Ubiquitous surveillance

We now live in a world where it is highly likely that various web companies, your government, and your internet service provider are tracking your web browsing. Where facial recognition software identifies you at borders, airports, and subway stations. Where your DNA may be sampled if you are arrested. Where new face tracking software gets used with old photo archives and video camera footage. Where data on what you buy and how you repay your debts is sold between companies. Where cameras track your automobile license plate to build up a database of your movements. Where drones may watch you from the sky. Where computers transcribe your speech and handwriting into searchable text. Where you can be identified at a distance by the cards in your wallet. Where your emails, phone calls, and text messages are scanned for keywords, archived forever, and used to build up webs of your known associates. Where governments and private organizations use data mining techniques against you. Where your cell phone can easily be turned into a bug that passes on what you say and type, as well as where you are. Where your Google searches may be used as evidence against you. Where anyone can listen to your cell phone calls. Where the metadata in the photos and videos you make identifies you. Where the DNA of your family members may be used to incriminate you. Where anyone on your wireless network can archive and access all your web traffic, as well as steal website sessions. Where no encryption software you can acquire does much good. Where insecure means of communication are marketed as secure. Where archives containing your sensitive personal data can be broken into (or bought) by those who wish to cause you trouble. And where anything ill-considered you did as a teenager may re-emerge to cause embarrassment or worse decades later.

The appropriate responses to this are not clear. You can simply accept that your life is an open book that anyone who cares to can pretty easily read from. You can opt out of some services (like Facebook) and employ some available countermeasures. You can move to the remote countryside and become a technology-shunning subsistence farmer (which is not to imply that all farmers shun technology, nor manage only to subsist). You can try to drive legislative, regulatory, and technological changes that address some of the issues above. What else can you do?

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

320 thoughts on “Ubiquitous surveillance”

  2. The Surveillance Society

    Cell phones that pinpoint your location. Cameras that track your every move. Subway cards that remember. We routinely sacrifice privacy for convenience and security. So stop worrying. And get ready for your close-up.

  5. This is a huge can of worms Milan. For me, people’s use of the internet, stems from something more human than the need for immediate communication. Email in its original form allowed for that. The rise of social media, profiles, Facebooks, etc, all are a product of people’s need to be noticed.

    I remember, when I was younger, I knew a few people who wrote in diaries. Then someone started writing on freeopendiary.com. It seems like a contradiction, “open diary.” When you ask anyone why they did it, the answer is obvious. People want to find love and acceptance, and the internet made that immediate. I know many people who have met their partners through the internet, as an example. People who would rather post videos on Facebook, over Youtube, because friends are more likely to comment on it. The same reason you end this entry with the question “What else can you do?” You know very well, there is little that can be done, but you still want to know what other people think of it.

    I think people are too quick to judge the internet, and the access to personal information it allows for. We make the choice to make our lives more online.

    With regards to the entire, I would call overly-paranoid blog entry, I think it really is a matter of opinion. Even if all these infringements occur, I feel relatively unaffected by it. Am I naive or idealistic? Sure.

    With regards to the “ubiquitous surveillance,” do you think you possibly get more attention, because you have worked for the Canadian government, and have actively blogged about it?

    I don’t know, as for the rest, what kind of company wouldn’t try to get more information from their client base if they were legally allowed?

  6. One last thing, could you perhaps have also recognized Skype as being an incredible tool, that allows for free communication worldwide.

    I would call it the greatest socio-technological (forgive if this is not a word) creation of this decade. Or Vimeo.com, that continues to be a hub for very talented people worldwide.

    There are countless legitimate organizations and sites I am missing.

    So simply put, to quote my hero Mr. Kubrick, if this whole thing is some kind of “doomsday machine”, maybe we should all learn to “stop worrying and love the bomb.”

  7. I have a few responses to that.

    First, I am certainly not saying that there aren’t great things about the internet. The internet is the main way in which I communicate.

    Second, you can definitely choose not to make a big deal about the surveillance technologies that are being rolled out. One option for dealing with our changing world is just to accept the changes.

    Third, something being used in a benign way today can be used in a malicious way tomorrow. I worry especially about governments. The 20th century shows how often governments have gone bad and abused the rights of their citizens. For any government that wants to clamp down on dissent today, these surveillance technologies are making it easier.

    Not all of these technologies are being used in all places, but they do exist. Furthermore, the records they produce will probably exist forever and it is hard to know what consequences that will have.

    Personally, I think giving up technology is too big a price to pay for privacy. That being said, I do think we should ask hard questions about the data being kept on us, whether it should be collected in the first place, and what laws and policies should govern the use of surveillance and the information acquired through surveillance practices and technologies.

  8. Also, based on their records to date, I don’t think we can trust companies to protect our privacy and security from governments that have decided to act illegally or unethically.

    When the US government asked the telecom companies to install secret rooms where warrantless interception of their network traffic would occur, the companies complied and kept it secret. That is probably a pattern many other companies follow around the world.

    Skype might be great if you want to have innocuous conversations with friends back home. It might not be a great choice for talking about political reform in a country that may lock you up for discussing such things – or for trying to organize a union somewhere where workers are forbidden to do so – or even for having a conversation you want to be certain no third parties will overhear.

    At this point, we cannot be confident that any conversation we have though a technological channel will be private. Nor can we be confident it will be ephemeral. It may be stored forever.

  10. It may also be worth noting that the least privileged members of society are most likely to have their rights violated and least able to seek effective recourse when that occurs.

    If you are a rich citizen of a state where the rule of law is respected, that’s one thing. If you are poor and living under a repressive and unaccountable government, the consequences of ubiquitous surveillance for you may be much worse.

    And we know that companies from countries like the United States and Canada are selling surveillance technology to governments like Iran, China, and Saudi Arabia.

  11. This is the one that worries me most too: “Third, something being used in a benign way today can be used in a malicious way tomorrow. I worry especially about governments. The 20th century shows how often governments have gone bad and abused the rights of their citizens. For any government that wants to clamp down on dissent today, these surveillance technologies are making it easier.”

  12. Even if you NEVER use the internet, you are still being watched in lots of ways – your credit and debit cards, security cameras, etc

    You just cannot escape it now

  13. As the Chinese government forges ahead on a multibillion-dollar effort to blanket the country with surveillance cameras, one American company stands to profit: Bain Capital, the private equity firm founded by Mitt Romney.

    In December, a Bain-run fund in which a Romney family blind trust has holdings purchased the video surveillance division of a Chinese company that claims to be the largest supplier to the government’s Safe Cities program, a highly advanced monitoring system that allows the authorities to watch over university campuses, hospitals, mosques and movie theaters from centralized command posts.

    The Bain-owned company, Uniview Technologies, produces what it calls “infrared antiriot” cameras and software that enable police officials in different jurisdictions to share images in real time through the Internet. Previous projects have included an emergency command center in Tibet that “provides a solid foundation for the maintenance of social stability and the protection of people’s peaceful life,” according to Uniview’s Web site.

    Such surveillance systems are often used to combat crime and the manufacturer has no control over whether they are used for other purposes. But human rights advocates say in China they are also used to intimidate and monitor political and religious dissidents. “There are video cameras all over our monastery, and their only purpose is to make us feel fear,” said Loksag, a Tibetan Buddhist monk in Gansu Province. He said the cameras helped the authorities identify and detain nearly 200 monks who participated in a protest at his monastery in 2008.

    https://www.nytimes.com/2012/03/16/world/asia/bain-capital-tied-to-surveillance-push-in-china.html?_r=1

  14. “Update on the trial of Byron Sonne, arrested in Toronto on explosives charges in advance of the G20 in June, 2010. This week, the Crown pulled up information off of Sonne’s harddrives, including tweets from Clay Shirky and Oxblood Ruffin, 50-year-old U.S. military manuals and photos of goats. Much time was spent discussing why Sonne used a goat as his username/avatar.”

    On Monday, Nadeau also pressed Ouelette for his personal understanding of why there were photos of goats (one labeled “drunk goat”) on Sonne’s hard drive, and why the accused had used “Goatmaster” and “Toronto Goat” as his online usernames. Peter Copeland, one of Sonne’s lawyers, objected, saying that Ouelette wasn’t an expert on acronyms. Spies decided to hear the argument as “voir dire,” meaning she will decide later if it’s admissible as evidence. So, Ouelette opined that “Goat,” stood for “Greatest of All Time,” based on his knowledge of hockey, nicknames, and Wayne Gretzky.

  15. “Recently Wired, USA Today and other news outlets reported on a new spy center being built to store intercepted communications (even American citizens’). Tuesday, Gen. Keith Alexander testified in front of Congress refuting the articles. Alexander even went so far as to claim the NSA lacks the authority to monitor American citizens. It’s an authority that was given to the NSA through the FISA Amendments Act signed into law by Bush and still supported today by Obama.”

  16. Before yottabytes of data from the deep web and elsewhere can begin piling up inside the servers of the NSA’s new center, they must be collected. To better accomplish that, the agency has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities. Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency. The broad outlines of the so-called warrantless-wiretapping program have long been exposed—how the NSA secretly and illegally bypassed the Foreign Intelligence Surveillance Court, which was supposed to oversee and authorize highly targeted domestic eavesdropping; how the program allowed wholesale monitoring of millions of American phone calls and email. In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn’t revealed until now, however, was the enormity of this ongoing domestic spying program.

    For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail. William Binney was a senior NSA crypto-mathematician largely responsible for automating the agency’s worldwide eavesdropping network. A tall man with strands of black hair across the front of his scalp and dark, determined eyes behind thick-rimmed glasses, the 68-year-old spent nearly four decades breaking codes and finding new ways to channel billions of private phone calls and email messages from around the world into the NSA’s bulging databases. As chief and one of the two cofounders of the agency’s Signals Intelligence Automation Research Center, Binney and his team designed much of the infrastructure that’s still likely used to intercept international and foreign communications.

    Binney left the NSA in late 2001, shortly after the agency launched its warrantless-wiretapping program. “They violated the Constitution setting it up,” he says bluntly. “But they didn’t care. They were going to do it anyway, and they were going to crucify anyone who stood in the way. When they started violating the Constitution, I couldn’t stay.” Binney says Stellar Wind was far larger than has been publicly disclosed and included not just eavesdropping on domestic phone calls but the inspection of domestic email. At the outset the program recorded 320 million calls a day, he says, which represented about 73 to 80 percent of the total volume of the agency’s worldwide intercepts. The haul only grew from there. According to Binney—who has maintained close contact with agency employees until a few years ago—the taps in the secret rooms dotting the country are actually powered by highly sophisticated software programs that conduct “deep packet inspection,” examining Internet traffic as it passes through the 10-gigabit-per-second cables at the speed of light.

    The software, created by a company called Narus that’s now part of Boeing, is controlled remotely from NSA headquarters at Fort Meade in Maryland and searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA.

    http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

  17. Can the NSA Break AES?

    My guess is that they can’t. That is, they don’t have a cryptanalytic attack against the AES algorithm that allows them to recover a key from known or chosen ciphertext with a reasonable time and memory complexity. I believe that what the “top official” was referring to is attacks that focus on the implementation and bypass the encryption algorithm: side-channel attacks, attacks against the key generation systems (either exploiting bad random number generators or sloppy password creation habits), attacks that target the endpoints of the communication system and not the wire, attacks that exploit key leakage, attacks against buggy implementations of the algorithm, and so on. These attacks are likely to be much more effective against computer encryption.

  18. Deep End’s Paul Venezia discusses the ‘sci-fi fantasy’ that is privacy in the digital era. ‘The assault on personal privacy has ramped up significantly in the past few years. From warrantless GPS tracking to ISP packet inspection, it seems that everyone wants to get in on the booming business of clandestine snooping — even blatant prying, if you consider reports of employers demanding Facebook passwords prior to making hiring decisions,’ Venezia writes. ‘What happened? Did the rules change? What is it about digital information that’s convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress.

  19. British Government To Grant Warrantless Trawl of Communications Data

    “Having opposed the previous government’s attempts to introduce mass surveillance of Internet communications, the Conservatives are planning to introduce the very same policy they previously described as a ‘culture of surveillance which goes far beyond counter terrorism and serious crime.’ The plan is essentially to allow stored communication data to be trawled without the inconvenience of needing a warrant or even any reasonable suspicion.”

  21. The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”

    In addition to giving the NSA access to a tremendous amount of Americans’ personal data, such an advance would also open a window on a trove of foreign secrets. While today most sensitive communications use the strongest encryption, much of the older data stored by the NSA, including a great deal of what will be transferred to Bluffdale once the center is complete, is encrypted with more vulnerable ciphers. “Remember,” says the former intelligence official, “a lot of foreign government stuff we’ve never been able to break is 128 or less. Break all that and you’ll find out a lot more of what you didn’t know—stuff we’ve already stored—so there’s an enormous amount of information still in there.”

    That, he notes, is where the value of Bluffdale, and its mountains of long-stored data, will come in. What can’t be broken today may be broken tomorrow. “Then you can see what they were saying in the past,” he says. “By extrapolating the way they did business, it gives us an indication of how they may do things now.” The danger, the former official says, is that it’s not only foreign government information that is locked in weaker algorithms, it’s also a great deal of personal domestic communications, such as Americans’ email intercepted by the NSA in the past decade.

  22. Britons Protest Government Eavesdropping Plans

    LONDON — British lawmakers and rights activists joined a chorus of protest Monday against plans by the government to give the intelligence and security services the ability to monitor the phone calls, e-mails, text messages and Internet use of every person in the country.

    In a land where tens of thousands of surveillance cameras attest to claims by privacy advocates that Britain is the Western world’s most closely monitored society, the proposal has touched raw nerves, compounding arguments that its citizens live under what critics call an increasingly intrusive “nanny state.”

    The debate in recent years has pitted those who justify greater scrutiny by reference to threats of terrorism and organized crime against those who cleave to more traditional notions of individual privacy.

    But the current proposal would go a step further, raising the question of how security agencies can themselves keep track of a proliferation of newer technologies such as Skype, instant messaging and social networking sites that permit instant communication outside more traditional channels.

  23. Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target. Sprint’s wireless carrier Sprint Nextel requires police pay $400 per “market area” and per “technology” as well as a $10 per day fee, capped at $2,000. AT&T charges a $325 activation fee, plus $5 per day for data and $10 for audio. Verizon charges a $50 administrative fee plus $700 per month, per target.

  25. Here’s What Facebook Sends the Cops In Response To a Subpoena

    “Facebook already shares its Law Enforcement Guidelines publicly, but we’ve never actually seen the data Menlo Park sends over to the cops when it gets a formal subpoena for your profile information. Now we know. This appears to be the first time we get to see what a Facebook account report looks like. The document was released by the The Boston Phoenix as part of a lengthy feature titled ‘Hunting the Craigslist Killer,’ which describes how an online investigation helped officials track down Philip Markoff. The man committed suicide, which meant the police didn’t care if the Facebook document was published elsewhere, after robbing two women and murdering a third.”

  26. The SXSW panel “Sex, Dating, and Privacy Online” described the myriad ways in which every step you take, every move you make, is online and searchable. Panel member Violet Blue, a sex educator and tech columnist, pointed to the loose security and privacy practices of dating websites recently exposed by the Electronic Frontier Foundation.

    You are naked on the Internet (MSNBC)

  27. Six Heartbreaking Truths about Online Dating Privacy

    1. Your dating profile—including your photos—can hang around long after you’ve moved on.

    2. Gaping security holes riddle popular mobile dating sites-still.

    3. Your profile is indexed by Google.

    4. Your pictures can identify you.

    5. Your data is helping online marketers sell you stuff.

    6. HTTPS support is a wreck on many of the popular online dating sites

  28. Innocent Or Not, the NSA Is Watching You

    “Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails — parking receipts, travel itineraries, bookstore purchases, and other digital ‘pocket litter.’ It is, in some measure, the realization of the ‘total information awareness’ program created during the first term of the Bush administration — an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.”

  29. Regulators want to put brakes on data collection, tracking

    https://www.theglobeandmail.com/news/technology/tech-news/regulators-want-to-put-brakes-on-data-collection-tracking/article2390466/

    When you ‘like’ something on Facebook or read an online newspaper, perhaps a dozen or more companies are squirrelling away data on your tastes, your habits, whether you’re male or female, old or young, gay or straight.

    They mean no harm. They just want to give you, the customer, exactly what you want – it’s the grandfather of all business slogans. Their dilemma, now regulators’ noses are twitching, is how to serve you, and serve themselves, when what you want is to be left alone.

    There are thousands of analytics companies, audience targeters, ad brokers, ad exchanges and the like that can collect and sell data-based services on internet users for 5,000 euros a time to big brands, which then buy ad space where their potential customers might be lurking.

    You only know these trackers are at work if you read the fine print. The New York Times has a disclaimer saying it hires WebTrends and Audience Science to interpret its readers’ interests, and Britain’s Guardian newspaper says it pays Criteo and Quantcast, among others, to do the same.

  33. “A bill already passed by the Senate and set to be rubber stamped by the House would make it mandatory for all new cars in the United States to be fitted with black box data recorders from 2015 onwards. Section 31406 of Senate Bill 1813 (known as MAP-21), calls for ‘Mandatory Event Data Recorders’ to be installed in all new automobiles and legislates for civil penalties to be imposed against individuals for failing to do so. ‘Not later than 180 days after the date of enactment of this Act, the Secretary shall revise part 563 of title 49, Code of Federal Regulations, to require, beginning with model year 2015, that new passenger motor vehicles sold in the United States be equipped with an event data recorder that meets the requirements under that part,’ states the bill.”

  34. Swedish Researchers Expose China’s Tor-Blocking Tricks

    “A pair of researchers at Karlstad University have been able to establish how the Great Firewall of China sets about blocking unpublished Tor bridges. The GFC inspects web traffic looking for potential bridges and then attempts ‘to speak Tor’ to the hosts. If they reply, they’re deemed to be Tor bridges and blocked. While this looks like another example of the cat and mouse game between those wishing to surf the net anonymously and a government intent on curtailing online freedoms, the researchers suggest ways that the latest blocking techniques may be defeated.”

  35. AnonPaste is based on the open source ZeroBin software. It is a minimalist, opensource online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. More information on the project page.

  36. Whistleblower: NSA Has All of Your Email

    National Security Agency whistleblower William Binney reveals he believes domestic surveillance has become more expansive under President Obama than President George W. Bush. He estimates the NSA has assembled 20 trillion ‘transactions’ — phone calls, emails and other forms of data — from Americans. This likely includes copies of almost all of the emails sent and received from most people living in the United States. Binney talks about Section 215 of the USA PATRIOT Act and challenges NSA Director Keith Alexander’s assertion that the NSA is not intercepting information about U.S. citizens.

  37. US carriers fight law that would force them to see a warrant before giving your data to cops

    The California Location Privacy Bill (SB 1434) proposes to require cellular phone companies to stop their practice of giving your location data to the police without a warrant. Phone companies would still be allowed to give your information to the police if they got a warrant, first.

    Naturally, the CTIA — the mobile carriers’ industry association — opposes it. They say that it will be “unduly burdensome” to have to say no when the police show up without a warrant, and to keep track of how often they give your information to the cops, and why.

  38. Syrian Government Uses Skype To Push Malware To Activists

    “The Syrian government is using Skype as a channel to infect activists’ systems with malware, installing Trojans and backdoors, according to security firm F-Secure. The evidence comes from a hard drive sent for analysis. ‘The activist’s system had become infected as a result of a Skype chat. The chat request came from a fellow activist. The problem was that the fellow activist had already been arrested and could not have started the chat. Initial infection occurred when the activist accepted a file called MACAddressChanger.exe over the chat. This utility was supposed to change the hardware MAC address of the system in order to bypass some monitoring tools. Instead, it dropped a file called silvia.exe which was a backdoor — a backdoor called “Xtreme RAT.” Xtreme Rat is a full-blown malicious Remote Access Tool.'”

