Ubiquitous surveillance

March 18, 2012

in Geek stuff, Internet matters, Law, Politics, Rants, Security

We now live in a world where it is highly likely that various web companies, your government, and your internet service provider are tracking your web browsing. Where facial recognition software identifies you at borders, airports, and subway stations. Where your DNA may be sampled if you are arrested. Where new face tracking software gets used with old photo archives and video camera footage. Where data on what you buy and how you repay your debts is sold between companies. Where cameras track your automobile license plate to build up a database of your movements. Where drones may watch you from the sky. Where computers transcribe your speech and handwriting into searchable text. Where you can be identified at a distance by the cards in your wallet. Where your emails, phone calls, and text messages are scanned for keywords, archived forever, and used to build up webs of your known associates. Where governments and private organizations use data mining techniques against you. Where your cell phone can easily be turned into a bug that passes on what you say and type, as well as where you are. Where your Google searches may be used as evidence against you. Where anyone can listen to your cell phone calls. Where the metadata in the photos and videos you make identifies you. Where the DNA of your family members may be used to incriminate you. Where anyone on your wireless network can archive and access all your web traffic, as well as steal website sessions. Where no encryption software you can acquire does much good. Where insecure means of communication are marketed as secure. Where archives containing your sensitive personal data can be broken into (or bought) by those who wish to cause you trouble. And where anything ill-considered you did as a teenager may re-emerge to cause embarrassment or worse decades later.

The appropriate responses to this are not clear. You can simply accept that your life is an open book that anyone who cares to can pretty easily read from. You can opt out of some services (like Facebook) and employ some available countermeasures. You can move to the remote countryside and become a technology-shunning subsistence farmer (which is not to imply that all farmers shun technology, nor manage only to subsist). You can try to drive legislative, regulatory, and technological changes that address some of the issues above. What else can you do?

Report a typo or inaccuracy

{ 144 comments… read them below or add one }

Milan March 18, 2012 at 1:10 pm
. March 18, 2012 at 7:46 pm

The Surveillance Society

Cell phones that pinpoint your location. Cameras that track your every move. Subway cards that remember. We routinely sacrifice privacy for convenience and security. So stop worrying. And get ready for your close-up.

. March 18, 2012 at 7:58 pm

. March 19, 2012 at 7:31 am
Mica Prazak March 19, 2012 at 8:26 am

This is a huge can of worms Milan. For me, people’s use of the internet, stems from something more human than the need for immediate communication. Email in its original form allowed for that. The rise of social media, profiles, Facebooks, etc, all are a product of people’s need to be noticed.

I remember, when I was younger, I knew a few people who wrote in diaries. Then someone started writing on freeopendiary.com. It seems like a contradiction, “open diary.” When you ask anyone why they did it, the answer is obvious. People want to find love and acceptance, and the internet made that immediate. I know many people who have met their partners through the internet, as an example. People who would rather post videos on Facebook, over Youtube, because friends are more likely to comment on it. The same reason you end this entry with the question “What else can you do?” You know very well, there is little that can be done, but you still want to know what other people think of it.

I think people are too quick to judge the internet, and the access to personal information it allows for. We make the choice to make our lives more online.

With regards to the entire, I would call overly-paranoid blog entry, I think it really is a matter of opinion. Even if all these infringements occur, I feel relatively unaffected by it. Am I naive or idealistic? Sure.

With regards to the “ubiquitous surveillance,” do you think you possibly get more attention, because you have worked for the Canadian government, and have actively blogged about it?

I don’t know, as for the rest, what kind of company wouldn’t try to get more information from their client base if they were legally allowed?

Mica Prazak March 19, 2012 at 8:33 am

One last thing, could you perhaps have also recognized Skype as being an incredible tool, that allows for free communication worldwide.

I would call it the greatest socio-technological (forgive if this is not a word) creation of this decade. Or Vimeo.com, that continues to be a hub for very talented people worldwide.

There are countless legitimate organizations and sites I am missing.

So simply put, to quote my hero Mr. Kubrick, if this whole thing is some kind of “doomsday machine”, maybe we should all learn to “stop worrying and love the bomb.”

Milan March 19, 2012 at 9:08 am

I have a few responses to that.

First, I am certainly not saying that there aren’t great things about the internet. The internet is the main way in which I communicate.

Second, you can definitely choose not to make a big deal about the surveillance technologies that are being rolled out. One option for dealing with our changing world is just to accept the changes.

Third, something being used in a benign way today can be used in a malicious way tomorrow. I worry especially about governments. The 20th century shows how often governments have gone bad and abused the rights of their citizens. For any government that wants to clamp down on dissent today, these surveillance technologies are making it easier.

Not all of these technologies are being used in all places, but they do exist. Furthermore, the records they produce will probably exist forever and it is hard to know what consequences that will have.

Personally, I think giving up technology is too big a price to pay for privacy. That being said, I do think we should ask hard questions about the data being kept on us, whether it should be collected in the first place, and what laws and policies should govern the use of surveillance and the information acquired through surveillance practices and technologies.

Milan March 19, 2012 at 9:14 am

Also, based on their records to date, I don’t think we can trust companies to protect our privacy and security from governments that have decided to act illegally or unethically.

When the US government asked the telecom companies to install secret rooms where warrantless interception of their network traffic would occur, the companies complied and kept it secret. That is probably a pattern many other companies follow around the world.

Skype might be great if you want to have innocuous conversations with friends back home. It might not be a great choice for talking about political reform in a country that may lock you up for discussing such things – or for trying to organize a union somewhere where workers are forbidden to do so – or even for having a conversation you want to be certain no third parties will overhear.

At this point, we cannot be confident that any conversation we have though a technological channel will be private. Nor can we be confident it will be ephemeral. It may be stored forever.

Jay Beigh March 19, 2012 at 9:16 am

I’m addicted to all these technologies… tough to opt out. I wonder how much of our increased energy demands is driven by ‘tech’?

from zero hedge:

http://www.zerohedge.com/news/%E2%80%9Cwe-are-far-turnkey-totalitarian-state-big-brother-goes-live-september-2013

Milan March 19, 2012 at 9:17 am

It may also be worth noting that the least privileged members of society are most likely to have their rights violated and least able to seek effective recourse when that occurs.

If you are a rich citizen of a state where the rule of law is respected, that’s one thing. If you are poor and living under a repressive and unaccountable government, the consequences of ubiquitous surveillance for you may be much worse.

And we know that companies from countries like the United States and Canada are selling surveillance technology to governments like Iran, China, and Saudi Arabia.

Zoom March 19, 2012 at 2:35 pm

This is the one that worries me most too: “Third, something being used in a benign way today can be used in a malicious way tomorrow. I worry especially about governments. The 20th century shows how often governments have gone bad and abused the rights of their citizens. For any government that wants to clamp down on dissent today, these surveillance technologies are making it easier.”

Anon March 19, 2012 at 2:57 pm

Even if you NEVER use the internet, you are still being watched in lots of ways – your credit and debit cards, security cameras, etc

You just cannot escape it now

. March 20, 2012 at 8:08 pm

As the Chinese government forges ahead on a multibillion-dollar effort to blanket the country with surveillance cameras, one American company stands to profit: Bain Capital, the private equity firm founded by Mitt Romney.

In December, a Bain-run fund in which a Romney family blind trust has holdings purchased the video surveillance division of a Chinese company that claims to be the largest supplier to the government’s Safe Cities program, a highly advanced monitoring system that allows the authorities to watch over university campuses, hospitals, mosques and movie theaters from centralized command posts.

The Bain-owned company, Uniview Technologies, produces what it calls “infrared antiriot” cameras and software that enable police officials in different jurisdictions to share images in real time through the Internet. Previous projects have included an emergency command center in Tibet that “provides a solid foundation for the maintenance of social stability and the protection of people’s peaceful life,” according to Uniview’s Web site.

Such surveillance systems are often used to combat crime and the manufacturer has no control over whether they are used for other purposes. But human rights advocates say in China they are also used to intimidate and monitor political and religious dissidents. “There are video cameras all over our monastery, and their only purpose is to make us feel fear,” said Loksag, a Tibetan Buddhist monk in Gansu Province. He said the cameras helped the authorities identify and detain nearly 200 monks who participated in a protest at his monastery in 2008.

https://www.nytimes.com/2012/03/16/world/asia/bain-capital-tied-to-surveillance-push-in-china.html?_r=1

. March 25, 2012 at 2:04 pm

“Update on the trial of Byron Sonne, arrested in Toronto on explosives charges in advance of the G20 in June, 2010. This week, the Crown pulled up information off of Sonne’s harddrives, including tweets from Clay Shirky and Oxblood Ruffin, 50-year-old U.S. military manuals and photos of goats. Much time was spent discussing why Sonne used a goat as his username/avatar.”

On Monday, Nadeau also pressed Ouelette for his personal understanding of why there were photos of goats (one labeled “drunk goat”) on Sonne’s hard drive, and why the accused had used “Goatmaster” and “Toronto Goat” as his online usernames. Peter Copeland, one of Sonne’s lawyers, objected, saying that Ouelette wasn’t an expert on acronyms. Spies decided to hear the argument as “voir dire,” meaning she will decide later if it’s admissible as evidence. So, Ouelette opined that “Goat,” stood for “Greatest of All Time,” based on his knowledge of hockey, nicknames, and Wayne Gretzky.

. March 25, 2012 at 2:12 pm

“Recently Wired, USA Today and other news outlets reported on a new spy center being built to store intercepted communications (even American citizens’). Tuesday, Gen. Keith Alexander testified in front of Congress refuting the articles. Alexander even went so far as to claim the NSA lacks the authority to monitor American citizens. It’s an authority that was given to the NSA through the FISA Amendments Act signed into law by Bush and still supported today by Obama.”

. March 25, 2012 at 2:37 pm

Before yottabytes of data from the deep web and elsewhere can begin piling up inside the servers of the NSA’s new center, they must be collected. To better accomplish that, the agency has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities. Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency. The broad outlines of the so-called warrantless-wiretapping program have long been exposed—how the NSA secretly and illegally bypassed the Foreign Intelligence Surveillance Court, which was supposed to oversee and authorize highly targeted domestic eavesdropping; how the program allowed wholesale monitoring of millions of American phone calls and email. In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn’t revealed until now, however, was the enormity of this ongoing domestic spying program.

For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail. William Binney was a senior NSA crypto-mathematician largely responsible for automating the agency’s worldwide eavesdropping network. A tall man with strands of black hair across the front of his scalp and dark, determined eyes behind thick-rimmed glasses, the 68-year-old spent nearly four decades breaking codes and finding new ways to channel billions of private phone calls and email messages from around the world into the NSA’s bulging databases. As chief and one of the two cofounders of the agency’s Signals Intelligence Automation Research Center, Binney and his team designed much of the infrastructure that’s still likely used to intercept international and foreign communications.

Binney left the NSA in late 2001, shortly after the agency launched its warrantless-wiretapping program. “They violated the Constitution setting it up,” he says bluntly. “But they didn’t care. They were going to do it anyway, and they were going to crucify anyone who stood in the way. When they started violating the Constitution, I couldn’t stay.” Binney says Stellar Wind was far larger than has been publicly disclosed and included not just eavesdropping on domestic phone calls but the inspection of domestic email. At the outset the program recorded 320 million calls a day, he says, which represented about 73 to 80 percent of the total volume of the agency’s worldwide intercepts. The haul only grew from there. According to Binney—who has maintained close contact with agency employees until a few years ago—the taps in the secret rooms dotting the country are actually powered by highly sophisticated software programs that conduct “deep packet inspection,” examining Internet traffic as it passes through the 10-gigabit-per-second cables at the speed of light.

The software, created by a company called Narus that’s now part of Boeing, is controlled remotely from NSA headquarters at Fort Meade in Maryland and searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA.

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

. March 25, 2012 at 8:06 pm

Can the NSA Break AES?

