June 1, 2014 / by emptywheel


Does NSA Consider Facial Matches “Connections”?

James Risen and Laura Poitras have a new Snowden story on the many ways the NSA collects and matches images.

While once focused on written and oral communications, the N.S.A. now considers facial images, fingerprints and other identifiers just as important to its mission of tracking suspected terrorists and other intelligence targets, the documents show.

“It’s not just the traditional communications we’re after: It’s taking a full-arsenal approach that digitally exploits the clues a target leaves behind in their regular activities on the net to compile biographic and biometric information” that can help “implement precision targeting,” noted a 2010 document.

One N.S.A. PowerPoint presentation from 2011, for example, displays several photographs of an unidentified man — sometimes bearded, other times clean-shaven — in different settings, along with more than two dozen data points about him. These include whether he was on the Transportation Security Administration no-fly list, his passport and visa status, known associates or suspected terrorist ties, and comments made about him by informants to American intelligence agencies.

You can sort of map out where the NSA is getting its photos from the non-denials Vanee Vines gave NYT. For example, she did not deny that NSA collects images off Facebook. She also did not deny NSA is collecting iris scans.

She added that the N.S.A. did not have access to photographs in state databases of driver’s licenses or to passport photos of Americans, while declining to say whether the agency had access to the State Department database of photos of foreign visa applicants. She also declined to say whether the N.S.A. collected facial imagery of Americans from Facebook and other social media through means other than communications intercepts.

Perhaps most interesting, the story describes the “identity intelligence” analysts who map all these pieces together.

The agency has created teams of “identity intelligence” analysts who work to combine the facial images with other records about individuals to develop comprehensive portraits of intelligence targets.

We’ve know they do this. Here’s how Snowden described it to the EU.

It has been reported that the NSA’s XKeyscore for interacting with the raw signals intercepted by mass surveillance programs allow for the creation of something that is called “fingerprints.”

I’d like to explain what that really means. The answer will be somewhat technical for a parliamentary setting, but these fingerprints can be used to construct a kind of unique signature for any individual or group’s communications which are often comprised of a collection of “selectors” such as email addresses, phone numbers, or user names.

This allows State Security Bureaus to instantly identify the movements and activities of you, your computers, or other devices, your personal Internet accounts, or even key words or other uncommon strings that indicate an individual or group, out of all the communications they intercept in the world are associated with that particular communication. Much like a fingerprint that you would leave on a handle of your door or your steering wheel for your car and so on.


This provides a capability for analysts to do things like associate unique identifiers assigned to untargeted individuals via unencrypted commercial advertising networks through cookies or other trackers — common tracking means used by businesses everyday on the Internet — with personal details, such as individuals’ precise identity, personal identity, their geographic location, their political affiliations, their place of work, their computer operating system and other technical details, their sexual orientation, their personal interests, and so on and so forth. There are very few practical limitations to the kind of analysis that can be technically performed in this manner, short of the actual imagination of the analysts themselves.

While the NYT raises a slew of questions (starting with, again, why the NSA was purportedly unable to ID the Tsarnaevs via facial recognition, given that this program was expanded in the wake of the UndieBomb attack).

But I’m particularly interested in whether photo information gets used as part of the government’s correlations process: its chaining of people who know each other. Because, now that the phone dragnet authorizes chaining on “connections” in addition to actual phone calls, the photos on a smart phone would provide really useful ways of chaining people (it’d be easy to map the photo metadata, without having to do facial recognition).

Is part of the NSA’s move to have telecoms do this chaining — which civil liberties NGOs cheered so loudly — an effort to get to the photos we all keep in our cell phones?

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2014/06/01/does-nsa-consider-facial-matches-connections/