Eyes watching your privacy. Shutterstock/Ziben. All rights reserved.The things we have learned! The reports that have come out of the trove of documents leaked by Edward Snowden have created a ripple effect throughout the political landscape on a par with the fallout of the publication of the Pentagon Papers. We know that the NSA did many things we didn’t know it did and probably shouldn’t have done, that the system of congressional and juridical oversight failed in several important ways, and that many technologies we considered reasonably secure – from cloud storage to banking transactions – are anything but.

But the almost exclusive focus on the NSA (and its sister agencies in other countries) has gone both too far and not far enough. It has fallen short insofar as government officials and politicians continue to defend the status quo of data gathering and intelligence analysis powers. As Jeff Jarvis observed, the NSA debates are about authority (or, more precisely, about power relationships), and officials are unwilling to surrender theirs. It is far from certain that President Obama – who appointed a five-person review panel and vowed to make its findings public – will throw the weight of the White House behind attempts to reform the US surveillance apparatus. Cosmetic adjustments still appear more likely than actual change.

But the criticism of the NSA has also gone too far. Too often, the public debate has treated the agency as the unequivocal nerve center of an Orwellian state and as the primary threat to the privacy of American and global citizenry. The algorithmic dragnets that are cast out from Fort Meade and from countless stations inside and outside the United States have the capacity to filter through a significant percentage of daily internet traffic. It’s a scary scenario indeed. But for most people, the first point of contact with governmental intelligence gathering operations isn’t the NSA – it’s the local police department.

The focus on NSA practices threatens to obscure the degree to which the paradigms of contemporary intelligence gathering – all data, all the time, from all available sources – has become part of the operational model of law enforcement agencies at every level of government. The NSA is the most visible (and certainly the most powerful) proponent of this trend, but its mission is far from unique.

In the United States, billions of federal money has flowed from Washington to state and local authorities since 2001 to beef up the surveillance infrastructure of law enforcement agencies. One of the main sources of funding is the grant program of the Department of Homeland Security. Established in the wake of the 9/11 terror attacks, it provides financial support for security initiatives to states, city governments and private companies. In recent years, the biggest chunk of the money has gone into the department’s Urban Areas Security Initiative (UASI), which seeks “to enhance regional preparedness and capabilities in 31 high-threat, high-density areas”, largely through an expansion of the surveillance, monitoring and information-sharing capabilities on the local and regional level. Over the past years, between 1.3 and two billion dollars have been dispensed annually through the Homeland Security Grant Program, with nearly 500 million going into the UASI. In total, more than 40 billion dollars have been spent since 2003.

What is a ‘high-threat area’?

It is hard to assess exactly how much money has been spent on the expansion of local surveillance capabilities – and not for lack of effort (the Boston Globe and the Center for Investigative Reporting have tried, among others). The dispersal of funds across states and municipalities and lack of budgetary transparency hinder attempts to quantify annual surveillance spending. But exemplary cases exist aplenty:

In Long Beach, California, around $24,000 of federal money were used to purchase license plate scanners for the local police department, while another $12,500 were used to upgrade camera surveillance systems. In Maryland, police spent $65,000 in grant money on camera upgrades. In one New Jersey police district, video recording equipment became widely used after an influx of federal homeland security money. In Nebraska, a closed-circuit camera system for the 14,000 residents of Scottsbluff topped out at a whopping $180,000. In Minnesota, Wisconsin and Pennsylvania, cities spent between $388,000 and $2.58 million apiece to upgrade, expand, or implement downtown camera networks and monitoring centers. The list goes on. As long as local and state agencies could tailor funding applications to meet federal anti-terrorism criteria, they could access pots of federal money that have increased significantly since 2001.

True: video surveillance has long been a fact of urban life. Most ATMs, department stores and public transportation hubs are equipped with closed-circuit security cameras. In the UK, 1.85 million cameras watch over the country – that’s one camera per 32 citizens. Around 11,000 of them are in the London tube network alone. (For a crowdsourced map of CCTV cameras, check out this website). But historically, those systems have been used for security purposes, not for surveillance: data was stored locally and in isolation from other datasets and routinely erased after a 24-hour or 7-day period. The examination of video data by the authorities was the exception rather than the norm, coming ex post facto as part of criminal investigations into muggings or thefts. Which leads to a second, crucial observation: What has changed over the last decade is not merely the prevalence of surveillance systems but the degree to which information is integrated across systems and agencies and used in entirely new ways.

Integrated information systems

In recent years, technology companies like IBM have begun to market integrated information systems to cities around the globe. For example, in Rio de Janeiro, a host city of the upcoming soccer World Cup and the 2016 Olympics, IBM has helped city officials to establish an inter-agency command center that draws on a vast array of data streams – traffic information, police scanners, closed-circuit data, weather data, social media feeds – to enable the centralized orchestration of anything from traffic light schedules to police sweeps. Similar command centers exist in Madrid, New York City, and Songdo. In Alameda County in California, where I currently live, Oakland city officials are using $7 million dollars in federal money to establish a centralized police data center that integrates data from license plate scanners with CCTV data and social media feeds.