My guess is that they can’t. That is, they don’t have a cryptanalytic attack against the AES algorithm that allows them to recover a key from known or chosen ciphertext with a reasonable time and memory complexity. I believe that what the “top official” was referring to is attacks that focus on the implementation and bypass the encryption algorithm: side-channel attacks, attacks against the key generation systems (either exploiting bad random number generators or sloppy password creation habits), attacks that target the endpoints of the communication system and not the wire, attacks that exploit key leakage, attacks against buggy implementations of the algorithm, and so on. These attacks are likely to be much more effective against computer encryption.

. March 27, 2012 at 9:38 pm

Deep End’s Paul Venezia discusses the ‘sci-fi fantasy’ that is privacy in the digital era. ‘The assault on personal privacy has ramped up significantly in the past few years. From warrantless GPS tracking to ISP packet inspection, it seems that everyone wants to get in on the booming business of clandestine snooping — even blatant prying, if you consider reports of employers demanding Facebook passwords prior to making hiring decisions,’ Venezia writes. ‘What happened? Did the rules change? What is it about digital information that’s convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress.

. April 1, 2012 at 1:39 pm

British Government To Grant Warrantless Trawl of Communications Data

“Having opposed the previous government’s attempts to introduce mass surveillance of Internet communications, the Conservatives are planning to introduce the very same policy they previously described as a ‘culture of surveillance which goes far beyond counter terrorism and serious crime.’ The plan is essentially to allow stored communication data to be trawled without the inconvenience of needing a warrant or even any reasonable suspicion.”

. April 1, 2012 at 5:51 pm

55% of Kids Don’t Post Some Things Because They Don’t Want to Look Bad in the Future
By Alexis Madrigal

Nov 9 2011, 9:30 AM ET

Pew research shows (again) that kids still care about privacy

. April 1, 2012 at 6:04 pm

The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”

In addition to giving the NSA access to a tremendous amount of Americans’ personal data, such an advance would also open a window on a trove of foreign secrets. While today most sensitive communications use the strongest encryption, much of the older data stored by the NSA, including a great deal of what will be transferred to Bluffdale once the center is complete, is encrypted with more vulnerable ciphers. “Remember,” says the former intelligence official, “a lot of foreign government stuff we’ve never been able to break is 128 or less. Break all that and you’ll find out a lot more of what you didn’t know—stuff we’ve already stored—so there’s an enormous amount of information still in there.”

That, he notes, is where the value of Bluffdale, and its mountains of long-stored data, will come in. What can’t be broken today may be broken tomorrow. “Then you can see what they were saying in the past,” he says. “By extrapolating the way they did business, it gives us an indication of how they may do things now.” The danger, the former official says, is that it’s not only foreign government information that is locked in weaker algorithms, it’s also a great deal of personal domestic communications, such as Americans’ email intercepted by the NSA in the past decade.

. April 2, 2012 at 4:10 pm

Britons Protest Government Eavesdropping Plans

LONDON — British lawmakers and rights activists joined a chorus of protest Monday against plans by the government to give the intelligence and security services the ability to monitor the phone calls, e-mails, text messages and Internet use of every person in the country.

In a land where tens of thousands of surveillance cameras attest to claims by privacy advocates that Britain is the Western world’s most closely monitored society, the proposal has touched raw nerves, compounding arguments that its citizens live under what critics call an increasingly intrusive “nanny state.”

The debate in recent years has pitted those who justify greater scrutiny by reference to threats of terrorism and organized crime against those who cleave to more traditional notions of individual privacy.

But the current proposal would go a step further, raising the question of how security agencies can themselves keep track of a proliferation of newer technologies such as Skype, instant messaging and social networking sites that permit instant communication outside more traditional channels.

. April 6, 2012 at 1:47 pm

Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target. Sprint’s wireless carrier Sprint Nextel requires police pay $400 per “market area” and per “technology” as well as a $10 per day fee, capped at $2,000. AT&T charges a $325 activation fee, plus $5 per day for data and $10 for audio. Verizon charges a $50 administrative fee plus $700 per month, per target.

. April 6, 2012 at 1:57 pm
. April 8, 2012 at 12:23 pm

Here’s What Facebook Sends the Cops In Response To a Subpoena

“Facebook already shares its Law Enforcement Guidelines publicly, but we’ve never actually seen the data Menlo Park sends over to the cops when it gets a formal subpoena for your profile information. Now we know. This appears to be the first time we get to see what a Facebook account report looks like. The document was released by the The Boston Phoenix as part of a lengthy feature titled ‘Hunting the Craigslist Killer,’ which describes how an online investigation helped officials track down Philip Markoff. The man committed suicide, which meant the police didn’t care if the Facebook document was published elsewhere, after robbing two women and murdering a third.”

. April 8, 2012 at 12:33 pm

The SXSW panel “Sex, Dating, and Privacy Online” described the myriad ways in which every step you take, every move you make, is online and searchable. Panel member Violet Blue, a sex educator and tech columnist, pointed to the loose security and privacy practices of dating websites recently exposed by the Electronic Frontier Foundation.

You are naked on the Internet (MSNBC)

. April 8, 2012 at 12:34 pm

Six Heartbreaking Truths about Online Dating Privacy

1. Your dating profile—including your photos—can hang around long after you’ve moved on.

2. Gaping security holes riddle popular mobile dating sites-still.

3. Your profile is indexed by Google.

4. Your pictures can identify you.

5. Your data is helping online marketers sell you stuff.

6. HTTPS support is a wreck on many of the popular online dating sites

. April 8, 2012 at 3:30 pm

Innocent Or Not, the NSA Is Watching You

“Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails — parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter.’ It is, in some measure, the realization of the ‘total information awareness’ program created during the first term of the Bush administration — an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.”

. April 16, 2012 at 12:30 pm

Regulators want to put brakes on data collection, tracking

https://www.theglobeandmail.com/news/technology/tech-news/regulators-want-to-put-brakes-on-data-collection-tracking/article2390466/

When you ‘like’ something on Facebook or read an online newspaper, perhaps a dozen or more companies are squirrelling away data on your tastes, your habits, whether you’re male or female, old or young, gay or straight.

They mean no harm. They just want to give you, the customer, exactly what you want – it’s the grandfather of all business slogans. Their dilemma, now regulators’ noses are twitching, is how to serve you, and serve themselves, when what you want is to be left alone.

There are thousands of analytics companies, audience targeters, ad brokers, ad exchanges and the like that can collect and sell data-based services on internet users for 5,000 euros a time to big brands, which then buy ad space where their potential customers might be lurking.

You only know these trackers are at work if you read the fine print. The New York Times has a disclaimer saying it hires WebTrends and Audience Science to interpret its readers’ interests, and Britain’s Guardian newspaper says it pays Criteo and Quantcast, among others, to do the same.

. April 16, 2012 at 12:31 pm
. April 16, 2012 at 12:31 pm
Milan April 17, 2012 at 10:47 pm

Ubiquitous surveillance makes it necessary to practice operational security in order to have privacy.

. April 22, 2012 at 12:53 am

“A bill already passed by the Senate and set to be rubber stamped by the House would make it mandatory for all new cars in the United States to be fitted with black box data recorders from 2015 onwards. Section 31406 of Senate Bill 1813 (known as MAP-21), calls for ‘Mandatory Event Data Recorders’ to be installed in all new automobiles and legislates for civil penalties to be imposed against individuals for failing to do so. ‘Not later than 180 days after the date of enactment of this Act, the Secretary shall revise part 563 of title 49, Code of Federal Regulations, to require, beginning with model year 2015, that new passenger motor vehicles sold in the United States be equipped with an event data recorder that meets the requirements under that part,’ states the bill.”

. April 22, 2012 at 1:10 am

Swedish Researchers Expose China’s Tor-Blocking Tricks

“A pair of researchers at Karlstad University have been able to establish how the Great Firewall of China sets about blocking unpublished Tor bridges. The GFC inspects web traffic looking for potential bridges and then attempts ‘to speak Tor’ to the hosts. If they reply, they’re deemed to be Tor bridges and blocked. While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated.”

. April 22, 2012 at 1:12 am

AnonPaste is based on the open source ZeroBin software. It is a minimalist, opensource online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. More information on the project page.

. April 22, 2012 at 1:18 am

Whistleblower: NSA Has All of Your Email

National Security Agency whistleblower William Binney reveals he believes domestic surveillance has become more expansive under President Obama than President George W. Bush. He estimates the NSA has assembled 20 trillion ‘transactions’ — phone calls, emails and other forms of data — from Americans. This likely includes copies of almost all of the emails sent and received from most people living in the United States. Binney talks about Section 215 of the USA PATRIOT Act and challenges NSA Director Keith Alexander’s assertion that the NSA is not intercepting information about U.S. citizens.

. April 24, 2012 at 7:37 pm

US carriers fight law that would force them to see a warrant before giving your data to cops

The California Location Privacy Bill (SB 1434) proposes to require cellular phone companies to stop their practice of giving your location data to the police without a warrant. Phone companies would still be allowed to give your information to the police if they got a warrant, first.

Naturally, the CTIA — the mobile carriers’ industry association — opposes it. They say that it will be “unduly burdensome” to have to say no when the police show up without a warrant, and to keep track of how often they give your information to the cops, and why.

. May 6, 2012 at 12:45 pm

Syrian Government Uses Skype To Push Malware To Activists

“The Syrian government is using Skype as a channel to infect activists’ systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. ‘The activist’s system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called “Xtreme RAT.” Xtreme Rat is a full-blown malicious Remote Access Tool.’”

. May 7, 2012 at 1:18 pm
. May 7, 2012 at 1:18 pm
Milan May 9, 2012 at 8:06 pm
. May 14, 2012 at 8:03 pm

Snooping on new media
Spies, lies and the internet
Plans to extend surveillance and secrecy are causing alarm within the coalition and outside it

The government insists it will not seek access to the content of communications, but says it can gain valuable intelligence by simply monitoring who is talking to whom, and where and when. Getting such traffic figures does not require a judicial warrant now, so the new plans are about modernising surveillance techniques, not expanding their scope.

. May 17, 2012 at 11:29 am

Put simply, a computer or personal electronic device can no longer be viewed as a “thing,” Mr. Justice Thomas Heeney ruled, in rejecting the Crown’s bid to have the contents of Mr. Rafferty’s laptop admitted as evidence.

Rather, he said, recent case law holds that because a computer can contain huge amounts of personal information – e-mails, bank records, memos, documents, photos – it should be regarded as a “place,” akin to a house.

In this instance, the warrants targeted two homes and two cars and all were in order as far as they went, the judge found. Nor was anything amiss about how the searches were conducted – up to the point where various computers were seized.

At that stage, a secondary warrant was needed and, if requested, would likely have been granted, Judge Heeney wrote.

Yet none was obtained, despite the omission being flagged both by the Justice of the Peace who issued the warrants and later by an Ontario Provincial Police forensic detective.

https://www.theglobeandmail.com/news/national/what-the-jury-didnt-know-child-porn-torture-video-found-on-raffertys-laptop/article2429175/

. May 31, 2012 at 7:51 pm

Will the Government Be Reading This? Call Your Senator to Stop Dangerous Cybersecurity Proposals

CISPA was rammed through the House of Representatives without regard for civil liberties, but the campaign to stop shortsighted cybersecurity legislation is not over yet. We’ve got another chance to stop these bills in the Senate and prevent the government from sacrificing online civil liberties in the name of “cybersecurity.” EFF, Demand Progress, Fight for the Future, and Free Press are joining forces to oppose these bad laws. Can you help us out? Use our online tool to call your Senators and tell them to oppose dangerously vague cybersecurity legislation and support privacy protective amendments. Call now.

. June 2, 2012 at 5:36 pm
. June 2, 2012 at 5:37 pm

New array at Leitrim?

DigitalGlobe imagery of Leitrim taken last February (see low-resolution sample at right) shows that a 600-metre-diameter circle has been cleared at the northern end of the station, presumably to host a new antenna array.

