We now live in a world where it is highly likely that various web companies, your government, and your internet service provider are tracking your web browsing. Where facial recognition software identifies you at borders, airports, and subway stations. Where your DNA may be sampled if you are arrested. Where new face tracking software gets used with old photo archives and video camera footage. Where data on what you buy and how you repay your debts is sold between companies. Where cameras track your automobile license plate to build up a database of your movements. Where drones may watch you from the sky. Where computers transcribe your speech and handwriting into searchable text. Where you can be identified at a distance by the cards in your wallet. Where your emails, phone calls, and text messages are scanned for keywords, archived forever, and used to build up webs of your known associates. Where governments and private organizations use data mining techniques against you. Where your cell phone can easily be turned into a bug that passes on what you say and type, as well as where you are. Where your Google searches may be used as evidence against you. Where anyone can listen to your cell phone calls. Where the metadata in the photos and videos you make identifies you. Where the DNA of your family members may be used to incriminate you. Where anyone on your wireless network can archive and access all your web traffic, as well as steal website sessions. Where no encryption software you can acquire does much good. Where insecure means of communication are marketed as secure. Where archives containing your sensitive personal data can be broken into (or bought) by those who wish to cause you trouble. And where anything ill-considered you did as a teenager may re-emerge to cause embarrassment or worse decades later.
The appropriate responses to this are not clear. You can simply accept that your life is an open book that anyone who cares to can pretty easily read from. You can opt out of some services (like Facebook) and employ some available countermeasures. You can move to the remote countryside and become a technology-shunning subsistence farmer (which is not to imply that all farmers shun technology, nor manage only to subsist). You can try to drive legislative, regulatory, and technological changes that address some of the issues above. What else can you do?
{ 109 comments… read them below or add one }
Oh, and Amazon is tracking what you highlight on your Kindle.
The Surveillance Society
Cell phones that pinpoint your location. Cameras that track your every move. Subway cards that remember. We routinely sacrifice privacy for convenience and security. So stop worrying. And get ready for your close-up.
Alleged rioters singled out over social media following London unrest
This is a huge can of worms Milan. For me, people’s use of the internet, stems from something more human than the need for immediate communication. Email in its original form allowed for that. The rise of social media, profiles, Facebooks, etc, all are a product of people’s need to be noticed.
I remember, when I was younger, I knew a few people who wrote in diaries. Then someone started writing on freeopendiary.com. It seems like a contradiction, “open diary.” When you ask anyone why they did it, the answer is obvious. People want to find love and acceptance, and the internet made that immediate. I know many people who have met their partners through the internet, as an example. People who would rather post videos on Facebook, over Youtube, because friends are more likely to comment on it. The same reason you end this entry with the question “What else can you do?” You know very well, there is little that can be done, but you still want to know what other people think of it.
I think people are too quick to judge the internet, and the access to personal information it allows for. We make the choice to make our lives more online.
With regards to the entire, I would call overly-paranoid blog entry, I think it really is a matter of opinion. Even if all these infringements occur, I feel relatively unaffected by it. Am I naive or idealistic? Sure.
With regards to the “ubiquitous surveillance,” do you think you possibly get more attention, because you have worked for the Canadian government, and have actively blogged about it?
I don’t know, as for the rest, what kind of company wouldn’t try to get more information from their client base if they were legally allowed?
One last thing, could you perhaps have also recognized Skype as being an incredible tool, that allows for free communication worldwide.
I would call it the greatest socio-technological (forgive if this is not a word) creation of this decade. Or Vimeo.com, that continues to be a hub for very talented people worldwide.
There are countless legitimate organizations and sites I am missing.
So simply put, to quote my hero Mr. Kubrick, if this whole thing is some kind of “doomsday machine”, maybe we should all learn to “stop worrying and love the bomb.”
I have a few responses to that.
First, I am certainly not saying that there aren’t great things about the internet. The internet is the main way in which I communicate.
Second, you can definitely choose not to make a big deal about the surveillance technologies that are being rolled out. One option for dealing with our changing world is just to accept the changes.
Third, something being used in a benign way today can be used in a malicious way tomorrow. I worry especially about governments. The 20th century shows how often governments have gone bad and abused the rights of their citizens. For any government that wants to clamp down on dissent today, these surveillance technologies are making it easier.
Not all of these technologies are being used in all places, but they do exist. Furthermore, the records they produce will probably exist forever and it is hard to know what consequences that will have.
Personally, I think giving up technology is too big a price to pay for privacy. That being said, I do think we should ask hard questions about the data being kept on us, whether it should be collected in the first place, and what laws and policies should govern the use of surveillance and the information acquired through surveillance practices and technologies.
Also, based on their records to date, I don’t think we can trust companies to protect our privacy and security from governments that have decided to act illegally or unethically.
When the US government asked the telecom companies to install secret rooms where warrantless interception of their network traffic would occur, the companies complied and kept it secret. That is probably a pattern many other companies follow around the world.
Skype might be great if you want to have innocuous conversations with friends back home. It might not be a great choice for talking about political reform in a country that may lock you up for discussing such things – or for trying to organize a union somewhere where workers are forbidden to do so – or even for having a conversation you want to be certain no third parties will overhear.
At this point, we cannot be confident that any conversation we have though a technological channel will be private. Nor can we be confident it will be ephemeral. It may be stored forever.
I’m addicted to all these technologies… tough to opt out. I wonder how much of our increased energy demands is driven by ‘tech’?
from zero hedge:
http://www.zerohedge.com/news/%E2%80%9Cwe-are-far-turnkey-totalitarian-state-big-brother-goes-live-september-2013
It may also be worth noting that the least privileged members of society are most likely to have their rights violated and least able to seek effective recourse when that occurs.
If you are a rich citizen of a state where the rule of law is respected, that’s one thing. If you are poor and living under a repressive and unaccountable government, the consequences of ubiquitous surveillance for you may be much worse.
And we know that companies from countries like the United States and Canada are selling surveillance technology to governments like Iran, China, and Saudi Arabia.
This is the one that worries me most too: “Third, something being used in a benign way today can be used in a malicious way tomorrow. I worry especially about governments. The 20th century shows how often governments have gone bad and abused the rights of their citizens. For any government that wants to clamp down on dissent today, these surveillance technologies are making it easier.”
Even if you NEVER use the internet, you are still being watched in lots of ways – your credit and debit cards, security cameras, etc
You just cannot escape it now
As the Chinese government forges ahead on a multibillion-dollar effort to blanket the country with surveillance cameras, one American company stands to profit: Bain Capital, the private equity firm founded by Mitt Romney.
In December, a Bain-run fund in which a Romney family blind trust has holdings purchased the video surveillance division of a Chinese company that claims to be the largest supplier to the government’s Safe Cities program, a highly advanced monitoring system that allows the authorities to watch over university campuses, hospitals, mosques and movie theaters from centralized command posts.
The Bain-owned company, Uniview Technologies, produces what it calls “infrared antiriot” cameras and software that enable police officials in different jurisdictions to share images in real time through the Internet. Previous projects have included an emergency command center in Tibet that “provides a solid foundation for the maintenance of social stability and the protection of people’s peaceful life,” according to Uniview’s Web site.
Such surveillance systems are often used to combat crime and the manufacturer has no control over whether they are used for other purposes. But human rights advocates say in China they are also used to intimidate and monitor political and religious dissidents. “There are video cameras all over our monastery, and their only purpose is to make us feel fear,” said Loksag, a Tibetan Buddhist monk in Gansu Province. He said the cameras helped the authorities identify and detain nearly 200 monks who participated in a protest at his monastery in 2008.
https://www.nytimes.com/2012/03/16/world/asia/bain-capital-tied-to-surveillance-push-in-china.html?_r=1
“Update on the trial of Byron Sonne, arrested in Toronto on explosives charges in advance of the G20 in June, 2010. This week, the Crown pulled up information off of Sonne’s harddrives, including tweets from Clay Shirky and Oxblood Ruffin, 50-year-old U.S. military manuals and photos of goats. Much time was spent discussing why Sonne used a goat as his username/avatar.”
On Monday, Nadeau also pressed Ouelette for his personal understanding of why there were photos of goats (one labeled “drunk goat”) on Sonne’s hard drive, and why the accused had used “Goatmaster” and “Toronto Goat” as his online usernames. Peter Copeland, one of Sonne’s lawyers, objected, saying that Ouelette wasn’t an expert on acronyms. Spies decided to hear the argument as “voir dire,” meaning she will decide later if it’s admissible as evidence. So, Ouelette opined that “Goat,” stood for “Greatest of All Time,” based on his knowledge of hockey, nicknames, and Wayne Gretzky.
