Surveillance Society News Archive 2012

2012 Archive

"People branded criminals incorrectly have been paid Ł1.9million in redress over the last five years. Nearly 12,000 people have been wrongly convicted according to figures published by campaign group Big Brother Watch. Figures showed the most common errors involved information being disclosed by local police forces or the police national computer. In 3,519 cases, the wrong person’s entry on the police national computer was disclosed, BB Watch said. The figures were obtained from the Criminal Records Bureau (CRB), which recently merged with the Independent Safeguarding Authority to form the Disclosure and Barring Service (DBS). According to the CRB’s annual report in July, 4.1 million checks were carried out in 2011. BB Watch director Nick Pickles said: 'Every error has the potential to ruin someone’s reputation and career. 'The fact that thousands of cases have involved information held by local police forces, often never tested in court, shows how dangerous it is to create a culture of safety by database.' He added: 'The police hold a vast amount of information, from photographs to written notes, and the way forward must be to bring this murky system out into the open and ensure that only information that is absolutely necessary is held.'"
12,000 people WRONGLY branded criminals due to inaccurate police record checks
Mail, 28 December 2012

"Benefit claimants will have their online job applications remotely monitored by the Government to see whether they are making serious attempts to find work.... From the beginning of next year, the unemployed will have to look for work through the Coalition's new Universal Jobmatch website or potentially risk losing their benefits. The website will scan the CVs of benefit claimants and automatically match them up with job openings that suit their skills. It will also allow employers to search for new workers among the unemployed and send messages inviting them to interviews. However, the activities of benefit claimants can also be tracked using devices known as 'cookies', so their Job Centre advisers can know how many searches they have been doing, suggest potential jobs and see whether they are turning down viable opportunities. Iain Duncan Smith, the Work and Pensions Secretary, said the scheme would 'revolutionise' the process of looking for work. The tracking element of the programme will not be compulsory as monitoring people's behaviour online without their consent would not be allowed under EU law. But job advisers are able to impose sanctions such as compulsory work placements or ultimately losing benefits if they feel the unemployed are not searching hard enough."
Jobless to be remotely monitored by Government
Telegraph, 20 December 2012

"Top U.S. intelligence officials gathered in the White House Situation Room in March to debate a controversial proposal. Counterterrorism officials wanted to create a government dragnet, sweeping up millions of records about U.S. citizens—even people suspected of no crime. Not everyone was on board. 'This is a sea change in the way that the government interacts with the general public,' Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, argued in the meeting, according to people familiar with the discussions. A week later, the attorney general signed the changes into effect. Through Freedom of Information Act requests and interviews with officials at numerous agencies, The Wall Street Journal has reconstructed the clash over the counterterrorism program within the administration of President Barack Obama. The debate was a confrontation between some who viewed it as a matter of efficiency—how long to keep data, for instance, or where it should be stored—and others who saw it as granting authority for unprecedented government surveillance of U.S. citizens. The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.... 'It's breathtaking' in its scope, said a former senior administration official familiar with the White House debate."
U.S. Terrorism Agency to Tap a Vast Database of Citizens
Wall St Journal, 12 December 2012

"The joint parliamentary committee scrutinising the government’s Communications Data Bill - universally dubbed the 'Snoopers' Charter' - is set to slate the draft law in its official report published tomorrow. Most of the committee members felt the Home Office had failed to make a convincing case for the scale of requested powers required to monitor British citizens' activities online, The Register has learnt. Home Secretary Theresa May said the proposed surveillance law would 'save lives' and help cops catch more paedophiles and terrorists. But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be 'go back to the drawing board and come and talk to us when you have something fresh'. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name. The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose....The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet: A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.... The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become 'C'."
Parliament to unleash barrage of criticism on Snoopers' Charter
The Register, 10 December 2012

"For more than five years, Farr has been the secret hand behind the state’s electronic surveillance plan. Appointed by Gordon Brown in July 2007 as the first Director General of the Office for Security and Counter Terrorism and notionally as his National Security Adviser, Farr began by masterminding a strategy to mine private information. Within months, he had clawed Ł1bn from the Treasury for a new Interception Modernisation Programme (IMP), intended to give GCHQ spooks ISP-level access to all UK internet communications. The GCHQ plan – known internally as 'Mastering The Internet' (MTI) - was first and exclusively revealed by The Register in May 2009. Subsequent developments have confirmed the accuracy of El Reg’s scoop. When the coalition government took over, Con-Lib ministers had to come to terms with the clear promises they had made to block new surveillance laws. Farr had to bide his time for a year. His Labour-era Interception Modernisation Program was rebranded as the safer-sounding 'Communications Capability Development Program' (CCDP). Nothing else changed. Farr made elementary blunders in successive appearances before MPs and peers this year, pointing up the exercise as a smokescreen to distract attention from the core purpose of the new laws - to help GCHQ and defence contractors Detica install their planned data mining network at all major UK ISPs...."
Parliament to unleash barrage of criticism on Snoopers' Charter
The Register, 10 December 2012

"Farr made elementary blunders in successive appearances before MPs and peers this year... At first, Farr refused to be seen or photographed, according to parliamentary sources, and repeatedly asked to give his evidence in secret and in private. This cut no ice with the scrutinising committee. His British TV debut can now be viewed on the UK Parliament website (audio only)....The government also prevented the heads of British intelligence from being examined by the MPs and peers as to the real reasons for the bill."
Parliament to unleash barrage of criticism on Snoopers' Charter
The Register, 10 December 2012

"A study from the Federal Trade Commission has found that most mobile apps for kids are secretly collecting information from children including device IDs, phone numbers, locations, and other private information without their parents' knowledge or consent. Nearly 60% of the mobile apps the FTC reviewed from the Google Play and Apple App stores transmitted the device ID. They also often shared that ID with an advertising network, analytics company or another third party. Of those 235 mobile apps, 14 also transmitted the location of the device and the phone number, the FTC found. More than half of the apps also contained interactive features such as in-app purchases and advertising that were not disclosed to parents.... 'Illicit data collection from their mobile phones and tablets places kids at risk,' said Jeffrey Chester, executive director of the Center for Digital Democracy. No one should get access to kids' data, especially geo-location information, without prior consent from a parent.'"
FTC: Most mobile apps for kids secretly collect and share information
Los Angeles Times, 10 December 2012

"Transit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations, according to documents obtained by a news outlet. The systems are being installed in San Francisco, Baltimore, and other cities with funding from the Department of Homeland Security in some cases, according to the Daily, which obtained copies of contracts, procurement requests, specs and other documents. The use of the equipment raises serious questions about eavesdropping without a warrant, particularly since recordings of passengers could be obtained and used by law enforcement agencies. It also raises questions about security, since the IP audio-video systems can be accessed remotely via a built-in web server (.pdf), and can be combined with GPS data to track the movement of buses and passengers throughout the city."
Public Buses Across Country Quietly Adding Microphones to Record Passenger Conversations
Wired, 10 December, 2012

"Soon there may be a cellphone that can see though walls and into other objects as Caltech engineers have made tiny, low-cost terahertz imager chips that could be incorporated into cellphone cameras.... Hajimiri and postdoctoral scholar Kaushik Sengupta (PhD ’12) describe the work in the December issue of IEEE Journal of Solid-State Circuits. Researchers have long touted the potential of the terahertz frequency range, from 0.3 to 3 THz, for scanning and imaging. Such electromagnetic waves can easily penetrate packaging materials and render image details in high resolution..."
Cell Phone To See Through Walls, Everyone Can Be A Secret Agent
Before It's News, 10 December 2012

"The cable boxes of the future could be able to detect when viewers are cuddling on the sofa and automatically serve adverts for contraceptives. U.S. cable provider Verizon has applied to patent a set-top box technology that can observe what's going on in the room and show viewers adverts based on what it detects. In U.S. Patent Application 20120304206 the company suggests it could detect when people are 'cuddling' then show 'a commercial for a romantic getaway vacation, a commercial for a contraceptive, a commercial for flowers [...] etc.'. The technology would integrate a range of sensors into their products, including thermal imaging cameras, microphones and motion sensors, to detect the mood their audience and tailor media content to suit. Privacy campaigners called the new technology a 'privacy nightmare waiting around the corner' and called for it to be reined in 'before consumers lose control for good'. It has disturbing echoes of George Orwell's dystopia 1984, where the population were constantly watched by authorities through cameras integrated in their television screens.... It describes 'a media content presentation system' that can detect 'an ambient action performed by a user during the presentation of the media content' then select and present 'an advertisement associated with the detected ambient action'. The patent application adds: 'If detection facility detects one or more words spoken by a user (e.g., while talking to another user within the same room or on the telephone), advertising facility may utilise the one or more words spoken by the user to search for and/or select an advertisement associated with the one or more words.' The application says the sensors would be able to determine whether viewers were 'eating, exercising, laughing, reading, sleeping, talking, singing, humming, cleaning, playing a musical instrument, performing any other suitable action, and/or engaging in any other physical activity.'.... The technology could also determine whether pets or children were in the room, and even what kind of inanimate objects are there. It could detect the mood of those present by, for example, picking up if they are singing or hummming a 'happy' song, then select adverts configured to target happy people. It could even be used to determine the physical characteristics of the viewers present, including skin colour, giving it the disturbing potential to select which adverts to play based on racial profiling. Nick Pickles, director of privacy campaign group Big Brother Watch, said: 'Smart TVs with in-built cameras and microphones are a privacy nightmare waiting around the corner. It is only a matter of time before technology using facial recognition, audio analysis and monitoring what you watch is common place. What is essential is that consumers know exactly what they are buying and where the data is going. The tables could turn and now it’s Google searching your living room for data about you. In reality this might be some rather far fetched marketing gimmick, but the current consumer protections are badly lacking and some companies are happy to do whatever it takes to get as much information as possible and keep ahead of their competitors. This needs to be reined in before consumers lose control for good.'"
The TV box that can detect when you're cuddling on the sofa and show you an advert for condoms
Mail, 6 December 2012

"A new version of the Zeus botnet was used to steal about $47 million from European banking customers in the past year, security researchers report. Dubbed 'Eurograbber' by security vendors Versafe and Check Point Software Technologies in a report (PDF) released today, the malware is designed to defeat the two-factor authentication process banks use for transactions by intercepting bank messages sent to victims' phones. A variant of the Zeus malware used to steal more than $100 million, Eurograbber typically launched its attack when a victim clicked on a malicious link most likely included in a phishing attempt. After installing customized variants of the Zeus, SpyEye, and CarBerp trojans to the victim's computer, victims would be prompted by the malware during their first visit to the bank site after infection to enter their mobile phone number. During that first visit, Eurograbber would offer a "banking software security upgrade" that would infect victims' phones with a variant of the 'Zeus in the mobile' (ZITMO) Trojan, which was specifically designed to intercept the bank's text message containing the bank's transaction authorization number (TAN), the key element of the bank's two-factor authorization. Eurograbber would then quietly use the TAN to quietly transfer funds out of the victim's account.... First detected in Italy earlier this year, Eurograbber is responsible for the theft of 36 million euros from about 30,000 commercial and personal bank accounts by initiating transfers ranging from 500 euros ($656) to 250,000 euros ($328,000), according to the report."
Zeus botnet steals $47M from European bank customers
Cnet, 5 December 2012

"Weeks of international intrigue about the whereabouts of tech millionaire John McAfee ended Tuesday after the Internet pioneer made an elementary digital mistake that highlighted the fraught relationship Americans have with what they once quaintly called 'the telephone.' That homely communication tool, wired into walls everywhere for the better part of a century, has become an untethered e-mailer, browser, banker, shopper, movie viewer, music player and — to an extent that few appreciate — digital spy of extraordinary power. McAfee, 67, who founded the popular antivirus company that bears his name, has been wanted for questioning by police in Belize since a neighbor turned up dead of a gunshot wound near McAfee’s beach-side home Nov. 11. The troubled tech savant, insisting that he had no role in the shooting, went on the run and has been taunting police by blog, Twitter and occasional podcast. Authorities couldn’t catch him. But a hacker called Simple Nomad learned McAfee’s location shortly after journalists posted an image of him from his supposedly secret locale under the provocative headline, 'We are with John McAfee right now, suckers.' Embedded in that image, apparently taken by one of the journalists, was the sort of detailed data routinely collected by smartphone cameras and often transmitted along with images wherever they go — on e-mail, Facebook, online photo albums and, it turns out, to Vice magazine’s Web site. Simple Nomad, who declined to give any identifying personal details in an e-mail interview, examined the underlying data and quickly learned that McAfee’s image emanated from an iPhone 4S at the following location: 'Latitude/longitude: 15° 39’ 29.4 North, 88° 59’ 31.8 West,' at 12:26 p.m. Monday. That put McAfee in a Guatemalan villa south of the border with Belize. .... the case resonated with privacy experts, who long have feared that most owners of smartphones have little idea how much information they collect and how easily it can be shared. Hackers can steal it. Police in many situations can review it for potential evidence. And users can accidentally transmit it, sometimes without even knowing they have done so.... The rapid spread of smartphones has made it even harder for most users to monitor the creation and flow of personal information, Hoofnagle said. 'It has trapped a lot of people, this problem. We’re often not aware of the metadata that’s created.'. The McAfee case is all the more striking because of his presumed savviness in handling technology. "
Hacker locates John McAfee through smartphone tracks
Washington Post, 5 December 2012

"The National Highway Traffic Safety Administration is expected to finalize a long-awaited proposal to make event data recorders standard on all new vehicles. In a notice posted Thursday, the White House Office of Management Budget said it has completed a review of the proposal to make so-called vehicle 'black boxes' mandatory in all cars and trucks, clearing the way for NHTSA to publish its final regulation. Nearly all vehicles currently have the devices. NHTSA's proposed rule, which would raise the percentage of vehicles required to have an EDR from 91.6 percent today to 100 percent of light-duty autos, would have an incremental cost of nearly $24.4 million, assuming the sale of 15.5 million light vehicles per year. In 2010, Congress considered requiring EDRs in all vehicles by legislation. The Alliance of Automobile Manufacturers — the trade group representing Detroit's Big Three automakers, Toyota Motor Corp, and Volkswagen AG — said the government needs to take into account driver privacy. 'Event data recorders help our engineers understand how cars perform in the real world but looking forward, we need to make sure we preserve privacy. Automakers do not access EDR data without consumer permission, and any government requirements to install EDRs on all vehicles must include steps to protect consumer privacy,' said spokeswoman Gloria Bergquist."
NHTSA gets White House OK to mandate vehicle 'black boxes'
Detroit News, 6 December 2012

"Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments. The Patriot Act from 2001 has started to play a symbolic role in the public debate. It is one important element in a larger, complex and dynamic legal framework for access to data for law enforcement and national security purposes. In particular, the FISA Amendments Act provision for access to data of non-U.S. persons outside the U.S. enacted in 2008 deserves attention. The report describes this and other legal powers for the U.S. government to obtain data of non-U.S. persons located outside of the U.S. from cloud providers that fall under its jurisdiction. Such jurisdiction applies widely, namely to cloud services that conduct systematic business in the United States and is not dependent on the location where the data are stored, as is often assumed. For non-U.S. persons located outside of the U.S., constitutional protection is not applicable and the statutory safeguards are minimal. In the Netherlands and across the EU, government agencies have legal powers to obtain access to cloud data as well. These provisions can also be be used to assist the U.S. government, when it does not have jurisdiction for instance, but they must stay within the constitutional safeguards set by national constitutions, the European Convention on Human Rights and the EU Charter."
Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act
Van Hoboken, Joris V. J., Arnbak, Axel and Van Eijk, Nico, Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act (November 27, 2012)

"Facebook has been accused of a massive 'data grab' after encouraging users to allow it to automatically synchronise photos from their mobile devices to the social networks servers. The social network from Friday began asking users of its mobile apps to activate its new Photo Sync, which will automatically upload each picture to a private album. Whether or not users decide share the photos on their public newsfeed, Facebook itself will still have access. That means it will be able to mine those files for their metadata, including the location where the photo was taken, as well as use its facial recognition technology to spot those pictured."
Facebook accused of massive 'data grab' with new service that automatically uploads your phone pictures
Mail, 3 December 2012

"Access to private data has increased by 20 per cent by Australia’s law enforcement and government agencies – and with no warrant. Australians are 26 times more prone to be placed under surveillance than people in other countries, local media report. In such a way, state structures accessed private information over 300,000 times last year – or 5,800 times every week, figures from the federal Attorney General’s Department showcase. The data includes phone and internet account information, the details of out and inbound calls, telephone and internet access location data, as well as everything related to the Internet Protocol (IP) addresses visited, the Sydney Morning Herald (SMH) reports. Australian media report that every government agency and organization use the gathered telecommunications data, and those include the Australian Crime Commission, the Australian Securities and Investments Commission, the Australian Tax Office, Medicare and Australia Post. New South Wales (NSW) Police became the biggest users of the private data, with 103,824 access authorizations during the last year – a third of all information accessed by the security forces. The news triggered massive public outrage, with Australian Greens Senator Scott Ludlam telling SMH, ‘This is the personal data of hundreds of thousands, indeed millions of Australians, and it seems that just about anyone in government can get it.' He said the move demonstrated the current data access regime was 'out of control' and amounted to the framework for a 'surveillance state'."
Australian surveillance ‘out of control’: 20% increase in 1 year
RT, 3 December 2012

