How Governments Spy On Protestors—And How To Avoid It

Yahoo

16-04-2025

Law enforcement's ability to track and profile political protestors has become increasingly multifaceted and technology driven. In this edition of Incognito Mode WIRED Senior Editor, Security & Investigations Andrew Couts and WIRED Senior Writer Lily Hay Newman discuss the technologies used by law enforcement that put citizens' privacy at risk—and how to avoid them.Shop for products discussed in this episode of Incognito Mode:Silent Pocket SLNT Faraday Waterproof Backpack: https://amzn.to/42ePTOgVisit the SLNT Storefront: https://amzn.to/4cA8ub9When you buy something through our affiliate links, we earn a commissionDirector: Efrat KashaiDirector of Photography: Brad WickhamEditor: Matthew ColbyHost: Andrew CoutsGuest: Lily NewmanLine Producer: Joseph BuscemiAssociate Producer: Paul GulyasProduction Manager: Peter BrunetteProduction Coordinator: Rhyan LarkCamera Operator: Mar AlfonsoGaffer: Niklas MollerSound Mixer: Sean PaulsenProduction Assistant: Malaia SimmsPost Production Supervisor: Christian OlguinSupervising Editor: Erica DeLeoAssistant Editor: Justin Symonds
- Protests, almost by definition, are points of contention between citizens and their governments.
[subdued music] Police tracking of protestors is multifaceted and includes a variety of tactics and gear that generate different data.
Some surveillance is done at the protests, while other methods are used outside of it.
- It's just like all different ways to get at this core thing of who was there, what are they up to, what do they think about things?
I think that's sort of how I break it down because so many of these technologies are unseen or not intuitive.
- In this episode, we'll discuss the technologies used by law enforcement that put citizens' privacy at risk.
This is "Incognito Mode."
[moody music] - The movies were way ahead on this, right?
Like they were depicting, it's like the yellow box that goes around the face type of thing.
Now, that is very real.
This technology is more and more available to law enforcement.
- Although law enforcement have had access to facial recognition tools for about 20 years, they previously were only able to search government images such as mugshots.
This changed in 2018 when many police departments started using Clearview AI, a facial recognition app that allows them to match photos from around the web.
Once a photo is uploaded, the app pulls up matches found online along with links to the source of those photos.
- [Newsreader[ Clearview says more than 600 law enforcement agencies across the country use this software.
- Based on the person's facial geometry, the images are converted by the system into a formula measuring things like eye distance.
This means that law enforcement can use any image to search for a person who doesn't currently have a police record and isn't known to authorities, and potentially identify them in seconds.
- I wanted to ask you, since you've covered this a lot, how do you view the risk of these platforms as they proliferate?
- To be quite frank, it freaks me the hell out.
Image recognition is just really, really good now and cheaper to deploy and so you know, I think it's more just kind of accepting that this is just part of life.
Like just commuting every day, you're probably being subjected to some of these systems in one form or another.
It's not just the systems where you have face rec built in.
It can be deployed after the fact if you're in people's pictures that are posted on social media, it can get uploaded to these systems and then you can get picked out of a crowd in that way.
- [Rioters] USA!
USA!
- We saw that with, you know, the January 6th Insurrection videos that were posted to Parler and other social media platforms.
- [Newsreader] News tonight, an Auburn man has been found guilty of federal charges for his actions during the January 6th insurrection.
- You know, the FBI took those, they saw people in the videos, they went back and and kind of looked to see like, "Okay, here's proof you were there."
Governments in 78 countries use public facial recognition systems with varying degrees of support from their citizens.
Many countries use the technology without transparent regulations.
In Russia, facial recognition tools have been used not only to detain people protesting the war in Ukraine, but also to identify and arrest opponents of the government before they joined any demonstrations.
Reuters reported that the facial recognition systems used in Moscow are powered by Western companies including NVIDIA and Intel.
Other companies such as Amazon have also launched software that allows users to build a facial recognition database using their own photos.
These systems, they're everywhere and things that you might think could kind of thwart these systems, even like wearing a mask and these kinds of things, some of the technologies can get around that.
I don't know what to do with that information to be honest.