“Recently Wired, USA Today and other news outlets reported on a new spy center being built to store intercepted communications (even American citizens’). Tuesday, Gen. Keith Alexander testified in front of Congress refuting the articles. Alexander even went so far as to claim the NSA lacks the authority to monitor American citizens. It’s an authority that was given to the NSA through the FISA Amendments Act signed into law by Bush and still supported today by Obama.”
Before yottabytes of data from the deep web and elsewhere can begin piling up inside the servers of the NSA’s new center, they must be collected. To better accomplish that, the agency has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities. Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency. The broad outlines of the so-called warrantless-wiretapping program have long been exposed—how the NSA secretly and illegally bypassed the Foreign Intelligence Surveillance Court, which was supposed to oversee and authorize highly targeted domestic eavesdropping; how the program allowed wholesale monitoring of millions of American phone calls and email. In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn’t revealed until now, however, was the enormity of this ongoing domestic spying program.
For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail. William Binney was a senior NSA crypto-mathematician largely responsible for automating the agency’s worldwide eavesdropping network. A tall man with strands of black hair across the front of his scalp and dark, determined eyes behind thick-rimmed glasses, the 68-year-old spent nearly four decades breaking codes and finding new ways to channel billions of private phone calls and email messages from around the world into the NSA’s bulging databases. As chief and one of the two cofounders of the agency’s Signals Intelligence Automation Research Center, Binney and his team designed much of the infrastructure that’s still likely used to intercept international and foreign communications.
…
Binney left the NSA in late 2001, shortly after the agency launched its warrantless-wiretapping program. “They violated the Constitution setting it up,” he says bluntly. “But they didn’t care. They were going to do it anyway, and they were going to crucify anyone who stood in the way. When they started violating the Constitution, I couldn’t stay.” Binney says Stellar Wind was far larger than has been publicly disclosed and included not just eavesdropping on domestic phone calls but the inspection of domestic email. At the outset the program recorded 320 million calls a day, he says, which represented about 73 to 80 percent of the total volume of the agency’s worldwide intercepts. The haul only grew from there. According to Binney—who has maintained close contact with agency employees until a few years ago—the taps in the secret rooms dotting the country are actually powered by highly sophisticated software programs that conduct “deep packet inspection,” examining Internet traffic as it passes through the 10-gigabit-per-second cables at the speed of light.
The software, created by a company called Narus that’s now part of Boeing, is controlled remotely from NSA headquarters at Fort Meade in Maryland and searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA.
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
Can the NSA Break AES?
…
My guess is that they can’t. That is, they don’t have a cryptanalytic attack against the AES algorithm that allows them to recover a key from known or chosen ciphertext with a reasonable time and memory complexity. I believe that what the “top official” was referring to is attacks that focus on the implementation and bypass the encryption algorithm: side-channel attacks, attacks against the key generation systems (either exploiting bad random number generators or sloppy password creation habits), attacks that target the endpoints of the communication system and not the wire, attacks that exploit key leakage, attacks against buggy implementations of the algorithm, and so on. These attacks are likely to be much more effective against computer encryption.
Deep End’s Paul Venezia discusses the ‘sci-fi fantasy’ that is privacy in the digital era. ‘The assault on personal privacy has ramped up significantly in the past few years. From warrantless GPS tracking to ISP packet inspection, it seems that everyone wants to get in on the booming business of clandestine snooping — even blatant prying, if you consider reports of employers demanding Facebook passwords prior to making hiring decisions,’ Venezia writes. ‘What happened? Did the rules change? What is it about digital information that’s convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress.
British Government To Grant Warrantless Trawl of Communications Data
“Having opposed the previous government’s attempts to introduce mass surveillance of Internet communications, the Conservatives are planning to introduce the very same policy they previously described as a ‘culture of surveillance which goes far beyond counter terrorism and serious crime.’ The plan is essentially to allow stored communication data to be trawled without the inconvenience of needing a warrant or even any reasonable suspicion.”
55% of Kids Don’t Post Some Things Because They Don’t Want to Look Bad in the Future
By Alexis Madrigal
Nov 9 2011, 9:30 AM ET
Pew research shows (again) that kids still care about privacy
The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”
In addition to giving the NSA access to a tremendous amount of Americans’ personal data, such an advance would also open a window on a trove of foreign secrets. While today most sensitive communications use the strongest encryption, much of the older data stored by the NSA, including a great deal of what will be transferred to Bluffdale once the center is complete, is encrypted with more vulnerable ciphers. “Remember,” says the former intelligence official, “a lot of foreign government stuff we’ve never been able to break is 128 or less. Break all that and you’ll find out a lot more of what you didn’t know—stuff we’ve already stored—so there’s an enormous amount of information still in there.”
That, he notes, is where the value of Bluffdale, and its mountains of long-stored data, will come in. What can’t be broken today may be broken tomorrow. “Then you can see what they were saying in the past,” he says. “By extrapolating the way they did business, it gives us an indication of how they may do things now.” The danger, the former official says, is that it’s not only foreign government information that is locked in weaker algorithms, it’s also a great deal of personal domestic communications, such as Americans’ email intercepted by the NSA in the past decade.
Britons Protest Government Eavesdropping Plans
LONDON — British lawmakers and rights activists joined a chorus of protest Monday against plans by the government to give the intelligence and security services the ability to monitor the phone calls, e-mails, text messages and Internet use of every person in the country.
In a land where tens of thousands of surveillance cameras attest to claims by privacy advocates that Britain is the Western world’s most closely monitored society, the proposal has touched raw nerves, compounding arguments that its citizens live under what critics call an increasingly intrusive “nanny state.”
The debate in recent years has pitted those who justify greater scrutiny by reference to threats of terrorism and organized crime against those who cleave to more traditional notions of individual privacy.
But the current proposal would go a step further, raising the question of how security agencies can themselves keep track of a proliferation of newer technologies such as Skype, instant messaging and social networking sites that permit instant communication outside more traditional channels.
Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target. Sprint’s wireless carrier Sprint Nextel requires police pay $400 per “market area” and per “technology” as well as a $10 per day fee, capped at $2,000. AT&T charges a $325 activation fee, plus $5 per day for data and $10 for audio. Verizon charges a $50 administrative fee plus $700 per month, per target.
Malware targeted at Syrian activists can operate webcam, disable AV, keylog, steal passwords
Here’s What Facebook Sends the Cops In Response To a Subpoena
“Facebook already shares its Law Enforcement Guidelines publicly, but we’ve never actually seen the data Menlo Park sends over to the cops when it gets a formal subpoena for your profile information. Now we know. This appears to be the first time we get to see what a Facebook account report looks like. The document was released by the The Boston Phoenix as part of a lengthy feature titled ‘Hunting the Craigslist Killer,’ which describes how an online investigation helped officials track down Philip Markoff. The man committed suicide, which meant the police didn’t care if the Facebook document was published elsewhere, after robbing two women and murdering a third.”
The SXSW panel “Sex, Dating, and Privacy Online” described the myriad ways in which every step you take, every move you make, is online and searchable. Panel member Violet Blue, a sex educator and tech columnist, pointed to the loose security and privacy practices of dating websites recently exposed by the Electronic Frontier Foundation.
You are naked on the Internet (MSNBC)
Six Heartbreaking Truths about Online Dating Privacy
1. Your dating profile—including your photos—can hang around long after you’ve moved on.
2. Gaping security holes riddle popular mobile dating sites-still.
3. Your profile is indexed by Google.
4. Your pictures can identify you.
5. Your data is helping online marketers sell you stuff.
6. HTTPS support is a wreck on many of the popular online dating sites
Innocent Or Not, the NSA Is Watching You
“Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails — parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter.’ It is, in some measure, the realization of the ‘total information awareness’ program created during the first term of the Bush administration — an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.”
Regulators want to put brakes on data collection, tracking
https://www.theglobeandmail.com/news/technology/tech-news/regulators-want-to-put-brakes-on-data-collection-tracking/article2390466/
When you ‘like’ something on Facebook or read an online newspaper, perhaps a dozen or more companies are squirrelling away data on your tastes, your habits, whether you’re male or female, old or young, gay or straight.
They mean no harm. They just want to give you, the customer, exactly what you want – it’s the grandfather of all business slogans. Their dilemma, now regulators’ noses are twitching, is how to serve you, and serve themselves, when what you want is to be left alone.
