In the past year, Amazon has had at least 37 charges filed against it to the National Labor Relations Board, triple the number in 2019 and six times that of 2018. The largest employer in the country, Walmart, only had eight this past year. As Amazon employees have began organizing, as is their right, the company has increasingly pushed back against those efforts including increasing surveillance, especially in its warehouses.
Veena Dubal, a law professor at the University of California, Hastings stated that the technologies used to track warehouse workers is "inherently union busting," because it makes it "easy to pin a termination on one of the thousands of rules workers have to abide by.” Amazon warehouse workers must scan every item and every box packed, records which are used to track an employees productivity, though an Amazon spokesperson insists they're to track “inventory, not people.” Also deployed are cameras that can apparently tell if social distancing is being observed, thus discouraging talking to other employees.
In surveil-link #56, I highlighted surveillance tactics at the Amazon warehouse is Bessemer, Alabama where votes that will determine whether or not the employees unionize are currently being tallied.
Ng and Varner report finding 25 companies who are registered as data brokers spending a total of $29 million in lobbying efforts in 2020. Vermont and California are the only two states that require, in the story's words, the registration of companies that "collect, sell, or share people’s personal information without having a direct relationship to them." If you've been reading Surveillance Today for a while, you're no stranger to such companies like X-Mode from surveil-link #6 and Venntel from surveil-link #26 who have both been banned from the Google Play Store and Apple App Store for selling location data to law enforcement. The biggest spenders were Oracle, Accenture, accounting firm PwC, rival accounting firm Deloitte, and RELX creator of investigative tool LexisNexis, who all spent over $2 million. Oracle spent $9.5 million alone. But the list includes others it's unlikely you have ever heard of such as LiveRamp (who spent $630,000), Acxiom ($360,000), NCR ($280,000), and CoreLogic ($215,000).
The article does note that the records don't say whether the companies lobbied in favor or against privacy legislation, or what percentage of their spend even went towards privacy bills. For example, at least some of PwC's lobbying budget apparently went towards accounting and audit issues as well. That said, keeping an eye on the spending of the small-time firms will be important going forward as privacy legislation gets more teeth and congressional efforts to regulate the industry increase all while they continue to slurp up our data.
April 1, 2020 | Zero Day by Kim Zetter | ~2,721 words
Zetter, one of my favorite reporters, recently launched a Substack newsletter covering national cyber security. Her most recent piece addresses the fall out from the Solarwinds hack and how the U.S. government is setting the stage to expand domestic surveillance. If you're unfamiliar with the Solarwinds event, in a nutshell, hackers acting under what is suspected to be the Russian government infiltrated the network of Austin-based and widely-used IT software firm Solarwinds. Once there, the attackers planted malware in the software which thousands of private and public entities then installed. To be fair, Solarwinds is not the only way the attackers were able to penetrate so many networks. Regardless, its scale has shocked many experts as many U.S. government agencies fell victim to it
The attack has highlighted what Zetter calls the "surveillance gap." The NSA has the ability to monitor foreign traffic coming to the U.S. but according to former NSA General Counsel Glenn Gerstell, “that was the end of the NSA’s responsibility," and then becomes the concern of the FBI or DHS. Apparently, according to Gerstell, neither agency can get a search warrant quickly enough to respond effectively. In this situation, the attackers used servers in the U.S. hosted by Amazon Web Services, perhaps the biggest hosting provider on the internet. In recent hearings about the attack, law makers, such as Senator Kirsten Gillibrand of New York, have expressed support in expanding the NSA's authority to close the gap.
In public statements, the White House has said it has no plan to expand those surveillance powers, but rather fix the problem through increased data-sharing between public and private entities. But Zetter points out that the concern of government officials really seems to surround the FBI's ability to obtain a warrant in a timely matter, a notion that experts dismiss. The Foreign Intelligence Surveillance Act permits the FBI to conduct limited, yet warrantless domestic surveillance in emergency circumstances. Others point to a Trump executive order that requires better verification by hosting providers of foreign customers, or an Obama-era proposal of making a DHS official an NSA official as well, thus giving the agencies much better coordination.
Whatever happens, it is unclear whether any of the approaches would have prevented or led to the earlier detection of the Solarwinds attack.
Harwell and Timberg report on over 1,000 pages of court documents that show the use of surveillance to track the insurrectionists who stormed the U.S. Capital building on January 6, 2021. They call it "one of the biggest criminal investigations in American history." The story does a terrific job of painting exactly what civil liberties groups and privacy advocates have warned about for years: our data we willingly give to third parties is constantly revealing intimate details about our lives.
Law enforcement leveraged social media posts, toll booth photos, license plate scanners, location data obtained from tech giants, cellar tower records, facial recognition, body camera footage, video surveillance and many other things to identify and arrest hundreds of suspects. In one instance, the FBI used a mobile forensics tool that dumped 12,000 pages of data from a suspect's phone. Another, they were able to manually compare a man's tattoos from a picture the day of the attack to a local news broadcast he appeared previously. Between toll both records, license plate scanners, social media pictures and videos, and cellular tower records, some attackers movements were able to be proven from the moment they left their door to the moment they left the Capitol building.
This short summary honestly cannot do the piece justice and I encourage you to go read it entirely. As you do, consider what Evan Greer, director of Fight for the Future told the Post: "Whenever you see this technology used on someone you don’t like, remember it’s also being used on a social movement you support."
April 4, 2021 | The Guardian by Nicola Davis | ~796 words
A team of AI researchers from the University of Cambridge have put together a website, emojify.info, that aims to expose the inaccuracies of emotion recognition technology. Through a series of games, the website invites users to use their camera and attempt to trick the algorithm into thinking they are expressing a certain emotion. The emotions included in the game are happiness, disgust, sadness, fear, surprise, and anger.
I gave the game a try and the algorithm seemed to more concerned with the art of my walls, thinking they were a "neutral" face, but there was no faces on the art. In the times that it did recognize my face, it often thought I was "surprised" when just sitting staring at the camera.
Emotion recognition technology has been deployed widely by many governments including the U.S., China, and Europe. I highlighted the use of the technology at EU borders to detect lies in surveil-link #17.