The new cleared space overlaps but is not quite concentric with a large circular area that was cleared and graded around 1967. The original space was suitable for a large circularly disposed antenna array (CDAA) such as an FRD-10, but no array was ever built on the site. It is probably not a coincidence that two FRD-10 arrays were built at other stations in Canada (Gander and Masset) at around the same time, under a program called Project Beagle. It is possible that the original Project Beagle called for the construction of three FRD-10 arrays, but that the Leitrim array was cancelled at some point early in the process, most likely for budgetary reasons.

. June 2, 2012 at 5:51 pm

Have you ever wondered what happens when you type your query into the Google search box and what data we store about that search?

Let’s take a simple search like “cars.” When someone types the word “cars” into the Google search engine, the request gets sent from that user’s computer over the internet to our computers, which look for the right search results. Once our computers have found the results, they send these back to the user’s computer, all in a fraction of a second.

We then store some data about this exchange: the search query (“cars”), the time and date it was typed, the IP address and cookie of the computer it was entered from, and its browser type and operating system. We refer to these records as our search logs, and most websites store records of visits to their site in a similar way.

https://www.google.com/intl/en/goodtoknow/data-on-google/search-logs/

. June 8, 2012 at 9:36 am

Ghostery sees the invisible web – tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.

Anon June 8, 2012 at 9:03 pm

The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.

. June 12, 2012 at 10:02 pm

“A new report from Evidon, whose browser plug in Ghostery tracks Web trackers, makes it plain that ‘if you want to worry about somebody tracking you across the Web, worry about Google,’ writes blogger Dan Tynan. Google and Facebook, and their various services, occupy all of the top 5 slots on the Evidon Global Tracker Report’s list of the most prolific trackers. ‘And if you have any tracking anxiety left over, apply it to social networks like Facebook, G+, and Twitter,’ adds Tynan.”

http://yro.slashdot.org/story/12/06/11/2041238/google-and-facebook-top-biggest-web-tracker-list

. June 14, 2012 at 7:29 pm

The United Kingdom online monitoring law just got published, showcasing some disturbing facts. The paper is 123 pages long and is actually a draft of the Communications Data Bill. You might not be so happy to find out that from now, every single thing you do online will be recorded and stored by the good old Internet Service providers (ISP). What do we mean by online activity? Well, everything.

. June 17, 2012 at 6:01 pm

Canadian Government Installs Microphones and Cameras at Airports To Record Conversations of Air Travellers

OTTAWA – Airports and border crossings across Canada are being wired with high-definition cameras and microphones that can eavesdrop on travellers’ conversations, according to the Canada Border Services Agency.

A CBSA statement said that audio-video monitoring and recording is already in place at unidentified CBSA sites at airports and border points of entry as part of an effort to enhance “border integrity, infrastructure and asset security and health and safety.”

As part of the work, the agency is introducing audio-monitoring equipment as well.

“It is important to note that even though audio technology is installed, no audio is recorded at this time. It will become functional at a later date,” CBSA spokesman Chris Kealey said in a written statement.

But whenever that occurs, the technology, “will record conversations,” the agency said in a separate statement in response to questions from the Ottawa Citizen.

At Ottawa’s airport, signs will be posted referring passersby to a “privacy notice” that will be posted on the CBSA website once the equipment is activated, and to a separate help line explaining how the recordings will be used, stored, disclosed and retained.

Anon June 18, 2012 at 7:51 pm
. June 19, 2012 at 10:00 am

http://boingboing.net/2012/06/13/uk-government-offers-unlimited.html

Tories divided over UK spying bill, Home Secretary dismisses critics as “conspiracy theorists” who want to protect freedom for “criminals, terrorists and paedophiles”

http://boingboing.net/2012/06/14/tories-divided-over-uk-spying.html

UK-wide workshops on how to talk to your MP about Internet spying and censorship

http://boingboing.net/2012/06/14/uk-wide-workshops-on-how-to-ta.html

UK economic crisis ends, Tories celebrate by committing £1.8B to spying

http://boingboing.net/2012/06/14/uk-economic-crisis-ends-torie.html

So Google Plus was formed more into a unifier of all of Google’s products and services, further evidenced by the controversial unified privacy policy released earlier this year. Everything done on non-Search services add to the “filter bubble” where search results are filtered based on what a user likes on YouTube, Plus, GMail contents etc.

For Google and advertisers, a user’s “fingerprint” of browsing habits and their profile of what interests them is further built and enhanced by unifying all of the data gathered across all of the separate services umbrella’d under the new privacy policy and linked via the Google Plus login.

But eventually, as indicated by the Google Plus links everywhere, Google Plus will be everything. Every YouTube account is really the video section of Google Plus. Search is just querying the Internet via Google Plus. GMail accounts are Google Plus recipients, and so on.

This is the goal of Google Plus. It tried to magically overcome Facebook, and that obviously did not work, so instead Google Plus has a new strategy: if it can’t hit the target, encompass it. Wrap everything else around Facebook and the users will cope.

http://silicon-news.com/news/2012/06/17/steve-jobs-google-plus/

“The BBC reports that the UK’s Draft Communications Bill includes a provision which could be used to force the Royal Mail and other mail carriers to retain data on all physical mail passing through their networks. The law could be used to force carriers to maintain a database of any data written on the outside of an envelope or package which could be accessed by government bodies at will. Such data could include sender, recipient and type of mail (and, consequentially, the entire contents of a postcard). It would provide a physical analog of the recently proposed internet surveillance laws. The Home Office claims that it has no current plans to enforce the law.”

http://yro.slashdot.org/story/12/06/17/1917212/proposed-uk-communications-law-could-be-used-to-spy-on-physical-mail

This isn’t the first time that an Executive has seized the general authority to search through the private communications and papers without individualized suspicion. To the contrary, the United States was founded in large part on the rejection of “general warrants” – papers that gave the Executive (then the King) unchecked power to search colonial Americans without cause. The Fourth Amendment was adopted in part to stop these “hated writs” and to make sure that searches of the papers of Americans required a probable cause showing to a court. Indeed, John Adams noted that “the child Independence was born,” when Boston merchants unsuccessfully sued to stop these unchecked powers, then being used by British customs inspectors seeking to stamp out smuggling.

The current warrantless surveillance programs on both sides of the Atlantic return us to the policies of King George III only with a digital boost. In both, our daily digital “papers” — including intimate information such as who we are communicating with, what websites we visit (which of course includes what we’re reading) and our locations as we travel around with our cell phones — are collected and subjected to some sort of datamining. Then we’re apparently supposed to trust that no one in government will ever misuse this information, that the massive amounts of information about us won’t be subject to leak or attack, and that whatever subsequent measures are put into place to government access to it by various government agencies will be sufficient to protect our privacy and ensure due process, fairness and security.

https://www.eff.org/deeplinks/2012/06/uk-mass-surveillance-bill-return-bad-idea

. June 19, 2012 at 10:20 am

Amesys, with its Eagle system, was just one of Libya’s partners in repression. A South African firm called VASTech had set up a sophisticated monitoring center in Tripoli that snooped on all inbound and outbound international phone calls, gathering and storing 30 million to 40 million minutes of mobile and landline conversations each month. ZTE Corporation, a Chinese firm whose gear powered much of Libya’s cell phone infrastructure, is believed to have set up a parallel Internet monitoring system for External Security: Photos from the basement of a makeshift surveillance site, obtained from Human Rights Watch, show components of its ZXMT system, comparable to Eagle. American firms likely bear some blame, as well. On February 15, just prior to the revolution, regime officials reportedly met in Barcelona with officials from Narus, a Boeing subsidiary, to discuss Internet-filtering software. And the Human Rights Watch photos also clearly show a manual for a satellite phone monitoring system sold by a subsidiary of L-3 Communications, a defense conglomerate based in New York.

https://www.schneier.com/blog/archives/2012/06/interesting_art.html

Jamming Tripoli: Inside Moammar Gadhafi’s Secret Surveillance Network

He once was known as al-Jamil—the Handsome One—for his chiseled features and dark curls. But four decades as dictator had considerably dimmed the looks of Moammar Gadhafi. At 68, he now wore a face lined with deep folds, and his lips hung slack, crested with a sparse mustache. When he stepped from the shadows of his presidential palace to greet Ghaida al-Tawati, whom he had summoned that evening by sending one of his hulking female bodyguards to fetch her, it was the first time she had seen him without his trademark sunglasses; his eyes were hooded and rheumy. The dictator was dressed in a white Puma tracksuit and slippers. How tired and thin he looked in person, Tawati thought.

It was February 10, 2011, and Libya was in an uproar. Two months earlier, in neighboring Tunisia, a street vendor named Mohammed Bouazizi had set himself on fire after a policewoman beat him and confiscated his wares. It was the beginning of the Arab Spring, a series of uprisings, revolutions, and civil wars that would radically alter the politics of the Middle East. In Libya, opponents of the Gadhafi regime had called for a day of protest on February 17, to mark the anniversary of a 2006 protest in the city of Benghazi, where security forces had killed 11 demonstrators and wounded dozens more.

Tawati was one of the most outspoken dissidents blogging openly from inside Libya. Thirty-four years old, with a gravelly childlike voice and singsong laugh that belied her deep stubbornness, she had come to political consciousness during the mid-2000s, at a time when Gadhafi, seeking reconciliation with the West, had ceased using his most heavy-handed tactics of repression—such as outright massacres—and allowed a modicum of public dissent. During her university days, when the Internet had begun to ease the country’s isolation, Tawati took naturally to the roles of gadfly and outsider. Her parents had divorced when she was young; in Libya’s deeply conservative culture, growing up with a single mother made her a social outcast. The injustice she experienced as a child led her to critique the injustice of the dictatorial regime, particularly on women’s issues—for example, she blogged about a sexual abuse scandal at a home for unwed mothers institutionalized by the Gadhafi government. Over time she won a modest following online. As the planned protests of February 17 approached, Tawati, always prone to impassioned rhetoric, blogged that if Libyans failed to turn out for the demonstrations she would burn herself just as Bouazizi had done. Somehow Gadhafi himself had heard news of this threat and decided he needed to meet her.

Despite the dictator’s haggard appearance, his manner remained confident and effusive. When he wanted to be, Gadhafi was a legendary charmer, a man deeply at ease with ordinary Libyans. He shook Tawati’s hand and patted her shoulder paternally, directing her to sit next to him on the sofa. He asked her about her health, her family, where she was from. He asked her who had taught her to write. She told him about her demands for greater openness and accountability in Libya, taking care not to criticize him directly. He seemed sympathetic, nodding at various points. Finally she worked up the courage to ask him why the government had blocked YouTube several months earlier.

Gadhafi acted oblivious. “Is it switched off?” he asked.

“Despite television being a rather tough nut to crack, Intel is apparently hoping that its upcoming set-top box and subscription service will be its golden ticket to delivering more Intel processors to the living room. The service would be a sort of specialized virtual cable subscription that would combine a bundle of channels with on demand content. So what’s Intel’s killer feature that distinguishes it from the vast and powerful competition? Granular ratings that result in targeted ads. Intel is promising technology in a set-top box that can distinguish who is watching, potentially allowing Intel to target advertising. The technology could potentially identify if the viewer is an adult or a child, male or female, and so on, through interactive features and face recognition technology.”

http://entertainment.slashdot.org/story/12/06/09/0012247/intel-to-launch-tv-service-with-facial-recognition-by-end-of-the-year

http://fullcomment.nationalpost.com/2012/06/13/jesse-kline-britains-government-chooses-security-over-liberty-with-internet-spying-plan/

. June 21, 2012 at 5:43 pm

Have Your Fingerprints Read From 6 Meters Away

“A new startup has technology to read fingerprints from up to 6 meters away. IDair currently sells to the military, but they are beta testing it with a chain of 24-hour fitness centers that want to restrict sharing of access cards. IDair also wants to sell this to retail stores and credit card companies as a replacement for physical cards. Lee Tien from the EFF notes that the security of such fingerprint databases is a privacy concern.”