There are thousands of analytics companies, audience targeters, ad brokers, ad exchanges and the like that can collect and sell data-based services on internet users for 5,000 euros a time to big brands, which then buy ad space where their potential customers might be lurking.
You only know these trackers are at work if you read the fine print. The New York Times has a disclaimer saying it hires WebTrends and Audience Science to interpret its readers’ interests, and Britain’s Guardian newspaper says it pays Criteo and Quantcast, among others, to do the same.
http://yro.slashdot.org/story/12/04/02/205235/many-police-departments-engage-in-warrantless-cell-phone-tracking
Map of US police departments’ policies on tracking cell-phone use without a warrant
Ubiquitous surveillance makes it necessary to practice operational security in order to have privacy.
“A bill already passed by the Senate and set to be rubber stamped by the House would make it mandatory for all new cars in the United States to be fitted with black box data recorders from 2015 onwards. Section 31406 of Senate Bill 1813 (known as MAP-21), calls for ‘Mandatory Event Data Recorders’ to be installed in all new automobiles and legislates for civil penalties to be imposed against individuals for failing to do so. ‘Not later than 180 days after the date of enactment of this Act, the Secretary shall revise part 563 of title 49, Code of Federal Regulations, to require, beginning with model year 2015, that new passenger motor vehicles sold in the United States be equipped with an event data recorder that meets the requirements under that part,’ states the bill.”
Swedish Researchers Expose China’s Tor-Blocking Tricks
“A pair of researchers at Karlstad University have been able to establish how the Great Firewall of China sets about blocking unpublished Tor bridges. The GFC inspects web traffic looking for potential bridges and then attempts ‘to speak Tor’ to the hosts. If they reply, they’re deemed to be Tor bridges and blocked. While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated.”
AnonPaste is based on the open source ZeroBin software. It is a minimalist, opensource online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. More information on the project page.
Whistleblower: NSA Has All of Your Email
National Security Agency whistleblower William Binney reveals he believes domestic surveillance has become more expansive under President Obama than President George W. Bush. He estimates the NSA has assembled 20 trillion ‘transactions’ — phone calls, emails and other forms of data — from Americans. This likely includes copies of almost all of the emails sent and received from most people living in the United States. Binney talks about Section 215 of the USA PATRIOT Act and challenges NSA Director Keith Alexander’s assertion that the NSA is not intercepting information about U.S. citizens.
US carriers fight law that would force them to see a warrant before giving your data to cops
The California Location Privacy Bill (SB 1434) proposes to require cellular phone companies to stop their practice of giving your location data to the police without a warrant. Phone companies would still be allowed to give your information to the police if they got a warrant, first.
Naturally, the CTIA — the mobile carriers’ industry association — opposes it. They say that it will be “unduly burdensome” to have to say no when the police show up without a warrant, and to keep track of how often they give your information to the cops, and why.
Syrian Government Uses Skype To Push Malware To Activists
“The Syrian government is using Skype as a channel to infect activists’ systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. ‘The activist’s system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called “Xtreme RAT.” Xtreme Rat is a full-blown malicious Remote Access Tool.’”
US requests for secret spying warrants rose to nearly 2K in 2011, and not a single one was rejected
Portland, OR considers ubiquitous CCTV surveillance
Good for Twitter!
Twitter Hits Back at Court, Prosecutors Over ‘Occupy’ Order
Snooping on new media
Spies, lies and the internet
Plans to extend surveillance and secrecy are causing alarm within the coalition and outside it
…
The government insists it will not seek access to the content of communications, but says it can gain valuable intelligence by simply monitoring who is talking to whom, and where and when. Getting such traffic figures does not require a judicial warrant now, so the new plans are about modernising surveillance techniques, not expanding their scope.
Put simply, a computer or personal electronic device can no longer be viewed as a “thing,” Mr. Justice Thomas Heeney ruled, in rejecting the Crown’s bid to have the contents of Mr. Rafferty’s laptop admitted as evidence.
Rather, he said, recent case law holds that because a computer can contain huge amounts of personal information – e-mails, bank records, memos, documents, photos – it should be regarded as a “place,” akin to a house.
In this instance, the warrants targeted two homes and two cars and all were in order as far as they went, the judge found. Nor was anything amiss about how the searches were conducted – up to the point where various computers were seized.
At that stage, a secondary warrant was needed and, if requested, would likely have been granted, Judge Heeney wrote.
Yet none was obtained, despite the omission being flagged both by the Justice of the Peace who issued the warrants and later by an Ontario Provincial Police forensic detective.
https://www.theglobeandmail.com/news/national/what-the-jury-didnt-know-child-porn-torture-video-found-on-raffertys-laptop/article2429175/
Will the Government Be Reading This? Call Your Senator to Stop Dangerous Cybersecurity Proposals
CISPA was rammed through the House of Representatives without regard for civil liberties, but the campaign to stop shortsighted cybersecurity legislation is not over yet. We’ve got another chance to stop these bills in the Senate and prevent the government from sacrificing online civil liberties in the name of “cybersecurity.” EFF, Demand Progress, Fight for the Future, and Free Press are joining forces to oppose these bad laws. Can you help us out? Use our online tool to call your Senators and tell them to oppose dangerously vague cybersecurity legislation and support privacy protective amendments. Call now.
Audio Surveillance, Intended to Detect Gunshots, Can Pick Up Much More
New array at Leitrim?
DigitalGlobe imagery of Leitrim taken last February (see low-resolution sample at right) shows that a 600-metre-diameter circle has been cleared at the northern end of the station, presumably to host a new antenna array.
The new cleared space overlaps but is not quite concentric with a large circular area that was cleared and graded around 1967. The original space was suitable for a large circularly disposed antenna array (CDAA) such as an FRD-10, but no array was ever built on the site. It is probably not a coincidence that two FRD-10 arrays were built at other stations in Canada (Gander and Masset) at around the same time, under a program called Project Beagle. It is possible that the original Project Beagle called for the construction of three FRD-10 arrays, but that the Leitrim array was cancelled at some point early in the process, most likely for budgetary reasons.
Have you ever wondered what happens when you type your query into the Google search box and what data we store about that search?
Let’s take a simple search like “cars.” When someone types the word “cars” into the Google search engine, the request gets sent from that user’s computer over the internet to our computers, which look for the right search results. Once our computers have found the results, they send these back to the user’s computer, all in a fraction of a second.
We then store some data about this exchange: the search query (“cars”), the time and date it was typed, the IP address and cookie of the computer it was entered from, and its browser type and operating system. We refer to these records as our search logs, and most websites store records of visits to their site in a similar way.
https://www.google.com/intl/en/goodtoknow/data-on-google/search-logs/
Ghostery sees the invisible web – tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.
The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.
“A new report from Evidon, whose browser plug in Ghostery tracks Web trackers, makes it plain that ‘if you want to worry about somebody tracking you across the Web, worry about Google,’ writes blogger Dan Tynan. Google and Facebook, and their various services, occupy all of the top 5 slots on the Evidon Global Tracker Report’s list of the most prolific trackers. ‘And if you have any tracking anxiety left over, apply it to social networks like Facebook, G+, and Twitter,’ adds Tynan.”
http://yro.slashdot.org/story/12/06/11/2041238/google-and-facebook-top-biggest-web-tracker-list
The United Kingdom online monitoring law just got published, showcasing some disturbing facts. The paper is 123 pages long and is actually a draft of the Communications Data Bill. You might not be so happy to find out that from now, every single thing you do online will be recorded and stored by the good old Internet Service providers (ISP). What do we mean by online activity? Well, everything.
Canadian Government Installs Microphones and Cameras at Airports To Record Conversations of Air Travellers
OTTAWA – Airports and border crossings across Canada are being wired with high-definition cameras and microphones that can eavesdrop on travellers’ conversations, according to the Canada Border Services Agency.
A CBSA statement said that audio-video monitoring and recording is already in place at unidentified CBSA sites at airports and border points of entry as part of an effort to enhance “border integrity, infrastructure and asset security and health and safety.”
As part of the work, the agency is introducing audio-monitoring equipment as well.
“It is important to note that even though audio technology is installed, no audio is recorded at this time. It will become functional at a later date,” CBSA spokesman Chris Kealey said in a written statement.
But whenever that occurs, the technology, “will record conversations,” the agency said in a separate statement in response to questions from the Ottawa Citizen.
At Ottawa’s airport, signs will be posted referring passersby to a “privacy notice” that will be posted on the CBSA website once the equipment is activated, and to a separate help line explaining how the recordings will be used, stored, disclosed and retained.
