Intercepting mobile communications: A cogent case for truth-seeking and slow news?

Even if most of us are powerless to completely evade it completely, the pitfalls of mobile phone intercepts are well documented and known. However, two articles recently published on the web can be read as somewhat justifying the use of material thus collected for truth seeking after an act of terrorism. Whether such use justifies ab initio the clandestine harvesting of voice and data from consumers is a debatable point, particularly in regimes significantly less democratic than the US and India.

England’s Guardian newspaper reports on its blog an experiment by Wikileaks to place on public record more than 500,000 intercepted pager messages, many from US officials, at the time of the World Trade Centre attacks in New York on 9th September 2001.

The experiment by whistleblowing website Wikileaks includes pager messages sent on the day by officials in the Pentagon, the New York police and witnesses to the collapse of the twin towers. Wikileaks said the messages would show a “completely objective record of the defining moment of our time”.

Emphasis mine. In a similar vein, the Lede of the New York Times reports almost a year after the horrific terrorist attacks in Mumbai that,

… Channel 4 News in Britain had obtained and broadcast excerpts from those intercepted phone calls, between the attackers and people apparently directing them. This audio was also used in a documentary produced by Channel 4 and HBO, which was broadcast last summer in Britain is airing in the United States this week.

The Channel 4 video is chilling, demonstrating clearly how mobile phone communications were central to the terrorist attacks.

Distracted by wide screen monitors?

Implications for advocacy against mobile phone and communications monitoring
We know that the terrorists in Mumbai used Blackberry’s to communicate with home base and monitor news reports. Does this knowledge justify the Indian government’s threat to hack into Blackberry communications a few months before the attacks last year?

Both examples above point to extremely sophisticated, wide ranging signals and communications intelligence regimes in both countries, able to access the communications of specific mobile devices and numbers post facto. As noted in the Lede,

Wikileaks would not reveal the source for the leak, but hinted: “It is clear that the information comes from an organisation which has been intercepting and archiving US national telecommunciations since prior to 9/11.

This strongly suggests that both data and voice of a wide range of numbers (maybe even of all consumers?) are being recorded either by the telcos themselves and / or by government intelligence agencies.

Given the increasing sophisticated and ubiquity of signals and communications intelligence, it is reasonable to expect that every terrorist act today gives cause for more encroachment into private communications. For example, this is clear even in the United Kingdom, when in 2008 it was brought to light that it was the intention of the British Government to create a database to record every phone call, e-mail and time spent on the internet by all citizens.

A common argument will be that these measures are necessary to protect the public in a context where terrorism relies on the same public infrastructure and communications channels to plans its attacks as ordinary citizens.

Will then a mark of democracy in the future be the open knowledge and contestation of these signals and communication intelligence regimes in the media by civil society, such as we find in the UK and US? If not, how can we discern between the ostensibly pro bono publico monitoring of communications in more robust democracies and the more sinister, parochial monitoring of communications in regimes like Iran, Saudi Arabia and China?

A case for slow-news?
Finally, I go back to the justification of Wikileaks to publish the records of pager messages sent after the World Trade Centre attacks. What it refers to as an objective record is actually a plethora of hugely subjective, partial and inaccurate messages. Any real time analysis of these messages could not have in any meaningful way contributed to situational awareness or policy decisions. As the Guardian notes, the messages “…show how panic and rumour began to spread on the day, and are likely to fuel conspiracy theories about the attacks.”

Dan Gillmor, using the more recent example of the shootings in America’s Fort Hood, writes about the need for a ‘slow news’ movement. As he notes,

I rely in large part on gut instincts when I make big decisions, but my gut only gives me good advice when I’ve immersed myself in the facts about things that are important. This applies, more than ever, to news, where we need to be skeptical of just about everything we read, listen to and watch, though not equally skeptical. A corollary to that is increasingly clear: to wait a bit, for evidence that is persuasive, before deciding what’s true and what’s not.

It comes down to this: The faster the news accelerates, the slower I’m inclined to believe anything I hear — and the harder I look for the coverage that pulls together the most facts with the most clarity about what’s known and what’s speculation. Call it slow news. Call it critical thinking. Call it anything you want. Give some thought to adopting it for at least some of your media consumption, and creation.

Dan’s full blog post, which refers to the work of Ethan Zuckerman as well, is linked to national security, in that policy decisions to counter terrorism taken on the basis of communications intelligence may be based on information that’s inaccurate, partial and in some cases, deliberately misleading. This is especially the case in a context where with a shocked and enraged citizenry, a government is forced to act upon, and rate more highly, intelligence it knows is suspect. There is also the flip side, where in the immediate aftermath of a terrorist attack known to have been coordinated using public telecoms infrastructure and channels, an unscrupulous government can more easily justify and embed communications monitoring for its own ends.

