INSIDE THE SOCIAL MEDIA SURVEILLANCE SOFTWARE THAT CAN WATCH YOUR EVERY MOVE
The tool is the product of a growing industry whose work is usually kept from the public and utilized by police.
A MICHIGAN STATE POLICE CONTRACT, obtained by The Intercept, sheds new light on the growing use of little-known surveillance software that helps law enforcement agencies and corporations watch people’s social media and other website activity.
The software, put out by a Wyoming company called ShadowDragon, allows police to suck in data from social media and other internet sources, including Amazon, dating apps, and the dark web, so they can identify persons of interest and map out their networks during investigations. By providing powerful searches of more than 120 different online platforms and a decade’s worth of archives, the company claims to speed up profiling work from months to minutes. ShadowDragon even claims its software can automatically adjust its monitoring and help predict violence and unrest. Michigan police acquired the software through a contract with another obscure online policing company named Kaseware for an “MSP Enterprise Criminal Intelligence System.”
The inner workings of the product are generally not known to the public. The contract, and materials published by the companies online, allow a deeper explanation of how this surveillance works, provided below.
ShadowDragon has kept a low profile but has law enforcement customers well beyond Michigan. It was purchased twice by the U.S. Immigration and Customs Enforcement agency in the last two years, documents show, and was reportedly acquired by the Massachusetts State Police and other police departments within the state.
Michigan officials appear to be keeping their contract and the identities of ShadowDragon and Microsoft from the public. The Michigan.gov website does not make the contract available; it instead offers an email address at which to request the document “due to the sensitive nature of this contract.” And the contract it eventually provides has been heavily redacted: The copy given to David Goldberg, a professor at Wayne State University in Detroit had all mentions of ShadowDragon software and Microsoft Azure blacked out. What’s more, Goldberg had to file a Freedom of Information Act request to obtain the contract. When the state website did offer the contract, it was unredacted, and I downloaded it before it was withdrawn.
Last year, The Intercept published several articles detailing how a social media analytics firm called Dataminr relayed tweets about the George Floyd and Black Lives Matter protests to police. The same year, I detailed at The Intercept how Kaseware’s partner Microsoft helps police surveil and patrol communities through its own offerings and a network of partnerships.
This new revelation about the Michigan contract raises questions about what digital surveillance capabilities other police departments and law enforcement agencies in the U.S. might be quietly acquiring. And it comes at a time when previously known government social media surveillance is under fire from civil rights and liberties advocates like MediaJustice and the American Civil Liberties Union. It also raises the specter of further abuses in Michigan, where the FBI has been profiling Muslim communities and so-called Black Identity Extremists. In 2015, it was revealed that for years, the state police agency was using cell site simulators to spy on mobile phones without disclosing it to the public.
Buried deep in Biden Infrastructure Law: mandatory kill switches on all new cars by 2026
Remember that 2700-page, $1 trillion dollar infrastructure bill that the US government passed back in August? Well, have you read it? Of course we’re joking — we know you haven’t read it. Most of the legislators who voted on it probably haven’t either. Some folks have, though, and they’re finding some pretty alarming things buried in that bill.
One of the most concerning things we’ve heard so far is the revelation that this “infrastructure” bill includes a measure mandating vehicle backdoor kill-switches in every car by 2026. The clause is intended to increase vehicle safety by “passively monitoring the performance of a driver of a motor vehicle to accurately identify whether that driver may be impaired,” and if that sentence doesn’t make your hair stand on end, you’re not thinking about the implications.
Let us spell it out for you: by 2026, vehicles sold in the US will be required to automatically and silently record various metrics of driver performance, and then make a decision, absent any human oversight, whether the owner will be allowed to use their own vehicle. Even worse, the measure goes on to require that the system be “open” to remote access by “authorized” third parties at any time.
The passage in the bill was unearthed by former Georgia Representative Bob Barr, writing over at the Daily Caller. Barr notes correctly that this is a privacy disaster in the making. Not only does it make every vehicle a potential tattletale (possibly reporting minor traffic infractions, like slight speeding or forgetting your seat-belt, to authorities or insurance companies), but tracking that data also makes it possible for bad actors to retrieve it.
More pressing than the privacy concerns, though, are the safety issues. Including an automatic kill switch of this sort in a machine with internet access presents the obvious scenario that a malicious agent could disable your vehicle remotely with no warning. Outside that possible-but-admittedly-unlikely idea, there are all kinds of other reasons that someone might need to drive or use their vehicle while “impaired”, such as in the case of emergency, or while injured.
Even if the remote access part of the mandate doesn’t come to pass, the measure is still astonishingly short-sighted. As Barr says, “the choice as to whether a vehicle can or cannot be driven … will rest in the hands of an algorithm over which the car’s owner or driver have neither knowledge or control.” Barr, a lawyer himself, points out that there are legal issues with this whole concept, too. He anticipates challenges to the measure on both 5th Amendment (right to not self-incriminate) and 6th Amendment (right to face one’s accuser) grounds. He also goes on to comment on the vagueness of the legislation. What exactly is “impaired driving”? Every state and many municipalities have differing definitions of “driving while intoxicated.”
Furthermore, there’s also no detail in the legislation about who should have access to the data collected by the system. Would police need a warrant to access the recorded data? Would it be available to insurance companies or medical professionals? If someone is late on their car payment, can the lender remotely disable the vehicle? Certainly beyond concerns of who would be allowed official access, there’s also once again the ever-present fear of hackers gaining access to the data—which security professionals well know, absolutely will happen, sooner or later. As Barr says, the collected data would be a treasure trove of data to “all manner of entities … none of which have our best interests at heart.”
Microsoft employees say hello by pronouns and race
Facebook plans to shut down its facial recognition program
- Meta, the company formerly known as Facebook, on Tuesday announced it will be putting an end to its face recognition system.
- The company said it will delete more than 1 billion people’s individual facial recognition templates as a result of this change.
- Facebook services that rely on the face recognition systems will be removed over the coming weeks, Meta said.
Facebook on Tuesday announced it will be putting an end to its facial recognition system amid growing concern from users and regulators.
The social network, whose parent company is now named Meta, said it will delete more than 1 billion people’s individual facial recognition templates as a result of this change. The company said in a blog post that more than a third of Facebook’s daily active users, or over 600 million accounts, had opted into the use of the face recognition technology.
Facebook will no longer automatically recognize people’s faces in photos or videos, the post said. The change, however, will also impact the automatic alt text technology that the company uses to describe images for people who are blind or visually impaired. Facebook services that rely on the face recognition systems will be removed over the coming weeks.
“There are many concerns about the place of facial recognition technology in society, and regulators are still in the process of providing a clear set of rules governing its use,” the company said. “Amid this ongoing uncertainty, we believe that limiting the use of facial recognition to a narrow set of use cases is appropriate.”
Ending the use of the face recognition system is part of “a company-wide move away from this kind of broad identification,” the post said.
Meta, which laid out its road map last week for the creation of a massive virtual world, said it will still consider facial recognition technology for instances where people need to verify their identity or to prevent fraud and impersonation. For future uses of facial recognition technology, Meta will “continue to be public about intended use, how people can have control over these systems and their personal data.”
The decision to shut down the system on Facebook comes amid a barrage of news reports over the past month after Frances Haugen, a former employee turned whistleblower, released a trove of internal company documents to news outlets, lawmakers and regulators.