Facebook buys Face.com, technology that enables facial recognition
http://boingboing.net/2012/06/13/uk-government-offers-unlimited.html
—
Tories divided over UK spying bill, Home Secretary dismisses critics as “conspiracy theorists” who want to protect freedom for “criminals, terrorists and paedophiles”
http://boingboing.net/2012/06/14/tories-divided-over-uk-spying.html
—
UK-wide workshops on how to talk to your MP about Internet spying and censorship
http://boingboing.net/2012/06/14/uk-wide-workshops-on-how-to-ta.html
—
UK economic crisis ends, Tories celebrate by committing £1.8B to spying
http://boingboing.net/2012/06/14/uk-economic-crisis-ends-torie.html
—
So Google Plus was formed more into a unifier of all of Google’s products and services, further evidenced by the controversial unified privacy policy released earlier this year. Everything done on non-Search services add to the “filter bubble” where search results are filtered based on what a user likes on YouTube, Plus, GMail contents etc.
For Google and advertisers, a user’s “fingerprint” of browsing habits and their profile of what interests them is further built and enhanced by unifying all of the data gathered across all of the separate services umbrella’d under the new privacy policy and linked via the Google Plus login.
…
But eventually, as indicated by the Google Plus links everywhere, Google Plus will be everything. Every YouTube account is really the video section of Google Plus. Search is just querying the Internet via Google Plus. GMail accounts are Google Plus recipients, and so on.
This is the goal of Google Plus. It tried to magically overcome Facebook, and that obviously did not work, so instead Google Plus has a new strategy: if it can’t hit the target, encompass it. Wrap everything else around Facebook and the users will cope.
http://silicon-news.com/news/2012/06/17/steve-jobs-google-plus/
—
“The BBC reports that the UK’s Draft Communications Bill includes a provision which could be used to force the Royal Mail and other mail carriers to retain data on all physical mail passing through their networks. The law could be used to force carriers to maintain a database of any data written on the outside of an envelope or package which could be accessed by government bodies at will. Such data could include sender, recipient and type of mail (and, consequentially, the entire contents of a postcard). It would provide a physical analog of the recently proposed internet surveillance laws. The Home Office claims that it has no current plans to enforce the law.”
http://yro.slashdot.org/story/12/06/17/1917212/proposed-uk-communications-law-could-be-used-to-spy-on-physical-mail
—
This isn’t the first time that an Executive has seized the general authority to search through the private communications and papers without individualized suspicion. To the contrary, the United States was founded in large part on the rejection of “general warrants” – papers that gave the Executive (then the King) unchecked power to search colonial Americans without cause. The Fourth Amendment was adopted in part to stop these “hated writs” and to make sure that searches of the papers of Americans required a probable cause showing to a court. Indeed, John Adams noted that “the child Independence was born,” when Boston merchants unsuccessfully sued to stop these unchecked powers, then being used by British customs inspectors seeking to stamp out smuggling.
The current warrantless surveillance programs on both sides of the Atlantic return us to the policies of King George III only with a digital boost. In both, our daily digital “papers” — including intimate information such as who we are communicating with, what websites we visit (which of course includes what we’re reading) and our locations as we travel around with our cell phones — are collected and subjected to some sort of datamining. Then we’re apparently supposed to trust that no one in government will ever misuse this information, that the massive amounts of information about us won’t be subject to leak or attack, and that whatever subsequent measures are put into place to government access to it by various government agencies will be sufficient to protect our privacy and ensure due process, fairness and security.
https://www.eff.org/deeplinks/2012/06/uk-mass-surveillance-bill-return-bad-idea
Amesys, with its Eagle system, was just one of Libya’s partners in repression. A South African firm called VASTech had set up a sophisticated monitoring center in Tripoli that snooped on all inbound and outbound international phone calls, gathering and storing 30 million to 40 million minutes of mobile and landline conversations each month. ZTE Corporation, a Chinese firm whose gear powered much of Libya’s cell phone infrastructure, is believed to have set up a parallel Internet monitoring system for External Security: Photos from the basement of a makeshift surveillance site, obtained from Human Rights Watch, show components of its ZXMT system, comparable to Eagle. American firms likely bear some blame, as well. On February 15, just prior to the revolution, regime officials reportedly met in Barcelona with officials from Narus, a Boeing subsidiary, to discuss Internet-filtering software. And the Human Rights Watch photos also clearly show a manual for a satellite phone monitoring system sold by a subsidiary of L-3 Communications, a defense conglomerate based in New York.
https://www.schneier.com/blog/archives/2012/06/interesting_art.html
—
Jamming Tripoli: Inside Moammar Gadhafi’s Secret Surveillance Network
He once was known as al-Jamil—the Handsome One—for his chiseled features and dark curls. But four decades as dictator had considerably dimmed the looks of Moammar Gadhafi. At 68, he now wore a face lined with deep folds, and his lips hung slack, crested with a sparse mustache. When he stepped from the shadows of his presidential palace to greet Ghaida al-Tawati, whom he had summoned that evening by sending one of his hulking female bodyguards to fetch her, it was the first time she had seen him without his trademark sunglasses; his eyes were hooded and rheumy. The dictator was dressed in a white Puma tracksuit and slippers. How tired and thin he looked in person, Tawati thought.
It was February 10, 2011, and Libya was in an uproar. Two months earlier, in neighboring Tunisia, a street vendor named Mohammed Bouazizi had set himself on fire after a policewoman beat him and confiscated his wares. It was the beginning of the Arab Spring, a series of uprisings, revolutions, and civil wars that would radically alter the politics of the Middle East. In Libya, opponents of the Gadhafi regime had called for a day of protest on February 17, to mark the anniversary of a 2006 protest in the city of Benghazi, where security forces had killed 11 demonstrators and wounded dozens more.
Tawati was one of the most outspoken dissidents blogging openly from inside Libya. Thirty-four years old, with a gravelly childlike voice and singsong laugh that belied her deep stubbornness, she had come to political consciousness during the mid-2000s, at a time when Gadhafi, seeking reconciliation with the West, had ceased using his most heavy-handed tactics of repression—such as outright massacres—and allowed a modicum of public dissent. During her university days, when the Internet had begun to ease the country’s isolation, Tawati took naturally to the roles of gadfly and outsider. Her parents had divorced when she was young; in Libya’s deeply conservative culture, growing up with a single mother made her a social outcast. The injustice she experienced as a child led her to critique the injustice of the dictatorial regime, particularly on women’s issues—for example, she blogged about a sexual abuse scandal at a home for unwed mothers institutionalized by the Gadhafi government. Over time she won a modest following online. As the planned protests of February 17 approached, Tawati, always prone to impassioned rhetoric, blogged that if Libyans failed to turn out for the demonstrations she would burn herself just as Bouazizi had done. Somehow Gadhafi himself had heard news of this threat and decided he needed to meet her.
Despite the dictator’s haggard appearance, his manner remained confident and effusive. When he wanted to be, Gadhafi was a legendary charmer, a man deeply at ease with ordinary Libyans. He shook Tawati’s hand and patted her shoulder paternally, directing her to sit next to him on the sofa. He asked her about her health, her family, where she was from. He asked her who had taught her to write. She told him about her demands for greater openness and accountability in Libya, taking care not to criticize him directly. He seemed sympathetic, nodding at various points. Finally she worked up the courage to ask him why the government had blocked YouTube several months earlier.
Gadhafi acted oblivious. “Is it switched off?” he asked.
—
“Despite television being a rather tough nut to crack, Intel is apparently hoping that its upcoming set-top box and subscription service will be its golden ticket to delivering more Intel processors to the living room. The service would be a sort of specialized virtual cable subscription that would combine a bundle of channels with on demand content. So what’s Intel’s killer feature that distinguishes it from the vast and powerful competition? Granular ratings that result in targeted ads. Intel is promising technology in a set-top box that can distinguish who is watching, potentially allowing Intel to target advertising. The technology could potentially identify if the viewer is an adult or a child, male or female, and so on, through interactive features and face recognition technology.”
http://entertainment.slashdot.org/story/12/06/09/0012247/intel-to-launch-tv-service-with-facial-recognition-by-end-of-the-year
—
http://fullcomment.nationalpost.com/2012/06/13/jesse-kline-britains-government-chooses-security-over-liberty-with-internet-spying-plan/
Have Your Fingerprints Read From 6 Meters Away
“A new startup has technology to read fingerprints from up to 6 meters away. IDair currently sells to the military, but they are beta testing it with a chain of 24-hour fitness centers that want to restrict sharing of access cards. IDair also wants to sell this to retail stores and credit card companies as a replacement for physical cards. Lee Tien from the EFF notes that the security of such fingerprint databases is a privacy concern.”
