Surveillance Topic Terms, p. 1 TERMS IN USE ON THE SURVEILLANCE TOPIC Dr. Rich Edwards Professor of Communication Studies Baylor University American Community Survey (ACS): This subset of the U.S. Census asks intrusive questions such as the number of times a person has been married, whether they have a mortgage on their home and whether they are enrolled in a health care plan. The ACS selects a sample size of about 2.5 percent of households each year to complete the survey. The ACS is controversial not only because of its intrusiveness, but also because participation is mandatory – the federal government reportedly pursues participants with phone calls, visits and threats of jail time if they refuse to complete the form. Automated Biometric Identification System (IDENT): This is the name given to the U.S. Department of Homeland Security’s system for storing the fingerprints and facial recognition data for persons applying for visas, immigration benefits and the Visa Waiver Program (VWP). The system also stores biometric data for suspected terrorists and immigration law violators. Big Data Research and Development Initiative: The Obama administration launched this program in 2012, providing about $200 million with the announced purpose of “transforming our ability to use Big Data for scientific discovery, environmental and biomedical research, education and national security.” Six federal agencies are involved in the initiative, led by the Defense Advanced Research Projects Agency (DARPA) – the same agency that created the controversial Total Information Awareness program. Biometrics: This term refers to the use for identification purposes of any of the persistent characteristics of the human body. Examples of biometric identification include fingerprints, retina scans, facial recognition and DNA profiles. Border Enforcement Security Task Forces (BEST): This Immigration and Customs Enforcement program is designed to identify and dismantle criminal organizations operating on or near the Mexican border. The BEST program is designed to facilitate cooperation between U.S. and Mexican law enforcement agencies for the purpose of shutting down drug trafficking organizations. Boundless Informant: This is the name for a computer mining system operated by the National Security Agency that reportedly counts the number of telephone calls and emails that have been logged into the agency’s database. According to information leaked by Edward Snowden, the system intercepted within a single 30-day period of 2013 more than 3 billion telephone calls and emails that originated within the United States. Surveillance Topic Terms, p. 2 Bullrun: According to Edward Snowden, this is the name the National Security Agency uses for its program designed to defeat the encryption programs used by various data storage systems. Snowden also claims that the federal government has forced U.S.based Internet companies to inset “back doors” into their encryption programs, allowing the NSA access to read encrypted messages. Carnivore: This is the name of a controversial system implemented by the Federal Bureau of Investigation in 1997 to monitor email and other electronic messages from a target user. The system has since been replaced by much more capable monitoring systems. Church Committee: Frank Church, a U.S. Senator from Idaho, was selected to chair the Senate Select Committee to Study Governmental Operations With Respect to Intelligence Activities. This committee was created in 1975 to investigate the way that the Nixon administration had used U.S. intelligence agencies to gather information on political opponents. The disclosures from the committee report – commonly called the “Church Report” – prompted Congress to pass the Federal Intelligence Surveillance Act (FISA). FISA was originally designed to create a wall of separation between foreign and domestic surveillance activities. Agencies such as the CIA and NSA were essentially banned from conducting domestic surveillance; foreign surveillance would be conducted under the supervision of the Foreign Intelligence Surveillance Court (FISC). This “wall of separation” between domestic and foreign surveillance would later be blamed for the intelligence mistakes that failed to detect the planning for the terrorist attacks of September 11, 2001. The PATRIOT Act would later revise FISA in such a way as to eliminate the wall separating foreign and domestic intelligence gathering. Communications Assistance to Law Enforcement Act (CALEA): This 1994 legislation established the procedures by which law enforcement agencies could conduct wiretaps on digital telephone networks. CALEA, since it was created before the recent revolution in Internet and cell phone communication, has been criticized as incapable of protecting contemporary communication from interception by intelligence agencies. Consolidated Cryptologic Program: According to a recent report from the Washington Post, the federal government’s “black budget” provides billions of dollars for this NSA program involving a staff of approximately 35,000 computer specialists charged with breaking encryption systems. Cyberterrorism: Homeland security experts warn that terrorist organizations may soon direct cyber attacks at critical infrastructures such as the electrical grid, financial systems, telecommunication networks, municipal water supplies and even nuclear power plants. Surveillance Topic Terms, p. 3 Data Localization: This refers to the effort of governments to force Internet companies to physically store data within a nation’s own borders rather than to allow the data to cross international boundaries. The Snowden revelations have caused some countries to distrust the