Friday, February 14, 2014

CA - Private companies pitch Web surveillance tools to police

OFF THE WIRE


Private tech firms have found a new market for their sophisticated software capable of analyzing vast segments of the Internet - local police departments looking for ways to pre-empt the next mass shooting or other headline-grabbing event.
Twitter, Facebook and other popular sites are 24-hour fire hoses of raw information that need an automated tool for deciding what's important and what is not. So technology companies are pushing products at law enforcement conferences, in trade publications and through white papers that promise to help police filter the deluge for terrorists, traffickers, pedophiles and rioters.
In the process, privacy advocates and other critics fear these tools - once reserved for corporate branding - could ensnare Internet users who happen to be at the wrong cyberspace destination at the wrong time.
Some 400 million tweets now flow across the Web every day, Twitter CEO Dick Costolo said in June. Facebook today reportedly boasts more than 900 million users, each pumping out a ceaseless stream of family photos, relationship updates, political manifestos, impulsive reactions to celebrity news and even criminal confessions.
It's increasingly clear that random keyword searches for "burn," "collapse," "public health" and "cloud" - among dozens of terms the Department of Homeland Security considers worth monitoring - won't produce actionable intelligence when hunted on crude and readily available tools like TweetDeck. "Cocaine" as a search term will net more tweets about Charlie Sheen than plans for the Sinaloa cartel's next illicit shipment.
"Twitter's, like, 90 percent noise - bots that are producing erroneous or extraneous tweets," said Tim Gasper, product manager for Infochimps, which helps companies produce meaning from extremely large sets of data. "So you'd be scrolling through all of that just to see if anything caught your eye. Obviously, that's not a very efficient use of people."
Now that greater surveillance capabilities exist, some law enforcement agencies have become eager for the prestige of having their own intelligence arm with no clear target in mind, raising sticky questions about who or what they want to spy on en masse and why.
"I follow lots of people on Twitter that I don't agree with at all," said Ginger McCall, open government program director for the Electronic Privacy Information Center. " ... I follow a lot of accounts of people who are potentially breaking various U.S. laws. Does that association necessarily mean that I am?"
Many sites make their basic architecture open to all, which is why you can share Flickr photos on Facebook with a single click. It's also why anyone can turn your public status updates or tweets into data points and combine them with billions of others to better understand consumer habits - or produce government intelligence.
One company, SAS Institute Inc. of North Carolina, teaches police that they can scrape and analyze massive volumes of data from the backsides of Facebook and Twitter - something not everyone even knows is possible.
Your data, now just a drop of ocean water, can be processed for keywords and geographic locations that reveal "patterns of interest" to police in real time. Relying on the SAS Institute's Text Miner tool, police can single out both words and phrases and determine if a word is being used as a noun, verb or adjective. "Bomb," for instance, can be all three.
"Unlike their commercial counterparts who monitor the Twitter stream for any mention of a product, law enforcement clients don't necessarily know what they need to monitor on Twitter," the institute wrote in a white paper [PDF] earlier this year titled, "Twitter and Facebook Analysis: It's Not Just for Marketing Anymore."
With just one suspect's name, they can do more: Draw in his or her followers from Twitter or read Facebook wall posts and status updates of their "friends." Using the company's social network analysis tool, police can visualize the connections among these individuals and see what was said among them.
The result "speeds investigation and creates a story line that can be crucial for investigators who want to harness the information available in social media," the company writes. "This information around conversations is rarely available anywhere else to investigators."
The company would not make anyone available for an interview, but spokesman Trent Smith offered a brief email statement.
"If it's not publicly available data, then law enforcement officers must adhere to usual due process," Smith wrote. "Also, human investigators should analyze what the technology produces, with no actions taken without a person validating the results."
SAS, which specializes in corporate intelligence and business analytics, was founded more than 30 years ago by statisticians at North Carolina State University.