- There are a lot of police here.
Are you not frightened?
- We are, but you know, we are together.
That gives a real power.
- I am frightened.
Of course I'm frightened.
That's why I'm just covering up all my face just so that they cannot even, you know, find my ID, but me being afraid doesn't mean that I'm not going to be here today and fight for my future.
- I agree 100% with what you were saying about how masks and other deterrent measures aren't always effective at defeating these identification technologies.
But clearly they are at least somewhat effective sometimes because you know, in a lot of crackdowns we've seen in the last few years by multiple governments, like one thing they'll do is try to ban mask wearing in certain settings.
Yeah, are there any other things, please tell me that you have more.
- Yeah, I mean I think there are ways to minimize the data and thus minimize the risks.
Just simple things like not shooting pictures and videos while you're at a protest so you're not capturing yourself and anybody else who's around you is one way to keep it out of some types of systems.
Avoiding some systems is better than avoiding no systems.
You are going to be subjected to this technology in one way or the other and you just kind of have to proceed as best you can and minimize your contributions to those systems as much as as possible.
- CCTVs or security cameras have been ubiquitous for a few decades now.
One could have thought 20 or 30 years ago, like, "Well now everything is going to be captured on film all the time."
But there are limitations still to just how much data is stored, for how long.
You know, there've been a lot of high-profile events around the world in recent years where there wasn't adequate security footage to really know what had happened.
It's not like every step you take, someone is paying to run the system and store the data to identify you.
[subdued music] - In 2010, "Wired" reported on federal agents friending crime suspects on sites like MySpace in order to see their photos, communications, and personal relationships.
More recently, police have used companies like Dataminr to more easily sift through massive amounts of data in order to glean information about how protests are organized, to identify activists, and to piece together people's connections to each other.
- So social media accounts, right?
It's a lot of data on everyone who's using these platforms.
But I kind of think of these surveillance technologies in two buckets.
One would be if authorities want to find out more about a specific person, right?
What has Andrew been posting about or saying and are there photos you know, of Andrew online?
Things like that.
But then the other one would be coming at it the flipped where it's like they're looking for anyone who has been talking about X thing, or you know, anyone marking their location in a certain place on a certain day.
Authorities can go directly to the sites or they might wanna use a service that kind of pulls a ton of data from social platforms together, you know, aggregates all of it and getting kind of lists of names.
It gives the ability to like have this vibe check.
Like those platforms themselves aren't inherently a surveillance tool, right?
Sometimes we use them for journalism.
- I've used some of these services like Dataminr before and once you see just the fire hose of information that you can get access to when you use it, it's becomes clear just how easy it is to kind of figure out what is going on.
Even if it's not obvious to you in your own like curated timeline.
Just the use of them has become more widespread.
You wouldn't know without doing some investigating, "Definitely my local police department is using this or not."
That creates an environment where you have to assume that that's what's happening.
- Steps like making your account private or setting something to expire quickly.
Maybe they can help.
But I wouldn't assume those types of settings can really truly protect data on big mainstream platforms.
- An example of how social media surveillance was used can be found through the MPD surveillance of the George Floyd protests in 2020.
It was found that the MPD collected data about protest events including dates, locations, organizers, and estimated crowd sizes.
The MPD shared this information with the Secret Service, National Park Service, and the Department of Defense.
- So I think the other huge advice is about data minimization and not posting about things that you worry about getting into other people's hands.
There's a tension here with chilling speech, right?
The nature of the internet is to share information, right?
That's like the whole purpose of the platform.
When you put stuff out there, it's hard to say like, "Okay, it's out there but only for certain people," and control it.
- Our perspective on it is probably a little bit different because we're journalists, we're kind of in the public eye in a way that some other people aren't, but I think anybody, no matter if you have one follower or a million, you should be really careful about what you post online and when you post it online.
You know, if you're gonna post vacation pictures, I never post them while I'm actually on vacation.
Because then that signal to somebody like, "Hey, my house is empty."
You can apply that to all different types of risks and I think generally posting less is the way to go.
- But also some people really wanna post or that's their like job, or you know, that's how they make money.