As Dan notes, the answer could lie in media literacy. But media literacy is pegged to the freedom of expression, sufficient literacy, education and access to alternative media. Fabrice Florin’s offers one compelling model of news reporting that fosters critical appreciation of online content. There are others. Coupled with an education in critical thinking, they can be a solid defense against mobs and riots instigated by disinformation, misinformation and misguided government policies that exacerbate conflict and act as a force-multiplier to terrorism.

The rise of Big Brother in the UK: The problems for the rest of us

Reading an article on mobile phone surveillance in England, I remembered a scene from the film the Bourne Ultimatum where the character Jason Bourne, played by Matt Damon, buys a phone off the counter in London and uses it to communicate securely with a reporter. The reporter eventually gets killed and that sadly seems to be the fate of civil liberties and privacy in the UK as well.

As Times Online notes,

Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance. Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society.

Just as with extra-ordinary rendition and Guantanamo in relation to the US, actions such as this have significant repercussions on the freedom of expression in repressive regimes, such as that we find in Sri Lanka. These regimes, ever on the look out for ways to justify their repression and outright violence against democratic dissent and inconvenient truths that embarrass them, often use the argument that Western regimes who criticise them are no better than them.

There is some truth to this assertion. The proposed Data Communications Bill in the UK will make it difficult, if not impossible, for the UK to seriously promote civil liberties and the freedom of expression. If itself becomes what is encourages other democracies to avoid becoming, HMG stands to severely undermine efforts by DFID and other developmental (and conditional aid) efforts, supported by the British public, to strengthen democracy elsewhere in the world. While it is fairly clear now that the British Government does get violent with those who disagree with its policies, it is unclear just how the Government will use information siphoned from the private communications of its citizens against them.

Say for example I was on the CC list of an Al Qaeda spam email that is a sophisticated argument for matrydom. In the interests of my research on countering Islamic radicalisation through ICTs, I forward this to some other colleagues. A lively discussion ensues over email, SMS and voice calls. Under the proposed surveillence regime in the UK, if any one of the recipients was a British citizen living in the UK, does this mark me out as a threat in the data mining algorithms that HMG / MI5 will use to identify embryonic terrorist activity? Will this communication be used against me if I apply for a VISA to the UK? Will I have to pass more stringent customs and border control checks? Will this information be communicated to other intelligence services, or used in conjunction with existing programmes such as Echelon to create profiles that can be matched, discriminated against, sold, exchanged, stored even after death and negatively impact upon my children, friends, colleagues and partners?

There are also serious concerns about the ability of the British Government to actually securely store the information it gathers.

The proposed Data Communications Bill, just as with an issue such as Net Neutrality in the US, are not challenges that are limited to the national boundaries of the UK and US respectively. Their outcomes shape the reality of communications and all that is dependent on it in other countries as well. If the raison d’etre of ICT4Peace is to engender ways through which communications helps peacebuilding, I am yet to be convinced that what the UK is planning on doing will in any way help it combat the root causes of terrorism.

Deciding which mobile phone to bug and how: The incredible flip side of the growth of mobiles

I use the word incredible in the sense of difficult to believe or extraordinary.

In one of the most revealing and interesting articles I’ve read in a while, the London Review of Books looks into the world of mobile phone surveillance. It begins with the example of in the UK, a freely available service (one of many as a quick Google search reveals) that can be used to track the movements of a mobile phone. A related BBC report by Click Online presenter Spencer Kelly notes how easy it is to circumvent the security protocol associated with a phone that is to be tracked.

While I’ve repeatedly mentioned on this blog that social networking linked to proximity thresholds on mobiles could be a killer app in densely populated areas (megacities), the potential of using the same technology to monitor movements and track people is no longer the domain of science fiction or films like Enemy of the State.

But what’s interesting about the LRB article is not this. It is highlighting the Intelligence Support Systems industry (ISS) industry, growing by leaps and bounds, and its links with and interest in the mobile phone and telecoms companies. And the question is poses is a fascinating one,

…identify targets for LI (that’s ‘lawful intercept’) in the first place: it’s a cinch to bug someone, but how do you help a law enforcement agency decide who to bug?

The way ISS companies go about doing this is worth quoting in full,

To help answer that question, companies like ThorpeGlen (and VASTech and Kommlabs and Aqsacom) sell systems that carry out ‘passive probing’, analysing vast quantities of communications data to detect subjects of potential interest to security services, thereby doing their expensive legwork for them. ThorpeGlen’s VP of sales and marketing showed off one of these tools in a ‘Webinar’ broadcast to the ISS community on 13 May. He used as an example the data from ‘a mobile network we have access to’ – since he chose not to obscure the numbers we know it’s Indonesia-based – and explained that calls from the entire network of 50 million subscribers had been processed, over a period of two weeks, to produce a database of eight billion or so ‘events’. Everyone on a network, he said, is part of a group; most groups talk to other groups, creating a spider’s web of interactions. Of the 50 million subscribers ThorpeGlen processed, 48 million effectively belonged to ‘one large group’: they called one another, or their friends called friends of their friends; this set of people was dismissed. A further 400,000 subscriptions could be attributed to a few large ‘nodes’, with numbers belonging to call centres, shops and information services. The remaining groups ranged in size from two to 142 subscribers. Members of these groups only ever called each other – clear evidence of antisocial behaviour – and, in one extreme case, a group was identified in which all the subscribers only ever called a single number at the centre of the web. This section of the ThorpeGlen presentation ended with one word: ‘WHY??’

