Monday, January 30, 2012

Outsourcing Surveillance

Should the federal government or the fed monitor the internet for content? Clearly, they are doing so; that part isn't up for debate. But tougher questions about how they do so come to mind when one considers the implications. At first glance, it seems benign, shouldn't government officials be aware of what is happening on line, in the same way that staffers would compile the relevant news of the day for senior leaders back in the day? Of course, that became "The Early Bird" which eventually became an electronic publication. How "The Early Bird" wasn't a copyright violation always escaped me, because it would be a full article reprint with no excerpting. This is the core of the problem, merely reading some blog sites doesn't constitute a problem for anyone, but the systematic collection of information does become a problem, because that constitutes "surveillance."

The U.S. Constitution provides that:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Mere surveillance by reading publicly available material doesn't seem to violate this prohibition. However, what if the data collection is outsourced to a firm, such as Cyveillance that has questionable practices.
According to their website, the not only monitor HTTP (website) traffic, but they also monitor IRC and Chat rooms. I don’t know about you but if I am in a chat room, I have a least some small expectation of privacy with those that are in that room. I would not expect that some bot is logging everything, keeping it in a database for further review and perhaps sale to another corporation or government.
. . .
As well as IRC and Web spidering, Cyveillance also claims to spider FTP sites. According to J.D. Meadows who operates the Cyveillance Exposed website, his logs show evidence that not only did the Cyveillancebot spider available content, but also tried to search the hard drive for other files and directories. Clearly if true, Cyveillance has participated in actions that are clearly illegal, immoral and unethical.
The beauty of outsourcing data collection has been pointed out by Jr. Deputy Accountant, the government can claim that it is not collecting data, just getting reports. But what protections are in place to ensure that tax dollars aren't funding methods that violate privacy laws? None, that I have been able to find.

I admit to being conflicted over the basic issue. Heuristic algorithms might be developed from web crawling that could predict important trends that government is supposed to respond to. The dilemma is that there seem to be no privacy safeguards in place and the use of outsourcers to do the dirty work just makes us suspicious.

For some specific details on Cyveillance' tactics see the accounts at Jr. Deputy Accountant. It seems likely that the monitoring detailed there is initiated by a federal government contract.

Pictured at top left is Leo Quinn, CEO of QinetiQ, parent firm of Cyveillance. Pictured at top right is Dave Papas, COO of Cyveillance, who enjoys golf and lives in Stafford, Virginia.

1 comment:

  1. "... who enjoys golf and lives in Stafford, Virginia."


    Thanks for the digging into this.