It's just helpful to understand that the greater volume you're posting, the more there could be things you didn't think of that's exposing information that you didn't realize is now out there.
[subdued music] - IMSI catchers, also known as cell site simulators and formerly referred to as StingRays, are devices that impersonate cell towers causing cell phones within a certain radius to connect to them.
Initially designed for military and national security purposes, this technology has emerged in routine police use.
Until recently, the use of IMSI catchers was withheld from the public.
The FBI has even forced state and local police agencies to sign NDAs in order to use their devices.
I mean, I find IMSI catchers fascinating just in that their use is really secretive, like there was a long time that police weren't allowed to say that they had them or that they were using them, so there's just- - And no one had seen one.
- Right.
Yeah, exactly.
Can you tell us just a little bit about how that works?
- These are devices that, at its core, just identify that your phone was physically in a certain location, like that's the baseline thing it's trying to achieve.
Sometimes called an IMSI catcher because of this IMSI number that it's trying to pick up.
They can work in different ways, they can work passively to just sort of sweep around and say what devices are in the area and let me try to, you know, decrypt their signal and catch that you know, an ID number.
More often, they work actively as like a fake cell tower, taking advantage of the way the system works, that your phone is going to connect to the cell tower that's emitting the strongest signal in the area to give you the best service and then grab that ID number.
Sometimes they can also potentially grab other stuff like unencrypted communications, like SMS text messages.
It's important to know that one of the things that can happen when you bring a phone to an event like a protest is that the fact that you were there and potentially some other information could be sort of pulled out of the air by one of these devices.
- Records show that IMSI catchers are used by 23 states and the District of Columbia, the DEA, ICE, FBI, NSA, and DHS, along with many additional agencies.
In terms of how people gauge the risk of these, I mean for one thing, like you said, a lot of times they're looking to target one person or maybe a couple of people and it does end up looping in a lot of people just by the nature of how it works.
But it's also one that I think is expensive and complicated to deploy and so it's probably not gonna be the top concern.
If I were going to a protest, I don't think it's the thing I would be so concerned about, just as an average person.
- Another thing in that vein, you know, if this technology that we're talking about is rogue cell towers, it means that actual cell towers also have all this information, right?
Like your wireless provider knows where you go.
So that data exists anyway and there are potentially other ways that, you know, authorities can get that information.
[brooding music] - Geofence warrants, or reverse location warrants, allow law enforcement to request location data from apps or tech companies like Google or Apple for all devices in a specific area during a set time.
Authorities can then track locations, identify users and collect additional data like social media accounts.
- This is yet another layer in this multiple approaches to getting the same information: who was at a certain place at a certain time and what can we find out about what they were up to?
- A lot of it's advertising data or what's being shared all the time from your device that you probably aren't paying much attention to and is used in a much more innocuous way typically.
- And it's sort of slurping up all the data from this area, which is constrained in a way but doesn't account for passersby, people, you know, getting coffee at the deli next door, people just sort of coming up to a location to see what's going on.
Like this is just bulk indiscriminate data.
I am worried about it, but maybe not specifically.
Like it's in the category to me of all the reasons that I might consider leaving a device at home or putting it in a Faraday bag.
It's sort of just on that list of reasons that you might wanna minimize the data that your device is emitting.
[subdued music] - Data brokers collect and sell personal data from public sources, websites, and apps people use every day.
They aggregate all this info to build detailed profiles of people and to group them into simplified categories such as high income, new moms, pet owners, impulse buyers, and more.
While advertisers are usually their primary clients, police can also purchase this data.
Some of the largest data broker companies include Experian, Acxiom, and Equifax.
The amount of data Equifax collected came to light in 2017 when a data breach exposed 147 million people's personal data.
- I think it just fuels this ability to identify someone and track kind of their behavior across the web and potentially their speech.
Similar to the way law enforcement can track people and surveil people through social media platforms, information from data brokers can aid investigations in two ways.
They can be coming at it from a person of interest who they're trying to find out more about or authorities can be coming at it from, "I want information on anyone who has had an IP address in this area or anyone who has keyword searched, you know, and been shown these types of ads."