Anon July 3, 2012 at 1:12 pm

Cops in USA to drive around in pornoscannerwagons, covertly irradiating people and looking through their cars and clothes

http://boingboing.net/2012/07/02/cops-in-usa-to-drive-around-in.html

. July 10, 2012 at 10:01 pm

Chinese Censors Are Being Watched

“The Economist is reporting on two research teams, one at Harvard and another at the University of Hong Kong, who have developed software to detect what posts to Chinese social media get censored. ‘The team has built up a database comprising more than 11m posts that were made on 1,382 Chinese internet forums. Perhaps their most surprising result is that posts critical of the government are not rigorously censored. On the other hand, posts that have the purpose of getting people to assemble, potentially in protest, are swept from the internet within a matter of hours.’ Chinese censors may soon have to deal with an unprecedented transparency of their actions.”

. July 10, 2012 at 10:03 pm

Executive Order Grants US Gov’t New Powers Over Communication Systems

President Obama has issued a new executive order: ‘Assignment of National Security and Emergency Preparedness Communications Functions.’ EPIC reports: ‘The Executive Order grants new powers to the Department of Homeland Security, including the ability to collect certain public communications information. Under the Executive Order the White House has also granted the Department the authority to seize private facilities when necessary, effectively shutting down or limiting civilian communications.’

. July 10, 2012 at 11:23 pm

Law Enforcement Demanded Cell Phone User Info Well Over 1.3 Million Times Last Year

Federal, state, and local law enforcement agencies have made over 1.3 million demands for user cell phone data in the last year, “seeking text messages, caller locations and other information.” The New York Times called the new findings proof of “an explosion in cellphone surveillance” in the United States — much of it done without a warrant. It’s time for cell phone companies to start producing regular transparency reports about the data they hand to the government. And Congress should see this as a call-to-action to pass robust privacy legislation mandating warrants for cell phone subscriber, cell tower, and GPS data.

. July 19, 2012 at 6:58 pm
. July 19, 2012 at 7:10 pm

RT had a very interesting interview with former NSA official turned whistleblower Thomas A. Drake, who said, ‘Security has effectively become the State religion; you don’t question it. And if you question it, then your loyalty is questioned.’ ‘Speaking truth of power is very dangerous in today’s world,’ he added. The interviewer pointed out that investigative journalists are labeled as ‘terrorist helpers’ for trying to reveal the truth, to which Drake said the government’s take is ‘you go after the messenger because the last thing you want to do is deal with the message.

. July 19, 2012 at 7:12 pm
. July 28, 2012 at 9:07 pm
. August 17, 2012 at 3:11 pm

The Sixth Circuit Court of Appeals has held that it is okay for police to track your cellphone signal without a warrant. Using information about the cell tower that a prepaid cell phone was connected to, the police were able to track a suspected drug smuggler. Apparently, keeping your cellphone on is authorization for the police to know where you are. According to the ruling (PDF), ‘[The defendant] did not have a reasonable expectation of privacy in the data emanating from his cell phone that showed its location.’ Also, ‘if a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal.’”

. August 23, 2012 at 1:02 pm

“Australia’s parliament has passed a bill that will allow law enforcement agencies to force internet service providers to store data on subscribers while an official warrant is sought. The changes move Australia closer to its two-year-old proposal to accede to the 2004 Council of Europe Convention on Cybercrime, designed to assist with international cybercrime investigations through sharing of information on persons of interest, among other avenues.”

. August 24, 2012 at 2:56 pm

Few of Afghanistan’s 30m people have a birth certificate, a second name or can read. Yet America’s army and the Afghan government have collected digital records of more than 2.5m of them. Anyone arrested or imprisoned, or who seeks to join the army or police, is scanned. So are those, such as labourers, who attempt to get into a coalition military base. Each is checked against watchlists of suspects. Last year biometric machines were also put at all border crossings. In hotly contested areas any “fighting-age males”, meaning those between 15 and 70, may be scanned compulsorily.

. August 24, 2012 at 3:02 pm

WHEN investigators try to discover what caused an airliner to crash, the first thing they hope to find are the flight data recorders, popularly known as “black boxes”. These devices, usually painted bright orange, record how the aircraft was flying and the last 30 minutes or so of conversation in the cockpit. The information extracted from them has helped to determine the cause of air crashes and to improve aviation safety. Similar recording systems are fitted to some trains, ships and lorries. Now a bill in America’s Congress seeks to make it compulsory for data recorders to be fitted to all cars by 2015.

The idea is that data captured by the recorders would give investigators and road-safety officials a better understanding of how certain crashes come about. It would also help police and insurance companies to apportion blame. What many drivers may not realise, however, is that most cars already record data if they are involved in an accident, and that this information can be read by anyone with the right kit.

The technology that America’s lawmakers want to be made compulsory was originally intended for another purpose. With the widespread adoption of airbags, which began in the late 1980s, General Motors (GM), an airbag pioneer, wanted better analysis of how airbags were deployed, to improve their reliability and effectiveness. To obtain the data it required, GM began fitting a small memory unit to the electronic module that triggers the airbags. Ford, Chrysler and other carmakers followed suit. Around 80% of the cars sold in America now have these devices, called event data recorders (EDRs).

. August 24, 2012 at 3:06 pm

Online shoppers let slip plenty of information about themselves that could be of use to crafty salesmen. Cookies reveal where else they have been browsing, allowing some guesses about their income bracket, age and sex. Their internet address can often be matched to their physical address: the richer the neighbourhood, the deeper the pockets, it may be assumed. Apple computer-owners are on average better-off than Windows PC users, and firms may offer them pricier options, as Orbitz, a travel website, is doing. Your mouse may also be squeaking on you: click too quickly from home-page to product page to checkout, and the seller can conclude that you have already decided to buy—so why offer you a discount?

. August 24, 2012 at 3:17 pm

A BIG BANK hires a star analyst from another firm, promising to pay a substantial bonus if the new hire increases revenue or cuts costs. In banking this happens all the time, but this deal differs from the rest in one small detail: the new hire, Watson, is an IBM computer.

Watson became something of a celebrity after beating the champion human contestants on “Jeopardy”, an American quiz show. Its skill is to be able to process millions of documents quickly by reading and “understanding” ordinary written language. Computers have no trouble with searching data neatly sorted in databases. Watson’s claim to fame is that it can do the same with “unstructured data” such as those found in e-mails, news reports, books and websites. IBM hopes that Watson may, in time, do some of the work that human analysts do now, such as reading the financial pages of newspapers, looking at thousands of company results and forecasts and producing a list of companies that might be takeover targets soon.

Citigroup has hired Watson to help it decide what new products and services (such as loans or credit cards) to offer its customers. The bank doesn’t say so, but Watson’s first job may well be to try to cut down on fraud and look for signs of customers becoming less creditworthy. If so, Watson will be following other computers designed to deal with “big data”. Across a slew of new firms in Silicon Valley and in big banks across the world, a range of new ideas is being tried to crunch data. Some have the potential to change banking from the bottom up.

The firm that has perhaps gone furthest in finding useful connections in disparate databases is Palantir Technologies, which takes its name from the magical all-seeing crystal balls of J.R.R. Tolkien’s mythology. It was founded by a group of PayPal alumni and backed by Peter Thiel, one of PayPal’s co-founders. Its speciality is building systems that pull together information from different places and try to find connections. Some of its earliest adopters have been spy agencies. In America the CIA and the FBI use it to connect individually innocuous activities such as taking flying lessons and receiving money from abroad to spot potential terrorists. Its other main market is in banking, where big firms such as JPMorgan and Citi use it for a range of activities from structuring equity derivatives to reducing loan losses.

. August 24, 2012 at 3:31 pm

Some bars and clubs are using a novel technology to help partygoers decide where to party. SceneTap, an American start-up, uses cameras to scan the faces of those who enter and leave participating establishments. Its software then guesses each person’s age and sex. Aggregated data are streamed to a website and mobile app. This allows punters to see which bars are busy, the average age of revellers and the all-important male-to-female ratio.

Bar owners gain publicity and intelligence about their customers. Did a promotion aimed at women attract many? Since drinks are often paid for in cash and by men, it used to be hard to tell.

SceneTap’s cameras are watching more than 100 American watering holes. But they are controversial. The app could make life irksome for large groups of women, by summoning hordes of predatory males. So SceneTap has fixed its software to mask extreme sex imbalances. That will please bar owners, who would prefer not to admit when they are packed with men. But it will disappoint precisely the people most likely to use the app.

. August 28, 2012 at 12:08 pm
. August 29, 2012 at 12:10 am

Big Brother on a budget: How Internet surveillance got so cheap

Deep packet inspection, petabyte-scale analytics create a “CCTV for networks.”

When Libyan rebels finally wrested control of the country last year away from its mercurial dictator, they discovered the Qaddafi regime had received an unusual gift from its allies: foreign firms had supplied technology that allowed security forces to track nearly all of the online activities of the country’s 100,000 Internet users. That technology, supplied by a subsidiary of the French IT firm Bull, used a technique called deep packet inspection (DPI) to capture e-mails, chat messages, and Web visits of Libyan citizens.

The fact that the Qaddafi regime was using deep packet inspection technology wasn’t surprising. Many governments have invested heavily in packet inspection and related technologies, which allow them to build a picture of what passes through their networks and what comes in from beyond their borders. The tools secure networks from attack—and help keep tabs on citizens.

Narus, a subsidiary of Boeing, supplies “cyber analytics” to a customer base largely made up of government agencies and network carriers. Neil Harrington, the company’s director of product management for cyber analytics, said that his company’s “enterprise” customers—agencies of the US government and large telecommunications companies—are ”more interested in what’s going on inside their networks” for security reasons. But some of Narus’ other customers, like Middle Eastern governments that own their nations’ connections to the global Internet or control the companies that provide them, “are more interested in what people are doing on Facebook and Twitter.”

. August 29, 2012 at 12:30 am

NetFalcon is targeted at very specific audiences: law enforcement agencies, telecom carriers and large ISPS, and very large companies in heavily regulated or secretive industries willing to pay for what amounts to an intelligence community grade solution. But for other organizations that already have application firewalls, intrusion detection systems or other DPI systems installed, there may not be a budget or need for Bivio’s type of technology. Take, for example, the University of Scranton, which uses Splunk to drive its information security operations.

Unlike NetFalcon, Splunk “is a huge database, but it doesn’t come with preconfigured alerts,” said Anthony Maszeroski, Information Security Manager at the University of Scranton (located in Scranton, Pennsylvania). The university has about 5,200 students—about half of whom live on campus—and has turned Splunk into the hub of its network security operations, using it to automate a large percentage of its responses to emerging threats.

Maszeroski said the IT department at Scranton pulls in data from a variety of systems. The campus’ wireless and wired routers send logs for Dynamic Host Configuration Protocol and Network Address Translation events to Splunk, which includes the physical MAC address of the devices connecting with a timestamp. This allows administrators to search the database by device address and follow where they’ve connected from on campus. The database also pulls in information on outbound DNS queries and other types of application traffic, enterprise system logs, and events from the University’s intrusion prevention system. The Splunk database of the University of Scranton Information Security Office is “close to a terabyte” in size, Maszeroski said, and “our standard op procedure is to throw everything away after 90 days. We’re also limited by budget and storage capacity.”

. September 4, 2012 at 10:56 am

Anonymous reminds Apple that UDIDs are creepy

Web-based hacker collective Anonymous published 1 million Apple UDIDs on the web early this morning from a trove of 12 million that it allegedly stole from an FBI agent’s laptop in March. Buried within the rambling, bizarre missive from the group about why it published these unique device identifiers — besides attempting to embarrass the FBI for tracking that many iOS devices, and creating general mayhem — was a pointed comment about Apple’s decision to use and publish UDIDs in the first place with iOS devices.

. September 4, 2012 at 4:25 pm

Most Torrent Downloaders Are Monitored, Study Finds

A new study from Birmingham University in the U.K. found that people will likely be monitored within hours of downloading popular torrents by at least one of ten or more major monitoring firms. The team, led by security researcher Tom Chothia, ran software that acted like a BitTorrent client for three years and recorded all of the connections made to it.

