Someone is watching you.
What you spend. Where you eat. Who you call. Where you travel. What you Google. What you give to charity.
Recent reports of government access to records from phone companies, Internet providers and credit card companies raise anew questions of just how much other people can know about you, especially in the age of the Internet and high technology.
They watch from the air, from cameras, from computers. And you help them, volunteering vast amounts of information about yourself in the magnetic stripe on the back of your credit card, the SIM card in your phone, the sites you visit on the Internet.
The government has access to some of it. And might have access to more from the vast corporations that compile it.
Finance: Credit Cards and IRS
- Total number of individual tax returns for fiscal year 2012: 146 million.
- Total number examined or audited: 1.5 million (1%).
- The IRS targeted more than 300 conservative applicants for 501(c)(4) tax-exempt status.
By Kevin Thibodeuax
The government knows how much money you earn, what you contribute to a church or charity, whether you had a lot of medical expenses, or moved in the past year.
Americans filing tax returns supply the Internal Revenue Service with a Social Security number, the names of their dependents, salary, and other forms of income, such as stock dividends.
And many supply the federal government with more information, so they can deduct additional expenses from their taxable income.
They report moving expenses. Teachers’ expenses. Donations to religious organizations or charities. Union dues.
This mass of information has been routinely collected for decades. But recent revelations showed that IRS agents also sometimes asked intrusive questions of conservative taxpayers seeking tax-exempt status for their organizations. And they may have targeted conservative taxpayers who donated to similar organizations.
Questions included whether or not the groups endorsed candidates and how they assessed candidates. Some groups were also asked to provide copies of press releases, op-eds, letters to the editor and interviews with the media about any of the topics they were trying to promote.
The IRS has apologized, and said it stopped asking those questions. FBI and congressional investigations are ongoing.
Credit cards and magnetic strips
- In 2009, there were 21.6 billion credit card transactions.
- Millions of magnetic particles form a strip on credit cards that records transaction information.
- The government can monitor when and where a credit card was used and how much was charged.
By Ali Watkins
Think Uncle Sam knows where you buy your coffee? He might be able to tell you the exact café.
Once your magnetic-striped credit card gets swiped, the information is fairly easy for the government to get.
That stripe on the back of your credit card is swiped through thousands of electronic readers every year. Millions of iron-based magnetic particles form the black bar, each one 20-millionths of an inch wide. Individual particles can be alternated to point north or south to code information on to the card. That’s how each credit-card holder has a personalized strip full of intimate data sitting right inside his pocket, and how each purchase he makes can be traced directly back to his wallet.
And the National Security Agency is monitoring just that.
Although the scope of credit-card tracking efforts are unknown, former NSA officials confirmed to The Wall Street Journal that the NSA had established relationships with credit card companies akin to those that they had established with phone carriers, which provide them with data under warrant, subpoena or court order. These former officials didn’t know whether the tracking was ongoing.
What could they find? The metadata — digitally contained bits of information — from a credit card could show when and where a purchase was made, and what it cost.
Experts don’t believe the metadata shows what was purchased, but that information is associated with the card, and undoubtedly accessible.
In any credit card transaction, card holder data is passed between retailers and credit companies. According to Payment Card Industry security standards, retailers aren't supposed to hold on to that information unless it's deemed "absolutely necessary" by the retailer. Oversight is left largely to credit companies themselves. A tiny digital footprint is created when and where you swipe your card. This information, with a warrant, could be traced back to you whenever and wherever you use it, says cyber security expert Robert Siciliano.
- 91% of adults in the U.S. have cell phones, most of which are smartphones.
- In 2011, the government made 1.3 million requests for subscriber phone data.
- The FISA court has rejected just 11 out of 33,900 government applications for surveillance.
By Ali Watkins
We’ve got a Pandora’s box in our pocket, which raises the question: How much can the government see when they open that box?
