A fast-growing FBI data-mining system billed as a tool for hunting terrorists is being used in hacker and domestic criminal investigations, and now contains tens of thousands of records from private corporate databases, including car-rental companies, large hotel chains and at least one national department store, declassified documents obtained by Wired.com show.
Headquartered in Crystal City, Virginia, just outside Washington, the FBI’s National Security Branch Analysis Center (NSAC) maintains a hodgepodge of data sets packed with more than 1.5 billion government and private-sector records about citizens and foreigners, the documents show, bringing the government closer than ever to implementing the “Total Information Awareness” system first dreamed up by the Pentagon in the days following the Sept. 11 attacks.
Such a system, if successful, would correlate data from scores of different sources to automatically identify terrorists and other threats before they could strike. The FBI is seeking to quadruple the known staff of the program.
We all know the massive capacities of real-time (read: cyber-time) data-mining, and of course, the shocking, just shocking dangers of having all our personal info collected on the web. (Holy crap, I plugged a device by which I interact with the world into a public world-wide network, and now they know stuff about me!)
But of course, this is even more scary than common sense, because, it's like the FBI and the gov'ment, man. TOTAL INFORMATION AWARENESS. Like, J Edgar Hoover lookin' at you with his third eye. The conspiracy is real.
If you actually read the article, what is interesting is the records they have gotten linked into this paranoia-web. Sure, its hotel records, rental cars, credit cards, drivers licenses, helicopter licenses, and all the trackbacks to YOUR blogposts. But it's not ALL of these things, only particular records matching certain "lists", donated by certain companies and chains of companies. So the information is far from total.
But, it is collected by the government, and most notably, the FBI. Wikimedia Commons sure generates a lot of interest, but you can't beat the FBI when it comes to creating Web 2.0 "contributors". I mean, they are the FBI. They have some stronger arguments than "community" for getting people to take part.
One reaction to this is that the government should not be collecting this information. But that seems a bit naive, since cell phone companies, search engines, and even employers do plenty of data mining already, for whatever particular ends they might have.
I respect the efforts of privacy enthusiasts, who are fighting the good fight to lockdown their browsers, cell phones, license plates, passports, grocery lists, and orifices against data mining. But of course, this is a losing fight, not to mention way too difficult for the average user to implement effectively. (Granted, that even the smallest effort often has a great effect.)
It seems the right, though most difficult way to go would be to encourage all records to be accessible, to everyone. If more and more records become mineable, then it stands to reason that the only power to these records is for organizations who have exclusive access. The FBI has access to records the average person does not. Therefore, these "secret" files become powerful. But if you could Google someone's hotel records, then it would not be as useful.
We like to be the one's to hold the power over our own lives, but more and more this power is being ceded to other organizations. My cell phone company probably knows better where I've been this week than I do. To get this power back, perhaps I should give the information to everyone.
The impetus to personal secrecy, i.e. individual power over personal information, is often taken defensively. "They can't prove I ____" is the rationale. It is the freedom not to testify against oneself about any one of a number of informational things: where you were and when, what you bought, whom you spoke to, what you ate, how fast you went. This is to react against a juridico-discursive combine of information that, according to this mindset, is trying to "catch you act of X".
Ah yes, all that X you do, and have done, and will do again. We certainly don't want that to get out.
However, there are two types of X. There is the first, which I will analogize to "inhaling", and the second, which I will analogize to "operating a sweatshop". The distinction is not between morally right and wrong, or even morally indistinct and wrong. The distinction is between one of embarrassment, and one of prosecution.
Of course, many things we might be embarrassed about once had criminal charges attached. But there is a general social liberalization occurring, which I think is quite related to the technological changes also occurring in society. Having a well-known person's naked crotch represented on the cover of a nationally distributed print magazine is a recent event in our society. But what is the motivation for this? Why not print it? In an era when that picture, and worse, is going to be readily available on the internet, what is the impetus to keep it private? And what, is the impetus to be embarrassed by it? It was a shock when Clinton admitted to smoking but not inhaling marijuana, but now our current president has admitted to sniffing cocaine. Did he admit that, or was that a rumor? I don't remember, nor does it really matter to me. The private lives of public people are now public, and the embarrassment is wearing off. Even private citizens are becoming public people with surprising acceleration and regularity, and taking their private lives with them. Hell, as long as you're not as bad as the guests on Maury, what do you really have to worry about?