. September 4, 2012 at 8:58 pm

Appelbaum: Cell phones are tracking devices that make phone calls. It’s sad, but it’s true. Which means software solutions don’t always matter. You can have a secure set of tools on your phone, but it doesn’t change the fact that your phone tracks everywhere you go. And the police can potentially push updates onto your phone that backdoor it and allow it to be turned into a microphone remotely, and do other stuff like that. The police can identify everybody at a protest by bringing in a device called an IMSI catcher. It’s a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybody’s cell phones will automatically jump onto the tower, and if the phone’s unique identifier is exposed, all the police have to do is go to the phone company and ask for their information.

Resnick: So phones are tracking devices. They can also be used for surreptitious recording. Would taking the battery out disable this capability?

Appelbaum: Maybe. But iPhones, for instance, don’t have a removable battery; they power off via the power button. So if I wrote a backdoor for the iPhone, it would play an animation that looked just like a black screen. And then when you pressed the button to turn it back on it would pretend to boot. Just play two videos.

Resnick: And how easy is it to create something like to that?

Appelbaum: There are weaponized toolkits sold by companies like FinFisher that enable breaking into BlackBerries, Android phones, iPhones, Symbian devices and other platforms. And with a single click, say, the police can own a person, and take over her phone.

. September 11, 2012 at 2:31 pm

EFF Sues for Answers About Illegal Government Email and Phone Call Surveillance

Washington, D.C. – The Electronic Frontier Foundation (EFF) sued the Department of Justice (DOJ) today, demanding answers about illegal email and telephone call surveillance at the National Security Agency (NSA).

The FISA Amendments Act (FAA) of 2008 gave the NSA expansive power to spy on Americans’ international email and telephone calls. However, last month, in a letter to Senator Ron Wyden, a government official publicly disclosed that the NSA’s surveillance had gone even further than what the law permits, with the Foreign Intelligence Surveillance Court (FISC) issuing at least one ruling calling the NSA’s actions unconstitutional. The government further disclosed that the FISC had determined the government’s surveillance violated the spirit of the law on at least one occasion, as well. EFF’s Freedom of Information Act (FOIA) lawsuit seeks disclosure of any written opinions or orders from FISC discussing illegal government surveillance, as well as any briefings to Congress about those violations.

. September 13, 2012 at 1:33 pm
. September 15, 2012 at 7:40 pm

Cops might finally need a warrant to read your Gmail

Major surveillance law change arrives in the Senate—and it might well pass.

Right now, if the cops want to read my e-mail, it’s pretty trivial for them to do so. All they have to do is ask my online e-mail provider. But a new bill set to be introduced Thursday in the Senate Judiciary Committee by its chair, Sen. Patrick Leahy (D-VT), seems to stand the best chance of finally changing that situation and giving e-mail stored on remote servers the same privacy protections as e-mail stored on one’s home computer.

When Congress passed the 1986 Electronic Communications Privacy Act (ECPA), a time when massive online storage of e-mail was essentially unimaginable, it was presumed that if you hadn’t actually bothered to download your e-mail, it could be considered “abandoned” after 180 days. By that logic, law enforcement would not need a warrant to go to the e-mail provider or ISP to get the messages that are older than 180 days; police only need to show that they have “reasonable grounds to believe” the information gathered would be useful in an investigation. Many Americans and legal scholars have found this standard, in today’s world, problematic.

Leahy, who was one of ECPA’s original authors, proposed similar changes in May 2011, but that was never even brought to a vote in the committee. The new version, which keeps the most important element of the 2011 proposal, will be incorporated into a larger bill aimed at revising the 1988 Video Privacy Protection Act (VPPA).

. September 15, 2012 at 10:16 pm

Congress report warns: drones will track faces from the sky

With the FAA working on rules to integrate drones into airspace safety by 2015, the US government’s Congressional Research Service has warned of gaps in how American courts might treat the use of drones.

The snappily-headlined report, Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses (PDF here), notes drones now in use can carry thermal imaging, high-powered cameras, license plate readers and LIDAR (light detection and ranging). “Soft” biometrics and facial recognition won’t be far behind, the report suggests, allowing drones to “recognize and track individuals based on attributes such as height, age, gender, and skin color.”

“The relative sophistication of drones contrasted with traditional surveillance technology may influence a court’s decision whether domestic drone use is lawful under the Fourth Amendment,” the report compiled by legislative attorney Richard Thompson II states.

. October 5, 2012 at 3:57 pm

Starting Next Year, Brazil Wants To Track All Cars Electronically

“As of January, Brazil intends to put into action a new system that will track vehicles of all kinds via radio frequency chips. It will take a few years to accomplish, but authorities will eventually require all vehicles to have an electronic chip installed, which will match every car to its rightful owner. The chip will send the car’s identification to antennas on highways and streets, soon to be spread all over the country. Eventually, it will be illegal to own a car without one. Besides real time monitoring of traffic conditions, authorities will be able to integrate all kinds of services, such as traffic tickets, licensing and annual taxes, automatic toll charge, and much more. Benefits also include more security, since the system will make it harder for thieves to run far away with stolen vehicles, much less leave the country with one.”

. November 13, 2012 at 6:41 pm

Petraeus scandal: This is the national-security establishment turning the surveillance apparatus on itself

From Patrick Radden Keefe, in the New Yorker: “The serialized revelations that have unfolded since Friday—when Petraeus, who left the military as a four-star general, resigned from the C.I.A. because of an affair—are, to say the least, honeyed with irony. In the decade following September 11, 2001, the national-security establishment in this country devised a surveillance apparatus of genuinely diabolical creativity—a cross-hatch of legal and technical innovations that (in theory, at any rate) could furnish law enforcement and intelligence with a high-definition early-warning system on potential terror events. What it’s delivered, instead, is the tawdry, dismaying, and wildly entertaining spectacle that ensues when the national-security establishment inadvertently turns that surveillance apparatus on itself.”

. November 13, 2012 at 9:34 pm

Government Surveillance Growing, According To Google

In a blog post, Google senior policy analyst Dorothy Chou says, ‘ [G]overnment demands for user data have increased steadily since we first launched the Transparency Report.’ In the first half of 2012, the period covered in the report, Chou says there were 20,938 inquiries from government organizations for information about 34,614 Google-related accounts. Google has a long history of pushing back against governmental demands for data, going back at least to its refusal to turn over search data to the Department of Justice in 2005. Many other companies have chosen to cooperate with government requests rather than question or oppose them, but Chou notes that in the past year, companies like Dropbox, LinkedIn, Sonic.net and Twitter have begun making government information requests public, to inform the discussion about Internet freedom and its limits. According to the report, the U.S. continues to make the most requests for user data, 7,969 in the first six months of the year. Google complied with 90% of these requests. Google’s average compliance rate for the 31 countries listed in the report is about 47%.

. November 19, 2012 at 3:45 pm

Will the scandal surrounding David Petraeus, General John Allen, Paula Broadwell, Jill Kelley, and a shirtless F.B.I. agent turn into the same sort of eureka moment that Congress experienced when Bork was, as the saying now goes, “borked”? Although the lustful portion of the Petraeus scandal is hardly disappearing — who else will be drawn into it, and when will we read the emails? — attention is turning toward the apparent ease with which the F.B.I. accessed the electronic communication of Petraeus, Broadwell, Kelley, and Allen. The exact circumstances of how the F.B.I. got its hands on all this material remains to be revealed — for instance, whether search warrants were obtained for everything — but the bottom line appears to be that the F.B.I. accessed a vast array of private information and seriously harmed the careers of at least Petraeus and Broadwell without, as of yet, filing a criminal complaint against anybody. As the law professor and privacy expert James Grimmelmann tweeted the other day, “The scandal isn’t what’s illegal; the scandal is what’s legal (or what the FBI thinks is legal).”

In recent years, a handful of privacy activists — led by the A.C.L.U., the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the Center for Democracy & Technology — have filed lawsuits and requested official documents in an effort to reveal and challenge the government’s vast surveillance powers. For the most part, they have not succeeded in changing things; the Petraeus scandal appears to show just how much surveillance the F.B.I. and other law enforcement agencies can conduct without a judge or a company telling them “no, you can’t have that.”

There’s a particularly cruel irony in all of this: If you contact your cell-phone carrier or Internet service provider or a data broker and ask to be provided with the information on you that they provide to the government and other companies, most of them will refuse or make you jump through Defcon levels of hops, skips, and clicks. Uncle Sam or Experian can easily access data that shows where you have been, whom you have called, what you have written, and what you have bought — but you do not have the same privileges.

. November 19, 2012 at 3:59 pm

Ms. Broadwell apparently attempted to shield her identity by using anonymous email accounts. However, it appears that her efforts were thwarted by sloppy operational security and the data retention practices of the companies to whom she entrusted her private data.

The New York Times reported that “[b]ecause the sender’s account had been registered anonymously, investigators had to use forensic techniques—including a check of what other e-mail accounts had been accessed from the same computer address—to identify who was writing the e-mails.”

Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from. Although these records reveal sensitive information, including geo-location data associated with the target, US law currently permits law enforcement agencies to obtain these records with a mere subpoena—no judge required.

. November 20, 2012 at 6:43 pm

DON’T MESS UP It is hard to pull off one of these steps, let alone all of them all the time. It takes just one mistake — forgetting to use Tor, leaving your encryption keys where someone can find them, connecting to an airport Wi-Fi just once — to ruin you.

“Robust tools for privacy and anonymity exist, but they are not integrated in a way that makes them easy to use,” Mr. Blaze warned. “We’ve all made the mistake of accidentally hitting ‘Reply All.’ Well, if you’re trying to hide your e-mails or account or I.P. address, there are a thousand other mistakes you can make.”

In the end, Mr. Kaminsky noted, if the F.B.I. is after your e-mails, it will find a way to read them. In that case, any attempt to stand in its way may just lull you into a false sense of security.

Some people think that if something is difficult to do, “it has security benefits, but that’s all fake — everything is logged,” said Mr. Kaminsky. “The reality is if you don’t want something to show up on the front page of The New York Times, then don’t say it.”

. November 23, 2012 at 9:32 am

Saudi Arabia Implements Electronic Tracking System For Women

“Denied the right to travel without consent from their male guardians and banned from driving, women in Saudi Arabia are now monitored by an electronic system that tracks any cross-border movements. Since last week, Saudi women’s male guardians began receiving text messages on their phones informing them when women under their custody leave the country, even if they are travelling together. ‘The authorities are using technology to monitor women,’ said columnist Badriya al-Bishr, who criticised the ‘state of slavery under which women are held’ in the ultra-conservative kingdom. Women are not allowed to leave the kingdom without permission from their male guardian, who must give his consent by signing what is known as the ‘yellow sheet’ at the airport or border.”

. December 2, 2012 at 1:44 pm

The imbroglio centers around a system called Palantir, which teases out connections from giant mounds of data, and visualizes those links in ways that even knuckle-draggers can understand. With its slick interface and its ability to find hidden relationships, Palantir has attracted a cult of fanboys in the military and intelligence communities not unlike the one Apple has amassed in the consumer gadget world.

The problem is the Army already has a $2.3 billion system that does what Palantir is supposed to do — plus several dozen more things, besides. The DCGS-A (“Distributed Common Ground System – Army”) is meant to be the one resource that Army intel analysts can use to find links between events, build dossiers on high-level targets, and plot out patterns in enemy attacks. Accessing 473 data sources for 75 million reports, it’s supposed to be the primary source for mining intelligence and surveillance data on the battlefield — everything from informants’ tips to satellites’ images to militants’ fingerprints.

But many in the military found DCGS-A too complicated, too hackable, and not nearly reliable enough. And the Palantir crowd, they just wouldn’t quit pushing for their favorite software, even though Palantir was something of a roach motel of intelligence data — once inside, it was hard to export information to other systems.