"Home Secretary Theresa May was challenged by Labour last night after it emerged that a former MI6 spy in a relationship with her senior Tory adviser is tipped to be appointed top Home Office mandarin. The expected promotion of ex-spook Charles Farr, the official most closely linked to ‘Big Brother Britain’, has sparked a heated debate among senior civil servants – and MPs. Unmarried Mr Farr, 53, the most powerful spy figure in Whitehall, is currently Director of the Office for Security and Counter Terrorism in Mrs May’s department. He is frontrunner to succeed former Home Office Permanent Secretary Dame Helen Ghosh. Ambitious Mr Farr is said to have impressed Mrs May with his handling of sensitive security matters. At present he is responsible for the so-called ‘Snooper’s Charter’ laws giving police, security services and the taxman the power to monitor the public’s every internet click. Labour MP Keith Vaz, who chairs the all-party Commons Select Committee on Home Affairs, wrote to Whitehall chiefs last week demanding to know if Mrs May will have a say in deciding who gets Dame Helen’s job. Mr Vaz claims the delay is causing chaos. He told The Mail on Sunday: ‘There is a leadership vacuum at the top of the Home Office that must be resolved to deal with urgent issues.’ A senior Tory figure with close contacts at MI6 said: ‘I am concerned at the prospect of Mr Farr running the Home Office. He was not popular at MI6 and his secretive manner is not in keeping with the requirements of modern Whitehall. Having a Permanent Secretary who is in a relationship with a Conservative official who works for Mrs May could put the Home Secretary in a tricky position.’... He was thwarted in his ambition to be head of MI6 when rival and super-smooth Foreign Office diplomat John Sawers was given the job in 2009. Friends say Mr Farr sees becoming chief mandarin at the Home Office as ‘the next best thing’."
Theresa May under fire over spy tipped to be top mandarin
Mail, 1 December 2012

"The people who control the interception of the internet and, to some degree also, physically control the big data warehouses and the international fiber-optic lines. We all think of the internet as some kind of Platonic Realm where we can throw out ideas and communications and web pages and books and they exist somewhere out there. Actually, they exist on web servers in New York or Nairobi or Beijing, and information comes to us through satellite connections or through fiber-optic cables. So whoever physically controls this controls the realm of our ideas and communications. And whoever is able to sit on those communications channels, can intercept entire nations, and that’s the new game in town, as far as state spying is concerned – intercepting entire nations, not individuals.... The US National Security Agency has been doing this for some 20-30 years. But it has now spread to mid-size nations, even Gaddafi’s Libya was employing the EAGLE system, which is produced by French company AMESYS, pushed there in 2009, advertised in its international documentation as a nationwide interception system. So what’s happened over the last 10 years is the ever-decreasing cost of intercepting each individual now to the degree where it is cheaper to intercept every individual rather that it is to pick particular people to spy upon.... If... the mere security guards, you know, the people who control the guns, are able to take control of our intellectual life, take control of all the ways in which we communicate to each other, then of course you can see how dreadful the outcome will be. Because it won’t happen to just one nation, it will happen to every nation at once. It is happening to every nation at once as far as spying is concerned, because now every nation is merging its society with internet infrastructure..... People think, well, yeah, I use Facebook, and maybe the FBI if they made a request, could come and get it, and everyone is much more aware of that because of Petraeus. But that’s not the problem. The problem is that all the time nearly everything people do on the internet is permanently recorded, every web search. Do you know what you were thinking one year, two days, three months ago? No, you don’t know, but Google knows, it remembers.... You know, the Stasi had a 10 per cent penetration of East German society, with up to 1 in 10 people being informants at some time in their life. Now in countries that have the highest internet penetration, like Iceland, more than 80 per cent of people are on Facebook, informing about their friends. That information doesn’t [simply] go nowhere. It’s not kept in Iceland, it’s sent back into the US where it IS accessed by US intelligence and where it is given out to any friends or cronies of US intelligence – hundreds of national security letters every day publicly declared and being issued by the US government.... We have this position where as we know knowledge is power, and there’s a mass transfer as a result of literally billions of interceptions per day going from everyone, the average person, into the data vaults of state spying agencies for the big countries, and their cronies – the corporations that help build them that infrastructure. Those groups are already powerful, that’s why they are able to build this infrastructure to intercept on everyone. So they are growing more powerful, concentrating the power in the hands of smaller and smaller groups of people at once, which isn’t necessarily bad, but it’s extremely dangerous once there is any sort of corruption occurring in the power. Because absolute power corrupts, and when it becomes corrupt, it can affect a lot of people very quickly. Bill Binney, National Security Agency whistleblower, who was the research head of the National Security Agency’s Signals Intelligence Division, describes this as a ‘turnkey totalitarianism’, that all the infrastructure has been built for absolute totalitarianism. It’s just the matter of turning the key..... in general I think the prognosis is very grim. And we really are at this moment where it can go one way or the other way. To a degree, perhaps the best we can be sure, if we work, of achieving is that some of us are protected. It may only be a high-tech elite, hopefully expanded a bit more – people who can produce tools and information for others that they can use to protect themselves. It is not necessary that all of society is covered, all of society is protected. What's necessary is that the critical accountability components of society that stop it from going down the tubes entirely, that those people are protected. Those include corruption investigators, journalists, activists, and political parties. These have got to be protected. If they are not protected, then it's all lost.... if we are not able to protect a significant number of people from mass state spying, then the basic democratic and civilian institutions that we are used to – not in the West, I am no glorifier of the West, but in all societies – are going to crumble away. They will crumble away, and they will do so all at once. And that's an extremely dangerous phenomenon. It's not often where all the world goes down the tube all at once. Usually you have a few countries that are OK, and you can bootstrap civilization again from there.... The successes of WikiLeaks shouldn’t be viewed merely as a demonstration of our organization’s virility or the virility of the activist community on the internet. They are also a function of this hoarding of information by these national security [agencies]. The reason there was so much information to leak, the reason it could be leaked all at once is because they had hoarded so much. Why had they hoarded so much? Well, to gain extra power through knowledge. They wanted their own knowledge internally to be easily accessible to their people, to be searchable, so as much power could be extracted from it as possible."
Julian Assange
Assange to RT: Entire nations intercepted online, key turned to totalitarian rule
RT, 30 November 2012

"Twitter users face the embarrassment of seeing their online past resurrected after the CEO of the microblogging site revealed plans to create an archive of every tweet ever sent. Currently, users of the site can only see their messages dating back to a certain point, allowing them to forget their online persona from years gone by. But that is all set to change towards the end of this year, when the site allows tweeters to download a full record of the activity on their accounts. The move could raise privacy fears, as it makes it easier for people to access the billions of tweets which have been sent since Twitter launched in July 2006. CEO Dick Costolo announced the change during a talk at the university of Michigan, and suggested it would be finalised by the end of the year."
How new Twitter archive will reveal all those embarrassing messages you sent in the past
Mail, 27 November 2012

"If you're about to get rid of an old PC - to upgrade to a new Windows 8 machine, for example - it's wise to properly erase the drive if you want to sell it. Otherwise you could be handing an 'identity theft kit' to unscrupulous buyers. The truth is, erasing data on a PC isn’t easy and the recycle bin is not going to stop anyone who really wants to poke around your old files and data once you’ve passed it to a new owner. To erase data and all digital traces of it, you’re going to need extra software to do it, unless you physically remove the hard drive and deploy a mallet. Before you start, remember to back up your files by either burning them on to DVDs, using an external hard drive or cloud-based online storage options like Dropbox, Microsoft SkyDive or Google Drive. You should also ensure you have your Windows discs that came with your PC or at least the code on the back of the disc packet which proves ownership. Whoever uses your PC after you’ve erased the hard drive will need to re-install the Windows operating system. Know your PC and discover how your PC is set up. Head to Control Panel and see what hard drives you have active on your PC. Your home drive is usually ‘C’ but this may be divided into partitions and, depending on your PC, you may have two drives - one a standard hard drive and one a fast, flash-based memory drive frequently called a SSD or Solid State Drive. Erase both to be sure you've got rid of all your data. There are many software programs which allow you to erase data on your PC but the best free one is called DBAN or Darik’s Boot and Nuke. DBAN is supplied as an ISO file, which needs to be burned to CD or DVD as your computer will be operating from your CD or DVD drive in order to erase the hard drive, which cannot be active when you’re clearing all the data on it. You may already have software that allows you to burn DBAN to a disc as an ISO file - right click on the file and see if your computer offers you the option to burn as an ISO file. An ISO file differs from a simple file being copied to a disc. An ISO file allows a computer to boot the disc automatically and run the program - in this case, it’s DBAN. In order to download an ISO burning program, visit Free Iso Burner. Alternatively, you can try the popular Nero Burning Rom 12 software which isn’t free but is very easy to use and currently offers a 15-day trial.... It is possible to use a USB stick to use programs like DBAN in the same way as you would use a CD drive, but it’s not straightforward and not recommended for anyone who isn’t an IT professional..."
How to ensure your private data is REALLY deleted from your old laptop
Yahoo! News, 19 November, 2012

"Nothing is private, especially not when it goes through Google (Gmail's) hands. If America's top spy, the head of the CIA, can get caught writing secret love letters to his girlfriend on Gmail, nobody's e-mails are safe. Petraeus and his clandestine girlfriend, Paula Broadwell, took some troubles to keep their illicit correspondence safe. They reportedly relied on a trick used by some al Qaeda operatives. They left messages to each other in the drafts folder of an account, the password to which they both knew, thinking they would remain for their eyes only. But it didn't work. When the FBI came calling, Google opened up its shockingly large files, as it does with shocking regularity. Google knows everything about you, and it frequently shares with those who ask. Google's own reports say it passed information to authorities in response to 93 percent of government requests in the second half of 2011. Nothing in Google's hands is guaranteed to remain private."
5 things we've learned from Petraeus scandal
CNN, 14 November 2012

"Government surveillance of citizens' online lives is rising sharply around the world, according to Google's latest report on requests to remove content and hand over user data to official agencies. In the first six months of this year, authorities worldwide made 20,939 requests for access to personal data from Google users, including search results, access to Gmail accounts and removal of YouTube videos. Requests have risen steeply from a low of 12,539 in the last six months of 2009, when Google first published its Transparency Report. Authorities made 1,791 requests for Google to remove 17,746 pieces of content in the first half of 2012, almost twice as many as the 949 requests made in the same period last year, and up from 1,048 requests made in the last six months of 2011. 'This is the sixth time we've released this data, and one trend has become clear: government surveillance is on the rise,' Google said in a blogpost. One of the sharpest rises came in requests from Turkey, which held an election on 12 June 2011. Google reported a 1,013% rise in requests from Turkish authorities in the latest reporting period, including 148 requests to remove 426 YouTube videos, Blogger blogs, one Google document and one search result. The contested items allegedly criticised Mustafa Kemal Atatürk (the first president of Turkey), the government or 'national identity and values'. Google restricted Turkish users from accessing 63% of the YouTube videos. It did not remove the other content. The US accounted for the most requests, as it has consistently since the report was launched. US authorities asked for private details of Google users on 7,969 occasions, up from 6,321 in the last reporting period. The number is more than a third of the 20,938 requests for users' details worldwide. Google fully or partially complied with 90% of those requests. Over the six months, Google was asked to remove seven YouTube videos that criticised local and state agencies, police and other public officials. It did not comply with these requests. US figures represent a larger share of the requests for a variety of reasons. Google has a larger number of US users, the US authorities are more familiar with working with Google and foreign countries sometimes make requests for information through US agencies. Those queries are logged as US requests, as Google is not told where the query originated from. Europe now accounts for five of the top 10 countries making requests for user data. France, Germany, Italy, Spain and the UK are all in the top 10 in terms of numbers of requests. The number of requests for content removal in the UK shot up 98% in the UK and 60% in Spain. In the UK, local police authorities unsuccessfully pressed for Google to remove links to sites that accused the police of obscuring crime and racism. The UK is currently considering a bill that would require internet and phone companies to track and store every citizen's web and mobile phone use, including social networking sites, without retaining their content, for 12 months."
Google report reveals sharp increase in government requests for users' data
Guardian, 13 November 2012

"The U.S. government -- and likely your own government, for that matter -- is either watching your online activity every minute of the day through automated methods and non-human eavesdropping techniques, or has the ability to dip in as and when it deems necessary -- sometimes with a warrant, sometimes without....Gen. David Petraeus, the former head of the U.S. Central Intelligence Agency, resigned over the weekend after he was found to have engaged in an extra-marital affair. What caught Petraeus out was, of all things, his usage of Google's online email service, Gmail. This has not only landed the former CIA chief in hot water but has ignited the debate over how, when, and why governments and law enforcement agencies are able to access ordinary citizens' email accounts, even if they are the head of the most powerful intelligence agency in the world. If it makes you feel any better, the chances are small that your own or a foreign government will snoop on you. The odds are much greater -- at least for the ordinary person (terrorists, hijackers et al: take note) -- that your email account will be broken into by a stranger exploiting your weak password, or an ex-lover with a grudge (see 'Fatal Attraction'). Forget ECHELON, or signals intelligence, or the interception of communications by black boxes installed covertly in data centers. Intelligence agencies and law enforcement bodies can access -- thanks to the shift towards Web-based email services in the cloud -- but it's not as exciting or as Jack Bauer-esque as one may think or hope for. The easiest way to access almost anybody's email nowadays is still through the courts. (Sorry to burst your bubble, but it's true.) Petraeus set up a private account under a pseudonym and composed email messages but never sent them. Instead, they were saved in draft. His lover, Paula Broadwell, would log in under the same account, read the email and reply, all without sending anything. The traffic would not be sent across the networks through Google's data centers, making it nigh on impossible for the National Security Agency or any other electronic signals eavesdropping agency (such as Britain's elusive GCHQ) to 'read' the traffic while it is in transit.... But surely IP addresses are logged and noted? When emails are sent and received, yes. But the emails were saved in draft and therefore were not sent. However, Google may still have a record of the IP addresses of those who logged into the account. However, most Internet or broadband providers offer dynamic IP addresses that change over time, and an IP address does not always point to the same computer, let alone the same region or state every time it is assigned to a user. Even then, recent U.S. court cases have found that IP addresses do not specifically point to a computer, meaning even if the authorities were sure that it was Petraeus, for instance -- though IP addresses very rarely give the exact house number and street address -- it would not stick in court. As is often the case, human error can land someone in the legal spotlight. 37-year-old Florida resident Jill Kelley, a family friend to the Petraeus', allegedly received emails from an anonymous account warning Kelley to stay away from the CIA chief. But when Broadwell sent these messages, it left behind little fragments of data attached to the email -- every email you send has this data attached -- which first led the FBI on a path that led up to the very door of Petraeus' office door in Langley, Virginia. There's no such thing as a truly 'anonymous' email account, and no matter how much you try to encrypt the contents of the email you are sending, little fragments of data are attached by email servers and messaging companies. It's how email works and it's entirely unavoidable. Every email sent and receive comes with 'communications data,' otherwise known as 'metadata' -- little fragments of information that carries the recipient and the sender's address, and routing data such as the IP addresses of the sender and the servers or data center that it's passed through. Extracting this metadata is not a mystery or difficult, in fact anyone can do it, but if you have the legal tools and law enforcement power to determine where the email was passed through -- such as an IP address of one of Google's data center in the United States. The system is remarkably similar to the postal system. You can seal the envelope and hide what's inside, but it contains a postmark of where it came from and where it's going. It may even have your fingerprints on it. All of this information outside the contents is 'metadata.' That said, even if you use a disposable Gmail account -- such as iamananonymousemailsender@gmail.com, for instance -- it's clearly a Gmail account, and Gmail is operated by Google. Sometimes it just takes a smidgen of common knowledge. Ultimately, only Google had access to the emails. Because it's a private company, it does not fall under the scope of the Fourth Amendment. If the U.S. government or one of its law enforcement agencies wanted to access the private Petraeus email account, it would have to serve up a warrant. In this case, however, the Foreign Intelligence Services Act (FISA) would not apply. Even the Patriot Act would not necessarily apply in this case, even though it does allow the FBI and other authorized agencies to search email. However, in this case, above all else, the Stored Communications Act does apply -- part of the Electronic Communications Privacy Act. The act allows for any electronic data to be read if it has been stored for less than 180 days. In this case, the law was specifically designed -- albeit quite some time before email became a mainstream communications medium -- to allow server- or computer-stored data to be accessed by law enforcement. However, a court order must be issued after the 180 days, and in this case it was. Reporting from London, the BBC News' Mark Ward summed it up in a single sentence: Once it knew Ms. Broadwell was the sender of the threatening messages, the FBI got a warrant that gave it covert access to the anonymous email account. And that's how they do it. No matter which way you look at it, no matter how much the government or its law enforcement agencies want the data or the proof of wrongdoing, they must almost always get a court order. And Petraeus is no different from any other U.S. citizen, U.K. citizen, or European citizen -- and further afield for that matter. What it always boils down to is a court order, and it's as simple as that. It's not ECHELON or an episode of '24' using hacking or cracking techniques; it's an afternoon in a fusty courtroom with a semi-switched on (and preferably sober) judge. That said, it doesn't grant unfettered or unrestricted access to a user's inbox or email account, but when an alleged crime has been committed or law enforcement starts digging around, it allows a fairly wide berth of powers to request access to electronically stored data. Former assistant secretary to the U.S. Department of Homeland Security Stewart Baker told the Associated Press: The government can't just wander through your emails just because they'd like to know what you're thinking or doing. But if the government is investigating a crime, it has a lot of authority to review people’s emails. So there it is. A court order is all you need to access a person's inbox, but sufficient evidence is often required in order to do this -- particularly through the Stored Communications Act, or the Electronic Communications Privacy Act. It sounds obvious, of course, that's because it is. That said, if there is reasonable suspicion albeit lacking evidence, or a U.S. law enforcement agency is dealing with a foreign national outside of the United States, that normally requires a secret FISA court order to be granted in order to proceed with the interception of data or warranted access to an email account, for example.... But it's OK; you're in Europe, or Australia, or Asia. The U.S. can't use their laws against you in a foreign country because, well, you're outside of its jurisdiction. Again, sorry to burst your privacy bubble but that excuse didn't wash with the European Parliament, it shouldn't with you either. If you're a European citizen with a Microsoft, Google, Yahoo or Apple account -- or any email offered in the cloud by a U.S. company -- which is most consumer email services nowadays -- it is accessible to the U.S. courts and other nations through various acts of law, such as the Foreign Intelligence Surveillance Act (FISA) or the PATRIOT Act, in which the latter amended much of what the former had implemented in the first place....The trouble is even though there is some level of accountability via the FISA courts, these sessions are held in secret and there are no public minutes or record to go from, so swings and roundabouts. Only in exceptional cases where warrants are not issued is when there is an immediate threat to life. But because these courts are secret, there's no definitive and ultimate way to know for an absolute fact that the U.S. authorities don't just bypass the FISA courts and skip ahead with their investigations anyway..... On the third point, other countries do have similar laws and this should be noted. (I personally thought it was relatively common knowledge, forgive my naivety.) The U.K., for instance, has the Regulation of Investigatory Powers Act that can be used to acquire data from a third-country via a U.K.-based firm, just as the Patriot Act can be used on a U.S. firm to access data in a third-country via a local subsidiary. But in terms of where the major email and cloud providers are based -- the United States, notably on the West Coast -- it means that U.S. law must apply, in spite of foreign laws that attempt to or successfully counteract the provisions offered in U.S. law. Not many major cloud providers operate solely in the U.K., whereas Microsoft, Google, Apple and Amazon are all U.S. headquartered with a subsidiary in the U.K. and other countries. The lesson here? We're all as bad as each other and no legally or financially reasonable place is safe to store data if you're a massive criminal or looking to stash a bunch of secret or uncouth documents away from the authorities."
Yes, the FBI and CIA can read your email. Here's how
Zdnet, 13 November 2012

