(As a bit of context, I am a fairly uninteresting middle-class English guy; I do not have any links to terrorists, organised crime or whatever. I am also not a conspiracy theorist - this is asked more out of curiosity than any sort of paranoid delusion that ‘the man’ is out to get me…)
So, for someone like me, how many records are kept (by MI5/GCHQ here in the UK - I presume - and the NSA/FBI/whoever in the US) in databases about me and what I am up to? Do they know, for instance, when I enter and leave the country? Do the spooks have access to my emails and social media communications? Do they have records of - or could they get access to - my internet search history? Are there huge vaults of recorded phone conversations which they potentially have access to? Could they, via my mobile phone, ‘track’ me to know my location(s)?
I guess that all of this is *technologically *possible, but is this the sort of thing that black-suit type people habitually do to all citizens, or just the ones that they suspect of [potential] wrong-doing?
To re-iterate, I don’t wear tin-foil hats - just wondering
The thing that is very likely recorded on you is metadata from the last year to enable pattern of life analysis of who you communicate with. That information is a big focus of the NSA and available to British Intelligence under the 5 Eyes Intelligence sharing agreement.
What do you mean by them knowing? You probably have entries in a bunch of databases, but most likely no human has ever even glanced at any of that data, and it’s useless anyway until and unless someone bothers to run a bunch of analysis on it, which nobody has. Plus, not all of those databases are in direct government control: They might be able to subpoena them if they wanted, but they probably haven’t yet. Do they “know” things about you as soon as your info is in their databases, or only after they’ve looked at it?
Let’s just suppose there are no legal blocks, and the worst case rumors about the men in suits having direct access to every web page you browse to and every phone number you call are true.
How would they possibly find time in all their spying to bother spying on you? No matter how big the cubical farm full of unsmiling federal agents snooping on Americans is, it can’t possibly be big enough for them to give any one person a serious look, other than people linked to people the feds already think are bad, of course.
The next issue is that you wonder how many federal agents there could be doing this. A few hundred, sure, they could threaten them all with federal prison and we’d never hear anything about it. A hundred thousand? A million? Somebody would leak the secret.
That might have been the case a few years ago. But modern databases and data mining techniques are more than capable of holding information on every American and analyzing that data without have a hordes of humans involved.
Yes, but how good is the analysis? How many hits do you get on “how to make a bomb” or “how to join ISIS” or “Jihad for dummies”. I guess we won’t know. Also, google has started encrypting their search pages, so they either would need an inside account on google’s servers or a way to crack that encryption in real time.
Holding the information, yes. Mining the information, I’m not so sure about. Properly mining the data, like they’d do for the people they actually care about, takes a lot of resources, not all of them computing.
It also depends on what you mean by “intelligence.” Those big 17 agencies you hear about in the news are concerned with external threats, internal threats is the FBI and other law enforcement agencies. If you are from the US, unless you have been associating with foreign terrorists or other similar things, “intel” agencies are not allowed to gather or store your info. 4th amendment and all that…
That also doesn’t count stuff that the US courts have decided are not private info though, like various metadata skimming.
In short, you almost certainly don’t have a “dossier” or something on you, but if given good enough reason, they could put one together with info already available, unless you’re a hermit.
edit: This was meant for general info, if you are in the UK, 4th amendment doesn’t apply, and in practical terms, the UK government does have a lot easier time gathering info on citizens legally.
This question has several different answers depending on who and why is looking. Remember your country and its allies are not the only ones who are interested in information about you.
At the very minimum there are information like your driving license, credit cards and bank account details, tax filings, utility connections, home ownership, national insurance, phones and internet connections, passports. Potentially a lot of information can be gleaned about you from this. However, that depends on whether these databases are cross referenced and how easily. In many countries, they can’t be, either due to technical limitations or because of restrictions on access or often both. So Peter Policeman can’t just sit on a terminal at his desk and look that all up.
Then there is stuff the can collect if they are interested in you. Of that there is an immense amount obviously, phone and browsing history, social media etc. Using your mobile phone history they can track your movements pretty easily and see who you met, for how long, how often.
The main issue is not data collection it’s cross referencing. Security Services often have such ability. Average LEA, not so much.
Secondly, what it is is data. To be useable it has to be interpreted. And while lots of private things might be easily gleanable, they can easily deduce who you are having an affair with, other more important things are not as easy. A “how do you join ISIS” search may mean a person is close to radicalisation. Or it could be a search by someone wanting to satisfy own curiosity as to how people do it.
Finally, not just the Government that can get data. You or anyone else can as wekl. For instance using information which Dopers have posted on this very forum, using just Google, you could probably find out a dopers real name, address and pictures of their house, names and pictures of their spouses, children and parents and more. Sounds terrifying. Until you realise that there is not much harm a person can do, except perhaps freak out the target.
