Privacy SOS

The ghosts in our machines: DHS’ “complete operational awareness”

You are leaving work, walking through the city, tweeting about politics and texting your friend about dinner plans. You turn the corner to skip down the stairs to get the train. You are focused on your phone: twitter, the music in your ears. You slide your metro card through the electronic card reader and step inside. 

A recently released reference manual for DHS agents shows us the ways the government can spy on you as you make that journey.

Video from all of the surveillance cameras you pass, the data from your smart card to access the subway, your cell phone location information, images from drones far out of your sight, and your political tweeting can be “fused” to create for the agency what it, seemingly without any sense of self-awareness, calls “complete operational awareness.”

“Complete operational awareness.” That is, everything there is to know, about everything and anything possible. About us, the people who make up this country and world.

The picture of bloated government bureaucracy, the manual is called:

“Analyst's Desktop Binder: Department of Homeland Security National Operations Center Media Monitoring Capability Desktop Reference Binder.” 

Valiantly, the Electronic Privacy Information Center (EPIC) pried it out of DHS' hands — not an easy task. EPIC forced the release of the agent reference manual through a public records lawsuit, which unfortunately seems to be the only way to get meaningful information out of the secretive, costly and powerful agency.

The 39-page document sketches the parameters for DHS' open-source intelligence collection programs, among them a social-media monitoring project that the agency farmed out to a private contractor, General Dynamics, for eleven million dollars. It is unclear whether contractors working for DHS are given a copy of this document and asked to go along with it; this lack of transparency is one of many problems presented by the use of private contractors in intelligence collection operations.

The document describes the Media Monitoring Capability, or MMC, at the DHS’ National Operations Center (NOC), a project that aims to:

  1. Update DHS higher-ups on events of national or international significance;
  2. “[C]onstantly monitor all available open source information” in order to alert national operations center and “key” DHS staff of “emergent situations”; and
  3. “[R]eceive, process and distribute” video data, both open source and that gained from surveillance operations, including those done by the US military via NORTHCOM, the DOD's North American command center.

What kind of video is DHS collecting and distributing? To whom? What video data is the agency receiving from the US military? Is it surveillance video? From drones?

General Victor E. Renuart, Jr, USAF Commander, US Northern Command and Northern American Aerospace Defense Command gave us a hint in his testimony before the Senate Armed Services Committee on March 11 2010:

A key component of USNORTHCOM’s support is Incident Awareness and Assessment to provided critical imagery for local responders. Military aircraft over disaster sites provide Full Motion Video and still imagery to give responders on the ground their first look at affected areas.  At the request of the primary agency, USNORTHCOM is prepared to provide a variety of aircraft and satellites to gather photos and video that allow Federal, State, and local response assets to quickly respond to situations.  (p 12)

In other words, satellite, drone and other military aircraft photography and videography data is readily available to DHS, whereafter DHS can share it with "Federal, State and local response assets," i.e. the FBI and the police, in addition to rescue workers.

And DHS can even get help from the military in analyzing and viewing that data, says General Renuart. He reported to the Armed Services Committee that taxpayer dollars it had authorized purchased the military:

four additional Incident Awareness and Assessment/Full Motion Video communications suites….These suites provide additional capability to enhance situational awareness during disasters and emergency events for both incident on-scene commanders and our national leadership. (p 28)

Mosaic intelligence: putting the pieces together

The DHS operations center extensively monitors digital media in addition to video from drones and any accessible federal, state and local government and corporate cameras in neighborhoods and public transit centers nationwide. It’s the center’s first objective: “constantly monitor all available open source information”:

The traditional and social media teams review a story or posting from every direction and interest, utilizing thousands of reporters, sources, still/video cameramen, analysts, bloggers and ordinary individuals on scene. Traditional Media outlets provide unmatched insight into the depth and breadth of the situation, worsening issues, federal preparations, response activities, and critical timelines. At the same time, Social Media outlets provide instant feedback and alert capabilities to rapidly changing or newly occurring situations. The MMC works to summarize the extensive information from these resources to provide a well rounded operational picture for the Department of Homeland Security. 

Timely reporting of current information is an integral element in maintaining complete operational awareness by Homeland Security Personnel.

“Complete operational awareness” sounds a lot like Total Information Awareness, doesn’t it?

Total Information Awareness (TIA) was a Bush II era project that aimed to combine this kind of open source information collection with more “private” sources, including credit card information, history of residences, medical history, etc. After the program was openly disclosed, the public cried out, warning that TIA meant the virtual elimination of personal privacy from government intrusion.

It certainly did. The project was officially shelved in response to the widespread and diverse opposition. That is, it was shelved in name, and then broken down into smaller components that have lived on in different government agencies. (Among these agencies are the FBI, the NSA, the CIA and the DOD.)

Does DHS combine its “complete operational awareness” information with data from these other federal spook agencies? What about data from local police, for example from the automatic license plate readers that are increasingly tracking our every movement in our cars? 

The copious amounts of federal funding to local police departments ensure a transfer of information from the bottom to the top, and have enabled built-in mechanisms whereby DHS or DOJ can easily get access to the mountains of data about us gleaned and stored at the nation's 72 fusion centers or special operations centers.

What's going on back there behind the curtain?

The document EPIC brings us here sheds light on the willingness and technical capacity for these organizations to share data, even in real time. But it leaves us with more questions than answers.

What are the rules governing how DHS shares its data with other agencies? Are there consistent rules across agencies determining how the combination of data points from one agency with that from another’s is managed? Are there auditing systems in place to document such transfers of data, or protect against improper distribution?

Organizations like EPIC, EFF and the ACLU, among others, are working our hardest to break through the institutional barriers of secrecy shrouding these agencies, their agreements, their rules and their operations from public view. But it is admittedly an uphill battle.

And predictably, DHS, as well as the other agencies, are keenly aware of our curiosity on behalf of the public. That’s why it uses the rhetoric of “national security,” “homeland defense,” and even “public safety” to justify not only vast expansion of government power but also the shrinking of the public’s power through a contraction of our right to know about what exactly the government is doing with our money and our freedoms.

The paragraph below, found in the DHS operations reference manual released by EPIC, illustrates just how clever these agencies are when it comes to protecting information from public disclosure. The description here is one of 14 on a list of “categories of interest” that its agents are allowed to investigate: 

National/International Security: Includes reports on threats or actions taken against United States national interests both at home and abroad. Reports would include articles related to threats against American citizens, political figures, military installations, embassies, consulates, as well as efforts taken by local, state, and federal agencies to secure the homeland. Articles involving intelligence will also be included in this category.

The last sentence says it all, really. Assuming that DHS uses the 14 categories of interest it has identified to produce discrete intelligence reports per “category of interest,” the final sentence, stating that any “articles involving intelligence” will be included in the “National/International Security” category, means that the agency has structurally enabled the secrecy of literally any information it desires.

When something is written up in a “national security” file, it is very easy for the government to prevent its disclosure to the public. DHS here readily acknowledges that it will define literally anything as national security information: "articles involving intelligence" covers anything and everything.

Kudos to EPIC for having the temerity and tenaciousness to go after this information and for bringing it to light. Sunlight is the best disinfectant, and judging from this document alone, there is a lot of information of vital interest to the public that remains unknown.

We have much work to do.

The title for this blog is inspired by this article on Twitter and the limits of free speech online. It is well worth reading.

© 2021 ACLU of Massachusetts.