"As is now widely reported, the FBI investigation began when Jill Kelley - a Tampa socialite friendly with Petraeus (and apparently very friendly with Gen. John Allen, the four-star U.S. commander of the war in Afghanistan) - received a half-dozen or so anonymous emails that she found vaguely threatening. She then informed a friend of hers who was an FBI agent, and a major FBI investigation was then launched that set out to determine the identity of the anonymous emailer. That is the first disturbing fact: it appears that the FBI not only devoted substantial resources, but also engaged in highly invasive surveillance, for no reason other than to do a personal favor for a friend of one of its agents, to find out who was very mildly harassing her by email. The emails Kelley received were, as the Daily Beast reports, quite banal and clearly not an event that warranted an FBI investigation... That this deeply personal motive was what spawned the FBI investigation is bolstered by the fact that the initial investigating agent 'was barred from taking part in the case over the summer due to superiors' concerns that he was personally involved in the case' - indeed, 'supervisors soon became concerned that the initial agent might have grown obsessed with the matter' - and was found to have 'allegedly sent shirtless photos' to Kelley, and 'is now under investigation by the Office of Professional Responsibility, the internal-affairs arm of the FBI'... What is most striking is how sweeping, probing and invasive the FBI's investigation then became, all without any evidence of any actual crime - or the need for any search warrant... So all based on a handful of rather unremarkable emails sent to a woman fortunate enough to have a friend at the FBI, the FBI traced all of Broadwell's physical locations, learned of all the accounts she uses, ended up reading all of her emails, investigated the identity of her anonymous lover (who turned out to be Petraeus), and then possibly read his emails as well. They dug around in all of this without any evidence of any real crime - at most, they had a case of 'cyber-harassment' more benign than what regularly appears in my email inbox and that of countless of other people - and, in large part, without the need for any warrant from a court. But that isn't all the FBI learned. It was revealed this morning that they also discovered 'alleged inappropriate communication' to Kelley from Gen. Allen, who is not only the top commander in Afghanistan but was also just nominated by President Obama to be the Commander of US European Command and Supreme Allied Commander Europe (a nomination now 'on hold'). .... not only did the FBI - again, all without any real evidence of a crime - trace the locations and identity of Broadwell and Petreaus, and read through Broadwell's emails (and possibly Petraeus'), but they also got their hands on and read through 20,000-30,000 pages of emails between Gen. Allen and Kelley. This is a surveillance state run amok. It also highlights how any remnants of internet anonymity have been all but obliterated by the union between the state and technology companies."
FBI's abuse of the surveillance state is the real scandal needing investigation
Guardian, 13 November 2012

"A huge 'Big Brother' style database containing details of around eight million schoolchildren is being compiled without the knowledge of their parents. IT systems specialists are creating the database - including such information as a child's age, sex, and academic records - which can be shared among officials from other agencies such as the police, NHS and charities. Teachers are uploading information on pupils as often as six times a day to the database, created by Capita, one of the UK's largest contractors to both central and local government. The database is said to be already being used by as many as 100 local authorities, according to The Sunday Times, with 22,000 schools nationwide uploading to the service to provide a 'thread' of data that is accessible to all those working with children. It is thought that youth offending teams, which include police officers, will also be offered access to the information. As well as basic details such as the child's address and attendance records, information about special needs and behavioural records are also included."
Personal details of eight million children are on secret database without their parents’ knowledge
Mail, 11 November 2012

"Some Americans who have access to sensitive information and who travel to China describe going to tremendous lengths to minimize government efforts to seize their data. Some copy and paste their passwords from USB thumb drives rather than type them out, for fear of key-logging software. They carry 'loaner' laptops and cellphones and pull out cellphone batteries during sensitive meetings, worried that the microphone could be switched on remotely. The New York Times called such extreme measures, which also apply in other countries, 'standard operating procedure for officials at American government agencies.''
Why David Petraeus’s Gmail account is a national security issue
Washington Post, 10 November 2012

"Yesterday, we got a rare look at how information on your public social media profiles—including Twitter, Facebook and LinkedIn—is being harvested and resold by large consumer data companies. Responding to a congressional query, nine data companies provided answers to a detailed set of questions about what kinds of information they collect about individual Americans, and where they get that data. Their responses, released Thursday [1], show that some companies record — and then resell — your screen names, web site addresses, interests, hometown and professional history, and how many friends or followers you have. Some companies also collect and analyze information about users’ 'tweets, posts, comments, likes, shares, and recommendations,' according to Epsilon, a consumer data company. While many of these details were already available on the data companies’ websites, the lawmakers used the letters as a chance to raise awareness about an industry that they said has largely 'operated in the shadows.' 'Posting to Facebook should not also mean putting personal information into the hands of data reapers seeking to profit from details of consumers’ personal lives,' Massachusetts Rep. Edward J. Markey told ProPublica in an e-mailed statement."
Yes, Companies Are Harvesting – and Selling – Your Facebook Profile
ProPublica, Nov. 9, 2012

"RFID (Radio Frequency Identification Devices), is a tracking technology. RFID technology is currently used on banking, library books, pets, cattle, autos, medications, and some humans (such as for patient identification purposes). The replacement of bar codes in grocery stores is another application of RFID chips, for the stated purpose of expediting the ‘checking out process’. YES, it is true, there are conveniences associated with RFID technology, but it boils down to tracking. Tracking sounds like being organized, or civilized. But when tracking goes into every facet of our lives, it has chilling consequences. Today, there are beta tests being conducted in some schools, in Florida, Mississippi, Texas, and Louisiana. This is to track children, if they get to class on time, or, spend too much time where they should not. They are being required to wear tracking necklaces. Tracking, and surveillance of ‘smart’ things (phones, cards, chickens), are, in theory ‘keeping us safe’. Already, the US Department of Agriculture demands that ranchers use RFID chips to monitor their livestock. Tracking things is one thing, but tracking your biology? RFID systems generally consist of a transponder and reader. The reader is usually connected to a computer database. RFID chips have been around for a while. In fact, it is sophisticated enough that people are concerned about their information being stolen just upon walking in an airport, for instance. But, now comes the ‘fun’ part: nanotechnology, the atomic and molecular computing technology, merging with RFID. Imagine a strand of hair with several hundred computers on it. These can track all sorts of things including biology, or biometrics. The science fiction story, 1984, by George Orwell seems to be unfolding with precision. Now that nanotechnology is quickly emerging, RFID chips can be implanted under the skin…and at some point, will not visible. Think about computer tracking under your skin, with external readers, and data collection mining. Creepy. Tracking health, your body fluids, your power usage, your whereabouts, your money, your food, eventually, your thoughts? No problem? Besides your information potentially ’leaking’ out such as your banking, social security number, or health status, think about atomic sized ‘machines’, potentially going into your cells."
Biometric Surveillance Meets Nanotechnology
Waking Times, 3 November 2012

"The U.S. spent $75.4 billion on its military and civilian spy agencies in the last fiscal year, officials announced Tuesday. The U.S. intelligence budget is divided between the Military Intelligence Program, which the Pentagon said was $21.5 billion for fiscal 2012, and the National Intelligence Program, which was $53.9 billion, according to Director of National Intelligence James R. Clapper. The National Intelligence Program (NIP) funds the CIA and other civilian agencies and provides some funding for the major military agencies such as the National Security Agency and Defense Intelligence Agency. 'The NIP supports national decision-makers, so, to the extent that the NSA and other agencies in the Department of Defense provide intelligence to the president or other civilian leaders, they are funded from the NIP,' said Steven Aftergood of the Federation of American Scientists, who advocates for more transparency in U.S. intelligence funding. Mr. Aftergood said the fiscal 2012 NIP budget was $700 million lower than the previous year’s, noting that 'it’s the first drop in the NIP for many years.' The NIP budget had risen every year since it was first disclosed in 2007, he said."
U.S. intel budget topped $75 billion in 2012
Washington Times, 30 October 2012

"A senior government official has sparked anger by advising internet users to give fake details to websites to protect their security. Andy Smith, an internet security chief at the Cabinet Office, said people should only give accurate details to trusted sites such as government ones. He said names and addresses posted on social networking sites 'can be used against you' by criminals. His advice was described by Labour MP Helen Goodman as 'totally outrageous'. Ms Goodman, shadow culture minister, told BBC News: 'This is the kind of behaviour that, in the end, promotes crime. 'It is exactly what we don't want. We want more security online. It's anonymity which facilitates cyber-bullying, the abuse of children. 'I was genuinely shocked that a public official could say such a thing.' Mr Smith, who is in charge of security for what he described as the 'largest public services network in Europe', which will eventually be accessed by millions of people in the UK, said giving fake details to social networking sites was 'a very sensible thing to do'. 'When you put information on the internet do not use your real name, your real date of birth,' he told a Parliament and the Internet Conference in Portcullis House, Westminster. 'When you are putting information on social networking sites don't put real combinations of information, because it can be used against you.' But he stressed that internet users should always give accurate information when they were filling in government forms on the internet, such as tax returns. 'When you are interacting with government, or professional organisations - people who you know are going to protect your information - then obviously you are going to use the right stuff. But he said that fraudsters gather a lot of personal information 'from Google, social networking sites, from email footers, all sorts of places'. He added that they were 'bringing this information together and cross-correlating information and then they are using it against you'. Mr Smith's comments were backed by Lord Erroll, chairman of the Digital Policy Alliance, a not-for-profit policy studies group which claims to speak for industry and charities, who was chairing the panel. He said he had always given his date of birth as '1 April 1900'. The crossbench peer later told BBC Radio 4's PM programme Mr Smith had given people 'a very good bit of advice' - particularly as banks used date of birth as a means of verifying identity.... Citing an anecdote about novelist Salman Rushdie - who won a battle last year to use his commonly used middle name rather than his actual first name Ahmed on his profile page - he said: 'Facebook doesn't allow you to put on false details and they will take you off if they discover you have.' Simon Milner, Facebook's head of policy in the UK and Ireland, who was at the conference, also took issue with Mr Smith's comment. He told the audience of industry experts and MPs he had a 'vigorous chat' with the Cabinet Office official afterwards to persuade him to revise his view."
Give social networks fake details, advises Whitehall web security official
BBC Online, 25 October 2012

"On 15 October, the Dutch ministry of Justice and Security proposed powers for the police to break into computers, install spyware, search computers and destroy data. These powers would extend to computers located outside the Netherlands. Dutch digital rights movement Bits of Freedom warns for the unacceptable risks to cybersecurity and calls on other countries to strongly oppose the proposal. The proposal (Dutch, PDF) would grant powers to the Dutch police to break into computers, including mobile phones, via the internet in order to: * install spyware, allowing the police to overtake the computer; * search data on the computer, including data on computers located in other countries; and * destroy data on the computer, including data on computers located in other countries. - If the location of the computer cannot be determined, for example in the case of Tor-hidden services, the police is not required to submit a request for legal assistance to another country before breaking in. Under the current text, it is uncertain whether a legal assistance request would be legally required, or merely preferred, if the location of the computer is known. The exercise of these powers requires a warrant from a Dutch court. This proposal poses unacceptable risks. If the Dutch government gets the power to break into foreign computers, this gives other governments the basis to break into Dutch computers which infringe the laws of their country. The end result could be less security for all computer users, instead of more. This is even more true with regard to the power to destroy data on foreign computers; it is likely that other governments would be very interested in using such a power against Dutch interests."
Dutch proposal to search and destroy foreign computers « Bits of Freedom
Bits of Freedom, 18 October 2012

"Verizon spying on its customers may seem bad for business, but according to the telecom giant's latest privacy policy update, that's exactly what they will be doing. Verizon wireless recently revealed that its new privacy agreement will allow them to spy on its user's web habits, including the websites you visit, the location data of your phone and where you use the browser. While the Verizon spying is supposed to be used only for commercial purposes, the whole thing seems very big brother-ish. Verizon says the purpose is to present users with more relevant ads, but the agreement says the data can be shared with third-party companies."
Verizon Spying On Your Web Habits
Digital Times, 18 October 2012

"Lately, Mike Janke has been getting what he calls the 'hairy eyeball' from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the world's most renowned cryptographers, was always bound to ruffle some high-level feathers with his new project — a surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it. This week, after more than two years of preparation, the finished product has hit the market. Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications — text messages, plus voice and video calls. Currently, apps for the iPhone and iPad are available, with versions for Windows, Galaxy, Nexus and Android in the works. An email service is also soon scheduled to launch. The encryption is peer to peer, which means that Silent Circle doesn't centrally hold a key that can be used to decrypt people's messages or phone calls. Each phone generates a unique key every time a call is made, then deletes it straight after the call finishes. When sending text messages or images, there is even a 'burn' function, which allows you to set a time limit on anything you send to another Silent Circle user — a bit like how 'this tape will self destruct' goes down in 'Mission: Impossible,' but without the smoke or fire. Silent Circle began as an idea Janke had after spending 12 years working for the U.S. military and later as a security contractor. When traveling overseas, he realized that there was no easy-to-use, trustworthy encrypted communications provider available to keep in touch with family back home. Cellphone calls, text messages and emails sent over the likes of Hotmail and Gmail can just be 'pulled right out of the air,' according to Janke, and he didn't think the few commercial services offering encryption — like Skype and Hushmail — were secure enough. He was also made uneasy by reports about increased government snooping on communications. 'It offended what I thought were my God-given rights — to be able to have a free conversation,' Janke says. 'And so I began on this quest to find something to solve it.'.... Janke says he's already sold the technology worldwide to nine news outlets, presumably keen to help protect their journalists' and sources' safety through encryption. (ProPublica, for one, confirmed it's had 'preliminary discussions' with Silent Circle.) A major multinational company has already ordered 18,000 subscriptions for its staff, and a couple of A-list actors, including one Oscar winner, have been testing the beta version. The basic secure phone service plan will cost $20 a month per person, though Janke says a number of human rights groups and NGOs will be provided with the service for free. The company has also attracted attention from 23 special operations units, intelligence agencies, and law enforcement departments in nine countries that are interested in using Silent Circle to protect the communications of their own employees — particularly on the personal devices that they use at home or bring to work. Some of these same agencies, perhaps unsurprisingly, have contacted Janke and his team with concerns about how the technology might be used by bad guys. Because Silent Circle is available to just about anyone, Janke accepts there is a real risk that a minority of users could abuse it for criminal purposes. But he argues you could say the same thing about baseball bats and says if the company is ever made aware someone is using the application for 'bad illegal things' — he cites an example of a terrorist plotting a bomb attack — it reserves the right to shut off that person's service and will do so 'in seven seconds.' The very features that make Silent Circle so valuable from a civil liberties and privacy standpoint make law enforcement nervous. Telecom firms in the United States, for instance, have been handing over huge troves of data to authorities under a blanket of secrecy and with very little oversight. Silent Circle is attempting to counter this culture by limiting the data it retains in the first place. It will store only the email address, 10-digit Silent Circle phone number, username, and password of each customer. It won't retain metadata (such as times and dates calls are made using Silent Circle). Its IP server logs showing who is visiting the Silent Circle website are currently held for seven days, which Janke says the company plans to reduce to just 24 hours once the system is running smoothly. Almost every base seems to have been covered. Biannually, the company will publish requests it gets from law enforcement in transparency reports, detailing the country of origin and the number of people the request encompassed. And any payment a person makes to Silent Circle will be processed through third-party provider, Stripe, so even if authorities could get access to payment records, Janke says, 'that in no way gives them access to the data, voice and video the customer is sending-receiving . . . nor does it tie the two together.' If authorities wanted to intercept the communications of a person using Silent Circle, it is likely they'd have to resort to deploying Trojan-style tools — infecting targeted devices with spyware to covertly record communications before they become encrypted. Among security geeks and privacy advocates, however, there's still far from consensus how secure Silent Circle actually is. Nadim Kobeissi, a Montreal-based security researcher and developer, took to his blog last week to pre-emptively accuse the company of 'damaging the state of the cryptography community.' Kobeissi's criticism was rooted in an assumption that Silent Circle would not be open source, a cornerstone of encrypted communication tools because it allows people to independently audit coding and make their own assessments of its safety (and to check for secret government backdoors). Christopher Soghoian, principal technologist at the ACLU's Speech Privacy and Technology Project, said he was excited to see a company like Silent Circle visibly competing on privacy and security but that he was waiting for it to go open source and be audited by independent security experts before he would feel comfortable using it for sensitive communications."
Surveillance-proof app that can 'self-destruct in five seconds' is launched
Independent, 18 October 2012