. December 7, 2012 at 12:33 am

UN’s International Telecommunications Union sets out to standardize bulk surveillance of Internet users by oppressive governments

The International Telecommunications Union, a UN agency dominated by veterans of incumbent telcoms who mistrust the Internet, and representatives of repressive governments who want to control it, have quietly begun the standardization process for a kind of invasive network spying called “deep packet inspection” (DPI). Other standards bodies have shied away from standardizing surveillance technology, but the ITU just dived in with both feet, and proposed a standard that includes not only garden-variety spying, but also spying “in case of a local availability of the used encryption key(s)” — a situation that includes the kind of spying Iran’s government is suspected of engaging in, when an Iranian hacker stole signing keys from the Dutch certificate authority DigiNotar, allowing for silent interception of Facebook and Gmail traffic by Iranian dissidents.

. December 7, 2012 at 2:57 pm

BBC – Future – Technology – Can disguises fool surveillance technology?

Antivirus pioneer John McAfee, who recently fled from Belize after his neighbour was shot dead, supposedly used disguises to outwit his pursuers. Could technology have spotted what humans failed to see?

Stick on a fake moustache. Add some glasses. Dye your hair. And perhaps pop on a hat. If you are a man – or woman – on the run in the movies then this kind of low-tech disguise is all that is needed to evade the authorities.

But, in a case of life imitating art, a similar array of tactics seems to have met with some success in the real world.

One of the more bizarre news stories of recent weeks concerns John McAfee, founder of the eponymous anti-virus software company, going on the run from the Belize police. According to his blog, McAfee disguised himself by colouring his hair and beard grey, darkening his face with shoe polish, padding his cheeks with bubble gum and stuffing his right nostril to give it – in McAfee’s own words, “an awkward, lopsided, disgusting appearance”.

. December 13, 2012 at 4:33 pm

City buses across America increasingly have hidden microphones that track and record the conversations that take place on them. It’s easy to see the reasoning behind this: once it’s acceptable to video-record everything and everyone on a bus because some crime, somewhere was thus thwarted, then why not add audio? If all you need to justify an intrusion into privacy is to show that some bad thing, somewhere, can be so prevented, then why not? After all, “If you’ve got nothing to hide…”

. January 1, 2013 at 8:37 pm

Store video cameras failing to comply with privacy laws

Not a single store in Toronto’s Eaton Centre had proper signage about cameras

. January 1, 2013 at 8:39 pm

Massive New Surveillance Program Uncovered by Wall Street Journal

he Wall Street Journal reported today that the little-known National Counterterrorism Center, based in an unmarked building in McLean, Va., has been granted sweeping new authority to store and monitor massive datasets about innocent Americans.

After internal wrangling over privacy and civil liberties issues, the Justice Department reportedly signed off on controversial new guidelines earlier this year. The guidelines allow the NCTC, for the first time, to keep data about innocent U.S. citizens for up to five years, using “predictive pattern-matching,” to analyze it for suspicious patterns of behavior. The data the counterterrorism center has access to, according to the Journal, includes “entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others.”

Notably, the Journal reports that these changes also allow databases about U.S. civilians to be handed over to foreign governments for analysis, presumably so that they too can attempt to determine future criminal actions. The Department of Homeland Security’s former chief privacy officer said that it represents a “sea change in the way that the government interacts with the general public.”

. January 9, 2013 at 1:21 am

Texas school can force teenager to wear locator chip: judge

(Reuters) – A public school district in Texas can require students to wear locator chips when they are on school property, a federal judge ruled on Tuesday in a case raising technology-driven privacy concerns among liberal and conservative groups alike.

. January 11, 2013 at 11:48 am

FBI Documents Shine Light on Clandestine Cellphone Tracking Tool

Posted Thursday, Jan. 10, 2013, at 2:14 PM ET

The FBI calls it a “sensitive investigative technique” that it wants to keep secret. But newly released documents that shed light on the bureau’s use of a controversial cellphone tracking technology called the “Stingray” have prompted fresh questions over the legality of the spy tool.

Functioning as a so-called “cell-site simulator,” the Stingray is a sophisticated portable surveillance device. The equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network. The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design Stingrays, sometimes called “IMSI catchers,” collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service—which critics say violates a federal communications law.

The FBI has maintained that its legal footing here is firm. Now, though, internal documents obtained by the Electronic Privacy Information Center, a civil liberties group, reveal the bureau appears well aware its use of the snooping gear is in dubious territory. Two heavily redacted sets of files released last month show internal Justice Department guidance that relates to the use of the cell tracking equipment, with repeated references to a crucial section of the Communications Act which outlines how “interference” with communication signals is prohibited.

Will S. February 1, 2013 at 12:20 am

I prefer to watch your sister!

. March 8, 2013 at 11:16 pm

Chinese Skype Surveillance Trigger Words Uncovered by Researcher
By Ryan Gallagher | Posted Friday, March 8, 2013, at 6:25 PM

There is one thing that binds the phrases “kinky cinema,” “hired killer,” and “throwing eggs.” If you type any one of them into a special eavesdropping-enabled version of Skype used in China, you could find yourself under surveillance.

That’s according to a research project by Jeffrey Knockel, a computer-science graduate student at the University of New Mexico, Albuquerque. As Bloomberg Businessweek reported today, Knockel recently found a way to bypass encryption used by a version of Skype designed specifically for Chinese users, and in doing so uncovered secret keyword lists used in China to monitor Skype users’ communications.

According to the 27-year-old researcher, the software has a built-in surveillance blacklist that scans messages sent between users for specific words and phrases. If a user types one of the offending phrases into the Skype text chat, it triggers an alert—sending a copy back to a centralized computer server and flagging who sent the message and when.

Anon March 10, 2013 at 12:06 am

Harvard secretly searched e-mails

Harvard University central administrators secretly searched the e-mail accounts of 16 resident deans last fall, looking for a leak to the media about the school’s sprawling cheating case, according to several Harvard officials interviewed by the Globe.

The resident deans sit on Harvard’s Administrative Board, the committee charged with handling the cheating case. They were not warned that administrators planned to access their accounts, and only one was told of the search shortly afterward.

The dean who was informed had forwarded a confidential Administrative Board message to a student he was advising, not realizing it would ultimately make its way to the Harvard Crimson and the Globe and fuel the campus controversy over the cheating scandal.

. March 17, 2013 at 10:43 pm

Facebook finally admits to tracking non-users

In a series of interviews with USAToday, Facebook has finally revealed how it tracks users and non-users across the web, gathering huge amount of data as it does so. Says ABCNews/USAToday:

Facebook officials are now acknowledging that the social media giant has been able to create a running log of the web pages that each of its 800 million or so members has visited during the previous 90 days. Facebook also keeps close track of where millions more non-members of the social network go on the Web, after they visit a Facebook web page for any reason.

. March 17, 2013 at 10:43 pm

Bruce Schneier – “The Internet is a surveillance state

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy.

This isn’t something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; there are lots of ways to be tracked without cookies. Cellphone companies routinely undo the web’s privacy protection. One experiment at Carnegie Mellon took real-time videos of students on campus and was able to identify one-third of them by comparing their photos with publicly available tagged Facebook photos.

. March 25, 2013 at 11:26 pm

U.S. to let spy agencies scour Americans’ finances

(Reuters) – The Obama administration is drawing up plans to give all U.S. spy agencies full access to a massive database that contains financial data on American citizens and others who bank in the country, according to a Treasury Department document seen by Reuters.

anon April 4, 2013 at 1:15 pm

According to the ACLU’s Principal Technologist Christopher Soghoian, Ph.D., the real issue lies in the Communications Assistance for Law Enforcement Act or CALEA which was passed in 1994.

Soghoian told SecurityWatch this law, “mandated that industries build in intercept capabilities to their networks.” These industries included phone and broadband companies, but not companies like Apple. iMessage is also different from normal text messaging because it both encrypts the message and sends it peer-to-peer between iPhones, without touching a carrier’s network.

Another critical aspect of CALEA deals with encrypted messaging, mainly that it is exempt from all wireless surveillance. Soghoian explained that communications, “encrypted with a key not known to the company […] cannot be intercepted.” So in a situation where the decryption keys are handled on the device, and not by whomever is delivering the messages, then law enforcement must ignore the message entirely.

This issue was mentioned in the DEA report, quoted by CNet: “iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider.” However, the report notes that depending on where the intercept is placed, messages sent to other phones can be read. This is likely because those communications are not encrypted, and are therefore visible to law enforcement under CALEA.

Bugs Bunny (WB) April 4, 2013 at 6:01 pm
. April 12, 2013 at 5:33 pm

With this fuller history, Lapsley lays out the foundations of the systems we live in now. Not the specific tools we use, which are rotating into obsolescence in an accelerating blur, but the systems our tools are embedded within, and our notions of security, freedom, criminality, privacy. During the years that AT&T was struggling to invent a new phone technology, they also forged new legal justifications for surveilling users and prosecuting hackers. By definition, they had no idea who was hiding from their billing system, so they set up a blanket surveillance program which tapped around 33 million phone calls between 1964 and 1970, recording more than a million and a half of them for further analysis. AT&T kept this program — code named Greenstar — a closely guarded secret, because they were pretty sure it was illegal, and they certainly didn’t want a court to confirm their suspicions. But this massive wiretapping program gave them a good idea who was defrauding their system, and it pointed them towards evidence that they could use in court. (In 1968, AT&T helped advise Congress on new legislation that made the Greenstar wiretapping retroactively legal. So that was one problem taken care of.)

Phone phreaks talked about getting busted by the phone company in a way that would sound silly if we were talking about AT&T or Google today. And it is indeed strange to think of Ma Bell’s quasi-governmental security force: hard-boiled guys in trench coats staking out phone booths, waiting for a hippie to toot a toy or beep a box. But part of the reason this seems strange is because corporations don’t really need the guys in trench coats anymore. The mechanisms of state and corporate surveillance are now completely embedded in our daily lives.

http://lareviewofbooks.org/article.php?type&id=1570&fulltext=1&media

anon April 18, 2013 at 11:32 am

Secrets of FBI Smartphone Surveillance Tool Revealed in Court Fight

http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/

. April 23, 2013 at 10:44 pm

Retail technology
We snoop to conquer
Security cameras are watching honest shoppers, too

“There’s no expectation of privacy when you go into a mall,” retorts one shopper-monitoring executive. A better answer is that retailers like American Apparel are analysing groups, not identifying individuals. Cameras set up to do anything fancier than traffic-counting are confined to a few test stores. Mobile-phone trackers identify phones, not their owners, says Will Smith of Euclid Analytics. Still, Euclid recommends telling customers that tracking is going on. “Companies that succeed in this space are companies that address privacy correctly,” he says.

. April 23, 2013 at 10:44 pm

Facebook data already inform lending decisions at Kreditech, a Hamburg-based start-up that makes small online loans in Germany, Poland and Spain. Applicants are asked to provide access for a limited time to their account on Facebook or another social network. Much is revealed by your friends, says Alexander Graubner-Müller, one of the firm’s founders. An applicant whose friends appear to have well-paid jobs and live in nice neighbourhoods is more likely to secure a loan. An applicant with a friend who has defaulted on a Kreditech loan is more likely to be rejected.

. April 23, 2013 at 10:59 pm

Song Chaoming, for instance, is a researcher at Northeastern University in Boston. He is a physicist, but he moonlights as a social scientist. With that hat on he has devised an algorithm which can look at someone’s mobile-phone records and predict with an average of 93% accuracy where that person is at any moment of any day. Given most people’s regular habits (sleep, commute, work, commute, sleep), this might not seem too hard. What is impressive is that his accuracy was never lower than 80% for any of the 50,000 people he looked at.

. May 24, 2013 at 12:33 am

If you’re going to build a protest movement, it might be better to stay off Facebook and Twitter because the cops are fully tuned into social media these days. The Open Source Intelligence Unit at London’s Metropolitan Police Service has a staff of seventeen who work seven days a week – to track social media feed back and to monitor community tension. Having a sense of humour and understanding of slang gives humans the edge over social media surveillance software, UK cops reckon. The British cops are worried about 4G mobile broadband though because it’ll generate much more data such as video.”

