Data and Goliath (48 page)

French government eavesdrops:
Jacques Follorou and Glenn Greenwald (25 Oct 2013), “France in the NSA’s crosshair:
Wanadoo and Alcatel targeted,”
Le Monde
, http://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-wanadoo-and-alcatel-targeted_3499739_651865.html.
Jacques Follorou (21 Mar 2014), “Espionnage: Comment Orange et les services secrets
coopèrent,”
Le Monde
, http://www.lemonde.fr/international/article/2014/03/20/dgse-orange-des-liaisons-incestueuses_4386264_3210.html.

About a dozen countries:
British Broadcasting Corporation (8 Apr 2014), “Top EU court rejects EU-wide data
retention law,”
BBC News
, http://www.bbc.com/news/world-europe-26935096.

Internet cafes in Iran:
Iran Media Program (8 Apr 2013), “Digital media: FATA polices Internet cafés with
20 new regulations,” Annenberg School for Communication, http://www.iranmediaresearch.org/en/blog/218/13/04/08/1322.

Vietnam:
Reporters Without Borders (2013), “Vietnam,” in
Enemies of the Internet
, http://surveillance.rsf.org/en/vietnam.

India:
Rama Lakshmi (1 Aug 2011), “India’s new Internet rules criticized,”
Washington Post
, http://www.washingtonpost.com/world/indias-new-internet-rules-criticized/2011/07/27/gIQA1zS2mI_story.html.

US government bought data:
Chris Jay Hoofnagle (1 Aug 2003), “Big Brother’s little helpers: How Choicepoint
and other commercial data brokers collect, process, and package your data for law
enforcement,”
North Carolina Journal of
International Law and Commercial Regulations
29, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=582302. Jon D. Michaels (6
Oct 2008), “All the president’s spies: Private-public intelligence partnerships in
the war on terror,”
California Law Review
96, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1279867.

data from Torch Concepts:
Matthew L. Wald (21 Feb 2004), “U.S. calls release of JetBlue data improper,”
New York Times
, http://www.nytimes.com/2004/02/21/business/21blue.html.

a database of Mexican voters:
CR Staff (1 May 2003), “U.S. government purchase data on Mexico’s 65 million registered
voters,” Information Clearinghouse, http://www.informationclearinghouse.info/article3186.htm.

US law requires financial institutions:
US Financial Crimes Enforcement Network (11 May 2014), “Bank Secrecy Act requirements:
A quick reference guide for money services business,” http://www.fincen.gov/financial_institutions/msb/materials/en/bank_reference.html.

States like Illinois:
Kenneth Lowe (29 Jun 2008), “Illinois made $64.3 million selling driver’s license
information,”
Herald-Review
, http://herald-review.com/business/local/illinois-made-million-selling-driver-s-license-information/article_43c51a15-c885-575e-ac5d-0c01cc9acb6b.html.

Ohio:
Joe Guillen (11 Jul 2010), “Ohio collects millions selling driving records with your
personal information,”
Plain Dealer
, http://www.cleveland.com/open/index.ssf/2010/07/ohio_collects_millions_selling.html.

Texas:
Tim Cushing (13 Feb 2013), “Texas DMV sells personal information to hundreds of companies;
Drivers not allowed to opt-out,”
Tech Dirt
, http://www.techdirt.com/articles/20130212/21285321958/texas-dmv-sells-personal-information-to-hundreds-companies-drivers-not-allowed-to-opt-out.shtml.

Florida:
Jeff Weinsier (12 Oct 2011), “Florida makes $63M selling drivers’ info,”
Local 10
, http://www.local10.com/news/Florida-Makes-63M-Selling-Drivers-Info/3078462.

voter registration data:
Kim Zetter (11 Dec 2003), “For sale: The American voter,”
Wired
, http://archive.wired.com/politics/security/news/2003/12/61543.

The UK government proposed:
Rowena Maxon (18 Apr 2014), “HMRC to sell taxpayers’ financial data,”
Guardian
, http://www.theguardian.com/politics/2014/apr/18/hmrc-to-sell-taxpayers-data.

UK National Health Service:
Randeep Ramesh (19 Jan 2014), “NHS patient data to be made available for sale to
drug and insurance firms,”
Guardian
, http://www.theguardian.com/society/2014/jan/19/nhs-patient-data-available-companies-buy.

There’s a feedback loop:
This has been called “data laundering.” Chris Jay Hoofnagle (2 Sep 2014), “The Potemkinism
of privacy pragmatism,”
Slate
, http://www.slate.com/articles/technology/future_tense/2014/09/data_use_regulation_the_libertarian_push_behind_a_new_take_on_privacy.single.html.

you can configure your browser:
Geoff Duncan (9 Jun 2012), “Why Do Not Track may not protect anybody’s privacy,”
Digital Trends
, http://www.digitaltrends.com/mobile/why-do-not-track-may-not-protect-anybodys-privacy.