security of “cloud-based” data when the servers are located in the United States where they might be subject to NSA snooping. Some experts are concerned that a trend toward data localization could undermine the normal functioning of the Internet; at present, Internet messages are routed over the fastest and most efficient routes, regardless of the geographic location of servers. Data Mining: This term refers to the use of specialized software to send queries to huge databases for the purpose of discovering otherwise hidden patterns and relationships. Corporations engage in data mining in order to strategically target advertising at users most likely to purchase their products. Governments may engage in data mining in order to identify persons or groups perceived as threats to national security. Domestic Communications Assistance Center: This refers to a surveillance unit in Quantico, Virginia designed to be staffed with agents from the FBI, the U.S. Marshalls Service and the Drug Enforcement Administration. The purpose of the center is to support various law enforcement investigations with information gleaned from wireless providers and social networking systems. E-Government Act of 2002: This legislation requires federal government agencies to provide privacy impact assessments (PIAs) for the ways that they collect, store, share and manage information. The purpose of the Act is to enhance the protection of personal information in government databases. Echelon: This is a secretive data collection system based upon shared information from intelligence agencies in the U.S., England, Canada, Australia and New Zealand. It is thought that the system intercepts international email, fax and telephone communications. The intelligence agencies then use supercomputers to provide analyses of the data. Einstein 3: This software system was designed by the United States Computer Emergency Readiness Team (US-CERT) to identify and disable cyber threats to key U.S. government computer networks. The U.S. Department of Homeland Security views the program as a vital protection against cyber attack, but some privacy advocates worry that the system is overly intrusive in its examination of private emails and other electronic communication. Surveillance Topic Terms, p. 4 Electronic Communications Privacy Act (ECPA): This 1986 statute has three essential components: the Wiretap Act, designed to limit the interception of the content of electronic communication; the Pen Register Act, to protect such metadata elements as phone numbers called and persons contacted and the Stored Communication Act, to regulate access to messages held in electronic storage. While the ECPA has the purpose of protecting electronic privacy, the language of the Act is out of date. It was passed before the advent of the Internet and has not been updated to account for changes in how modern messages are sent, stored or retrieved. Executive Order (EO) 12333: This order, signed by Ronald Reagan in 1981, has been revised by every recent president. It established broad powers for the intelligence community to conduct surveillance on persons living outside the United States. Critics charge that this Executive Order has allowed U.S. intelligence agencies to circumvent the requirements of Congressional and FISA Court oversight. In the course of conducting surveillance on persons living outside the United States, intelligence agencies may also be monitoring the international communication of U.S. citizens. FAA Modernization and Reform Act of 2012: This legislation was designed to force the Federal Aviation Administration (FAA) to establish regulations allowing the domestic use of drones. Lobbying groups for farmers have been seeking permission to use inexpensive aerial surveillance systems to examine the status of crops; businesses have been seeking permission to use drones for everything from package delivery to aerial photography. The FAA has taken a conservative approach, concerned about the potential impact on commercial airline safety. Congress, however, passed the FAA Modernization and Reform Act of 2012 requiring the FAA to allow certain uses of drones by December of 2015. Fair Information Principles: These principles were at the heart of the U.S. Privacy Act of 1974 and have been used as a model for the European Union’s 1995 Privacy Directive. The seven principles are as follows: (1) Collection limitation: The collection of personal information should be lawful, limited to that which is necessary and the collection should be consensual were possible; (2) Data quality: The data should be accurate, relevant and complete; (3) Purpose specification: Data should be collected for a stated purpose and should be used only for that purpose unless there is both disclosure and consent; (4) Security safeguards: Information collected should be protected against loss or theft; (5) Openness: The collection, use and security of data collected should be fully disclosed and transparent to the public; (6) Individual participation: Individuals should be allowed to access data collected about themselves and should be afforded a chance to correct any errors they perceive; (7) Accountability: Those who collect and hold data should be held accountable for adherence to the above norms. Surveillance Topic Terms, p. 5 Familial DNA Searches: The FBI’s national DNA database can be searched by federal and state law enforcement agencies to determine whether it can match a supplied DNA sample to any of its stored samples. When no exact match is available, some state law enforcement agencies are requesting what they regard as the next best thing: a list of persons who could have a family relationship to an unidentified