IBM’s Watchful Eye
Apr 2nd, 2009 by sherri
This week, IBM ran a full-page ad in the Wall Street Journal, which advertised that:
New York’s “Real Time Crime Center can quickly query millions of pieces of information to uncover previously unknown data relationships and points of connection.”
In Poland “personal and vehicle IDs can be instantly checked in an EU-wide database.”
In Chicago: city staff “have access to video from a multitude of cameras citywide, with advanced analytics built into the infrastructure, that are connected to a fiber/wireless network to assist the operator with potential ‘eyes-on-the-scene’ in the vicinity of an incident.”
I’m all for fighting crime, but these vast, nascent public surveillance programs which have minimal public input and oversight are pretty frightening. If you’re familiar with the history of IBM, their massive surveillance operations are especially creepy. “IBM was founded in 1898 by German inventor Herman Hollerith as a census tabulating company. Census was its business,” wrote Edwin Black in his 2001 book, IBM and the Holocaust.
During the 1930s, IBM subsidiaries worked closely with the Nazis to develop and maintain the registration and tracking systems which were the foundation of their extermination operations. “IBM’s custom-designed prisoner-tracking Hollerith punch card equipment allowed the Nazis to efficiently manage the hundreds of concentration camps and sub-camps throughout Europe, as well as the millions who passed through them. Auschwitz’ camp code in the IBM tabulation system was 001.” (Black, 2002)
“The image of a tattooed number on the forearm of a death-camp survivor is one of the most recognized symbols of the Holocaust. Black shows that these numbers initially correlated to the IBM Hollerith punch-card system.” (AllBusiness, 2002)
Of course, the level of surveillance that we are experiencing today far surpasses anything seen by those living in Nazi Germany. Between GPS-tracked cell phones, OCR license-plate readers, and full-fledged city video surveillance systems, both corporations and law enforcement can track private citizens’ moment-to-moment activities.
What’s happening with all this data? The answer is: we (the public) don’t know. From traffic cameras to full-scale city monitoring systems, mass surveillance programs are being put into place with very little publicized detail regarding information security or data management. Conversely, the implementers seem to have taken a “security through obscurity” approach, where public disclosure of surveillance IT management practices is seen as a threat to security itself.
“Billions of records, accessible in minutes,” reads an IBM advertisement. “At the heart of the Real Time Crime Center is IBM Crime Information Warehouse technology… Advanced data-mining technology provides investigators with access to billions of records.”
Challenge: can you find any record of IT security audits of New York’s powerful public surveillance center, or even just indications that regular IT security audits occur? I can’t. (If you do, post!) If these records exist, they sure aren’t easily accessible by the public. Don’t we deserve verifiable evidence that our personal information is being responsibly managed?
As anyone in the open-source or cryptographic community knows, security through obscurity doesn’t make a system more secure. In the case of mass surveillance and tracking systems, the public is being denied the ability to verify that our data is securely and appropriately managed.
Moreover, what exactly are government and contractors doing with all of this very personal data? Contractors such as IBM are collecting an enormous amount of personal data, yet the public receives very little detail about how long our information is kept, who has access, and precisely how our data managed or used — other than vague, unverified assurances that our information is managed in accordance with regulation. It is impossible for us to assess compliance with referenced privacy and information security regulations without any real data.
Mass surveillance is an extremely powerful tool which is here to stay. Electronic mass tracking systems essentially obviate the need for punch cards and tattooed numbers, while serving effectively the same purpose. “It was the use of raw numbers, punch cards, statistical expertise, and identification cards that made [Nazi genocide] possible…” write Aly and Roth in their excellent book, The Nazi Census. “Every act of extermination was preceded by an act of registration.”
In a free society, the public must have the ability to actively provide input and receive feedback regarding the collection, maintenance and use of our tracking information, surveillance photographs and videos. If mass surveillance systems are not controlled by the population under surveillance, they will be (and have been) used for oppression. “Knowledge is power.”
| Sherri Davidoff |
| PGP-signed text: 2009-04-02 (current) |
Hi Sherri- quite the fan of your blog! I just wanted to urge a slight degree of caution in citing either IBM and the Holocaust or The Nazi Census- the former has been controversial in academic circles since it was published (on his own website Black proudly posts retractions he had obtained from a few publications, most notably the Journal of American History, but these are over factual details and not the substance of the critiques), and the later was (at the authors’ own admission) a political intervention that was part of an anti-census campaign- see http://www.h-net.org/reviews/showrev.php?id=10864. I think that both are good to mine for primary sources, but their conclusions should be taken with a grain of salt.
Particularly dubious is the claim that the numbered tattoos corresponded to Hollerith indexing. First, it appears that Black may have been mistaken that Hollerith machines were in use at Auschwitz-Birkenau (http://en.auschwitz.org.pl/m/index.php?option=com_content&task=view&id=262&Itemid=8), the only camp that tattooed its prisoners. Second, tattooing was initially only used to identify registered prisoners- i.e. those not sent directly to the gas chambers- who were in the infirmary or were about to be executed. It was only used for general identification purposes with the influx of Soviet prisoners of war, and even then still only for those who were sent to work. The numbers given were sequential and unique to Auschwitz-Birkenau (http://www.ushmm.org/wlc/article.php?lang=en&ModuleId=10007056).
Not that this in any way invalidates your point about the dangers of opaque mass surveillance- but I believe that the creation of holocaust-like conditions is not yet one of them. The biometric database created by the US off of the back of Sadam’s records that is most likely accessible by local authorities, on the other hand….
Hi Travis,
Thanks for the heads up! I’ve gone back to research this further. My current impression is that Hollerith numbers were not generally in use as tattoos in Auschwitz-Birkenau (as Black himself already states), but there may have been a few tattoos early on which matched the workers’ national punch card numbers, as Black claims was the case with a Polish timber merchant. Looking for the reference that led him to that conclusion, and will update this as appropriate one way or the other.
> Not that this in any way invalidates your point about the dangers of
> opaque mass surveillance- but I believe that the creation of
> holocaust-like conditions is not yet one of
Agreed. The Holocaust was an extreme outcome. I suspect the uses of our global surveillance systems will be more subtle, at least for the foreseeable future. Bribery, financial gain, threats, social manipulation, worker and consumer exploitation, are all common outcomes of unchecked authoritative powers. It’s very important that the public have the ability to check the uses and management of our surveillance data, so that we can maintain the balance of power required for a democracy.
Appreciate your thoughtful comment!
Sherri
Yep, that would be about right. A peoples worst enemy is always their Government! Good post