Cops in USA to drive around in pornoscannerwagons, covertly irradiating people and looking through their cars and clothes
http://boingboing.net/2012/07/02/cops-in-usa-to-drive-around-in.html
Chinese Censors Are Being Watched
“The Economist is reporting on two research teams, one at Harvard and another at the University of Hong Kong, who have developed software to detect what posts to Chinese social media get censored. ‘The team has built up a database comprising more than 11m posts that were made on 1,382 Chinese internet forums. Perhaps their most surprising result is that posts critical of the government are not rigorously censored. On the other hand, posts that have the purpose of getting people to assemble, potentially in protest, are swept from the internet within a matter of hours.’ Chinese censors may soon have to deal with an unprecedented transparency of their actions.”
Executive Order Grants US Gov’t New Powers Over Communication Systems
President Obama has issued a new executive order: ‘Assignment of National Security and Emergency Preparedness Communications Functions.’ EPIC reports: ‘The Executive Order grants new powers to the Department of Homeland Security, including the ability to collect certain public communications information. Under the Executive Order the White House has also granted the Department the authority to seize private facilities when necessary, effectively shutting down or limiting civilian communications.’
Law Enforcement Demanded Cell Phone User Info Well Over 1.3 Million Times Last Year
Federal, state, and local law enforcement agencies have made over 1.3 million demands for user cell phone data in the last year, “seeking text messages, caller locations and other information.” The New York Times called the new findings proof of “an explosion in cellphone surveillance” in the United States — much of it done without a warrant. It’s time for cell phone companies to start producing regular transparency reports about the data they hand to the government. And Congress should see this as a call-to-action to pass robust privacy legislation mandating warrants for cell phone subscriber, cell tower, and GPS data.
America’s ISPs set to spy on your network access to help entertainment industry
RT had a very interesting interview with former NSA official turned whistleblower Thomas A. Drake, who said, ‘Security has effectively become the State religion; you don’t question it. And if you question it, then your loyalty is questioned.’ ‘Speaking truth of power is very dangerous in today’s world,’ he added. The interviewer pointed out that investigative journalists are labeled as ‘terrorist helpers’ for trying to reveal the truth, to which Drake said the government’s take is ‘you go after the messenger because the last thing you want to do is deal with the message.
HOPE 9: Whistleblower Binney says the NSA has dossiers on nearly every US citizen
Malte Spitz: Your phone company is watching
“The Sixth Circuit Court of Appeals has held that it is okay for police to track your cellphone signal without a warrant. Using information about the cell tower that a prepaid cell phone was connected to, the police were able to track a suspected drug smuggler. Apparently, keeping your cellphone on is authorization for the police to know where you are. According to the ruling (PDF), ‘[The defendant] did not have a reasonable expectation of privacy in the data emanating from his cell phone that showed its location.’ Also, ‘if a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal.’”
“Australia’s parliament has passed a bill that will allow law enforcement agencies to force internet service providers to store data on subscribers while an official warrant is sought. The changes move Australia closer to its two-year-old proposal to accede to the 2004 Council of Europe Convention on Cybercrime, designed to assist with international cybercrime investigations through sharing of information on persons of interest, among other avenues.”
Few of Afghanistan’s 30m people have a birth certificate, a second name or can read. Yet America’s army and the Afghan government have collected digital records of more than 2.5m of them. Anyone arrested or imprisoned, or who seeks to join the army or police, is scanned. So are those, such as labourers, who attempt to get into a coalition military base. Each is checked against watchlists of suspects. Last year biometric machines were also put at all border crossings. In hotly contested areas any “fighting-age males”, meaning those between 15 and 70, may be scanned compulsorily.
WHEN investigators try to discover what caused an airliner to crash, the first thing they hope to find are the flight data recorders, popularly known as “black boxes”. These devices, usually painted bright orange, record how the aircraft was flying and the last 30 minutes or so of conversation in the cockpit. The information extracted from them has helped to determine the cause of air crashes and to improve aviation safety. Similar recording systems are fitted to some trains, ships and lorries. Now a bill in America’s Congress seeks to make it compulsory for data recorders to be fitted to all cars by 2015.
The idea is that data captured by the recorders would give investigators and road-safety officials a better understanding of how certain crashes come about. It would also help police and insurance companies to apportion blame. What many drivers may not realise, however, is that most cars already record data if they are involved in an accident, and that this information can be read by anyone with the right kit.
The technology that America’s lawmakers want to be made compulsory was originally intended for another purpose. With the widespread adoption of airbags, which began in the late 1980s, General Motors (GM), an airbag pioneer, wanted better analysis of how airbags were deployed, to improve their reliability and effectiveness. To obtain the data it required, GM began fitting a small memory unit to the electronic module that triggers the airbags. Ford, Chrysler and other carmakers followed suit. Around 80% of the cars sold in America now have these devices, called event data recorders (EDRs).
Online shoppers let slip plenty of information about themselves that could be of use to crafty salesmen. Cookies reveal where else they have been browsing, allowing some guesses about their income bracket, age and sex. Their internet address can often be matched to their physical address: the richer the neighbourhood, the deeper the pockets, it may be assumed. Apple computer-owners are on average better-off than Windows PC users, and firms may offer them pricier options, as Orbitz, a travel website, is doing. Your mouse may also be squeaking on you: click too quickly from home-page to product page to checkout, and the seller can conclude that you have already decided to buy—so why offer you a discount?
A BIG BANK hires a star analyst from another firm, promising to pay a substantial bonus if the new hire increases revenue or cuts costs. In banking this happens all the time, but this deal differs from the rest in one small detail: the new hire, Watson, is an IBM computer.
Watson became something of a celebrity after beating the champion human contestants on “Jeopardy”, an American quiz show. Its skill is to be able to process millions of documents quickly by reading and “understanding” ordinary written language. Computers have no trouble with searching data neatly sorted in databases. Watson’s claim to fame is that it can do the same with “unstructured data” such as those found in e-mails, news reports, books and websites. IBM hopes that Watson may, in time, do some of the work that human analysts do now, such as reading the financial pages of newspapers, looking at thousands of company results and forecasts and producing a list of companies that might be takeover targets soon.
Citigroup has hired Watson to help it decide what new products and services (such as loans or credit cards) to offer its customers. The bank doesn’t say so, but Watson’s first job may well be to try to cut down on fraud and look for signs of customers becoming less creditworthy. If so, Watson will be following other computers designed to deal with “big data”. Across a slew of new firms in Silicon Valley and in big banks across the world, a range of new ideas is being tried to crunch data. Some have the potential to change banking from the bottom up.
…
The firm that has perhaps gone furthest in finding useful connections in disparate databases is Palantir Technologies, which takes its name from the magical all-seeing crystal balls of J.R.R. Tolkien’s mythology. It was founded by a group of PayPal alumni and backed by Peter Thiel, one of PayPal’s co-founders. Its speciality is building systems that pull together information from different places and try to find connections. Some of its earliest adopters have been spy agencies. In America the CIA and the FBI use it to connect individually innocuous activities such as taking flying lessons and receiving money from abroad to spot potential terrorists. Its other main market is in banking, where big firms such as JPMorgan and Citi use it for a range of activities from structuring equity derivatives to reducing loan losses.
Some bars and clubs are using a novel technology to help partygoers decide where to party. SceneTap, an American start-up, uses cameras to scan the faces of those who enter and leave participating establishments. Its software then guesses each person’s age and sex. Aggregated data are streamed to a website and mobile app. This allows punters to see which bars are busy, the average age of revellers and the all-important male-to-female ratio.
Bar owners gain publicity and intelligence about their customers. Did a promotion aimed at women attract many? Since drinks are often paid for in cash and by men, it used to be hard to tell.
SceneTap’s cameras are watching more than 100 American watering holes. But they are controversial. The app could make life irksome for large groups of women, by summoning hordes of predatory males. So SceneTap has fixed its software to mask extreme sex imbalances. That will please bar owners, who would prefer not to admit when they are packed with men. But it will disappoint precisely the people most likely to use the app.
Watch the watchers with this homebrew map of surveillance cams in Tampa at RNC convention
Big Brother on a budget: How Internet surveillance got so cheap
Deep packet inspection, petabyte-scale analytics create a “CCTV for networks.”
