The Internet, Social Media Companies, Privacy, and Why It Matters: A Little Primer

OPINION PIECE:

Ever asked yourself the question “How did Facebook just pop up with that Ad about the exact thing my friend and I were just talking about in Starbucks ten minutes ago?” More and more people are noticing these types of disconcerting phenomenon. Many of course try to spin these as “conspiracy theories”, but people know. How do they know? Because it seems to be happening with greater frequency, and it’s disconcerting to say the least.

The right to privacy is a basic Constitutional Right documented in the Fourth Amendment. It hasn’t changed because of technology. It hasn’t changed due to terrorism. And though many state for mainly partisan reasons that “they have nothing to hide”, that’s not the point. Citizens in the United States have right to privacy as protected by the Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

There's always a tension between privacy and security. And as with many other things, it isn't a topic that is cut and dry. Both will always be an issue debated in the public square. Both will also always be basic tenants that a democratic society holds dear.

Recall how certain individuals insisted back in 2012/2013 that “it’s only metadata” when they got called out for new bulk collection claims after the Snowden Revelations. Recall when Clapper lied under oath? Or when Brennan called for Edward Snowden’s head which resulted in WaPo and The Intercept calling for his firing? Ever asked yourself the question “how did individuals have transmission information on political opponents like Michael Flynn BEFORE the FISA Court Authorizations circa-2015?” Or “why does Huawei matter so much”?  The expansion of surveillance from 2009-2015 was one of epic proportions. It was a major, global operation run by some of the most powerful interests and corporations in the world.

The ‘moral outrage’ over state surveillance was quickly followed up a few years later by ‘moral outrage’ that resulted in calls first by the media, and then by the masses, for major corporate internet platforms to start censoring speech that they didn't agree with. Short of censoring a human’s ability to speak by means of silencing them physically, a human’s ability to communicate in this day in age is nearly completely dependent on technology. Technology creates Data. Transmission of that Data allows us to communicate be it via phone, via text, via chat, via email, via social media, etc.

Data can and has greatly benefited our society. But as with anything else, Data can be used for nefarious purposes. It can be used to blackmail citizens, corporations, board members, government officials, entire Countries, anyone. As George Orwell said so eloquently, “He who controls the past, controls the future; he who controls the present, controls the past.” And in present-day, just about everything we do involves some sort of interconnected technology. Those means of interconnected technology generate “data” that adds to an ever developing fingerprint of who you are. Control the data, and you control the World. Saying otherwise isn’t just intellectually na?ve, rather, it’s technologically disingenuous.  

But how does it all work? Is it even possible? Is it feasible on a large scale? We can address that by beginning to understand (in generally consumable terms) how data is generated, and how it is transmitted.

According to modern day definitions, “data” is a collection of facts and statistics that are collected together for reference or analysis. Data is a set of values, quantities, characters, and symbols on which operations are performed by a computations device, thus being stored and transmitted in the form of electrical signals and recorded on magnetic, optical, or mechanical recording media (hard drive, storage drive, flash drive, “the Cloud”, etc). Everything from our refrigerators, to televisions, to cars, to finances, to cell phones, and just about everything else, generates, stores, and transmits Data. We exchange that data in order to communicate, collaborate, carry out commerce, etc. The Data that you generate is also used to define you. By Cyber Security standards, we want to know the “Who, What, When, and Where” in order to determine the “Why”. The subsets of each of those points are essentially endless. Data defines who we are, in the present day. This allows corporations, and governments, to not only place us each into defined boxes, but to have control over the aspects of our lives that depend on data. In more nefarious terms, data collection allows entities in positions of power and control to decide the scope-of, and even our very ability-to, communicate with each-other.

Now that we have a consumable way of understanding what “data” is, it is critical to understand how data is transmitted. The handling of data for transmission fits into a technology model called the “OSI Model”. The “OSI Model” is a standards-based way of understanding how data gets from Point A, to Point B. Ultimately, what you input into an application, project over video, speak over phone, etc, needs to be broken down into a standards-based formfactor, to be transmitted between said “Point A and Point B”. More generally speaking, we “input” data into a human interface (be it a Graphical User Interface, Computer Operating System, Cell Phone Screen, receiving voice signal, etc), and that data (which comes in extremely expansive and diverse types/languages) then needs to be transmitted. Therefore, we must have a consumable way of understanding that means of transmission: “The Internet”.