  42. Snooping on new media
    Spies, lies and the internet
    Plans to extend surveillance and secrecy are causing alarm within the coalition and outside it

    The government insists it will not seek access to the content of communications, but says it can gain valuable intelligence by simply monitoring who is talking to whom, and where and when. Getting such traffic figures does not require a judicial warrant now, so the new plans are about modernising surveillance techniques, not expanding their scope.

  43. Put simply, a computer or personal electronic device can no longer be viewed as a “thing,” Mr. Justice Thomas Heeney ruled, in rejecting the Crown’s bid to have the contents of Mr. Rafferty’s laptop admitted as evidence.

    Rather, he said, recent case law holds that because a computer can contain huge amounts of personal information – e-mails, bank records, memos, documents, photos – it should be regarded as a “place,” akin to a house.

    In this instance, the warrants targeted two homes and two cars and all were in order as far as they went, the judge found. Nor was anything amiss about how the searches were conducted – up to the point where various computers were seized.

    At that stage, a secondary warrant was needed and, if requested, would likely have been granted, Judge Heeney wrote.

    Yet none was obtained, despite the omission being flagged both by the Justice of the Peace who issued the warrants and later by an Ontario Provincial Police forensic detective.

    https://www.theglobeandmail.com/news/national/what-the-jury-didnt-know-child-porn-torture-video-found-on-raffertys-laptop/article2429175/

  44. Will the Government Be Reading This? Call Your Senator to Stop Dangerous Cybersecurity Proposals

    CISPA was rammed through the House of Representatives without regard for civil liberties, but the campaign to stop shortsighted cybersecurity legislation is not over yet. We’ve got another chance to stop these bills in the Senate and prevent the government from sacrificing online civil liberties in the name of “cybersecurity.” EFF, Demand Progress, Fight for the Future, and Free Press are joining forces to oppose these bad laws. Can you help us out? Use our online tool to call your Senators and tell them to oppose dangerously vague cybersecurity legislation and support privacy protective amendments. Call now.

  46. New array at Leitrim?

    DigitalGlobe imagery of Leitrim taken last February (see low-resolution sample at right) shows that a 600-metre-diameter circle has been cleared at the northern end of the station, presumably to host a new antenna array.

    The new cleared space overlaps but is not quite concentric with a large circular area that was cleared and graded around 1967. The original space was suitable for a large circularly disposed antenna array (CDAA) such as an FRD-10, but no array was ever built on the site. It is probably not a coincidence that two FRD-10 arrays were built at other stations in Canada (Gander and Masset) at around the same time, under a program called Project Beagle. It is possible that the original Project Beagle called for the construction of three FRD-10 arrays, but that the Leitrim array was cancelled at some point early in the process, most likely for budgetary reasons.

  47. Have you ever wondered what happens when you type your query into the Google search box and what data we store about that search?

    Let’s take a simple search like “cars.” When someone types the word “cars” into the Google search engine, the request gets sent from that user’s computer over the internet to our computers, which look for the right search results. Once our computers have found the results, they send these back to the user’s computer, all in a fraction of a second.

    We then store some data about this exchange: the search query (“cars”), the time and date it was typed, the IP address and cookie of the computer it was entered from, and its browser type and operating system. We refer to these records as our search logs, and most websites store records of visits to their site in a similar way.

    https://www.google.com/intl/en/goodtoknow/data-on-google/search-logs/

  48. Ghostery sees the invisible web – tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.

  49. The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.

  50. “A new report from Evidon, whose browser plug in Ghostery tracks Web trackers, makes it plain that ‘if you want to worry about somebody tracking you across the Web, worry about Google,’ writes blogger Dan Tynan. Google and Facebook, and their various services, occupy all of the top 5 slots on the Evidon Global Tracker Report’s list of the most prolific trackers. ‘And if you have any tracking anxiety left over, apply it to social networks like Facebook, G+, and Twitter,’ adds Tynan.”

    http://yro.slashdot.org/story/12/06/11/2041238/google-and-facebook-top-biggest-web-tracker-list

  52. Canadian Government Installs Microphones and Cameras at Airports To Record Conversations of Air Travellers

    OTTAWA – Airports and border crossings across Canada are being wired with high-definition cameras and microphones that can eavesdrop on travellers’ conversations, according to the Canada Border Services Agency.

    A CBSA statement said that audio-video monitoring and recording is already in place at unidentified CBSA sites at airports and border points of entry as part of an effort to enhance “border integrity, infrastructure and asset security and health and safety.”

    As part of the work, the agency is introducing audio-monitoring equipment as well.

    “It is important to note that even though audio technology is installed, no audio is recorded at this time. It will become functional at a later date,” CBSA spokesman Chris Kealey said in a written statement.

    But whenever that occurs, the technology, “will record conversations,” the agency said in a separate statement in response to questions from the Ottawa Citizen.

    At Ottawa’s airport, signs will be posted referring passersby to a “privacy notice” that will be posted on the CBSA website once the equipment is activated, and to a separate help line explaining how the recordings will be used, stored, disclosed and retained.

  54. http://boingboing.net/2012/06/13/uk-government-offers-unlimited.html

    Tories divided over UK spying bill, Home Secretary dismisses critics as “conspiracy theorists” who want to protect freedom for “criminals, terrorists and paedophiles”

    http://boingboing.net/2012/06/14/tories-divided-over-uk-spying.html

    UK-wide workshops on how to talk to your MP about Internet spying and censorship

    http://boingboing.net/2012/06/14/uk-wide-workshops-on-how-to-ta.html

    UK economic crisis ends, Tories celebrate by committing £1.8B to spying

    http://boingboing.net/2012/06/14/uk-economic-crisis-ends-torie.html

    So Google Plus was formed more into a unifier of all of Google’s products and services, further evidenced by the controversial unified privacy policy released earlier this year. Everything done on non-Search services add to the “filter bubble” where search results are filtered based on what a user likes on YouTube, Plus, GMail contents etc.

    For Google and advertisers, a user’s “fingerprint” of browsing habits and their profile of what interests them is further built and enhanced by unifying all of the data gathered across all of the separate services umbrella’d under the new privacy policy and linked via the Google Plus login.

    But eventually, as indicated by the Google Plus links everywhere, Google Plus will be everything. Every YouTube account is really the video section of Google Plus. Search is just querying the Internet via Google Plus. GMail accounts are Google Plus recipients, and so on.

    This is the goal of Google Plus. It tried to magically overcome Facebook, and that obviously did not work, so instead Google Plus has a new strategy: if it can’t hit the target, encompass it. Wrap everything else around Facebook and the users will cope.

    http://silicon-news.com/news/2012/06/17/steve-jobs-google-plus/

    “The BBC reports that the UK’s Draft Communications Bill includes a provision which could be used to force the Royal Mail and other mail carriers to retain data on all physical mail passing through their networks. The law could be used to force carriers to maintain a database of any data written on the outside of an envelope or package which could be accessed by government bodies at will. Such data could include sender, recipient and type of mail (and, consequentially, the entire contents of a postcard). It would provide a physical analog of the recently proposed internet surveillance laws. The Home Office claims that it has no current plans to enforce the law.”

    http://yro.slashdot.org/story/12/06/17/1917212/proposed-uk-communications-law-could-be-used-to-spy-on-physical-mail

    This isn’t the first time that an Executive has seized the general authority to search through the private communications and papers without individualized suspicion. To the contrary, the United States was founded in large part on the rejection of “general warrants” – papers that gave the Executive (then the King) unchecked power to search colonial Americans without cause. The Fourth Amendment was adopted in part to stop these “hated writs” and to make sure that searches of the papers of Americans required a probable cause showing to a court. Indeed, John Adams noted that “the child Independence was born,” when Boston merchants unsuccessfully sued to stop these unchecked powers, then being used by British customs inspectors seeking to stamp out smuggling.

    The current warrantless surveillance programs on both sides of the Atlantic return us to the policies of King George III only with a digital boost. In both, our daily digital “papers” — including intimate information such as who we are communicating with, what websites we visit (which of course includes what we’re reading) and our locations as we travel around with our cell phones — are collected and subjected to some sort of datamining. Then we’re apparently supposed to trust that no one in government will ever misuse this information, that the massive amounts of information about us won’t be subject to leak or attack, and that whatever subsequent measures are put into place to government access to it by various government agencies will be sufficient to protect our privacy and ensure due process, fairness and security.

    https://www.eff.org/deeplinks/2012/06/uk-mass-surveillance-bill-return-bad-idea

  55. Amesys, with its Eagle system, was just one of Libya’s partners in repression. A South African firm called VASTech had set up a sophisticated monitoring center in Tripoli that snooped on all inbound and outbound international phone calls, gathering and storing 30 million to 40 million minutes of mobile and landline conversations each month. ZTE Corporation, a Chinese firm whose gear powered much of Libya’s cell phone infrastructure, is believed to have set up a parallel Internet monitoring system for External Security: Photos from the basement of a makeshift surveillance site, obtained from Human Rights Watch, show components of its ZXMT system, comparable to Eagle. American firms likely bear some blame, as well. On February 15, just prior to the revolution, regime officials reportedly met in Barcelona with officials from Narus, a Boeing subsidiary, to discuss Internet-filtering software. And the Human Rights Watch photos also clearly show a manual for a satellite phone monitoring system sold by a subsidiary of L-3 Communications, a defense conglomerate based in New York.

    https://www.schneier.com/blog/archives/2012/06/interesting_art.html

    Jamming Tripoli: Inside Moammar Gadhafi’s Secret Surveillance Network

    He once was known as al-Jamil—the Handsome One—for his chiseled features and dark curls. But four decades as dictator had considerably dimmed the looks of Moammar Gadhafi. At 68, he now wore a face lined with deep folds, and his lips hung slack, crested with a sparse mustache. When he stepped from the shadows of his presidential palace to greet Ghaida al-Tawati, whom he had summoned that evening by sending one of his hulking female bodyguards to fetch her, it was the first time she had seen him without his trademark sunglasses; his eyes were hooded and rheumy. The dictator was dressed in a white Puma tracksuit and slippers. How tired and thin he looked in person, Tawati thought.

    It was February 10, 2011, and Libya was in an uproar. Two months earlier, in neighboring Tunisia, a street vendor named Mohammed Bouazizi had set himself on fire after a policewoman beat him and confiscated his wares. It was the beginning of the Arab Spring, a series of uprisings, revolutions, and civil wars that would radically alter the politics of the Middle East. In Libya, opponents of the Gadhafi regime had called for a day of protest on February 17, to mark the anniversary of a 2006 protest in the city of Benghazi, where security forces had killed 11 demonstrators and wounded dozens more.

    Tawati was one of the most outspoken dissidents blogging openly from inside Libya. Thirty-four years old, with a gravelly childlike voice and singsong laugh that belied her deep stubbornness, she had come to political consciousness during the mid-2000s, at a time when Gadhafi, seeking reconciliation with the West, had ceased using his most heavy-handed tactics of repression—such as outright massacres—and allowed a modicum of public dissent. During her university days, when the Internet had begun to ease the country’s isolation, Tawati took naturally to the roles of gadfly and outsider. Her parents had divorced when she was young; in Libya’s deeply conservative culture, growing up with a single mother made her a social outcast. The injustice she experienced as a child led her to critique the injustice of the dictatorial regime, particularly on women’s issues—for example, she blogged about a sexual abuse scandal at a home for unwed mothers institutionalized by the Gadhafi government. Over time she won a modest following online. As the planned protests of February 17 approached, Tawati, always prone to impassioned rhetoric, blogged that if Libyans failed to turn out for the demonstrations she would burn herself just as Bouazizi had done. Somehow Gadhafi himself had heard news of this threat and decided he needed to meet her.

    Despite the dictator’s haggard appearance, his manner remained confident and effusive. When he wanted to be, Gadhafi was a legendary charmer, a man deeply at ease with ordinary Libyans. He shook Tawati’s hand and patted her shoulder paternally, directing her to sit next to him on the sofa. He asked her about her health, her family, where she was from. He asked her who had taught her to write. She told him about her demands for greater openness and accountability in Libya, taking care not to criticize him directly. He seemed sympathetic, nodding at various points. Finally she worked up the courage to ask him why the government had blocked YouTube several months earlier.

    Gadhafi acted oblivious. “Is it switched off?” he asked.

    “Despite television being a rather tough nut to crack, Intel is apparently hoping that its upcoming set-top box and subscription service will be its golden ticket to delivering more Intel processors to the living room. The service would be a sort of specialized virtual cable subscription that would combine a bundle of channels with on demand content. So what’s Intel’s killer feature that distinguishes it from the vast and powerful competition? Granular ratings that result in targeted ads. Intel is promising technology in a set-top box that can distinguish who is watching, potentially allowing Intel to target advertising. The technology could potentially identify if the viewer is an adult or a child, male or female, and so on, through interactive features and face recognition technology.”

    http://entertainment.slashdot.org/story/12/06/09/0012247/intel-to-launch-tv-service-with-facial-recognition-by-end-of-the-year

    http://fullcomment.nationalpost.com/2012/06/13/jesse-kline-britains-government-chooses-security-over-liberty-with-internet-spying-plan/

  56. Have Your Fingerprints Read From 6 Meters Away

    “A new startup has technology to read fingerprints from up to 6 meters away. IDair currently sells to the military, but they are beta testing it with a chain of 24-hour fitness centers that want to restrict sharing of access cards. IDair also wants to sell this to retail stores and credit card companies as a replacement for physical cards. Lee Tien from the EFF notes that the security of such fingerprint databases is a privacy concern.”

  58. Chinese Censors Are Being Watched

    “The Economist is reporting on two research teams, one at Harvard and another at the University of Hong Kong, who have developed software to detect what posts to Chinese social media get censored. ‘The team has built up a database comprising more than 11m posts that were made on 1,382 Chinese internet forums. Perhaps their most surprising result is that posts critical of the government are not rigorously censored. On the other hand, posts that have the purpose of getting people to assemble, potentially in protest, are swept from the internet within a matter of hours.’ Chinese censors may soon have to deal with an unprecedented transparency of their actions.”

  59. Executive Order Grants US Gov’t New Powers Over Communication Systems

    President Obama has issued a new executive order: ‘Assignment of National Security and Emergency Preparedness Communications Functions.’ EPIC reports: ‘The Executive Order grants new powers to the Department of Homeland Security, including the ability to collect certain public communications information. Under the Executive Order the White House has also granted the Department the authority to seize private facilities when necessary, effectively shutting down or limiting civilian communications.’

  60. Law Enforcement Demanded Cell Phone User Info Well Over 1.3 Million Times Last Year

    Federal, state, and local law enforcement agencies have made over 1.3 million demands for user cell phone data in the last year, “seeking text messages, caller locations and other information.” The New York Times called the new findings proof of “an explosion in cellphone surveillance” in the United States — much of it done without a warrant. It’s time for cell phone companies to start producing regular transparency reports about the data they hand to the government. And Congress should see this as a call-to-action to pass robust privacy legislation mandating warrants for cell phone subscriber, cell tower, and GPS data.

  62. RT had a very interesting interview with former NSA official turned whistleblower Thomas A. Drake, who said, ‘Security has effectively become the State religion; you don’t question it. And if you question it, then your loyalty is questioned.’ ‘Speaking truth of power is very dangerous in today’s world,’ he added. The interviewer pointed out that investigative journalists are labeled as ‘terrorist helpers’ for trying to reveal the truth, to which Drake said the government’s take is ‘you go after the messenger because the last thing you want to do is deal with the message.

  65. The Sixth Circuit Court of Appeals has held that it is okay for police to track your cellphone signal without a warrant. Using information about the cell tower that a prepaid cell phone was connected to, the police were able to track a suspected drug smuggler. Apparently, keeping your cellphone on is authorization for the police to know where you are. According to the ruling (PDF), ‘[The defendant] did not have a reasonable expectation of privacy in the data emanating from his cell phone that showed its location.’ Also, ‘if a tool used to transport contraband gives off a signal that can be tracked for location, certainly the police can track the signal.'”

  66. Pingback: Making the best of overlapping WiFi

  68. Few of Afghanistan’s 30m people have a birth certificate, a second name or can read. Yet America’s army and the Afghan government have collected digital records of more than 2.5m of them. Anyone arrested or imprisoned, or who seeks to join the army or police, is scanned. So are those, such as labourers, who attempt to get into a coalition military base. Each is checked against watchlists of suspects. Last year biometric machines were also put at all border crossings. In hotly contested areas any “fighting-age males”, meaning those between 15 and 70, may be scanned compulsorily.

  69. WHEN investigators try to discover what caused an airliner to crash, the first thing they hope to find are the flight data recorders, popularly known as “black boxes”. These devices, usually painted bright orange, record how the aircraft was flying and the last 30 minutes or so of conversation in the cockpit. The information extracted from them has helped to determine the cause of air crashes and to improve aviation safety. Similar recording systems are fitted to some trains, ships and lorries. Now a bill in America’s Congress seeks to make it compulsory for data recorders to be fitted to all cars by 2015.

    The idea is that data captured by the recorders would give investigators and road-safety officials a better understanding of how certain crashes come about. It would also help police and insurance companies to apportion blame. What many drivers may not realise, however, is that most cars already record data if they are involved in an accident, and that this information can be read by anyone with the right kit.

    The technology that America’s lawmakers want to be made compulsory was originally intended for another purpose. With the widespread adoption of airbags, which began in the late 1980s, General Motors (GM), an airbag pioneer, wanted better analysis of how airbags were deployed, to improve their reliability and effectiveness. To obtain the data it required, GM began fitting a small memory unit to the electronic module that triggers the airbags. Ford, Chrysler and other carmakers followed suit. Around 80% of the cars sold in America now have these devices, called event data recorders (EDRs).

  70. Online shoppers let slip plenty of information about themselves that could be of use to crafty salesmen. Cookies reveal where else they have been browsing, allowing some guesses about their income bracket, age and sex. Their internet address can often be matched to their physical address: the richer the neighbourhood, the deeper the pockets, it may be assumed. Apple computer-owners are on average better-off than Windows PC users, and firms may offer them pricier options, as Orbitz, a travel website, is doing. Your mouse may also be squeaking on you: click too quickly from home-page to product page to checkout, and the seller can conclude that you have already decided to buy—so why offer you a discount?

  71. A BIG BANK hires a star analyst from another firm, promising to pay a substantial bonus if the new hire increases revenue or cuts costs. In banking this happens all the time, but this deal differs from the rest in one small detail: the new hire, Watson, is an IBM computer.

    Watson became something of a celebrity after beating the champion human contestants on “Jeopardy”, an American quiz show. Its skill is to be able to process millions of documents quickly by reading and “understanding” ordinary written language. Computers have no trouble with searching data neatly sorted in databases. Watson’s claim to fame is that it can do the same with “unstructured data” such as those found in e-mails, news reports, books and websites. IBM hopes that Watson may, in time, do some of the work that human analysts do now, such as reading the financial pages of newspapers, looking at thousands of company results and forecasts and producing a list of companies that might be takeover targets soon.

    Citigroup has hired Watson to help it decide what new products and services (such as loans or credit cards) to offer its customers. The bank doesn’t say so, but Watson’s first job may well be to try to cut down on fraud and look for signs of customers becoming less creditworthy. If so, Watson will be following other computers designed to deal with “big data”. Across a slew of new firms in Silicon Valley and in big banks across the world, a range of new ideas is being tried to crunch data. Some have the potential to change banking from the bottom up.

    The firm that has perhaps gone furthest in finding useful connections in disparate databases is Palantir Technologies, which takes its name from the magical all-seeing crystal balls of J.R.R. Tolkien’s mythology. It was founded by a group of PayPal alumni and backed by Peter Thiel, one of PayPal’s co-founders. Its speciality is building systems that pull together information from different places and try to find connections. Some of its earliest adopters have been spy agencies. In America the CIA and the FBI use it to connect individually innocuous activities such as taking flying lessons and receiving money from abroad to spot potential terrorists. Its other main market is in banking, where big firms such as JPMorgan and Citi use it for a range of activities from structuring equity derivatives to reducing loan losses.