Facebook and Google each have huge stores of information on millions of people. May we assume that the NSA has trojan loggers or moles under deep cover at Facebook and Google?
(1) Intelligence agencies use their own private definition of the terms “search” and “intercept”:
To a normal person, an intercept or wire tap is when the tapping connection (either hardware or software) is made. To the intelligence agencies that is not an intercept and is not restricted by law. It is also not an intercept nor a search to have computers gather, collate and data mine that recorded data. This could even include advanced AI algorithms like IBM’s Watson. By their private definition, it is only an intercept or a search when that computer flags already-recorded communications that require human inspection, then a human proceeds to read that.
There is good evidence that all data (not just metadata) flowing across US internet backbones is being intercepted, analyzed and (to some extent) recorded. This is called “upstream collection” and is done by fiber optic taps on major internet backbone hubs.
(2) Fourth amendment protections don’t apply to US citizens caught up in “incidental collection”. It is not necessary to associate with foreign terrorists for your personal data and private communications to be recorded and stored. E.g, the “search selectors” used by intelligence agencies on the recorded data could be very broad -
say all traffic to/from IP address of a web site. They believe a potential terrorist uses that web site but they record and data mine all data from all people interacting with that same IP address. That is called “incidental collection”. The only relationship all those people (maybe thousands, maybe 10s or 100s of thousands) have with the terrorist is their computer interacted with that IP address. It is all recorded and evades legal scrutiny because it is internally categorized as “incidental”.
Anyone wanting more information on this can read the book “American Spies: Modern Surveillance” by Jennifer Stisa Granick, which is heavily footnoted and cross-referenced.
I too am a middle-class English guy and I assume that pretty much everything I do; bank/CC transactions, shopping, driving, traveling abroad, and anything else, including walking down the High Street of my small (ish) home town, is recorded somewhere. I also assume that so long as I do nothing actually criminal none of this data will ever be looked at.
Intelligence agencies will look for patterns and associations. It’s quite possible that I could innocently click on a link that took me to somewhere that was being monitored, but if I could do it, then so could a large number of other people so I would be lost in the crowd unless my identity also popped up elsewhere.
Data analysis can only go so far (ATM) before a human has to take a look and make a decision.
My answer to the OP’s question - “How much do the intelligence/security services know about us normies?” is - a lot, but they don’t really care. (Unless you come up on the RADAR too often).
If you ever had a security clearance done on you in the US, there will be a file [in the US mine is both with the FBI and the Dept of Defense for the clearances done because of a submariner husband, the CIA and State Department for a clearance to go into the CIA campus and a number of StateDep locations, and with a whole bunch of individual states for when I worked as an armed response guard because of needing local clearances for weapons permits.] It will depend on what the clearance is for what departments get used and get the results [the FBI came and talked to one of my high school buddies and asked “Do you think it is possible to coerce her into doing something she wouldn’t normally be willing to do?” and when Marc stopped laughing he told the guy that if any coercion was going to be done that she would be the one doing it. ]
For the vast majority of folk, the sheer amount of data that could be searched is simply not worth the cost of doing so - there is a cost/benefit balance to this.
That said, it would not be too difficult to find out plenty about you, from social media, through to employee reports etc. Imagine what it would take to build up a picture of who you are and what you are all about - imagine you were somehow connected in a criminal investigation.
All the electronic information is but one aspect of your existence, then it comes down to the old fashioned was of gathering information - from observing your contacts and interviewing them.
Gathering the information is one thing, interpreting what it means is quite another - maybe some computer algorithm can filter some of it, but the reality is that humans will be needed, with moderating oversight to endure that quality is maintained - that’s going to cost money and time.
There are those who work in sensitive roles who are vetted, there are differing levels of vetting and different depths of vetting.
So if you were working in an area involving the vulnerable then you might be subject to vetting relating to certain types of behaviour, but working in another field such as handling records relating to live criminal investigations would require a different vetting requirement.
For example a colleague of mine applied for a post and had to make a declaration of any events that might relate to contact with law enforcement - he declared a minor traffic offence he had when he was around 17 - this never even went to court and 20 years later it was well beyond any requirement to report, however despite this, it was actually found - this had no effect on his job application and he was appointed.
The actual event was so irrelevant for the post he had applied for and the data was allegedly deleted - yet there it was. His new post was a matter of trust so self reporting such a minor thing probably went in his favour. That sort of vetting can go as far as looking into the political affiliations of relatives as far back as grandparents, along wit current political affiliations such as trade unions etc.
