Most upvoted comment
If you live in the United States you need to see this. A 32 year veteran of the NSA speaks out.(r/TrueReddit)
Ok. So here are some examples, mostly whenever we would do this kind of stuff it’s no more intrusive than a SCMODS type scan.
Largely random large cash transactions. Most citizens will never see more than a few thousand dollars at a clip as a salary payment per month structure. Anything more than that, particularly if you are “out of profile” (say a 50-60k employee who suddenly receives just under 9,999 dollars). In DEA parlance this could be “smurfing”
Demographic profiles – this is that set of citizens, non-citizens who fit a “desirable” set of characteristics – they earn a certain amount of money, have a particular job skill set , and who travel anywhere – particularly to “threat regions”, Eastern Europe, SE Asia, Central Asia, and certain parts of South America. We would see a lot of these kinds of requests, and they would oftentimes have interesting follow up requests.
Among the more depressing and disturbing tasks
Demographic & Affiliation profiles – these were “friends and family” kind of requests, where rather rapidly you could get all sorts of information about dozens of people that would be totally pieces of data but put together , you see that Mohammad Tariq (for example) has a son Aziz 18, who goes to Rutgers and is studying chemical engineering. If Dad travels and especially if Aziz travels with him, multiple times, anywhere, it’s a problem.
Political affiliation – Similar to this and FAR more directly bad, were political affiliation reports, particularly during the Bush Administration I saw a lot of these. Where they were looking to profile or identify potential trouble-makers. I remember this particularly, only because I remember a few of my professors from college showing up on a list (both had been environmental activists back in the 1960’s), and were near retirement, but they showed up on a list of persons of interest. these guys were being monitored – periodically we’d get that same list and dump any new information and send it along.
A simple example
So you have these “collections” of people, and now you look for events, in their lives. Good examples of events are sudden – high-cost medical expenses, a sudden change in spending habits around a subject area or area of interest, a loss or gain in employers who were “out of the curve” of probable employers. i.e.; If Aziz (our baby chemical engineer), suddenly finds himself an entrepreneur with a 200k salary, practically begs someone at FBI to want to press a button – “would you like to know more?”, and we’d provide it.
A more specific example
Along these lines – and easily the most creepy – “Special requests” – usually foreign names – racial profiling aside, shortly after 9/11 we received short list query names – a list with say a dozen names on it – go fetch. What was fucked up about this – was at least a few times, we’d actually find a bunch of these names all “on a cruise together” or all randomly “visiting” Chicago, or something similar.
This was the “working end of things”, So by way of example, a bunch of guys showed up on a cruise – before we had even finished wrapping up one night, they started sending short lists of other names around a small group of Muslim surnames. Each time the list would get more specific, until suddenly a flurry of intense phone-calls later , we have a major cruise line suddenly reporting that a case of “food poisoning” has struck the “SS Splashfest” and the ship (at sea for the last 2 days), finds itself “unexpectedly” back at Miami or New Orleans and has to unfortunately disembark all the passengers – less a few middle-eastern looking dudes. Oh – and here’s a welcome home – 1500-4000$ cruise voucher for everyone else.
Who does this kind of stuff
Mostly these profiles were sold to / given to law enforcement, you would also see sales to non-governmental agencies, usually firms in New York with sketchy names, for foreigners this can absolutely mean that a home government has taken an interest in their hapless ex-pat.
Beyond that , the GOP has a hard-on for this kind of stuff, and they use it openly, against perceived , imagined and real political adversaries, I’m not saying the Democratic party doesn’t use these tools, but in doing this for several years, I never saw a recognizable “conservative” name come up on our scans. I am sure I’d seen notable “liberal” names a few time. In that way – this apparatus has a heavy bias in the conservative bend..
And this was where I think I had my professional departure from this process, Not at all long after 9/11 the processes swung around from catching real “persons of interest” like those festive sketchy “cruisers” , and paying far more attention to the math professors, and students.
Being online, in that respects means you are being watched generating a happy if disjointed trail – almost always useless. So for example, because this conversation is publicly available, even though you and I may be using trivially anonymous names – about the only two people who don’t know our real names are yourself and myself – and most everyone else on Reddit.
But even the admins would have our IP information, and cross reference that with our cable bills (if it’s an available data point, and presto – a high probability that “you” are one of 4-5 people identified in a typical “household”).
When you tie this information in with demographic information from websites, the traffic available from Comcast, and Verizon could give you a disturbingly complete picture of what was going on in someone’s daily activity. Couple that with your bank, American Express or Visa and other spending pattern information, and you are “known” in practically the biblical sense.
Pretty much I’d say the vast majority of this was what we called executive masturbation material, even when they were busing stroking themselves over the e-lint pulled on Kim Kardashian , some short list of brunette ballerinas in Cincinnati or some such, or getting in someone’s life, performing a “turn your head and cough”, in electronic form.
So my “first” problem was that , in most respects, this function exists, to large extent to provide someone with executive access, an ability to perv on people with a disturbing level of anonymity and zero accountability.
The clearest example I remember from this was, the “ballerina incident” was what we called it , when someone actually kept querying detail information and all we could determine is that the women involved (never men) were all ballerina’s in some dance school near Cincinnati, after the 3rd or 4th request, we asked for some reason this was being given a priority in the queue. We never received another high level request, although low level requests did come in from time to time.
If you want to know what really got the attention of these guys – It was when we got a short list (always a bad sign), again similar to our sketchy “cruisers”, only this time , instead of a “oh everyone’s in Philadelphia” at the convention center or the ball-game.
It was everyone on this list has stopped doing a lot of their normal set of activities or worse – has “gone dark” completely – any time someone with a substantial trivial history or sudden influx of cash goes off the grid it gives these guys serious pause.
Where you ask can do you get in on the action, well, aside from the fact that right now – you are the action – in it’s most benign form I recommend some relevant links.
Ian Ayres` “Supercrunchers“
James Bamfords excellent “The Shadow Factory
Among many reasons, here’s why technology presents a compromise of our security and it’s a problem.
Acxiom Corporation – has become the big fish in the market space.
But there are little fish everywhere
** edit(1) minor typos