  72. Some bars and clubs are using a novel technology to help partygoers decide where to party. SceneTap, an American start-up, uses cameras to scan the faces of those who enter and leave participating establishments. Its software then guesses each person’s age and sex. Aggregated data are streamed to a website and mobile app. This allows punters to see which bars are busy, the average age of revellers and the all-important male-to-female ratio.

    Bar owners gain publicity and intelligence about their customers. Did a promotion aimed at women attract many? Since drinks are often paid for in cash and by men, it used to be hard to tell.

    SceneTap’s cameras are watching more than 100 American watering holes. But they are controversial. The app could make life irksome for large groups of women, by summoning hordes of predatory males. So SceneTap has fixed its software to mask extreme sex imbalances. That will please bar owners, who would prefer not to admit when they are packed with men. But it will disappoint precisely the people most likely to use the app.

  74. Big Brother on a budget: How Internet surveillance got so cheap

    Deep packet inspection, petabyte-scale analytics create a “CCTV for networks.”

    When Libyan rebels finally wrested control of the country last year away from its mercurial dictator, they discovered the Qaddafi regime had received an unusual gift from its allies: foreign firms had supplied technology that allowed security forces to track nearly all of the online activities of the country’s 100,000 Internet users. That technology, supplied by a subsidiary of the French IT firm Bull, used a technique called deep packet inspection (DPI) to capture e-mails, chat messages, and Web visits of Libyan citizens.

    The fact that the Qaddafi regime was using deep packet inspection technology wasn’t surprising. Many governments have invested heavily in packet inspection and related technologies, which allow them to build a picture of what passes through their networks and what comes in from beyond their borders. The tools secure networks from attack—and help keep tabs on citizens.

    Narus, a subsidiary of Boeing, supplies “cyber analytics” to a customer base largely made up of government agencies and network carriers. Neil Harrington, the company’s director of product management for cyber analytics, said that his company’s “enterprise” customers—agencies of the US government and large telecommunications companies—are ”more interested in what’s going on inside their networks” for security reasons. But some of Narus’ other customers, like Middle Eastern governments that own their nations’ connections to the global Internet or control the companies that provide them, “are more interested in what people are doing on Facebook and Twitter.”

  75. NetFalcon is targeted at very specific audiences: law enforcement agencies, telecom carriers and large ISPS, and very large companies in heavily regulated or secretive industries willing to pay for what amounts to an intelligence community grade solution. But for other organizations that already have application firewalls, intrusion detection systems or other DPI systems installed, there may not be a budget or need for Bivio’s type of technology. Take, for example, the University of Scranton, which uses Splunk to drive its information security operations.

    Unlike NetFalcon, Splunk “is a huge database, but it doesn’t come with preconfigured alerts,” said Anthony Maszeroski, Information Security Manager at the University of Scranton (located in Scranton, Pennsylvania). The university has about 5,200 students—about half of whom live on campus—and has turned Splunk into the hub of its network security operations, using it to automate a large percentage of its responses to emerging threats.

    Maszeroski said the IT department at Scranton pulls in data from a variety of systems. The campus’ wireless and wired routers send logs for Dynamic Host Configuration Protocol and Network Address Translation events to Splunk, which includes the physical MAC address of the devices connecting with a timestamp. This allows administrators to search the database by device address and follow where they’ve connected from on campus. The database also pulls in information on outbound DNS queries and other types of application traffic, enterprise system logs, and events from the University’s intrusion prevention system. The Splunk database of the University of Scranton Information Security Office is “close to a terabyte” in size, Maszeroski said, and “our standard op procedure is to throw everything away after 90 days. We’re also limited by budget and storage capacity.”

  76. Anonymous reminds Apple that UDIDs are creepy

    Web-based hacker collective Anonymous published 1 million Apple UDIDs on the web early this morning from a trove of 12 million that it allegedly stole from an FBI agent’s laptop in March. Buried within the rambling, bizarre missive from the group about why it published these unique device identifiers — besides attempting to embarrass the FBI for tracking that many iOS devices, and creating general mayhem — was a pointed comment about Apple’s decision to use and publish UDIDs in the first place with iOS devices.

  77. Most Torrent Downloaders Are Monitored, Study Finds

    A new study from Birmingham University in the U.K. found that people will likely be monitored within hours of downloading popular torrents by at least one of ten or more major monitoring firms. The team, led by security researcher Tom Chothia, ran software that acted like a BitTorrent client for three years and recorded all of the connections made to it.

  78. Appelbaum: Cell phones are tracking devices that make phone calls. It’s sad, but it’s true. Which means software solutions don’t always matter. You can have a secure set of tools on your phone, but it doesn’t change the fact that your phone tracks everywhere you go. And the police can potentially push updates onto your phone that backdoor it and allow it to be turned into a microphone remotely, and do other stuff like that. The police can identify everybody at a protest by bringing in a device called an IMSI catcher. It’s a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybody’s cell phones will automatically jump onto the tower, and if the phone’s unique identifier is exposed, all the police have to do is go to the phone company and ask for their information.

    Resnick: So phones are tracking devices. They can also be used for surreptitious recording. Would taking the battery out disable this capability?

    Appelbaum: Maybe. But iPhones, for instance, don’t have a removable battery; they power off via the power button. So if I wrote a backdoor for the iPhone, it would play an animation that looked just like a black screen. And then when you pressed the button to turn it back on it would pretend to boot. Just play two videos.

    Resnick: And how easy is it to create something like to that?

    Appelbaum: There are weaponized toolkits sold by companies like FinFisher that enable breaking into BlackBerries, Android phones, iPhones, Symbian devices and other platforms. And with a single click, say, the police can own a person, and take over her phone.

  79. EFF Sues for Answers About Illegal Government Email and Phone Call Surveillance

    Washington, D.C. – The Electronic Frontier Foundation (EFF) sued the Department of Justice (DOJ) today, demanding answers about illegal email and telephone call surveillance at the National Security Agency (NSA).

    The FISA Amendments Act (FAA) of 2008 gave the NSA expansive power to spy on Americans’ international email and telephone calls. However, last month, in a letter to Senator Ron Wyden, a government official publicly disclosed that the NSA’s surveillance had gone even further than what the law permits, with the Foreign Intelligence Surveillance Court (FISC) issuing at least one ruling calling the NSA’s actions unconstitutional. The government further disclosed that the FISC had determined the government’s surveillance violated the spirit of the law on at least one occasion, as well. EFF’s Freedom of Information Act (FOIA) lawsuit seeks disclosure of any written opinions or orders from FISC discussing illegal government surveillance, as well as any briefings to Congress about those violations.

  81. Cops might finally need a warrant to read your Gmail

    Major surveillance law change arrives in the Senate—and it might well pass.

    Right now, if the cops want to read my e-mail, it’s pretty trivial for them to do so. All they have to do is ask my online e-mail provider. But a new bill set to be introduced Thursday in the Senate Judiciary Committee by its chair, Sen. Patrick Leahy (D-VT), seems to stand the best chance of finally changing that situation and giving e-mail stored on remote servers the same privacy protections as e-mail stored on one’s home computer.

    When Congress passed the 1986 Electronic Communications Privacy Act (ECPA), a time when massive online storage of e-mail was essentially unimaginable, it was presumed that if you hadn’t actually bothered to download your e-mail, it could be considered “abandoned” after 180 days. By that logic, law enforcement would not need a warrant to go to the e-mail provider or ISP to get the messages that are older than 180 days; police only need to show that they have “reasonable grounds to believe” the information gathered would be useful in an investigation. Many Americans and legal scholars have found this standard, in today’s world, problematic.

    Leahy, who was one of ECPA’s original authors, proposed similar changes in May 2011, but that was never even brought to a vote in the committee. The new version, which keeps the most important element of the 2011 proposal, will be incorporated into a larger bill aimed at revising the 1988 Video Privacy Protection Act (VPPA).

  82. Congress report warns: drones will track faces from the sky

    With the FAA working on rules to integrate drones into airspace safety by 2015, the US government’s Congressional Research Service has warned of gaps in how American courts might treat the use of drones.

    The snappily-headlined report, Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses (PDF here), notes drones now in use can carry thermal imaging, high-powered cameras, license plate readers and LIDAR (light detection and ranging). “Soft” biometrics and facial recognition won’t be far behind, the report suggests, allowing drones to “recognize and track individuals based on attributes such as height, age, gender, and skin color.”

    “The relative sophistication of drones contrasted with traditional surveillance technology may influence a court’s decision whether domestic drone use is lawful under the Fourth Amendment,” the report compiled by legislative attorney Richard Thompson II states.

  83. Starting Next Year, Brazil Wants To Track All Cars Electronically

    “As of January, Brazil intends to put into action a new system that will track vehicles of all kinds via radio frequency chips. It will take a few years to accomplish, but authorities will eventually require all vehicles to have an electronic chip installed, which will match every car to its rightful owner. The chip will send the car’s identification to antennas on highways and streets, soon to be spread all over the country. Eventually, it will be illegal to own a car without one. Besides real time monitoring of traffic conditions, authorities will be able to integrate all kinds of services, such as traffic tickets, licensing and annual taxes, automatic toll charge, and much more. Benefits also include more security, since the system will make it harder for thieves to run far away with stolen vehicles, much less leave the country with one.”

  84. Pingback: Anyone want to try Silent Circle?

  85. Petraeus scandal: This is the national-security establishment turning the surveillance apparatus on itself

    From Patrick Radden Keefe, in the New Yorker: “The serialized revelations that have unfolded since Friday—when Petraeus, who left the military as a four-star general, resigned from the C.I.A. because of an affair—are, to say the least, honeyed with irony. In the decade following September 11, 2001, the national-security establishment in this country devised a surveillance apparatus of genuinely diabolical creativity—a cross-hatch of legal and technical innovations that (in theory, at any rate) could furnish law enforcement and intelligence with a high-definition early-warning system on potential terror events. What it’s delivered, instead, is the tawdry, dismaying, and wildly entertaining spectacle that ensues when the national-security establishment inadvertently turns that surveillance apparatus on itself.”

  86. Government Surveillance Growing, According To Google

    In a blog post, Google senior policy analyst Dorothy Chou says, ‘ [G]overnment demands for user data have increased steadily since we first launched the Transparency Report.’ In the first half of 2012, the period covered in the report, Chou says there were 20,938 inquiries from government organizations for information about 34,614 Google-related accounts. Google has a long history of pushing back against governmental demands for data, going back at least to its refusal to turn over search data to the Department of Justice in 2005. Many other companies have chosen to cooperate with government requests rather than question or oppose them, but Chou notes that in the past year, companies like Dropbox, LinkedIn, Sonic.net and Twitter have begun making government information requests public, to inform the discussion about Internet freedom and its limits. According to the report, the U.S. continues to make the most requests for user data, 7,969 in the first six months of the year. Google complied with 90% of these requests. Google’s average compliance rate for the 31 countries listed in the report is about 47%.

  87. Will the scandal surrounding David Petraeus, General John Allen, Paula Broadwell, Jill Kelley, and a shirtless F.B.I. agent turn into the same sort of eureka moment that Congress experienced when Bork was, as the saying now goes, “borked”? Although the lustful portion of the Petraeus scandal is hardly disappearing — who else will be drawn into it, and when will we read the emails? — attention is turning toward the apparent ease with which the F.B.I. accessed the electronic communication of Petraeus, Broadwell, Kelley, and Allen. The exact circumstances of how the F.B.I. got its hands on all this material remains to be revealed — for instance, whether search warrants were obtained for everything — but the bottom line appears to be that the F.B.I. accessed a vast array of private information and seriously harmed the careers of at least Petraeus and Broadwell without, as of yet, filing a criminal complaint against anybody. As the law professor and privacy expert James Grimmelmann tweeted the other day, “The scandal isn’t what’s illegal; the scandal is what’s legal (or what the FBI thinks is legal).”

    In recent years, a handful of privacy activists — led by the A.C.L.U., the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the Center for Democracy & Technology — have filed lawsuits and requested official documents in an effort to reveal and challenge the government’s vast surveillance powers. For the most part, they have not succeeded in changing things; the Petraeus scandal appears to show just how much surveillance the F.B.I. and other law enforcement agencies can conduct without a judge or a company telling them “no, you can’t have that.”

    There’s a particularly cruel irony in all of this: If you contact your cell-phone carrier or Internet service provider or a data broker and ask to be provided with the information on you that they provide to the government and other companies, most of them will refuse or make you jump through Defcon levels of hops, skips, and clicks. Uncle Sam or Experian can easily access data that shows where you have been, whom you have called, what you have written, and what you have bought — but you do not have the same privileges.

  88. Ms. Broadwell apparently attempted to shield her identity by using anonymous email accounts. However, it appears that her efforts were thwarted by sloppy operational security and the data retention practices of the companies to whom she entrusted her private data.

    The New York Times reported that “[b]ecause the sender’s account had been registered anonymously, investigators had to use forensic techniques—including a check of what other e-mail accounts had been accessed from the same computer address—to identify who was writing the e-mails.”

    Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from. Although these records reveal sensitive information, including geo-location data associated with the target, US law currently permits law enforcement agencies to obtain these records with a mere subpoena—no judge required.

  89. DON’T MESS UP It is hard to pull off one of these steps, let alone all of them all the time. It takes just one mistake — forgetting to use Tor, leaving your encryption keys where someone can find them, connecting to an airport Wi-Fi just once — to ruin you.

    “Robust tools for privacy and anonymity exist, but they are not integrated in a way that makes them easy to use,” Mr. Blaze warned. “We’ve all made the mistake of accidentally hitting ‘Reply All.’ Well, if you’re trying to hide your e-mails or account or I.P. address, there are a thousand other mistakes you can make.”

    In the end, Mr. Kaminsky noted, if the F.B.I. is after your e-mails, it will find a way to read them. In that case, any attempt to stand in its way may just lull you into a false sense of security.

    Some people think that if something is difficult to do, “it has security benefits, but that’s all fake — everything is logged,” said Mr. Kaminsky. “The reality is if you don’t want something to show up on the front page of The New York Times, then don’t say it.”

  90. Saudi Arabia Implements Electronic Tracking System For Women

    “Denied the right to travel without consent from their male guardians and banned from driving, women in Saudi Arabia are now monitored by an electronic system that tracks any cross-border movements. Since last week, Saudi women’s male guardians began receiving text messages on their phones informing them when women under their custody leave the country, even if they are travelling together. ‘The authorities are using technology to monitor women,’ said columnist Badriya al-Bishr, who criticised the ‘state of slavery under which women are held’ in the ultra-conservative kingdom. Women are not allowed to leave the kingdom without permission from their male guardian, who must give his consent by signing what is known as the ‘yellow sheet’ at the airport or border.”

  91. The imbroglio centers around a system called Palantir, which teases out connections from giant mounds of data, and visualizes those links in ways that even knuckle-draggers can understand. With its slick interface and its ability to find hidden relationships, Palantir has attracted a cult of fanboys in the military and intelligence communities not unlike the one Apple has amassed in the consumer gadget world.

    The problem is the Army already has a $2.3 billion system that does what Palantir is supposed to do — plus several dozen more things, besides. The DCGS-A (“Distributed Common Ground System – Army”) is meant to be the one resource that Army intel analysts can use to find links between events, build dossiers on high-level targets, and plot out patterns in enemy attacks. Accessing 473 data sources for 75 million reports, it’s supposed to be the primary source for mining intelligence and surveillance data on the battlefield — everything from informants’ tips to satellites’ images to militants’ fingerprints.

    But many in the military found DCGS-A too complicated, too hackable, and not nearly reliable enough. And the Palantir crowd, they just wouldn’t quit pushing for their favorite software, even though Palantir was something of a roach motel of intelligence data — once inside, it was hard to export information to other systems.

  92. UN’s International Telecommunications Union sets out to standardize bulk surveillance of Internet users by oppressive governments

    The International Telecommunications Union, a UN agency dominated by veterans of incumbent telcoms who mistrust the Internet, and representatives of repressive governments who want to control it, have quietly begun the standardization process for a kind of invasive network spying called “deep packet inspection” (DPI). Other standards bodies have shied away from standardizing surveillance technology, but the ITU just dived in with both feet, and proposed a standard that includes not only garden-variety spying, but also spying “in case of a local availability of the used encryption key(s)” — a situation that includes the kind of spying Iran’s government is suspected of engaging in, when an Iranian hacker stole signing keys from the Dutch certificate authority DigiNotar, allowing for silent interception of Facebook and Gmail traffic by Iranian dissidents.

  93. BBC – Future – Technology – Can disguises fool surveillance technology?

    Antivirus pioneer John McAfee, who recently fled from Belize after his neighbour was shot dead, supposedly used disguises to outwit his pursuers. Could technology have spotted what humans failed to see?

    Stick on a fake moustache. Add some glasses. Dye your hair. And perhaps pop on a hat. If you are a man – or woman – on the run in the movies then this kind of low-tech disguise is all that is needed to evade the authorities.

    But, in a case of life imitating art, a similar array of tactics seems to have met with some success in the real world.

    One of the more bizarre news stories of recent weeks concerns John McAfee, founder of the eponymous anti-virus software company, going on the run from the Belize police. According to his blog, McAfee disguised himself by colouring his hair and beard grey, darkening his face with shoe polish, padding his cheeks with bubble gum and stuffing his right nostril to give it – in McAfee’s own words, “an awkward, lopsided, disgusting appearance”.

  94. City buses across America increasingly have hidden microphones that track and record the conversations that take place on them. It’s easy to see the reasoning behind this: once it’s acceptable to video-record everything and everyone on a bus because some crime, somewhere was thus thwarted, then why not add audio? If all you need to justify an intrusion into privacy is to show that some bad thing, somewhere, can be so prevented, then why not? After all, “If you’ve got nothing to hide…”

  96. Massive New Surveillance Program Uncovered by Wall Street Journal

    he Wall Street Journal reported today that the little-known National Counterterrorism Center, based in an unmarked building in McLean, Va., has been granted sweeping new authority to store and monitor massive datasets about innocent Americans.

    After internal wrangling over privacy and civil liberties issues, the Justice Department reportedly signed off on controversial new guidelines earlier this year. The guidelines allow the NCTC, for the first time, to keep data about innocent U.S. citizens for up to five years, using “predictive pattern-matching,” to analyze it for suspicious patterns of behavior. The data the counterterrorism center has access to, according to the Journal, includes “entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others.”

    Notably, the Journal reports that these changes also allow databases about U.S. civilians to be handed over to foreign governments for analysis, presumably so that they too can attempt to determine future criminal actions. The Department of Homeland Security’s former chief privacy officer said that it represents a “sea change in the way that the government interacts with the general public.”

  98. FBI Documents Shine Light on Clandestine Cellphone Tracking Tool

    Posted Thursday, Jan. 10, 2013, at 2:14 PM ET

    The FBI calls it a “sensitive investigative technique” that it wants to keep secret. But newly released documents that shed light on the bureau’s use of a controversial cellphone tracking technology called the “Stingray” have prompted fresh questions over the legality of the spy tool.

    Functioning as a so-called “cell-site simulator,” the Stingray is a sophisticated portable surveillance device. The equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network. The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications. But by design Stingrays, sometimes called “IMSI catchers,” collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service—which critics say violates a federal communications law.

    The FBI has maintained that its legal footing here is firm. Now, though, internal documents obtained by the Electronic Privacy Information Center, a civil liberties group, reveal the bureau appears well aware its use of the snooping gear is in dubious territory. Two heavily redacted sets of files released last month show internal Justice Department guidance that relates to the use of the cell tracking equipment, with repeated references to a crucial section of the Communications Act which outlines how “interference” with communication signals is prohibited.

  100. Chinese Skype Surveillance Trigger Words Uncovered by Researcher
    By Ryan Gallagher | Posted Friday, March 8, 2013, at 6:25 PM

    There is one thing that binds the phrases “kinky cinema,” “hired killer,” and “throwing eggs.” If you type any one of them into a special eavesdropping-enabled version of Skype used in China, you could find yourself under surveillance.

