Privacy Through Visibility: ScareMail as an Exploit in Computational Surveillance

Benjamin Grosser

Visiting Instructor, University of Illinois at Urbana-Champaign

Introduction

The leaks of U.S. National Security Agency (NSA) documents from Edward Snowden have revealed the broad expansion of surveillance undertaken by the U.S. Government since 9/11. [1] This new surveillance is computational in nature, enabled by software that monitors our digital communications. How are we being changed by this challenge to privacy, and how might we challenge computational surveillance through artistic research? This brief text outlines my efforts to answer these questions through a work I call ScareMail.

“Collect It All”

One slide from the Snowden archive outlines what the NSA refers to as their “collection posture,” and shows that the NSA’s internal motto is “collect it all.” They want everything from everybody.

 An NSA slide outlining their “New Collection Posture” [2]

An NSA slide outlining their “New Collection Posture” [2]

To make sense of the text-based email they collect, the NSA algorithmically searches it for predetermined keywords they believe might reveal nefarious intent by presumed terrorists. While a list of these words has never been leaked, a similar list used by the Department of Homeland Security (DHS) to monitor social media is enlightening. [3] The DHS list has words one might expect, such as “Al Qaeda” or “dirty bomb,” but many of its words are in common usage, such as “facility” or “plot.” Large collections of words are thus becoming codified as something to fear, as indicators of intent. The result is a government surveillance machine run amok, algorithmically collecting and searching our digital communications in a futile effort to predict behaviors based on words in emails.

Scaring the NSA

My response to computational surveillance is ScareMail, [4] a free and open source [5] web browser extension that makes email “scary” in order to disrupt NSA surveillance. It extends Google’s Gmail, adding to every new email’s signature an algorithmically generated narrative containing a collection of probable NSA search keywords.

To create these narratives, I swap out nouns and verbs from Ray Bradbury’s Fahrenheit 451 with properly formatted and conjugated “scary” alternatives taken from the DHS list. This procedure creates intermediate texts used by ScareMail to generate new texts for each email sent.

The results are without intended meaning, yet they read and look like plausible narratives (Figure 2).

Example ScareMail Output, 2014, Ben Grosser.

Example ScareMail Output, 2014, Ben Grosser.

ScareMail texts also maintain the general formatting style of the original text, including dialog quotations and paragraph structure (Figure 3).

Example ScareMail Output, 2014, Ben Grosser.

Example ScareMail Output, 2014, Ben Grosser.

ScareMail’s stories thus act as traps for NSA email surveillance programs, forcing them to look at nonsense. Each story is unique in an attempt to avoid automated filtering by the NSA’s search systems.

Reactions to ScareMail

When I released ScareMail in the fall of 2013, it attracted a lot of attention. Many on Twitter were enthusiastic. For example:

ScareMail also received major press attention. The Atlantic noted ScareMail’s counterintuitive approach (Figure 4).

From The Atlantic, October 17, 2013

From The Atlantic, October 17, 2013

FastCompany speculated about the consequences of using ScareMail (Figure 5), as did a number of comments on press articles, such as: “Hilarious until they actually come to arrest you … or worse just ‘take you for a ride.’” [6] Or, “He [the artist] just made it onto the No-Fly list. Congratulations.” [7] Or, “…it’s not funny and it’s not cool. These immature nobs are deciding on our behalf that they would prefer their families to be bombed instead of the government knowing what they browse.” [8]

From FastCoExist, October 11, 2013

From FastCoExist, October 11, 2013

But the Chicago Tribune expressed the most concern about ScareMail’s potential, literally equating its use with the outing of undercover agents and selling plastic guns to evade airport metal detectors (Figure 6).

From Chicago Tribune, Section 1, pg. 22, October 13, 2013

From Chicago Tribune, Section 1, pg. 22, October 13, 2013

These negative responses are particularly interesting since all ScareMail does is add words to the end of emails. Yet this simple addition led some people to compare the use of ScareMail to terrorist action. Even ScareMail supporters are reluctant to use it because they know that including “scary” words in their emails will increase surveillance of their own communications. Clearly computational surveillance is affecting how people act and interact online.

ScareMail as an Alternative Model of Privacy

The world’s primary response to the NSA’s “collect it all” ideology has been to use encryption, to hide our digital activities from government surveillance systems. That is an understandable response, but it is a symmetrical one that tries to compete with the NSA on its own turf.

With ScareMail, I use a different strategy, what Alexander Galloway calls an “Exploit”—or an asymmetric response to the ubiquity of networked state power. [9] As an individual artist, I can’t compete with the NSA’s ability to crack encryption. But I can use their desire to collect everything against them. In other words, I give their search algorithms just what they want: more “scary” words. If every email contains the scary words they’re looking for, then searching for those words becomes a fruitless exercise. A search that returns everything is a search that returns nothing of use.

And so, with ScareMail I propose an alternative model of privacy, a model of privacy built on visibility and noise rather than encryption and silence.

 

References

  1. Glenn Greenwald, No Place To Hide: Edward Snowden, the NSA, and the U.S. Surveillance State (New York: Henry Holt, 2014).
  2. From page 6 of http://glenngreenwald.net/pdf/NoPlaceToHide-Documents-Compressed.pdf
  3. https://epic.org/foia/epic-v-dhs-media-monitoring/Analyst-Desktop-Binder-REDACTED.pdf
  4. http://bengrosser.com/projects/scaremail/
  5. Source code is available from http://github.com/bengrosser/scaremail/
  6. darquelord, Oct 10, 2013, comment on Alex Hern, “ScareMail plugin will flag all your email to the NSA,” The Guardian, http://discussion.theguardian.com/comment-permalink/27821635
  7. Eigenvector, Oct 9, 2013, comment on Ryan Gallagher, “The Gmail Extension That Aims to Drown the NSA in Nonsense,” Slate, http://slate.me/1tQEkXM.
  8. Baobabcat, comment on “ScareMail plugin…”. http://www.theguardian.com/technology/2013/oct/10/nsa-filter-scaremail-email-blacklist-plugin#comment-27826330
  9. Alexander Galloway, The Exploit: A Theory of Networks (Minneapolis, MN: University of Minnesota Press, 2007), 21.

 

Bio

Artist Ben Grosser creates interactive experiences, machines, and systems that explore the cultural, social, and political implications of software. Recent exhibition venues include Eyebeam in New York, The White Building in London, FILE in São Paulo, and Museum Ludwig in Cologne. His works have been featured in Wired, The Atlantic, The Guardian, Creative Applications Network, Neural, Rhizome, and The New Aesthetic. The Huffington Post said of his Interactive Robotic Painting Machine that “Grosser may have unknowingly birthed the apocalypse.” The Chicago Tribune called him the “unrivaled king of ominous gibberish.” Slate referred to his work as “creative civil disobedience in the digital age.” Grosser’s recognitions include First Prize in VIDA 16, a Net Art Grant and Commission from Rhizome, and awards from Terminal and Creative Divergents. He holds an MFA in new media and an MM in music composition from the University of Illinois at Urbana-Champaign, where he teaches in the School of Art & Design.
bengrosser.com