perpetrator. While the federal government’s CODIS system does not currently support familial searches, it can report “moderate matches” to a supplied sample. Some privacy advocates believe that this type of DNA searching unfairly exposes persons to law enforcement scrutiny. FinCen: This is a mass surveillance system operated by the U.S. Department of the Treasury designed to shut down the international financing of terrorism. The system collects information on financial transfers and sends all suspicious records to the FBI for additional investigation. The Department of the Treasury reports that it has now sent to the FBI the records of more than 1.2 million financial transactions. FISA Amendments Act of 2008: Many of the elements of the Foreign Intelligence Surveillance Act of 1978 were set to expire in 2007 – especially some of the provisions that had been added to FISA with the PATRIOT Act amendments. In 2007, Congress passed a six-month extension of FISA with the passage of the Protect America Act. That Act expired in February of 2008 and was replaced by the FISA Amendments Act of 2008 (commonly referred to simply as FAA). The 2008 Amendments extended for another 5 years the power of the NSA and other intelligence agencies to engage in the collection and storage of massive amounts of data. Five Eyes: This is the name of an information sharing system among the intelligence services of five nations: United States, England, Canada, Australia and New Zealand. This information sharing alliance dates all the way back to the World War II era. Recently, however, “Five Eyes” has focused on compiling signals intelligence (Internet, radio, microwave, satellite intercepts and telephone metadata) into a shared database. Foreign Intelligence Surveillance Act (FISA): This legislation was enacted in 1978 as a reaction to revelations about the abuses of intelligence gathering in the Nixon administration. A special purpose of FISA was to prohibit foreign intelligence agencies such as the CIA and NSA from engaging in domestic surveillance. Special procedures were established for judicial supervision of intelligence collection activities. FISA has been modified repeatedly, most prominently with the passage of the PATRIOT Act in 2001 and the FISA Amendments Act of 2008. Surveillance Topic Terms, p. 6 Foreign Intelligence Surveillance Court (FISC): This is the judicial oversight mechanism established by the Foreign Intelligence Surveillance Act of 1978 (FISA). The court was originally made up of seven judges drawn from seven different Federal District Court circuits. The Patriot Act added four additional judges to the FISC with the provision that at least three of them must be within 20 miles of Washington, DC; this latter provision was designed to make certain that the judicial supervision would be available on short notice. The members of the FISC are sitting Federal District Court judges who are appointed by the Chief Justice of the Supreme Court. Fourth Amendment: The text of the Fourth Amendment is as follows: “The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated and no warrants shall issue, but upon probable cause, supported by oath or affirmation and particularly describing the place to be searched and the persons or things to be seized.” Fusion Centers: The U.S. Department of Homeland Security funds more than 70 fusion centers, designed to combine data from state and local law enforcement officials, social media, commercial data brokers and U.S. military intelligence to watch for early warning signs of terrorist plots. Future Attribute Screening Technology (FAST): The U.S. Department of Homeland Security operates this surveillance program designed to identify persons, primarily in airport screening processes, who are acting “strangely, showing mannerisms out of the norm or displaying extreme physiological reactions.” At present, FAST is only a prototype program, but it has been used to identify those persons who might require special airport screening procedures. Global Network Initiative (GNI): This is an advocacy group urging the importance of free expression and protection of privacy in the handling of data gathered from Online sources. The GNI is made up of industry representatives such as Yahoo, Google and Microsoft along with a variety of human rights groups. Guardian Threat Tracking System: This, according to the FBI, is an “automated system that records, stores and assigns responsibility for follow-up on counterterrorism threats and suspicious incidents.” According to the results of an internal audit, this system produced a list of 108,000 “potential terrorism-related threats, reports of suspicious incidents and terrorist encounters” in a recent 3-year period. Homegrown Violent Extremists (HVEs): This is the term that the Department of Homeland Security uses to describe “lone wolf” terrorists – individuals who may have no direct connection to an international terrorist group, but may nevertheless commit a terrorist act. Surveillance Topic Terms, p. 7 Hop: Section 215 of the PATRIOT Act allows the NSA to examine all telephone numbers that are within 3 “hops” of a telephone number connected to a terrorist suspect. If the FISA Court agrees that a “seed” number may belong to an international terrorist, it will allow the intelligence agency to query its massive database of telephone metadata to identify every telephone number in contact with the seed number – that is the first “hop.” Suppose that this first “hop” produces 100 other telephone numbers for investigative follow-up. If the intelligence agency makes a second “hop” it will query the database to identify a list of all telephone numbers that were in contact with the first 100 