It’s a bit different in Europe:
European Parliament and Council of Europe (24 Oct 1995), “Directive 95/46/EC of the
European Parliament and of the Council of 24 October 1995 on the protection of individuals
with regard to the processing of personal data and on the free movement of such data,”
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML. Council
of Europe (Apr 2014),
“Handbook on European data protection law,” http://www.echr.coe.int/Documents/Handbook_data_protection_ENG.pdf.

data can flow from the EU:
Zack Whittaker (25 Apr 2011), “Safe harbor: Why EU data needs ‘protecting’ from US
law,”
ZDNet
, http://www.zdnet.com/blog/igeneration/safe-harbor-why-eu-data-needs-protecting-from-us-law/8801.

public-private surveillance partnership:
Jay Stanley (Aug 2004), “The surveillance-industrial complex,” American Civil Liberties
Union, https://www.aclu.org/sites/default/files/FilesPDFs/surveillance_report.pdf.

1,931 different corporations:
Dana Priest and William M. Arkin (19 Jul 2010), “A hidden world, growing beyond control,”
Washington Post
, http://projects.washingtonpost.com/top-secret-america/articles/a-hidden-world-growing-beyond-control.

70% of the US intelligence budget:
Robert O’Harrow Jr., Dana Priest, and Marjorie Censer (10 Jun 2013), “NSA leaks put
focus on intelligence apparatus’s reliance on outside contractors,”
Washington Post
, http://www.washingtonpost.com/business/nsa-leaks-put-focus-on-intelligence-apparatuss-reliance-on-outside-contractors/2013/06/10/e940c4ba-d20e-11e2-9f1a-1a7cdee20287_story.html.

Keith Alexander started:
It seems unlikely that he would have had the spare time necessary to invent things
directly applicable to his job. Shane Harris (29 Jun 2014), “The NSA’s cyber-king
goes corporate,”
Foreign Policy
, http://www.foreignpolicy.com/articles/2014/07/29/the_crypto_king_of_the_NSA_goes_corporate_keith_alexander_patents.
Conor Friedersdorf (31 Jul 2014), “Keith Alexander’s unethical get-rich-quick plan,”
Atlantic
, http://www.theatlantic.com/politics/archive/2014/07/keith-alexanders-unethical-get-rich-quick-plan/375367.

He’s hired the NSA’s:
Spencer Ackerman (17 Oct 2014), “Senior NSA official moonlighting for private security
firm,”
Guardian
, http://www.theguardian.com/us-news/2014/oct/17/senior-nsa-official-moonlighting-private-cybersecurity-firm.

FinFisher:
Elaman-Gamma Group (2011), “German security solutions,”
Wikileaks
, https://s3.amazonaws.com/s3.documentcloud.org/documents/810435/313-elaman-product-list-finfisher.pdf.

the FinFisher toolkit:
Morgan Marquis-Boire and Bill Marczak (29 Aug 2012), “The smartphone who loved me:
FinFisher goes mobile?” Citizen Lab, Munk School of Global Affairs, University of
Toronto, http://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile.
Nicole Perlroth (30 Aug 2012), “Software meant to fight crime is used to spy on dissidents,”
New York Times
, http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html.

The Moroccan government:
Bill Marczak et al. (17 Feb 2014), “Mapping Hacking Team’s ‘untraceable’ spyware,”
Citizen Lab, Munk School of Global Affairs, Univers-ity of Toronto, https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware.

arrested dissidents in Bahrain:
Vernon Silver and Ben Elgin (22 Aug 2011), “Torture in Bahrain becomes routine with
help from Nokia Siemens,”
Bloomberg News
, http://www.bloomberg.com/news/2011-08-22/torture-in-bahrain-becomes-routine-with-help-from-nokia-siemens-networking.html.

The conference ISS World:
Ms. Smith (10 Nov 2011), “Secret snoop conference for gov’t spying: Go stealth, hit
a hundred thousand targets,”
Network World
,
http://www.networkworld.com/article/2221080/microsoft-subnet/secret-snoop-conference-for-gov-t-spying---go-stealth--hit-a-hundred-thousand-targe.html.
Jennifer Valentino-DeVries, Julia Angwin, and Steve Stecklow (19 Nov 2011), “Document
trove exposes surveillance methods,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424052970203611404577044192607407780. Vernon Silver (21 Dec 2011), “Spies fail to
escape spyware in $5 billion bazaar for cyber arms,”
Bloomberg News
, http://www.bloomberg.com/news/2011-12-22/spies-fail-to-escape-spyware-in-5-billion-bazaar-for-cyber-arms.html.