    That’s according to a research project by Jeffrey Knockel, a computer-science graduate student at the University of New Mexico, Albuquerque. As Bloomberg Businessweek reported today, Knockel recently found a way to bypass encryption used by a version of Skype designed specifically for Chinese users, and in doing so uncovered secret keyword lists used in China to monitor Skype users’ communications.

    According to the 27-year-old researcher, the software has a built-in surveillance blacklist that scans messages sent between users for specific words and phrases. If a user types one of the offending phrases into the Skype text chat, it triggers an alert—sending a copy back to a centralized computer server and flagging who sent the message and when.

  101. Harvard secretly searched e-mails

    Harvard University central administrators secretly searched the e-mail accounts of 16 resident deans last fall, looking for a leak to the media about the school’s sprawling cheating case, according to several Harvard officials interviewed by the Globe.

    The resident deans sit on Harvard’s Administrative Board, the committee charged with handling the cheating case. They were not warned that administrators planned to access their accounts, and only one was told of the search shortly afterward.

    The dean who was informed had forwarded a confidential Administrative Board message to a student he was advising, not realizing it would ultimately make its way to the Harvard Crimson and the Globe and fuel the campus controversy over the cheating scandal.

  102. Facebook finally admits to tracking non-users

    In a series of interviews with USAToday, Facebook has finally revealed how it tracks users and non-users across the web, gathering huge amount of data as it does so. Says ABCNews/USAToday:

    Facebook officials are now acknowledging that the social media giant has been able to create a running log of the web pages that each of its 800 million or so members has visited during the previous 90 days. Facebook also keeps close track of where millions more non-members of the social network go on the Web, after they visit a Facebook web page for any reason.

  103. Bruce Schneier – “The Internet is a surveillance state

    Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

    There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy.

    This isn’t something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; there are lots of ways to be tracked without cookies. Cellphone companies routinely undo the web’s privacy protection. One experiment at Carnegie Mellon took real-time videos of students on campus and was able to identify one-third of them by comparing their photos with publicly available tagged Facebook photos.

  105. According to the ACLU’s Principal Technologist Christopher Soghoian, Ph.D., the real issue lies in the Communications Assistance for Law Enforcement Act or CALEA which was passed in 1994.

    Soghoian told SecurityWatch this law, “mandated that industries build in intercept capabilities to their networks.” These industries included phone and broadband companies, but not companies like Apple. iMessage is also different from normal text messaging because it both encrypts the message and sends it peer-to-peer between iPhones, without touching a carrier’s network.

    Another critical aspect of CALEA deals with encrypted messaging, mainly that it is exempt from all wireless surveillance. Soghoian explained that communications, “encrypted with a key not known to the company […] cannot be intercepted.” So in a situation where the decryption keys are handled on the device, and not by whomever is delivering the messages, then law enforcement must ignore the message entirely.

    This issue was mentioned in the DEA report, quoted by CNet: “iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider.” However, the report notes that depending on where the intercept is placed, messages sent to other phones can be read. This is likely because those communications are not encrypted, and are therefore visible to law enforcement under CALEA.

  107. With this fuller history, Lapsley lays out the foundations of the systems we live in now. Not the specific tools we use, which are rotating into obsolescence in an accelerating blur, but the systems our tools are embedded within, and our notions of security, freedom, criminality, privacy. During the years that AT&T was struggling to invent a new phone technology, they also forged new legal justifications for surveilling users and prosecuting hackers. By definition, they had no idea who was hiding from their billing system, so they set up a blanket surveillance program which tapped around 33 million phone calls between 1964 and 1970, recording more than a million and a half of them for further analysis. AT&T kept this program — code named Greenstar — a closely guarded secret, because they were pretty sure it was illegal, and they certainly didn’t want a court to confirm their suspicions. But this massive wiretapping program gave them a good idea who was defrauding their system, and it pointed them towards evidence that they could use in court. (In 1968, AT&T helped advise Congress on new legislation that made the Greenstar wiretapping retroactively legal. So that was one problem taken care of.)

    Phone phreaks talked about getting busted by the phone company in a way that would sound silly if we were talking about AT&T or Google today. And it is indeed strange to think of Ma Bell’s quasi-governmental security force: hard-boiled guys in trench coats staking out phone booths, waiting for a hippie to toot a toy or beep a box. But part of the reason this seems strange is because corporations don’t really need the guys in trench coats anymore. The mechanisms of state and corporate surveillance are now completely embedded in our daily lives.

    http://lareviewofbooks.org/article.php?type&id=1570&fulltext=1&media

  109. Retail technology
    We snoop to conquer
    Security cameras are watching honest shoppers, too

    “There’s no expectation of privacy when you go into a mall,” retorts one shopper-monitoring executive. A better answer is that retailers like American Apparel are analysing groups, not identifying individuals. Cameras set up to do anything fancier than traffic-counting are confined to a few test stores. Mobile-phone trackers identify phones, not their owners, says Will Smith of Euclid Analytics. Still, Euclid recommends telling customers that tracking is going on. “Companies that succeed in this space are companies that address privacy correctly,” he says.

  110. Facebook data already inform lending decisions at Kreditech, a Hamburg-based start-up that makes small online loans in Germany, Poland and Spain. Applicants are asked to provide access for a limited time to their account on Facebook or another social network. Much is revealed by your friends, says Alexander Graubner-Müller, one of the firm’s founders. An applicant whose friends appear to have well-paid jobs and live in nice neighbourhoods is more likely to secure a loan. An applicant with a friend who has defaulted on a Kreditech loan is more likely to be rejected.

  111. Song Chaoming, for instance, is a researcher at Northeastern University in Boston. He is a physicist, but he moonlights as a social scientist. With that hat on he has devised an algorithm which can look at someone’s mobile-phone records and predict with an average of 93% accuracy where that person is at any moment of any day. Given most people’s regular habits (sleep, commute, work, commute, sleep), this might not seem too hard. What is impressive is that his accuracy was never lower than 80% for any of the 50,000 people he looked at.

  112. If you’re going to build a protest movement, it might be better to stay off Facebook and Twitter because the cops are fully tuned into social media these days. The Open Source Intelligence Unit at London’s Metropolitan Police Service has a staff of seventeen who work seven days a week – to track social media feed back and to monitor community tension. Having a sense of humour and understanding of slang gives humans the edge over social media surveillance software, UK cops reckon. The British cops are worried about 4G mobile broadband though because it’ll generate much more data such as video.”

  114. IRS tracks your digital footprint

    The IRS has quietly upgraded its technology so tax collectors can track virtually everything people do online.

    The Internal Revenue Service is collecting a lot more than taxes this year — it’s also acquiring a huge volume of personal information on taxpayers’ digital activities, from eBay auctions to Facebook posts and, for the first time ever, credit card and e-payment transaction records, as it expands its search for tax cheats to places it’s never gone before.

  115. “According to a lawyer at a telecoms company and the retired boss of a large telecoms group operating in the United States, telecoms companies have long been required to employ technicians with security clearances who assist in government surveillance, but are not allowed to disclose their activities to their uncleared bosses. The same request may, perhaps, have been extended to web firms.”

    http://www.economist.com/news/briefing/21579473-americas-national-security-agency-collects-more-information-most-people-thought-will

  116. “America’s energetic snooping is part of a broader global trend. Each year authorities in South Korea make more than 37m requests to see communications data stored about the country’s 50m people (police in Britain make about 500,000). New laws in Kenya let the government snoop on suspects indefinitely once an application is approved. India is considering a plan to route communications through government equipment, helping it to eavesdrop without alerting service providers. A report presented on June 4th by Frank La Rue, the UN’s special rapporteur on free expression, warned that broad interpretations of outdated laws were enabling sophisticated and invasive surveillance measures to flourish around the world. He called for governments to draw up new regulations that properly acknowledge the growing power of modern spying equipment.”

  117. How Canada’s shadowy metadata-gathering program went awry

    “This week’s revelations have made it clearer to the public that Canada, like other governments, is voraciously scouring the globe for telecommunications data trails – phone logs, Internet protocols and other “routing” information.”

    More on metadata

    CSE’s privacy rules revealed (sort of)

    Décary speaks

    “I am completely independent and operate at arms-length from the government. I have all the powers of a Commissioner under Part II of the Inquiries Act, including the power of subpoena, to access and review any information held by CSEC. We have secure offices on-site at CSEC. My employees have unobstructed access to CSEC systems, observe CSEC analysts first hand to verify how they conduct their work, interview them, and test information obtained against the contents of CSEC’s databases.

    I verify that CSEC does not direct its foreign signals intelligence collection and IT security activities at Canadians — wherever they might be in the world — or at any person in Canada. CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting.

    In the case of metadata, I verify that it is collected and used by CSEC only for purposes of providing intelligence on foreign entities located outside Canada and to protect information infrastructures of importance to the government.

    At the time the new legislation was passed, CSE told us all in no uncertain terms that the ability to follow a foreign-intelligence-related communication into Canada was vital to the agency’s ability to function effectively in the modern world. For some reason the Commissioner seems to want to leave the impression that this only happens “unintentionally”.

    Similarly, the Commissioner’s statement affirms that “CSEC is prohibited from requesting an international partner to undertake activities that CSEC itself is legally prohibited from conducting”, but it skips past the vital question of how often those partners may nonetheless supply information that CSE would not itself be permitted to collect.”

    Tories deny Canadian spy agencies are targeting Canadians

    More on CSE and the monitoring (or not) of Canadians

    “Liberal MP Wayne Easter, who was minister responsible for the spy agency CSIS in 2002-03, told the Star that in the post-9/11 era a decade ago it was common for Canada’s allies to pass on information about Canadians that they were authorized to gather but Ottawa wasn’t.

    The practice was, in effect, a back-door way for sensitive national security information to be shared, not with the government, but Communications Security Establishment Canada (CSEC) and, if necessary, the Canadian Security Intelligence Service (CSIS).”

    Canada has tracked phone and Internet data for years

    Opposition seeks parliamentary oversight of Canada’s spy agencies

    Big Brother really is watching — and listening

    You’re not paranoid, the government might be watching you: Walkom

    “Defence Minister Peter MacKay says Ottawa’s electronic snooping agency doesn’t monitor Canadians. He’s wrong.

    In fact, the little-known Communications Security Establishment Canada is specifically mandated to intercept telephone or Internet communications involving Canadians — as long as it does so in an effort to gather foreign intelligence.

    As former Liberal solicitor-general Wayne Easter told my colleague Tonda MacCharles, during his time in government the NSA routinely passed on information about Canadians to Canada — through either CSEC itself or the Canadian Security Intelligence Service or the RCMP.”

    CSE metadata monitoring began in 2005 or earlier

    “In fact, such data are undoubtedly also collected to help determine the identities (or at least the communications addresses) of the people in Canada that CSE’s foreign intelligence targets are communicating with. The person at the Canadian end of the conversation would not be the “target” in such cases, but CSE would still want to monitor both ends of the communication in order to find out what the foreign target at the other end of the conversation was up to.

    If the Canadian participant turned out to also be of intelligence interest, CSE would then pass that information to CSIS, the RCMP, or another relevant agency, which if it agreed would then obtain authorization to monitor the Canadian under its own legal procedures. That authorization, in turn, would clear the way for CSE to conduct further monitoring of the Canadian in fulfillment of Part C of its mandate.”

    10 questions about Canada’s Internet spying

    Spy agencies have turned our digital lives inside out. We need to watch them

    “The NSA’s enormous new $1.2-billion complex in Utah will be able to handle and process five zettabytes of data, which former NSA technical director (and now whistleblower William Binney) estimates to be on the order of 100 years worth of all of the world’s communications.

    In 2010, German Green Party politician Malte Spitz and Germany’s Die Zeit newspaper requested all of the metadata from Mr. Spitz’s phone carrier, Deutsch Telekom. The company sent back a CD containing 35,830 lines of code. “Seen individually, the pieces of data are mostly inconsequential and harmless,” wrote Die Zeit, “[but] taken together, they provide what investigators call a profile – a clear picture of a person’s habits and preferences, and indeed, of his or her life.”

    Access to metadata, when combined with powerful computers and algorithms, can also allow entire social networks to be mapped in space and time with a degree of precision that is extraordinarily unprecedented, and extraordinarily powerful. Once analyzed, metadata can pinpoint not only who you are, but with whom you meet, with what frequency and duration, and at which locations. And it’s now big business for that very reason. A growing complex of top secret data analysis companies orbit the law enforcement, military, and intelligence communities offering Big Data analysis, further driving the need for yet more data.”

  118. Is CSE metadata-mining Canadian call records?

    “As part of ongoing collaborations with the Communications Security Establishment (CSE), we are applying unsupervised and semi-supervised learning methods to understand transactions on large dynamic networks, such as telephone and email networks. When viewed as a graph, the nodes correspond to individuals that send or receive messages, and edges correspond to the messages themselves. The graphs we address can be observed in real-time, include from hundreds to hundreds of thousands of nodes, and feature thousands to millions of transactions. There are two goals associated with this project: firstly, there is the semi-supervised learning task, and rare-target problem, in which we wish to identify certain types of nodes; secondly, there is the unsupervised learning task of detecting anomalous messages.”

    Why Canadians Should Be Demanding Answers About Secret Surveillance Programs

    “Canada has similar disclosure provisions as those found in the USA Patriot Act. For example, s. 21 of the Canadian Security Intelligence Act provides for a warrant that permits almost any type of communication interception, surveillance or disclosure of records for purpose of national security. To obtain such a warrant, the Director of the CSIS or a designate of the Solicitor General is required to file an application with a Federal Court judge. The application must contain an affidavit stating “the facts relied on to justify the belief, on reasonable grounds, that a warrant… is required”. The application must also outline why other investigative techniques are inappropriate. The warrant will typically last 60 days and is renewable on application. Section 21 orders could presumably also be applied to U.S. companies operating in Canada.

    The section 21 warrant is arguably similar to a section 215 application made to the FISA Court. Both do not require probable cause and both can be used to obtain any type of records or any other tangible thing. Moreover, the target of both warrants need not be the target of the national security investigation.”

    Canada and the NSA revelations

    Canada is part of the eavesdropping network

    Data-collection program got green light from MacKay in 2011

  119. Q: Glenn Greenwald follow up: When you say “someone at NSA still has the content of your communications” – what do you mean? Do you mean they have a record of it, or the actual content?

    A: Both. If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time – and can be extended further with waivers rather than warrants.

  120. Brit spies GCHQ harvest all undersea cable comms, all UK calls and data, share with 850,000+ NSA spooks and contractors

    The Guardian has published information from another Edward Snowden leak, this one detailing a British wiretapping program by the UK spy agency GCHQ that puts Prism to shame. The GCHQ program, called Tempora, stores all submarine cable traffic and all domestic traffic (Internet packets and recordings of phone-calls) for 30 days, using NSA tools to sort and search it; the quid-pro-quo being that the NSA gets to access this data, too. The program is reportedly staffed by 300 GCHQ spies and 250 NSA spies, and the data produced by the taps is made available to 850,000 NSA employees and contractors. This is all carried out under the rubric of RIPA, the controversial Regulation of Investigatory Powers Act, a UK electronic spying law passed by Tony Blair’s Labour government.

  121. U.S. surveillance architecture includes collection of revealing Internet, phone metadata

    MAINWAY, which collects the telephone metadata of people in the United States. The collected data reportedly include “phone numbers dialed and length of call but not call content, caller identity or location information”. According to the U.S. government the data may be “queried” only when there is “reasonable suspicion” that “an identifier is associated with specific foreign terrorist organizations”. The government statement does not specify whether the data are also subjected to computerized network analysis in order to help determine “identifiers” that may be associated with those organizations.

    MARINA, which collects internet metadata. According to the Washington Post, “MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls. The NSA calls Internet metadata ‘digital network information.’ Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects.”

    NUCLEON, which intercepts the content of telephone calls. This program reportedly works on a much smaller scale than the first two. It probably only captures the telephone calls of specific individuals who have already been identified as suspects in on-going investigations.

    PRISM, which accesses internet content (e-mail, chat texts, search histories, Skype data, data stored in “the cloud”, etc.) contained in the data stored by major internet services such as Google and Facebook. These data are reportedly also accessed only with respect to specific individuals or perhaps groups of individuals or organizations.

  122. Italy is the most wiretapped Western democracy, with transcripts of telephone intercepts of politicians and criminals routinely splashed on front pages. Just this weekend, the phone intercepts of a top Vatican accountant arrested in a 20 million euro ($26.2 million) corruption plot were published in major Italian newspapers.

    http://www.nationalpost.com/m/wp/news/blog.html?b=news.nationalpost.com/2013/07/01/french-president-demands-u-s-cease-spying-on-the-european-union&pubdate=2013-07-01

  123. Security in Tibet
    Grid locked
    With the help of experts from Beijing, Tibet tightens its systems of surveillance

    It was launched in April 2012 in Lhasa’s Chengguan district, where Mr Zhi has been serving as deputy party chief. Officials call it the “grid system of social management”. One of its main aims is to make it easier for officials to monitor potential troublemakers by using intelligence gathered by community workers within areas known as grids (wangge in Mandarin). Chengguan, which includes most of the city proper and some of the rural area around it, has been divided into 175 of them. The grids’ small size (every Lhasa neighbourhood now has several) is intended to facilitate the gathering of detailed, real-time information.

    Why bother? Lhasa is already crawling with security personnel and festooned with surveillance cameras. Even before the grid system any Tibetan who raised a protest banner would be leapt on within seconds and taken away (though few such attempts have been reported since security was increased after riots in 2008). But, mostly in the last two years, Tibetan protesters have taken to setting themselves on fire, which has made the authorities even edgier. Only two of about 120 of these acts have occurred in Lhasa but the capital’s religious importance to Tibetans makes any dissent there particularly potent.

    In both cities grid staff are helped by patrols of volunteers wearing red armbands: usually retired people whose role as local snoops long predates the introduction of grids. Human Rights Watch says that in Lhasa these patrols have become more intrusive with the recent immolations, searching homes for pictures of the Dalai Lama and other signs of dissent. Along with the rollout of grids, the Tibetan authorities have been organising households into groups of five or ten. A leader is appointed who becomes a point of contact for grid officials or police wanting information about members of the group. In May Tibet’s party chief Chen Quanguo said these groups should be the “basic unit” of the system, “ensuring…no blind spots”.

  126. In the meantime technology can serve the powerful, too. Protesters in Turkey and Brazil say their mobile internet access was throttled, though congestion, not censorship, may be the real culprit. Instructions issued over social networks are easily monitored by police. Amateur footage provides authorities with visual records of those who attend. Witness, an American charity which trains citizen journalists, says that where official snooping is a danger, protesters should be filmed only from behind; last July YouTube, an online video site, introduced a face-blurring tool.

    Most protesters are not so careful, and police are getting better at capturing this information themselves. Since 2011 cops in Brazil have tried head-mounted face-detection cameras, which authorities claim can capture up to 400 faces a second. Hoisting them on cheap drones would offer an even better view. Police forces can also recognise demonstrators without actually seeing them: some officers in America have kit capable of recording the identifying code of all the mobile phones within a given area, and officials can also beg or seize the data from mobile operators.

    http://www.economist.com/news/international/21580190-technology-makes-protests-more-likely-not-yet-more-effective-digital-demo

  127. New Snowden leak: NSA program taps all you do online

    http://edition.cnn.com/2013/07/31/tech/web/snowden-leak-xkeyscore/

    You’ve never heard of XKeyscore, but it definitely knows you. The National Security Agency’s top-secret program essentially makes available everything you’ve ever done on the Internet — browsing history, searches, content of your emails, online chats, even your metadata — all at the tap of the keyboard.

    The Guardian exposed the program on Wednesday in a follow-up piece to its groundbreaking report on the NSA’s surveillance practices. Shortly after publication, Edward Snowden, a 29-year-old former Booz Allen Hamilton employee who worked for the NSA for four years, came forward as the source.

