Inside the massive and unregulated world of surveillance tech Sharon Weinberger

A few years ago,

an American defense consultant I know

told me about a trip
he took to Uzbekistan.

His role there was to help sell technology

that the Uzbek government could use
to spy on its own citizens.

He eventually shared with me
the marketing material

he’d presented to the Uzbek government.

One glossy brochure featured technology
that could not just intercept phone calls,

but identify the caller,

regardless of what phone number
they were using,

based on their unique voiceprint,

and then identify their exact
geographic location.

This is a guy who had been involved
with the arms trade for years.

He wasn’t some Hollywood-type gunrunner
doing backroom deals.

He was just a guy that worked
with legitimate Western companies

to help sell their weapons abroad.

But he wasn’t bothered
by marketing this sort of technology.

For him, it was just the next step
in the arms trade.

And it was even easier than, say,
selling weapons to Iraq,

because it didn’t require
an export license

from the US State Department,

the way most arms sales would.

It turns out that these
tools of surveillance

are almost completely unregulated,

because as of today,
they’re not defined as weapons.

But they should be, and we need
to regulate them that way.

I’m a journalist
who has spent the last two decades

looking at how the military
and intelligence world

spurs the development
of new science and technology.

I’ve tracked the emergence of new weapons

and looked to see what happens

when companies start to market
these weapons abroad.

But what is a weapon
in the information age?

We know that armed drones are weapons,

missiles and bombs are weapons,

but the State Department
actually classifies

broad categories
of technologies as weapons.

So for example, a scientist going abroad
on an oceanographic research vessel,

they want to take
the latest night-vision goggles?

That, according to the State Department,
is potentially a weapon.

Why?

Well, because though night-vision goggles
are used today by scientists

and hunters around the world,

it was a capability
first developed for the military.

And yet, tools of surveillance

that an authoritarian regime could use
to spy on its own citizens,

on dissidents, on journalists,

that, according to the US government
today, is not a weapon.

And yet, these tools of surveillance

are part of a growing secretive
multi-billion-dollar industry.

The genesis of this spy bazaar
goes back some 18 years,

to a Hilton hotel in northern Virginia,

just a few miles away
from the US Central Intelligence Agency.

A few dozen people,
mostly dark-suited men,

gathered there in the spring of 2002

for a conference with
the unassuming name of ISS World.

You know, at first glance, this conference
probably looked like dozens of events

that used to take place
around the Washington, DC area.

But this event was unique.

ISS stands for Intelligence
Support Systems,

and the people who were there

were from companies
that built technologies to spy

on private communications.

In other words, these were
sort of wire-tappers for hire.

And the reason they were there
was that less than a year earlier,

the 9/11 terrorist attacks
on New York and Washington

had spurred the Congress
to press through legislation

known as the Patriot Act.

This gave the government
broad new authorities

to monitor communications.

Emails, internet activity, phone calls,

even financial transactions.

This created an instant demand for data.

And in the true American
entrepreneurial spirit,

an industry rose up
to help collect this data.

But back in 2002,

this was still a pretty modest affair.

Only about 10 percent
of the world’s population

was even online using the internet.

So most of what was being collected
were simple emails and phone calls

over landlines and cell phones.

But over the next few years,

the way that we communicate
began to change rapidly.

There was the introduction
of Skype, Facebook

and then, crucially, the iPhone,

and within a few years,

billions of us were walking around
with little computers in our pockets

that do everything
from monitor our exercise habits

to help us find romantic partners.

And suddenly, you didn’t necessarily need
the advanced capability

of the National Security Agency
or big telecoms

to monitor everyone’s communication.

In some cases,

all you needed was access
to that device in their pockets.

And that gave birth to an entirely
new type of industry.

You know, not many companies
can build missiles or aircraft,

but it doesn’t take a lot of capital
to create software

that can hack into someone’s smartphone.

Computer hackers
have been around for years,

but now their skills could be used
to build technologies

that were in high demand
by law enforcement

and intelligence agencies.

And soon, dozens
and even hundreds of companies

were getting into this
wire-tappers' market.