So the impetus to defense against the X that might embarrass you is fading. What about the X that might get you put away for a long time? Well, the truth is that these people have been obscuring their identities way before the Internet. If you are going to commit a crime, you wear a mask, don't take your ID, switch your license plates, or use a fake name, or start up a botnet. All of which are readily available, if you are the sort of person to go looking for them.
This is not a way of saying, "if you are innocent, you have nothing to hide." This is a way of saying, "if you are guilty, you are already going to be hiding." There is a difference between a national, all-inclusive identity database, and a listing of datapoints to imply where you were last night. To force you to log your legal identity when leaving or entering the country is a means of control, but to liberate your travel plans a way to free yourself from control. You are joining the millions upon millions who are already liberating their data-lives, by allowing it to join the firehose of cultural data. Your travel plans are not legally identifiable necessarily, nor linked to an individual, juridico-discursive person. The individuality of public records is exactly what criminals take advantage of with spoofed IDs. By stealing a credit card number, they are claiming they are a specific person with a good line of credit. By faking an ID, they are claiming to be a legal person, with a clean record. By liberalizing your personal records, rather than allowing them to be categorized to your individual, juridico-discursive entity, you are creating multiple personalities doing all kinds of things. By hiding your records in your house, you are creating a cache of personality just ready to be stolen.
Imagine if the millions upon millions of credit card holders made their information publicly available. Not just their address and numbers, but their purchase history, their credit history, and everything. There would be flood of people trying to use other people's information. But with a little data integration, how hard would it be to determine valid purchases? Credit cards already do this, and that is why your security is guaranteed. With even more information available, the monitoring would only get better. What is someone going to do, buy the same things you buy at relatively similar frequency? Then the duplicates would be noticed. In the millions, everything balances out.
The key to destroying the juridico-discursive personality is to reduce the singularity of identity, and control. If only the government collects and accesses the data, you won't know your own patterns, and you could be taken advantage of if your identity is compromised. Similarly, the government could use this information to persecute you. But if a wealth of information is provided on the internet, free for use, even your timeline will be uncompromisable, because your identity will only equal the accumulation of data.
Adam eats vegetarian
Adam goes to Seattle every so often
Adam works at X address
Adam walks mostly but drives to work
Adam ate at these restaurants
Adam made these phone calls
You search by my name, and you get a picture of a personality. Maybe you take out the other Adam's who eat at McDonalds, and where they work, and you narrow it down. Maybe you call yourself Adam, and do a bunch of things I would never do, but this would eventually be proved out of the sequence. Nothing identifies me specifically by number, or any other characteristic. Rather than my bank asking my security questions of mother's maiden name, high school location, etc (which, by the way, are also asked of me by at least five other websites... so much for "secret questions") what if it asked me what I ate for lunch, which road I took to work, and what shoes I'm wearing. You collect enough common, freely available datapoints, and you have a undeniable fingerprint of who I am, which only I could answer completely. You could actually verify individuality BETTER with more public information, as long as their is no unique link other than the data I continually enter to the network.
With the Internet, the key is more information, more access, and near-instant access. More access and more information creates cyber-space, an infinity of data sets. More access and near-instant access creates cyber-time, an infinity of sample points. With an infinite amount of data sets and sample points, you can accomplish almost anything. The problem of spanning dimensions and planes is reduced to processing singularities. It is like swimming in an infinitely increasing sea. it matters less where you are going, than what you are doing while you get there.
