My Q&A with Edward Snowden about Binney and Big Data

Posted on December 26, 2013 by juliaangwin No Comments ↓

While reporting my Wall Street Journal article about NSA whistleblower Bill Binney, I posed some questions to Edward Snowden. Here is our exchange, which was fielded by his legal counsel, Ben Wizner at the ACLU:

Q: In a June Q&A with the Guardian, you were asked about the treatment of Binney and Drake, and you replied “these draconian responses simply build better whistleblowers.” Can you elaborate on what you learned from the treatment of Binney and how it has informed your actions?

Snowden: I have tremendous respect for Binney, who did everything he could according to the rules. We all owe him a debt of gratitude for highlighting how the Intelligence Community punishes reporting abuses within the system. If you stay quiet and keep your eyes forward, you’ll be taken care of, even if you lie to Congress. If you buck the system, you find armed agents in your bathroom.

Q: One of the points that Binney makes is that not only is dragnet surveillance harmful to civil liberties, but it also overwhelms the NSA analysts who have to sift through it, weakening our intelligence apparatus. Do you agree with that argument?

Snowden: I do. Mass surveillance causes us to miss events like the Boston Bombings because analysts are distracted by low-effort analysis of endless and unfocused chatter rather than the focused, targeted investigation of things like tipoffs from partners. When your working process every morning starts with poking around a haystack of 7 billion innocent lives, you’re going to miss things like that. We’re blinding our people with data we don’t need and it puts us at risk.

NSA Struggles to Make Sense of Flood of Surveillance Data

Posted on December 26, 2013 by juliaangwin No Comments ↓

Binney photo

By Julia Angwin

LAUSANNE, Switzerland— William Binney, creator of some of the computer code used by the National Security Agency to snoop on Internet traffic around the world, delivered an unusual message here in September to an audience worried that the spy agency knows too much.

It knows so much, he said, that it can’t understand what it has.

“What they are doing is making themselves dysfunctional by taking all this data,” Mr. Binney said at a privacy conference here.

The agency is drowning in useless data, which harms its ability to conduct legitimate surveillance, claims Mr. Binney, who rose to the civilian equivalent of a general during more than 30 years at the NSA before retiring in 2001. Analysts are swamped with so much information that they can’t do their jobs effectively, and the enormous stockpile is an irresistible temptation for misuse.

Mr. Binney’s warning has gotten far less attention than legal questions raised by leaks from former NSA contractor Edward Snowden about the agency’s mass collection of information around the world. Those revelations unleashed a re-examination of the spy agency’s aggressive tactics.

Read more at The Wall Street Journal and see the full privacy series.

I’m moving to ProPublica

Posted on December 16, 2013 by juliaangwin No Comments ↓

I am excited to announce that I will be joining ProPublica in January, where I will be investigating privacy issues, technology, and the surveillance state:

ProPublica Hires Senior Reporter to Investigate Privacy Issues

New York, N.Y. – Nov. 26, 2013 – ProPublica has hired investigative journalist Julia Angwin as a senior reporter covering privacy, technology and the surveillance state. She will begin work at ProPublica in early January.

Angwin comes to ProPublica after more than a decade at the Wall Street Journal, where she covered the convergence of technology and media. In 2010, she led a team of reporters that chronicled the decline of online privacy – leading to a Gerald Loeb Award. The following year coverage generated by her privacy team was a finalist for the Pulitzer Prize in Explanatory Reporting, an award Angwin and another team of Journal reporters won in 2003 for coverage of corporate corruption.

Angwin is the author of “Stealing MySpace: The Battle to Control the Most Popular Website in America” and the forthcoming “Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance.” She earned a B.A. in mathematics from the University of Chicago in 1992, and an MBA from the Graduate School of Business at Columbia University in 2000.

“Julia brings with her a magnificent portfolio of work, and she will be a stellar addition to our staff,” ProPublica managing editor Robin Fields said.

ProPublica is an independent, non-profit newsroom that produces investigative journalism in the public interest. In 2010, it was the first online news organization to win a Pulitzer Prize. In 2011, ProPublica won its second Pulitzer, the first ever awarded to a body of work that did not appear in print. ProPublica is supported primarily by philanthropy and provides the articles it produces, free of charge, both through its own website and often to leading news organizations selected with an eye toward maximizing the impact of each article. For more information, please visit www.ProPublica.org.