- So how do data brokers collect information?
The most common ways include web browsing history, everything from your Google searches, sites or apps you visit, cookies, social media activity, or even a quiz you just filled out for fun.
All of that can be scraped and tracked.
This data creates each person's online history map, which in turn allows brokers to build a profile on each user.
The data that companies collect often include: name, address, phone number and email address, date of birth, gender, marital and family status, social security number, education, profession, income level, cars and real estate you own.
It also comes from public sources.
This can be anything in the public domain such as: birth certificates, drivers or marriage licenses, court or bankruptcy records, DMV records and voter registration information.
It can also include commercial sources such as: your purchase history, loyalty cards, coupon use, and so forth.
And finally, some websites or programs will ask for your consent to share your data.
Sometimes it's anonymized in certain ways, especially when it comes to advertising data, but it's pretty trivial for law enforcement or other investigators to tie certain advertising behavior to a specific device, especially if it's collecting precise location data and there's also data brokers that are building network profiles so you can not just get information about yourself, but everybody you've interacted with, whether it's on social media or actually in real life.
In the United States at least, we just lack laws that kind of regulate what these companies are able to collect.
And if you have to participate in modern society, as nearly everyone does, it's almost impossible to avoid.
I think in the context of protests, it's not an acute concern I would say, but it is generally speaking really freaky when the sky's the limit on what they could potentially use because there's just so much data.
- I agree with what you said, sort of low on the acute scale, but high on the existential scale.
[subdued music] - One of the big surveillance technologies that probably everyone who's driven on a highway knows about is license plate readers.
Really just capturing what your license plate is and showing that your vehicle was at a certain place at a certain time.
- Similar to like your phone, your car, it's a proxy for you.
Maybe you were in the car, maybe you weren't, but that's where your car went.
- There are three types of ALPR systems: stationary or fixed ALPR cameras, which are installed in a fixed location like a traffic light, telephone pole or a freeway exit ramp.
The second type are mobile ALPR cameras, which are attached to police patrol cars, garbage trucks, and other vehicles, and allow them to capture data from license plates as they drive around the city.
They can also assist law enforcement in gridding, which is when police officers drive up and down a neighborhood collecting license plates of all parked cars.
There are also private vendors like Vigilant Solutions, which collect license plate data and sell that back to police.
The third type are ALPR trailers, which are trailers police can tow to a particular area and leave for extended periods of time.
It's been reported that the DE has disguised ALPR trailers as speed enforcement vehicles and placed them along the US-Mexico border.
The things I'm concerned about aren't necessarily even it being used for license plates.
Our colleague, Dhruv Mehrotra has done some reporting showing that license plates readers can also capture any words that are visible, so that can be what's on your t-shirt, that could be political signs in your yard.
This technology may be able to be used in ways that we're not even familiar with or would imagine.
You know, a lot of times when we're talking about any surveillance technologies, it's really about creating data that then is there and could potentially be used in any number of ways at any point in the future depending on who gets access to it and what they want to do with it.
[moody music] - The key thing here is that these drones, even small quadcopters, like what we think of as consumer drones, they can carry a fair amount of cargo, meaning like cameras.
- There are a number of different drones used by law enforcement varying in size and ability.
For example, some drones have thermal imaging capabilities for night operations while others specialize in long periods of surveillance.
Protestors have in the past reported drones flying overhead, for example in Minneapolis during the George Floyd protests.
Police and government drones usually fly in the range of 11,200 feet above the ground.
However, it's been reported that the drone used to surveil protests in Minneapolis in 2020 flew at 20,000 feet, nearly invisible to protestors on the ground.
This was a Customs and Border Protection drone, which are often equipped with advanced cameras, radar, and potential cell phone geolocation tools.
In terms of how freaked out are you about drones, how do you think about that?
- Yeah, I would say fairly freaked out.
But again, like you were saying about the layering of these technologies, I think it's not the drones themselves, it's everything they can do and how cheap they are and how easy it would be to deploy even more of this tech.
When we talk about sort of evolution of different technologies, this capability is sort of similar to police helicopters and now it's just cheaper, lighter, easier.