The project, known in bureaucracy speak as “Domain Awareness Center”, aims to enable Oakland police to both anticipate potential hotspots and to retroactively trace movement patterns (for example, of a suspect’s car) several weeks into the past. The county also planned to purchase an airborne surveillance drone (federal funding: $31,646) but had to abandon the plan after local resistance erupted. In San Diego, police are now equipped with mobile facial recognition sensors, and the technology already exists to integrate facial recognition technology into large-scale CCTV networks.

Instead of scanning car license plates, cameras can be programmed to scan faces and check them against other databases and publicly available social media photographs. The Department of Homeland Security, too, has invested heavily into 72 “fusion centers” that merge information streams across agencies. An investigation by “Mother Jones” offers a glimpse at the information that can be fed into those centralized command centers: In New York, police collected intelligence on Occupy and anti-war activists. In Texas, police established a database of information on Muslim residents. In Pennsylvania, fracking opponents became targets of intelligence gathering.

What’s the point?

The point is this. For the past decade, the political incentive to invest in an expansion of surveillance capabilities at the local level has coincided with the technological innovation that has made the integration of disparate information streams possible and affordable. GeoFencing technology now allows law enforcement agencies to block access to the internet or to specific social media platforms, or to monitor who accesses those websites, within a defined perimeter. Even a few years ago, when the London riots left the Metropolitan Police scrambling for a response, this capacity did not exist. Now it does. According to journalist Kenneth Lipp, the 120th annual meeting of the International Association of Chiefs of Police in October 2013 featured several panels devoted explicitly to the use of social media data for investigative and crowd control purposes. 

For most of us, information about movement patterns and online profiles is more likely to be swept up by those local law enforcement agencies than it is to arouse the interest of the NSA. And because most of this information isn’t protected by privacy regulations, no court order is necessary to collect and analyze it.

Basic arguments

Three counter-arguments are usually invoked at this stage. One, we are advised to manage our online presence: “If you don’t want anyone to see it, don’t put it online.” Second, we are assured that the innocent have nothing to fear. Indeed, the argument goes, intelligence and law enforcement have an interest in discarding irrelevant information because it distracts attention from truly suspicious data. It’s unwanted noise. Three, we hear that information gathering works: It provides security, helps to discourage potential criminals, et cetera. In New York City, the widespread installation of security cameras in the city’s subway system was a key component of plans to reduce petty crime in the 1990s.

But the answers are relatively straight-forward: Our systems of executive power are generally predicated on the idea of restraint. The police has traditionally collected information on criminal suspects or around criminal hotspots, but not on everyone else, even though they had the legal powers to do so (the level of intrusiveness that requires a court order is fairly high: police can gather significant information through observation and searches without ever speaking to a judge). Suspicion came first, intelligence gathering second. Arguably, this is no longer the case – not because cops are suddenly rediscovering their debased Orwellian inclinations, but because the indiscriminate collection of information is baked into the basic structure of integrated control-and-command systems. “Let’s collect the whole haystack”, as one former US intelligence official put it to the Washington Post. “Collect it all, tag it all, store it. … And whatever it is you want, you go searching for it.”

The jury is still out over the actual usefulness of this approach to mass data collection, especially at the local level. In Boston, the police department recently announced that it would halt its license scanning program, partially because it could not guarantee the protection of sensitive data and partially because the vast trove of information had largely been ignored by officers. New technologies create not only new capabilities, but also new headaches.

When police failed to exercise due restraint in practice, they could often be compelled by changes in the law or in political leadership. If restraint wasn’t self-imposed, it could be imposed from the outside. We’re currently witnessing this process in New York City: the NYPD’s runaway stop-and-frisk program helped to sweep a progressive mayor into Gracie Mansion and spawned a litany of critical legal opinions and legislative bills.

But this, too, is no longer the norm. One of the most pernicious consequences of the anti-terrorism culture of the 2000s is the degree to which it has insulated security debates against commonsensical and legal arguments. Rooted in fiction rather than fact, the obsessive defense of executive powers under the banner of security has all too often spilled over into illiberal excess and bullish saber-rattling.

For example, it’s quite staggering that journalists repeatedly had to defend themselves against accusations of treason simply for doing their job. When self-restraint fails, the political support for the imposition of restraint often remains precarious.

All of which suggests that the case at hand isn’t about the “bad apple” NSA, to be fixed by a bit of tinkering around the edges of the FISA court and the removal of a few wiretaps. Indeed, the degree to which the NSA’s practices are now being replicated at smaller scales and across a multitude of government agencies illustrates how far the confluence of ideology and technology has shifted power relationships since 2001.