With the advent of Smartphones and SIM cards, cell phones are no longer strictly for storage of digits and 180-character messages. We use them to navigate roadtrips, to buy vintage boots on eBay, and to watch the game when we’re stuck on the subway. We deposit checks with a bank app and a camera, find the closest Happy Hour, and board a train with the flash of a QR-code. It holds on to our coupons, our favorite cat videos, and functions as a credit card when we forget ours at home.
Recent reports have revealed that the National Security Administration is collecting subscriber information from major cell phone carriers. This information is primarily based on metadata, snippets of digital information which include the location and duration of calls, along with numbers dialed. This metadata doesn’t include the call’s content, which the government would need a warrant to access.
But, says American University School of Communication Professor Christopher Simpson, metadata can be at least as dangerous.
“The problem with [metadata] in terms of a democratic society is that it works on the assumption of guilt as distinct from an assumption of innocence,” said Simpson. Suspects are identified through algorithms, he said, which can make many completely innocent cell-phone users appear suspicious.
Although the conversation about phone tracking has heated up in recent days, this is not the first time that Washington has come under scrutiny for looking through mobile devices.
In 2012, Rep. Ed Markey, D-MA, wrote to major cell phone carriers asking about government requests for information. His questions came in the wake of an April 2012 article in The New York Times, and offered a look into phone tracking from providers, including Sprint, Verizon, T- Mobile and AT&T.
These responses noted an increase in law enforcement requests for subscriber information in 2011, totaling 1.3 million requests.
And, carriers noted, there’s a good chance that the number of customers whose information was obtained in 2011 is far greater than 1.3 million. One of those 1.3 million, for example, could be for tower data, which could include hundreds or even thousands of mobile users at any given time.
Although many of these requests should require warrants, or at least easier-to-get court-ordered subpoenas, carriers reported that officials could request information and label it as an “emergency” -- which allowed authorities to collect the information without formal legal documents.
These government requests, both from 2011 and more recently by the NSA, are limited to metadata. That doesn’t mean that the content of conversations is off-limits. The government just needs a warrant, granted through the secret Foreign Intelligence Surveillance Court, to listen in on calls.
Established in 1978 as a way to grant government surveillance of suspected foreign terrorists, the Court (FISA) has been considered by the Obama administration to provide “judicial oversight” of the government’s phone tracking habits.
The court approves almost every request, fully denying just 9 out of 33,900 government applications for surveillance over its 33-year existence, according to Foreign Intelligence Surveillance Act reports submitted to Congress.
The overwhelming rate stems in part because most requests go through an intense vetting process by department lawyers before ever going to the court, said Timothy Edgar, visiting fellow at Brown University’s Watson Institute for International Studies.
By the time it gets in front of the court, he said, it's nearly foolproof.
- 742,713 people traveled by plane in the U.S. during 2012.
- TSA shares information with 6 airlines to make expedited pre-screening of passengers available.
- The TSA keeps information on frequent travelers for up to two years as part of the Known Travelers list.
By Trevor Graff
Attempting to make travel safe for the masses may endanger an individual citizen’s privacy.
Travelers’ personal data could be used to learn where a person is going, where they’ve been and in some cases even their purpose for going there.
The Transportation Security Administration and airlines collect personal data on a daily basis.
Passengers are required to submit Secure Flight Passenger Data to the airline when booking flights. Each traveler submits a name as it appears on a government issued ID, date of birth, and gender.
Once collected, the airline submits this data to TSA’s Secure Flight, where it is used to perform several cross-checks with watch lists of suspected terrorists.
Once the names are examined and cleared, TSA returns the matching results to airlines to allow the issuance of boarding passes.
TSA says the data is collected, stored and then disposed of.
Information filed by frequent travelers for the government’s Known Travelers list — which allows access to special security lines – is retained by the TSA Office of Intelligence and Analysis for up to two years.
The TSA says external sharing of data is prohibited unless the individual is involved in a security incident or is found on other watch lists.
There is no private-sector knowledge of how the information may be used to track passengers from airport to airport.
The State Department’s Smart Traveler Enrollment Program also collects travelers’ information for government use.