 

Advance Praise for Dragnet Nation

Posted on December 13, 2013 by juliaangwin No Comments ↓

As I mentioned in my last post, my new book, Dragnet Nation, is coming out in February, and is available for pre-order now. Here’s some feedback that it’s gotten so far:

Dragnet Nation is an impressive picture of the new world of electronic surveillance—from Google to the NSA. Julia Angwin’s command of the technology is sure, her writing is clear, and her arguments are compelling. This is an authoritative account of why we should care about privacy and how we can protect ourselves.”
—Bruce Schneier, author of Liars and Outliers: Enabling the Trust That Society Needs to Thrive

“In this thought-provoking, highly accessible exploration of the issues around personal data-gathering, Julia Angwin provides a startling account of how we’re all being tracked, watched, studied, and sorted. Her own (often very funny) attempts to maintain her online privacy demonstrate the ubiquity of the dragnet—and the near impossibility of evading it. I’ll never use Google in the same way again.”
—Gretchen Rubin, bestselling author of Happier at Home and The Happiness Project

“Julia Angwin’s pathbreaking reporting for the Wall Street Journal about online tracking changed the privacy debate. Her new book represents another leap forward: by showing how difficult it was to protect her own privacy and vividly describing the social and personal costs, Angwin offers both a wakeup call and a thoughtful manifesto for reform. This is a meticulously documented and gripping narrative about why privacy matters and what we can do about it.”
—Jeffrey Rosen, president and CEO, National Constitution Center, and author of The Unwanted Gaze and The Naked Crowd

Dragnet Nation is a fascinating, compelling, and powerful read. Many of us would simply prefer not to know how much others know about us, and yet Julia Angwin opens a door onto that dark world in a way that both raises a new set of public issues and canvasses a range of solutions. We can reclaim our privacy while still enjoying the benefits of many types of surveillance – but only if we take our heads out of the sand and read this book.”
—Anne-Marie Slaughter, president and CEO, New America

Dragnet-Nation-Banner

Surveillance: A Taxonomy of Known Knowns and Known Unknowns

Posted on June 11, 2013 by juliaangwin No Comments ↓

In the wake of the avalanche of revelations about the scope of domestic surveillance, several people have asked me to help them understand what is going on. So I put together this handy cheat sheet that hopefully explains the key issues.

This is a shorthand version of an explainer I presented last week at the Privacy Law Scholars Conference in Berkeley. With apologies to Donald Rumsfeld, I’ve broken it down into “Known Knowns” and “Known Unknowns.”

Patriot Act Surveillance

Known Knowns:

Who: Verizon, AT&T, and SprintNextel, according to reporting by Glenn Greenwald at The Guardian and the The Wall Street Journal.

What: Records of every single domestic and international telephone call, including the location from which the call was placed, the serial number of the phone, the number dialed and the duration of the call, according to the court order obtained by the Guardian.

Where: Turned over to the National Security Agency daily, according to the court order obtained by the Guardian.

When: Ongoing for the past seven years, according to Senator Dianne Feinstein (D-CA)

Why: To “make connections related to terrorist activities over time,” according to the Office of the Director of National Intelligence.

How: Foreign Intelligence Surveillance Court authorizes record collections with a court order every three months, according to Sen. Feinstein. Analysts are required to have “reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization” before querying the database of call records, according to the Office of the Director of National Intelligence.

Legal authority: Section 215 of the Patriot Act allows the FBI to order any person or entity to turn over “any tangible things” for “for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.”

Known Unknowns:

Is it legal? Senators including Ron Wyden and Mark Udall have accused the government of secretly reinterpreting the law.

What happens to innocent people’s data? It’s not clear.

Are some telecom companies refusing to participate? It’s not clear.

Does it prevent terrorism? Officials have pointed to two terrorist attacks that were flagged by this program: a New York city subway bombing plot that was foiled, and the Mumbai terror attacks, which were successful.

Have intelligence officials lied about the existence of the program? Maybe. Sen. Wyden has asked Director of National Intelligence James Clapper to explain his previous denials to Congress.  Last year, National Security Agency Director Keith Alexander told Congress “we don’t have technical insights in the United States.”

 

PRISM Surveillance:

Known Knowns:

Who: Microsoft, Google, Yahoo, Facebook, YouTube, Skype, AOL, Apple, PalTalk, according to slides obtained by The Guardian and The Washington Post.

What: Content of Internet communications including e-mail, chats, instant messages, according to the slides.

Where: The government can only use this capability to target persons “reasonably believed to be outside the United States” even though the electronic communications may travel through United States computer services, under the Foreign Intelligence Surveillance Act of 2008.

When: Since 2007, tech companies have worked to build systems that let the government collect this data, according to the slides.

Why:  The government says it needs this capability to investigate terrorism, hostile cyber activities and nuclear proliferation.  

How: The government must obtain a search warrant from the Foreign Intelligence Surveillance Court.