When Libyan rebels finally wrested control of the country last year away from its mercurial dictator, they discovered the Qaddafi regime had received an unusual gift from its allies: foreign firms had supplied technology that allowed security forces to track nearly all of the online activities of the country’s 100,000 Internet users. That technology, supplied by a subsidiary of the French IT firm Bull, used a technique called deep packet inspection (DPI) to capture e-mails, chat messages, and Web visits of Libyan citizens.
The fact that the Qaddafi regime was using deep packet inspection technology wasn’t surprising. Many governments have invested heavily in packet inspection and related technologies, which allow them to build a picture of what passes through their networks and what comes in from beyond their borders. The tools secure networks from attack—and help keep tabs on citizens.
Narus, a subsidiary of Boeing, supplies “cyber analytics” to a customer base largely made up of government agencies and network carriers. Neil Harrington, the company’s director of product management for cyber analytics, said that his company’s “enterprise” customers—agencies of the US government and large telecommunications companies—are ”more interested in what’s going on inside their networks” for security reasons. But some of Narus’ other customers, like Middle Eastern governments that own their nations’ connections to the global Internet or control the companies that provide them, “are more interested in what people are doing on Facebook and Twitter.”
NetFalcon is targeted at very specific audiences: law enforcement agencies, telecom carriers and large ISPS, and very large companies in heavily regulated or secretive industries willing to pay for what amounts to an intelligence community grade solution. But for other organizations that already have application firewalls, intrusion detection systems or other DPI systems installed, there may not be a budget or need for Bivio’s type of technology. Take, for example, the University of Scranton, which uses Splunk to drive its information security operations.
Unlike NetFalcon, Splunk “is a huge database, but it doesn’t come with preconfigured alerts,” said Anthony Maszeroski, Information Security Manager at the University of Scranton (located in Scranton, Pennsylvania). The university has about 5,200 students—about half of whom live on campus—and has turned Splunk into the hub of its network security operations, using it to automate a large percentage of its responses to emerging threats.
Maszeroski said the IT department at Scranton pulls in data from a variety of systems. The campus’ wireless and wired routers send logs for Dynamic Host Configuration Protocol and Network Address Translation events to Splunk, which includes the physical MAC address of the devices connecting with a timestamp. This allows administrators to search the database by device address and follow where they’ve connected from on campus. The database also pulls in information on outbound DNS queries and other types of application traffic, enterprise system logs, and events from the University’s intrusion prevention system. The Splunk database of the University of Scranton Information Security Office is “close to a terabyte” in size, Maszeroski said, and “our standard op procedure is to throw everything away after 90 days. We’re also limited by budget and storage capacity.”
Anonymous reminds Apple that UDIDs are creepy
Web-based hacker collective Anonymous published 1 million Apple UDIDs on the web early this morning from a trove of 12 million that it allegedly stole from an FBI agent’s laptop in March. Buried within the rambling, bizarre missive from the group about why it published these unique device identifiers — besides attempting to embarrass the FBI for tracking that many iOS devices, and creating general mayhem — was a pointed comment about Apple’s decision to use and publish UDIDs in the first place with iOS devices.
Most Torrent Downloaders Are Monitored, Study Finds
A new study from Birmingham University in the U.K. found that people will likely be monitored within hours of downloading popular torrents by at least one of ten or more major monitoring firms. The team, led by security researcher Tom Chothia, ran software that acted like a BitTorrent client for three years and recorded all of the connections made to it.
Appelbaum: Cell phones are tracking devices that make phone calls. It’s sad, but it’s true. Which means software solutions don’t always matter. You can have a secure set of tools on your phone, but it doesn’t change the fact that your phone tracks everywhere you go. And the police can potentially push updates onto your phone that backdoor it and allow it to be turned into a microphone remotely, and do other stuff like that. The police can identify everybody at a protest by bringing in a device called an IMSI catcher. It’s a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybody’s cell phones will automatically jump onto the tower, and if the phone’s unique identifier is exposed, all the police have to do is go to the phone company and ask for their information.
Resnick: So phones are tracking devices. They can also be used for surreptitious recording. Would taking the battery out disable this capability?
Appelbaum: Maybe. But iPhones, for instance, don’t have a removable battery; they power off via the power button. So if I wrote a backdoor for the iPhone, it would play an animation that looked just like a black screen. And then when you pressed the button to turn it back on it would pretend to boot. Just play two videos.
Resnick: And how easy is it to create something like to that?
Appelbaum: There are weaponized toolkits sold by companies like FinFisher that enable breaking into BlackBerries, Android phones, iPhones, Symbian devices and other platforms. And with a single click, say, the police can own a person, and take over her phone.
EFF Sues for Answers About Illegal Government Email and Phone Call Surveillance
Washington, D.C. – The Electronic Frontier Foundation (EFF) sued the Department of Justice (DOJ) today, demanding answers about illegal email and telephone call surveillance at the National Security Agency (NSA).
The FISA Amendments Act (FAA) of 2008 gave the NSA expansive power to spy on Americans’ international email and telephone calls. However, last month, in a letter to Senator Ron Wyden, a government official publicly disclosed that the NSA’s surveillance had gone even further than what the law permits, with the Foreign Intelligence Surveillance Court (FISC) issuing at least one ruling calling the NSA’s actions unconstitutional. The government further disclosed that the FISC had determined the government’s surveillance violated the spirit of the law on at least one occasion, as well. EFF’s Freedom of Information Act (FOIA) lawsuit seeks disclosure of any written opinions or orders from FISC discussing illegal government surveillance, as well as any briefings to Congress about those violations.
RAP NEWS 15: Big Brother is WWWatching You (feat. George Orwell)
Cops might finally need a warrant to read your Gmail
Major surveillance law change arrives in the Senate—and it might well pass.
Right now, if the cops want to read my e-mail, it’s pretty trivial for them to do so. All they have to do is ask my online e-mail provider. But a new bill set to be introduced Thursday in the Senate Judiciary Committee by its chair, Sen. Patrick Leahy (D-VT), seems to stand the best chance of finally changing that situation and giving e-mail stored on remote servers the same privacy protections as e-mail stored on one’s home computer.
When Congress passed the 1986 Electronic Communications Privacy Act (ECPA), a time when massive online storage of e-mail was essentially unimaginable, it was presumed that if you hadn’t actually bothered to download your e-mail, it could be considered “abandoned” after 180 days. By that logic, law enforcement would not need a warrant to go to the e-mail provider or ISP to get the messages that are older than 180 days; police only need to show that they have “reasonable grounds to believe” the information gathered would be useful in an investigation. Many Americans and legal scholars have found this standard, in today’s world, problematic.
Leahy, who was one of ECPA’s original authors, proposed similar changes in May 2011, but that was never even brought to a vote in the committee. The new version, which keeps the most important element of the 2011 proposal, will be incorporated into a larger bill aimed at revising the 1988 Video Privacy Protection Act (VPPA).
Congress report warns: drones will track faces from the sky
With the FAA working on rules to integrate drones into airspace safety by 2015, the US government’s Congressional Research Service has warned of gaps in how American courts might treat the use of drones.
The snappily-headlined report, Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses (PDF here), notes drones now in use can carry thermal imaging, high-powered cameras, license plate readers and LIDAR (light detection and ranging). “Soft” biometrics and facial recognition won’t be far behind, the report suggests, allowing drones to “recognize and track individuals based on attributes such as height, age, gender, and skin color.”
“The relative sophistication of drones contrasted with traditional surveillance technology may influence a court’s decision whether domestic drone use is lawful under the Fourth Amendment,” the report compiled by legislative attorney Richard Thompson II states.
Starting Next Year, Brazil Wants To Track All Cars Electronically
“As of January, Brazil intends to put into action a new system that will track vehicles of all kinds via radio frequency chips. It will take a few years to accomplish, but authorities will eventually require all vehicles to have an electronic chip installed, which will match every car to its rightful owner. The chip will send the car’s identification to antennas on highways and streets, soon to be spread all over the country. Eventually, it will be illegal to own a car without one. Besides real time monitoring of traffic conditions, authorities will be able to integrate all kinds of services, such as traffic tickets, licensing and annual taxes, automatic toll charge, and much more. Benefits also include more security, since the system will make it harder for thieves to run far away with stolen vehicles, much less leave the country with one.”
Petraeus scandal: This is the national-security establishment turning the surveillance apparatus on itself
From Patrick Radden Keefe, in the New Yorker: “The serialized revelations that have unfolded since Friday—when Petraeus, who left the military as a four-star general, resigned from the C.I.A. because of an affair—are, to say the least, honeyed with irony. In the decade following September 11, 2001, the national-security establishment in this country devised a surveillance apparatus of genuinely diabolical creativity—a cross-hatch of legal and technical innovations that (in theory, at any rate) could furnish law enforcement and intelligence with a high-definition early-warning system on potential terror events. What it’s delivered, instead, is the tawdry, dismaying, and wildly entertaining spectacle that ensues when the national-security establishment inadvertently turns that surveillance apparatus on itself.”