    This latest revelation comes from XKeyscore training materials, which Snowden also provided to The Guardian. The NSA sums up the program best: XKeyscore is its “widest reaching” system for developing intelligence from the Internet.

  132. “No laws define the limits of the N.S.A.’s power. No Congressional committee subjects the agency’s budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the N.S.A. are also gradually changing lives of Americans – the way they bank, obtain benefits from the Government and communicate with family and friends. Every day, in almost every area of culture and commerce, systems and procedures are being adopted by private companies and organizations as well as by the nation’s security leaders that make it easier for the N.S.A. to dominate American society should it ever decide such action is necessary.”

    David Burnham, in 1983: THE SILENT POWER OF THE N.S.A.

  135. Barack Obama’s portable secrecy tent (some assembly required)

    Washington: When President Barack Obama travels abroad, his staff packs briefing books, gifts for foreign leaders and something more closely associated with camping than diplomacy: a tent.

    Even when Obama travels to allied nations, aides quickly set up the security tent – which has opaque sides and noise-making devices inside – in a room near his hotel suite. When the president needs to read a classified document or have a sensitive conversation, he ducks into the tent to shield himself from secret video cameras and listening devices.

  136. NSA tracking cellphone locations worldwide, Snowden documents show

    The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

    The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

  138. The bigger worry is for those in front of the cameras, not behind them. School bullies already use illicit snaps from mobile phones to embarrass their victims. The web throngs with furtive photos of women, snapped in public places. Wearable cameras will make such surreptitious photography easier. And the huge, looming issue is the growing sophistication of face-recognition technologies, which are starting to enable businesses and governments to extract information about individuals by scouring the billions of images online. The combination of cameras everywhere—in bars, on streets, in offices, on people’s heads—with the algorithms run by social networks and other service providers that process stored and published images is a powerful and alarming one. We may not be far from a world in which your movements could be tracked all the time, where a stranger walking down the street can immediately identify exactly who you are.

    For the moment, companies are treading carefully. Google has banned the use of face-recognition in apps on Glass and its camera is designed to film only in short bursts. Japanese digital camera-makers ensure their products emit a shutter sound every time a picture is taken. Existing laws to control stalking or harassment can be extended to deal with peeping drones.

  139. Fruitless introspection

    SIR – Your briefing on ubiquitous cameras claimed that “life logging” will have “much to recommend it” because the “potentially endless” re-examination of the life-logger’s experience will “reveal opportunities to be healthier, happier and more effective” (“The people’s panopticon”, November 16th). However, since everything in the life-logger’s life is recorded, that record will presumably include recordings of the examination of prior recordings, then recordings of the examinations of those recordings, and so on. A point will soon be reached where the life being logged consists of nothing but commentary on commentary.

    Samuel Beckett’s one-act play, “Krapp’s Last Tape”, features an aged man sitting before a tape recorder making tapes that are commentaries on prior tape recordings which are themselves commentaries. Technology moves on, but the message still holds: the endless re-examination of futility leads only to more futility, not meaning or effectiveness.

    Kirk Templeton
    San Francisco

  142. Not only is ubiquitous surveillance ineffective, it is extraordinarily costly. I don’t mean just the budgets, which will continue to skyrocket. Or the diplomatic costs, as country after country learns of our surveillance programs against their citizens. I’m also talking about the cost to our society. It breaks so much of what our society has built. It breaks our political systems, as Congress is unable to provide any meaningful oversight and citizens are kept in the dark about what government does. It breaks our legal systems, as laws are ignored or reinterpreted, and people are unable to challenge government actions in court. It breaks our commercial systems, as U.S. computer products and services are no longer trusted worldwide. It breaks our technical systems, as the very protocols of the Internet become untrusted. And it breaks our social systems; the loss of privacy, freedom, and liberty is much more damaging to our society than the occasional act of random violence.

  143. The Yale Law Journal Online (YLJO) just published an article that I co-authored with Kevin Bankston (first workshopped at the Privacy Law Scholars Conference last year) entitled “Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones.” In it, we discuss the drastic reduction in the cost of tracking an individual’s location and show how technology has greatly reduced the barriers to performing surveillance. We estimate the hourly cost of location tracking techniques used in landmark Supreme Court cases Jones, Karo, and Knotts and use the opinions issued in those cases to propose an objective metric: if the cost of the surveillance using the new technique is an order of magnitude (ten times) less than the cost of the surveillance without using the new technique, then the new technique violates a reasonable expectation of privacy. For example, the graph above shows that tracking a suspect using a GPS device is 28 times cheaper than assigning officers to follow him.

  144. Now we know Ottawa can snoop on any Canadian. What are we going to do?

    What’s this mean for Canadians? When you go to the airport and flip open your phone to get your flight status, the government could have a record. When you check into your hotel and log on to the Internet, there’s another data point that could be collected. When you surf the Web at the local cafe hotspot, the spies could be watching. Even if you’re just going about your usual routine at your place of work, they may be following your communications trail.

    Ingenious? Yes. Audacious? Yes. Unlawful? Time for the courts to decide. With regard to recent revelations, Canadian government officials have strenuously denied doing what is clearly described in this presentation. On 19 September 2013, CSEC chief John Forster was quoted by the Globe and Mail saying “CSEC does not direct its activities at Canadians and is prohibited by law from doing so.” In response to a lawsuit launched by the British Columbia Civil Liberties Association against the Government of Canada, CSEC admitted that there “may be circumstances in which incidental interception of private communications or information about Canadians will occur.” Only in Orwell-speak would what is contained in these presentations be described as “incidental” or “not directed at Canadians.” Then again, an Orwellian society is what we are in danger of becoming.

    The revelations require an immediate response. They throw into sharp relief the obvious inadequacy of the existing “oversight” mechanism, which operates entirely within the security tent. They cast into doubt all government statements made about the limits of such programs. They raise the alarming prospect that Canada’s intelligence agencies may be routinely obtaining data on Canadian citizens from private companies – which includes revealing personal data – on the basis of a unilateral and highly dubious definition of “metadata” (the information sent by cellphones and mobile devices describing their location, numbers called and so on) as somehow not being “communications.” Such operations go well beyond invasions of privacy; the potential for the abuse of unchecked power contained here is practically limitless.

  145. The Internet is Broken–Act Accordingly

    PUNTA CANA–Costin Raiu is a cautious man. He measures his words carefully and says exactly what he means, and is not given to hyperbole or exaggeration. Raiu is the driving force behind much of the intricate research into APTs and targeted attacks that Kaspersky Lab’s Global Research and Analysis Team has been doing for the last few years, and he has first-hand knowledge of the depth and breadth of the tactics that top-tier attackers are using.

    So when Raiu says he conducts his online activities under the assumption that his movements are being monitored by government hackers, it is not meant as a scare tactic. It is a simple statement of fact.

    “I operate under the principle that my computer is owned by at least three governments,” Raiu said during a presentation he gave to industry analysts at the company’s analyst summit here on Thursday.

    The comment drew some chuckles from the audience, but Raiu was not joking. Security experts for years have been telling users–especially enterprise users–to assume that their network or PC is compromised. The reasoning is that if you assume you’re owned then you’ll be more cautious about what you do. It’s the technical equivalent of telling a child to behave as if his mother is watching everything he does. It doesn’t always work, but it can’t hurt.

    Raiu and his fellow researchers around the world are obvious targets for highly skilled attackers of all stripes. They spend their days analyzing new attack techniques and working out methods for countering them. Intelligence agencies, APT groups and cybercrime gangs all would love to know what researchers know and how they get their information. Just about every researcher has a story about being attacked or compromised at some point. It’s an occupational hazard.

  148. A newly released set of slides from the Snowden leaks reveals that the NSA is harvesting millions of facial images from the Web for use in facial recognition algorithms through a program called “Identity Intelligence.” James Risen and Laura Poitras’s NYT piece shows that the NSA is linking these facial images with other biometrics, identity data, and “behavioral” data including “travel, financial, behaviors, social network.”

    The NSA’s goal — in which it has been moderately successful — is to match images from disparate databases, including databases of intercepted videoconferences (in February 2014, another Snowden publication revealed that NSA partner GCHQ had intercepted millions of Yahoo video chat stills), images captured by airports of fliers, and hacked national identity card databases from other countries. According to the article, the NSA is trying to hack the national ID card databases of “Pakistan, Saudi Arabia and Iran.”

  149. “It may be that by watching everywhere we go, by watching everything we do, by analysing every word we say, by waiting and passing judgment over every association we make and every person we love, that we could uncover a terrorist plot, or we could discover more criminals. But is that the kind of society we want to live in? That is the definition of a security state.”

    http://www.theguardian.com/world/2014/jul/18/-sp-edward-snowden-interview-rusbridger-macaskill

  150. “What last year’s revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default.” This has big implications for anyone using email, text, cloud computing – or Skype, or phones, to communicate in circumstances where they have a professional duty of confidentiality. “The work of journalism has become immeasurably harder. Journalists have to be particularly conscious about any sort of network signalling; any sort of connection; any sort of licence plate-reading device that they pass on their way to a meeting point; any place they use their credit card; any place they take their phone; any email contact they have with the source. Because that very first contact, before encrypted communications are established, is enough to give it all away.” To journalists, he would add “lawyers, doctors, investigators, possibly even accountants. Anyone who has an obligation to protect the privacy of their clients is facing a new and challenging world.”

  151. Canadian intelligence sweeps often intercept private data, spy document reveals

    In its fight against Chinese espionage and other cyberthreats, Canada’s electronic-intelligence agency intercepts citizens’ private messages without judicial warrants.

    A 22-page “Operational Procedures for Cyber Defence” document obtained by The Globe speaks to just how Communications Security Establishment Canada (CSEC) can log, store and study volumes of electronic communications that touch government computer networks – including the “private communications” of Canadians not themselves thought to be hackers.

    Full details about the tradeoffs involved in CSEC’s operations are known only to one outsider – Minster of National Defence Rob Nicholson, the official who approves such surveillance, and who is provided with statistics about its risks.

  153. Because of such uproars, many current and former U.S. officials have come to see Singapore as a model for how they’d build an intelligence apparatus if privacy laws and a long tradition of civil liberties weren’t standing in the way. After Poindexter left DARPA in 2003, he became a consultant to RAHS, and many American spooks have traveled to Singapore to study the program firsthand. They are drawn not just to Singapore’s embrace of mass surveillance but also to the country’s curious mix of democracy and authoritarianism, in which a paternalistic government ensures people’s basic needs — housing, education, security — in return for almost reverential deference. It is a law-and-order society, and the definition of “order” is all-encompassing.

  154. Surveillance starts in the home, where all Internet traffic in Singapore is filtered, a senior Defense Ministry official told me (commercial and business traffic is not screened, the official said). Traffic is monitored primarily for two sources of prohibited content: porn and racist invective. About 100 websites featuring sexual content are officially blocked. The list is a state secret, but it’s generally believed to include Playboy and Hustler magazine’s websites and others with sexually laden words in the title. (One Singaporean told me it’s easy to find porn — just look for the web addresses without any obviously sexual words in them.) All other sites, including foreign media, social networks, and blogs, are open to Singaporeans. But post a comment or an article that the law deems racially offensive or inflammatory, and the police may come to your door.

    Singaporeans have been charged under the Sedition Act for making racist statements online, but officials are quick to point out that they don’t consider this censorship. Hateful speech threatens to tear the nation’s multiethnic social fabric and is therefore a national security threat, they say. After the 2012 arrest of two Chinese teenage boys, who police alleged had made racist comments on Facebook and Twitter about ethnic Malays, a senior police official explained to reporters: “The right to free speech does not extend to making remarks that incite racial and religious friction and conflict. The Internet may be a convenient medium to express one’s views, but members of the public should bear in mind that they are no less accountable for their actions online.”

  156. Currently, there are 559 leaked company documents, and 15 location tracking reports from WikiLeaks Counter Intelligence Unit (WLCIU). The 559 files disclose to the public internal documents from more than 100 companies specialized in intelligence and (mass) surveillance technologies. These technologies are sold both to Western governments and to dictators, and have been used by the Syrian government. The 15 documents from WLCIU reveal the timestamps and locations of 20 members of these companies, whose whereabouts WikiLeaks has decided to track in order to show where the main surveillance contractors are sending its people. But what does the Spy Files database actually contain? Which are the most recurring intelligence companies and what systems do they target? How to download exactly the leaked document your research calls for? To answer these questions, we’ve decided to import WikiLeaks’s DB into Silk, to combine it with semantic technologies, a powerful query engine and a user-friendly interactive visualization interface.

    https://wikileaks.silk.co/

  157. Millions of Voiceprints Quietly Being Harvested

    Businesses and governments around the world increasingly are turning to voice biometrics, or voiceprints, to pay pensions, collect taxes, track criminals and replace passwords. “We sometimes call it the invisible biometric,” said Mike Goldgof, an executive at Madrid-based AGNITiO, one of about 10 leading companies in the field. Those companies have helped enter more than 65M voiceprints into corporate and government databases, according to Associated Press interviews with dozens of industry representatives and records requests in the United States, Europe and elsewhere. … The single largest implementation identified by the AP is in Turkey, where the mobile phone company Turkcell has taken the voice biometric data of some 10 million customers using technology provided by market leader Nuance Communications Inc. But government agencies are catching up.

  158. If You’re Connected, Apple Collects Your Data

    It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what’s been discovered so far, and given what’s known to be going on, it’s not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not.

  159. Department of Justice officials say a couple in Northern California couple have been indicted on federal drug charges related to the Silk Road 2.0 “dark Web” drug market after agents traced their internet activity. Chico, CA residents David and Teri Schell, 54 and 59, respectively, are charged with conspiracy to manufacture and distribute marijuana and possession of pot with intent to distribute.

    http://boingboing.net/2014/11/21/california-couple-arrested-on.html

  160. At 1:30pm on Christmas Eve, the NSA dumped a huge cache of documents on its website in response to a long-fought ACLU Freedom of Information Act request, including documents that reveal criminal wrongdoing.

    The dump consists of its quarterly and annual reports to the President’s Intelligence Oversight Board from Q4/2001 to Q1/2013. They were heavily redacted prior to release, but even so, they reveal that the NSA illegally spied on Americans, including a parade of user-errors in which NSA operatives accidentally spied on themselves, raided their spouses’ data, and made self-serving errors in their interpretation of the rules under which they were allowed to gather and search data.

    The NSA admits that its analysts “deliberately ignored restrictions on their authority to spy on Americans multiple times in the past decade.”

    U.S. Spy Agency Reports Improper Surveillance of Americans

    The National Security Agency today released reports on intelligence collection that may have violated the law or U.S. policy over more than a decade, including unauthorized surveillance of Americans’ overseas communications.

  161. Govt Docs Reveal Canadian Telcos Promise Surveillance Ready Networks

    “Michael Geist reports that Canadian telecom and Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. Hoping to avoid legislative requirements, the providers argue that “the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications.”

    Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks

  163. NSA Says They Have VPNs In a ‘Vulcan Death Grip’

    The National Security Agency’s Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.

    NSA has VPNs in Vulcan death grip—no, really, that’s what they call it

    VPN traffic repositories used to find keys, crack encryption of target traffic.

  165. The Importance of Deleting Old Stuff

    Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, “One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. … Everything is now digital, and storage is cheap — why not save it all?

    Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company. They published old e-mails by employees that caused less-newsworthy personal embarrassment to those employees, and these messages are resulting in class-action lawsuits against the company. They published old documents. They published everything they got their hands on.”

    Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done. What kind of retention policy does your organization enforce? Do you have any personal limits on storing old data?

  167. Canada’s spies surveil the whole world’s downloads

    According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)

    The latest disclosure sheds light on Canada’s broad existing surveillance capabilities at a time when the country’s government is pushing for a further expansion of security powers following attacks in Ottawa and Quebec last year.

    Ron Deibert, director of University of Toronto-based Internet security think tank Citizen Lab, said LEVITATION illustrates the “giant X-ray machine over all our digital lives.”

    “Every single thing that you do – in this case uploading/downloading files to these sites – that act is being archived, collected and analyzed,” Deibert said, after reviewing documents about the online spying operation for CBC News.

  168. Samsung warns people not to discuss ‘sensitive information’ in front of their SmartTV

    Samsung’s new SmartTV has a cool new voice-command feature, through which the Internet-connected device could record everything you say and transmit it to a third party, The Daily Beast writes.

    The company’s voice-recognition software allows viewers to communicate with their television by talking to it. It is enabled when a microphone symbol appears. Basically, instead of using a traditional remote control to change the channel, people can simply ask their Samsung TV to change it for them by uttering a few words.

    This is worrying people, largely because of a warning hidden deep inside its “privacy policy.” The Daily Beast first spotted this sentence, which reads:

    “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

    The Daily Beast makes the point that if peoples’ living room conversations are being recorded and passed on, privacy is being undermined. Homes are supposed to be places in which families and friends can talk about anything and everything.

  169. Edward Snowden: The World Says No to Surveillance

    Two years on, the difference is profound. In a single month, the N.S.A.’s invasive call-tracking program was declared unlawful by the courts and disowned by Congress. After a White House-appointed oversight board investigation found that this program had not stopped a single terrorist attack, even the president who once defended its propriety and criticized its disclosure has now ordered it terminated.

    This is the power of an informed public.

  170. From the Snowden leaks, we know that the U.S. government is tapping into the backbones of our communications systems, servers, and transatlantic wires. It is sniffing wireless signals in cities and implementing broad online and telecoms data mining activities. But this is only the tip of the iceberg.

    Wide-area surveillance tools are capable of recording high-resolution imagery of vast areas below them. Starting in 2004, the United States has deployed 65 Lockheed Martin blimps in Afghanistan that provide real-time video and audio surveillance across 100 square kilometers (just over 38 square miles) at a time. These Persistent Threat Detection Systems can record activity below them for periods of up to 30 days. Meanwhile on the ground, vast networks of cameras in our cities are being networked together in police databases and control centers, such as the NYPD Real-Time Crime Center, which processes data from over 6,000 surveillance cameras, as well as license plate readers which provide real-time tracking of vehicle movement.

    And, of course, Silicon Valley is in the mix. A company called Planet Labs has recently deployed a network of 100 toaster-sized satellites that will take daily high-resolution images of everywhere on earth. The goal is to launch thousands—a persistent near-real-time surveillance tool, available to anyone online. They call these satellites Doves. A driverless Google car collects nearly 1 GB of data a second about the world around it, and the Internet of things is bringing data collection into our homes. A warning came with a recent Samsung smart TV about discussing “personal or other sensitive information” in its vicinity, as it could be transferred to a third party.

    https://www.foreignaffairs.com/articles/2015-05-25/violence-algorithms

  171. “And increasingly, such algorithms are used to kill. Russia guards five ballistic missile installations with armed one-ton robots, able to travel at speeds of 45 kilometers (about 28 miles) per hour, using radar and a laser range-finder to navigate, analyze potential targets, and fire machine guns without a human pulling the trigger. The Super Aegis 2 automated gun tower can lock onto a human target up to three kilometers (almost two miles) away in complete darkness and automatically fire a machine gun, rocket launcher, or surface-to-air missile. Unmanned aerial vehicles, ranging from autonomous bombers to insect-sized swarm drones, are increasingly able to collect and process data and kill on their own.”

  175. Mobile carriers make $24B/year selling your secrets

    The largest carriers in the world partner with companies like SAP to package up data on your movements, social graph and wake/sleep patterns and sell it to marketing firms.

    Sometimes, the carriers are the data-brokers: Verizon’s acquisitions of AOL and Millennial Media means that the company now warehouses mobile phone usage data, ad network data, and has its own analytics firm in-house.

    The data from carriers is merged with data from other sources, tying cellular-derived activities to shopping, credit scores, home ownership and other databases. The carriers also disclose home addresses and other private information to brokers, who use it to confirm their own records about who lives where, and with whom.

