Connected Devices Give Spies a Powerful New Way to Surveil
There is little doubt that the web is the greatest gift that any intelligence agency could have ever asked for. Security agencies and commercial entities can easily collect information about users. Every internet user is being monitored.
Thankfully, you’re still free to do as you like in the physical world, unencumbered by constant observation—right? Well, not for long.
The same data-collection revolution that has happened in the online world is about to repeat itself in the physical world because of the Internet of Things (IoT). The idea behind the IoT is that everyday items can now collect and transmit data wirelessly. The variety of objects that could be connected to the internet is practically endless—from the tiles on the pavement and the concrete in walls, to our shoes and clothes and even our toothbrushes. All are becoming connected, and all will soon begin adding their information to the cloud.
The potential use of the IoT for surveillance is gaining recognition from the US intelligence community. Former US national intelligence chief James Clapper last year told the Guardian that agencies will probably use the IoT for “identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
While this approach shows that the US intelligence community is taking heed of this new technology, the new powers of data gathering and analysis are bound to change the current intelligence paradigms—and create a new one.
Birth of a New Intelligence Paradigm
The US Office of National Intelligence defines six basic intelligence-collection paradigms: signals intelligence (SIGINT), imagery intelligence (IMINT), measurement and signature intelligence (MASINT), human-source intelligence (HUMINT), open-source intelligence (OSINT) and geospatial intelligence (GEOINT).
The advent of the IoT will enable a new and seventh paradigm: TEMPINT—i.e., “temporal intelligence”. TEMPINT is not a narrow intelligence collection methodology that focuses on certain sources, but rather a holistic approach to data collection and analysis. TEMPINT assumes that most individuals and infrastructures will be monitored, and that parts of the data can be collected, stored, and analyzed.
To illustrate the deployment of TEMPINT, consider the following scenario: An armed terrorist is assaulting shoppers in a crowded mall. He is killed within minutes, and so cannot be questioned regarding his collaborators, but he has left tracks behind. Intelligence agencies can obtain footage of the mall security cameras to see where he entered from. They can review parking lot security camera footage to identify his car. This is where the investigation often crawls to a halt, but in a future world in which the IoT is prevalent, the analysts can follow the car back in time, using the many recordings and information gleamed from cameras and sensors on the roads. In a completely wired world, analysts can essentially rewind time to identify all the people with whom the terrorist has met, and then “run back time” for them as well to analyze their tracks.
This approach allows us to test new hypotheses on old data that was collected and stored for no real purpose at the time. In the past, intelligence agencies would have been extremely picky in their data collection because of the difficulty in obtaining data, and the cost of storing large amounts of information. But now, as connected sensors become abundant, with each device streaming its data practically nonstop, the agencies only need to take care of picking up that low-hanging data and storing it. As a result, these agencies gain a powerful tool: As new events occur, analysts can go back to the stored data and essentially “turn back the clock” to examine how these events came to occur. The ultimate TEMPINT platform is akin to having a video of the entire world which one could zoom into, freeze, and rewind at will—complete with commentary about each individual’s state of health and mind, as discerned by their wearables.
There are two main technological challenges that stand in the way of TEMPINT, and both are presently being solved.
The first challenge is data storage. Conducting TEMPINT means that we must store large amounts of data for future review. In 2019, the IoT is expected to generate more than 500 zettabytes of data—that’s 500 trillion gigabytes. However, surveillance data could be stripped down to the basics: sound recordings, location and activity tracking, and snapshots taken periodically from connected surveillance cameras. In addition, data storage capabilities have massively improved over the last few decades, and the end to the improvement is nowhere in sight.
The second technological challenge is filtering through the immense quantity of data to find the sought-after information. This challenge is being solved by rapid improvements in AI, with neural networks gaining the ability to identify faces, objects, and even abstract concepts in pictures and videos.
Should We Do It?
Some may ask: Should security agencies and commercial firms have the power of TEMPINT? But that question is moot—they already have it in nascent form. After all, the NSA is collecting a large part of the information that flows online and through devices. As the IoT expands, governments throughout the world will use it to monitor their citizens, just as they are doing right now on the internet.
Understandably, citizens are seriously concerned about governments’ growing ability to monitor ordinary people. Intelligence agencies should not ignore those fears; they need to mitigate them. For example, authorities could use AI engines to identify potential terrorists without having a human reviewing the personal details of millions of citizens. The agencies could even open some of those algorithms to public scrutiny. Such transparency will help prevent misuse of information, and could also add a bug detection layer operated by the public and by watchdog organizations.
Unfortunately, recent changes implemented by the Obama administration now allow the NSA to share the information it gathers with the other 16 US intelligence agencies without implementing any kind of privacy protections beforehand. And so, the question is no longer whether TEMPINT will be used in the future: It’s already here, in a limited fashion. The will for omnipresent surveillance is strong, and while the technology is still weak, its strength is growing. We should consider it to be a new intelligence paradigm unto itself and ponder what kind of a society its inevitable use will bring about. It is entirely possible that in an age when a single bio-hacker terrorist can cause immense damage, we must have surveillance everywhere, at all times.
Intelligence agencies are often blamed for not preparing themselves for the challenges of the future. By identifying the IoT trend early, and by defining a new intelligence paradigm, these agencies now have the opportunity to position themselves ahead of the curve. This is, by far, the most important advantage intelligence agencies could have over their adversaries, and this is one compromise citizens in democratic nations may have to bear.