"A new cyber espionage program linked to the notorious Flame and Gauss malware has been detected by Russia's Kaspersky Lab. The anti-virus giant’s chief warns that global cyber warfare is in 'full swing' and will probably escalate in 2013. The virus, dubbed miniFlame, and also known as SPE, has already infected computers in Iran, Lebanon, France, the United States and Lithuania. It was discovered in July 2012 and is described as 'a small and highly flexible malicious program designed to steal data and control infected systems during targeted cyber espionage operations,' Kaspersky Lab said in a statement posted on its website. The malware was originally identified as an appendage of Flame – the program used for targeted cyber espionage in the Middle East and acknowledged to be part of joint US-Israeli efforts to undermine Iran’s nuclear program. But later, Kaspersky Lab analysts discovered that miniFlame is an 'interoperable tool that could be used as an independent malicious program, or concurrently as a plug-in for both the Flame and Gauss malware.' The analysis also showed new evidence of cooperation between the creators of Flame and Gauss, as both viruses can use miniFlame for their operations."
Global cyber war: New Flame-linked malware detected
RT, 16 October 2012

"Almost a third of all fraudulent banking transactions now originate from the customer's own computer, as cyber criminals use increasingly sophisticated malware to hijack accounts, online security specialists warned yesterday. To combat the ever-present threat of online crime, financial institutions across Europe have developed multiple security mechanisms such as encrypted card readers and complex security questions when customers log on to their accounts. But experts are warning that the latest software used by criminals to steal money from people's accounts is becoming so clever that it fools the bank into thinking that they are making a legitimate online transaction. Cyber-security experts have described the latest remote administration tools used to hijack people's computers – often referred to by hackers as 'rats' – as 'blood chilling' in their complexity and efficiency. Analysts yesterday illustrated how the latest malware could infect an unwitting person's computer and quickly persuade the user to send over vital security data such as log-on details and passwords. The example they used came from a Russian hacker who was recently arrested with more than Ł140,000 in his house. Using the latest trojan viruses, hackers infect a computer and communicate with their victims by pretending to be their bank, asking them for personal data which then enables them to log into their accounts and move money around. Until recently, less sophisticated malware meant that those hackers who had gained en-ough log-in data would still have to try to access a stolen account from a computer that was not the customer's, which often alerts a bank's al-arm systems and prompts further security questions. Now the latest software allows the hacker to remotely access an infected computer's bank account from the customer's own machine without them knowing."
Be warned: your computer may be stealing your money
Independent, 10 October 2012

"... in a radio interview, Wall Street Journal reporter Julia Angwin (who's been one of the best at covering the surveillance state in the US) made a simple observation that puts much of this into context: the US surveillance regime has more data on the average American than the Stasi ever did on East Germans. And, of course, as we've already seen, much of that data seems to be collected illegally with little oversight... and with absolutely no security benefit..... Even if there are legitimate technical reasons for why the government has so much more data on us, it doesn't change the simple fact (true both then and now) that such data is wide open to abuse, which inevitably happens. The ability of government officials to abuse access to information about you for questionable purposes is something that we should all be worried about. Even those who sometimes have the best of intentions seem to fall prey to the temptation to use such access in ways that strip away civil liberties and basic expectations of privacy. Unfortunately, the courts seem to have very little recognition of the scope of the issue, and there's almost no incentive for Congress (and certainly the executive branch) to do anything at all to fix this."
The US Government Today Has More Data On The Average American Than The Stasi Did On East Germans
TechDirt, 3 October 2012

"A nice coincidence last Tuesday. As the joint select committee of peers and MPs met to hear evidence on the draft Communications Data Bill, which will give police and intelligence services the power to access all your email data and internet connections, the hacking group AntiSec published a sample of 12 million unique Apple device identifiers. These device identifiers may have included details of President Obama's iPad and almost certainly came from an FBI agent's laptop, which goes to prove that wherever you have a big database, someone will find a way into it, even when the information is trusted to one of the most sophisticated intelligence agencies on Earth.... Just about everyone from the London Internet Exchange (Linx) to the Law Society is opposed to the 'snooper's charter' on the grounds of privacy. But let's forget that core issue for a moment and focus on the bill's origin, which happens to be the seething breast of a man named Charles Farr, formerly of MI6, now the head of the office for security and counterterrorism at the Home Office.... One of the interesting points of the proposal is that data passing through this country would be liable to be monitored by the government. Foreigners being unwittingly subjected to British surveillance is one thing but if Facebook, say, agrees to collect data on British users, Professor Ross Anderson, the digital security expert from Cambridge, says: 'That data will be made available to the FBI, like it or not.' Thus our government will be exposing citizens to unwarranted intrusion from foreign agencies....Mass surveillance of everyone, using special filters installed at more than 200 internet service providers, is bound to miss the bad guys. Professor Peter Sommer, an academic and expert witness on digital issues, suggested to the committee that surveillance could easily be avoided by buying a data SIM card, using an internet cafe or by means of draft emails on a web-based email service, where all the members of a conspiracy share one identity and so can access the same email account. Because the emails are saved as drafts only, they escape surveillance and so the email account acts as a discreet communications channel. The bill would obviously stimulate more and more ingenuity among those who want to break the law..... Glyn Wintle, who is paid to break into systems to test their security, told the committee that he once kept a log of data losses reported in the British media. It worked out a loss every two days of up to 200 million personal records, which underscores Anderson's rule that no large database can be secure and functional at the same time."
This spying bill is against privacy and democracy. And it won't work
Observer, 9 September 2012

"The Government will announce details this month of a controversial national identity scheme which will allow people to use their mobile phones and social media profiles as official identification documents for accessing public services. People wishing to apply for services ranging from tax credits to fishing licences and passports will be asked to choose from a list of familiar online log-ins, including those they already use on social media sites, banks, and large retailers such as supermarkets, to prove their identity. Once they have logged in correctly by computer or mobile phone, the site will send a message to the government agency authenticating that user’s identity. The Cabinet Office is understood to have held discussions with the Post Office, high street banks, mobile phone companies and technology giants ranging from Facebook and Microsoft to Google, PayPal and BT. Ministers are anxious that the identity programme is not denounced as a 'Big Brother' national ID card by the back door, which is why data will not be kept centrally by any government department. Indeed, it is hoped the Identity Assurance Programme, which is being led by the Cabinet Office, will mean the end to any prospect of a physical national ID card being introduced in the UK.... Privacy campaigners are not wholly convinced by the programme. 'Although this is a fine scheme in principle and is backed by ministers the danger is that it could be side-lined and used as a fig leaf by the data-hungry government departments,' said Guy Herbert, general secretary of No2ID, which has been consulted by the Cabinet Office. Details of the 'identity assurance' scheme are being finalised amid growing concerns over identity theft and other forms of cybercrime. Foreign Secretary William Hague and Cabinet Office minister Francis Maude, who is at the head of the Identity Assurance Programme, will today (Thurs) meet international experts at the Budapest Conference on Cyberspace. Mr Maude will give a keynote speech. The Cabinet Office believes its new identity model will 'prevent ‘login fatigue’ [from] having too many usernames and passwords' and save public money by increasing trust in online services. The system is likely to be adopted by local authorities nationwide. The Government hopes the identity system will form the basis of a universally-recognised online authentication process for commercial transactions on the Internet, boosting the economy and strengthening Britain’s position as a leader in e-commerce.... The first law passed by the Coalition Government was to scrap the national ID scheme, a move said to have saved taxpayers Ł1 billion over ten years. But ministers want to use the Internet to cut the cost of public services. In order to limit concerns over Government snooping, the Cabinet Office has been working closely with a range of privacy campaign groups and consumer organisations including No2ID, Big Brother Watch and Which? The programme’s Privacy and Consumer Group drew up a list of nine Privacy Principles which underpin the framework of the scheme. As part of the attempt to reassure privacy campaigners, a private identity partner (IDP) which authorises a user of a public service will not know which Government department is seeking authentication.... Some commercial organisations have been concerned that their consumers will react negatively to their involvement with government. But commercial partners will benefit from marketing opportunities and the trust that comes with IDP status. Without the identity assurance scheme there are fears that high levels of online fraud will cause the public to lose confidence in digital channels, undermining the amount of business done online. Civil servants acknowledge that some people will still wish to access public services in person. They argue that the online scheme will release additional resources to assist people who lack confidence in making digital transactions."
National 'virtual ID card' scheme set for launch (Is there anything that could possibly go wrong?)
Independent, 4 October 2012

"A new app can 'virtually steal' from your home - by turning on your phone's camera and beaming images back to thieves.The software can even build up a 3D model of your home, from which the hackers can inspect your rooms, potentially gleaning information about valuables in your home, calendar entries as well as spying on you. The app was created by US military experts at Naval Surface Warfare Center in Crane, Indiana,to show how cybercriminals could operate in the future. The PlaiceRaider creators even demonstrated how they could read the numbers of a cheque book when they tested the Android software on 20 volunteers. As long as the app could be installed on the users phone, it can instantly begin beaming back images from the phone when it senses the right conditions, and software on the other end can then re-construct maps of the visited room. The team gave their infected phone to 20 individuals, who did not know about the malicious app, and asked them to continue operating in their normal office environment. The team said they could glean vital information from all 20 users, and that the 3D reconstruction made it much easier to steal information than by just using the images alone. Researcher Robert Templeman said their app can run in the background of any smartphone using the Android 2.3 operating system. The research team said: 'Through completely opportunistic use of the phone's camera and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. 'Remote burglars can thus 'download' the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information).'.... PlaiceRaider will silently take photographs, recording the time, location and orientation due to the sensors within most modern smartphones. It will then delete any blurred or dark shots, before sending the rest back to a central server, which can reconstruct the user's room, based on information such as phone orientation. Then the hacker can explore the user's property at will - for instance, scanning the room for calendars, private details on computer screens, and cheque-books or card details. Templeman said: 'We implemented on Android for practical reasons, but we expect such malware to generalize to other platforms such as iOS and Windows Phone.' The team offered various ways in which phone manufacturers could secure their systems, for instance making it impossible to disable the shutter sound on phones, so that a user will know if a picture is being taken. Some manufacturers have done this previously, after many cases of mobiles being used surreptitiously for illegal or immoral purposes, but the sound can be disabled on many models."
Could your phone be secretly taking pictures right now?
Mail, 1 October 2012

"U.S. law enforcement surveillance of email and other Internet communication has skyrocketed in the last two years, according to data obtained by the American Civil Liberties Union. The number of so-called pen register and trap-and-trace orders obtained by federal law enforcement agencies has increased 361 percent between 2009 and 2011, the ACLU said. The U.S. Department of Justice released the data to the ACLU after the civil rights group sued the agency under the Freedom of Information Act. Pen registers capture outgoing data from a surveillance subject, while trap-and-trace orders capture incoming data, including the addresses of email messages who the subject is talking with on instant messages. The two types of surveillance are not supposed to record the contents of conversations. Including the targets of telephone surveillance, 'more people were subjected to pen register and trap-and-trace surveillance in the past two years than in the entire previous decade,' Naomi Gilens, a legal assistant with the ACLU's Speech, Privacy, and Technology Project, wrote in a blog post. U.S. law enforcement agencies obtained about 250 pen register orders for email and Internet communications in 2009 and about 200 trap-and-trace orders, the ACLU said. In 2011, U.S. agencies received more than 800 of each order."
ACLU: Electronic surveillance by US agencies skyrocketing
Computerworld, 27 September 2012

"Australia's security and law enforcement agencies are world leaders in telecommunications interception and data access and like most successful industries, they want more. Federal Attorney-General Nicola Roxon is canvassing a further expansion of surveillance powers, most controversially a requirement that telecommunications and internet service providers retain at least two years of data for access by government agencies.Security and privacy are in the balance as the Federal Parliament's secretive joint committee on intelligence and security considers Australia's future digital surveillance regime.... Telephone tapping and bugging have become routine investigative tools. Indeed, published statistics show that Australian law enforcement telecommunications interception activity is greater both in absolute and relative terms than that undertaken in the United States. American federal and state judges issued only 1491 wiretap authorisations for law enforcement purposes in 2001. By 2011 the US figure had risen to 2732 warrants. Taking into account the difference in population between Australia and the US, the per capita rate of law enforcement telephone interception in Australia is 18 times greater than that in the US. Australian law enforcement and government agencies are also accessing vast troves of phone and internet data without warrant. Indeed, they did so more than 250,000 times during criminal and revenue investigations in 2010-11. Comparative statistics suggest this is a far greater level of telecommunications data access than that undertaken in the US, Britain or Canada. Data accessed includes phone and internet account information, outwards and inwards call details, internet access, and details of websites visited, though not the actual content of communications."
Be careful, she might hear you
Sydney Morning Herald, 25 September 2012

"Police must get warrants to access Americans' e-mail and track their cell phones, according to new privacy legislation that promises to spark a political spat between high-tech firms and law enforcement. The bill, introduced today by Rep. Zoe Lofgren -- a Democrat who represents the heart of Silicon Valley, including the home turf of Apple, Google, and Intel -- would generally require law enforcement officials to obtain a search warrant signed by a judge before they can access cloud data or location information. It's backed by a phalanx of companies, including Amazon.com, Apple, AT&T, eBay, Google, Intel, Microsoft, and Twitter. Liberal, conservative, and libertarian advocacy groups are also members of the so-called Digital Due Process coalition. But it's easier to block legislation than advance it. The U.S. Department of Justice will likely try just that: it's previously warned that requiring warrants for e-mail could have an 'adverse impact' on investigations. And tougher legal standards for location data, the department claims, would hinder 'the government's ability to obtain important information in investigations of serious crimes.' Police opposition has been successful in derailing similar privacy legislation."
Privacy bill requires search warrants for e-mail, cell tracking
CNet, 25 September 2012

"Government restrictions on the Internet have risen over the past year around the world as regimes use violence against bloggers and turn to censorship and arrest to squelch calls for reform, a new report from a U.S. advocacy group has found. Pakistan, Bahrain and Ethiopia saw the biggest rollbacks in Internet freedom since January 2011 and were among the 20 countries out of 47 assessed by Freedom House that declined in their rankings."
More countries restrict Internet to stifle critics: report
Reuters, 25 September 2011

"Facebook is working with a controversial data company called Datalogix that can track whether people who see ads on the social networking site end up buying those products in stores. Amid growing pressure for the social networking site to prove the value of its advertising, Facebook is gradually wading into new techniques for tracking and using data about users that raise concerns among privacy advocates.... Datalogix has purchasing data from about 70m American households largely drawn from loyalty cards and programmes at more than 1,000 retailers, including grocers and drug stores. By matching email addresses or other identifying information associated with those cards against emails or information used to establish Facebook accounts, Datalogix can track whether people bought a product in a store after seeing an ad on Facebook. The emails and other identifying information are made anonymous and collected into groups of people who saw an ad and people who did not. Datalogix compiles a report for Facebook and its advertisers to measure which creative approaches and demographic targeting persuade people to buy specific products offline."
Facebook raises fears with ad tracking
Financial Times, 24 September 2012

"A five-year research programme, called Project Indect, aims to develop computer programmes which act as 'agents' to monitor and process information from web sites, discussion forums, file servers, peer-to-peer networks and even individual computers. Its main objectives include the 'automatic detection of threats and abnormal behaviour or violence'. Project Indect, which received nearly Ł10 million in funding from the European Union, involves the Police Service of Northern Ireland (PSNI) and computer scientists at York University, in addition to colleagues in nine other European countries. Shami Chakrabarti, the director of human rights group Liberty, described the introduction of such mass surveillance techniques as a 'sinister step' for any country, adding that it was 'positively chilling' on a European scale..... Stephen Booth, an Open Europe analyst who has helped compile a dossier on the European justice agenda, said these developments and projects such as Indect sounded 'Orwellian' and raised serious questions about individual liberty. 'This is all pretty scary stuff in my book. These projects would involve a huge invasion of privacy and citizens need to ask themselves whether the EU should be spending their taxes on them,' he said.... Miss Chakrabarti said: 'Profiling whole populations instead of monitoring individual suspects is a sinister step in any society. 'It's dangerous enough at national level, but on a Europe-wide scale the idea becomes positively chilling'."
EU funding 'Orwellian' artificial intelligence plan to monitor public for 'abnormal behaviour'
Telegraph, 19 September 2012