International travelers can enroll in the program, giving the State Department personal information that allows them to keep track of travelers overseas. The program allows the department to send alerts and warnings to travelers.
It also assists the department in recovering U.S. citizens in international emergencies and natural disasters. The program assisted in evacuating 16,700 U.S. citizens from the 2010 earthquake in Haiti and 15,000 in the civil unrest that embroiled Lebanon in 2006.
- The government can access your email with either a warrant or subpoena depending on how old messages are.
- Google granted about 90% of government requests for user data in 2012.
- Microsoft granted about 65% of government requests.
By Kate Irby
The government can read your email.
Access to an email sent within 180 days requires a warrant, while an email older than 180 days and email drafts only require a subpoena and prior notice.
Prior notice can be delayed up to 90 days if it would impede an investigation. Since email services such as Yahoo! and Hotmail offer unlimited storage space on email accounts, that represents an extensive level of access to information.
Google will provide email account creation information such as name, associated email addresses and phone numbers on a subpoena, and data from email headers (subject, sender, recipient and priority) under court orders.
However, citing Fourth Amendment rights against unreasonable search and seizure, a Google spokesperson said they refuse to supply any email content information to the government without a warrant even if the email is over 180 days old.
Government officials can read all the ingoing and outgoing emails on an account in real time if they acquire a specific type of wiretap warrant, which is granted with probable cause for specific crimes, such as terrorism.
Google received 16,407 user data requests concerning 31,072 users from the U.S. government in 2012. It granted about 90 percent of those requests.
Microsoft, with its Outlook/Hotmail email service, received 11,073 requests concerning 24,565 users, granting (at least partially) 65 percent of those requests.
- 30 million surveillance cameras are watching Americans.
- There are 4,000 cameras in part of Lower Manhattan alone.
- Cameras on toll roads and at intersections record car data that can be shared with insurance companies.
Americans are constantly being watched by one of the United States’ estimated 30 million surveillance cameras.
Walking to work, withdrawing money from an ATM or even shopping at a favorite local grocer, we are within sight of a surveillance camera. Police use them to monitor streets, subways and public spaces. Homeowners put them on their houses. Businesses mount them in stores and on buildings.
In Boston, the FBI used still photos and video pulled from cameras to identify suspects after the Boston Marathon bombing. The images showed the suspects making calls from their cell phones, carrying what the police say were explosives, and leaving the scene.
In New York, the Lower Manhattan Security Initiative uses 4,000 surveillance cameras in a 1.7 square mile area to track and combat crime, according to CNN. Through facial and object recognition technology, the cameras give the NYPD the ability to track people and cars through the networked area.
New high-tech, high-definition security camera manufacturers give police departments the options of thermal imaging, 360-degree fields of view, and powerful zoom capabilities for identifying people. Pelco even offers an explosion-proof camera designed for harsh environments such as the oil rigs of Alaska and offshore drilling sites in South America.
Whether these cameras help prevent attacks is a subject of debate.
Cameras helped police thwart a 2010 attack on Times Square in New York by tracking a vehicle packed with explosives.
But security analyst Bruce Schneier wrote in The Guardian, a British newspaper, that a police officer walking the street can easily respond to a crime as it happens while the officer manning the screen can only dispatch an officer to help, costing precious time in a volatile situation. In Schneier’s opinion, cameras are only effective for gathering forensic evidence for use in investigations after the crime occurs.
Advances in camera technology enable new ways of monitoring American citizens.
Some states such as Colorado are using cameras as an alternative method of charging motorists toll fares. As a motorist drives through the toll lanes, motion-activated cameras capture an image of the license plate, and the driver is billed.
Traffic cameras are watching if you speed or run a red light, too.
Police departments in several metro areas began employing cameras to deter traffic infractions and raise revenue. Nine cameras placed on Washington, D.C.’s New York Avenue, for example, made more than $30,000 dollars a day in fiscal year 2011.
Libertarians and electronic privacy advocates oppose these methods, citing a lack of transparency in the use of the cameras and the retention of the data they collect. In some situations, EPIC Director Ginger McCall said, information from these traffic citations was kept indefinitely and released to third party insurance companies.