  177. MI5 warning: we’re gathering more than we can analyse, and will miss terrorist attacks

    In 2010, the UK spy agency MI5 drafted memos informing top UK officials that its dragnet surveillance programme was gathering more information than it could make sense of, and warning that its indiscriminate approach to surveillance could put Britons at risk when signals about dangerous terror attacks were swamped by the noise of meaningless blips from the general population.

    The memos are part of the Snowden docs, and it was published today by The Intercept, along with analysis by Ryan Gallagher, who notes that security service whistleblowers have warned that lives were being put at risk by indiscriminate surveillance, which is a liability for intelligence analysis, but an asset for civil service empire-building, given the budgets, procurements, and staffing associated with such projects.

    The memos follow on from a 2009 study of Preston, a warrant-based telephone call wire-tapping programme, which found that 97% of the 5,000,000 communications intercepted under Preston in a six-month period were never reviewed.

  179. US Customs and Border Protection wants to ask for your “online presence” at the border

    The week, the US CBP published a notice in the Federal Register proposing a change to the Form I-94 Arrival/Departure Record paperwork that visitors to the US fill out when they cross the border, in which they announce plans to ask travellers to “please enter information associated with your online presence.”

    The form element will be optional, but of course, CBP screeners may subject travellers who decline to reveal their online names for additional scrutiny.

    Visitors the USA are already photographed, fingerprinted, and interviewed.

    Many countries have reciprocity policies through which they subject visitors to procedures that mirror those imposed by their own governments. For example, Brazil fingerprints Americans, because Americans fingerprint Brazilians; other visitors are not fingerprinted.

  182. With special permission from the US attorney general, the nation’s top law enforcement official, the agents asked the email service provider to let them pry into the account: jacobscall@mail.com.

    They discovered that the account had been created four months earlier, on 3 August, using internet access from a public library in Prince George’s County, Maryland. In the account registration, the user had identified himself as “Steven Jacobs,” having a residential address in Alexandria, Virginia. The account had been accessed half a dozen times from public libraries around Washington DC. There were no emails in the account except for test messages the person had sent to himself, and a reply from the Fraud Bureau in response to an inquiry he had made about an online company that sold fake IDs.

    https://www.theguardian.com/world/2016/oct/26/spy-couldnt-spell-how-biggest-heists-us-espionage-history-foiled

  184. Sneaky ultrasonic adware makes homes vulnerable to ultrasonic hacking

    Earlier this year, companies like Silverpush were outed for sneaking ultrasonic communications channels into peoples’ devices, so that advertisers could covertly link different devices to a single user in order to build deeper, more complete surveillance profiles of them.

    In an upcoming Black Hat London presentation, UCL security researcher Vasilios Mavroudis and colleagues will describe how these ultrasonic channels (which are being incorporated as a network channel in an increasing cloud of Internet of Things devices) can be exploited by attackers to spread malicious software throughout homes — they’ll demo an attack where “an attacker equipped with a simple beacon-emitting device (e.g., a smartphone) can walk into a Starbucks at peak hour and launch a profile-corruption attack against all customers currently taking advantage of uXDT-enabled apps.”

  185. Spies in new glass houses: Ottawa’s electronic espionage agency budget blows past CSIS, tops $600 million

    With more than 2,000 employees, the CSE’s chief mandate is intercepting, decoding and analyzing the electronic signals emanating from adversarial foreign nations and overseas threat actors. Much of the work takes place at the agency’s new $1.1-billion, 775,000-square-foot east Ottawa headquarters, a display of the importance government places on the service, which reports to the minister of national defence.

    The raw eavesdropping data is turned into intelligence and shared with the federal cabinet, government departments and ECHELON, the signals intelligence surveillance program of Canada, the U.S., Britain, Australia and New Zealand, the so-called Five Eyes alliance. Their main preoccupation is counter-terrorism, though Russian expansionism is rekindling targeting not seen since the end of the Cold War.

    The CSE also is responsible for government cyber defences. Federal computer systems are “probed” more than 100 million time a day by suspected malicious actors searching for vulnerabilities. And just over the horizon looms the added challenge of quantum computing, which is expected to cripple widely-used public key cryptography for securing government (and personal) information by 2026. The CSE has joined in a global research effort to find new cryptographic standards before then.

    Though the CSE received no new powers under the 2015 Anti-terrorism Act (formerly Bill C-51), its mandate includes providing electronic spying assistance to other security agencies and law enforcement. Security intelligence experts suspect much of whatever assistance CSE renders is for the Canadian Security Intelligence Service, or CSIS, Canada’s human spy service. (CSIS funding is pegged at $593.9 million for 2016-17.)

  186. In scathing ruling, Federal Court says CSIS bulk data collection illegal

    The Federal Court of Canada has faulted Canada’s domestic spy agency for unlawfully retaining data and for not being truthful with judges who authorize its intelligence programs. Separately, the court also revealed that the spy agency no longer needs warrants to collect Canadians’ tax records.

    All this has been exposed in a rare ruling about the growing scope of Canadian intelligence collection disclosed by the court on Thursday. At issue is how the federal domestic spy service has been pushing past its legal boundaries in the name of collecting data, in hopes of rounding out the holdings of a little-known Canadian intelligence facility dubbed the “operational data analysis centre.”

  188. ” Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers’ accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals.

    So it’s alarming to learn that Iphones are designed to synch your call history — which includes calls placed over Skype, Whatsapp and Viber — to your Icloud account, even if you have turned this setting off. To make things worse, this synch operation is hidden from you: this data is not visible when you browse your Icloud account, but Apple still has it.

    The discovery came from Russian security firm Elcomsoft, who make tools that help law-enforcement, private security and Apple customers gain access to data on Apple devices without the logins and passwords that are normally used to access this data. “

  189. You are never alone with a phone

    Mobile phones show where they are. According to Bruce Schneier, a cyber-security expert, the NSA uses this information to find out when people’s paths cross suspiciously often, which could indicate that they are meeting, even if they never speak on the line. The NSA traces American intelligence officers overseas and looks for phones that remain near them, possibly because they are being tailed. Location data can identify the owner of a disposable phone, known as a “burner”, because it travels around with a known phone.

    The technical possibilities for obtaining information are now endless. Because photographs embed location data, they provide a log of where people have been. Touch ID is proof that someone is in a particular place at a particular time. Software can recognise faces, gaits and vehicles’ number plates. Commercially available devices can mimic mobile-phone base stations and intercept calls; more advanced models can alter texts, block calls or insert malware. In 2014 researchers reconstructed an audio signal from behind glass by measuring how sound waves were bouncing off a crisp packet. The plethora of wired devices in offices and houses, from smart meters to voice-activated controllers to the yet-to-be-useful intelligent refrigerator, all provide an “attack surface” for hacking—including by intelligence agencies. Britain’s government has banned the Apple Watch from cabinet meetings, fearing that it might be vulnerable to Russian hackers.

    The agencies can also make use of the billows of “data exhaust” that people leave behind them as they go—including financial transactions, posts on social media and travel records. Some of this is open-source intelligence (known as OSINT), which the former head of the Bin Laden unit of the CIA has said provides “90% of what you need to know”. Private data can be obtained by warrant. Data sets are especially powerful in combination. Facial-recognition software linked to criminal records, say, could alert the authorities to a drug deal.

  191. A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages

    When Facebook implemented Open Whisper Systems’ end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook’s implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past..

    That means that a government could order Facebook to stealthily decrypt Whatsapp traffic, despite the company’s claims that it can’t do this under any circumstances.

  192. Whatsapp: Facebook’s ability to decrypt messages is a “limitation,” not a “defect”

    Facebook spokespeople and cryptographers say that Facebook’s decision to implement Open Whisper Systems’ end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user’s knowledge reflects a “limitation” — a compromise that allows users to continue conversations as they move from device to device — and not a “defect.”

    Cryptographic systems have to accommodate some means of “re-keying” a conversation when old keys are lost, expired, or disposed of. The Whatsapp version of Open Whisper Systems allows Facebook to force a re-keying and a re-send of stored messages without user intervention, something that normally happens when you install Whatsapp on a new device and sync messages from earlier devices.

  193. Moxie Marlinspike, developer of the encryption protocol used by both Signal and WhatsApp, defended the way WhatsApp behaves.

    “The fact that WhatsApp handles key changes is not a ‘backdoor,'” he wrote in a blog post. “It is how cryptography works. Any attempt to intercept messages in transmit by the server is detectable by the sender, just like with Signal, PGP, or any other end-to-end encrypted communication system.”

    He went on to say that, while it’s true that Signal, by default, requires a sender to manually verify keys and WhatsApp does not, both approaches have potential security and performance drawbacks. For instance, many users don’t understand how to go about verifying a new key and may turn off encryption altogether if it prevents their messages from going through or generates error messages that aren’t easy to understand. Security-conscious users, meanwhile, can enable security notifications and rely on a “safety number” to verify new keys. He continued:

  194. Donald Trump has inherited the most powerful machine for spying ever devised. How this petty, vengeful man might wield and expand the sprawling American spy apparatus, already vulnerable to abuse, is disturbing enough on its own. But the outlook is even worse considering Trump’s vast preference for private sector expertise and new strategic friendship with Silicon Valley billionaire investor Peter Thiel, whose controversial (and opaque) company Palantir has long sought to sell governments an unmatched power to sift and exploit information of any kind. Thiel represents a perfect nexus of government clout with the kind of corporate swagger Trump loves. The Intercept can now reveal that Palantir has worked for years to boost the global dragnet of the NSA and its international partners, and was in fact co-created with American spies.

  195. “Notably, the partnership has included building software specifically to facilitate, augment, and accelerate the use of XKEYSCORE, one of the most expansive and potentially intrusive tools in the NSA’s arsenal. According to Snowden documents published by The Guardian in 2013, XKEYSCORE is by the NSA’s own admission its “widest reaching” program, capturing “nearly everything a typical user does on the internet.” A subsequent report by The Intercept showed that XKEYSCORE’s “collected communications not only include emails, chats, and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation targeting, intercepted username and password pairs, file uploads to online services, Skype sessions, and more.” For the NSA and its global partners, XKEYSCORE makes all of this as searchable as a hotel reservation site.”

  198. Tell-all telephone

    Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE. We combined this geolocation data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the internet.

    By pushing the play button, you will set off on a trip through Malte Spitz’s life. The speed controller allows you to adjust how fast you travel, the pause button will let you stop at interesting points. In addition, a calendar at the bottom shows when he was in a particular location and can be used to jump to a specific time period. Each column corresponds to one day.

  199. The government claims the authority to search all electronic devices at the border, no matter your legal status in the country or whether they have any reason to suspect that you’ve committed a crime. You can state that you don’t consent to such a search, but unfortunately this likely won’t prevent CBP from taking your phone.

    If you’ve given Customs and Border Protection agents the password to your device (or if you don’t have one), they might conduct what’s often called a “cursory search” on the spot. They might also download the full contents of your device and save a copy of your data. According to CBP policy from 2009, they are not required to return your device before you leave the airport or other port of entry, and they might choose to send it off for a more thorough “forensic” search. Barring “extenuating circumstances,” they claim the authority to hold onto your device for five days — though “extenuating circumstances” is an undefined term in this context, and this period can be extended by seven-day increments. We’ve received reports of phones being held for weeks or even months.

  200. It’s important to start by breaking down President Trump’s initial claim: that Obama wiretapped him for political purposes. Nonsense. There is no evidence that Obama was directly involved, ordered a wiretap, or acted for political reasons. There isn’t even any evidence that a wiretap exists. (Trump is hiding behind his use of quotation marks in the tweet, but wiretap has a very technical, legal meaning). Getting to this point has taken up most of the air since the tweet. Let’s be done with that debate. On its face, absent other, increasingly unlikely evidence to the contrary, Trump’s initial tweet is balderdash.

    But let’s be generous and assume that he meant that the government spied on him while he was a candidate. That almost certainly is true. Why? Because the government has surveilled virtually all Americans. We know it did because of the Snowden leaks, and because it has argued in court that no volume of surveillance violates a reasonable expectation of privacy when it comes to metadata. While one program—the telephone metadata dragnet—was technically ended (and in some ways codified) by the USA Freedom Act in 2015, another law is still on the books with virtually no limits.

    Specifically, it’s Section 702 of the FISA Amendments Act of 2008, which allows collection of all information in the possession of American technology companies based on keywords (known in government parlance as selectors). This information can be in transit over the Internet’s backbone or in storage with companies like Google.

    The primary limit on this authority is that “targets” for collection aren’t supposed to be Americans. Targets numbered about 94,000 in 2015, but, critically, can be groups of people and even foreign powers. A single person’s selectors —every cookie on a computer, every device’s MAC address, every email address, etc.— could number in the hundreds, if not thousands. Even a group like al-Qaida could well be considered a single target with hundreds of thousands of selectors (or more).

    Section 702 allows the government to force American companies to hand over all information tied to those selectors. When the data is at rest (like an email you have but aren’t looking at right now), this collection is referred to as Prism; when the data is in motion (like Google sending your email to your computer), the data is picked up in real time off the backbone of the Internet. That information delivered to the government includes enormous amounts of Americans’ information. A Washington Post analysis of Snowden documents found that nine out of 10 accounts swept up under the government’s mass surveillance programs were not the targeted accounts, and that half of the accounts belonged to Americans. How many Americans? We have no idea. It’s been nearly a year since the intelligence community promised an official estimate of how many are affected by 702—but they still haven’t delivered.

  201. “That means that your information can get caught up in an investigation because you called or emailed someone who the government thinks, without any judicial review, is somehow related to a foreign power — and even if you haven’t, the government is still literally forcing a company to search through every one of your communications routed through it, all without a warrant. And it happens not only for national security reasons, but also for purposes as nebulous as “foreign affairs.” The secret FISA Court is the only actor outside of the Executive Branch that exercises real oversight, and it only reviews the overall reasons for collection, the procedures the government will use to mask Americans’ information, and may narrow collection from a programmatic standpoint. They don’t check who exactly is on the list.”

  202. The report also raises alarm bells about another scary trend — spying on sources. Germany, for example, passed a law extending mass surveillance powers of the country’s intelligence agency without an exception for journalists. This year, the United Kingdom passed a similar measure.

    Chile, Luxembourg, England and New Zealand have weakened protections of whistleblowers. And in Canada, a new anti-terrorism measure allows police officers to spy on journalists if they suspect that they are talking to criminals. In November, it was reported that at least six journalists had been spied on by the Quebec police. Weeks before, another reporter had his computer seized. In Montreal, a journalist had his mobile phone tapped by authorities.

  204. Obsession with embarrassing leaks led Montreal police to spy on reporters, inquiry hears

    Not long ago, it was routine for investigators to talk to reporters without fear of reprisal. Patrice Carrier, the investigator who reported Mainville’s meeting with the reporter to superiors, told the inquiry Friday that times have changed. What used to be considered “normal discussions” are now considered “leaks,” he said.

    The inquiry heard last week that 37 officers were investigated as possible sources of the 2014 leak concerning the child’s death, but the leaker was never identified. Montreal police had been called in to investigate the fatal accident because the driver was a provincial police officer. The leak came as Crown prosecutors declined to charge the officer. The Justice Minister intervened following a public outcry, and the officer was charged with dangerous driving causing death in 2015.

    Concern about leaks from within the Montreal police persisted, and in January 2016, the internal affairs unit crafted an investigation plan to root out the culprits.

    The plan, filed as evidence at the inquiry, was named “Project Spy,” and it set the table for the police to track the cellphone of La Presse reporter Patrick Lagacé later that spring. The investigation was prompted by stories in La Presse about a briefcase stolen from a police commander’s car and about defective bulletproof vests that were hobbling the tactical squad.

  205. When you print on a color laser printer, it’s likely that you are also printing a pattern of invisible yellow dots. These marks exist to allow the printer companies and governments to track and identify you — presumably as a way to combat money counterfeiting. When one person asked his printer manufacturer about turning off the tracking dots, Secret Service agents showed up at his door several days later.

    List of Printers Which Do or Do Not Display Tracking Dots

  208. Surveillance capitalism fuels the Internet, and sometimes it seems that everyone is spying on you. You’re secretly tracked on pretty much every commercial website you visit. Facebook is the largest surveillance organization mankind has created; collecting data on you is its business model. I don’t have a Facebook account, but Facebook still keeps a surprisingly complete dossier on me and my associations — just in case I ever decide to join.

    I also don’t have a Gmail account, because I don’t want Google storing my e-mail. But my guess is that it has about half of my e-mail anyway, because so many people I correspond with have accounts. I can’t even avoid it by choosing not to write to gmail.com addresses, because I have no way of knowing if newperson@company.com is hosted at Gmail.

    And again, many companies that track us do so in secret, without our knowledge and consent. And most of the time we can’t opt out. Sometimes it’s a company like Equifax that doesn’t answer to us in any way. Sometimes it’s a company like Facebook, which is effectively a monopoly because of its sheer size. And sometimes it’s our cell phone provider. All of them have decided to track us and not compete by offering consumers privacy. Sure, you can tell people not to have an e-mail account or cell phone, but that’s not a realistic option for most people living in 21st-century America.

  209. Mobile ad technique allows stalkers to follow you around a city for less than $1000

    This month, University of Washington researchers will present Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob at the Workshop on Privacy in the Electronic Society in Dallas; the paper details a novel way that stalkers and other low-level criminals can accomplish state-grade surveillance on the cheap with targeted ad-purchases.

    Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob

  210. The new surveillance state
    Written By Shannon Kari

    In the summer of 2011, a day after the ambush-style shooting death of Keith Brissett Jr., Peel Regional Police obtained a production order from a justice of the peace for a “tower dump” as part of the investigation.

    The request permitted police to obtain subscriber data and call records of anyone who used their mobile devices near cell towers, in a location in Mississauga, just outside of Toronto. The immediate suspect was Sheldon Ranglin, who was believed to have shot Brissett to death in a revenge attack.

    Ranglin was ultimately convicted of first-degree murder at trial nearly five years later, based on other evidence. None of the information turned over from the tower dump was put to the jury by the Crown. The many individuals who were not a target in the murder investigation yet had personal phone data turned over to the police were not notified of this fact because there is no legal requirement to do so. What happened to this information and with data that is obtained from any other tower dump production order is also unknown, because unlike traditional wiretap authorizations, reporting requirements are virtually non-existent.

    Michael Moon, the defence lawyer who represented Ranglin, says tower dump requests are not unusual in Toronto-area murder investigations. “You can have thousands and thousands of people accessing the same tower,” says Moon, who heads Moon Rozier LPC in Brampton, Ont. Unless it uncovers information that may negatively impact a client, there is no reason for the defence to challenge these sweeping orders, he points out.

    The Ranglin case is just one example of how police surveillance techniques have fundamentally changed as a result of new technologies. Instead of seeking court permission for traditional wiretaps, law enforcement will obtain orders to access an enormous volume of text messages or other mobile device data. Instead of listening to the wiretaps — or “wires” — police will utilize tower dumps or other devices, such as International Mobile Subscriber Identity — or IMSI — catchers, which impersonate actual cell towers and trick phones into attaching to them and disclosing phone log and location information.

  211. Connections like these seem inexplicable if you assume Facebook only knows what you’ve told it about yourself. They’re less mysterious if you know about the other file Facebook keeps on you—one that you can’t see or control.

    Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you’ve never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections.

    Having issued this warning, and having acknowledged that people in your address book may not necessarily want to be connected to you, Facebook will then do exactly what it warned you not to do. If you agree to share your contacts, every piece of contact data you possess will go to Facebook, and the network will then use it to try to search for connections between everyone you know, no matter how slightly—and you won’t see it happen.

    That accumulation of contact data from hundreds of people means that Facebook probably knows every address you’ve ever lived at, every email address you’ve ever used, every landline and cell phone number you’ve ever been associated with, all of your nicknames, any social network profiles associated with you, all your former instant message accounts, and anything else someone might have added about you to their phone book.

    Facebook Shadow Profiles: What You Need to Know

  214. Once it has gathered all of this information and determined the mode of transportation you’re currently taking, it can then begin to narrow down where you are. For flights, four algorithms begin to estimate the target’s location and narrows down the possibilities until its error rate hits zero.