Legal Authority: Section 702 of the Foreign Intelligence Surveillance Act of 2008 authorizes the “targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.”

Known Unknowns:

Is this blanket surveillance? It’s not clear. Before the 2008 law was passed, the government had to identify the target of surveillance. The 2008 law allowed the government to issue “programmatic warrants” that are not based on the identity of an individual, but rather on broader criteria.

How is the data technically handed over? We don’t yet know all the technical details of how data is turned over to government. Companies have said they don’t provide “direct access” but that doesn’t preclude other ways of sharing bulk data. Google told Wired on Tuesday that it either provides information by hand or secure FTP.

What happens to innocent people’s data? The law requires the government to minimize the use of data about U.S. persons.

 

In Summary: The Patriot Act surveillance program is potentially illegal, officials may have lied about it to Congress and it collects information about nearly every single person in the United States. The Prism program is legal, is likely less broad and has some safeguards to protect innocent U.S. residents.

There’s a reason that former Department of Justice attorney Mark Eckenwiler, who specialized in electronic surveillance law, has suggested calling the Patriot Act surveillance program “Hoover.”

 

 

Radio: Why I’m unfriending you on Facebook

Posted on February 18, 2013 by juliaangwin No Comments ↓

It wasn’t easy to unfriend all 666 of my friends on Facebook. Here’s my Marketplace radio segment about how I had to pay a friend to push the unfriend button for me.

Why I’m unfriending you on Facebook

Posted on February 12, 2013 by juliaangwin No Comments ↓

I have 666 friends on Facebook. By next week, I hope to have none.

I am going to spend this week “unfriending” all of my Facebook friends because I have come to believe that Facebook cannot provide me the level of privacy that I need. And yet, I am not quitting entirely because I believe that as an author and a journalist, it is important to have a Facebook presence.

My specific concern with Facebook is what NYU Professor Helen Nissenbaum calls a lack of “contextual integrity,” – which is a fancy way of saying that when I share information with a certain group or friend on Facebook, I am often surprised by where the data ends up.

Professor Nissenbaum argues that many online services – of which Facebook is simply the most prominent example –share information in ways that violate the social norms established in offline human relationships.

For example: In real life, even if I am friends with someone, I don’t necessarily want to join their book group or cooking group etc. But on Facebook, my friends can join me to a group without my permission, and my membership in that group is automatically made public.

This is no small thing: this exact feature is what caused two University of Texas students to be outed to their parents, when the president of the Queer Chorus joined them to a Facebook group.

Although I am not worried about being outed, I am a journalist who needs to protect my sources, my relationships and my affiliations from public scrutiny. I am also, quite simply, a human who doesn’t want to be shocked by information about myself that I cannot control. And so, I plan to spend this week unfriending all my Facebook friends.

I did not come to this conclusion easily. I have long struggled with the right approach to Facebook.

I joined Facebook on June 26, 2006, back when it was still only available to people with university e-mail addresses. In fact, I signed up for an alumni address from my college just for the purpose of joining Facebook.

My motivation was primarily journalistic: I was researching a book about the social network MySpace and needed to understand the social networking landscape. But I also enjoyed the thrill of reconnecting with friends from high school and college.

But like many Facebook users, I felt burned when in December, 2009, Facebook unilaterally changed all users’ default privacy settings to encourage sharing information to the entire world instead of just ‘friends.’ My list of friends was automatically made public – which is a terrible problem for journalists who may have befriended sources that could be betrayed by disclosure of the relationship.

Outraged, I wrote a column declaring that Facebook had betrayed the confidential nature of friending, and that I was going to treat it as a public forum like Twitter. I opened up my profile entirely; I began accepting all friend requests (even really creepy ones) and scrubbed my profile clean of any personal details. (Facebook later agreed to settle charges brought by the Federal Trade Commission, which alleged that Facebook’s actions were unfair and deceptive).

The technical name for my approach to Facebook was “privacy by obscurity.” By burying good data (my actual relationships) amidst bad data (people I didn’t know), I aimed to shield my relationships from unwanted scrutiny.

However, privacy by obscurity made Facebook almost unusable. My news feed was cluttered with updates from people I didn’t know. Many of my new ‘friends’ were joining me to groups and sending me spam. Slowly but surely, I started using Facebook less and less. Last year, I didn’t post a single update all year.

Now I am researching and writing a book about online privacy, Tracked, to be published next year. In my book, I aim to answer two questions: why does privacy matter? And what should we do about it? To answer the second question, I’ve been trying out several privacy-protecting measures, such as blocking Web tracking technology and setting up new online identities.