- The FAA expects 30,000 drones to patrol U.S. skies within 20 years.
- 81 agencies have been approved to use drones in the U.S.
- The FBI has acknowledged that the bureau used aerial drones for surveillance in the United States.
By Kevin Thibodeaux
For now, they’re largely the unseen tools of warfare in far-off lands. But it’s only a matter of time before fleets of drones fly over the U.S., providing surveillance from thousands of feet in the air.
As many as 30,000 domestic drones will travel the skies above U.S. soil within 20 years, according to a report for Congress by the Federal Aviation Administration.
Gearing up, Congress has called on the FAA to integrate unmanned aircraft into the national air system even sooner, by 2015.
Already, the FAA has approved domestic drone use by 81 agencies including schools, police departments and the Department of Homeland Security, according to the Electronic Frontier Foundation, a group of privacy advocates.
Among the applicants approved: the Arlington Police Department in Texas; California State University in Fresno; Canyon County Sheriff’s Office in Idaho; the city of Herington, Kansas; the Georgia Tech Research Institute; Kansas State University; the Miami-Dade Police Department in Florida; the Mississippi Department of Marine Resources; the Seattle Police Department; and the Universities of Alaska at Fairbanks, California-Davis and Florida.
In March, the American Civil Liberties Union addressed the dangers of domestic drones and warned of the surveillance capabilities of this technology. Although these drones range in size, most are able to hover tens of thousands of feet in the sky, collecting images of people on the ground below.
Websites selling this technology boast about these drones’ high-resolution cameras.
Predator B drones, a type of unmanned aircraft that has a wingspan of 66 feet, have been used by the U.S. along its southern border of Mexico, according to the ACLU. The aircraft can reach an altitude of 50,000 feet, stay in the air for 27 hours and travel at speeds of nearly 300 mph.
Touted as having “persistent surveillance/strike capability for the war fighter,” the Predator B drones can be equipped with electric-optic/infrared, a technology that allows for infrared imaging, night vision capabilities and range finding tools.
Lynx Multi-mode Radar can be used by these drones to provide photographic-quality images through clouds, rain, dust, smoke and fog, in daylight or total darkness with a range of nearly 50 miles.
Other drones come in smaller models, but can be equipped with the same technology allowing for high-quality surveillance from a great distance.
The ScanEagle, a smaller drone tested by the Houston Police Department, has a 10 foot wingspan and is only 4.5 feet long, roughly the size of a large pool table. The aircraft can stay in the air for 24 hours, travelling up to 19,500 feet in the air at more than 90 mph.
Smaller drones can measure 3 feet long, weighing around 4 pounds and be launched by hand. Drones of this size can stay in the air for almost two hours and reach heights of 14,000 feet.
The Nano Hummingbird, designed to look like its namesake, has a wingspan of 6 inches and weighs about as much as an AA battery. The miniature technology is equipped with a video camera to provide footage of its target.
“Based on current trends—technology development, law enforcement interest, political and industry pressure, and the lack of legal safeguards—it is clear that drones pose a looming threat to Americans’ privacy,” the ACLU report argued.
Computers and the Internet
- Government agencies can gain access to online behavior through warrants, subpoena, court order.
- Even a deleted Facebook account remains in backup logs for up to 90 days.
By Kate Irby
A quick Google search for a lunch spot? There’s a record of that.
Arranging a vacation? Someone knows where you’re planning to go. And do you check in with Facebook? The social network tracks all the sites you visit that have “like” buttons or allow you to sign in with Facebook – pretty much all of them.
If Internet giants can record so much about you, who can look at this electronic diary?
The government can access any emails, chats, searches, events, locations, videos, photos, log-ins and any information people post online with a warrant, which the United States Foreign Intelligence Surveillance Court can grant secretly.
The revelation of Prism, a secret government program for mining major Internet companies, suggests the government could have direct access to Internet companies’ servers without a warrant.