numbers, perhaps producing a list of 10,000 phone numbers (100 times 100). Under extraordinary circumstances, the intelligence agency may look at a third “hop” – meaning all telephone numbers contacted by those 10,000 numbers. By this point, the numbers are in the millions of contacts. President Obama recently indicated that he will instruct intelligence agencies not to move beyond two “hops” from the original seed number. International Covenant on Civil and Political Rights (ICCPR): This is one of the international human rights treaties that has been both signed and ratified by the United States in 1992. This agreement has an Optional Protocol guaranteeing the right to privacy, but the U.S. has neither signed nor ratified that Optional Protocol. Joint Terrorism Task Forces (JTTFs): The FBI has established these task forces in each of its 56 field offices for the purpose of investigating terrorist threats and designing counterterrorism operations. Metadata: This term refers to all of the information related to a telephone call or Internet contact other than the content of the communication. Metadata includes the time of the contact, the duration of the message, the particular email addresses or telephone numbers contacted and sometimes the names of the persons involved in the exchange. Minimization procedures: The Foreign Intelligence Surveillance Act (FISA) requires that intelligence agencies utilize procedures to minimize privacy intrusions whenever they engage in physical or electronic surveillance. Minimization remains a vague term given that FISA fails to define exactly what intelligence agencies must do to minimize the threat to privacy. The language of the Act says that agencies should “minimize the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce and disseminate foreign intelligence information.” National Intelligence Priorities Framework (NIPF): The Intelligence Reform and Terrorism Prevention Act of 2004 created the NIPF for the purpose of “establishing objectives and priorities for collection, analysis, production and dissemination of national intelligence” and “ensuring maximum availability of and access to intelligence information within the intelligence community.” Basically, Congress intended to create a framework to ensure that intelligence agencies are communicating appropriate information to one another in a timely manner. Surveillance Topic Terms, p. 8 National Security Entry-Exit Registration System (NSEERS): This is a system maintained by the U.S. Department of Justice requiring that noncitizens from certain Muslim and Arab countries register with the U.S. Immigration and Naturalization Service. National Security Letters (NSLs): The PATRIOT Act allows U.S. intelligence agencies to issue NSLs designed to require U.S. companies to provide requested telephone records, email subscriber information, banking or credit card records and almost any other business record. The President’s Review Group on Intelligence and Communications Technologies reports that the FBI issued 21,000 NSLs in 2012. Operation Tripwire: This FBI program asks for the assistance of businesses to identify any persons making suspicious purchases of bomb-making materials or other weapons. Perfect Citizen: This NSA cybersecurity program is designed to identify and neutralize Online threats to the nation’s critical infrastructure such as utility power plants and water supply systems. PRISM: This program allows U.S. intelligence agencies to access emails, Facebook posts and instant messages for the purpose of tracking foreign terrorists living outside the United States. The NSA claims that the legal authority for this program is contained in Section 702 of the PATRIOT Act. Some NSA critics charge that the agency has compelled tech companies such as Google, Yahoo, Microsoft, Facebook and Twitter to provide access to the communications stored on company servers. Privacy Act of 1974: This legislation established 7 “Fair Information Principles” for privacy protection. While the Act clearly established the importance of privacy, critics charge that its general principles fail to meaningfully limit the actual practices of federal intelligence agencies. Protect America Act: This legislation prevented the PATRIOT Act from expiring in 2007, but it was passed by Congress only as a 5-month stop-gap measure until a more comprehensive extension could be crafted. The Protect America Act expired in February 2008 when it was replaced by the Foreign Assistance Act Amendments of 2008. Right to Financial Privacy Act (RFPA): This 1978 Act is designed to protect the confidentiality of personal financial records by creating privacy protection for bank records. The Act requires that federal government agencies provide individuals with a notice and an opportunity to object before a bank or other specified institution can disclose personal financial information to a federal government agency. The privacy rights established in the RFPA would, however, be narrowed with the passage of the PATRIOT Act and various other pieces of legislation designed to restrict the funding of terrorism. Surveillance Topic Terms, p. 9 Screening of Passengers by Observation Techniques (SPOT): This is the name of a behavioral screening program used by the TSA to identify persons who may need special screening before boarding an aircraft. According to a report from the U.S. Government Accountability Office, about 3,000 TSA workers have been assigned (since 2007) to look for suspicious behavioral clues as they observe passengers at airline checkpoints. Section 215: This provision of FISA, as amended by the PATRIOT Act and the FISA Amendments Act of 2008, is also known as the “business records” provision. This