporate level. Not that it wasn’t used properly, but just that all that personal data was available.

My point is that this kind of relationship places your private information in yet a different location, in another computer, accessible to a new group of individuals, with security standards we know have been challenged repeatedly in the past. There is reason for my concern.

If you remember an earlier post on this subject, there was an article link, “Forecast: ID Theft by Insiders to Grow Dramatically in ’06,” by Gene Koprowski, a leading computer security analyst, on TechNewsWorld.com. He writes: “…there will be increased theft of secure data by insiders, employees.” I rest my case.