Every company whose data was mined — Google, YouTube, Yahoo, Facebook, Apple, Microsoft, Skype, PalTalk and AOL — denied knowing about the program or providing direct access to their servers.
Each social media company has different standards and levels of access to private information that it will provide to the government.
Facebook, for example, only requires a subpoena for basic subscriber records, such as credit card information, name, length of service, email addresses and recent IP addresses of log-ins and log-outs. A subpoena usually only requires the signature of a court clerk, not one of a judge or magistrate.
Facebook requires a warrant for messages, photos, videos, wall posts and location information. Much harder to secure, the government must get the signature of a judge or magistrate for a search warrant. And it has to provide details on the information it seeks and the places to be searched, as well as facts that demonstrate a logical reason to believe that evidence in crimes would be found in those places.
Facebook also tracks other websites you visit that have Facebook features, such as the ability to sign in with Facebook or the “like” button. They can tell when you’re on the site, the site URL and your user ID.
Deactivation of Facebook accounts does not remove any of the information they have stored on you. If you delete a Facebook account, which takes a month to do, some information remains in backup logs for up to 90 days.
Twitter, which was not involved in any Prism reports, requires a warrant for private communications such as direct messages. The company will disclose other private information about its users through subpoenas and court orders, though it will notify users before doing so unless law or court order prohibits it.
Google automatically stores certain information such as search terms, websites visited as a result of searches, IP addresses, private videos and location information, which can all be accessed if the government has obtained a warrant. Even if users have no account with Google, it can store their searches based on IP addresses.
If users have logged in and given them permission, search engines can keep users’ search information indefinitely, though users can clear that history in their settings. Most will keep information on users’ searches for 180 days through cookies, which can be deleted, then will anonymize search information after 18 months.
All of those companies specifically state in their privacy policies that they will not respond to overly broad or vague government requests for information.
- There were 153 million registered voters, in 2012, about 71.2% of the eligible population.
- 33 states record your party affiliation when you register to vote.
- In 2012, 1.5 billion people donated $200 or more to political campaigns.
By Kevin Thibodeaux
Americans may think their political opinions are a secret protected by closed curtains at the voting booth. But the federal government collects a slew of information regarding its citizens’ politics.
Party affiliation, campaign donations as well as membership in some political groups that might be considered radical or extreme are all recorded by the federal government.
Individual donations to candidates and campaigns are reported to the Federal Election Commission – with the names, addresses and occupation of the contributor, the amount donated and the date.
This information is made public when people contribute more than $200. Contributions of less than $200 are reported but not revealed publicly – though the government still keeps the information on file.
The FEC uses this information to monitor contribution limits, according to Bob Biersack, a senior fellow with the Center for Responsive Politics and a former FEC staff member.
Federal law prohibits the use of the information for commercial purposes or for solicitation. Beyond that, it’s fair game.
“The fact that that’s published on the Internet, or it’s available, means that it can be used in any number of ways,” Biersack said.
Individuals who spend money independently, such as on a commercial endorsing a candidate, must then disclose that information the same as other contributors.
However, individuals donating to 501 (c)(4) organizations, tax-exempt groups labeled as social welfare organizations, do not have to be disclosed. The IRS acknowledged earlier this year that conservative groups applying for this tax exemption status had been more strictly scrutinized than other organizations.
Voter registration forms also collect a range of information on residents that are stored in government databases. Information ranges from a person’s name and driver’s license number to party affiliation.
These states record party I.D.’s when voting in a presidential primary: Arizona, California, Colorado, Connecticut, the District of Columbia, Delaware, Florida, Hawaii (for Democrats only), Idaho, Illinois, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, North Dakota (for Republicans only), Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota (for Republicans only), Utah (for Republicans only), Washington, West Virginia and Wyoming.
Getting involved in political causes can draw the attention of federal authorities.
In 2010, it was revealed that the FBI improperly investigated liberal and anti-war groups including Greenpeace and People for the Ethical Treatment of Animals for terrorism. The Justice Department’s Inspector General said the moves were wrong and without basis.