Two years ago, SAS made its pursuit of law enforcement customers official by acquiring the British firm Memex, which converts disparate pieces of data like fingerprints and mug shots into intelligence by making it more easily available for sharing and analysis. Memex aggressively marketed itself to the dozens of intelligence "fusion centers" created after Sept. 11 that allow local, state and federal police to swap digital tips in a command center-like setting.
Other tech tools
Then there's 3i-MIND, a Swiss company that last year prominently showcased Web surveillance products at a law enforcement conference in San Diego. There, it pitched OpenMIND, developed specifically for intelligence and law enforcement agencies, which "automatically finds suspicious patterns and behaviors" across the Internet. It digs not just within social media, but also through blogs, online forums and the "deep Web," where many chat rooms exist.
"OpenMIND helps analysts to find insights they were not even looking for, about entities they had not previously queried," boasts the company's product literature [PDF]. "It also helps to pinpoint specific websites not regularly monitored that may be relevant to research being performed."
The company claims it can analyze text "according to its semantic meaning" and show whether "C4" is referring to explosives or something else.
While 3i-MIND says it has more than 500 clients, it did not respond to calls and emails seeking to determine who those clients are and how many are taxpayer-funded. The SAS Institute also declined a request for names of its government customers.
Other examples of tech tools include TACTrend, which can monitor social media within a geographic area determined by the customer. West Virginia maker HMS Technologies Inc. says [PDF] it was developed by former law enforcement and special operations personnel and is being used by federal, state and local agencies. The company in March tipped North Carolina police to a tweet by a student threatening his teacher.
An investment arm of the CIA called In-Q-Tel raised eyebrows in 2009 when it pumped money into a social media monitoring firm called Visible Technologies based in Massachusetts. In-Q-Tel also has reportedly invested in a company called Attensity that offers text and semantic analysis. Elsewhere, the British company CrowdControlHQ offers its products to both police and business executives and created a Twitter feed dedicated to the intersection of public safety and social media.
Information distribution and other uses
Law enforcement officials have embraced social media for simpler purposes, like notifying the public of disaster procedures, distributing information about crime trends and arrests, and receiving feedback from taxpayers about new initiatives.
Police in Michigan reportedly used social media to nab a serial burglar and motorcyclist who boasted online about racing from the cops. A sheriff's office in Louisiana posts suspect information on its own social media sites first before turning to TV stations and newspapers. The Colorado Office of Emergency Management used Twitter for updates on recent wildfires, and the Aurora Police Department tweeted critical updates following the theater shooting there in July.
Some argue that online surveillance shouldn't matter if we freely make so many of our tweets and status updates available to all on the Internet. One site developed by a British teenager compiles examples of Internet users openly describing their own misconduct, confessing to being hungover at work and threatening their bosses.
However, public notification is different from intelligence gathering. Dallas-area Internet lawyer Benjamin Wright said courts are sending mixed signals when it comes to using social media as evidence. But, he said, there's one concurring opinion worth noting from the Supreme Court's landmark January privacy case known as United States v. Jones. Justice Sonia Sotomayor argued that it may be time to reconsider the assumption that any reasonable expectation of privacy is lost when we hand over personal information to third parties.
"This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks," she wrote [PDF].
More troubling, Wright said, is deceptively "friending" people online for surveillance purposes. A college campus police investigator in Boston recently told Security Management magazine that he created fake identities to watch people and used a profile image his targets might "consider attractive." Interns at a New Jersey prosecutor's office were instructed to monitor as many alleged gang members as possible. Tax collectors have been using the Web for years, Wright said, and they view it as no different than reading newspapers for tips.
"It's one thing for the IRS or a police officer to read the newspaper," Wright said. "But it's a completely different ballgame when that very same officer now is using some automated tool to track me around the Internet and read thousands of blog posts and tweets and filter it all through some kind of artificial intelligence software. People just start getting creeped out."
View this story on California Watch