Government Surveillance Growing, According To Google
In a blog post, Google senior policy analyst Dorothy Chou says, ‘ [G]overnment demands for user data have increased steadily since we first launched the Transparency Report.’ In the first half of 2012, the period covered in the report, Chou says there were 20,938 inquiries from government organizations for information about 34,614 Google-related accounts. Google has a long history of pushing back against governmental demands for data, going back at least to its refusal to turn over search data to the Department of Justice in 2005. Many other companies have chosen to cooperate with government requests rather than question or oppose them, but Chou notes that in the past year, companies like Dropbox, LinkedIn, Sonic.net and Twitter have begun making government information requests public, to inform the discussion about Internet freedom and its limits. According to the report, the U.S. continues to make the most requests for user data, 7,969 in the first six months of the year. Google complied with 90% of these requests. Google’s average compliance rate for the 31 countries listed in the report is about 47%.
Will the scandal surrounding David Petraeus, General John Allen, Paula Broadwell, Jill Kelley, and a shirtless F.B.I. agent turn into the same sort of eureka moment that Congress experienced when Bork was, as the saying now goes, “borked”? Although the lustful portion of the Petraeus scandal is hardly disappearing — who else will be drawn into it, and when will we read the emails? — attention is turning toward the apparent ease with which the F.B.I. accessed the electronic communication of Petraeus, Broadwell, Kelley, and Allen. The exact circumstances of how the F.B.I. got its hands on all this material remains to be revealed — for instance, whether search warrants were obtained for everything — but the bottom line appears to be that the F.B.I. accessed a vast array of private information and seriously harmed the careers of at least Petraeus and Broadwell without, as of yet, filing a criminal complaint against anybody. As the law professor and privacy expert James Grimmelmann tweeted the other day, “The scandal isn’t what’s illegal; the scandal is what’s legal (or what the FBI thinks is legal).”
In recent years, a handful of privacy activists — led by the A.C.L.U., the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the Center for Democracy & Technology — have filed lawsuits and requested official documents in an effort to reveal and challenge the government’s vast surveillance powers. For the most part, they have not succeeded in changing things; the Petraeus scandal appears to show just how much surveillance the F.B.I. and other law enforcement agencies can conduct without a judge or a company telling them “no, you can’t have that.”
…
There’s a particularly cruel irony in all of this: If you contact your cell-phone carrier or Internet service provider or a data broker and ask to be provided with the information on you that they provide to the government and other companies, most of them will refuse or make you jump through Defcon levels of hops, skips, and clicks. Uncle Sam or Experian can easily access data that shows where you have been, whom you have called, what you have written, and what you have bought — but you do not have the same privileges.
Ms. Broadwell apparently attempted to shield her identity by using anonymous email accounts. However, it appears that her efforts were thwarted by sloppy operational security and the data retention practices of the companies to whom she entrusted her private data.
The New York Times reported that “[b]ecause the sender’s account had been registered anonymously, investigators had to use forensic techniques—including a check of what other e-mail accounts had been accessed from the same computer address—to identify who was writing the e-mails.”
Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from. Although these records reveal sensitive information, including geo-location data associated with the target, US law currently permits law enforcement agencies to obtain these records with a mere subpoena—no judge required.
DON’T MESS UP It is hard to pull off one of these steps, let alone all of them all the time. It takes just one mistake — forgetting to use Tor, leaving your encryption keys where someone can find them, connecting to an airport Wi-Fi just once — to ruin you.
“Robust tools for privacy and anonymity exist, but they are not integrated in a way that makes them easy to use,” Mr. Blaze warned. “We’ve all made the mistake of accidentally hitting ‘Reply All.’ Well, if you’re trying to hide your e-mails or account or I.P. address, there are a thousand other mistakes you can make.”
In the end, Mr. Kaminsky noted, if the F.B.I. is after your e-mails, it will find a way to read them. In that case, any attempt to stand in its way may just lull you into a false sense of security.
Some people think that if something is difficult to do, “it has security benefits, but that’s all fake — everything is logged,” said Mr. Kaminsky. “The reality is if you don’t want something to show up on the front page of The New York Times, then don’t say it.”
Saudi Arabia Implements Electronic Tracking System For Women
“Denied the right to travel without consent from their male guardians and banned from driving, women in Saudi Arabia are now monitored by an electronic system that tracks any cross-border movements. Since last week, Saudi women’s male guardians began receiving text messages on their phones informing them when women under their custody leave the country, even if they are travelling together. ‘The authorities are using technology to monitor women,’ said columnist Badriya al-Bishr, who criticised the ‘state of slavery under which women are held’ in the ultra-conservative kingdom. Women are not allowed to leave the kingdom without permission from their male guardian, who must give his consent by signing what is known as the ‘yellow sheet’ at the airport or border.”
The imbroglio centers around a system called Palantir, which teases out connections from giant mounds of data, and visualizes those links in ways that even knuckle-draggers can understand. With its slick interface and its ability to find hidden relationships, Palantir has attracted a cult of fanboys in the military and intelligence communities not unlike the one Apple has amassed in the consumer gadget world.
The problem is the Army already has a $2.3 billion system that does what Palantir is supposed to do — plus several dozen more things, besides. The DCGS-A (“Distributed Common Ground System – Army”) is meant to be the one resource that Army intel analysts can use to find links between events, build dossiers on high-level targets, and plot out patterns in enemy attacks. Accessing 473 data sources for 75 million reports, it’s supposed to be the primary source for mining intelligence and surveillance data on the battlefield — everything from informants’ tips to satellites’ images to militants’ fingerprints.
But many in the military found DCGS-A too complicated, too hackable, and not nearly reliable enough. And the Palantir crowd, they just wouldn’t quit pushing for their favorite software, even though Palantir was something of a roach motel of intelligence data — once inside, it was hard to export information to other systems.
UN’s International Telecommunications Union sets out to standardize bulk surveillance of Internet users by oppressive governments
The International Telecommunications Union, a UN agency dominated by veterans of incumbent telcoms who mistrust the Internet, and representatives of repressive governments who want to control it, have quietly begun the standardization process for a kind of invasive network spying called “deep packet inspection” (DPI). Other standards bodies have shied away from standardizing surveillance technology, but the ITU just dived in with both feet, and proposed a standard that includes not only garden-variety spying, but also spying “in case of a local availability of the used encryption key(s)” — a situation that includes the kind of spying Iran’s government is suspected of engaging in, when an Iranian hacker stole signing keys from the Dutch certificate authority DigiNotar, allowing for silent interception of Facebook and Gmail traffic by Iranian dissidents.
BBC – Future – Technology – Can disguises fool surveillance technology?
Antivirus pioneer John McAfee, who recently fled from Belize after his neighbour was shot dead, supposedly used disguises to outwit his pursuers. Could technology have spotted what humans failed to see?
Stick on a fake moustache. Add some glasses. Dye your hair. And perhaps pop on a hat. If you are a man – or woman – on the run in the movies then this kind of low-tech disguise is all that is needed to evade the authorities.
But, in a case of life imitating art, a similar array of tactics seems to have met with some success in the real world.
One of the more bizarre news stories of recent weeks concerns John McAfee, founder of the eponymous anti-virus software company, going on the run from the Belize police. According to his blog, McAfee disguised himself by colouring his hair and beard grey, darkening his face with shoe polish, padding his cheeks with bubble gum and stuffing his right nostril to give it – in McAfee’s own words, “an awkward, lopsided, disgusting appearance”.
City buses across America increasingly have hidden microphones that track and record the conversations that take place on them. It’s easy to see the reasoning behind this: once it’s acceptable to video-record everything and everyone on a bus because some crime, somewhere was thus thwarted, then why not add audio? If all you need to justify an intrusion into privacy is to show that some bad thing, somewhere, can be so prevented, then why not? After all, “If you’ve got nothing to hide…”
Store video cameras failing to comply with privacy laws
Not a single store in Toronto’s Eaton Centre had proper signage about cameras
Massive New Surveillance Program Uncovered by Wall Street Journal
he Wall Street Journal reported today that the little-known National Counterterrorism Center, based in an unmarked building in McLean, Va., has been granted sweeping new authority to store and monitor massive datasets about innocent Americans.