Even these sort of benign-seeming quadcopters that we see around all the time could be carrying equipment on them to do like very granular, detailed surveillance of something like a protest.
[subdued music] - There are some technologies that are really just emerging and we don't even know if they've been used at protests or even used by authorities in the United States.
- Right, and your face isn't the only thing sort of outside your body that can potentially identify you.
For example, analyzing your gait, like how you walk.
- Gait recognition technology can identify individuals by analyzing their unique walking patterns using machine learning.
It captures movements through cameras, motion sensors, or even radar.
It then processes this information, breaking it down into contours, silhouettes, and other distinguishing features.
It offers high accuracy, but its effectiveness can be influenced by things like injuries or the types of terrain the subject is traversing.
This tech is especially useful for authorities when people's faces are obscured.
While there haven't been any reports of widespread use of this tech by law enforcement agencies in the US, Chinese authorities have been utilizing it on the streets of Shanghai and Beijing since at least 2018.
In recent years, there have also been a number of companies working on creating emotional detection technology where AI uses biometric data to determine a person's emotional state and the likelihood they will become violent or cause a disturbance.
"Wired" reporting found that Amazon-powered cameras have been scanning passengers faces in eight train stations in the UK to trial this new technology.
The trials were testing the system for age and gender recognition as well as the emotional state of the person on camera.
While there's no current documentation of this tech being used at protests, the BBC reported that emotional-detection tech has been used on Uyghurs in China.
- Some of these could be really invasive because you know, reading your emotions, there start to be maybe inferences that someone could make about how you were feeling in a certain moment that may or may not be accurate, right?
Because it's sort of being taken out of context.
So it's difficult to have an algorithm just sort of come to one conclusion.
Like sometimes I think you're doing your angry walk coming over when I haven't filed my story, but really then you're really nice about it and you're like, "It's okay Lily, you can do it."
And you know, I took it totally the wrong way.
But potentially there are more sort of in terms of just identifying someone in a certain place.
It is scary that there's something characteristic about your walk.
They're not saying, "Oh, it's Andrew's angry walk," but they're saying, "Oh, that's Andrew."
- Certainly creating more systems that are replicating what other things like facial recognition do and applying it in to other biometrics of a person.
That definitely is gonna create all the same concerns as we've seen with these other technologies that were emerging, you know, years or decades ago.
But now it's your entire body, how you walk, and like you mentioned, like if we're having computers analyze like how I'm feeling in a certain moment, effectively establishing intent of whatever my actions are in that moment, that gets really scary because it might be completely inaccurate.
Every time there's one of these new AI technologies, there's always some bias built in.
There are gonna be people who suffer consequences unnecessarily because these systems are deployed without being fully debugged.
Experts in the AI field have previously noted that emotional-detection tech is unreliable, immature, and some even call for the technology to be banned altogether.
[subdued music] Here are a few simple and effective ways to protect yourself and your personal information at a protest.
First, if you can, leave your phone at home, I know this might sound drastic, but the most effective way to ensure that your personal data isn't compromised and that your phone won't fall in the hands of law enforcement is by not having it with you.
If that's not an option, you can put your phone in a Faraday bag so data can't be accessed.
You should also turn off biometrics on your like facial recognition or fingerprint scanner, meaning you'll need a code to access it.
That way your face or fingerprints can't be forcefully used to access your personal information.
You can always say, "You just don't remember the code.
Don't unlock it."
Another thing to keep in mind is posting on social media.
Jay Stanley, a senior policy analyst at the ACLU says, "if you post something online, you should do so under the assumption that it might be viewed by law enforcement."
You should always check your sharing settings and make sure you know what posts are public.
Try to minimize the amount of other people's faces you capture in your photos or videos, use end-to-end encrypted messaging services like Signal when possible, wear a mask in case photos or videos are taken, and finally, know your personal risks.
Is your immigration status exposing you to additional dangers?
Are you part of a minority group that is more likely to be targeted by law enforcement?
Keeping these things in mind for yourself and your loved ones when deciding if you should go out to a protest.
For more information about surveillance at protests, check out wired.com.
This was "Incognito Mode."
Until next time.
[otherwordly music]