"Researchers have found evidence suggesting that the United States may have developed three previously unknown computer viruses for use in espionage operations or cyber warfare. The findings are likely to bolster a growing view that the U.S. government is using cyber technology more widely than previously believed to further its interests in the Middle East. The United States has already been linked to the Stuxnet Trojan that attacked Iran's nuclear program in 2010 and the sophisticated Flame cyber surveillance tool that was uncovered in May. Anti-virus software makers Symantec Corp of the United States and Kaspersky Lab of Russia disclosed on Monday that they have found evidence that Flame's operators may have also worked with three other viruses that have yet to be discovered. The two security firms, which conducted their analyses separately, declined to comment on who was behind Flame. But current and former Western national security officials have told Reuters that the United States played a role in creating Flame. The Washington Post has reported that Israel was also involved. Current and former U.S. government sources also told Reuters that the United States was behind Stuxnet. Kaspersky and Symantec linked Stuxnet to Flame in June, saying that part of the Flame program is nearly identical to code found in a 2009 version of Stuxnet. For now, the two firms know very little about the newly identified viruses, except that one of them is currently deployed in the Middle East. They are not sure what the malicious software was designed to do. 'It could be anything,' said Costin Raiu, director of Kaspersky Lab's Global Research and Analysis Team."
Experts: U.S. may be linked to previously unknown computer viruses in Mideast
Reuters, 18 September 2012

"Hackers have uploaded viruses which can help them steal people's personal data on to millions of PCs and laptops before they are even taken out of the box, Microsoft has admitted. The company said it found malware which allows would-be criminals to remotely switch on and control cameras and microphones, among other devices, on machines which were still factory sealed. The software is loaded with counterfeit copies of Microsoft Windows, the company said. 'Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware,' wrote Microsoft's assistant general counsel for its Digital Crimes Unit, Richard Domingues Boscovich....According to PC Advisor, Boscovich revealed that Microsoft bought computers from 'PC malls' in various Chinese cities, all of which had counterfeit copies of Windows XP or Windows 7 installed. Of the twenty purchased, three had inactive malware and one had live malware, called 'Nitol.A,' that awoke when the computer connected to the Internet. The problem is not thought to affect Western physical supply chains but the malware could be transmitted if users download infected software."
Microsoft admits millions of computers could be infected with malware before they're even out of the box
Independent, 14 September 2012

"President Barack Obama has closely followed the policy of his predecessor, President George W. Bush, when it comes to tactics used in the 'war on terror' — from rendition, targeted killings, state secrets, Guantanamo Bay to domestic spying, according to Michael Hayden, Bush’s former director of the Central Intelligence Agency and the National Security Agency. 'But let me repeat my hypothesis: Despite the frequent drama at the political level, America and Americans have found a comfortable center line in what it is they want their government to do and what it is they accept their government doing. It is that practical consensus that has fostered such powerful continuity between two vastly different presidents, George W. Bush and Barack Obama, when it comes, when it comes to this conflict,' Hayden said Friday while speaking at the University of Michigan.... Hayden, who oversaw the CIA’s use of torture techniques against detainees and the expansion of the NSA to illegally spy on American citizens, admitted to an initial skepticism of Obama. He also publicly criticized the administration in 2009 for making public the Bush-era legal memos that attempted to re-define torture as 'enhanced interrogation techniques.' But Hayden, in a nearly 80-minute lecture posted on C-Span, said Obama came to embrace Bush’s positions. Both Bush and Obama said the country was at war. The enemy was al-Qaida. The war was global in nature. And the United States would have to take the fight to the enemy, wherever it may be, he said. 'And yet, you’ve had two presidents, the American Congress, and the American court system, in essence, sign up to all four of those sentences,' Hayden said. Moments later, Hayden added: 'And so, we’ve seen all of these continuities between two very different human beings, President Bush and President Obama. We are at war, targeted killings have continued, in fact, if you look at the statistics, targeted killings have increased under Obama.' He said that was the case because, in one differing path between the two presidents, Obama in 2009 closed CIA 'black sites' and ratcheted down on torturing detainees. But instead of capturing so-called 'enemy combatants,' President Obama kills them instead, Hayden said. 'We have made it so politically dangerous and so legally difficult that we don’t capture anyone anymore,' Hayden said. 'We take another option, we kill them. Now. I don’t morally oppose that.' Obama’s kill list has even included American citizens. Hayden noted Obama campaigned on promises to close the detention center in Guantanamo Bay, and to bring more transparency to government. Obama failed to close Guantanamo and continued the use of the often-cited 'state secrets' defense in court cases challenging the government’s policies on the war on terror. 'Despite a campaign that was based on a very powerful promise of transparency, President Obama, and again in my view quite correctly, has used the state secrets argument in a variety of courts, as much as President Bush,' Hayden said. He noted that he appreciated Obama’s invocation of the state secrets privilege, as Hayden himself was named as a defendant in some of the cases. Hayden also noted that Obama, as an Illinois senator in 2008, eventually voted to legalize President Bush’s once-secret warrantless spying program adopted in the wake of the September 11, 2001 terror attacks. The measure also granted America’s telecoms immunity from lawsuits for their complicity in the spy program. The law authorizes the government to electronically eavesdrop on Americans’ phone calls and e-mail without a probable-cause warrant so long as one of the parties to the communication is believed outside the United States. The communications may be intercepted 'to acquire foreign intelligence information.' 'The FISA Act not only legitimated almost every thing president Bush had told me to do under his Article II authorities as commander in chief, but in fact gave the National Security Agency a great deal more authority to do these kind of things,' Hayden said. The law, now known as the FISA Amendments Act, expires at year’s end. The Obama administration said congressional reauthorization was the administration’s 'top intelligence priority,' despite 2008 campaign promises to make the act more privacy-friendly. As for the election, Hayden indicated it may not matter, at least when it comes to anti-terrorism policy. He seemingly confirmed that the rock band the Who was correct when it blurted 'meet the new boss, same as the old boss.' Hayden, who said he was an adviser the Romney presidential campaign, said Romney would largely follow Obama’s same path, too, if Romney was elected."
Former CIA Chief: Obama’s War on Terror Same as Bush’s, But With More Killing
Wired, 10 September 2012

"Plans to record every Briton’s online activity and mobile phone use could put national security at risk and may not even be technically workable, internet companies have warned MPs. The London Internet Exchange (Linx), which represents service providers, said the Government’s controversial surveillance proposals represent a 'dramatic shift' in the balance between individuals’ privacy and the power of the state. It said forcing them to keep details of all website visits and mobile phone calls would in effect create a communications data profile for every user, which also would affect the relationship of trust they have with customers. Authorities would be able to search the database to look for all people who were in Trafalgar Square at a particular time and date and who had visited certain websites in the previous year, it is claimed. If this 'profiling engine' were ever hacked into, 'it would constitute a significant threat to national security'. But Linx said its members had 'significant doubts' about the feasibility of building the system. In addition, the draft Bill is so written so loosely that it would allow ministers an 'effectively unfettered and wholly inappropriate' discretion to decide on how much intrusion should be allowed into citizens’ private lives."
Internet 'snooper's charter' could jeopardise national security, ISPs warn
Telegraph, 6 September 2012

"Wikipedia founder Jimmy Wales has said that his website will encrypt connections with Britain if plans to track internet, text and email use become law. The measures would require internet service providers such as Vodafone and Virgin Media to keep tabs on every single page accessed by UK citizens. But Mr Wales told MPs and peers yesterday that it would be relatively easy for Wikipedia to thwart any snooping on how people had been using the site by encrypting data. This would ensure that while information held by ISPs would show that users were accessing the online encyclopaedia, it would not show what subject pages they were looking at."
Jimmy Wales: Wikipedia will use encryption to beat snooper's charter
Telegraph, 6 September 2012

"Spyware developed and sold by a UK-based company has been used to snoop on dissidents in autocratic regimes, according to two security researchers. The software, legitimately produced and sold by British firm Gamma International, has somehow managed to find its way into the hands of some of the most repressive governments in the world. According to Google security researcher Morgan Marquis-Boire and Berkeley student Bill Marczak, the spyware was found in email attachments sent to several activists in Bahrain. Their investigation found the spyware infected not just PCs but a range of devices running popular mobile operating systems, such as iOS, Android, RIM, Symbian, and Windows Phone 7. The spyware boasts capabilities such as live surveillance via 'silent calls' and location tracking. It also has the ability to track all forms of communication, including emails and voice calls as well as cameras and microphones. A study carried out by University of Toronto Munk School of Global Affairs' Citizen Lab found an application that purports to be FinSpy, a piece of commercial spyware sold to countries for criminal investigations. Gamma Group, the German parent of UK-based Gamma International, developed FinSpy. Gamma’s managing director Martin Muench told Bloomberg that the company had no involvement whatsoever in selling the software to despotic regimes."
Google engineer finds FinFisher spyware tracking political dissidents
ITPRO, 3 September 2012

"Two security researchers have found new evidence that legitimate spyware sold by British firm Gamma International appears to be being used by some of the most repressive regimes in the world. Google security engineer Morgan Marquis-Boire and Berkeley student Bill Marczak were investigating spyware found in email attachments to several Bahraini activists. In their analysis they identified the spyware infecting not only PCs but a broad range of smartphones, including iOS, Android, RIM, Symbian, and Windows Phone 7 handsets. The spying software has the capability to monitor and report back on calls and GPS positions from mobile phones, as well as recording Skype sessions on a PC, logging keystrokes, and controlling any cameras and microphones that are installed. They report the code appears to be FinSpy, a commercial spyware sold to countries for police criminal investigations. FinSpy was developed by the German conglomerate Gamma Group and sold via the UK subsidiary Gamma International. In a statement to Bloomberg, managing director Martin Muench denied the company had any involvement."
Google engineer finds British spyware on PCs and smartphones
The Register, 31 August 2012

"FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc. (AAPL)’s iPhone and Research in Motion Ltd. (RIM)’s BlackBerry, an analysis of presumed samples of the software shows. The program can secretly turn on a device’s microphone, track its location and monitor e-mails, text messages and voice calls, according to the findings, being published today by the University of Toronto Munk School of Global Affairs’ Citizen Lab. Researchers used newly discovered malicious software samples to further pull back the curtain on the elusive cyber weapon. The hunt for clues to the software’s deployment has gained speed since July, when research based on e-mails obtained by Bloomberg News identified what looked like a FinFisher product that infects personal computers. In that case, the malware targeted activists from the Persian Gulf kingdom of Bahrain. The latest analysis, led by security researcher Morgan Marquis-Boire, may demonstrate how such spyware can reach a broader range of devices to follow their owners’ every move. 'People are walking around with tools for surveillance in their pockets,' says John Scott-Railton, a doctoral student at the University of California Los Angeles’ Luskin School of Public Affairs who assisted with the research. 'These are the tools that can be used to turn on your microphone and turn your phone into a tracking device.' The findings -- which are consistent with Gamma’s own promotional materials for a FinFisher product called FinSpy Mobile -- illustrate how the largely unregulated trade in offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across borders and peers into peoples’ digital devices. FinFisher products can secretly monitor computers, intercepting Skype calls, turning on Web cameras and recording keystrokes. They are marketed by Gamma for law enforcement and government use. ... In December, anti-secrecy website WikiLeaks published a promotional brochure and video for FinSpy Mobile. The video shows a BlackBerry user receiving a message to click on a link for a fake update -- and then making the mistake of doing so. 'When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located,' a FinSpy brochure published by WikiLeaks says. Systems that can be targeted include Microsoft Corp. (MSFT)’s Windows Mobile, the Apple iPhone’s iOS and BlackBerry and Google Inc. (GOOG)’s Android, according to the company’s literature. Today’s report says the malware can also infect phones running Symbian, an operating system made by Nokia Oyj (NOK1V), and that it appears the program targeting iOS will run on iPad tablets. A mobile device’s user can become infected by being tricked into going to a Web link and downloading the malware, which can be disguised as something other than FinSpy. As Gamma’s promotional video illustrates, the process can be as simple as sending someone a text message with a link that looks as if it comes from the phone maker, and asking the user to 'please install this system update,' Marquis-Boire says. Otherwise, without the use of a previously undiscovered vulnerability, the person sneaking the program onto a phone must gain physical access to the device or know its passwords, the study says. The spyware doesn’t appear to take advantage of any vulnerability in the phones or their operating systems, the study says. ... The new study also sheds light on FinFisher’s global reach, bolstering separate findings by researchers who said on Aug. 8 that computers in at least 10 countries on five continents show signs of being command servers to which computers infected by FinFisher send their pilfered data. That study was led by Guarnieri of Rapid7. .... The mobile-infecting samples obtained for the report, which transmit data via the Internet and text message, also provided clues to FinFisher’s deployment. In one case, a sample was found transmitting to the same Internet address in the Czech Republic that Guarnieri had identified in his study as a likely FinFisher command computer. It’s unclear whether any government agencies in the countries identified in the studies are Gamma clients or whether the users may be based in other countries. A spokesman at the Czech Republic’s interior ministry said he has no information of Gamma being used there, nor any knowledge of its use at other state institutions. A spokeswoman for the Defense Ministry said it has never used Gamma products. The Czech secret service didn’t respond to an e-mailed request for comment.'
Spyware Matching FinFisher Can Take Over IPhones
Bloomberg, 29 August 2012

"The U.S. government is making steady progress on a game-changing technology that would give it the most powerful weapon ever devised in the realm of cyber warfare and information dominance. The weapon is called a 'prime-factoring quantum computer,' and a small-scale version of the game-changing technology has already been demonstrated by researchers at UC Santa Barbara, where qubits -- quantum bits of computational potential -- factored the number 15 into its prime factors three and five.... Right now, in 2012, the government can't brute-force decrypt your files because that would take longer than the age of the known universe. But the government can save your files and hold onto them until prime-factoring quantum computers become a reality -- something that looks to be only years away. At that point, the government can then retroactively decrypt all the files it has been storing in its NSA data centers. In other words, all the encrypted files you're sending around right now -- thinking they're bulletproof in terms of security -- will eventually be decrypted by the U.S. government with the help of a soon-to-exist quantum computer. Right now, then, the government is capturing all email attachments and building a future 'decryption queue' of files to be processed once the quantum computers are up and running. The scientists who are working on this project may think they're advancing the cause of science, but what they're actually doing is handing one of the world's most dangerous governments the 'ultimate information weapon' that can -- and will -- be used to crush freedom and dissent."
US government developing ultimate cyber weapon; Prime-factoring quantum computing makes encryption obsolete
NaturalNews, 20 August 2012

"From telling us when our train is coming, helping us when we're lost and letting us watch our favourite TV shows, there seems no limit to how involved our smartphone is with our day-to-day life. Now the gadget promises something so advanced it verges on the supernatural: it will know exactly what we're doing tomorrow. Scientists have found a way of predicting an individual's future movements by analysing information their mobile phone. A team of computer scientists at the University of Birmingham successfully predicted future locations with an error margin of just 60ft, which has fuelled fears of privacy invasions. While mobile phone networks can already track where a handset is in 'real time', the scientists have developed an algorithm - or formula - to forecast our future movements. They compared data from one individual and their closest social network to predict a person’s future location based on places and areas visited in the past and the frequency of contact between those studied, The Sunday Times reported."
Mobile phone companies can predict future movements of users by building a profile of their lifestyle
Mail, 19 August 2012

"After announcing the discovery of a new malicious software that targets financial data, researchers have created new, Web-based tools that let anyone check if they’ve been infected. The new malware, Gauss, shows ties to previous state-sponsored viruses Flame and Stuxnet, but targets financial data. Those viruses were aimed at computers tied to Iran’s nuclear program; Gauss is primarily found in Lebanon....Thus far, Gauss appears to have only been used for surveillance, but there are parts of the virus’s code that may hide further capabilities."
Gauss: Researchers release detection tools
Washington Post, 10 August 2012

"Everyone in the high-tech industry, along with the usual ardent early-adopters, is betting heavily on the emerging Internet 'cloud.' What often gets overlooked are the drawbacks, as tech writer Mat Honan learned when hackers destroyed his digital life. Not inconvenienced; not interrupted. Destroyed. He lost all the photos he had of his daughter, as well as many documents and emails that were presumably important to him. Honan had trusted heavily in the convenience and seeming ubiquitous nature of cloud computing. That approach calls for storing all your content on the cloud, tying all your devices together with grand and expansive systems, and using uber-sophisticated software to control and protect everything. The payback: You always have access to everything you want when you need it. However, systems and machines ultimately rely on human beings, and getting people to always do what is prescribed is a losing battle."
Apple, Amazon prove the 'cloud' isn't safe
CBS News, 8 August 2012