After internal wrangling over privacy and civil liberties issues, the Justice Department reportedly signed off on controversial new guidelines earlier this year. The guidelines allow the NCTC, for the first time, to keep data about innocent U.S. citizens for up to five years, using “predictive pattern-matching,” to analyze it for suspicious patterns of behavior. The data the counterterrorism center has access to, according to the Journal, includes “entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others.”
Notably, the Journal reports that these changes also allow databases about U.S. civilians to be handed over to foreign governments for analysis, presumably so that they too can attempt to determine future criminal actions. The Department of Homeland Security’s former chief privacy officer said that it represents a “sea change in the way that the government interacts with the general public.”
Texas school can force teenager to wear locator chip: judge
(Reuters) – A public school district in Texas can require students to wear locator chips when they are on school property, a federal judge ruled on Tuesday in a case raising technology-driven privacy concerns among liberal and conservative groups alike.
FBI Documents Shine Light on Clandestine Cellphone Tracking Tool
Posted Thursday, Jan. 10, 2013, at 2:14 PM ET
The FBI calls it a “sensitive investigative technique” that it wants to keep secret. But newly released documents that shed light on the bureau’s use of a controversial cellphone tracking technology called the “Stingray” have prompted fresh questions over the legality of the spy tool.
Functioning as a so-called “cell-site simulator,” the Stingray is a sophisticated portable surveillance device. The equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network. The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design Stingrays, sometimes called “IMSI catchers,” collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service—which critics say violates a federal communications law.
The FBI has maintained that its legal footing here is firm. Now, though, internal documents obtained by the Electronic Privacy Information Center, a civil liberties group, reveal the bureau appears well aware its use of the snooping gear is in dubious territory. Two heavily redacted sets of files released last month show internal Justice Department guidance that relates to the use of the cell tracking equipment, with repeated references to a crucial section of the Communications Act which outlines how “interference” with communication signals is prohibited.
I prefer to watch your sister!
Chinese Skype Surveillance Trigger Words Uncovered by Researcher
By Ryan Gallagher | Posted Friday, March 8, 2013, at 6:25 PM
There is one thing that binds the phrases “kinky cinema,” “hired killer,” and “throwing eggs.” If you type any one of them into a special eavesdropping-enabled version of Skype used in China, you could find yourself under surveillance.
That’s according to a research project by Jeffrey Knockel, a computer-science graduate student at the University of New Mexico, Albuquerque. As Bloomberg Businessweek reported today, Knockel recently found a way to bypass encryption used by a version of Skype designed specifically for Chinese users, and in doing so uncovered secret keyword lists used in China to monitor Skype users’ communications.
According to the 27-year-old researcher, the software has a built-in surveillance blacklist that scans messages sent between users for specific words and phrases. If a user types one of the offending phrases into the Skype text chat, it triggers an alert—sending a copy back to a centralized computer server and flagging who sent the message and when.
Harvard secretly searched e-mails
Harvard University central administrators secretly searched the e-mail accounts of 16 resident deans last fall, looking for a leak to the media about the school’s sprawling cheating case, according to several Harvard officials interviewed by the Globe.
The resident deans sit on Harvard’s Administrative Board, the committee charged with handling the cheating case. They were not warned that administrators planned to access their accounts, and only one was told of the search shortly afterward.
The dean who was informed had forwarded a confidential Administrative Board message to a student he was advising, not realizing it would ultimately make its way to the Harvard Crimson and the Globe and fuel the campus controversy over the cheating scandal.
Facebook finally admits to tracking non-users
In a series of interviews with USAToday, Facebook has finally revealed how it tracks users and non-users across the web, gathering huge amount of data as it does so. Says ABCNews/USAToday:
Facebook officials are now acknowledging that the social media giant has been able to create a running log of the web pages that each of its 800 million or so members has visited during the previous 90 days. Facebook also keeps close track of where millions more non-members of the social network go on the Web, after they visit a Facebook web page for any reason.
Bruce Schneier – “The Internet is a surveillance state”
…
Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.
There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy.
This isn’t something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; there are lots of ways to be tracked without cookies. Cellphone companies routinely undo the web’s privacy protection. One experiment at Carnegie Mellon took real-time videos of students on campus and was able to identify one-third of them by comparing their photos with publicly available tagged Facebook photos.
U.S. to let spy agencies scour Americans’ finances
(Reuters) – The Obama administration is drawing up plans to give all U.S. spy agencies full access to a massive database that contains financial data on American citizens and others who bank in the country, according to a Treasury Department document seen by Reuters.
According to the ACLU’s Principal Technologist Christopher Soghoian, Ph.D., the real issue lies in the Communications Assistance for Law Enforcement Act or CALEA which was passed in 1994.
Soghoian told SecurityWatch this law, “mandated that industries build in intercept capabilities to their networks.” These industries included phone and broadband companies, but not companies like Apple. iMessage is also different from normal text messaging because it both encrypts the message and sends it peer-to-peer between iPhones, without touching a carrier’s network.
…
Another critical aspect of CALEA deals with encrypted messaging, mainly that it is exempt from all wireless surveillance. Soghoian explained that communications, “encrypted with a key not known to the company […] cannot be intercepted.” So in a situation where the decryption keys are handled on the device, and not by whomever is delivering the messages, then law enforcement must ignore the message entirely.
This issue was mentioned in the DEA report, quoted by CNet: “iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider.” However, the report notes that depending on where the intercept is placed, messages sent to other phones can be read. This is likely because those communications are not encrypted, and are therefore visible to law enforcement under CALEA.
https://www.schneier.com/blog/archives/2012/04/biometric_passp_1.html
With this fuller history, Lapsley lays out the foundations of the systems we live in now. Not the specific tools we use, which are rotating into obsolescence in an accelerating blur, but the systems our tools are embedded within, and our notions of security, freedom, criminality, privacy. During the years that AT&T was struggling to invent a new phone technology, they also forged new legal justifications for surveilling users and prosecuting hackers. By definition, they had no idea who was hiding from their billing system, so they set up a blanket surveillance program which tapped around 33 million phone calls between 1964 and 1970, recording more than a million and a half of them for further analysis. AT&T kept this program — code named Greenstar — a closely guarded secret, because they were pretty sure it was illegal, and they certainly didn’t want a court to confirm their suspicions. But this massive wiretapping program gave them a good idea who was defrauding their system, and it pointed them towards evidence that they could use in court. (In 1968, AT&T helped advise Congress on new legislation that made the Greenstar wiretapping retroactively legal. So that was one problem taken care of.)
…
Phone phreaks talked about getting busted by the phone company in a way that would sound silly if we were talking about AT&T or Google today. And it is indeed strange to think of Ma Bell’s quasi-governmental security force: hard-boiled guys in trench coats staking out phone booths, waiting for a hippie to toot a toy or beep a box. But part of the reason this seems strange is because corporations don’t really need the guys in trench coats anymore. The mechanisms of state and corporate surveillance are now completely embedded in our daily lives.
http://lareviewofbooks.org/article.php?type&id=1570&fulltext=1&media
Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight
http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/
Retail technology
We snoop to conquer
Security cameras are watching honest shoppers, too
…
“There’s no expectation of privacy when you go into a mall,” retorts one shopper-monitoring executive. A better answer is that retailers like American Apparel are analysing groups, not identifying individuals. Cameras set up to do anything fancier than traffic-counting are confined to a few test stores. Mobile-phone trackers identify phones, not their owners, says Will Smith of Euclid Analytics. Still, Euclid recommends telling customers that tracking is going on. “Companies that succeed in this space are companies that address privacy correctly,” he says.
Facebook data already inform lending decisions at Kreditech, a Hamburg-based start-up that makes small online loans in Germany, Poland and Spain. Applicants are asked to provide access for a limited time to their account on Facebook or another social network. Much is revealed by your friends, says Alexander Graubner-Müller, one of the firm’s founders. An applicant whose friends appear to have well-paid jobs and live in nice neighbourhoods is more likely to secure a loan. An applicant with a friend who has defaulted on a Kreditech loan is more likely to be rejected.
Song Chaoming, for instance, is a researcher at Northeastern University in Boston. He is a physicist, but he moonlights as a social scientist. With that hat on he has devised an algorithm which can look at someone’s mobile-phone records and predict with an average of 93% accuracy where that person is at any moment of any day. Given most people’s regular habits (sleep, commute, work, commute, sleep), this might not seem too hard. What is impressive is that his accuracy was never lower than 80% for any of the 50,000 people he looked at.
{ 2 trackbacks }