In simplest of terms: The Internet is a means of interconnecting devices to transmit data via a common language…. a common protocol…. at nearly the speed of light. The plumbing of the internet works much like the roads in which we travel in our vehicles between locations. We get into our cars located at a certain address, and pull out in the driveway. The driveway leads to our street. Our street dumps out onto a roadway. That roadway ultimately leads to a parkway or highway. And as we travel, that highway ultimately connects-to and opens up into a large Interstate with a bunch of lanes. It’s a complex hierarchy, but a hierarchy nonetheless. The medium by which our devices transmit data (i.e. Wired, Wireless, Cell) is not extremely consequential for this discussion, as Wireless Access Points, Cell Repeaters, Cell Towers, etc, all ultimately connect downstream back into “the Internet”, and the data transits across the Internet to ultimately reach its destination. In short, the Internet was created to transmit data between multiple locations.  

In the advent years of the Internet, Federal Defense and Research Laboratories started needing to share data more expeditiously than sneaker-netting storage tape spools between each-other via trucks. They needed to be able to exchange data for collaboration between two points, and ultimately, needed to be able to serve up data for consumption by multiple entities. The first officially-documented transmission was carried out in 1969 in California between Government Advanced Research Projects domiciled at UCLA, Stanford, UC-Santa Barbara, and University of Utah. As the requirement for transmission, communication, and collaboration grew, so did the need for the infrastructure of the Internet to grow. And it did. Exponentially. It “webbed” out farther and farther, with greater and greater density, until even the airwaves around us were a means of transmitting data in over 98% of the airspace within the lower 48 states in the US.

The DOE/DOD/NSF founded ARPANet and CSNET at the Federal level in those advent days of the Internet, before commoditizing it. Federal “Network Access Points”, much like Phone Switches and Telegraph Internetworks before them, were intersections at which circuits from various geographical areas came together. Circuits from various geographical areas came together into these big buildings full of telecommunications gear, and provided a way for them all to interchange between each other; much like huge highway interchanges in big cities like Atlanta, Los Angeles, Chicago, Dallas, etc. Practically speaking, much like old Ma-Bell telephone infrastructure, fiber circuits were often times placed on aerial cable right of ways, or in trenches next to roadways, interstates, railways, etc. A fascinating example of a company that found great success with doing this, was Qwest Communications. Qwest was founded by the owner of Southern Pacific Railroad, who used his land/right-of-way to build the nation’s first all-digital fiber optic network around the country. He used trains retrofitted with trenchers, to trench next to his Southern Pacific railroad tracks, lay fiber optic cables down, and fill the trenches back in, across the entire country.

Qwest is also an excellent example of what happens when executives of a corporation refuse to give backdoor access. As validated via the Snowden Revelations, it’s a fascinating and scary tale of how an old vestiges of the Surveillance State power-played the biggest telecommunications providers in the country to mirror to them any and all data traversing their networks. Qwest was the lone holdout. That didn’t end well for the corporation, and especially for their executives. 

As the Internet continued to grow, federally-run “Network Access Points” gave way to the more modern commercially-run “Internet Exchange Point”. They were regulated, of course, but still very much like the wild wild West. And it was big business. As the Internet grew, so did the scale and complexity of these Internet Exchange Points. Cities became interconnected. More and more neighborhoods within those cities became interconnected. More and more homes in those neighborhoods became connected. As technology grew, those homes started to contain more and more devices that required the ability to communicate with other devices throughout the World. And as more and more fiber got put in the ground within the US and throughout the World, the hierarchy of these Internet Exchange Points evolved. Consequentially, the entirety of internet traffic in the US ultimately passes through an extremely small number of top level Internet Exchanges relative to the size and scope of the Internet in the US – less than 30. The Internet Exchanges on the coasts also interconnect to a large network of transoceanic fiber cables that traverse the ocean on the sea floor – thus creating “Intercontinental Highways” for data to be exchanged between countries, and continents.

With that in mind, consider the transmission of data. If you want to intercept the data in order to gather information about the sender, a great way to do that is to put some equipment at every one of those Internet Exchange Points, and capture copies of the data as it flows by. Why? Because as we’ve already addressed, a very high percentage of the data traversing the Internet ultimately flows through these points. This creates very sensical places to capture large swaths of data. Once that data is captured, entities can start monitoring the data for various purposes.