"Questions about what social networks mean for personal privacy and security have been brought to a head by research at Carnegie Mellon University that shows that Facebook has essentially become a worldwide photo identification database. Paired with related research, we're looking at the prospect where good, bad and ugly actors will be able identify a face in a crowd and know sensitive personal information about that person. These developments mean that we no longer have to worry just about what Facebook, Google+, LinkedIn and other social sites do with our data; we have to worry about what they enable others to do, too. And it now seems that others will be able to do a lot. As reported in various privacy and security outlets like Kashmir Hill’s Forbes blog and Paul Roberts at ThreatPost, and demonstrated at last week’s Black Hat conference, the CMU researchers relied on just Facebook’s public profile information and off-the-shelf facial recognition software. Yet the CMU researchers were able to match Facebook users with their pictures on otherwise anonymous Match.com accounts. The researchers also had significant success taking pictures of experimental subjects and matching them to their Facebook profiles."
Facebook's Privacy Issues Are Even Deeper Than We Knew
Forbes, 8 August 2011

"Recently-released documents show that the FBI has been working since late 2011 with four states—Michigan, Hawaii, Maryland, and possibly Oregon—to ramp up the Next Generation Identification (NGI) Facial Recognition Program. When the program is fully deployed in 2014, the FBI expects its facial recognition database will contain at least 12 million 'searchable frontal photos.''
FBI’s Facial Recognition is Coming to a State Near You
EFF, 2 August 2012

"Millions of customers’ banking details are at risk after it emerged that card readers used in shops and restaurants can be hacked. Experts have found a security flaw in chip and PIN terminals that allows thieves to download customers’ card details. There are more than one million such readers in the UK according to the UK Cards Association, which processes about 800million purchases each month. Thousands of terminals must now be reprogrammed... researchers discovered that criminals can use second-hand devices purchased on eBay to load fake cards with malicious software. Once used in shops, the fakes – made to look like a normal credit or debit card – infect readers, which begin storing the details of all subsequent transactions. The criminal then returns later and uses a second card to download this data, which includes card details and PINs."
Hackers can steal your details from chip and PIN machines used in shops and restaurants
Mail, 30 July 2012

"Britain has quietly agreed to measures that could increase the ability of the security services to intercept online communications, experts say. Although the Home Office is at pains to stress that the draft communications and data bill, which is going through parliament, will not involve checking the content of emails and social media, experts say British officials have been simultaneously involved in international moves that could allow increased interception of online data – moves that will not be subject to the scrutiny of MPs. The European Telecommunications Standards Institute (Etsi), the body that sets industry standards, has agreed measures that analysts say could force internet service providers to ensure that their systems meet government standards for intercepting communications.... A joint scrutiny committee of MPs and peers, set up following widespread concerns about increased intrusion following the unveiling of the draft bill last month, is understood not to have been informed of the Etsi standards, which critics say could precipitate an escalation in state surveillance. While the bill does not authorise interception, experts warn that there is nothing in the proposals that prevents the authorities from then installing their own hardware capable of intercepting the communications network. A draft report from the Etsi technical committee on lawful interception, dated April 2012, indicates that standards have been agreed that could lead to increased data interception. It reveals that measures have been agreed to monitor 'nomadic access', which means surveillance of an individual whether they go online from their home computer, mobile or an internet café. To facilitate this, service providers 'must implement a Cloud Lawful Interception Function (Clif)' that could mean the installation of a new monitoring interface 'or more likely ensuring presentation of information in a format recognisable to interception mechanisms'. Etsi has faced criticism in the past for the pre-emptive inclusion of wiretapping capabilities, a decision that critics say encouraged European governments to pass their wiretapping laws accordingly. According to Ross Anderson, professor in security engineering at the University of Cambridge Computer Laboratory, the institute has strong links with the intelligence agencies and has a significant British contingent, along with a number of US government advisers. The development has led to fears among civil liberties campaigners that the bill could become a stepping stone towards plans to monitor and control access to content. Anderson said: 'It's an absolutely massive extension of state surveillance. At present the government can watch anybody. What they want in the future is to get into a position where the government can watch everybody. They are saying this is only about communications data, but in fact it is not. If you build the infrastructure that Etsi have agreed, it can be used for interception. The documents show that there is a clear and continuing intention to use it for interception.'"
Security services to get more access to monitor emails and social media
Guardian, 28 July 2012

"The New York Police Department will soon launch an all-seeing 'Domain Awareness System' that combines several streams of information to track both criminals and potential terrorists. New York Police Commissioner Raymond Kelly says the city developed the software with Microsoft. Kelly says the program combines city-wide video surveillance with law enforcement databases. He says it will be officially unveiled by New York’s mayor as soon as next week. Kelly spoke Saturday before an audience at the Aspen Security Forum. The NYPD has been under fire for surveillance of Muslim communities and partnering with the CIA to track potential terror suspects. Muslim groups have sued to shut down the NYPD programs."
NYPD Plans To Launch New Criminal And Terrorist Tracking System
Associated Press, 28 July 2012

"A skilled hacker has shown how to hijack a smartphone via a short-range radio technology known as Near Field Communication (NFC). Charlie Miller created tools that forced phones to visit websites seeded with attack software. The software on the booby-trapped websites helped Mr Miller look at and steal data held on a handset. NFC is becoming increasingly common in smartphones as the gadgets are used as electronic tickets and digital wallets. Mr Miller, a research consultant at security firm Accuvant, demonstrated the work at the Black Hat hacker conference in Las Vegas. During his presentation, Mr Miller showed how to attack three separate phones: the Samsung Nexus S, the Google Galaxy Nexus - which both run Android - and the Nokia N9, which runs on the MeeGo system."
Android and Nokia MeeGo phones hijacked via wallet tech
BBC Online, 27 July 2012

"Skype, the online phone service long favored by political dissidents, criminals and others eager to communicate beyond the reach of governments, has expanded its cooperation with law enforcement authorities to make online chats and other user information available to police, said industry and government officials familiar with the changes. Surveillance of the audio and video feeds remains impractical — even when courts issue warrants, say industry officials with direct knowledge of the matter. But that barrier could eventually vanish as Skype becomes one of the world’s most popular forms of telecommunication. The changes to online chats, which are written messages conveyed almost instantaneously between users, result in part from technical upgrades to Skype that were instituted to address outages and other stability issues since Microsoft bought the company last year. Officials of the United States and other countries have long pushed to expand their access to newer forms of communications to resolve an issue that the FBI calls the 'going dark' problem. Microsoft has approached the issue with 'tremendous sensitivity and a canny awareness of what the issues would be,' said an industry official familiar with Microsoft’s plans, who like several people interviewed for this story spoke on the condition of anonymity because they weren’t authorized to discuss the issue publicly. The company has 'a long track record of working successfully with law enforcement here and internationally,' he added. The changes, which give the authorities access to addresses and credit card numbers, have drawn quiet applause in law enforcement circles but hostility from many activists and analysts. Hacker groups and privacy experts have been speculating for months that Skype had changed its architecture to make it easier for governments to monitor, and many blamed Microsoft, which has an elaborate operation for complying with legal government requests in countries around the world. 'The issue is, to what extent are our communications being purpose-built to make surveillance easy?' said Lauren Weinstein, co-founder of People for Internet Responsibility, a digital privacy group."
Skype makes chats and user data more available to police
Washington Post, 26 July 2012

"A city council must stop recording passengers' and drivers' conversations in its taxis, the information watchdog said today. Information Commissioner Christopher Graham said Southampton City Council had 'gone too far' in its desire to ensure people's safety. Most people would reasonably expect more privacy in the back of a cab, he suggested. While CCTV can still be used in taxis, making it compulsory to record all conversations in taxis must stop, Mr Graham said.... The watchdog also revealed that a similar scheme in Oxford, which would have also recorded conversations, would breach the Data Protection Act and added that the council has now suspended the implementation of the policy... Images should only be recorded where it is 'clearly justifiable' while audio recordings should only be made 'on very rare occasions, for example where there are a high number of serious incidents and where recording is triggered due to a specific threat in a taxi cab', the watchdog said."
Taxis forced to stop recording passengers' and drivers' private conversations
Press Association, 25 July 2012

"Will government surveillance finally become a political issue for middle-class Americans? Until recently, average Americans could convince themselves they were safe from government snooping. Yes, the government engaged in warrantless wiretaps, but those were directed at terrorists. Yes, movies and TV shows featured impressive technology, with someone’s location highlighted in real time on a computer screen, but such capabilities were used only to track drug dealers and kidnappers. Figures released earlier this month should dispel that complacency. It’s now clear that government surveillance is so widespread that the chances of the average, innocent person being swept up in an electronic dragnet are much higher than previously appreciated. The revelation should lead to long overdue legal reforms. The new figures, resulting from a Congressional inquiry, indicate that cell phone companies responded last year to at least 1.3 million government requests for customer data—ranging from subscriber identifying information to call detail records (who is calling whom), geolocation tracking, text messages, and full-blown wiretaps. Almost certainly, the 1.3 million figure understates the scope of government surveillance. One carrier provided no data. And the inquiry only concerned cell phone companies. Not included were ISPs and e-mail service providers such as Google, which we know have also seen a growing tide of government requests for user data. The data released this month was also limited to law enforcement investigations—it does not encompass the government demands made in the name of national security, which are probably as numerous, if not more. And what was counted as a single request could have covered multiple customers. For example, an increasingly favorite technique of government agents is to request information identifying all persons whose cell phones were near a particular cell tower during a specific time period—this sweeps in data on hundreds of people, most or all of them entirely innocent. How did we get to a point where communications service providers are processing millions of government demands for customer data every year? The answer is two-fold. The digital technologies we all rely on generate and store huge amounts of data about our communications, our whereabouts and our relationships. And since it’s digital, that information is easier than ever to copy, disclose, and analyze. Meanwhile, the privacy laws that are supposed to prevent government overreach have failed to keep pace. The combination of powerful technology and weak standards has produced a perfect storm of privacy erosion."
Millions of Americans now fall within government's digital dragnet
Ars Technica, 24 July 2012

"German engineering giant Siemens has issued a fix for the software loopholes used by the notorious Stuxnet worm. Stuxnet was discovered in 2010 after investigations into malfunctions at many industrial plants and factories. Iran's nuclear enrichment efforts were hit hard by Stuxnet which targeted the devices that control delicate industrial processes. The fix comes as reports circulate of a fresh cyber attack on Iranian nuclear enrichment project. Stuxnet exploited loopholes in the software Siemens wrote to oversee the running of its programmable logic controllers - devices used in many industrial facilities to automate a production process. When a controller was infected with Stuxnet it made the motors it was typically connected to run out of control and burn out. This is believed to have been behind Iran's need to replace many of the centrifuges it was using in its Natanz uranium enrichment plant.... The Siemens update comes as security firm F-Secure received an email believed to have been sent by a scientist working at Iran's Atomic Energy Organization. In the message, the scientist said its plants at Natanz and Qom have been hit again by a worm. Reza Taqipur, Iran's minister of communication and information technology, said it was sometimes hit by as many as two million cyber attacks a day, but its ability to deal with them was growing daily."
Stuxnet thwarted by control code update
BBC Online, 24 July 2012

"Normally if you find a rogue outlet strip, or a user happens to bring his or her own surge protector to use you might not think much of it. Thanks to a new device called the Power Pwn, though, it might soon be cause for concern. A company called Pwnie Express is taking pre-orders for the device. According to the company’s website, 'Pwnie Express specializes in innovative, rapid-deployment cyber security products for the IT security professional.' The idea of a power source that doubles as hacking or penetration-testing toolkit isn’t new to Pwnie Express. It also offers a smaller unit that simply plugs into an outlet. However, the Pwn Plug Mini may draw more attention than the Power Pwn, which by all outward appearances is simply a run-of-the-mill surge protector outlet strip. A Power Pwn unit connected in your office would be a serious threat to your network and data security. The Power Pwn boasts integrated Wi-Fi, high-gain Bluetooth with a range of 1,000 feet, a 3G cellular connection, and dual Ethernet ports to provide an attacker with a variety of means of communicating with the device from inside the network or around the world. With the device safely planted in a cubicle in your office, its owner has access to a wide variety of built-in tools. The Power Pwn is pre-loaded with Debian 6, Metasploit, Kismet, nmap, Aircrack, and more. Best of all, it actually does function as a fully-capable 120/240v AC outlet strip."
Power Pwn Outlet Strip Doubles as Stealth Hacking Tool
PC World, 23 July 2012

"A new set-top box which offers all Britain's major TV channels could be 'reporting back' to its makers on what you watch. The end result could be Google-style 'user profiles' about what each person watches. It's not clear how this information could be used. The YouView set-top box is Ł300, and will offer access to the catch-up services of the BBC, ITV, Channel 4 and Channel 5. But the box may have Big Brother features which will be less palatable to UK consumers - gathering information about what and when they watch, and storing that information elsewhere. According to a report in The Independent, the box will gather information about exactly what shows user's watched. A spokesperson said, 'YouView doesn't sell advertising, so it doesn't use data for behaviourally targeted advertising.' A YouView spokesperson was unavailable for comment. The box is the first time that the BBC, ITV, Channel 4 and Channel 5 have been accessible in one box with catch-up features. The service may be two years late (from the original launch window) and cost Ł300 for the box, but for some people, the service may offer the convenience of all the services, as well as other Freeview channels, without the ongoing cost of a monthly bill. The box, released later this month, comes with a 500GB hard drive and can record one channel while watching another. It features an electronic programme guide (EPG) that allows users to scroll back seven days to catch-up on programmes they’ve missed. Programmes can be watched in HD, and users can record, pause and rewind live TV. A search lets you find on-demand content by programme or actor’s name. Sir Alan Sugar said it was 'a great moment in British television'. The service comes with an interface to allow you to watch broadcast televeision, as well as browse the content from BBC iPlayer, ITV Player, 4OD and Demand 5. When it launches, it will offer access to more than 100 digital TV and radio channels, with a further 300 content providers - such as LoveFilm - expressing interest in joining.... YouView will be available in two ways; from retailers, with no further TV subscription, or from an ISP as part of a phone and broadband package. Retail partners already signed up include John Lewis, Currys, Comet, Argos, Amazon, Richer Sounds and the Euronics group."
BBC and ITV's new YouView TV box reports back on exactly what shows you watch - allowing for Google-style 'user profiles'
Mail, 23 July 2012

"The Obama administration has given the Department of Homeland Security powers to prioritize government communications over privately owned telephone and Internet systems in emergencies. An executive order signed June 6 'gives DHS the authority to seize control of telecommunications facilities, including telephone, cellular and wireless networks, in order to prioritize government communications over private ones in an emergency,' said Amie Stephanovich, a lawyer with the Electronic Privacy Information Center (EPIC). The White House says Executive Order 13618, published Wednesday in the Federal Register, is designed to ensure that the government can communicate during major disasters and other emergencies and contains no new authority."
DHS emergency power extended, including control of private telecom systems
Washington Times, 12 July 2012

"In response to New York Times stories that relied on leaks of sensitive national-security information, a House of Representatives panel on Wednesday discussed legislation that could allow journalists to be prosecuted for disclosing such information. Army Col. Ken Allard testified to a House Judiciary subcommittee that the extent of national security leaks is 'unprecedented' in American history. Recent examples include the Times’ investigations of President Barack Obama’s terrorist 'kill list' and American cyberattacks on Iran."
House may prosecute journalists for reporting leaked information
Christian Science Monitor, 11 July 2012

"In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations. The cellphone carriers’ reports, which come in response to a Congressional inquiry, document an explosion in cellphone surveillance in the last five years, with the companies turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests. The reports also reveal a sometimes uneasy partnership with law enforcement agencies, with the carriers frequently rejecting demands that they considered legally questionable or unjustified. At least one carrier even referred some inappropriate requests to the F.B.I. The information represents the first time data have been collected nationally on the frequency of cell surveillance by law enforcement. The volume of the requests reported by the carriers — which most likely involve several million subscribers — surprised even some officials who have closely followed the growth of cell surveillance.... As cell surveillance increased, warrants for wiretapping by federal and local officials — eavesdropping on conversations — declined 14 percent last year to 2,732, according to a recent report from the Administrative Office of the United States Courts. The diverging numbers suggest that law enforcement officials are shifting away from wiretaps in favor of other forms of cell tracking that are generally less legally burdensome, less time consuming and less costly. ... The reports provided to the A.C.L.U. showed that many local and state police agencies claimed broad discretion to obtain cell records without court orders, and that some departments specifically warned officers about the past misuse of cellphone surveillance in nonemergency situations. Chris Calabrese, a lawyer for the A.C.L.U., said he was concerned not only about officials gathering phone data on people with no real connection to crimes but also about the agencies then keeping those records indefinitely in internal databases."
More Demands on Cell Carriers in Surveillance
New York Times, 8 July 2012

"The Android ecosystem is becoming a true heaven for malware software and malicious apps, Trend Micro warned. The Tokyo-based security company said that during the second quarter of the year, the number of malware samples found on Android-based devices was more than four times larger than the first quarter. According to data from Trend Micro, 25,000 malware samples for Android were detected during the second quarter compared to the 'only' 6,000 malicious specimen found in the first quarter of 2012. The number was far higher than the company initially estimated (11,000 malware samples). Trend Micro numbers suggest that Bouncer, the security feature that Google advertised as a reliable protection for the Android ecosystem and marketplace (Play), has been pretty ineffective: during the second quarter 17 malicious apps were delivered via Google Play, and users downloaded them 700,000 times before their removal. Trend Micro foresees that in the third quarter of the year there will be 38,000 malware samples infecting as much Android devices, and about 129,000 samples during the fourth quarter."
Android malware quadrupled in the second quarter, says Trend Micro
Inquirer, 4 July 2012