But I’ve been struggling to figure out what to do about my long-neglected Facebook account. My privacy by obscurity approach had only netted spammers and made Facebook annoying to use.

I considered trimming my friends list to a bare minimum (as Fred Wilson successfully did), but I realized that I don’t actually keep up with my closest friends and family on Facebook (we use email, texting and phone).

I considered giving up on privacy by obscurity and actually using Facebook to keep up with people I know. But that would require me to trust Facebook to protect my list of friends. I dug around on Facebook’s privacy settings, and found that it still doesn’t allow you to completely protect your list of friends. If you share a friend with someone, your mutual friend will be displayed to both of you.

For a journalist, even that amount of disclosure is too much: Imagine a low-level employee of an institution who befriends a journalist to share information. If official spokesman for that same organization notices that he or she shares a “mutual friend” with a journalist, that disclosure amounts to outing the employee as a source. So that argued against reducing my list of friends to people with whom I actually have a relationships.

I considered just deleting my profile. But I realized I was going to miss three things about Facebook: 1) I like being able to be send private messages to people through Facebook when I don’t have their latest contact information; 2) I like being notified when I’m tagged in a photo or in a post (usually so I can request being untagged); and 3) As a journalist and author, I would like to be ‘found’ by people who want to read my writing.

And so I’ve decided to unfriend everyone and keep a bare-bones profile for the simple purposes of messaging, untagging and being found by people who might want to find me.

For those who I am unfriending, apologies in advance. As bizarre as it sounds, I am actually trying to protect the contextual integrity of our relationship.

U.S. Terrorism Agency to Tap a Vast Database of Citizens

Posted on December 13, 2012 by juliaangwin No Comments ↓

By JULIA ANGWIN

Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime.

Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens-even people suspected of no crime.

Not everyone was on board. “This is a sea change in the way that the government interacts with the general public,” Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, argued in the meeting, according to people familiar with the discussions.

A week later, the attorney general signed the changes into effect.

Through Freedom of Information Act requests and interviews with officials at numerous agencies, The Wall Street Journal has reconstructed the clash over the counterterrorism program within the administration of President Barack Obama. The debate was a confrontation between some who viewed it as a matter of efficiency—how long to keep data, for instance, or where it should be stored—and others who saw it as granting authority for unprecedented government surveillance of U.S. citizens.

Read more at The Wall Street Journal and see the full privacy series.

New Tracking Frontier: Your License Plates

Posted on September 29, 2012 by juliaangwin No Comments ↓

For more than two years, the police in San Leandro, Calif., photographed Mike Katz-Lacabe’s Toyota Tercel almost weekly. They have shots of it cruising along Estudillo Avenue near the library, parked at his friend’s house and near a coffee shop he likes. In one case, they snapped a photo of him and his two daughters getting out of a car in his driveway.

Mr. Katz-Lacabe isn’t charged with, or suspected of, any crime. Local police are tracking his vehicle automatically, using cameras mounted on a patrol car that record every nearby vehicle—license plate, time and location.

“Why are they keeping all this data?” says Mr. Katz-Lacabe, who obtained the photos of his car through a public-records request. “I’ve done nothing wrong.”

Until recently it was far too expensive for police to track the locations of innocent people such as Mr. Katz-Lacabe. But as surveillance technologies decline in cost and grow in sophistication, police are rapidly adopting them. Private companies are joining, too. At least two start-up companies, both founded by “repo men”—specialists in repossessing cars or property from deadbeats—are currently deploying camera-equipped cars nationwide to photograph people’s license plates, hoping to profit from the data they collect.

The rise of license-plate tracking is a case study in how storing and studying people’s everyday activities, even the seemingly mundane, has become the default rather than the exception. Cellphone-location data, online searches, credit-card purchases, social-network comments and more are gathered, mixed-and-matched, and stored in vast databases.

Read more at The Wall Street Journal and see the full What The Know series online.

Announcing My Next Book: Tracked Dragnet Nation

Posted on July 11, 2012 by juliaangwin No Comments ↓

I’m very excited to share with everyone the announcement of my new book, which was posted on Publishers Marketplace this week:

Wall Street Journal senior technology editor and author of STEALING MYSPACE Julia Angwin’s TRACKED, investigative journalism on the importance of understanding and preserving electronic privacy in the age of social media and pervasive surveillance by marketing firms, retailers, credit monitors, government agencies, and snoops of all kinds, to Paul Golob at Times Books, at auction, by Todd Shuster at Zachary Shuster Harmsworth Literary Agency (NA).

Update, December 2013: The title of my new book has since changed, to Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance. It’s coming out in February and is available for pre-order now.

Twitter