As the number of interconnected devices grew, so did the infrastructure of the Internet. Along with this, came an almost obsessive desire from certain entities/corporations to know the “Who, What, When, and Where” of as much of the data as possible. As with most other things, this had legitimate defense purposes along with legitimate intelligence purposes. But it also had fiscal benefits for corporations. More intelligence on user data meant greater control. As society’s interdependence on technology grew, so did the sheer volume of data. As the volume of data grew, so did the desire to know as much as possible about that data. Eventually, the ability to collect copies of that 90+% of data traversing Internet Exchanges became insufficient. More so, encryption became more and more mainstream. Encrypted traffic created a blind spot for surveillance apparatus. 

Encryption encodes data in-transit so that only the sender and receiver can access the data. Encrypted traffic percentages quickly grew on the Internet, both for security and privacy reasons. Data could still be decrypted in-transit via man-in-the-middle approaches, but it requires a tremendous amount of “horsepower” to decrypt/re-encrypt via this method. Man in the Middle decryption also does not have a 100% success rate especially when attempting to do so in a manner that is stealth/transparent to the end users desiring the privacy. Therefore, it was desirable to come up with more effective means of eavesdropping on higher percentages of data exchanged globally.  

How do you capture the rest of that data? The answer is actually quite simple: work with corporations like Facebook to capture the data on the end device *before* it gets encrypted for transit. As an analogy, consider the desire to intercept someone’s telephone communications. Would it be easier to trace the path by which that phone call was routed through the telephone infrastructure? What if that phone call was encrypted over the wire? Or would it be easier to have a listening device in the same room as both the sender and receiver *before* the communications get sent over the wire? The answer is obvious. Gain visibility at a level as close to 100% as possible. Get a copy of the data before, during, and after transit. Visibility skyrockets.

How would something like that be accomplished, when citizens have an innate desire for privacy? After all, going back to the phone conversation example: Are you going to call up an agency or corporation, and give them access to drop a microphone in the same room that you’re talking on the phone? Are you going to willingly have all of your data/records/conversations mirrored to those entities out of your own free will? Of course not. But that innate resistance to invasion of privacy isn’t acceptable to entities and corporations that are incentivized to capture “as close to 100% of the data as possible”. The solution? Capture it in stealth, without you ever knowingly giving your consent. Bury cryptic verbiage down in a 50-page “Privacy Contract” when you download that social media app just in case you get caught. You see where it can lead.

What has gotten rapidly more advanced over the past 5-7 years, is the ability to compromise nearly every device with internet access. OEM, Social Media, and Browser platforms are encoded with backdoors geared towards scraping the data from every transmission the device makes, including the data you thought was “encrypted”. For example: encrypted Instant Messaging Apps like WhatsApp, are only encrypted in-transit. The data is not yet encrypted on the “trusted” sender and receiver devices, which is how the “trusted” sender and receiver are able to read the message. Therefore, what better way to grab copies of the data than to capture it before it even gets encrypted and transmitted across the wire?

Commonly, these “backdoors” are covertly placed within seemingly innocent pieces of software, like a social media app on your phone or a mainstream web browser on your computer. These Apps carry out “data mining”, thus monitoring all of your activity, packaging it up, and mirroring it on to a covert listener. “Only metadata”, they say? That is soooo 2008. The “backdoor” used as a means of exfiltration – stealthily exists as part of the install package for common social media apps. Many social media apps do not just query content within the four walls of the app. They mine data from most of the apps on the device. Therefore, the FB's/WhatsApps of the world can continue claiming “end to end encryption”, but any security professional knows that this is just semantics. Data is captured before it ever even gets encrypted. Your emails, chats, web-browsing traffic, pictures, documents, voice calls, webcam photos, web searches, social media traffic, logged keystrokes, intercepted username/password combinations, file uploads, and just about everything else.  This became common, mainstream knowledge in recent years.

To predict where this could potentially go, would simply require us to observe what is already going on in other parts of the world such as China with their Golden Shield Project / Great Firewall. In the early 2000’s, they started filtering based on Application-level Data, which was very advanced at the time. By filtering at this level, they were able to heavily censor news stories, then expanded to social media, then expanded to personal emails and text messaging, then expanded to encrypted messaging.  They would scrub the Chinese-run accessible Internet of dissenting views that they don’t like. China also heavily regulated DNS infrastructure in the country. DNS is what resolves web site names, called URL’s, to IP Addresses. By indexing sites according to their state-mandated ideologies, they were able to censor in a much more granular fashion – thus blocking at a national level, entire swaths of websites that did not comply with state-mandated ideologies.  