And that little conference in Virginia,

it grew and soon became known
as the Wiretappers' Ball.

Well, not much was known
about the Wiretappers' Ball

in those early years,

because the conferences
were closed to everyone

except the companies
and their government customers.

But journalists did begin to see
and hear reports

of companies getting
into this private spy market.

Spooky entrepreneurs
going around the world,

doing deals,

often with authoritarian regimes.

And it was, from the start,
a really loosely regulated market.

Some countries do require permission
to sell these technologies abroad,

but rarely with the type of scrutiny
that is given to traditional arms.

So for example, the Italian-based
company Hacking Team

reportedly sold its technology
to authoritarian regimes

in Egypt and Kazakhstan.

The Israeli-based company NSO Group
has reportedly sold its technology

to the regime in Saudi Arabia,

which has been accused of harassing,

and even, in one case,
killing one of its political opponents.

And we do think of weapons
as things that kill people.

But in the information age,

some of the most powerful weapons
are things that can track and identify us.

This is something that the Pentagon
and CIA have recognized for years,

and they’ve tried to build technologies

that can track people,
suspected terrorists, around the globe.

The Pentagon has invested
in something called smart dust,

little microsensors
the size of specs of dust

that you could scatter on people
without them knowing it,

and then use it to track their location.

The Pentagon, through
its venture capital firm,

has invested in a beauty products company
once featured in “Oprah Magazine”

to build a device that could
surreptitiously collect DNA

just by swiping across the skin.

But something remarkable has happened
over the past decade.

In many cases, what the private
marketplace has been able to do

has far outstripped what the Pentagon
or CIA even thought was possible.

Back in 2008,

the Pentagon had a secretive database
of DNA from terrorists.

It had about 80,000 samples.

Well, the private company AncestryDNA

today has samples
from over 15 million people.

23andMe, the second-largest
genealogical database,

has samples from over 10 million people.

So now, maybe you don’t need
these James Bond-worthy techniques

of collecting DNA

if we’re willingly handing it over
to private companies

and even paying for the honor of doing it.

Well, what could you do
with a sample of someone’s DNA?

In the United States and China,

researchers are working
on using DNA samples

to build images of people’s faces.

So if you pair DNA
with facial recognition technology,

you have the basis of a really
powerful surveillance system

that could be used to track individuals
or entire ethnic groups.

And if you think that sounds
a little bit paranoid,

keep in mind that the Pentagon
last year sent out a memo

to all of its service members,

warning them precisely not to use
those commercial DNA kits

over concerns that information
could be used to track them

or their family members.

And yet, even with the Pentagon
raising concerns about this technology,

almost nothing has been done
to reign in this market.

One American company, Clearview AI,

has been collecting billions
of images of people’s faces

from across the internet,

like those pictures you post on Instagram
of you and your friends and family,

and then selling its facial
recognition services

to US government
and law-enforcement agencies.

And even if you think

that’s a perfectly acceptable
application of this technology,

there’s nothing to stop them
from selling to private individuals,

corporations or even foreign governments.

And that’s exactly
what some companies are doing.

That Wiretappers' Ball
that started in northern Virginia?

Today, it’s held in multiple cities
around the globe.

Thousands of people now attend
the ISS trainings and conferences.

And more of the companies showing up
are coming from the Middle East and China.

The spy bazaar has gone global.

And at arms shows now around the world,

you’ll see companies displaying
facial recognition technology

and phone hacking software,

displaying right next
to traditional arms manufacturers

with tanks and missiles.

And walking around these arms shows,

it’s pretty easy to go down
dystopian rabbit holes,

thinking about future
surveillance technology

that will track our every move.

And I remember one
Pentagon adviser telling me

that what the military really needed
were space-based satellites

that could track people anywhere on earth
based just on their DNA.

It’s enough to make you invest
in tinfoil hats.

But the truth is,

we don’t know what sort
of technology the future will bring.

But we know that today,
in the absence of regulation,

this marketplace is already exploding.