section allows intelligence agencies to collect “tangible things” that are “relevant to an authorized investigation.” Section 215 will expire in June of 2015 unless Congress acts to extend it. Section 702: This section of the Foreign Intelligence Surveillance Act, as amended by the PATRIOT Act and the FISA Amendments Act of 2008, allows for warrantless surveillance of foreign communications conducted on U.S. soil so long as the intelligence agency does not “intentionally target” a U.S. person. Unfortunately, the definition of “intentionally targeting” is not very precise. The language implies that collection of intelligence on U.S. persons is acceptable so long as the collection is unintentional or an international terrorist is the target of the investigation. Secure Border Initiative (SBI): This is the name of the Department of Homeland Security program designed to strengthen immigration enforcement. The Initiative involves increasing border patrol agents, upgrading the use of technology in aerial surveillance and additional traffic stops in the near-border region. Secure Border Initiative: This program is an example of the U.S. “enforcement first” approach to immigration reform. The program involves a combination of a 670-mile long physical border fence, virtual fencing, increased number of border patrol agents and upgraded technology for high-tech surveillance devices on or near the border. This program involves the expanded use of unmanned aerial vehicles (UAVs). Secure Flight: This is the name of the TSA system designed to screen airline passenger reservations against a list of persons on the terrorist watch list. According to data from the Department of Homeland Security, approximately 25 persons each month are denied airline boarding as a result of their name being listed in the Secure Flight system. Stringray: This refers to a law enforcement technology designed to track all of the cellphones in a given area by mimicking the functions of a cellphone tower. Reportedly, this “stingray” technology can detect and locate a cellphone even when the user is not making a call. Surveillance Topic Terms, p. 10 Terrorist Identities Datamart Environment (TIDE): The Intelligence Reform and Terrorism Prevention Act of 2004 established this system to serve as the U.S. government’s central repository of information on international terrorist identities. This database feeds information to the various TSA and other federal agency terrorism watch lists. Total Information Awareness (TIA): This is the name of the “big data” analysis system established by the Defense Advanced Research Projects Agency (DARPA) in the period following the 9/11 attacks. When controversy arose over the “big brother” implications of this data system, DARPA changed the name to “Terrorism Information Awareness.” But Congress, reacting to public pressure, eliminated funding for this system in August 2003. Critics charge, however, that the TIA system lives on in other forms and using different names. Traveler Redress Inquiry Program (DHS TRIP): This is the system operated by the Department of Homeland Security designed to resolve problems related to improper identification problems with the TSA terrorism watch list. Persons who are denied boarding or are improperly detained can apply for a special identifier that can be used to avoid similar problems on future trips. TSA Pre-Check: The TSA has adopted this program in response to airline passenger complaints about long delays in the security screening process. This system identifies low risk passengers who are then allowed to pass through shorter lines with minimal screening processes. The TSA reports that more than 18 million passengers are now approved for the TSA Pre-Check identification. U.S. Computer Emergency Readiness Team (US-CERT): This is the program of the U.S. Department of Homeland Security to identify and defuse cyber threats. DHS claims that this system has resolved approximately 190,000 cyber incidents and issued more than 7,450 alerts. When an alert is issued, DHS can dispatch its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to conduct a site visit and assist private sector companies in properly responding to the cyber threat. United States v. Jones: In this 2012 case, the Supreme Court held that police exceeded their legal authority by putting a GPS tracker on the car of a suspected narcotics dealer, monitoring the individual for twenty-eight days, without first obtaining judicial approval and a search warrant. The Court’s unanimous ruling was that the police must obtain a search warrant before they can install GPS tracking devices on suspects' vehicles. Video Privacy Act (VPA): This 1988 legislation made it illegal for law enforcement agencies to obtain a citizen’s video viewing records (from companies that rent videos) without securing a search warrant. The key problem with the VPA is that the language of the act is outdated; it is designed to protect checkout records from video stores and libraries. It does not, however, protect video streaming records – a technology that was unknown in 1988. Surveillance Topic Terms, p. 11 Visa Security Program (VSP): The Visa Security Program is designed to interdict criminals, terrorists and others who would exploit the legal visa process to enter the United States and protect the United States against terrorist and criminal organizations. XKeyscore: Edward Snowden claims that the NSA uses this system to install software on targeted computers that will allow the agency to capture every keystroke entered on those computers. This allegedly allows the NSA to capture the full text of emails, to log all Google searches and to store the names of Websites visited.