"Hi-tech monitors that track households' energy consumption threaten to become a major privacy issue, according to the European watchdog in charge of protecting personal data. The European Data Protection Supervisor (EDPS) has warned that smart meters, which must be introduced into every home in the UK within the next seven years, will be used to track much more than energy consumption unless proper safeguards are introduced. The EDPS warns that 'while the Europe-wide rollout of smart metering systems may bring significant benefits, it will also enable massive collection of personal data'. It said the technology could be used to track what 'households do within the privacy of their own homes, whether they are away on holiday or at work, if someone uses a specific medical device or a baby monitor, or how they spend their free time'. It claims the vast amount of information collected by the new generation of devices could have serious consequences for consumers and what they pay for their energy. 'These patterns can be useful for analysing our energy use for energy conservation but, together with data from other sources, the potential for extensive data mining is very significant,' said Giovanni Buttarelli, assistant director of the EDPS. 'Profiles can be used for many other purposes, including marketing, advertising and price discrimination by third parties.' The European commission is now under pressure to consider whether legislation should be introduced to ensure that smart meters do not breach data protection rules. All homes are expected to have their old meters replaced with the new technology by the end of 2019. The installation of smart meters will cost an estimated Ł11bn in the UK. However, few consumers are aware of the new technology."
Energy smart meters are a threat to privacy, says watchdog
Observer, 1 July 2012

"The Chinese government has 'pervasive access' to some 80 percent of the world’s communications, giving it the ability to undertake remote industrial espionage and even sabotage electronically of critical infrastructures in the United States and in other industrialized countries. The Chinese government and its People’s Liberation Army are acquiring the access through two Chinese companies, Huawei Technologies Co. Ltd and ZTE Corporation, telecommunications experts have told WND. With this access, the sources say, the Chinese are working on the other 20 percent. The two companies give the Chinese remote electronic 'backdoor' access through the equipment they have installed in telecommunications networks in 140 countries. The Chinese companies service 45 of the world’s 50 largest telecom operators.... In 2000, Huawei was virtually unknown outside China, but by 2009 it had grown to be one of the largest, second only to Ericsson. As a consequence, sources say that any information traversing 'any' Huawei equipped network isn’t safe unless it has military encryption. One source warned, 'even then, there is no doubt that the Chinese are working very hard to decipher anything encrypted that they intercept.' Sources add that most corporate telecommunications networks use 'pretty light encryption' on their virtual private networks, or VPNs. One of the main suppliers of VPN technology is the U.S.-based company RSA, which recently had its own protocols breached by hackers.... And it doesn’t have to be a Third World country. British Telecom apparently is a major user of Huawei equipment in its core networks and one of the biggest allied countries to the U.S. with numerous electronic business exchanges occurring on a daily basis among companies. The electronic intrusions by the Chinese are done remotely through the use of the commercial networks set up by Huawei and ZTE that they have established in numerous countries. Sources point out that the Chinese make use of telecommunications equipment from Huawei and ZTE very attractive by offering subsidized deals through Chinese banks at non-commercial terms with which Western companies cannot compete.... As WND previously reported, the potential for industrial espionage and sabotage through electronic backdoors has grabbed the attention of the U.S. House Intelligence Committee which has decided to investigate Huawei and ZTE. The concern not only is in protecting proprietary information but the potential threat to critical U.S. infrastructure and national security.... With this capability, China would be in a position to sabotage critical U.S. weapons systems and sensitive cyber sites, all of which could include intelligence or systems used by defense contractors doing work on behalf of the Department of Defense or the U.S. intelligence community."
China: 'Pervasive access' to 80% of telecoms
WorldNetDaily, 1 July 2012

"The shopping habits of Britain's 25 million supermarket loyalty card holders could be grabbed by the Government in an attempt to halt the UK's dangerous obesity crisis, it was claimed today. People who buy too much alcohol, fatty foods or sugary drinks would be targeted with 'tailored' health advice under plans being considered by the Coalition. With more children than ever dangerously overweight, parents could also be contacted if their bills show they are not giving their offspring a balanced diet from their weekly shop. Cutting obesity-related illness would help the NHS save billions. A Whitehall unit set up to covertly change the habits of Britons has already been in talks with the major supermarkets to gain access to their huge shopping databases. Their loyalty card systems allows them to collate detailed lists of what all their shoppers buy. Around 25 million people have these cards, with Tesco alone having 15 million members. The head of the Government's Behavioural Insights Team said supermarkets had more information on the diets of Britons than their own doctors. David Halpern, the head of the Whitehall team known as the 'nudge unit', told The Daily Telegraph: 'If you go and buy your stuff regularly, they [the supermarkets] know exactly what you are buying.' Prime Minister David Cameron is said to back these 'nudge' tactics, which are designed to slowly influence the choices of people rather than using Government legislation to force change. But Health Secretary Andrew Lansley and other Tories are said to be opposed to the idea in case they are accused of snooping on the public by employing 'Big Brother' techniques. American academic Richard Thaler, who is an expert on nudge techniques met the cabinet, including the Prime Minister and Chancellor George Osborne this month, to discuss the issue with them. He told them that the information held by Britain's big businesses is key to helping them change."
Supermarket spies: How the Government plans to use loyalty card data to snoop on the eating habits of 25million shoppers
Mail, 25 June 2012

"The U.S. House Intelligence Committee will investigate two major Chinese telecommunications equipment companies – Huawei Technologies Co. Ltd and ZTE Corp. – to determine their links to the communist government and whether their products, embedded in critical U.S. infrastructure, threaten U.S. national security. The committee fears that the equipment the companies sell on the U.S. market could enable the Chinese government to conduct espionage and even sabotage of the nation’s infrastructure through an 'electronic backdoor,' a prospect WND recently exposed in a series of articles. 'The fact that our critical infrastructure could be used against us is of serious concern,' said Rep. Mike Rogers, chairman of the House Intelligence Committee."
China-chip reports prompt congressional review
WorldNetDaily, 21 June 2012

"The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort. The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyberwarfare campaign, according to the officials. The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment. The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States. 'This is about preparing the battlefield for another type of covert action,' said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. 'Cyber-collection against the Iranian program is way further down the road than this.' Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials who spoke on the condition of anonymity. There has been speculation that Washington had a role in developing Flame, but the collaboration on the virus between the United States and Israel has not been previously confirmed. Commercial security researchers reported last week that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity. Spokesmen for the CIA, the NSA and the Office of the Director of National Intelligence, as well as the Israeli Embassy in Washington, declined to comment. The virus is among the most sophisticated and subversive pieces of malware to be exposed to date. Experts said the program was designed to replicate across even highly secure networks, then control everyday computer functions to send secrets back to its creators. The code could activate computer microphones and cameras, log keyboard strokes, take screen shots, extract geolocation data from images, and send and receive commands and data through Bluetooth wireless technology. Flame was designed to do all this while masquerading as a routine Microsoft software update; it evaded detection for several years by using a sophisticated program to crack an encryption algorithm. 'This is not something that most security researchers have the skills or resources to do,' said Tom Parker, chief technology officer for FusionX, a security firm that specializes in simulating state-sponsored cyberattacks. He said he does not know who was behind the virus. 'You’d expect that of only the most advanced cryptomathematicians, such as those working at NSA.' Flame was developed at least five years ago as part of a classified effort code-named Olympic Games, according to officials familiar with U.S. cyber-operations and experts who have scrutinized its code. The U.S.-Israeli collaboration was intended to slow Iran’s nuclear program, reduce the pressure for a conventional military attack and extend the timetable for diplomacy and sanctions. The cyberattacks augmented conventional sabotage efforts by both countries, including inserting flawed centrifuge parts and other components into Iran’s nuclear supply chain. The best-known cyberweapon let loose on Iran was Stuxnet, a name coined by researchers in the antivirus industry who discovered it two years ago. It infected a specific type of industrial controller at Iran’s uranium-enrichment plant in Natanz, causing almost 1,000 centrifuges to spin out of control. The damage occurred gradually, over months, and Iranian officials initially thought it was the result of incompetence. The scale of the espionage and sabotage effort 'is proportionate to the problem that’s trying to be resolved,' the former intelligence official said, referring to the Iranian nuclear program. Although Stuxnet and Flame infections can be countered, 'it doesn’t mean that other tools aren’t in play or performing effectively,' he said. To develop these tools, the United States relies on two of its elite spy agencies. The NSA, known mainly for its electronic eavesdropping and code-breaking capabilities, has extensive expertise in developing malicious code that can be aimed at U.S. adversaries, including Iran. The CIA lacks the NSA’s sophistication in building malware but is deeply involved in the cyber-campaign. The CIA’s Information Operations Center is second only to the agency’s Counterterrorism Center in size. The IOC, as it is known, performs an array of espionage functions, including extracting data from laptops seized in counterterrorism raids. But the center specializes in computer penetrations that require closer contact with the target, such as using spies or unwitting contractors to spread a contagion via a thumb drive. Both agencies analyze the intelligence obtained through malware such as Flame and have continued to develop new weapons even as recent attacks have been exposed. Flame’s discovery shows the importance of mapping networks and collecting intelligence on targets as the prelude to an attack, especially in closed computer networks. Officials say gaining and keeping access to a network is 99 percent of the challenge."
U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say
Washington Post, 19 June 2012

"The surveillance experts at the National Security Agency won’t tell two powerful United States Senators how many Americans have had their communications picked up by the agency as part of its sweeping new counterterrorism powers. The reason: it would violate your privacy to say so. That claim comes in a short letter sent Monday to civil libertarian Senators Ron Wyden and Mark Udall. The two members of the Senate’s intelligence oversight committee asked the NSA a simple question last month: under the broad powers granted in 2008's expansion of the Foreign Intelligence Surveillance Act, how many persons inside the United States have been spied upon by the NSA? The query bounced around the intelligence bureaucracy until it reached I. Charles McCullough, the Inspector General of the Office of the Director of National Intelligence, the nominal head of the 16 U.S. spy agencies. In a letter acquired by Danger Room, McCullough told the senators that the NSA inspector general 'and NSA leadership agreed that an IG review of the sort suggested would further violate the privacy of U.S. persons,' McCullough wrote."
NSA: It Would Violate Your Privacy to Say if We Spied on You
Wired, 18 June 2012

"British authorities on Thursday unveiled an ambitious plan to log details about every Web visit, email, phone call or text message in the U.K.... The bill would force providers – companies such as the BT Group PLC or Virgin Media Inc. – to log where emails, tweets, Skype calls and other messages were sent from, who was sending them, who they were sent to, and how large they were. Details of file transfers, phone calls, text messages and instant conversations, such as those carried over BlackBerry Messenger, would also be recorded. The bill demands that providers collect IP addresses, details of customers' electronic hardware, and subscriber information, including names, addresses, and payment information. What May didn't mention in her editorial – and the Home Office left off its press release – was that the government also is seeking to keep logs of citizens' Internet history, giving officials access to the browsing habits of roughly 60 million people .... Prefer to send mail the old-fashioned way? That would be monitored, too. Address details and other markers printed onto envelopes would be copied; parcel tracking information would be logged as well....The measure remains a draft bill, which means it's subject to change before it is presented to Parliament."
Britain Unveils Electronic Mass Surveillance Plan
Associated Press, 14 June 2012

"The European Data Protection Supervisor has warned that smart meters are a significant privacy threat and wants limits on the retention and use of customer data before it's too late. The EDPS is an independent authority figure tasked with identifying where EU policies might represent a risk to privacy. He reckons next-generation meters, which precisely monitor electricity use within homes, are a very likely candidate unless his concerns are addressed ahead of time."
Smart meters are 'massive surveillance' tech - privacy supremo
The Register, 11 June 2012

"Apple has recruited a private fleet of aeroplanes equipped with military standard cameras to produce 3D maps so accurate they could film people in their homes through skylights, according to reports. The US software giant is expected to announce this week a new 'Maps' programme for iPhones and iPads allowing users to view images previously out of reach to anyone but the intelligence services. Producing images of streets, homes and gardens so clear they will show objects just 4in across and display the sides of buildings as well as their roofs, the product is aimed as a direct challenge to Google Maps. The technology is understood to have already been tested in 20 cities across the world including London following Apple's acquisition of C3 Technologies, a Swedish 3D mapping business, last year."
Apple 'spy planes' to film homes from the air
Telegraph, 11 June 2012

"It looked like a Government U-turn last Monday when Justice Secretary Ken Clarke briefed reporters that his plans to allow courts to sit in secret had ‘gone too far’ and promised, as one front-page headline put it, they would be ‘rowed back’. That was the spin. But the following morning, when Mr Clarke’s Ministry published the text of his Justice and Security Bill, the truth became clear. In reality, the Government had made just one important concession: dropping its original intention that the new secret hearings would extend to inquests. But, in every other respect, the Bill is draconian and will, if passed, introduce levels of secrecy quite without precedent. Despite Mr Clarke’s soothing reassurances, this is the truth about the supposed ‘climbdown’: * Ministers will be able to demand secret hearings in any civil court case where they claim airing evidence openly might ‘damage the interests of national security’. * Theoretically, judges could reject such demands. But the Bill makes clear that in practice their role will be that of rubber stamps. * In some types of case, Ministers will be able to shut down an action altogether if it has anything to do with an intelligence service, or if the Government claims it might damage ‘international relations’. Senior Tory backbencher David Davis, a fierce opponent of the plans, said yesterday: ‘The way this was managed is typical of the Blair years. They chose a week when Parliament wasn’t sitting and successfully pre-spun the Bill with the media before it was even published. ‘Only when it was issued did it become apparent that it is still a corrosive attack on centuries of legal tradition and the rules of natural justice, with their basic principle that people must have the right to know what is alleged against them.’"
Climbdown over secret courts? Nonsense. Now it's even worse: How Ken Clarke's masterclass in spin hid REAL story about new justice laws
Mail, 3 June 2012

"The United Nations is set to issue an urgent warning to guard against the most powerful computer virus ever unleashed amid fears it could be used to bring countries to a standstill. In what was being seen last night as the dawn of a new era in cyber warfare, UN computer security chief Marco Obiso said: 'This is the most serious warning we have ever put out.' He was speaking after it was revealed that a massive superbug had been used to hack into computers in Iran. Israel did little to dispute claims yesterday that it was behind the clandestine online assault. The sophisticated spyware – said to be about 100 times the size of most malicious software – also hacked other machines in the Middle East, including Sudan, Saudi Arabia, Lebanon and Egypt, but Iran appeared to be the primary target, according to a Russian Internet security firm. Mr. Obiso, cyber security coordinator for the UN's International Telecommunications Union, said the warning will underline the danger the virus represents to the critical infrastructure of member nations. Dubbed 'Flame', the Trojan bug worms its way into computer systems and reportedly turns infected machines into listening devices. It can activate a computer's audio system to eavesdrop on Skype calls or office chatter, take screenshots or log keystrokes and even suck information from Bluetooth-enabled phones left nearby. 'The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date. 'It pretty much redefines the notion of cyber war and cyber espionage,' said Moscow-based Kaspersky Lab ZAO. The company's conclusion that the superbug was crafted at the behest of a national government fuelled claims that Flame was part of an Israeli-backed campaign of electronic sabotage aimed at archrival Iran.... Udi Mokady, the head of Cyber-Ark, an Israeli developer of information security, claimed only four countries – the US, Israel, Russia and China - had the technological know-how to develop so sophisticated an electronic offensive.... The Russians discovered the virus after being asked by the United Nations to find a piece of mystery malware that was wiping out sensitive information across the Middle East. It is believed to have been coded by the same programmers who hacked into Iran's nuclear programme six years ago."
United Nations to issue warning against 'world's most powerful computer virus' over fears it could cripple entire countries
Mail, 29 May 2012

"Google knew software for its Street View fleet could secretly collect personal data including emails, pictures and text messages from unprotected wi-fi networks, it has been claimed. Documents seen by America’s Federal Communications Commission (FCC) apparently show an engineer created the snooping technology called gstumbler which could capture data from inside residents’ homes as teams toured the country. One particular document shows that the engineer flagged up privacy implications and said a privacy lawyer should be consulted before the software was installed. The bank of personal data collected could have been used by Google to develop new products."
Google Snoop View: Search engine giant 'knew its software could steal emails, pictures and text messages from millions of people with its Street View cars'
Mail, 27 May 2012

"Northside Independent School District plans to track students next year on two of its campuses using technology implanted in their student identification cards in a trial that could eventually include all 112 of its schools and all of its nearly 100,000 students. District officials said the Radio Frequency Identification System (RFID) tags would improve safety by allowing them to locate students — and count them more accurately at the beginning of the school day to help offset cuts in state funding, which is partly based on attendance. Northside, the largest school district in Bexar County, plans to modify the ID cards next year for all students attending John Jay High School, Anson Jones Middle School and all special education students who ride district buses. That will add up to about 6,290 students. The school board unanimously approved the program late Tuesday but, in a rarity for Northside trustees, they hotly debated it first, with some questioning it on privacy grounds."
Students will be tracked via chips in IDs
San Antonio Express-News, 26 May 2012