And in fact, one of those companies
accused of selling surveillance technology

to authoritarian regimes,

today, it’s offering to help track
those infected with COVID-19.

And of course, technology does offer
the tantalizing promise

of helping control a pandemic
through contact tracing.

But it also opens up another door,
to privatized mass surveillance.

So what do we do
about this private spy bazaar?

We can hide, go offline,

get off social media,
ditch our smartphones,

go live in a cave,

but the truth is, we’re not trained
to be professional spies,

we can’t live under false identities
or with no identities.

And even real spies are having a hard time
staying below the radar, these days.

It doesn’t matter how many
passports Jason Bourne has

if his face or DNA
is in someone’s database.

But if even governments have lost control
of the tools of spying,

is there anything we can do about it?

One argument I’ve heard

is that even if the US
were to restrict companies

from selling this sort
of technology abroad,

companies based in China
might simply step in.

But we regulate the arms trade today,

even if we do it imperfectly.

And in fact, there was a multilateral
proposal several years ago

to do just that,

to require export licenses
for surveillance software.

The United States
was among those countries

that agreed to these
voluntary regulations,

but back in Washington,
this proposal has simply languished.

We have an administration
that would rather sell more weapons abroad

with fewer restrictions,

including to some of those countries

accused of abusing
surveillance technology.

I think to move forward,
we would need to revive that proposal,

but even go one step further.

We need to fundamentally change
how we think of surveillance technology

and define these tools as weapons.

This would allow government

to regulate and control
their sale and export

the way that they control
traditional arms,

advanced aircraft and missiles.

But that means recognizing
that technology that tracks who we are,

what we do, what we say,

and even in some cases, what we think,

is a form of advanced weaponry.

And these weapons
are growing too powerful,

available to the highest bidder,

and according to the whims
of the spy bazaar.

Thank you.

几年前,

我认识的一位美国国防顾问

告诉我
他去乌兹别克斯坦的旅行。

他在那里的职责是帮助

出售乌兹别克斯坦政府可以
用来监视本国公民的技术。

他最终与我分享了

他提交给乌兹别克斯坦政府的营销材料。

一本精美的小册子介绍了一种技术
,该技术不仅可以拦截电话,

还可以根据呼叫者独特的声纹识别呼叫者,

无论他们使用什么电话号码

然后识别他们的确切
地理位置。

这是一个
参与军火贸易多年的人。

他不是做幕后交易的好莱坞式枪手

他只是一个
与合法的西方公司

合作帮助向国外销售武器的人。

但他并不
为营销这种技术而烦恼。

对他来说,这只是
军火贸易的下一步。

它甚至比
向伊拉克出售武器更容易,

因为它不需要美国国务院
的出口许可证

,就像大多数武器销售一样。

事实证明,这些
监视

工具几乎完全不受监管,

因为截至今天,
它们还没有被定义为武器。

但它们应该是,我们需要
以这种方式规范它们。

我是一名记者
,在过去的二十年里

一直在研究军事
和情报界

如何
推动新科学技术的发展。

我跟踪了新武器的出现,

并研究了

当公司开始在
国外销售这些武器时会发生什么。

但信息时代的武器是什么

我们知道武装无人机是武器,

导弹和炸弹是武器,

但国务院
实际上将

广泛
的技术分类为武器。

举个例子,一个科学家
乘坐海洋科考船出国,

他们想
带上最新的夜视镜?

据国务院称,
这可能是一种武器。

为什么?

