Are you already on a watchlist? A checklist.

A couple of weeks ago, I wrote about watchlists and how easy it is to end up on one. It is then very difficult, perhaps nigh impossible, to get off again. That isn’t helped by the fact that “the watchlist designation process is secret” so you cannot know if you’re on one until, perhaps, you find yourself detained at an airport for being a terrorist suspect.

This week, Arjun Sethi argues in the Guardian that “we cannot let the [US government] make up the rules” of watchlisting based on what can easily be called its personal whims. That’s not only because its “web of surveillance is…opaque, inefficient and discriminatory” but also because the standards it is based on are

so low that the US government’s guidelines specifically allow for a single, uncorroborated source of information – including a Facebook or Twitter post – to serve as the basis for placing you on its master watchlist.



It doesn’t stop there of course. As we have found out this week, the NSA (after building Skynet) has also built “Its Own Secret Google” – essentially a “search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats” that makes “massive amounts of surveillance data directly accessible to domestic law enforcement agencies.”

Let that last sentence sink in properly, especially the words “share”, “make accessible” and “to domestic law enforcement agencies.” It’s basically Google not just for Spyland but for people in domestic law enforcement as well. Which is a problem.

The thing is aptly named ICREACH (although I would suggest that it be re-branded ICOVERREACH) and the information

shared through [it] can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

It seems that ICREACH

provide[s] analysts with the ability to perform a one-stop search of information from a wide variety of separate databases” amongst them data “that is swept up by programs authorized under Executive Order 12333” which “takes place with no court oversight and has received minimal Congressional scrutiny because it is targeted at foreign, not domestic, communication networks.

Great, so you’ve got a search engine that is easily usable by many a Tom and Dick and allows for the search of – amongst others – information collected without oversight or other scrutiny because it is supposed to target foreigners. One word: bullshit.

If you are not an American, the nonsense of this should not only be apparent, it should also worry you immensely, because “foreign communication networks” in this context mean the ones you’re using every day. As an American, the bullshit may be less apparent initially but you should still be worried because it is not at all unlikely that some of your communication gets caught up in some sort of dragnet, simply because the other end of it (i.e. the person you are communicating with) is abroad and therefore a “foreign communications” intelligence target.

You should also be worried by the fact that

Legal experts told The Intercept they were shocked to learn about the scale of the ICREACH system and are concerned that law enforcement authorities might use it for domestic investigations that are not related to terrorism.

Just to recap: mass surveillance is meant to catch terrorists (or so the NSA et al keep saying). It is also meant to target foreign communications. Obviously, the intelligence gathered by the NSA (reminder: this is a foreign intelligence agency) should not be used in domestic investigations that have nothing to do with terrorism. ICREACH seems to allow the data gathered by the NSA – which very much includes domestic communication, naughty, naughty – to be used in domestic investigations.


Parallel construction

However, one of the most interesting aspect of the Intercept article mentions something called “parallel construction” which

could mean that a DEA agent identifies an individual he believes is involved in drug trafficking in the United States on the basis of information stored on ICREACH. The agent begins an investigation but pretends, in his records of the investigation, that the original tip did not come from the secret trove.

Now, if using this data in a domestic context was perfectly legal, why would the agent hide his steps? Just asking.

Also, given the ease with which anyone could potentially end up on some sort of watchlist, the idea that ICREACH “results can be used reveal the “social network” of the person of interest—in other words, those that they communicate with, such as friends, family, and other associates” is extremely troubling.


Watchlist – checklist

Here is a little checklist of perfectly innocent things that I would guess apply to myself and many people I know which could mean that we have, if not been placed on a watchlist, at least been caught up in the surveillance dragnet at some point or other:

  • Being of a certain descent or faith that not only the US considers suspicious these days: Sethi mentions Arab or Muslim Americans but feel free to drop the “Americans” – being an Arab or Muslim non-American probably makes you even more suspicious.
  • Being friends with – or otherwise loosely connected to – a person of the above faith or descent: “non-citizens can be watchlisted for being associated with a watchlisted person – even if their relationship with that person is entirely innocuous”.
  • Being described as “as an “extremist” [or] a “militant”” – before you discount this, consider that political dissent is often enough construed as “extremist” that “[e]ven visiting the website of the Tor project gets you on the bad side” and that recently journalists have been accused of “aiding and abetting” terrorism simply for doing their jobs.
  • Inadvertently posting something on Facebook or other social media that could be understood to hint at any of the above. Consider a group of Germans who planned a (perfectly innocent) walk to the NSA bunker in their hometown only to find law enforcement knocking on their door the morning after they had posted their plan on Facebook.
  • Using TOR or googling it.
  • Using encryption.

The loose standards that are at the basis of watchlisting – “reasonable suspicion”, which seems to mean nothing much at all, rather than “credible and genuine” evidence, secrecy rather than “fairness and due process” – are in no way proportionate to the impact that being placed on such a watchlist can have on people’s lives:

government officials routinely collect the biometric data of watchlisted individuals, including their fingerprints and DNA strands. Law enforcement has likewise been directed to gather any and all available evidence when encountering watchlisted individuals, including receipts, business cards, health information and bank statements.

Yet considering how easily and willingly data is collected and shared on a massive scale, how that data reveals connections between people and other information about people that could lead to being watchlisted at per the above checklist, you can’t indeed “help but wonder: are you already on the watchlist?” and if yes, when will you find out and what will it mean for your life? Is your phone already bugged? Are your communications being monitored? Will you be detained at the airport the next time you try to fly into the US?

If I didn’t think it would be overestimating my own importance in the grander scheme of things, I would indeed be wondering that.

What about you?


One thought on “Are you already on a watchlist? A checklist.

  1. Pingback: There be pirates: NSA builds its own Treasure Map aka Google Earth for all devices, everywhere, all the time. | Notes from Self

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s