The Braindump Blog

Sadly, the critical concerns highlighted by the Person of Interest TV show seem quaint in today's world

· Braindump

Around 15 years after receiving a recommendation for it, I’m finally working my way through the TV show “Person of Interest”. It is rather aligned to the paranoid side of my digital interests.

A big - the dominant underlying - theme of the show is digital surveillance.

One scene from season 3 episode 20 darkly amused me. A US senator is meeting a shadowy business man who wants to sell them a big fancy surveillance system they can use to - the classic excuse - locate terrorists, they named “Samaritan”. Of course for it to work properly it’ll need to suck as much confidential government data about US population and beyond as possible.

The Senator (spoiler alert) initially declines, stating with astonishment:

“You want me to give a private corporation access to the government feeds, to 300 million Americans; just so you can sell the information back to us?”

Coming now from the vantage point of today’s world: how cute, huh?

The era when that question is remotely rhetorical and the people in power have anything like that concern feels long gone.

I am of course talking about, amongst too many others, the likes of Palantir.

Famously, Palantir is traversing the globe offering governments exactly that deal. They provide surveillance analytics software such as “Foundry”, “Gotham”, “Apollo” and “AIP”. They expect governments to upload them confidential health, financial, intelligence, communications, crime, political, and sensitive national defence info - and that’s just the scope I’ve heard of so far.

They then will sell an analytical product derived from that back to us in order to, for example, identify targets for arrest, for deportation and so on, often using scammy “free first month” style marketing tactics aiming to lock governments permanently into their system irrespective of future massive price increases. The resemblance is uncanny. Except many governments don’t seem to feel that initial sense of increduilty the fictional senator does and so they’re signing up to it.

Palantir’s bizarre and dangerous CEO isn’t shy of the intent of some of this. It’s very Person of Interest, except without the secrecy.

“Palantir is here to disrupt…and, when it’s necessary, to scare our enemies and, on occasion, kill them.”

And some of the methods are very Big Brother thoughtcrimey.

A controversial US spy tech firm has landed a contract with UK police to develop a surveillance network that will incorporate data about citizens’ political opinions, philosophical beliefs, health records and other sensitive personal information.

Trade union membership, sexual orientation and race are among the other types of personal information being processed.

The excuse? Well, it depends on which arm of the state is paying this out-of-control extractive company for their wares, but in the above case it’s for the classic repeatedly-discredited “predictive policing”:

Crime records are combined with other intelligence sources such as financial information to create profiles of individuals including suspects and those “about to commit a criminal offence”, although Palantir denied its software was being used for predictive policing.

Palantir of course isn’t the only surveillance related company of concern. Flock “safety cameras” are being deployed throughout at least the US. People have many, many very fair concerns.

Originally it was sold as a private automatic license plate recognition system that sells access to its information on who is travelling where to any state or private business willing to pay. This system alone is enough to raise huge red flags. A private company collecting information on where and when everyone who owns or uses a care is travelling to is unlikely to be an optimum solution to anything and of course carries massive risk.

So-called “authorised” uses aside, already cases of users abusing the system have been found. 404 Media found several cases of police personnel abusing the system to, for instance, stalk potential or ex romantic partners.

For months during the summer of 2024, Jarmarus Brown, an Orange City, Florida police officer, ran his ex-girlfriend’s license plate through the Flock automated license plate reader (ALPR) system lookup database at least 69 times. He searched for the license plate belonging to her mom at least 24 times, and searched for the license plate belonging to her dad at least 15 times.

But it gets worse. Flock is collecting video, not number plates. It has added a special AI freetext mode where you can search for, well, whatever you want. Its own marketing materials show being asked to track someone with a “white shirt, navy hat”. As 404Media once again show “How Cops Use Flock to Track People, Not Cars” such as “female with Ugg boots”, “woman wearing grey shirt, blond hair, black shorts”. Apparently some search strings used include references to a target’s race or political affiliation.

One of its advertised selling points is it “integrates with LPR, gunshot and drone systems for seamless investigations”.

If for some unknown reason you feel OK with Flock videoing you wherever you go, well, as ever with this topic, one legitimate fear is that it’s not only them and their partners that will necessarily have access to their data. Rogue employees aside, they’ve already accidentally leaked “the reasons cops conducted searches, and sometimes the specific searched license plates” onto the public internet, as well as the live feeds from their cameras. Whoops.

Flock left livestreams and administrator control panels for at least 60 of its AI-enabled Condor cameras around the country exposed to the open internet, where anyone could watch them, download 30 days worth of video archive, and change settings, see log files, and run diagnostics.

Private Flock logins have also been exposed after their systems were infected by malware. A YouTuber has shown how easy it is for hackers to get sensitive data out of their cameras. It’s endless, and predictable.

Another private surveillance-feed-providing company is of course Ring, now unfortunately owned by Amazon. The public happily pays substantial money to buy camera-enabled doorbells and other devices. What the average person doesn’t seem to know is that their private footage can and has been accessed by authorities such as the police.

The BBC reports:

Amazon has been criticised for partnering with at least 200 law enforcement agencies to carry out surveillance via its Ring doorbells.

The bells send live video of customers' doorsteps to their smartphones, computers or Amazon Echo devices.

Motherboard says officers do not need a warrant to ask for footage or information.

“Amazon has found the perfect end-run around the democratic process,” Fight the Future said.

“These partnerships undermine our democratic process and basic civil liberties - they should be banned.”

Of course if your neighbour has one of these doorbells there’s really not a lot you can do about it.

These days the police should really ask you for access to your footage when they want it (as far as we know) but once they have it they can keep it and share it & your personal details with other orgs as they like. And:

Amazon coaches police on how to best talk residents into handing over their footage so police don’t have to get a warrant

And it’s clear that, technologically, they don’t need permission. Despite Amazon’s assurances to the contrary, Politico found that:

Amazon handed Ring video doorbell footage to police without owners’ permission at least 11 times so far this year — a figure that highlights the unfettered access the company is giving police to doorsteps across the country.

This footage is so useful to the state that in some places public money is given to Amazon in order to subsidise their purchase price or to have the police advertise them.

Lest you think that somehow Ring is only providing footage of murders to the police, it’s been noted that the police have requested that they provide footage of Black Lives Matter protests in the past.

Once again Ring cameras have security flaws. Multiple hacker groups have threatened them with release of their private data.

To be fair, this move to a ubiquitous surveillance system controlled by private interests is not without some public resistance. In the Person of Interest show there’s a radical privacy activist group called “Vigilance” who, it must be said, are known to use tactics rather more violent that I would condone, even whilst the concept of ensuring accountability amongst the facilitators of such systems is hard to argue.

The IRL groups I’m aware of do not tend to shoot people, but they exist, and you might consider joining one of them if the real-world state of this upsetting tech and policy development bothers you as it should. Here’s some links to get you started.

As you can see, there’s no shortage of groups with concern, which is great. There’s some rather obvious direct action I suppose one might feel inspired to do although it’s not without risk - e.g. Cities Are Covering Flock Cameras With Trash Bags. Although in that case it was city authorities themselves, not members of the public:

The city of Dayton, Ohio has covered its Flock automated license plate reader cameras with black trash bags in part because police there are unsure whether the cameras are still active and the city also doesn’t seem to know whether it is allowed to take the cameras down. The move comes after months of resident outrage, a scandal in which the city was sharing Flock camera data for immigration enforcement apparently on accident, and a $30,000 audit into how the cameras are being used.

We should not tolerate a world where the elected officials that run a public city are not sure whether they are “allowed” to take the cameras of a private company they don’t want surveilling their population down.