Here's a math exercise. Imagine I sign up for a Future Card, a purchasing credit card. I don't give any personal information, only a pseudonym, Interdome. I have a $10 credit automatically, and every time I pay it off with a Worker Credit transfer (i.e. Internet Cash, totally anonymous, of course) my credit increases 50%, SO LONG AS I enter a distinct tagged data point using my pseudonym into Personality-Web, a publicly accessible database. Also, I must have at least ten data points entered already. The card can be extended via this method up to a limit of, I don't know, $10,000. Also, each purchase requires a new data point at the time of purchase.
By the time your potential loss to Future Card Inc. is $500, there are already thirty distinct data points tied to your user name. (10 initially, 10 complete payments, and 10 purchases, imagining a single purchase maxes out the card before being paid down). There is a requirement to Personality Web that you must have at least ten linear data points all corresponding to particular or relatable tags before a tag is considered "distinct". A tag is like "food choice", "color preference", or "retailer category" in addition to access point IP and time. With 30 data points you already have potentially three lines of identification for the Future Card to identify you by, which could replace name, address, and social security number. Another couple months of use, and the card has even more lines of identification, with perhaps a hundred data points for cross referencing. Want a higher credit rating? Add more data points to the personality web using Interdome as the user name. The more data they can link into personal patterns across tags, the more secure and verifiable Interdome is. Somebody else starts a separate Interdome Personality Web account? Fine. With a little bit of cross referencing, you could isolate different Interdomes by their responses to questions, each adding data points as they do so.
But how hard would it be to invent a personality for a blog-writing, walking, Portland-residing vegetarian? Okay, not that hard. But to keep that up while continuing to feed actual cash micropayments and datapoints into the card to increase the credit line, to make it valuable enough to default on? That would sure take a lot of time--more time required than to go through your neighbor's trash and find 10 real, juridico-discursive identity characteristics and get a fake checking account today. And how many fake identity points could you create before an algorithm recognized a pattern in the fake points, and linked your responses, and found you out? These are real, semantic datapoints, not just random organizations of letters and numbers, which any computer will eventually be able to select in the blink of an eye. You can spoof a password, but can you spoof a diet? How about a consciousness?
But suppose a bunch of dissociative savants create hundreds of personalities, swapping cards in a crime syndicate inventing thousands of fake Personality Web accounts, putting them up and taking them down in rapid succession? All the better. More data, more chances to spot fraud. Why wouldn't these savants leave traces, allowing them to be tracked down? Even clinical dissociative generate all their personalities from the same mind.
But what about massive computers, designed to create random data points at will? They could beam random info to a handheld device, giving you any number of unrelated disposable personalities. Hmm. Possible. Some of the best security relies on large algorithms, generating random numbers, which only another exact algorithm could produce at a specific time. These are very difficult to reverse engineer from the data. If you developed an algorithm to create Personality Web data points, how could a computer determine it is fake personality, as opposed to a real one? And if it all generated, there is no way to target the faker. Well, it would still take a considerable investment of real payments to push the Future Card limit to a point at which the money you spent developing the algorithm is a good criminal investment. And also, it is a lot harder than walking your way into a retailer's computer system and stealing a million credit card numbers and addresses. Plus, most criminals, as it turns out, are not that clever.
Think of it like this: it's an anonymous, pay-as-you-go cell phone, but because the Internet's cyber-time wealth of data points can identify patterns both in the past and the future, credit becomes same as cash. You are going to pay for things tomorrow, just as you paid in the past, so if you can be identified across this continuum, you are the same consumer. Instant credit! In the future, you just won't need a name to do it, because a name is already fake. Buying stuff is what's real.
Anyway, enough with the SF tangent. It's merely an idea, not a justification or a business model. The point is this:
The more we concentrate on reifying our individual, juridico-discursive personalities, the more impetus we create for people to hack their way into our identities, and use their power for their own purposes. The Internet, cyber-space, and cyber-time are made of data points and sets, and the ubiquity of access. Rather than defend notions of privacy that are becoming dangerously obsolete, perhaps we should remake our identities along with the technology. After all, the technology is becoming the primary means of expressing our identities these days.