The 2014 brochure:
ISS World Training (3–4 Mar 2014), “ISS World Middle East,” J. W. Marriott, Dubai,
UAE, http://www.issworldtraining.com/iss_mea/Brochure01.pdf.

Many countries send representatives:
Privacy International has a list of who attended between 2006 and 2009. Privacy International
(2012), “Surveillance Who’s Who,” https://www.privacyinternational.org/sww.

There are similar conferences:
Uwe Buse and Marcel Rosenbach (8 Dec 2011), “The transparent state enemy: Western
surveillance technology in the hands of despots,”
Der Spiegel
, http://www.spiegel.de/international/world/the-transparent-state-enemy-western-surveillance-technology-in-the-hands-of-despots-a-802317.html.

big US defense contractors:
Visiongain (8 Jan 2013), “‘Global cyberwarfare market to be worth $16.96bn in 2013’
says Visiongain Report,” Reuters, http://www.reuters.com/article/2013/01/08/idUSnPre7f3zna+100+PRN20130108.
James Bamford (12 Jun 2013), “The secret war,”
Wired
, http://www.wired.com/2013/06/general-keith-alexander-cyberwar/all.

The French company Bull SA:
Paul Sonne and Margaret Coker (30 Aug 2011), “Firms aided Libyan spies,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424053111904199404576538721260166388.

Nigeria used the Israeli firm:
Elbit Systems (24 Apr 2013), “Elbit Systems awarded a $40 million contract to supply
a country in Africa with the Wise Intelligence Technology (WiT[TM]) System,” http://ir.elbitsystems.com/phoenix.zhtml?c=61849&p=irol-newsArticle&ID=1810121.

Syria used the German company:
Der Spiegel (11 Apr 2012), “Monitoring the opposition: Siemens allegedly sold surveillance
gear to Syria,”
Der Spiegel
, http://www.spiegel.de/international/business/ard-reports-siemens-sold-surveillance-technology-to-syria-a-826860.html.

the Italian company Area SpA:
Ben Elgin and Vernon Silver (3 Nov 2011), “Syria crackdown gets Italy firm’s aid
with U.S.-Europe spy gear,”
Bloomberg News
, http://www.bloomberg.com/news/2011-11-03/syria-crackdown-gets-italy-firm-s-aid-with-u-s-europe-spy-gear.html.

The Gadhafi regime in Libya:
Paul Sonne and Margaret Coker (30 Aug 2011), “Firms aided Libyan spies,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
1424053111904199404576538721260166388.

systems used in Azerbaijan:
Sarah Kendzior and Katy Pearce (11 May 2012), “How Azerbaijan demonizes the Internet
to keep citizens offline,”
Slate
, http://www.slate.com/blogs/future_tense/2012/05/11/azerbaijan_eurovision_song_contest_and_keeping_activists_and_citizens_off_the_internet_.html.

and Uzbekistan:
Sarah Kendzior (Jul 2012), “Digital freedom of expression in Uzbekistan: An example
of social control and censorship,” New America Foundation, http://newamerica.net/sites/newamerica.net/files/policydocs/KendziorFINAL7172012.pdf.

There are few laws:
Open Technology Institute (9 Dec 2013), “International agreement reached controlling
export of mass and intrusive surveillance technology,” New America Foundation, http://oti.newamerica.net/blogposts/2013/international_agreement_reached_controlling_export_of_mass_and_intrusive_surveillance.

built for corporate use:
Uwe Buse and Marcel Rosenbach (8 Dec 2011), “The transparent state enemy: Western
surveillance technology in the hands of despots,”
Der Spiegel
, http://www.spiegel.de/international/world/the-transparent-state-enemy-western-surveillance-technology-in-the-hands-of-despots-a-802317.html.

US-based Blue Coat sells:
The complete list is Afghanistan, Bahrain, Burma, China, Egypt, India, Indonesia,
Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, Singapore,
South Korea, Syria, Thailand, Turkey, and Venezuela. Irene Poetranto et al. (9 Nov
2011), “Behind Blue Coat: Investigations of commercial filtering in Syria and Burma,”
Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2011/11/behind-blue-coat.
Irene Poetranto et al. (29 Nov 2011), “Behind Blue Coat: An update from Burma,” Citizen
Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2011/11/behind-blue-coat-an-update-from-burma.
Morgan Marquis-Boire et al. (15 Jan 2013), “Planet Blue Coat: Mapping global censorship
and surveillance tools,” Citizen Lab, Munk School of Global Affairs, University of
Toronto, https://citizenlab.org/2013/01/planet-blue-coat-mapping-global-censorship-and-surveillance-tools.