好吧,因为尽管
当今

世界各地的科学家和猎人都在使用

夜视镜,但它
最初是为军队开发的。

然而

,专制政权可以
用来监视其公民、

持不同政见者、记者的监视

工具,根据今天的美国政府的说法
,这并不是武器。

然而,这些监视

工具是一个不断增长的、价值
数十亿美元的秘密行业的一部分。

这个间谍集市的起源
可以追溯到大约 18 年前,

位于弗吉尼亚州北部的一家希尔顿酒店,

距离美国中央情报局仅几英里

2002 年春天,几十个人,
大部分是深色西装的男人,

聚集在那里,

参加一个
名为 ISS World 的不起眼的会议。

你知道,乍一看,这次会议
可能看起来像是

过去
在华盛顿特区周围举行的数十场活动。

但这次活动是独一无二的。

ISS 代表情报
支持系统,

那里的

人来自
开发技术以

监视私人通信的公司。

换句话说,这些都是
租用的窃听器。

他们在那里的原因
是不到一年前,

纽约和华盛顿

发生的 9/11 恐怖袭击促使
国会推动通过

称为“爱国者法案”的立法。

这赋予了政府
广泛的新权力

来监控通信。

电子邮件、互联网活动、电话,

甚至金融交易。

这创造了对数据的即时需求。

本着真正的美国
企业家精神,

一个行业兴起
来帮助收集这些数据。

但早在 2002 年,

这仍然是一件相当温和的事情。 世界上

只有大约 10%

人口甚至使用互联网上网。

因此,收集的大部分内容都是通过固定电话和手机
发送的简单电子邮件和

电话。

但在接下来的几年里

,我们交流的方式
开始迅速改变。

Skype、Facebook

和最重要的是 iPhone 的推出

,在几年内,

数十亿人的
口袋里装着小电脑,

从监控我们的锻炼习惯

到帮助我们寻找浪漫伴侣,这些电脑可以做各种事情。

突然之间,你不一定需要

国家安全局
或大型电信公司的先进能力

来监控每个人的通信。

在某些情况下

,您所需要的只是访问
他们口袋里的那个设备。

这催生了一种
全新的行业。

你知道,没有多少公司
可以制造导弹或飞机,


开发

可以侵入某人智能手机的软件并不需要大量资金。

计算机黑客
已经存在多年,

但现在他们的技能可用于

构建执法

和情报机构急需的技术。

很快,数十
家甚至数百家

公司进入了这个
窃听者的市场。

弗吉尼亚的那个小会议,

它发展壮大,很快就被
称为窃听者舞会。

好吧,早年
对窃听者舞会知之甚少

因为

除了公司
及其政府客户之外,会议对所有人都不开放。

但记者们确实开始看到
和听到

有关公司
进入这个私人间谍市场的报道。

鬼鬼祟祟的
企业家环游世界,

做交易,

通常与独裁政权。

从一开始,它就是
一个监管非常松散的市场。

一些国家确实需要获得许可
才能在国外销售这些技术,

但很少
会像传统武器那样受到审查。

例如,据报道,总部位于意大利的
公司 Hacking Team

将其技术出售

了埃及和哈萨克斯坦的专制政权。

据报道,总部位于以色列的公司 NSO Group
已将其技术出售

给沙特阿拉伯政权,该政权

被指控骚扰,

甚至在一个案例中
杀死了一名政治对手。

我们确实认为武器
是杀人的东西。

但在信息时代,

一些最强大的武器
是可以追踪和识别我们的东西。

这是五角大楼
和中央情报局多年来一直认可的事情

,他们试图

建立可以追踪
全球范围内的人、可疑恐怖分子的技术。

五角大楼已经投资
了一种叫做智能尘埃的东西,

这种微型微型传感器

可以在人们
不知道的情况下散布在人们身上,

然后用它来追踪他们的位置。

五角大楼通过
其风险投资

公司投资了一家
曾经在《奥普拉杂志》上刊登过的美容产品公司,

以制造一种

只需在皮肤上滑动即可秘密收集 DNA 的设备。

但是
在过去的十年里发生了一些了不起的事情。

在许多情况下,私人
市场所能做

的远远超过了五角大楼
或中央情报局甚至认为是可能的。

早在 2008 年

,五角大楼就有一个秘密
的恐怖分子 DNA 数据库。

它有大约 80,000 个样本。

好吧,今天的私人公司 AncestryDNA

拥有
来自超过 1500 万人的样本。

23andMe 是第二大家
谱数据库,

拥有超过 1000 万人的样本。

所以现在,

如果我们愿意将它
交给私人公司

,甚至为这样做的荣誉付费,也许你不需要这些詹姆斯邦德值得收集的 DNA 技术。

那么,你可以
用某人的 DNA 样本做什么?