. June 5, 2013 at 12:39 am

WiSee is a reasearch project at the University of Washington; as described in this paper, it uses standard WiFi hardware to sense the location and movements of people within range of the signal. Using machine-learning, it maps specific interference patterns to specific gestures, so that it knows that — for example — you’re waving your hand in the air.

anon June 15, 2013 at 2:07 pm

IRS tracks your digital footprint

The IRS has quietly upgraded its technology so tax collectors can track virtually everything people do online.

The Internal Revenue Service is collecting a lot more than taxes this year — it’s also acquiring a huge volume of personal information on taxpayers’ digital activities, from eBay auctions to Facebook posts and, for the first time ever, credit card and e-payment transaction records, as it expands its search for tax cheats to places it’s never gone before.

anon June 15, 2013 at 3:48 pm

“According to a lawyer at a telecoms company and the retired boss of a large telecoms group operating in the United States, telecoms companies have long been required to employ technicians with security clearances who assist in government surveillance, but are not allowed to disclose their activities to their uncleared bosses. The same request may, perhaps, have been extended to web firms.”

http://www.economist.com/news/briefing/21579473-americas-national-security-agency-collects-more-information-most-people-thought-will

anon June 15, 2013 at 3:59 pm

“America’s energetic snooping is part of a broader global trend. Each year authorities in South Korea make more than 37m requests to see communications data stored about the country’s 50m people (police in Britain make about 500,000). New laws in Kenya let the government snoop on suspects indefinitely once an application is approved. India is considering a plan to route communications through government equipment, helping it to eavesdrop without alerting service providers. A report presented on June 4th by Frank La Rue, the UN’s special rapporteur on free expression, warned that broad interpretations of outdated laws were enabling sophisticated and invasive surveillance measures to flourish around the world. He called for governments to draw up new regulations that properly acknowledge the growing power of modern spying equipment.”

. June 15, 2013 at 4:58 pm

How Canada’s shadowy metadata-gathering program went awry

“This week’s revelations have made it clearer to the public that Canada, like other governments, is voraciously scouring the globe for telecommunications data trails – phone logs, Internet protocols and other “routing” information.”

More on metadata

CSE’s privacy rules revealed (sort of)

Décary speaks

“I am completely independent and operate at arms-length from the government. I have all the powers of a Commissioner under Part II of the Inquiries Act, including the power of subpoena, to access and review any information held by CSEC. We have secure offices on-site at CSEC. My employees have unobstructed access to CSEC systems, observe CSEC analysts first hand to verify how they conduct their work, interview them, and test information obtained against the contents of CSEC’s databases.

I verify that CSEC does not direct its foreign signals intelligence collection and IT security activities at Canadians — wherever they might be in the world — or at any person in Canada. CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting.

In the case of metadata, I verify that it is collected and used by CSEC only for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government.

At the time the new legislation was passed, CSE told us all in no uncertain terms that the ability to follow a foreign-intelligence-related communication into Canada was vital to the agency’s ability to function effectively in the modern world. For some reason the Commissioner seems to want to leave the impression that this only happens “unintentionally”.

Similarly, the Commissioner’s statement affirms that “CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting”, but it skips past the vital question of how often those partners may nonetheless supply information that CSE would not itself be permitted to collect.”

Tories deny Canadian spy agencies are targeting Canadians

More on CSE and the monitoring (or not) of Canadians

“Liberal MP Wayne Easter, who was minister responsible for the spy agency CSIS in 2002-03, told the Star that in the post-9/11 era a decade ago it was common for Canada’s allies to pass on information about Canadians that they were authorized to gather but Ottawa wasn’t.

The practice was, in effect, a back-door way for sensitive national security information to be shared, not with the government, but Communications Security Establishment Canada (CSEC) and, if necessary, the Canadian Security Intelligence Service (CSIS).”

Canada has tracked phone and Internet data for years

Opposition seeks parliamentary oversight of Canada’s spy agencies

Big Brother really is watching — and listening

You’re not paranoid, the government might be watching you: Walkom

“Defence Minister Peter MacKay says Ottawa’s electronic snooping agency doesn’t monitor Canadians. He’s wrong.

In fact, the little-known Communications Security Establishment Canada is specifically mandated to intercept telephone or Internet communications involving Canadians — as long as it does so in an effort to gather foreign intelligence.

As former Liberal solicitor-general Wayne Easter told my colleague Tonda MacCharles, during his time in government the NSA routinely passed on information about Canadians to Canada — through either CSEC itself or the Canadian Security Intelligence Service or the RCMP.”

CSE metadata monitoring began in 2005 or earlier

“In fact, such data are undoubtedly also collected to help determine the identities (or at least the communications addresses) of the people in Canada that CSE’s foreign intelligence targets are communicating with. The person at the Canadian end of the conversation would not be the “target” in such cases, but CSE would still want to monitor both ends of the communication in order to find out what the foreign target at the other end of the conversation was up to.

If the Canadian participant turned out to also be of intelligence interest, CSE would then pass that information to CSIS, the RCMP, or another relevant agency, which if it agreed would then obtain authorization to monitor the Canadian under its own legal procedures. That authorization, in turn, would clear the way for CSE to conduct further monitoring of the Canadian in fulfillment of Part C of its mandate.”

10 questions about Canada’s Internet spying

Spy agencies have turned our digital lives inside out. We need to watch them

“The NSA’s enormous new $1.2-billion complex in Utah will be able to handle and process five zettabytes of data, which former NSA technical director (and now whistleblower William Binney) estimates to be on the order of 100 years worth of all of the world’s communications.

In 2010, German Green Party politician Malte Spitz and Germany’s Die Zeit newspaper requested all of the metadata from Mr. Spitz’s phone carrier, Deutsch Telekom. The company sent back a CD containing 35,830 lines of code. “Seen individually, the pieces of data are mostly inconsequential and harmless,” wrote Die Zeit, “[but] taken together, they provide what investigators call a profile – a clear picture of a person’s habits and preferences, and indeed, of his or her life.”

Access to metadata, when combined with powerful computers and algorithms, can also allow entire social networks to be mapped in space and time with a degree of precision that is extraordinarily unprecedented, and extraordinarily powerful. Once analyzed, metadata can pinpoint not only who you are, but with whom you meet, with what frequency and duration, and at which locations. And it’s now big business for that very reason. A growing complex of top secret data analysis companies orbit the law enforcement, military, and intelligence communities offering Big Data analysis, further driving the need for yet more data.”

. June 15, 2013 at 5:23 pm

Is CSE metadata-mining Canadian call records?

“As part of ongoing collaborations with the Communications Security Establishment (CSE), we are applying unsupervised and semi-supervised learning methods to understand transactions on large dynamic networks, such as telephone and email networks. When viewed as a graph, the nodes correspond to individuals that send or receive messages, and edges correspond to the messages themselves. The graphs we address can be observed in real-time, include from hundreds to hundreds of thousands of nodes, and feature thousands to millions of transactions. There are two goals associated with this project: firstly, there is the semi-supervised learning task, and rare-target problem, in which we wish to identify certain types of nodes; secondly, there is the unsupervised learning task of detecting anomalous messages.”

Why Canadians Should Be Demanding Answers About Secret Surveillance Programs

“Canada has similar disclosure provisions as those found in the USA Patriot Act. For example, s. 21 of the Canadian Security Intelligence Act provides for a warrant that permits almost any type of communication interception, surveillance or disclosure of records for purpose of national security. To obtain such a warrant, the Director of the CSIS or a designate of the Solicitor General is required to file an application with a Federal Court judge. The application must contain an affidavit stating “the facts relied on to justify the belief, on reasonable grounds, that a warrant… is required”. The application must also outline why other investigative techniques are inappropriate. The warrant will typically last 60 days and is renewable on application. Section 21 orders could presumably also be applied to U.S. companies operating in Canada.

The section 21 warrant is arguably similar to a section 215 application made to the FISA Court. Both do not require probable cause and both can be used to obtain any type of records or any other tangible thing. Moreover, the target of both warrants need not be the target of the national security investigation.”

Canada and the NSA revelations

Canada is part of the eavesdropping network

Data-collection program got green light from MacKay in 2011

. June 17, 2013 at 2:18 pm

Q: Glenn Greenwald follow up: When you say “someone at NSA still has the content of your communications” – what do you mean? Do you mean they have a record of it, or the actual content?

A: Both. If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time – and can be extended further with waivers rather than warrants.

. June 23, 2013 at 12:24 pm

Brit spies GCHQ harvest all undersea cable comms, all UK calls and data, share with 850,000+ NSA spooks and contractors

The Guardian has published information from another Edward Snowden leak, this one detailing a British wiretapping program by the UK spy agency GCHQ that puts Prism to shame. The GCHQ program, called Tempora, stores all submarine cable traffic and all domestic traffic (Internet packets and recordings of phone-calls) for 30 days, using NSA tools to sort and search it; the quid-pro-quo being that the NSA gets to access this data, too. The program is reportedly staffed by 300 GCHQ spies and 250 NSA spies, and the data produced by the taps is made available to 850,000 NSA employees and contractors. This is all carried out under the rubric of RIPA, the controversial Regulation of Investigatory Powers Act, a UK electronic spying law passed by Tony Blair’s Labour government.

. June 23, 2013 at 10:21 pm

U.S. surveillance architecture includes collection of revealing Internet, phone metadata

MAINWAY, which collects the telephone metadata of people in the United States. The collected data reportedly include “phone numbers dialed and length of call but not call content, caller identity or location information”. According to the U.S. government the data may be “queried” only when there is “reasonable suspicion” that “an identifier is associated with specific foreign terrorist organizations”. The government statement does not specify whether the data are also subjected to computerized network analysis in order to help determine “identifiers” that may be associated with those organizations.

MARINA, which collects internet metadata. According to the Washington Post, “MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls. The NSA calls Internet metadata ‘digital network information.’ Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects.”

NUCLEON, which intercepts the content of telephone calls. This program reportedly works on a much smaller scale than the first two. It probably only captures the telephone calls of specific individuals who have already been identified as suspects in on-going investigations.

PRISM, which accesses internet content (e-mail, chat texts, search histories, Skype data, data stored in “the cloud”, etc.) contained in the data stored by major internet services such as Google and Facebook. These data are reportedly also accessed only with respect to specific individuals or perhaps groups of individuals or organizations.

. July 1, 2013 at 11:19 pm

Italy is the most wiretapped Western democracy, with transcripts of telephone intercepts of politicians and criminals routinely splashed on front pages. Just this weekend, the phone intercepts of a top Vatican accountant arrested in a 20 million euro ($26.2 million) corruption plot were published in major Italian newspapers.

http://www.nationalpost.com/m/wp/news/blog.html?b=news.nationalpost.com/2013/07/01/french-president-demands-u-s-cease-spying-on-the-european-union&pubdate=2013-07-01

. July 2, 2013 at 3:05 pm

Security in Tibet
Grid locked
With the help of experts from Beijing, Tibet tightens its systems of surveillance

It was launched in April 2012 in Lhasa’s Chengguan district, where Mr Zhi has been serving as deputy party chief. Officials call it the “grid system of social management”. One of its main aims is to make it easier for officials to monitor potential troublemakers by using intelligence gathered by community workers within areas known as grids (wangge in Mandarin). Chengguan, which includes most of the city proper and some of the rural area around it, has been divided into 175 of them. The grids’ small size (every Lhasa neighbourhood now has several) is intended to facilitate the gathering of detailed, real-time information.

Why bother? Lhasa is already crawling with security personnel and festooned with surveillance cameras. Even before the grid system any Tibetan who raised a protest banner would be leapt on within seconds and taken away (though few such attempts have been reported since security was increased after riots in 2008). But, mostly in the last two years, Tibetan protesters have taken to setting themselves on fire, which has made the authorities even edgier. Only two of about 120 of these acts have occurred in Lhasa but the capital’s religious importance to Tibetans makes any dissent there particularly potent.

