Rainblog

Something tells me that while Anonymous are having their fun with Mastercard and Visa, staffers in Joe Lieberman’s office are probably exchanging high-fives and gleefully putting the finishing touches to a forthcoming Mandatory Biometric Identification for Internet Users Act.

The events of the past few days have reminded the Powers that Be why an open Internet is intolerable, and now a reaction is probably not only inevitable but imminent. In five years time, maybe you’ll have to thank Anonymous for the fact that you’re not.

Back in 2002, riding the tide of post-9/11 paranoia, the Bush administration briefly flirted with a project to harvest and analyze vast amounts of personal information about American citizens, culled from databases and electronic communications. The project, usually referred to as ‘Total Information Awareness’, but officially known as the Information Awareness Office, was headed up by former Iran-Contra conspirator Admiral John Poindexter, a man so creepily-uncharismatic that you had to wonder if they’d only picked him because Cthulhu couldn’t get the necessary security clearances. Just to make sure that no one could fail to get the message, they then apparently launched an internal competition to see who could come up with the most horrifying logo for the project. The winning entry, depicting a menacing eye-in-a-pyramid turning its baleful gaze on the world over the Latin phrase “Knowledge is Power”, was so repellent that even Congress finally woke from its perpetual slumber and voted to defund the whole vile enterprise.

The cynics among us - myself included - simply commented that TIA would be back, and that next time it would surface in the private sector, where it wouldn’t be subject to the same kind of control or oversight as a government project.

And so, gentle reader, it came to pass. TIA’s new incarnation is called Project Vigilant, and its self-declared mission is to ‘Attribute Actions to Actors’. In case that seems a little vague to you (do they also attribute thoughts to thinkers and speech to speakers, to say nothing of vision to seers, or is that outside their remit?), Glenn Greenwald over at Salon does a fine job of summarizing what we know about Project Vigilant.

Project Vigilant (which should really be written with a final ‘e’) has been in the news recently because it turns out that ex-hacker Adrian Lamo is one of their ‘volunteer members’. And Lamo has been in the news because he was the person who turned in Specialist Bradley Manning, the soldier who (allegedly) provided Wikileaks with large quantities of classified information. Quite how Manning came to be in contact with a man who, in hindsight, was probably one of the worst people in the world that he could have chosen to confide in is probably an interesting story. Greenwald drops some hints, but declines to speculate.

Instead, he focuses on Project Vigilant itself, a ‘volunteer organization’ that “collects vast amount of private data about the Internet activities of millions of citizens, processes that data into usable form, and then … turns it over to the U.S. Government”. You’d think that violating everyone’s privacy on that scale would be a time-consuming and expensive activity, but evidently the patriots of the Project count not the cost. Moreover, according to Greenwald, they enjoy some remarkably privileged access: no less than a dozen US Internet providers are reportedly sharing data with Project Vigilant, data that the Project then massages and supplies in an easily-digestible form to the government. The Project claims to be able to track a quarter of a trillion IP addresses a day, and “develop portfolios on any name, screen name or IP address.”

So we have an ostensibly private organization - wholly immune to any scrutiny or control - with privileged access to data from ISPs, engaged in packaging up information about American citizens and turning it over to the government. I say ‘ostensibly’ because this kind of activity sounds like it would require fairly deep pockets, even if only for the infrastructure needed to process the data. And that’s assuming that the workforce are indeed all ‘volunteers’, and that the ISPs are handing over all their data for free just out of the goodness of their patriotic souls. Call me a cynic, but I can’t help wondering if the relation between Project Vigilant and Poindexter’s old total awareness infowarriors (or their successors) is really quite so hands-off as we are being led to believe. What are the odds, say, that some of that useful ISP data is actually flowing out of those secret wiretap rooms at the telcos and that at least some of Vigilant’s costs are being met, directly or indirectly, by way of a line item in a black budget somewhere? 

We may never know. What’s interesting is that, if the Examiner is to be believed, Project Vigilant has been operating for more than a decade, which would mean that it was actually launched before America woke up and smelled the post-9/11 paranoia, and long before Congress ordered that Admiral Poindexter’s unlovely child should be taken out back and quietly suffocated. This is enough to make you wonder if Poindexter’s Information Awareness Office was no more than a distraction, a built-to-fail red herring whose demise would simply accelerate the transfer of state surveillance to the private sector.

If you didn’t like the idea of the government peering into every nook and cranny of your electronic life, you probably won’t feel any more comfortable with the knowledge that the work is being done by a still less accountable private organization. If the idea of government spooks rummaging through your personal data and compiling secret dossiers on you makes you a little queasy, you’re really not going to like the idea of the work being done by anonymous and unsupervised ‘volunteers’ - volunteers such as convicted hacker Adrian Lamo. And while the government almost certainly ‘facilitated’ access to some of the data being scanned by Vigilant - it’s a safe bet that when the Project knocked on the doors of the ISPs and suggested that they might like to hand over their traffic records, they had at least a letter of introduction from someone in Washington - there’s probably nothing in Vigilant’s charter that says that the results of their research have to be shared only with the government.

In many other countries, something like Project Vigilant probably couldn’t (officially) exist, because it would instantly fall foul of strong data protection laws. But US data protection laws are remarkably weak, and there are strong interests that would like to keep them that way. Don’t look for any help from that quarter. 

Of course, according to Greenwald, Vigilant isn’t the only private-sector entity in a cosy data-sharing arrangement with the government. There’s also Infragard, a ‘partnership’ between some 23,000 businesses and the FBI that gives the Bureau access to all the data those businesses happen to have collected on you. Among its founding members, Infragard counts Chet Uber, executive director of … Project Vigilant. Take a moment now to get over your surprise.

Even allowing for the possibility that Vigilant is exaggerating its capabilities, it’s clear that private sector organizations are now engaged in a data gathering exercise that has no historical precedent. The interested parties, of course, trot out the usual “If you’re not doing anything wrong, you have nothing to fear” line, a phrase that is now recognized as the surveillance state’s formal way of saying “Ha ha, fuck you”.

Because — as experience has shown — even if you aren’t doing anything wrong, there a great many things to fear. And somewhere close to the top of that list are secretive corporate cyber-stasis like Project Vigilant and Infragard, operating in a comfortable gray area outside the law and subject to absolutely no oversight or control.