Data & Surveillance

What it is. Build a digital panopticon—cameras, phones, SDKs, clouds—then link it all. The goal is prediction and control: who meets whom, who pays whom, who might resist.

Sensor City

Domain: Data & Surveillance · Stratagems: 10, 24, 25

Problem / betrayal. “Smart” grants installed cameras, LPRs, and classroom apps overnight.

How it happened. FCC banned authorizations for “covered” PRC telecom/video-surveillance gear; Section 889 and FCC covered-list detail the risk. Rip-and-replace lags behind. Federal Communications Commission.

The men behind it. Importers, resellers, and city halls chasing discounts.

Consequences. Mass ID, data drift, and leverage.

Warning. If you don’t know where your data sleeps, your freedom doesn’t either.

Counter-Orders

Audit: device inventory; origin attestation; update-server endpoints. Federal Communications Commission.
Inoculate: SBOM + retention caps; kill any cloud unknown to procurement.
Isolate: rip and replace covered gear; deny procurement waivers. Federal Communications Commission.

Operating model

Actors: camera OEMs, NVR vendors, ISPs, app developers, analytics firms, data brokers, cloud hosts.
Levers: device installs, telemetry SDKs, IMSI catchers, LPRs, face match, cross-site IDs, data resale.
Mechanisms: collect exhaust → resolve identities → build graphs → score risk → cue enforcement.
Escalation ladder: convenience → monitoring → blacklists → predictive detention.
Success metrics: coverage density, linkage accuracy, time-to-identify, cost per investigation.

Tactic clusters (curated, non-repetitive)

1) Sensor Creep

Deploy cheap cameras and readers everywhere; normalize it as “safety.”

Stratagems: 12 Take the Opportunity to Pilfer a Goat, 25 Replace the Beams with Rotten Timbers

Application: Bundle surveillance with city “smart” grants; bury retention rules in vendor contracts.
Countermeasures: Procurement doctrine: no opaque origin, no buy; public maps of devices; retention caps.

2) SDK Telemetry Leaks

Harvest location, contacts, and patterns through innocent apps.

Stratagems: 10 Hide Your Dagger Behind a Smile, 1 Fool the Emperor to Cross the Sea

Application: “Free” analytics kits in weather, flashlight, and classroom tools; resell to brokers.
Countermeasures: SBOMs, vendor attestations, data minimization by default, block lists for hostile SDKs.

3) Cross-Border Gravity

Let data drift to friendly jurisdictions, then compel access.

Stratagems: 24 Borrow the Road to Conquer Guo, 7 Create Something from Nothing

Application: Cloud discounts and “AI services” pull workloads offshore; subpoenas or admin rules do the rest.
Countermeasures: Data localization for sensitive sets, split-key encryption, legal firebreaks in contracts.

4) Graph Enclosure

Lock analytics behind proprietary formats and fees.

Stratagems: 30 Exchange the Role of Guest for that of Host, 16 To Catch Something, First Let It Go

Application: Make migration painful; force everyone into the vendor’s graph to “improve outcomes.”
Countermeasures: Open exports, on-prem options, exit clauses, model portability requirements.

5) Synthetic ID & Linkage

Blend real and fake records to frame, dox, or silence targets.

Stratagems: 6 Make a Sound in the East, Strike in the West, 27 Feign Madness but Keep Your Balance

Application: Inject false hits into credit, school, or HR systems; let automation spread the smear.
Countermeasures: Provenance logs, challenge/appeal channels, hashed evidence lockers, cross-system reconciliation.

Failure modes & risks

Backdoors: hostile firmware or update servers compromise entire fleets.
Over-collection: more data, worse security; breach risk explodes.
Mission creep: “just this case” becomes policy; rights erode by habit.

Related: see Stratagems 10, 24, and 30 for how quiet infrastructure becomes control.