    If you’re driving, it can be even easier. The app knows the time zone you’re in based on the information your phone has provided to it. It then accesses information from your barometer and magnetometer and compares it to information from publicly available maps and weather reports. After that, it keeps track of the turns you make. With each turn, the possible locations whittle down until it pinpoints exactly where you are.

    To demonstrate how accurate it is, researchers did a test run in Philadelphia. It only took 12 turns before the app knew exactly where the car was.

  215. For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude — accurate to the square foot — and save it to your Google account

    https://apnews.com/f60bc112665b458cb6473d7ee9492932

  216. Xinjiang is the nightmarish extreme that the new technology makes possible: a racist police state. Fearing insurrection and separatism, China’s rulers have reinforced techniques of totalitarian control—including the mass detention of Uighurs for re-education—with digital technology. In parts of the province streets have poles bristling with CCTV cameras every 100-200 metres. They record each passing driver’s face and the car’s numberplate. Uighurs’ mobile phones must run government-issued spyware. The data associated with their ID cards include not just name, sex and occupation, but can contain relatives’ details, fingerprints, blood type, DNA information, detention record and “reliability status”. All this and more is fed into the Integrated Joint Operations Platform (IJOP), an AI-powered system, to generate lists of suspects for detention.

  217. Apartheid with Chinese characteristics
    China has turned Xinjiang into a police state like no other
    Totalitarian determination and modern technology have produced a massive abuse of human rights

    Under a system called fanghuiju, teams of half a dozen—composed of policemen or local officials and always including one Uighur speaker, which almost always means a Uighur—go from house to house compiling dossiers of personal information. Fanghuiju is short for “researching people’s conditions, improving people’s lives, winning people’s hearts”. But the party refers to the work as “eradicating tumours”. The teams—over 10,000 in rural areas in 2017—report on “extremist” behaviour such as not drinking alcohol, fasting during Ramadan and sporting long beards. They report back on the presence of “undesirable” items, such as Korans, or attitudes—such as an “ideological situation” that is not in wholehearted support of the party.

    Since the spring of 2017, the information has been used to rank citizens’ “trustworthiness” using various criteria. People are deemed trustworthy, average or untrustworthy depending on how they fit into the following categories: 15 to 55 years old (ie, of military age); Uighur (the catalogue is explicitly racist: people are suspected merely on account of their ethnicity); unemployed; have religious knowledge; pray five times a day (freedom of worship is guaranteed by China’s constitution); have a passport; have visited one of 26 countries; have ever overstayed a visa; have family members in a foreign country (there are at least 10,000 Uighurs in Turkey); and home school their children. Being labelled “untrustworthy” can lead to a camp.

  219. Police In Canada Are Tracking People’s ‘Negative’ Behavior In a ‘Risk’ Database

    Police, social services, and health workers in Canada are using shared databases to track the behavior of vulnerable people — including minors and people experiencing homelessness — with little oversight and often without consent. Documents obtained by Motherboard from Ontario’s Ministry of Community Safety and Correctional Services (MCSCS) through an access to information request show that at least two provinces — Ontario and Saskatchewan — maintain a “Risk-driven Tracking Database” that is used to amass highly sensitive information about people’s lives. Information in the database includes whether a person uses drugs, has been the victim of an assault, or lives in a “negative neighborhood.”

    The Risk-driven Tracking Database (RTD) is part of a collaborative approach to policing called the Hub model that partners cops, school staff, social workers, health care workers, and the provincial government. Information about people believed to be “at risk” of becoming criminals or victims of harm is shared between civilian agencies and police and is added to the database when a person is being evaluated for a rapid intervention intended to lower their risk levels. Interventions can range from a door knock and a chat to forced hospitalization or arrest. Data from the RTD is analyzed to identify trends — for example, a spike in drug use in a particular area — with the goal of producing planning data to deploy resources effectively, and create “community profiles” that could accelerate interventions under the Hub model, according to a 2015 Public Safety Canada report.

  223. Toronto police have been using facial recognition technology for more than a year

    Toronto police say that facial recognition technology is being used to compare images of potential suspects captured on public or private cameras to its internal database of approximately 1.5 million mugshots.

    According to a report submitted by Chief Mark Saunders to the Toronto police services board, the technology is generating leads in investigations, particularly as a growing number of crimes are being captured on video through surveillance cameras. Since the system was purchased in March 2018 — at a cost $451,718 plus annual maintenance and support fees — officers have conducted 2,591 facial recognition searches. The report was submitted in advance of Thursday’s board meeting.

  225. At least 200 law enforcement agencies around the country have entered into partnerships with Amazon’s home surveillance company Ring, according to an email obtained by Motherboard via public record request.

    From a report:
    Ring has never disclosed the exact number of partnerships that it maintains with law enforcement. However, the company has partnered with at least 200 law enforcement agencies, according to notes taken by a police officer during a Ring webinar, which he emailed to himself in April. It’s possible that the number of partnerships has changed since the day the email was sent. The officer who sent the email told Motherboard that the email was a transcribed version of handwritten notes that he took during a team webinar with a Ring representative on April 9. Additional emails obtained by Motherboard indicate that this webinar trained officers on how to use the “Law Enforcement Neighborhood Portal.” This portal allows local police to see a map with the approximate locations of all Ring cameras in a neighborhood, and request footage directly from camera owners. Owners need to consent, but police do not need a warrant to ask for footage.

  228. “I recently used my credit card to buy a banana. Then I tried to figure out how my credit card let companies buy me.

    You might think my 29-cent swipe at Target would be just between me and my bank. Heavens, no. My banana generated data that’s probably worth more than the banana itself. It ended up with marketers, Target, Amazon, Google and hedge funds, to name a few.

    Oh, the places a banana will go in the sprawling card-data economy. Despite a federal privacy law covering cards, I found that six types of businesses could mine and share elements of my purchase, multiplied untold times by other companies they might have passed it to. Credit cards are a spy in your wallet — and it’s time that we add privacy, alongside rewards and rates, to how we evaluate them.”

  231. Smart televisions already watch the users watching them, sending back data on programme choices and viewing habits; some even monitor background conversation. These data, sold on to advertisers and programme-makers and crunched by machine-learning systems, subsidises the price of the televisions themselves (which explains why non-connected, “dumb” televisions have become very difficult to buy). Consent is murky. In 2017 Vizio, an American tv-maker, was fined $2.2m by the Federal Trade Commission after regulators found it was not properly seeking users’ permission to harvest and resell information on viewing habits.

    Nor is it just televisions. Smart scales monitor weight and fat percentage, a gold mine for the fitness industry. IRobot, maker of the Roomba line of robot vacuum cleaners, caused a furore in 2017 when it revealed plans to share the maps its products build up of users’ homes with Google, Amazon or Apple (it has since said it would not share such data without its users’ explicit consent). Gadgets from high-tech locks to new cars come with privacy policies running to thousands of words (see chart).

    Refuseniks might choose not to put such gadgets in their home. But outside, in public places, they will be surveilled anyway. The advertising industry is already experimenting with “smart” billboards, which can use cameras and facial-recognition software to assess people’s reactions to their contents. Hundreds of American police departments can request access to video recorded by Ring, an Amazon subsidiary that makes camera-equipped doorbells. Internal company emails also show Ring providing suggested talking points for police officers to help them persuade homeowners to buy its products, and to allow their recordings to be shared. The American Civil Liberties Union, a campaigning organisation, complains that the result is a half-private, half-public, murkily regulated video-surveillance network.

  233. Privacy-Respecting Smart Home System Can Work Offline and Sends Fake Data

    A publicly-funded group of designers, artists and privacy experts from Amsterdam have designed a smart home system prototype to “prove it’s technically possible to build a privacy respecting smart home while maintaining convenience.”

    Its controller uses an Arduino Nano to disconnect the system from the internet during times when it’s not in use. They’re building everything on Mozilla’s open smart home gateway software. The system’s microphone is a separate USB device that can be easily unplugged. For extra security, the devices don’t even use wifi to communicate.

  238. Amazon secretly planned to use facial recognition and Ring doorbells to create neighborhood “watch lists”

    Ring is Amazon’s surveillance doorbell division, and a big part of their sales strategy involves terrifying people about the possibility of crime, partnering with police to assist in terrorizing Ring owners, and to provide police with warrantless, permanent, shareable access to surveillance doorbell footage (something the company has repeatedly lied about). Hundred of police departments have now partnered with Ring and they act as buzz-marketing teams for the company in exchange for freebies and access.

    From the earliest days, it’s been rumored that Ring’s strategy included facial recognition (Amazon has a giant facial recognition division called “Rekognition”). Amazon denied this even as they advertised for and hired a head of facial recognition research for Ring.

    Now, a leak reported by The Intercept reveals that Amazon once had a secret plan to use Ring cameras and facial recognition to automatically compile a “watch list” of neighborhood undesirables whose presence trigger alerts to Ring owners. The blacklists would be distributed through Amazon/Ring’s “Neighbors” app, which is currently a dumpster fire of racist white people sharing alarmed messages about brown people their surveillance doorbells recorded in their neighborhoods.

  243. THE RISE OF SMART CAMERA NETWORKS, AND WHY WE SHOULD BAN THEM

    Private businesses and homes are starting to plug their cameras into police networks, and rapid advances in artificial intelligence are investing closed-circuit television, or CCTV, networks with the power for total public surveillance. In the not-so-distant future, police forces, stores, and city administrators hope to film your every move — and interpret it using video analytics.

    The rise of all-seeing smart camera networks is an alarming development that threatens civil rights and liberties throughout the world. Law enforcement agencies have a long history of using surveillance against marginalized communities, and studies show surveillance chills freedom of expression — ill effects that could spread as camera networks grow larger and more sophisticated.

    To understand the situation we’re facing, we have to understand the rise of the video surveillance industrial complex — its history, its power players, and its future trajectory. It begins with the proliferation of cameras for police and security, and ends with a powerful new industry imperative: complete visual surveillance of public space.

  244. Tracked everywhere? Yes. Tracked everywhere.

    It might be your doorbell (Ring Doorbell App Packed with Third-Party Trackers, EFF). It might be your grocery store rewards program (Customer Tracking at Ralphs Grocery Store, Schneier On Security). It might even be your computer anti-virus program (Leaked Documents Expose the Secretive Market for Your Web Browsing Data, Motherboard/Vice). 2020 is an electronic panopticon.

  246. MIKE BLOOMBERG IN 2014: “WE SHOULD HOPE” THE NSA IS “READING EVERY EMAIL”

    “Look, if you don’t want it to be in the public domain, don’t take that picture, don’t write it down. In this day and age, you’ve got to be pretty naive to believe that the NSA isn’t listening to everything and reading every email,” Bloomberg said. “And incidentally, given how dangerous the world is, we should hope they are, because this is really serious, what’s going on in the world.”

  247. ““I think we are trading our privacy and personal freedoms for convenience and pleasure,” Bloomberg continued, “We always worry about the NSA — I hate to come back to them — knowing what we’re doing. Everything you’re doing with every app is recorded, and those companies try to sell that information and profit from it, and then they say ‘Oh, isn’t it terrible that the NSA has been looking at you.’ Come on. They’re doing the same thing themselves. The NSA at least can say, ‘We’re doing it to try to save everybody’s lives.’ The other, they’re doing it because they want to make money. I don’t have a problem with it, but I think you should understand what’s happening.””

  249. Creepy video of drones in china scolding those who aren’t wearing masks

    Drones are now hovering over people in the streets of china, scolding those who aren’t wearing face masks to protect them from the coronavirus, and it’s quite eerie. Watch the video in the tweet below from the Communist Party’s Global Times of the different folks the drone calls out, including an older woman: “Yes, auntie, this is the drone speaking to you. You shouldn’t walk about without wearing a mask. Yes you’d better go back home and don’t forget to wash your hands.”

  251. Facial recognition isn’t just bad because it invades privacy: it’s because privacy invasions fuel discrimination

    Bruce Schneier writes in the New York Times that banning facial recognition (as cities like San Diego, San Francisco, Oakland, Brookline and Somerville have done) is not enough: there are plenty of other ways to automatically recognize people (gait detection, high-resolution photos of hands that reveal fingerprints, voiceprints, etc), and these will all be used for the same purpose that makes facial recognition bad for our world: to sort us into different categories and treat us different based on those categories.

    Some of these distinctions are easy to imagine: showing different ads on billboards based on who’s looking at them, for example. Others are more sinister: targeting us for police interventions, raising the prices, or denying us entry to a place of business.

    Schneier says that we need to regulate more than facial recognition, we need to regulate recognition itself — and the data-brokers whose data-sets are used to map recognition data to peoples’ identities.

  253. People leave molecular wakes that may give away their secrets

    They shed loads of chemicals

    Such information can reveal a lot. Your god? Regular exposure to burning incense, and thus frequent visits to a church that uses it, will be detectable from the chemicals in the smoke. Not a Christian? Kosher and halal diets are detectable by the absence of metabolites from certain foodstuffs those diets forbid. Your out-of-office activities? Habits like drinking, smoking and narcotic use are visible as numerous chemicals—not merely the active pharmaceuticals which produce the relevant high or low. Your exercise levels? These are flagged up by lower than normal levels of things like leucine, glycerol and phenylalanine. Your local environment? Breathing in polluted air has a marked impact on the profile of your metabolites. Your general health? Illnesses ranging from Parkinson’s disease (altered levels of tyrosine and tryptophan) to diabetes (sugars and sphingomyelin) leave abundant metabolic traces. “The day is coming soon”, observes Cecil Lewis, a molecular anthropologist at University of Oklahoma, who is studying the matter, “when it will be possible to swab a person’s desk, steering wheel or phone and determine a wide range of incredibly private things about them.”

    In contrast with dna, the use to which knowledge of metabolites might be put has little legal restriction. Dr Lewis, and others like him, worry about the consequences of this. At the moment, sampling for alcohol or illegal drug use, say, has to be overt, because it involves a blood, urine or breath test. That is true regardless of who is collecting the sample, whether it be the police or an employer. This also keeps purposes clear. A firm might feel it has the right to test employees for drug use, and the law might support that. But techniques like Dr Priego-Capote’s make it easier, as Dr Lewis observes, to sample clandestinely, and bring a temptation to push back the boundaries of what is being searched for. They would, for example, allow companies to detect, if they chose to look, such private matters as whether an employee was taking antidepressants.

  254. A Spy Agency’s Challenge: How To Sort A Million Photos A Day

    Today, the NGA, one of the nation’s least-known spy agencies, is undergoing another revolution. It’s working closely with private, commercial satellite companies, and this has generated an endless stream of imagery from space.

    Dave Gauthier, the director of the NGA’s commercial and business group, explains how governments and militaries worldwide will have to adapt their thinking in an environment of constant surveillance.

    “We will all be observed every second of every day by something. And so we have to learn how to operate in the open. And it makes strategic surprise very difficult for everybody,” said Gauthier.

  255. In South Korea, by contrast, the government is being forthright and formidably transparent, allowing Koreans to trace their possible brushes with the disease. As well as briefing the press thoroughly twice a day, and texting reporters details of every death, the government puts online a detailed record of each new patient’s movements over previous days and weeks, allowing people to choose to shun the places they visited. The risk of illicit activity being thus uncovered—at least one extramarital affair may have been—gives people an extra incentive to avoid exposure to a disease which, in most of the infected, results in only mild symptoms.

    Across the country, schools are closed and public gatherings cancelled. Though neither Daegu nor Cheongdo, the cities which saw the first clustered outbreaks, were ever completely locked down, more than 9,000 people in Daegu were quarantined. As in China, where personal data from electronic payment and social media apps have been used by the authorities to track people’s movements and estimate their chances of infection, phones play a role in South Korea, too. The government has produced an app which reports on quarantined people’s movements and can alert authorities if they abscond. Officials call regularly to check in on people.

  256. The outbreak in Israel has given the negotiations a sense of urgency. There have been over 400 confirmed cases but no deaths yet. Israel is refusing entry to all foreigners. Citizens returning from abroad must self-quarantine for 14 days. Schools and restaurants have been ordered to close, and indoor gatherings of over ten people are banned. The government has also taken the controversial step of using mobile-phone surveillance technology, normally reserved for counter-terrorism operations, to track virus-carriers. By designating the move an “emergency measure”, Mr Netanyahu was able to bypass the Knesset.

  257. Countries are using apps and data networks to keep tabs on the pandemic
    And also, in the process, their citizens

    Having been quarantined at his parents’ house in the Hebei province in northern China for a month, Elvis Liu arrived back home in Hong Kong on February 23rd. Border officials told him to add their office’s number to his WhatsApp contacts and to fix the app’s location-sharing setting to “always on”, which would let them see where his phone was at all times. They then told him to get home within two hours, close the door and stay there for two weeks.

    When it comes to documentation, most of the action is in quarantine: replacing phone calls and home visits with virtual checking-up. While Hong Kong uses WhatsApp, South Korea has a customised app that sounds an alarm and alerts officials if people stray; as of March 21st 42% of the 10,600 people under quarantine there were using the app. Taiwan uses a different approach, tracking quarantined people’s phones using data from cell-phone masts. If it detects someone out of bounds, it texts them and alerts the authorities. Leaving quarantine without your phone can incur a fine; in South Korea fines for breaking quarantine are hefty, and will soon be accompanied by the threat of prison.

    Governments can use the same data to check how their policies are performing at a district or city level. In Germany Deutsche Telekom has provided data to the Robert Koch Institute, the government’s public-health agency, in an aggregated form which does not identify individuals. The British government is in talks with cell-phone carriers about similar data access. It could simply require it: the Investigatory Powers Act of 2016 gives it the power to take whatever data it wishes from any company within its jurisdiction in order to fight the virus, and to do so in secret. In practice, negotiation and openness make more sense. The belief that personal data are being passed to the government in secret could erode exactly the sort of trust on which an “all in it together” fight, as called for by Boris Johnson, the prime minister, depends.

    The use of data becomes most fraught when it moves beyond modelling and informing policy to the direct tracking of individuals in order to see from whom they got the disease. Such contact-tracing can be an important public-health tool. It also has a resemblance to modern counter-terrorism tactics. “The technology to track and trace already exists and is being used by governments all around the world,” says Mike Bracken, a partner at Public Digital, a consultancy, and former boss of the British government’s digital services. To what extent those capabilities are now part of the fight against covid-19, no one will say.

    When two users of this new app, called TraceTogether, are within two metres of each other their phones get in touch via Bluetooth. If the propinquity lasts for 30 minutes both phones record the encounter in an encrypted memory cache. When someone with the app is diagnosed with the virus, or identified as part of a cluster, the health ministry instructs them to empty their cache to the contact-tracers, who decrypt it and inform the other party. It is especially useful for contacts between people who do not know each other, such as fellow travellers on a bus, or theatre-goers.

    The app’s developers have tried to assuage concerns about privacy and security. Downloading it is not compulsory. Phone numbers are stored on a secure server, and are not revealed to other users. Geolocation data are not collected (though Google’s rules governing apps that use Bluetooth mean that they will be stored on Android phones running the app). They are planning to publish the app’s source code and make it free to reuse, so that others may capitalise on their work.

    Singaporeans trust their government. Since TraceTogether was released on March 20th it has been downloaded by 735,000 people, or 13% of the population, according to government data. Several Singaporeans your correspondent spoke to one overcast day in the business district were unaware that they could be prosecuted for refusing to hand over their data to the health ministry. But they had no intention of frustrating the authorities. “I’d rather be responsible than irresponsible,” said one trader.

  258. On the face of it these two episodes tell two very different stories about the country. The remarkable response to the virus looks like a lesson in the benefits of the old Korea—a strong, bossy state combined with individual willingness to compromise and show self-discipline for the benefit of society as a whole. When the government suggested that people stay at home, there was widespread compliance from the start and little grumbling—unlike in America and in many European countries. Though the government never mandated social isolation, it made use of expansive powers in tracing infections, sifting through people’s mobile-phone data and credit-card records without a warrant, something it was allowed to do following legal changes prompted by the outbreak of MERS, another coronavirus, that killed 38 people in 2015.

