US events are prompting a showdown between democracy and online privacy

Events in the US have unfolded over the past two weeks like a boxing match between democracy in one corner and a grumpy skinhead in the other.

First, the latter the chin of democracy with a heavy blow. Rioters who entered the Capitol Hill Building, the country's Congress, committed a direct offence at one the most sacred political sites of American democracy that momentarily paralysed the nation.

But then democracy recovered. It rose to its knees and used what it's best at, the power of the people. Within hours of the incident thousands of concerned citizens, open-source journalist and hobby online investigators gathered online across social media networks - including your humble correspondent - and analysed video-frame by video-frame every image of footage from the scene.

Leading perpetrators (see example of one Tweet above), were quickly located. This is because these individuals left sufficient portions of online breadcrumbs - essentially traces openly accessible for those who know where to look - all over the web. Investigators used data from online posts, public authority records and other open-source intelligence sources.

This left their profile accessible and data that made tracing possible. Here at E&T, we covered various facial and images recognition tools and code that endow investigators and citizen journalists with great powers. They directly helped in the information gathering for the Capitol Hill incident and helped to inform federal and state investigators. 

But we also need a few critical words on how these intrusive open-source techniques impede privacy and therefore can be viewed critically in the eyes of advocates.

In the example of the riots it confirmed both. It allowed investigators for instance to find the man who brought to Capitol Hill police-type temporary restraints, as Citizen Lab researcher John Scott-Railton wrote. If the trespassers had the chance, these could have been used to take members of Congress hostage. So there was a real need and opportunity to do good.

I chatted to people online and collected the set of essential tools used in what might have been the biggest ever collaborative online investigation. Most effective were online tools like Microsoft’s facial image comparison analyser. It allows to compare faces in uploaded images with others found across the web. It provides you with a score indicating how closely subjects' faces align.

Other tools such as Yandex image search, PimEyes, TinEye, Berify, Pixsy, Face-rec.org, FindFace or Image Raider, all enabled users to gather intelligence to locate equipment, identities or even where the culprits shopped for their neo-Nazi clothes. All this eventually helped to build a public case against the intruders. 

Then democracy struck another blow at the sullen guy in the corner. Amazon decided to suspend its webhosting service to social media platform Parler. Parler is popular among right-wing extremist groups, and members involved in the Capitol Hill incident used it to coordinate their actions and share footage.

Amazon gave Parler a short-lived ultimatum. When it went dark, geolocation data from videos turned up. Every time a Parler user took a video, metadata including the location, time and the Parler ID were recorded.

This information leaked when the Parler data was initially scraped by @donk_enby on Twitter. This process is kind of like hitting “next page” then “save” over and over. The hacker shared links to the data she scraped, but not the data itself.

The links point to millions of public posts, images, and videos. The hacker also shared video metadata which included GPS locations and other information that cameras save in videos, like the phone model, but not data generated by the website, like usernames, other sources have told me.

That allowed developer Kyle McDonald and others, like me, to take the geolocation data from videos and plot it on a map. McDonald says it shows that Parler users were everywhere, not restricted to specific places the way that some popular narratives suggest. We can see the progression of videos taken around and even inside the Capitol Hill building. 

The data is evidence for a clear movement from the White House to the Capitol on January 6, including many videos that were shot inside the Capitol. 

GPS locations can be accurate down to a few metres, McDonald explains. We can see dots and relevant Parler IDs taken videos inside the building (see image above). Although this helps to expose the people behind the Parler IDs, there is a darker side to these leaks that we should worry about. 

[Such leaked metadata] have a history of being abused by police and other people interested in spying like stalkers, McDonald says. 

"Parler was incredibly irresponsible in not scrubbing this metadata. They scrubbed metadata from images, which indicates that they were aware of this problem but too incompetent to fix it for videos". It's not the first GPS leak. It may not be the last. Other developers and privacy advocated told me that they are worried.

“What happened if Facebook goes bust tomorrow [and leaks data in a similar fashion]?” one privacy advocate and developer from London told pointed out to me.  

McDonald says by now providers should know that they "should always scrub GPS metadata,” making any attempt to locate users futile. But users should also have legal protections against this kind of abuse, he adds. 

With the Parler geolocation video data now in the open, people started to look in their own neighbourhoods, some possibly for right-wing extremists. Who would blame them?

Of course, it warrants pointing out that not everyone on Parler is a member of an aggressive far-right extremist terrorist group. White supremacy and groups affiliated to it were recorded, that much is true, but many Twitter commentators also said that it would be a mistake to throw all Parler users in one pot.

Nonetheless, it's positive to see that the closing of Parler struck a direct blow against far-right British groups that are banned from Twitter, Youtube and Facebook.  

"People are taking a look in their own neighbourhoods, and remembering that we have a lot of work to do if we want to build strong communities that are resilient against the kinds of conspiracies and extremism that led to the attack on the Capitol”, McDonald adds. Recently, he helped to build a browser app called Facework that uses AI and uses peoples' facial expressions. 

Will the fight between Democracy and privacy go into another round? You bet it will. For now, the Capitol Hill incident has led to support of federal investigators, the finding of the perpetrators and now to Donald Trump’s second impeachment.

He might not ever take public office again. So, despite this round being won by democracy, those who bet on privacy might have lost their money.

Most recent reports confirmed information that app Zello was also involved in the orchestration of the Capitol Hill incident. We should hope that the social media walkie-talkie app, critics say has largely ignored a growing far-right user base, picked up a lesson or two from the Parler fiasco. 

Wakeup call for Biomass using healthy trees: Carbon-neutrality is a fairy tale

Pressure on the British biomass lobby is increasing. An investigation now also published by The Guardian, for which E&T worked with a team of international journalists, went through a painstaking process of fact-checking by the paper's lawyers before publication, I am told.

Our efforts and scrutiny paid off. The piece made waves. Environmental advocate Greta Thunberg tweeted the report and proclaimed it to be an "essential read on how 'bioenergy' is accelerating the climate crisis in the time span we have at hand."

E&T covered the same findings in December and received pressure from several companies and industry groups. But the findings are watertight: healthy roundwood - trees that could be used to capture carbon emissions - is still cut and used to make biomass pellets for the benefit of the UK's 'renewable energy transformation'.