How I Got That Story: Uncovering Boston’s Secret Surveillance Program

Dig Boston dropped a bombshell last month when it reported the city had secretly used a well-attended 2013 concert series called Boston Calling to test controversial facial recognition software. A three-part series, Boston Trolling raises civil liberties issues and criticizes IBM, the outside contractor involved, for taking advantage of a city that, in the wake of the Boston Marathon bombing, was at its most vulnerable.

“These are treasonous acts, as far as I’m concerned,” says Chris Faraone, Dig news and features editor and one of the three authors of the articles. “The fact is that this stuff was done behind closed doors. In the case of this story, it probably never would have come out at all if we didn’t cover it.”

The series is sourced from a trove of privileged documents that were left exposed online and discovered by Dig. It required months of research and a wealth of institutional knowledge on security and government issues, says Faraone, but the biggest takeaway is that it was possible. “It’s not just the big guys that can do this stuff,” he adds.

Here, Faraone elaborates on the cutting-edge reporting techniques used and what it took to pull off the ambitious series.

* * *

Tell me about the team that worked on this. It’s you and two freelancers, right?

It’s interesting. They’re both freelancers, technically. Kenneth Lipp is an independent journalist out of Philadelphia. He’s someone I know through an independent network of reporters from covering Occupy all over the country. Jonathan Riley is now an intern at the CNN investigative unit in D.C., but when he wrote the piece with us, he was an intern here. He just happened to be really interested in security and a lot of these issues.

All of the pieces kind of aligned. Kenneth is really strong on the research side. Jonathan was here, and he was the support I needed to help dig through these documents and track down a lot of supporting documents and sources.

How did the story come about?

What happened was, Kenneth came to me. He said he had a trove of documents that he found in an interesting way—and I’ll get to that in a second—and we should check them out because they ultimately involved facial recognition software being used on every single person that came to the Boston Calling events in 2013.

The reason this was such a perfect angle to get in is that it involved a huge concert. Boston Calling is a really big thing for the city. It’s only been going on for a few years now.

I am well versed in a lot of advanced modern security and stuff, but even the term “biometrics” has always turned me off. It’s just conspiratorial sounding. Even though it’s a certifiable industry, and I’m aware of that, it’s just kind of insane. I’m not a huge science-fiction guy, but I’ve been going back for the past couple months and reading up on a lot of Philip K. Dick and Ray Bradbury. It’s really wild.

What Kenneth and I wanted to do is really make a presentable story about these things collective called intelligence surveillance. All of these apparatuses, they’re really here.

How much manpower went into the reporting of this?

This is hundreds of hours of work between the three of us, especially before that first story. We had to make sure everything was on the up and up and make sure that what we were looking at was what we were looking at.

Now about that ‘trove of documents’ …

Kenneth has actually written about this. It’s no family recipe secret. What he does is he searches for files people have left exposed. Basically, private files that have been left on the internet. He equates it to, these people have mailboxes but they’re not listed in the white pages, they have a phone number but it’s not listed in the phone book. Essentially, if something is on the internet, Google is going to index it. A lot of people store things on their server at work, and if that’s not a protected server, you’re basically just making that public. If you make a URL that only you know how to get to, that doesn’t mean it’s not indexed.

Let’s say we have some official documents that we got in another way, and on those documents are specific programs for designated municipalities, or the geolocation coordinates of a specific place. Well, when you search on Google—actually, not just Google, but search in other ways too—for those coordinates. That is something nobody would (normally) ever search for but because it’s in that document that you have on your server that was indexed by Google, now we find it, and we can go from there.

This is something where we worked with our attorneys. I talked with several media attorneys, actually. I cannot stress this enough. At its very base level, there are no breeches. There’s no security breaching, there’s no password.

I’ll also add that there were other things in these folders that were of a sensitive nature, of a personal nature, of the IBM consultant who left them exposed. We didn’t compromise that stuff. We did not send that stuff to the other media outlets. We were responsible in everything we did.

What response have you gotten from the story?

I’ve gotten a lot of people who work in government who have not only said “right on” since the first one but have helped lead the path. They’ve said, “Look at this politician, this contractor. Oh, and most importantly, this line in the budget.” I’m pretty good with the books but I didn’t pull this off myself—all of those biometrics contractors that were under strange lineups that you would never think. These are things that are, in my opinion, intentionally buried in the budget.

It sounds like there’s more to be told. Are you already planning on continuing the series?

At this juncture, we got those three out. It was so much information. … We had so much to jam into that third one. This whole series has already been so revealing and explosive. Moving on, we’re going to be filing some pretty rigorous FOIA requests. We know where a lot of the bodies are buried. We’ll see.

What do you hope happens as a result of the series?

Almost without a doubt, starting with Boston and hopefully the state, we need to start thinking about how data is stored. I’ve been screaming about this for three years. I wrote a big story for the Boston Phoenix called Infopocalypse a couple years ago. We have these giant troves of data that are unsecured or not secure enough. There are zero policies in the city of Boston. Data, as we have seen in modern warfare, can be a dangerous weapon. When the gun first came out, they certainly didn’t leave the armory open. It’s absolutely irresponsible the way governments have been holding our information.

The series has gotten a lot of attention from other media outlets, too.

We are constantly kneecapping the Boston Globe. That’s our job around here. They don’t necessarily rob from us, but maybe they take a quote from one of our stories and say “a local newspaper said.” All this underhanded shit. This one, even they didn’t dare. This was our story. I do appreciate the Globe acknowledging that more than one time in their article.

After the Globe article came out, it was covered by every single television news station. It was all over the radio. Even the Herald, the Boston Globe’s number one competitor took it after the Globe wrote it but didn’t give a shit after we wrote it. Regardless, it did help us get on the map. That’s important.

Having dealt with some daily publications and less alternative publications over the years, I gotta tell you, this is the kind of story where a hungry young reporter could have easily gotten the will kicked out of him. If you had an editor that wasn’t me, or just doesn’t get the technology, or doesn’t ever want to sound like a conspiracy theorist (god forbid), or something like that. Not to mention the way the documents were uncovered. It’s good this story ended up in an alt-weekly. I think we kicked ass with it. And the beautiful thing is, there’s more.

* * *

Boston Trolling by Chris Faraone, Kenneth Lipp & Jonathan Riley

Part I: You partied hard at Boston Calling and there’s facial recognition data to prove it

Part II: Smarter city or city under surveillance?

Part III: The future of pre-crime in the commonwealth

April Corbin is a freelance journalist who’s previously worked at two alt-weeklies, first as web content editor for Las Vegas Weekly and more recently as a staff writer at LEO Weekly. She was also a 2014 AAN Convention Scholarship recipient.

Leave a Reply