I’m hugely ambivalent about this sort of power. The bona fides of all telecoms companies in Sri Lanka, and many other countries with regimes more interested in control and containment than democracy, are already suspect. Governments themselves often conveniently confuse anti-terrorism and the post 9/11 war on terror with legitimate dissent on human rights abuses. Together, the worst of telcos and illiberal regimes have a degree of control over movements and communications that, given our dependence on the web, Internet and mobile communications, is unprecendented in human history. I have always thought that Burma was exceedingly foolish to cut off all communications during and in response to the Saffron Revolution. A more sophisticated regime would have simply tracked all the communications, taking a page from China, and then targetted nodes (indviduals and groups) who were responsible for most of the information generation.

ThorpeGlen’s technology makes this easy to do and I doubt very much that they have ethical guidelines (or frankly even a remote interest in human rights) that will prevent them from selling their product to regimes not known for their support of democracy. The capabilities of the system are astounding – able to track multiple SIMs, handsets and devices and remind me of the Semantic Navigator that I toyed around with in the early days of implementing Groove Virtual Office to support the One Text process in Sri Lanka.

Identifying and profiling targets. Click for larger image.
Identifying and profiling targets. Click for larger image.

On the other hand, this technology is here and being further developed. There’s no wishing it away and governments are openly talking about ways to break even themost secure mobile communications channels. Commercial variants are indubitably going to be useful in humanitarian aid and peace related work – to help with location and situational awareness on the ground and complement other technologies such as mobile video, offering real time, immersive updates from the field with little or no user interaction.

A committed interest in combatting terrorism and creating better systems to manage disaster aid work makes it difficult to not get animated by and support these technologies. On the other hand, I am worried about the capabilities of these systems used by governments to hunt what becomes an evolving definition of terrorists and terrorism which soon includes those like myself who are openly critical of the gross abuse of human rights and media freedom by a regime in Sri Lanka hell-bent on a total war to the detriment of democracy.

Many of us are already under surveillance. It’s difficult from where I am to be optimistic about this sort of technology used more as a tool to promote democracy over self-serving wars against terrorism, but I take this as a challenge for all peacebuilders who increasingly use ICTs. Technology after all, is and was never neutral. Our challenge is to use what we have access to pursue our goals, which are strangely yet inextricably entwined with those of the ISS industry.

The rise of Big Brother in the UK

It’s disturbing to read about the intention of the British Government to create a database to record every phone call, e-mail and time spent on the internet by the public as part of “the fight against crime and terrorism”. It’s this kind of mindless sleepwalking into a surveillance society that reminds me of Orwells 1984. Conrad’s The Secret Agent and V for Vendetta. There’s a necessary debate on how much of our civil liberties we need to sacrifice in the name of public security, but this is surely a nonsensical overkill? As reports indicate, it’s also fundamentally a problem of data analysis and storage.

“About 57 billion text messages were sent in Britain last year, while an estimated 3 billion e-mails are sent every day.”

How on earth the government is going to extract from this information the semantic connections necessary to identify that which threatens the British public is not entirely clear. Or it’s ability to keep these records securely. Or the period of time it will keep these records. Or who exactly will have access to them. Or as the opposition noted succinctly,

David Davis, the Shadow Home Secretary, said: “Given [ministers’] appalling record at maintaining the integrity of databases holding people’s sensitive data, this could well be more of a threat to our security, than a support.”

It’s also unclear as to how invasive this technology will be. Clearly, if it only records emails SENT or RECEIVED, there’s huge gaping security loophole in the form of DRAFT emails. Simply share an account / password combination over coffee and voila, you have a totally secure form of email communications without ever sending an email (simply update each other’s drafts). It’s also unclear whether this database will tap into instant messaging and if so, just how? What about Skype VOIP that’s encrypted? And how about Blackberry’s? Or the walled gardens of social networks and the IM systems they employ?

For a country clearly obsessed with surveillance, this latest and incredibly absurd step in the guise of “public security” is itself a terrorist’s dream. How many masterminds does the British Government actually think it will take to break into or disable the database in a day and age where DDOS attacks can actually be bought over the web?

To borrow a phrase from Conrad, the future of the proletariat seems very bleak indeed!