Present day, the Chinese Government has expanded to attach what they call a “Social Credit Score” to each Chinese Citizen. Per mainstream news sources, millions of Christians and Muslims have been placed in what the Chinese call “Re-education Camps” after labeling them as such based on their digital activity. Do or say something that powerful individuals don't like? Law Enforcement Officials are activated, and the individual is picked up. Consider the following excerpt from the Chinese Ministry of Public Security in regards to the Golden Shield/Great Wall Project:

“Individuals are prohibited from using the Internet to: harm national security; disclose state secrets; or injure the interests of the state or society. Users are prohibited from using the Internet to create, replicate, retrieve, or transmit information that incites resistance to the PRC Constitution, laws, or administrative regulations; promotes the overthrow of the government or socialist system; undermines national unification; distorts the truth, spreads rumors, or destroys social order; or provides sexually suggestive material or encourages gambling, violence, or murder. Users are prohibited from engaging in activities that harm the security of computer information networks and from using networks or changing network resources without prior approval.”

Frighteningly, phrases such as “undermines national unification”, “distorts the truth”, “spreads rumors”, or “destroys social order” are all very similar to arguments we hear today in the mainstream for censoring speech on the Internet. China also states more recently that their stated purpose for the draconian censorship is to “fight against extremism, terrorism, and unrest”. 

The Chinese Government attempted just last month to justify their “Re-education Camps”, stating that they were needed to “fight against extremism, terrorism, and unrest.” According to mainstream articles in the past months, the tech used to monitor 'dissidents', and even map their DNA, was given to them by several US-Based Companies including Google. An Ivy-League University went further, by contracting to help China develop “vocal recognition technology” to be used to identify and target voice conversations at the state’s discretion. That data is then also used to develop more precise Artificial Intelligence to fine tune data that has been collected, including facial recognition software for the over 2 billion Chinese-state-managed surveillance cameras. Human Rights delegations are starting to take significant notice in recent days.

Consider this short excerpt from The Hill:

"“The digital surveillance system consists of three main platforms — Skynet, Safe City and Sharp Eyes — that target both cities and rural areas. Our sources claim that China is about to complete its installation of 2.7 billion cameras around the country, to achieve a goal of allowing no blind spot in urban areas.

As stunning as this is, the cameras are only one element of control. Their use is in combination with banking data, mobile payment apps, WeChat, Social Credit Score, third-generation national ID card, biometric info, Great Firewall, mobile phones, televisions and other surveillance hardware and software. The totality of these sources of data means that CCP has abolished privacy for its population and established a control that is exceeded only in fiction.

China weaponizes surveillance for repression and persecution, and the power of this weapon is tangible. The surveillance apparatus has effectively silenced the voice of political and civil activists, as evidenced by the crackdown on rights defense lawyers. In the massive concentration camps in Xinjiang Province, millions of ethnic Uighurs are detained and subjected to brainwashing and torture. The rest are under 24/7 surveillance in their homes and communities, all in the name of “public safety.”"  -The Hill

The next time you notice Internet Ads that seem to be tailored to private conversations you’ve just had, remember these facts that are all readily available in the mainstream. They have been for quite some time. These are not “conspiracy theories”. Furthermore, the next time you find yourself trying to justify coercing governments to censor, de-platform, and silence voices that you don’t agree with, realize how closely that ideology tracks with what certain countries like China are already doing.

In closing: Be smart. Be educated. Be aware. Be innovative. Be vigilant.

----------------------------------------------------------------------------

“I want them shut down, I want them silenced, I want them muted, I think they are horrible for our society.  The First Amendment argument is very powerful, it’s something so unique to America. But it’s not unlimited. It’s not unrestricted.”  

-Ana Navarro, The View

 “The attacks against Kamala Harris are racist and ugly. We all have an obligation to speak out and say so. And it’s within the power and obligation of tech companies to stop these vile lies dead in their tracks.”

-Democratic Presidential Candidate, Elizabeth Warren

"I’m surprised that these little acrobatic games are played with her on live national television. I think it denigrates what we do. It’s clear she doesn’t bring anything to the table. It’s clear she doesn’t know exactly what she’s talking about. It’s clear she’s making it up as she goes along.  I feel even more so that everyone should ban her.”  

-Mika Brzezinski, MSNBC speaking about Kellyanne Conway

“Germany is silencing ‘hate speech’, but can’t define it.”

-The Economist 

“The sinister thing about what FB is doing is that it is now removing speech that presumably almost everybody might consider racist — along with speech that only someone at Facebook decides is ‘racist,'” And it just so happens to turn out that, lo and behold, this idea of ‘racist’ speech appears to include anything critical of the EU’s current immigration policy.”

-European Media