In both cities grid staff are helped by patrols of volunteers wearing red armbands: usually retired people whose role as local snoops long predates the introduction of grids. Human Rights Watch says that in Lhasa these patrols have become more intrusive with the recent immolations, searching homes for pictures of the Dalai Lama and other signs of dissent. Along with the rollout of grids, the Tibetan authorities have been organising households into groups of five or ten. A leader is appointed who becomes a point of contact for grid officials or police wanting information about members of the group. In May Tibet’s party chief Chen Quanguo said these groups should be the “basic unit” of the system, “ensuring…no blind spots”.

. July 15, 2013 at 3:25 pm

Brick-and-mortar shops turn to cell tracking to track customers through the store. Only opt-out is turning phone off

https://twitter.com/xor/status/356845732550021120

Attention, Shoppers: Store Is Tracking Your Cell

http://www.nytimes.com/2013/07/15/business/attention-shopper-stores-are-tracking-your-cell.html?pagewanted=all&_r=0

. July 17, 2013 at 2:27 pm

Driving in the U.S.? There’s a good chance the government has a record of it — even if you’ve done nothing wrong

http://news.nationalpost.com/2013/07/17/driving-in-the-u-s-theres-a-good-chance-the-government-has-a-record-of-it-even-if-youve-done-nothing-wrong/

. July 26, 2013 at 3:32 pm

In the meantime technology can serve the powerful, too. Protesters in Turkey and Brazil say their mobile internet access was throttled, though congestion, not censorship, may be the real culprit. Instructions issued over social networks are easily monitored by police. Amateur footage provides authorities with visual records of those who attend. Witness, an American charity which trains citizen journalists, says that where official snooping is a danger, protesters should be filmed only from behind; last July YouTube, an online video site, introduced a face-blurring tool.

Most protesters are not so careful, and police are getting better at capturing this information themselves. Since 2011 cops in Brazil have tried head-mounted face-detection cameras, which authorities claim can capture up to 400 faces a second. Hoisting them on cheap drones would offer an even better view. Police forces can also recognise demonstrators without actually seeing them: some officers in America have kit capable of recording the identifying code of all the mobile phones within a given area, and officials can also beg or seize the data from mobile operators.

http://www.economist.com/news/international/21580190-technology-makes-protests-more-likely-not-yet-more-effective-digital-demo

. July 31, 2013 at 8:19 pm

New Snowden leak: NSA program taps all you do online

http://edition.cnn.com/2013/07/31/tech/web/snowden-leak-xkeyscore/

You’ve never heard of XKeyscore, but it definitely knows you. The National Security Agency’s top-secret program essentially makes available everything you’ve ever done on the Internet — browsing history, searches, content of your emails, online chats, even your metadata — all at the tap of the keyboard.

The Guardian exposed the program on Wednesday in a follow-up piece to its groundbreaking report on the NSA’s surveillance practices. Shortly after publication, Edward Snowden, a 29-year-old former Booz Allen Hamilton employee who worked for the NSA for four years, came forward as the source.

This latest revelation comes from XKeyscore training materials, which Snowden also provided to The Guardian. The NSA sums up the program best: XKeyscore is its “widest reaching” system for developing intelligence from the Internet.

. August 1, 2013 at 9:13 pm
. August 5, 2013 at 12:34 pm
. August 11, 2013 at 2:44 pm
. August 12, 2013 at 7:17 pm
. August 21, 2013 at 8:42 pm

“No laws define the limits of the N.S.A.’s power. No Congressional committee subjects the agency’s budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the N.S.A. are also gradually changing lives of Americans – the way they bank, obtain benefits from the Government and communicate with family and friends. Every day, in almost every area of culture and commerce, systems and procedures are being adopted by private companies and organizations as well as by the nation’s security leaders that make it easier for the N.S.A. to dominate American society should it ever decide such action is necessary.”

David Burnham, in 1983: THE SILENT POWER OF THE N.S.A.

. September 8, 2013 at 2:39 pm

Privacy Scandal: NSA Can Spy on Smart Phone Data

SPIEGEL has learned from internal NSA documents that the US intelligence agency has the capability of tapping user data from the iPhone, devices using Android as well as BlackBerry, a system previously believed to be highly secure.

. October 11, 2013 at 10:03 pm

“The Effects of Mass Surveillance on Journalism” http://towcenter.org/blog/the-effects-of-mass-surveillance-on-journalism/

. November 16, 2013 at 11:42 pm

Barack Obama’s portable secrecy tent (some assembly required)

Washington: When President Barack Obama travels abroad, his staff packs briefing books, gifts for foreign leaders and something more closely associated with camping than diplomacy: a tent.

Even when Obama travels to allied nations, aides quickly set up the security tent – which has opaque sides and noise-making devices inside – in a room near his hotel suite. When the president needs to read a classified document or have a sensitive conversation, he ducks into the tent to shield himself from secret video cameras and listening devices.

. December 8, 2013 at 2:35 pm

NSA tracking cellphone locations worldwide, Snowden documents show

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

. December 8, 2013 at 8:20 pm

Every step you take: Google Glass, ubiquitous cameras and the threat to privacy

. December 8, 2013 at 8:22 pm

The bigger worry is for those in front of the cameras, not behind them. School bullies already use illicit snaps from mobile phones to embarrass their victims. The web throngs with furtive photos of women, snapped in public places. Wearable cameras will make such surreptitious photography easier. And the huge, looming issue is the growing sophistication of face-recognition technologies, which are starting to enable businesses and governments to extract information about individuals by scouring the billions of images online. The combination of cameras everywhere—in bars, on streets, in offices, on people’s heads—with the algorithms run by social networks and other service providers that process stored and published images is a powerful and alarming one. We may not be far from a world in which your movements could be tracked all the time, where a stranger walking down the street can immediately identify exactly who you are.

For the moment, companies are treading carefully. Google has banned the use of face-recognition in apps on Glass and its camera is designed to film only in short bursts. Japanese digital camera-makers ensure their products emit a shutter sound every time a picture is taken. Existing laws to control stalking or harassment can be extended to deal with peeping drones.

. December 21, 2013 at 9:56 pm

Fruitless introspection

SIR – Your briefing on ubiquitous cameras claimed that “life logging” will have “much to recommend it” because the “potentially endless” re-examination of the life-logger’s experience will “reveal opportunities to be healthier, happier and more effective” (“The people’s panopticon”, November 16th). However, since everything in the life-logger’s life is recorded, that record will presumably include recordings of the examination of prior recordings, then recordings of the examinations of those recordings, and so on. A point will soon be reached where the life being logged consists of nothing but commentary on commentary.

Samuel Beckett’s one-act play, “Krapp’s Last Tape”, features an aged man sitting before a tape recorder making tapes that are commentaries on prior tape recordings which are themselves commentaries. Technology moves on, but the message still holds: the endless re-examination of futility leads only to more futility, not meaning or effectiveness.

Kirk Templeton
San Francisco

. December 25, 2013 at 1:27 pm
. December 28, 2013 at 10:38 pm

How Britain exported next-generation surveillance

Thousands of cameras, millions of photographs, terabytes of data. You’re tracked, wherever you go.

James Bridle in Matter

. January 7, 2014 at 9:06 pm

Not only is ubiquitous surveillance ineffective, it is extraordinarily costly. I don’t mean just the budgets, which will continue to skyrocket. Or the diplomatic costs, as country after country learns of our surveillance programs against their citizens. I’m also talking about the cost to our society. It breaks so much of what our society has built. It breaks our political systems, as Congress is unable to provide any meaningful oversight and citizens are kept in the dark about what government does. It breaks our legal systems, as laws are ignored or reinterpreted, and people are unable to challenge government actions in court. It breaks our commercial systems, as U.S. computer products and services are no longer trusted worldwide. It breaks our technical systems, as the very protocols of the Internet become untrusted. And it breaks our social systems; the loss of privacy, freedom, and liberty is much more damaging to our society than the occasional act of random violence.

. January 15, 2014 at 9:42 pm

The Yale Law Journal Online (YLJO) just published an article that I co-authored with Kevin Bankston (first workshopped at the Privacy Law Scholars Conference last year) entitled “Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones.” In it, we discuss the drastic reduction in the cost of tracking an individual’s location and show how technology has greatly reduced the barriers to performing surveillance. We estimate the hourly cost of location tracking techniques used in landmark Supreme Court cases Jones, Karo, and Knotts and use the opinions issued in those cases to propose an objective metric: if the cost of the surveillance using the new technique is an order of magnitude (ten times) less than the cost of the surveillance without using the new technique, then the new technique violates a reasonable expectation of privacy. For example, the graph above shows that tracking a suspect using a GPS device is 28 times cheaper than assigning officers to follow him.

. January 31, 2014 at 5:21 pm

Now we know Ottawa can snoop on any Canadian. What are we going to do?

What’s this mean for Canadians? When you go to the airport and flip open your phone to get your flight status, the government could have a record. When you check into your hotel and log on to the Internet, there’s another data point that could be collected. When you surf the Web at the local cafe hotspot, the spies could be watching. Even if you’re just going about your usual routine at your place of work, they may be following your communications trail.

Ingenious? Yes. Audacious? Yes. Unlawful? Time for the courts to decide. With regard to recent revelations, Canadian government officials have strenuously denied doing what is clearly described in this presentation. On 19 September 2013, CSEC chief John Forster was quoted by the Globe and Mail saying “CSEC does not direct its activities at Canadians and is prohibited by law from doing so.” In response to a lawsuit launched by the British Columbia Civil Liberties Association against the Government of Canada, CSEC admitted that there “may be circumstances in which incidental interception of private communications or information about Canadians will occur.” Only in Orwell-speak would what is contained in these presentations be described as “incidental” or “not directed at Canadians.” Then again, an Orwellian society is what we are in danger of becoming.

The revelations require an immediate response. They throw into sharp relief the obvious inadequacy of the existing “oversight” mechanism, which operates entirely within the security tent. They cast into doubt all government statements made about the limits of such programs. They raise the alarming prospect that Canada’s intelligence agencies may be routinely obtaining data on Canadian citizens from private companies – which includes revealing personal data – on the basis of a unilateral and highly dubious definition of “metadata” (the information sent by cellphones and mobile devices describing their location, numbers called and so on) as somehow not being “communications.” Such operations go well beyond invasions of privacy; the potential for the abuse of unchecked power contained here is practically limitless.

. February 9, 2014 at 8:10 pm

The Internet is Broken–Act Accordingly

PUNTA CANA–Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab’s Global Research and Analysis Team has been doing for the last few years, and he has first-hand knowledge of the depth and breadth of the tactics that top-tier attackers are using.

So when Raiu says he conducts his online activities under the assumption that his movements are being monitored by government hackers, it is not meant as a scare tactic. It is a simple statement of fact.

“I operate under the principle that my computer is owned by at least three governments,” Raiu said during a presentation he gave to industry analysts at the company’s analyst summit here on Thursday.

The comment drew some chuckles from the audience, but Raiu was not joking. Security experts for years have been telling users–especially enterprise users–to assume that their network or PC is compromised. The reasoning is that if you assume you’re owned then you’ll be more cautious about what you do. It’s the technical equivalent of telling a child to behave as if his mother is watching everything he does. It doesn’t always work, but it can’t hurt.

Raiu and his fellow researchers around the world are obvious targets for highly skilled attackers of all stripes. They spend their days analyzing new attack techniques and working out methods for countering them. Intelligence agencies, APT groups and cybercrime gangs all would love to know what researchers know and how they get their information. Just about every researcher has a story about being attacked or compromised at some point. It’s an occupational hazard.

Milan March 10, 2014 at 12:14 pm

Government data requests, January-June 2013, '000

And these are just the ones that now get disclosed publicly…

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

{ 2 trackbacks }

Previous post:

Next post: