Download high-resolution image
Listen to a clip from the audiobook
audio pause button
0:00
0:00

Means of Control

How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State

Author Byron Tau
Listen to a clip from the audiobook
audio pause button
0:00
0:00
You are being surveilled right now. This “startling exposé” (The Economist) reveals how the U.S. government allied with data brokers, tech companies, and advertisers to monitor us through the phones we carry and the devices in our home.

“A revealing . . . startling . . . timely . . . fascinating, sometimes terrifying examination of the decline of privacy in the digital age.”—Kirkus Reviews


SHORTLISTED FOR THE SABEW BEST IN BUSINESS AWARD

“That evening, I was given a glimpse inside a hidden world. . . . An entirely new kind of surveillance program—one designed to track everyone.”

For the past five years—ever since a chance encounter at a dinner party—journalist Byron Tau has been piecing together a secret story: how the whole of the internet and every digital device in the world became a mechanism of intelligence, surveillance, and monitoring.

Of course, our modern world is awash in surveillance. Most of us are dimly aware of this: Ever get the sense that an ad is “following” you around the internet? But the true potential of our phones, computers, homes, credit cards, and even the tires underneath our cars to reveal our habits and behavior would astonish most citizens. All of this surveillance has produced an extraordinary amount of valuable data about every one of us. That data is for sale—and the biggest customer is the U.S. government.

In the years after 9/11, the U.S. government, working with scores of anonymous companies, many scattered across bland Northern Virginia suburbs, built a foreign and domestic surveillance apparatus of breathtaking scope—one that can peer into the lives of nearly everyone on the planet. This cottage industry of data brokers and government bureaucrats has one directive—“get everything you can”—and the result is a surreal world in which defense contractors have marketing subsidiaries and marketing companies have defense contractor subsidiaries. And the public knows virtually nothing about it.

Sobering and revelatory, Means of Control is the defining story of our dangerous grand bargain—ubiquitous cheap technology, but at what price?
Chapter 1

The Bad Guys Database


Acxiom, Arkansas and Washington, D.C., 2001

It was a crisp New England morning when Acxiom consumer No. 254-04907-10006 cleared the security checkpoint at Boston’s Logan Airport. Consumer No. 254-04907-10006 was a twenty-two-year-old Saudi national named Waleed al-Shehri. He was of slight stature and pale complexion and had been in the United States for only about five months on a tourist visa. But he had generated enough of a paper trail to be captured and indexed by Acxiom, which at the time was the world’s largest consumer data repository, holding billions of records on consumers drawn from corporate America as well as public records like court filings, voter registrations, and property deeds.

In his twenty weeks in America, al-Shehri had been busy. He had obtained two copies of the same Florida driver’s license (A426-893-78-460-0) with slightly mismatching addresses, giving him a duplicate that he could pass to an associate. He opened a bank account at SunTrust Bank in Florida (account number 0385008119775 linked to Visa debit card 4011 8060 7079 6163) and bought, insured, and then sold a 1993 Dodge Colt. He had bounced around motels and apartment complexes for weeks, generating even more records. The Bimini Motel and Apartments in Hollywood, Florida. Lago Mar Motel in Lake Worth. The Homing Inn in Boynton Beach. Lisa Motel and Apartment in Lake Worth. The DoubleTree in Lake Buena Vista. He’d availed himself of a number of services: a membership to the Body Perfect Fitness Center in Lake Worth and later the World Gym in Lantana. A Mail Boxes Etc. rental. He traveled extensively: to Freeport in the Bahamas, to Boston, to San Francisco, to Las Vegas. He made reservations at the Bahamas Princess Resort. Finally, he flew to the Boston area, where he checked into the 144-room Park Inn in Newton, Massachusetts, a leafy upscale suburb just outside the city. Six days later, he and the two men he’d been sharing a room with—his older brother Wail al-Shehri and a Saudi law school dropout named Satam al-Suqami—checked out of the motel. The trio headed for Boston Logan International Airport.

Corporate data banks were not the only computer systems to take note of al-Shehri. Somewhere in a database called the Computer-Assisted Passenger Prescreening System, or CAPPS, al-Shehri was flagged for additional screening as he made his way to his gate because something about his travel pattern had set off the system. However, under the security procedures in place at the time, additional screening applied only to checked luggage—not carry-on. Because al-Shehri had no checked bags, he cleared the security checkpoint without issue. The metal detectors at the time were calibrated to detect the metal content of a .22-caliber handgun, not blades like what the men were carrying. (Knives and other blades under four inches were permitted under the theory that they could not pose any serious danger if wielded as a weapon.)

Tucked away in yet another federal computer system run by the U.S. Immigration and Naturalization Service were other unusual records: U.S. government travel and visa files that showed al-Shehri shouldn’t even be in the country. He and al-Suqami had tried to visit the Bahamas a few weeks after al-Shehri arrived in America. They flew out of Miami, handing in their U.S.-government-issued travel authorizations. But once in Freeport, Bahamian authorities turned them away over their lack of visas, and they were forced to board the next flight back to the United States. Under U.S. law, they had never left America because they had never legally entered the Bahamas. But their reentry into the United States was never logged by the immigration computer systems. Their aborted trip to the Bahamas was shown as an exit. As far as the U.S. government was aware, neither of the two men strolling through Logan’s Terminal B were in the country at all.

At Logan Airport, the al-Shehri brothers and al-Suqami took their seats in business class of American Airlines Flight 11, offering nonstop service from Boston to Los Angeles. They were joined on that flight by two other associates: Mohamed Atta and Abdul Aziz al-Omari, both of whom had flown in from Portland, Maine, earlier that morning. About fifteen minutes into the flight, the five men sprang into action—stabbing two flight attendants, slashing the throat of a passenger in first class, and spraying a chemical irritant at the front of the plane to force the passengers and crew to the rear. As the plane passed near Albany, New York, the five hijackers had firmly established control. With Atta at the controls, they turned the Boeing 767 south toward New York City. Perhaps unfamiliar with the in-flight address system and intending to address the passengers and crew of Flight 11, Atta barked from the cockpit, “We have some planes. Just stay quiet, and you’ll be okay. We are returning to the airport. . . . ​Nobody move. Everything will be okay. If you try to make any moves, you’ll endanger yourself and the airplane. Just stay quiet.” But he transmitted it not over the intercom in the cabin but out over the plane’s external radio to other pilots and air traffic controllers—a chilling warning to the rest of the world that something was not right in the skies that September morning.

Why had none of the systems in place stopped them? It was a failure to connect the dots. The government had plenty of information, but it had failed to adequately capitalize on the disparate intelligence leads and anomalies in the data that already existed. The FBI knew, in the summer of 2001, that two of the hijackers, Khalid al-Mihdhar and Nawaf al-Hazmi, were al-Qaeda operatives who had entered the United States in January 2000. The bureau was actively hunting for al-Mihdhar in the days before al-Shehri and his associates destroyed the North Tower of the World Trade Center and left a gaping hole in the side of the Pentagon—scouring the country to see if al-Mihdhar was still there and to determine what his intentions were.

In fact, all summer long U.S. intelligence had been picking up vague and unspecific terrorist “chatter” warning of an unspecified threat to the homeland. President Bush’s August 6, 2001, daily intelligence briefing contained an item titled “Bin Ladin Determined to Strike in US.” That was the thirty-sixth time bin Laden or his al-Qaeda terrorist group had been mentioned in a presidential briefing in 2001. There was a memo from the Phoenix FBI field office, where an agent named Kenneth Williams warned in July that he believed the terrorist leader Osama bin Laden was trying to dispatch students to flight training in the United States. There was an FAA warning that same month of “reports of possible near-term terrorist operations” and ongoing threats against civil aviation, including the threat of hijacking. As the CIA director, George Tenet, later told the 9/11 Commission assembled to investigate the attacks about the increasingly dire intelligence warnings piled up on the desks of national security officials in the summer of 2001, “The system was blinking red.”

September 11 taught us something else, too: namely that data valuable in understanding the attacks wasn’t just hidden in government databases. In corporate America’s vast and growing collection of consumer data, there were patterns of bizarre behavior, unusual rentals, confounding address histories, and duplicate licenses. These were all potential signals to law enforcement or the intelligence community that something was potentially amiss—if only law enforcement had bothered to look. In the wake of the attack, the FBI put together a detailed chronology with 3,441 total entries chronicling the steps the hijackers had taken in their planning—bank transactions, travel records, hotel stays, gym check-ins, visa applications, and credit and debit card transactions that told the story of the attacks, from the date of the eldest hijacker Mohamed Atta’s birth in September 1968 to a handwritten letter the FBI found in a mailbox rented by some of the Florida-based hijackers, dated September 10, 2001, with a message to one of the hijackers: “Hammza, whatever you do, do not tell anyone what you are about to do tomorrow. Okay?” It was a chillingly detailed look at the years of planning that went into carrying out the attacks, much of it drawn from records maintained by corporate America.

And as the government soon found out, corporate America was eager to help.

At the heart of this story is a kind of company that few Americans give much thought to: data brokers. Beginning in the 1960s, these data warehousers sprang up to help America’s largest corporations advertise more efficiently. At first, these brokers were collecting fairly basic information: address history and some simple demographics. But as computers grew more powerful and digital storage grew cheaper, so did the capacity to collect and collate huge volumes of information and derive increasingly personalized insights from that data. Data brokers emerged to cater to advertisers’ demands for more and more detailed information on all of us.
Means of Control documents how a federal democracy formed shady alliances with private companies to collect data on its citizens. . . . [Tau] argue[s] persuasively that gee-whiz headlines about spy tech are a red herring; surveillance is a function of public-private partnerships, not specific technologies.”—The New York Times Book Review
 
“[Byron Tau] spells out in persuasive and disturbing detail how we inescapably create a digital dossier of our every movement, social interactions, purchases, desires, and more. . . . Well-written and compelling . . . Tau knows how to tell a good story.”—The Cipher Brief

“[Tau] documents how, across more than two decades, our government has turned to the private sector to keep tabs on us, all while both the authorities and the companies involved do everything they can to keep Americans in the dark. . . . An in-depth account . . . Tau’s extensive research gives readers a detailed tour of the bafflingly complex ecosystem of brokers and buyers of [our] information.”—Reason

“A testament to the singular and indispensable power of journalism to shine light in the dark and find answers to the hardest questions.”—Shane Harris, author of The Watchers

“Byron Tau’s extraordinary book recounts in engrossing detail how the U.S. government exploits massive loopholes in U.S. surveillance law to purchase in vast digital bazaars the intimate personal data that Americans unwittingly spew from their phones, cars, and computers every minute of every day. Means of Control exposes how American surveillance capitalism breeds secret government surveillance on a scale never imagined.”—Jack Goldsmith, Learned Hand Professor of Law, Harvard Law School

“A chilling chronicle of how data collection efforts by corporate and government entities have created a ‘digital panopticon’ . . . Filled with shocking revelations and first-rate reporting, this will have readers thinking twice before they post.”Publishers Weekly, starred review

“Startling . . . Tau’s explanations of how surveillance techniques have evolved in the twenty-first century in response to the trauma of 9/11—and how they might yet be put to use in ordinary circumstance—are exceptionally clear and unsettling. . . . This timely book carries a crucial message about the stakes involved in government-corporate partnerships. A fascinating, sometimes terrifying examination of the decline of privacy in the digital age.”Kirkus Reviews
© Elliott O'Donovan
Byron Tau is an investigative and enterprise journalist who specializes in law, courts, and national security. He reports for and teaches at the Allbritton Journalism Institute, a journalism nonprofit launched in 2023 that trains and mentors early-career reporters. He previously worked at The Wall Street Journal and Politico. A native of Holliston, Massachusetts, Tau has degrees from McGill University in Montreal and Georgetown University in Washington, D.C. View titles by Byron Tau

About

You are being surveilled right now. This “startling exposé” (The Economist) reveals how the U.S. government allied with data brokers, tech companies, and advertisers to monitor us through the phones we carry and the devices in our home.

“A revealing . . . startling . . . timely . . . fascinating, sometimes terrifying examination of the decline of privacy in the digital age.”—Kirkus Reviews


SHORTLISTED FOR THE SABEW BEST IN BUSINESS AWARD

“That evening, I was given a glimpse inside a hidden world. . . . An entirely new kind of surveillance program—one designed to track everyone.”

For the past five years—ever since a chance encounter at a dinner party—journalist Byron Tau has been piecing together a secret story: how the whole of the internet and every digital device in the world became a mechanism of intelligence, surveillance, and monitoring.

Of course, our modern world is awash in surveillance. Most of us are dimly aware of this: Ever get the sense that an ad is “following” you around the internet? But the true potential of our phones, computers, homes, credit cards, and even the tires underneath our cars to reveal our habits and behavior would astonish most citizens. All of this surveillance has produced an extraordinary amount of valuable data about every one of us. That data is for sale—and the biggest customer is the U.S. government.

In the years after 9/11, the U.S. government, working with scores of anonymous companies, many scattered across bland Northern Virginia suburbs, built a foreign and domestic surveillance apparatus of breathtaking scope—one that can peer into the lives of nearly everyone on the planet. This cottage industry of data brokers and government bureaucrats has one directive—“get everything you can”—and the result is a surreal world in which defense contractors have marketing subsidiaries and marketing companies have defense contractor subsidiaries. And the public knows virtually nothing about it.

Sobering and revelatory, Means of Control is the defining story of our dangerous grand bargain—ubiquitous cheap technology, but at what price?

Excerpt

Chapter 1

The Bad Guys Database


Acxiom, Arkansas and Washington, D.C., 2001

It was a crisp New England morning when Acxiom consumer No. 254-04907-10006 cleared the security checkpoint at Boston’s Logan Airport. Consumer No. 254-04907-10006 was a twenty-two-year-old Saudi national named Waleed al-Shehri. He was of slight stature and pale complexion and had been in the United States for only about five months on a tourist visa. But he had generated enough of a paper trail to be captured and indexed by Acxiom, which at the time was the world’s largest consumer data repository, holding billions of records on consumers drawn from corporate America as well as public records like court filings, voter registrations, and property deeds.

In his twenty weeks in America, al-Shehri had been busy. He had obtained two copies of the same Florida driver’s license (A426-893-78-460-0) with slightly mismatching addresses, giving him a duplicate that he could pass to an associate. He opened a bank account at SunTrust Bank in Florida (account number 0385008119775 linked to Visa debit card 4011 8060 7079 6163) and bought, insured, and then sold a 1993 Dodge Colt. He had bounced around motels and apartment complexes for weeks, generating even more records. The Bimini Motel and Apartments in Hollywood, Florida. Lago Mar Motel in Lake Worth. The Homing Inn in Boynton Beach. Lisa Motel and Apartment in Lake Worth. The DoubleTree in Lake Buena Vista. He’d availed himself of a number of services: a membership to the Body Perfect Fitness Center in Lake Worth and later the World Gym in Lantana. A Mail Boxes Etc. rental. He traveled extensively: to Freeport in the Bahamas, to Boston, to San Francisco, to Las Vegas. He made reservations at the Bahamas Princess Resort. Finally, he flew to the Boston area, where he checked into the 144-room Park Inn in Newton, Massachusetts, a leafy upscale suburb just outside the city. Six days later, he and the two men he’d been sharing a room with—his older brother Wail al-Shehri and a Saudi law school dropout named Satam al-Suqami—checked out of the motel. The trio headed for Boston Logan International Airport.

Corporate data banks were not the only computer systems to take note of al-Shehri. Somewhere in a database called the Computer-Assisted Passenger Prescreening System, or CAPPS, al-Shehri was flagged for additional screening as he made his way to his gate because something about his travel pattern had set off the system. However, under the security procedures in place at the time, additional screening applied only to checked luggage—not carry-on. Because al-Shehri had no checked bags, he cleared the security checkpoint without issue. The metal detectors at the time were calibrated to detect the metal content of a .22-caliber handgun, not blades like what the men were carrying. (Knives and other blades under four inches were permitted under the theory that they could not pose any serious danger if wielded as a weapon.)

Tucked away in yet another federal computer system run by the U.S. Immigration and Naturalization Service were other unusual records: U.S. government travel and visa files that showed al-Shehri shouldn’t even be in the country. He and al-Suqami had tried to visit the Bahamas a few weeks after al-Shehri arrived in America. They flew out of Miami, handing in their U.S.-government-issued travel authorizations. But once in Freeport, Bahamian authorities turned them away over their lack of visas, and they were forced to board the next flight back to the United States. Under U.S. law, they had never left America because they had never legally entered the Bahamas. But their reentry into the United States was never logged by the immigration computer systems. Their aborted trip to the Bahamas was shown as an exit. As far as the U.S. government was aware, neither of the two men strolling through Logan’s Terminal B were in the country at all.

At Logan Airport, the al-Shehri brothers and al-Suqami took their seats in business class of American Airlines Flight 11, offering nonstop service from Boston to Los Angeles. They were joined on that flight by two other associates: Mohamed Atta and Abdul Aziz al-Omari, both of whom had flown in from Portland, Maine, earlier that morning. About fifteen minutes into the flight, the five men sprang into action—stabbing two flight attendants, slashing the throat of a passenger in first class, and spraying a chemical irritant at the front of the plane to force the passengers and crew to the rear. As the plane passed near Albany, New York, the five hijackers had firmly established control. With Atta at the controls, they turned the Boeing 767 south toward New York City. Perhaps unfamiliar with the in-flight address system and intending to address the passengers and crew of Flight 11, Atta barked from the cockpit, “We have some planes. Just stay quiet, and you’ll be okay. We are returning to the airport. . . . ​Nobody move. Everything will be okay. If you try to make any moves, you’ll endanger yourself and the airplane. Just stay quiet.” But he transmitted it not over the intercom in the cabin but out over the plane’s external radio to other pilots and air traffic controllers—a chilling warning to the rest of the world that something was not right in the skies that September morning.

Why had none of the systems in place stopped them? It was a failure to connect the dots. The government had plenty of information, but it had failed to adequately capitalize on the disparate intelligence leads and anomalies in the data that already existed. The FBI knew, in the summer of 2001, that two of the hijackers, Khalid al-Mihdhar and Nawaf al-Hazmi, were al-Qaeda operatives who had entered the United States in January 2000. The bureau was actively hunting for al-Mihdhar in the days before al-Shehri and his associates destroyed the North Tower of the World Trade Center and left a gaping hole in the side of the Pentagon—scouring the country to see if al-Mihdhar was still there and to determine what his intentions were.

In fact, all summer long U.S. intelligence had been picking up vague and unspecific terrorist “chatter” warning of an unspecified threat to the homeland. President Bush’s August 6, 2001, daily intelligence briefing contained an item titled “Bin Ladin Determined to Strike in US.” That was the thirty-sixth time bin Laden or his al-Qaeda terrorist group had been mentioned in a presidential briefing in 2001. There was a memo from the Phoenix FBI field office, where an agent named Kenneth Williams warned in July that he believed the terrorist leader Osama bin Laden was trying to dispatch students to flight training in the United States. There was an FAA warning that same month of “reports of possible near-term terrorist operations” and ongoing threats against civil aviation, including the threat of hijacking. As the CIA director, George Tenet, later told the 9/11 Commission assembled to investigate the attacks about the increasingly dire intelligence warnings piled up on the desks of national security officials in the summer of 2001, “The system was blinking red.”

September 11 taught us something else, too: namely that data valuable in understanding the attacks wasn’t just hidden in government databases. In corporate America’s vast and growing collection of consumer data, there were patterns of bizarre behavior, unusual rentals, confounding address histories, and duplicate licenses. These were all potential signals to law enforcement or the intelligence community that something was potentially amiss—if only law enforcement had bothered to look. In the wake of the attack, the FBI put together a detailed chronology with 3,441 total entries chronicling the steps the hijackers had taken in their planning—bank transactions, travel records, hotel stays, gym check-ins, visa applications, and credit and debit card transactions that told the story of the attacks, from the date of the eldest hijacker Mohamed Atta’s birth in September 1968 to a handwritten letter the FBI found in a mailbox rented by some of the Florida-based hijackers, dated September 10, 2001, with a message to one of the hijackers: “Hammza, whatever you do, do not tell anyone what you are about to do tomorrow. Okay?” It was a chillingly detailed look at the years of planning that went into carrying out the attacks, much of it drawn from records maintained by corporate America.

And as the government soon found out, corporate America was eager to help.

At the heart of this story is a kind of company that few Americans give much thought to: data brokers. Beginning in the 1960s, these data warehousers sprang up to help America’s largest corporations advertise more efficiently. At first, these brokers were collecting fairly basic information: address history and some simple demographics. But as computers grew more powerful and digital storage grew cheaper, so did the capacity to collect and collate huge volumes of information and derive increasingly personalized insights from that data. Data brokers emerged to cater to advertisers’ demands for more and more detailed information on all of us.

Reviews

Means of Control documents how a federal democracy formed shady alliances with private companies to collect data on its citizens. . . . [Tau] argue[s] persuasively that gee-whiz headlines about spy tech are a red herring; surveillance is a function of public-private partnerships, not specific technologies.”—The New York Times Book Review
 
“[Byron Tau] spells out in persuasive and disturbing detail how we inescapably create a digital dossier of our every movement, social interactions, purchases, desires, and more. . . . Well-written and compelling . . . Tau knows how to tell a good story.”—The Cipher Brief

“[Tau] documents how, across more than two decades, our government has turned to the private sector to keep tabs on us, all while both the authorities and the companies involved do everything they can to keep Americans in the dark. . . . An in-depth account . . . Tau’s extensive research gives readers a detailed tour of the bafflingly complex ecosystem of brokers and buyers of [our] information.”—Reason

“A testament to the singular and indispensable power of journalism to shine light in the dark and find answers to the hardest questions.”—Shane Harris, author of The Watchers

“Byron Tau’s extraordinary book recounts in engrossing detail how the U.S. government exploits massive loopholes in U.S. surveillance law to purchase in vast digital bazaars the intimate personal data that Americans unwittingly spew from their phones, cars, and computers every minute of every day. Means of Control exposes how American surveillance capitalism breeds secret government surveillance on a scale never imagined.”—Jack Goldsmith, Learned Hand Professor of Law, Harvard Law School

“A chilling chronicle of how data collection efforts by corporate and government entities have created a ‘digital panopticon’ . . . Filled with shocking revelations and first-rate reporting, this will have readers thinking twice before they post.”Publishers Weekly, starred review

“Startling . . . Tau’s explanations of how surveillance techniques have evolved in the twenty-first century in response to the trauma of 9/11—and how they might yet be put to use in ordinary circumstance—are exceptionally clear and unsettling. . . . This timely book carries a crucial message about the stakes involved in government-corporate partnerships. A fascinating, sometimes terrifying examination of the decline of privacy in the digital age.”Kirkus Reviews

Author

© Elliott O'Donovan
Byron Tau is an investigative and enterprise journalist who specializes in law, courts, and national security. He reports for and teaches at the Allbritton Journalism Institute, a journalism nonprofit launched in 2023 that trains and mentors early-career reporters. He previously worked at The Wall Street Journal and Politico. A native of Holliston, Massachusetts, Tau has degrees from McGill University in Montreal and Georgetown University in Washington, D.C. View titles by Byron Tau