[etripe]

It also highlights the bias in law enforcement/intelligence that "stopping bad things from happening" is a good enough rationalisation to justify a lot of morally grey behaviour, at best. As a colleague once told me before starting on a support ticket for the federal police: "be careful, because they're trained to look for a suspect, not a root cause or solution".

What approximate time did you work there? Did you perhaps get to experience the difference between the situation before and after the Patriot Act, or before and after the emergence of ISIS? Or was this just the usual scope creep?

I'm old enough to have witnessed 9/11 live on TV and as I see it, there has been a downward spiral in the areas of privacy, the barrier for probable cause and the presumption of innocence - particularly in the US but almost equally egregiously here in Europe. Honestly, COVID isn't helping either, because it's just enough of a threat to be considered a security concern.

[MightyOwl13]

This was a few years ago in Europe not the US. I think this was one of the positive aspects, since law enforcement here (especially dealing with people from different countries) would have different expectations for the type of information that they could receive or ask for.

A representative from Italy might ask for one specific element of information, another one from Germany might look for associative information (who a person is and who they were with) and one from the UK might ask for things as precise as the hour and minute at which a particular action would occur (this is due to the high amount of cameras that cover London for example, which could then be used to match movement around a region with surveillance to the data I would provide).

I would say most of the requests were reasonable from my point of view given the background they would provide - I guess it's also down to the person requesting the information. But as time progressed they figured out that I was able to get information or that we had information on a wide variety of elements... As I said initially, it goes from "Find info on John Doe, with an email account jdoe@email.com, with a date of birth of 33/33/2033 who did this activity at 11:30 PM on 01/01/2053" to "We have this email which is either jdoe@email or jdoe@gmail but we're not sure. Can you check all such occurences?".

I think the point is also that Europe isn't THAT much better and while people might wave privacy laws and GDPR as proof of Europe's "superiority", I think a lot of those things look good on the surface, but they still don't protect you as much as you'd think.

[drawkbox]

It is dangerous, especially without warrants and massive data trails of who requested the data and why, who looked it up, what they checked and more. Not only just from the law/security side but from people in your position, probably at a security firm that some of this is outsourced to or a govt agency that has these capabilities.

For instance, take someone in your role or even a team of someone from enforcement and someone in your role, if 1-2 individuals get in that situation that are corrupt, it can turn into a blackmail or potential business espionage scenario. Since requests/warrants are being suppressed to keep a low profile, even finding out what and how information was looked up would be easy to pass for some scammers or organized criminals. Someone could sell access to information and start targeting many people. Scams could be run on wealth or small competitors suppressed.

The other side to this is, I wonder if you worked with anyone, or if people in your role, ever looked up information on people they know or potential competitors/enemies to use against them even if they did nothing wrong? What kind of oversight would be there to watch that, especially in the more underground operations in law enforcement or national security? Cops now in most places can look up anything on your phone. Are they doing it to family/friends/business people that they want to have some blackmail or upper hand on? Are they spying on people for their benefit, not for a crime? Probabilistically yes.

The gaping hole of security is the human, a few bad people with access to that data and you have some authoritarian powers that have never been seen in history to be abused. Giving individuals that much power will end badly, there is no way someone could control themselves if there is little oversight. If a law enforcement officer or security/intel professional has to provide no trail of that, it will be abused. It will be abused even with the trail.

[t0mas88]

As a European: Privacy here is much better in the commercial world due to things like GDPR. But law enforcement and other parts of government aren't much better than the US in terms of data collection, and in some cases even much worse. GDPR mostly doesn't apply to law enforcement, and unlike the US there are far less "intelligence services shall not target our own citizens" kind of rules which the US at least in some form has.

[corty]

Also, in most parts of Europe, there is no "fruit of the poisonous tree". Meaning that law enforcement can use all the ill-gotten evidence they like, with extremely rare exceptions.

[sokoloff]

Parallel construction substantially negates the perceived penalty for such evidence though, so it’s still frequently sought, even when the police know it can’t be used directly.