在美国和中国,

研究人员正
致力于使用 DNA 样本

来构建人脸图像。

因此,如果你将 DNA
与面部识别技术结合起来,

你就拥有了一个非常
强大的监控系统的基础

,可以用来追踪个人
或整个种族群体。

如果你觉得这听起来
有点偏执,

请记住五角大楼
去年

向所有服役人员发出了一份备忘录,

警告他们不要使用
那些商业 DNA 试剂盒,

因为担心信息
可能被用来追踪他们

或他们的家人。

然而,即使五角大楼
对这项技术提出了担忧,

也几乎没有采取任何措施
来统治这个市场。

一家美国公司 Clearview AI

一直在从互联网上收集数
十亿张人脸图像

例如您在 Instagram 上发布
的您和您的朋友和家人的照片,

然后将其面部
识别服务出售

给美国政府
和执法部门 机构。

即使你认为

这是一项完全可以接受
的技术应用,

也没有什么可以阻止他们
向私人、

公司甚至外国政府出售产品。


正是一些公司正在做的事情。

那个始于弗吉尼亚北部的窃听者舞会?

今天,它在全球多个城市举行

现在有成千上万的人
参加国际空间站的培训和会议。

更多出现的公司
来自中东和中国。

间谍集市已经走向全球。

现在在世界各地的军火展上,

你会看到公司展示
面部识别技术

和电话窃听软件,

在传统军火制造商旁边展示

坦克和导弹。

在这些武器表演中走来走去,

很容易进入
反乌托邦的兔子洞,

思考未来

将跟踪我们一举一动的监控技术。

我记得
五角大楼的一位顾问告诉我

,军方真正需要的

是能够仅根据 DNA 追踪地球上任何地方的人的天基卫星

足以让你
投资锡纸帽子。

但事实是,

我们不知道
未来会带来什么样的技术。

但我们知道,今天,
在缺乏监管的情况下,

这个市场已经在爆炸式增长。

事实上,今天,
被指控向专制政权出售监控技术的公司

之一,它提供帮助
追踪感染 COVID-19 的人。

当然,技术确实提供

通过接触者追踪帮助控制流行病的诱人承诺。

但它也
为私有化大规模监控打开了另一扇门。

那么我们
如何处理这个私人间谍集市呢?

我们可以躲藏起来,下线,

离开社交媒体,
抛弃智能手机

,住在山洞里,

但事实是,我们没有
受过专业间谍训练,

我们不能生活在虚假身份
或没有身份的情况下。

如今,即使是真正的间谍也很难
保持低调。

如果他的脸或
DNA 在某人的数据库中,那么 Jason Bourne 拥有多少本护照并不重要。

但是,如果连政府都失去
了对间谍工具的控制

,我们能做些什么吗?

我听到的一个论点

是,即使
美国要限制公司

在国外销售
这种技术,

中国的公司
也可能会简单地介入。

但我们今天对武器贸易进行监管,

即使我们做得不完美。

事实上,几年前有一个多边
提案

就是这样做的,

要求监控软件的出口许可证。

美国

那些同意这些
自愿性规定的国家之一,

但回到华盛顿,
这个提议已经被搁置了。

我们的
政府宁愿在

限制较少的情况下向国外出售更多武器,

包括向一些

被指控滥用
监视技术的国家。

我认为要向前迈进,
我们需要重新启动该提案,

但甚至更进一步。

我们需要从根本上
改变我们对监视技术的看法,

并将这些工具定义为武器。

这将使政府

能够以

控制
传统武器、

先进飞机和导弹的方式来规范和控制其销售和出口。

但这意味着要认识
到,追踪我们是谁、

我们做什么、我们说什么,

甚至在某些情况下,我们认为什么的技术

是一种先进的武器。

而且这些武器
的威力越来越大

,出价最高的人都可以使用,

而且可以根据
间谍集市的一时兴起。

谢谢你。