The New York Times recently ran an article on the dangers of surveillance tech in China. One wishes they would do the same for the US.

According to the Times, Chinese authorities implement facial recognition tech everywhere they can, the police seek to connect electronic activity (making a call) to a physical location, biometric information such as fingerprints and DNA is collected on a mass scale, and the government wants to tie together all of this data to build comprehensive profiles on troublesome citizens. The latter is the Holy Grail of surveillance, a single source to...

The New York Times recently ran an article on the dangers of surveillance tech in China. One wishes they would do the same for the US.

According to the Times, Chinese authorities implement facial recognition tech everywhere they can, the police seek to connect electronic activity (making a call) to a physical location, biometric information such as fingerprints and DNA is collected on a mass scale, and the government wants to tie together all of this data to build comprehensive profiles on troublesome citizens. The latter is the Holy Grail of surveillance, a single source to know all there is known about a person.

Should the Times (or China) wish to expand its review of invasive government surveillance, particularly those technologies which integrate multiple systems, it need look no further than its hometown police force, the NYPD, and data aggregated into the little-known Consular Consolidated Database (CCD) by the State Department.

Prior to 2021, when the New York City Council passed the Public Oversight of Surveillance Technology (POST) Act, citizens were left to piece together the various technologies used to surveil them based on scattered media reports. We know now that the NYPD deploys facial recognition surveillance (and can retroactively employ facial recognition against video saved from one of 20,000 cameras), X-ray vans, Stingrays, ShotSpotters, and drones, among others, equipment all originally deployed in the Iraq and Afghanistan wars. But we still don’t know how many of these technologies are used in coordination with each other, and, as in China, that is the key to understanding their real effectiveness.

POST reporting and other sources offer some clues. The NYPD uses the smartphone-based Domain Awareness System (DAS), “one of the world’s largest networks of cameras, license plate readers, and radiological censors,” all created by Microsoft with video analytics by IBM. DAS also utilizes automated license plate reader (ALPRs) devices attached to police cars or fixed on poles to capture the license plates of all cars passing by. ALPRs can also capture photographs of cars, along with photos of the drivers and passengers. This information is uploaded to a database where it can be analyzed to study movements, associations, and relationships. Facial identification can then run photos, including from databases of arrest photos, juvenile arrest photos of children as young as 11, and photos connected to handgun permits. The system analyzes an image against those databases and generates potential matches in real-time.

Included in DAS is a translator application that helps officers communicate with community members who do not speak English, while of course also recording and storing their remarks. DAS ties in to ShotSpotter, a technology developed for the Iraq war, which pinpoints the sound of gunfire to real-time locations, even when no one calls 911.

This technology triangulates where a shooting occurred and alerts police officers to the scene, letting them know relevant information, including the number of shots fired, if the shooter was moving at the time of the incident (e.g., in a vehicle), and the direction of the shooter’s movement. DNA data can also be accessed, so widespread collection is a must. One area of activity outlined in an NYPD memo instructs how to collect “abandoned” DNA samples from objects such as water bottles, gum, and apple cores. For example, police officers are taught to wait for the suspect to take a drink or smoke, and collect the sample once a suspect throws away the cup or butt.

What is deployed in New York to aggregate sensor and bio data (including social media monitoring and cell phone locator services, which, when tied to facial recognition, can identify individuals, say, who attended a protest or visited an AIDS clinic) will no doubt be coming soon to your hometown as the weapons of war all come home. The next step would be to tie together cities into regional and then state-wide networks. The extent to which information obtained from DAS is shared with federal agencies, such as immigration authorities, remains unknown. What we do know is the phrase “reasonable expectation of privacy” needs some updating.

Perhaps the largest known data aggregator within the federal government is the innocent-sounding Consular Consolidated Database (CCD), administered by the Department of State. Originally a simple database created in the 1990s to track visa and passport issuances, the CCD is now one of the largest global databases of personal information, growing at a rate of some 35,000 records a day.

The system collects data from both foreign visa applicants and American citizens to include but not limited to imagery for use with facial recognition, biometric data such as ten-fingerprint samples, home/business addresses, phone numbers, email addresses, financial information, race, gender, Social Security and alien registration numbers, passport information, certain federal benefits, medical information, legal information, education information, family information, travel history, arrests and convictions, and social media indicators.

The CCD is especially valuable in that it is a database of databases, pulling together information collected elsewhere including abroad, as well as from some commercial databases and public records, and making the aggregate available both for individual search by identifiers like name, social security number and facial recognition, but also for very large scale analytic searches to identify patterns and trends.

This massive pool of data is then made accessible to a plethora of government agencies to include potentially intelligence services. In addition to the State Department, information is regularly input into the CCD by the FBI, the Integrated Automated Fingerprint Identification System, DHS, DEA, ICE, IRS, DOD, Treasury, Health and Human Services, Interpol, and the US Marshal Service.

Numbers of records held by CCD are not available, with the last public tallies documented in 2016 showing 290 million passport records on American citizens, 25 million records pertaining to American citizens living abroad, 184 million visa records of foreigners, and over 75 million photographs. Some 35,000 records are added to the CCD daily, so do the math given that the existing tallies are up to 13 years old. As a point of comparison, Google’s database of landmark photos holds only five million records. The Library of Congress database lists 29 million books.

The New York Times article about surveillance in China is scary, showing what a vast, interconnected system is capable of doing in exposing a person’s life to scrutiny. The Chinese authorities are, however, realistic about their technological limitations. According to one bidding document, the Ministry of Public Security, China’s top police agency, believed one of their biggest problems was that data had not been centralized. That Chinese problem appears well on its way to resolution inside the United States, and that is also quite scary.