  259. Prisons Launch “Absurd” Attempt to Detect Coronavirus in Inmate Phone Calls

    JAIL AND PRISON officials in at least three states are using software to scan inmate calls for mentions of the coronavirus, a move advocacy groups believe paves the way for abuse while raising stark questions about carceral health care.

    The monitoring software was created by LEO Technologies, a Los Angeles company backed primarily by scandal-plagued Republican fundraiser Elliott Broidy. Known as Verus, it was first deployed several years ago to forestall suicide attempts, mine calls for investigative tips, and for a range of other purposes. In recent weeks, it has been marketed as a system “that can mitigate the effects of the COVID-19 pandemic across our nation’s jail and prison facilities” by alerting prison authorities to sickness-related conversations between inmates and the outside world.

  260. In all four places officials caution that life is not going back to normal yet. For one thing, there can be no letting down their guard. The authorities have warned that a second wave of the virus may hit in winter. To ward that off, South Korea intends to keep up extensive testing and vigorous contact-tracing using security-camera footage, credit-card statements and mobile-phone location data. The movements of confirmed cases are made public, worrying privacy activists and adulterers alike. Australia, too, promises “aggressive suppression” using contact-tracing and one of the highest rates of testing in the world. New Zealand is going one step further. It has set itself the goal of eliminating the virus entirely from its shores.

  261. Privacy in a pandemic
    Coronavirus is the first trial of the EU’s unofficial religion

    Countries full of privacy heathens have enthusiastically put the state’s surveillance capacity to use. In Hong Kong, new arrivals can be required to wear a tracking bracelet. Israel has enlisted its intelligence agencies to track people who may have the virus. In South Korea officials root through everything from taxi receipts to credit-card records to hunt for those infected. Now the eu is mulling where to draw the line between safety and surveillance.

    It is Europe’s citizens, not its lawyers, who will decide how much intrusion they are willing to bear. Most European governments are toying with tracing apps, where smartphones would tell users whether they interacted with someone who had covid-19. But such apps work well only when large proportions of the population download them. No matter how technically ingenious a solution may appear, it is little use without mass consent. Other governments have gone further. Poland, for instance, enforces a quarantine of those suffering from covid-19 with the aid of an app. (Those under quarantine must submit regular selfies to prove they are staying at home.) For the bulk of eu citizens, covid-19 is the first time that the eu’s piety on privacy could come with a cost borne by themselves rather than by business. During the pandemic, people have willingly—and occasionally grudgingly—sat at home for weeks on end, surrendering their freedom in the process. Sacrificing privacy for the sake of liberty may appeal after a long enough period of de facto house arrest.

  262. Apple is tracking iPhones stolen from its stores during protests

    Apple is sending a clear message to people who’ve stolen iPhones from its stores: You’re “being tracked.”

    The company is actively disabling the iPhones that are stolen from the displays of its retail stores, leaving them inoperable.

    Screenshots of Apple’s warning message started to pop up on sites such as Twitter and Reddit earlier this week amid global protests following the death of George Floyd.

  266. Homeland Security details new tools for extracting device data at US borders – CNET

    According to the DHS, extracted data from devices can include:

    Contacts
    Call logs/details
    IP addresses used by the device
    Calendar events
    GPS locations used by the device
    Emails
    Social media information
    Cell site information
    Phone numbers
    Videos and pictures
    Account information (user names and aliases)
    Text/chat messages
    Financial accounts and transactions
    Location history
    Browser bookmarks
    Notes
    Network information
    Tasks list
    The policy to retain this data for 75 years still remains, according to the report.

    That data is extracted and saved on the DHS’ local digital forensics network, and transferred to PenLink PLX, a phone surveillance software that helps manage metadata taken from devices

  269. Police Will Pilot a Program To Live-Stream Amazon Ring Cameras (eff.org)

    This is not a drill. Red alert: The police surveillance center in Jackson, Mississippi, will be conducting a 45-day pilot program to live stream the Amazon Ring cameras of participating residents. Now, our worst fears have been confirmed. Police in Jackson, Mississippi, have started a pilot program that would allow Ring owners to patch the camera streams from their front doors directly to a police Real Time Crime Center. The footage from your front door includes you coming and going from your house, your neighbors taking out the trash, and the dog walkers and delivery people who do their jobs in your street. In Jackson, this footage can now be live streamed directly onto a dozen monitors scrutinized by police around the clock. Even if you refuse to allow your footage to be used that way, your neighbor’s camera pointed at your house may still be transmitting directly to the police.

    Only a few months ago, Jackson stood up for its residents, becoming the first city in the southern United States to ban police use of face recognition technology. Clearly, this is a city that understands invasive surveillance technology when it sees it, and knows when police have overstepped their ability to invade privacy. If police want to build a surveillance camera network, they should only do so in ways that are transparent and accountable, and ensure active resident participation in the process. If residents say “no” to spy cameras, then police must not deploy them. The choices you and your neighbors make as consumers should not be hijacked by police to roll out surveillance technologies. The decision making process must be left to communities.

  270. Majority of Canadians fear ‘breakdown’ of political system amid U.S. election: poll

    Canadians are watching in fear Tuesday as their American neighbours vote, capping a campaign marked by voter intimidation, threats of postelection violence, and concern about the potential breakdown of democracy itself.

    That view is reflected in a new poll from Leger and the Association for Canadian Studies that found a clear majority of Canadians surveyed worry that the United States will suffer a breakdown of its system marked by “social chaos” if no clear winner emerges.

  281. The notion of putting cameras on orbiting drones to catch malefactors was born on the battlefields of Iraq, where American armed forces wanted to nab people leaving bombs on roadsides. Ross McNutt, a former air-force engineer, founded Persistent Surveillance Systems (pss) to offer the same service to American cities (and others, such as Juárez) struggling with high murder rates. pss drones flew over parts of Baltimore, most recently in May-October 2020. St Louis, among America’s most violent cities, also considered but is poised to reject pss’s services, which raise difficult questions about how much surveillance Americans are willing to tolerate in exchange for the promise of safer streets.

    Yet many Americans are uneasy about being put under surveillance, despite having been suspected of committing no crimes. Baltimore first used pss drones for eight months in 2016, but kept the programme secret until a report from Bloomberg Businessweek revealed its existence. The backlash was severe. The experiment ended, but in its aftermath Mr McNutt conducted extensive public outreach—involving as many as 80 community meetings, according to Benjamin Snyder, a professor of sociology at Williams College who was embedded with pss.

    https://www.economist.com/united-states/2021/04/17/st-louis-mulls-the-promise-and-perils-of-aerial-surveillance

  282. Google Says Geofence Warrants Make Up One-Quarter Of All US Demands

    Geofence warrants are also known as “reverse-location” warrants, since they seek to identify people of interest who were in the near vicinity at the time a crime was committed. Police do this by asking a court to order Google, which stores vast amounts of location data to drive its advertising business, to turn over details of who was in a geographic area, such as a radius of a few hundred feet at a certain point in time, to help identify potential suspects. Google has long shied away from providing these figures, in part because geofence warrants are largely thought to be unique to Google. Law enforcement has long known that Google stores vast troves of location data on its users in a database called Sensorvault, first revealed by The New York Times in 2019.

    https://slashdot.org/story/21/08/20/2120249/google-says-geofence-warrants-make-up-one-quarter-of-all-us-demands

  284. WhatsApp Moderators Can Read Your Messages

    Gizmodo highlights the findings of a new ProPublic report on WhatsApp’s content moderation system. What they found was that there are at least 1,000 WhatsApp content moderators employed by Facebook’s moderator contract firm Accenture to review user-reported content that’s been flagged by its machine learning system. “They monitor for, among other things, spam, disinformation, hate speech, potential terrorist threats, child sexual abuse material (CSAM), blackmail, and “sexually oriented businesses,'” reports Gizmodo. “Based on the content, moderators can ban the account, put the user ‘on watch,’ or leave it alone.”

    https://slashdot.org/story/21/09/07/2333241/whatsapp-moderators-can-read-your-messages

  285. Smartphone sensor data can detect cannabis intoxication with 90 per cent accuracy: study | CTV News

    https://www.ctvnews.ca/mobile/sci-tech/your-smartphone-has-enough-data-to-potentially-detect-cannabis-intoxication-study-finds-1.5601157

    When only looking at the time of day, the algorithm was able to accurately detect an episode of cannabis use with 60 per cent accuracy. The smartphone sensor data alone was also able to produce an accuracy rate of 67 per cent.

    However, smartphone sensor data combined with time-of-day data resulted in an accuracy rate of 90 per cent.

  287. After decades of poring over skid marks and scorched brake motors, insurance sleuths have entered a brave new era of claims investigation, harnessing the explosion of digital technology both inside and outside modern vehicles. Even basic car models are now equipped with computer-­driven components and accessories, the Big Brother implications of which are not fully known to drivers. For insurers, that’s a boon. A key fob alone may contain a computer chip that holds information such as a vehicle’s VIN number, when it was last driven and car mileage. Slick new infotainment systems record information on users’ calls, messages and recent locations, which can help investigators determine whether a claimant was, say, texting moments before a crash. Or, for that matter, whether they were the person driving.

    https://www.macleans.ca/society/technology/car-insurance-scamming/

  288. Smart devices collect a wide range of data about their users. Smart security cameras and smart assistants are, in the end, cameras and microphones in your home that collect video and audio information about your presence and activities.

    On the less obvious end of the spectrum, things like smart TVs use cameras and microphones to spy on users, smart lightbulbs track your sleep and heart rate, and smart vacuum cleaners recognize objects in your home and map every inch of it.

    Sometimes, this surveillance is marketed as a feature. For example, some Wi-Fi routers can collect information about users’ whereabouts in the home and even coordinate with other smart devices to sense motion.
    Manufacturers typically promise that only automated decision-making systems and not humans see your data. But this isn’t always the case. For example, Amazon workers listen to some conversations with Alexa, transcribe them and annotate them, before feeding them into automated decision-making systems.

    But even limiting access to personal data to automated decision making systems can have unwanted consequences. Any private data that is shared over the internet could be vulnerable to hackers anywhere in the world, and few consumer internet-connected devices are very secure.

    https://www-sciencealert-com.cdn.ampproject.org/c/s/www.sciencealert.com/the-internet-of-things-is-probably-violating-your-privacy-here-s-how/amp

  289. The Secret Police: Inside a Shadowy Surveillance Machine in Minnesota
    March 24, 2022 1:12 AM

    An investigation by MIT Technology Review reveals a sprawling, technologically sophisticated system of police surveillance targeting civil rights activists, protesters, and members of the press in Minnesota.
    part 1: Cops built a shadowy surveillance machine in Minnesota after George Floyd’s murder
    part 2: After protests around George Floyd’s murder ended, a police system for watching protesters kept going
    part 3: Inside the app Minnesota police used to collect data on journalists at protests

    https://www.metafilter.com/194784/The-Secret-Police-Inside-a-Shadowy-Surveillance-Machine-in-Minnesota

  290. Intrepid Response, a product of Intrepid Networks, provides an easy means to capture and share information that identifies whoever is on the other side of an officer’s smartphone. The app was critical to the law enforcement agencies that assembled and analyzed information about people at the Brooklyn Center protests, allowing them to almost instantly de-anonymize attendees and keep tabs on their movements.

    The photos and data shared in real time via the app found their way into one of three known data repositories that MIT Technology Review has identified which include photos and personal information about individuals at protests and appear to be accessible to multiple agencies, including federal groups. None of the other journalists who were photographed while covering the protests appeared to have been charged with any crimes or told they were suspects while their data was being collected.

    https://www.technologyreview.com/2022/03/23/1047899/secret-police-app-minnesota-police-journalists-protests-data/

  292. But Mr Moore’s most urgent warning related to science and technology. China, he said, was “expanding the web of authoritarian control around the planet” by exporting surveillance technology. That was not only a problem for recipients made vulnerable to Chinese coercion, but also for mi6 itself. “Our officers need to operate invisibly to our adversaries,” he noted. Chinese control of smartphones, apps and telecommunications networks, as well as access to vast repositories of personal information—such as data from home genetic-testing kits and biometric security at airports—have spun a “worldwide surveillance web” that makes it harder for mi6 officers to operate abroad without their names and histories being uncovered.

    https://www.economist.com/britain/2021/12/04/britains-chief-spook-sees-china-as-the-main-intelligence-threat

  296. The spy in the sky that sees backwards in time

    Use of wide-area motion imagery is spreading

    But aerial surveillance can also reach backwards in time, by the expedient of indiscriminately recording everything that is going on in a particular neighbourhood, and then looking for useful patterns in the resulting footage. This technique, called wide-area motion imagery (wami), has been around since 2006. But improvements in both the recording equipment used and the means by which the images are analysed are making it more and more valuable.

    A study published last year by researchers at the rand Corporation, a think-tank, showed that America’s air force has responded to the flood of data from wami sensors by archiving most of it without inspection. Better means of sifting wami footage are needed. And technology is starting to provide them.

  297. Customs Officials Have Copied Americans’ Phone Data at Massive Scale – Slashdot

    https://yro.slashdot.org/story/22/09/15/2018208/customs-officials-have-copied-americans-phone-data-at-massive-scale

    U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they’ve compiled from cellphones, iPads and computers seized from travelers at the country’s airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer. The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant — two details not previously known about the database — have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years.

  298. U.S. government officials are adding data from as many as 10,000 electronic devices each year to a massive database they’ve compiled from cellphones, iPads and computers seized from travelers at the country’s airports, seaports and border crossings, leaders of Customs and Border Protection told congressional staff in a briefing this summer.

    The rapid expansion of the database and the ability of 2,700 CBP officers to access it without a warrant — two details not previously known about the database — have raised alarms in Congress about what use the government has made of the information, much of which is captured from people not suspected of any crime. CBP officials told congressional staff the data is maintained for 15 years.

    Details of the database were revealed Thursday in a letter to CBP Commissioner Chris Magnus from Sen. Ron Wyden (D-Ore.), who criticized the agency for “allowing indiscriminate rifling through Americans’ private records” and called for stronger privacy protections.

  301. While surveillance is as old as human civilization, new communication technologies and bureaucratic practices greatly increase the density of its gaze and the sophistication of its mechanisms. Surveillance is now the ‘dominant organizing practice of late modernity’, rendering it ubiquitous across the globe. In the West, surveillance is a far more decentralized and market-driven process involving a range of different actors—state and local bureaucracies, military and police agencies, private companies and NGOs. In China, by contrast, surveillance is a top-down, Party-initiated project, with the potential for far greater penetration and a deeper set of consequences. Rule of law and privacy protections are notoriously weak in China, and increased surveillance capabilities both encourages and enables more precise power projection that can reinforce and even strengthen existing hierarchies of inequality. Finally, new automated forms of digital surveillance have the potential to greatly alter the power dynamic between the ‘watcher’ (the Party-state) and the ‘watched’ (Chinese citizens), increasing the likelihood of persuasion, discrimination and coercion, but also a subtler, less transparent exercise of power.

    Surveillance in China’s Xinjiang Region: Ethnic Sorting, Coercion, and Inducement

    https://www.tandfonline.com/doi/full/10.1080/10670564.2019.1621529

    James Leibold

  303. Sewage surveillance could measure antibiotic resistance, and help public-health researchers track the consumption of everything from cocaine and alcohol to fruit and vegetables. Monitoring what Bernd Gawlik, an engineer at the European Commission Joint Research Centre, calls “the collective intestine” could offer doctors, officials and police an unprecedented insight into the lives of local populations.

    https://www.economist.com/international/2022/09/07/how-covid-19-spurred-governments-to-snoop-on-sewage

  304. It would also be wise to think about how exactly the resulting data will be used. As the dust settles, law-enforcement agencies may find that public-health authorities have installed and legitimised a tool that could help spot criminal behaviour. Anything from the consumption of illicit drugs to the handling of bomb ingredients could potentially be detected in sewage. Though present-day sampling is done on watersheds containing hundreds of thousands of people, well-placed samplers could help authorities surveil anything from a small neighbourhood to a single block of flats. Some universities already use such techniques for covid surveillance on campus.

    https://www.economist.com/leaders/2022/09/08/how-spying-on-sewage-could-save-lives

  305. A 2021 study from internet-security tool ExpressVPN of 2,000 employers and 2,000 employees working remotely or on a hybrid schedule showed that close to 80% of bosses use monitoring software.

    “Managers are increasingly interested in using software to monitor employees’ keystrokes, activities and attention in new ways,” says Levy. She adds some are even doing “more fine-grained data collection about workers’ communications – since so much more of that happens on digital channels rather than face-to-face – and bodies, through wearable technologies and biometrics”. Some companies, for instance, have installed time-clocks that scan an employee’s fingerprint to clock them in and out. Some use webcams to collect data on eye movement, which is used to track an employee’s attention.

    https://www.bbc.com/worklife/article/20230127-how-worker-surveillance-is-backfiring-on-employers

  308. CES doesn’t phase me anymore. After years of traveling to Vegas to be dazzled by the latest technology and gadget innovations, it all feels meh. But maybe that’s the problem — we’ve become immune to the growing intrusiveness of our connected lives.

    It wasn’t until my boss reacted with a “that’s SUPER creepy” to a car that can identify your gender, that I really started paying attention.

    Everywhere I went on the show floor, cameras, sensors, and little electronic eyes constantly followed me. Each one trying to guess my mood, age, weight, posture, and what I ate for lunch (well, not the last one, but who knows what the future holds). The best part is, each brand claimed that gathering all this information would actually make my life easier and more secure.

    https://mashable.com/feature/surveillance-technology-ces

  311. Snowden views the widespread use of end-to-end encryption as one of the positive legacies of the leaks. The Big Tech companies had been embarrassed by revelations the NSA had been handing over personal data.

    That embarrassment turned to anger when further leaks revealed that, in spite of that cooperation, the NSA had been helping themselves to data from the Big Tech companies through backdoor vulnerabilities. In response, in spite of opposition from the agencies, companies rushed in end-to-end encryption years earlier than planned.

    End-to-end encryption “was a pipe dream in 2013 when the story broke”, Snowden said. “An enormous fraction of global internet traffic traveled electronically naked. Now, it is a rare sight.”

    https://www.theguardian.com/us-news/2023/jun/08/no-regrets-says-edward-snowden-after-10-years-in-exile

  313. “Beyond covering all imaginable legal bases, there simply isn’t any way to know why these companies would want deeply personal information on their drivers, or what they’d do with it. And even if it’s not what you would consider a “smart” car, any vehicle equipped with USB, Bluetooth or recording capabilities can capture a lot of data about the driver. And in much the same way a “dumb” tv is considerably harder to find these days, most consumers would be hard pressed to find a new vehicle option that doesn’t include some level of onboard tech with the capacity to record their data. A study commissioned by Senator Ed Markey nearly a decade ago found all modern cars had some form of wireless technology included. Even the ranks of internet listicles claiming to contain low-tech cars for “technophobes” are riddled with dashboard touchscreens and infotainment systems.”

  316. Apple has addressed the privacy around one extra-sensitive organ: your eyeballs. The Vision Pro tracks your eyes so you can select things with your gaze like you might move a mouse on a computer. But Apple says it doesn’t share where users look with apps, websites or even itself. Instead, the device only reports what you’ve selected with your gaze after you tap your fingers together, the Vision Pro equivalent of a mouse click.

    This is a solid place to start. But what about the rest of the body? Developers tell me apps can get access to a stream of data about users’ movement, right down to the wiggle of a finger.

    Researchers at the University of California at Berkeley blew my mind when they explained just how revealing data about how your body moves while dancing could be.

    Last year, they discovered they could uniquely and consistently identify about 55,000 different VR users based solely on data about the movement of their head and hands. It’s as useful a fingerprint, maybe more.

    https://archive.is/Foo8l#selection-1731.0-1799.13

Leave a Reply

Your email address will not be published. Required fields are marked *