They’re acknowledged to have a comprehensive collection of metadata (which websites you’ve visited, when and with whom you’ve sent and received email, text messages, phone calls, and the like. A bit of basic arithmetic (all the metadata generated in a year would fit in a couple steamer trunks full of hard drives; the actual data capacity of the intel agencies is several orders of magnitude higher) indicates that they also have a large amount of actual message content.
The key question is how likely they are to turn their attention to you, specifically, and for what reasons. If they can be trusted to do so if and only if the government has legitimate reason to suspect that you’re planning to engage in a terrorist attack, that’s one thing. The risk that they’ll do so for less legitimate reasons, such as because you are/were in a relationship with a stalkery spook or because your politics annoy the people in power.
On the one hand, even though I applied to the FBI and the CIA*, and had a security clearance, I bet my FBI “dossier”, if I even have one, is about a page long.
On the other hand, I used to routinely used to use the phrase “kill the President” in random phone calls, just in case Echelon was real. So if it were, I have a larger file, which a giant rubber stamping that says “smartass”.
*They send my resume and cover letter back. Not even bothering with the polite fiction of “we’ll keep it on file”.
Considering that there have been a number of terror incidents in Europe where afterwards the (late) terrorist was described as “know to authorities but they were not watching him because he did not seem to be a threat”… Then odds are the resources devoted to anyone who is not a red flag would be zero.
Plus, these databases are not magically cross-referenced. Nor do we know what they collect. How detailed and how far back would your cellphone tower connection (or GPS) data go? If at all, is it just real time unless you make a call or text? So would the authorities really know now where you were on the night of May the Fourth unless actively tracking you? Would they find your grainy image on surveillance High Street video unless they could also tie it to a credit card charge and so know what the person at the cash register was wearing at that time? Your ISP has better things to do than log your every web page visit. (In fact, some web interactions transmit huge chunks of data as the context… so this is not a trivial matter.
That often was the case. Less so now. It takes a surprising (for a layman like me) amount of software work to link and cross reference multiple databases. But it can be done and has been done in many places.
Pretty far back. I once saw detailed SMS (including verbatim messages) information phone and location records of an individual going back several years, long before he was of interest to the authorities. He had killed his ex-GF and the data was requested by the Police and they got text and phone details going back to the start of their affair, for phones sets which had been thrown away as obsolete when the info was requested.
Easy peasy lemon squeezy. Modern systems are able to take Security camera feed and identify facial features and link with a database to get a hit. Some of the newer ones can be set up to look for a specific individual and ping when said person is seen on a camera in the system.
Your mobile phone on its own can permit authorities to tell the general location you are in and smartphones with GPS can tell them more or less your exact position. Geo location and Geo tagging have been commercially for 10 years. Pass by a fucking store and even if you never enter the damn place you get SMS’s for sales and promotions.
All in real time, now. I was thinking historical. Yes, the call or text has a tower and location data attached, I assume. But… I suspect the regular pings are not recorded unless asked for; the phone company cannot produce a minute-by-minute GPS map of your meanderings over the last year.
I’ve seen some deep database merges done, and in some cases it’s trivial; in others, not so. the big problem is common keys. or, common names. The simplest way to hide in plain sight on the internet is to have a very common name, like John Smith or Bob MacDonald; or have the same name as a celebrity.
Plus, facial recognition software is not always all it’s cracked up to be; news is full of mistaken identity incidents when it is used. And, surveillance video has a lot of catching up to do. Systems technology are not usually updated until a sudden event or failure causes the need. There’s still a lot of VHS-quality recording out there, and a lot of very long distance shots. Face recognition is most useful up close and personal, like when people go through customs.
I think it was one of the recent riots, there was a bit on TV about the police using software and surveillance videos to try and capture who was involved, where and when. But, it relied on a few close-up cameras combined with the full street cameras; the police tagged a person based on clothing more than anything, and then the software found and followed other instances where that person showed up, and the identified the face from other camera shots (typically participant or news video close to the action).
But again, much surveillance video is erased within a month or two for capacity reasons, so figuring out where you were half a year ago or longer, probably won’t work unless the period of interest is already preserved. They can prove you were part of a riot, but not that you walked past TGIFridays two days before Christmas.
Of course, we haven’t discussed license plate readers in this thread yet - adding another level of quick and simple tracking as those become more common. Tracking who (which car) goes through and what time is very small amount of data, but an accumulated city-wide database can provide a very interesting history. Police want to know your habits- soon they could get an animated map of where you were and when for the last however many months or years.
(I read the possibly apocryphal story about some high school kids who printed out a photo of the teacher’s license plate, taped it over their own car’s one night, then drove through a number of red light cameras.)
