A new US export: digital surveillance for authoritarians

What is Endeca?

Endeca is a social media monitoring tool developed by US tech-giant Oracle. The software can scrape and analyze massive amounts of data from social media posts. According to a report by The Intercept, Endeca has been used by police departments in the US, and most notably in the city of Chicago

Armed with this powerful program, authorities can sift through thousands of social media posts in a short space of time, identify people who have attended specific events, and then match their user data with criminal records in existing databases.

Why is Endeca controversial?

Endeca is an extremely effective tool for police monitoring and responding to incidents that generate online activity. Understandably, concerns have been raised around the chilling effect this could have on protest movements in the US.

During last year’s Black Lives Matter rallies, police used similar software to find and target protesters with any outstanding warrants — a move that may have been designed to discourage attendance.

Since its inception in 1999 Endeca has been extensively used in the US by the Defense Intelligence Agency, the FBI, and U.S. Cyber Command. It’s also been employed by the US military in the infamous Guantanamo Bay prison, where prisoners were held and tortured.

Oracle bought the Endeca program in 2011, but they have a long history of collaboration with US law enforcement. For example, they ran the controversial CLEAR database used by the Chicago police department, containing information on more than 200,000 citizens.

Oracle and China: a dangerous combination

It’s bad enough that authorities in the US are using Endeca against the public. However, Oracle’s willingness to work with authoritarian regimes like China is even more worrying. Reports suggest that Oracle has actively marketed products to the Chinese government, and that their tools have already been used in the country.

Government agencies in the US seem happy to do business with a company that also sells surveillance tools to China, further eroding their own record on privacy and human rights.

Mass data surveillance in the US

Endeca is not the only example of US high-tech surveillance. Here are a few more cases:

• Google AI and the virtual border wall. Another notable collaboration between the US government and big tech was the use of Google Cloud for the US-Mexico border surveillance. Google Cloud technology facilitated the use of artificial intelligence to detect unauthorized entries to the country.
• The Hafnium intrusion. In early 2021, Hafnium, a China-based cybercriminal gang, exploited multiple zero-day vulnerabilities. The FBI then launched a defensive operation that involved hacking the compromised devices, without the consent of their owners. This set a worrying precedent for state-sanction hacking in the future.
• The SolarWinds hack. While the cause of the disastrous SolarWinds attack is still being investigated, some experts believe that the US government, and the NSA in particular, may have inserted backdoors in the software of a private company, for their own uses. This theory suggests that Russian hackers stumbled on these backdoors and used them to access the SolarWinds network, although these details are not confirmed.

Can we still trust our governments?

Everything you do on social media could be monitored by law enforcement, even if you haven’t committed any crime yourself.

While in some cases, the government may use these tactics for suppressing genuine crimes and security threats, indiscriminate data hoarding on this scale is likely to have negative consequences for many law-abiding citizens. Tools like Endeca are likely to be used in targeting protests, eroding privacy, and limiting freedom of speech.

The fact that US authorities are willing to work with a company like Oracle, despite their ties to the Chinese government, also undermines their credibility when challenging horrific human rights abuses in Xinjiang.

Even if we live in a seemingly free and democratic society, it’s important that we don’t take privacy and freedom of speech for granted. Liberal democracies can still turn a blind eye to authoritarian tactics.

How to protect your privacy

If you’re worried about personal privacy, there are a few steps you can take today to protect yourself:

• Avoid posting your personal and confidential information on social media, especially if you’re involved in any kind of political or social activism. It’s likely to be monitored and you never know who’s watching. Also, make sure your social media profiles are private, and don’t connect with people you don’t know personally.
• Use safe and encrypted online services to exchange sensitive data. Social media networks are convenient, but they’re rarely private. Find a messaging service that uses end-to-end encryption.
• Use a VPN. Virtual private networks, or VPNs, will encrypt your traffic and protect you from third-party snoopers. With a service like NordVPN, you can also hide your IP address, so no one can track your geographical location.