"Nations that carry out cybercrimes and wreak online havoc pose the greatest threat to the future of the internet, the chairman of Google has warned. In a speech delivered at London's Science Museum on Wednesday, Eric Schmidt said the internet would be vulnerable for at least 10 years, and that every node of the public web needed upgrading to protect against crime. Fixing the problem was a 'huge task' as the internet was built 'without criminals in mind' he said. 'While threats come from individuals and even groups of people, the biggest problem will be activities stemming from nations that seek to do harm. It is very difficult to identify the source of cyber-criminality and stop it,' he said.... Speaking at the museum, Schmidt said he worried about the permanence of information on the internet and its impact on individuals in future. 'The fact that there is no delete button on the internet forces public policy choices we had never imagined,' he said. 'A false accusation in your youth used to fade away; now it can remain forever.' Schmidt also used his speech to warn about the rise in governments that censor online material, up from four a decade ago to at least 40 today. Through filtering, governments could build their own 'Balkanised web', where people saw different information online depending on who and where they were, without anyone knowing what had been censored."
Governments pose greatest threat to internet, says Google's Eric Schmidt
Guardian, 23 May 2012

"The FBI has recently formed a secretive surveillance unit with an ambitious goal: to invent technology that will let police more readily eavesdrop on Internet and wireless communications. The establishment of the Quantico, Va.-based unit, which is also staffed by agents from the U.S. Marshals Service and the Drug Enforcement Agency, is a response to technological developments that FBI officials believe outpace law enforcement's ability to listen in on private communications. While the FBI has been tight-lipped about the creation of its Domestic Communications Assistance Center, or DCAC -- it declined to respond to requests made two days ago about who's running it, for instance -- CNET has pieced together information about its operations through interviews and a review of internal government documents."
FBI quietly forms secretive Net-surveillance unit
CNETNews, 22 May 2012

"Defense giant Northrop Grumman is hiring software engineers to help it carry out 'offensive cyberspace operations,' according to a recent job posting. The job posting, for a 'Cyber Software Engineer 2' appeared on the Website Clearancejobs.com and described a position on a Northrop R&D project to 'plan, execute and assess an Offensive Cyberspace Operation (OCO) mission' that would include familiarity with tools like Metasploit and Google Earth and 'integration of capabilities such as command linkages, data flows, situation awareness (SA) and command and control (C2) tools.' Firms like Northrop have repeatedly been the target of sustained and sophisticated attacks from outside agents. Many of those attackers - euphemistically described as 'Advanced Persistent Threats' - or APTs - are believed to have links to China and groups working for the People's Liberation Army (PLA). A spokeswoman for Northrop Grumman confirmed the validity of the job posting, but declined to elaborate on what Northrop was referring to with the term 'Offensive Cyberspace Operations.'"
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
ThreatPost (Blog), 24 May 2012

"Iranians are already used to censors blocking Facebook, Gmail and foreign news sites, and being spied on with surveillance software purchased from Western companies. But the ambitious plans would go much further, blocking access to foreign-based social media sites and email. Instead, there will be an Iranian version of Facebook and a new email service, to be called Iran Mail. Users will have to register their home address and social security number with police. The plans have received the backing of the Supreme Leader Ayatollah Ali Khamenei, the most powerful man in Iran, who has denounced the internet as sinful and a means for the West to wage 'soft war' by invading Iranian culture. But his real target is anti-regime activists who have relied on the internet since the failure of the 'Green Revolution' which followed the disputed 2009 election. Since then security has been so tight on Iran's streets that protests are broken up almost as soon as they start."
Iran planning to cut internet access to rest of world
Telegraph, 28 April 2012

"Don’t worry about hackers illegally accessing government systems. It turns out government workers and civil servants who are trusted with private citizen data are more likely to access your data illegally. The U.K. government is haemorrhaging data — private and confidential citizen data — from medical records to social security details, and even criminal records, according to figures obtained through Freedom of Information requests. Just shy of 1,000 civil servants working at the Department for Work and Pensions (DWP), were disciplined for accessing personal social security records. The Department for Health (DoH), which operates the U.K.’s National Health Service and more importantly all U.K. medical records, saw more than 150 breaches occur over a 13-month period. And all this comes to light no more than a fortnight after the Queen formally announced the U.K. government will monitor all Web and email traffic, and log all landline, mobile phone, and Skype calls. And it’s the privacy campaigners who are in the wrong to say that the data won’t be illegally accessed or abused? There is one, simple fact: from health records to criminal records, employment details and other personal data, government databases are not only open to abuse, but are actively being exploited by the very people we supposedly trust with our data."
UK government staff caught snooping on citizen data
ZDNet (Blog), 17 May 2012

"Police are storing millions of pieces of private data from the mobile phones of innocent people who have never been convicted of any crime. The information, which can be held indefinitely, includes the content of text messages, call histories and contact books from traditional mobile handsets. Officers can also access and copy website histories and email content from smart phones, including records of activity on Facebook and other social networking sites. In recent weeks, special download units have been placed in police stations across London. Each one allows the content of a suspect’s phone’s memory to be copied in minutes. Previously, phones had to be sent to a forensic laboratory for information to be extracted. Senior officers say the new move will speed up investigations. But details of the Metropolitan Police action caused a major privacy row yesterday. It was branded a ‘back-door surveillance scheme’ by critics who fear it will mean a huge expansion in the amount of data collected and stored by officers. Of particular concern is the revelation that the data will be stored indefinitely, even if the suspect is either released without charge or, when prosecuted, cleared by the courts."
Big Brother row over police device that can take ALL call, text and email data from suspects' mobile phones for LIFE
Mail, 18 May 2012

"Police - or anyone with a piece of spying software - can track everything you do on your iPhone without needing physical access to your phone.The software, called Phone Password Breaker, can download all of the data from Apple's iCloud service - which backs up all of your pictures, text messages, emails, calendar appointments, call logs, website you have visited, and contacts. As iPhones sync nearly instantaneously with iCloud, anyone who is listening will have near-instantaneous access to your phone - without the owner noticing a thing. ElcomSoft chief executive Vladimir Katalov said: 'While other methods require the presence of the actual iPhone device being analysed or at least an access to device backups, this is not the case with iCloud. 'In a sense, Phone Password Breaker becomes an alternative way to get access to iOS devices’ content."
Beware of iCloud! Snooping software lets police read everything on your iPhone in real-time without you ever knowing
Mail, 18 May 2012

"It doesn't take long. Several minutes into their first meeting, the director of Crown Intelligence offers an undercover reporter a broad range of highly sensitive and potentially illegal personal data. A hidden camera monitors Stephen Anderson leaning across his desk in a plush office near Hyde Park, central London, saying: 'I could go through his criminal history, his financial history, bank accounts, loans, medical history.' It is 5 May 2011, two months before David Cameron announced the Leveson inquiry into press ethics and the media's use of private investigators to access personal data. At a time when broader debate over privacy, data protection and press intrusion is raging, Anderson confirms that the most sensitive of personal information is easily available so long as you are prepared to pay. Over the months that followed, even after the start of Lord Justice Leveson's inquiry, Anderson would provide undercover reporters with a gamut of highly personal information. On Monday Channel 4's Dispatches will screen its year-long investigation revealing the ease and extent to which the unregulated private investigation industry is willing to acquire personal data for a price. An undercover reporter, posing as a risk analysis company representing multinationals, approached private investigators requesting background information on political activists they claimed were targeting clients. The programme's intention was to reveal the risk to ordinary people, rather than celebrities targeted by sections of the press."
Private investigators are selling access to financial and criminal records
Guardian, 12 May 2012

"The ease with which private investigators can access highly personal and sensitive information stored in secure government databases has been exposed by a report that will intensify calls to regulate the industry. An investigation by Channel 4's Dispatches programme reveals how a London firm of private detectives sold personal data on individuals, including details of bank accounts, benefit claims and even a national insurance number. Undercover reporters also recorded Stephen Anderson, director of private investigators Crown Intelligence, disclosing medical details including the name of one of the volunteers' doctors, recent appointments with a GP and, in one instance, confirmation of a medical condition. On several occasions, the investigator provided information for payment that appears to be covered by the Data Protection Act, which makes it an offence to 'obtain or disclose data without permission or procure the disclosure to another person'. The investigation, conducted against the backdrop of the Leveson inquiry, which has intensified scrutiny on private investigators, highlights the apparent simplicity with which data that is not possible to obtain legally can be found. Anderson insists that all the data he unearthed was obtained legally."
Trade in sensitive personal data uncovered by secret investigation
Guardian, 12 May 2012

"The Draft Communications Bill does not sound very exciting but this measure, outlined in the Queen’s Speech this week, contains some very worrying proposals indeed. Basically, if passed, the Bill will allow the police and other authorities access to our Internet browsing history in the interests of fighting crime and combatting terrorism. As usual, supporters of snoopery will trot out the old adage that if you have nothing to hide you have nothing to fear. This is, in its most fundamental way, true. But the trouble is that as with all these moves what we are seeing is only the thin end of a very long and dangerous wedge. Most law-abiding people have no reason to worry about other people knowing what websites they have visited. But once you give the authorities the ability to do this history tells us that this ability will, inevitably, end up being abused. ...... How long before details of what websites I have been looking at are passed on to ‘interested parties’? Of course the Internet itself is quite capable of doing this already, to great effect (the ability of Google to read the contents of emails and suggest linked ads based on this content is as impressive as it is disturbing) but the imprimatur of national security agencies and the police will add a certain sting to this loss of privacy. You can see how commercial and even family lawyers would love to get access to people’s Internet history for financial or other reasons. If a shaven-headed wheel-clamping knuckledragger can get hold of your address from the DVLA, how much easier it will be for a divorce lawyer to gain access to a complete list of websites and emails sent and accessed by the opposing party? How easy it will be for commercial disputes to be ramped up by the full disclosure of all Internet transactions? How long before local councils (which have already been caught out using ‘anti-terrorism’ legislation to justify actions that have nothing to do with terrorism) are given the same powers as the police to see what we are up to online? The point is that when the basic laws are there it becomes very easy to amend and expand their power and scope to suit any interested party that can make a good case for itself. In an era when anyone opposing ‘security’ is labelled a friend of terrorism, it is so easy to see how this sort of expansion can take place. This is a very slippery slope. Yes the law abiding usually have little to fear from the erosion of privacy but the trouble is this is only the case when we can wholeheartedly trust those to whom we have entrusted our details for safekeeping. The shabby behaviour of the DVLA shows this is not always the case. The Internet is no longer a hobbyist tool. It hasn’t been so for more than 15 years. It is now as vital a part of our lives, private and commercial, as the post and telegraph were in previous eras. It is not an option. That is why attempts to break open what degree of online privacy exists must be scrutinised very carefully indeed."
Beware the Internet snoopers' charter
Mail, 10 May 2012

"The rapidly changing nature of internet-based communications has left the security agencies and the police unable to legally track the online activities of terrorists and serious criminals in 25% of cases, the Home Office says. Security chiefs say that the current law requiring European-based communications service providers, such as BT and Virgin Media, to collect and store monitoring data on everyone's email and internet use fails to cover major overseas-based players, including Gmail and Hotmail. 'In some cases it is no longer possible to obtain data about the sender and recipient of an email,' said Charles Farr, the head of the Office for Security and Counter-Terrorism. 'Communications data from internet-based services is not always available; for some internet-based services it is not generated, collected and stored by the internet service provider. Many service providers are based overseas,' he said."
Home Office highlights gaps in online surveillance of criminals
Guardian, 8 May 2012

"The coalition has pushed ahead with its plans to introduce monitoring of who is talking to whom over the internet, known as the 'header' information of emails, web pages and text messages – although Nick Clegg is insistent that it will not be rammed through parliament and that it will get plenty of scrutiny. That's a good thing. Internet service providers (ISPs) and mobile phone operators, which will have to implement this, have been hoping that it wouldn't come. More to the point, nobody has yet answered why the government wants to be able to see our digital breadcrumb trail – telling it, in effect, only where we've been, but not necessarily what was said. The problem is that such monitoring can be easily evaded by even slightly tech-savvy criminals or terrorists. (Who you talk to using an internet phone – or VoIP – service such as Skype, for example, will not show up on ISPs or phone network records, since it isn't an email or a web page, and is encrypted by default, though paranoid rumours abound of it being hacked by governments to eavesdrop.) That leaves open the question of who the government – more precisely, the police and security services, since they are the ones who have been pushing for this measure – think they are going to catch with this scheme. Clearly, they must have an idea. Here's what a Home Office spokesman said by way of explanation: 'It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public. ' We need to take action to maintain the continued availability of communications data as technology changes. Communications data has played a role in every major Security Service counter-terrorism operation over the past decade and in 95% of all serious organised crime investigations..... Let's be more precise. It's going to be useful against the less well-organised groups, gangs and rings, where some or all of the members aren't well-schooled in the computing field. That effectively means 'the older ones' or those who are operating at the bottom of the ladder, because anyone further up the rungs of criminality or terrorism will already be familar with swapping sims, disposable phones, encryption services, and so on. That leads us back to the key questions: how often is this data going to be used? And will it be examined as a prelude to an investigation, or only alongside one? The worry is that the police and security services will begin using the fact that this data is collected to go on fishing expeditions against people that they don't like, in order to build a case. That might work in some cases, but it could also amount to a huge intrusion, many times over. The draft communications data bill itself suggests that yes, fishing expeditions are just what this will be about. 'The main benefits would be: the ability of the police and intelligence agencies to continue to access communications data which is vital in supporting their work in protecting the public' plus 'an updated framework for the collection, retention and acquisition of communications data which enables a flexible response to technological change', reads the draft. In other words, fishing expeditions – ostensibly overseen by the Interception of Communications Commissioner (ICC), who already exists – it's a job within the Investigatory Powers Tribunal (IPT), presently held by the Rt Hon Sir Paul Kennedy (amusingly pictured on the site only through the window of a passing car – no interception there). Now, the job sounds like a powerful one, where Sir Paul would be the gatekeeper to the police or security services getting hold of data. However, events from the phone hacking scandal (when some reporters were able to get mobile phone numbers and even immediate locations – something only possible by use of data that the IPT must approve) suggest that the IPT and the ICC aren't as good at holding back incursions on private data as they should be. Tim Berners-Lee, the inventor of the web, calls the plan 'a destruction of human rights'. Only the police and security services (who, let's remember, were in favour of 90-day detention without charge – despite never being able to describe a case where it would have made a difference) like it."
Big questions remain unanswered over the government's 'snooper's charter'
Guardian, 9 May 2012

"The FBI is asking Internet companies not to oppose a controversial proposal that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance. In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned. The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly."
FBI: We need wiretap-ready Web sites -- now
CNet, 4 May 2012

"Millions of credit and debit card users could be ‘robbed by radiowave’ because of new contactless technology being brought in by banks. Almost 20million shoppers are now able to buy goods by simply waving their card in front of a reader at the tills, even if it is still in a wallet or a purse. But industry experts have warned that the information emitted by the cards can be stolen by fraudsters using handheld receptors that cost as little as Ł7 on the internet. It means cardholders – most of whom are given a contactless card automatically when their old one expires – can unknowingly surrender their personal bank details to a thief by simply walking past them in the street. The technology in the card, known as radio frequency identification (RFID), transmits bank details via its own radio signal, and is accepted in many High Street chains, including Co-op, Boots and Pret-a-Manger. It does away with the need for a customer inputting their PIN when buying goods, and was designed to reduce queues at the checkout.However, a fraudster with a contactless card reader can easily collect the 16-digit credit card number, expiry date and name – known as RFID skimming – from anyone who walks past carrying one of the new cards. They then have enough information to rack up huge bills at any internet shopping site – such as Amazon – that does not demand the three-digit security code on the back of the card."
Your card details are 'stolen out of thin air': Information could be 'robbed by radiowave' thanks to new contactless technology
Mail, 29 April 2012

"Civil liberty campaigners have expressed privacy fears over government plans to share data on individuals across the public sector. According to the Guardian, ministers are expected to propose 'fast-track' procedures so that data can be more easily shared between different government bodies. But Guy Herbert of the No2ID campaign told the newspaper he had concerns about the revival of 'database state' plans that were scrapped by Labour in 2009. ..... Herbert said data sharing was 'inimical to privacy' and 'inimical to the rule of law', arguing confidentiality would be scrapped as the government established a database through the process of collecting and connecting data. A Cabinet Office spokesman refuted claims that they were building a central database, insisting the citizen would remain in charge of their data, and not the state."
Privacy fears over data sharing plans
PublicService, 24 April 2012

"Social media should be monitored by police and security services, a former intelligence chief has said, to prevent paedophiles and terrorists from communicating unhindered. Sir David Omand, former Permanent Secretary and Security and Intelligence Co-ordinator in the Cabinet Office, says criminals are increasingly making use of online social networks such as Twitter and Facebook to communicate. He added that those responsible for protecting society need to use the technology to keep suspects under surveillance. He said that without the monitoring and collection of social media intelligence, known as Socmint, websites could become ‘secret spaces’ where those carrying out illegal activities could communicate freely..... The soon to be published Communications Capabilities Development Programme is expected to force internet service providers to store details of when and where emails are sent and by whom. Mr Omand wants a Green Paper to be published on monitoring social media sites and for private industry to link up with the Government to develop analytical tools to monitor developments."
'We must be allowed to spy on Facebook and Twitter', says former Whitehall intelligence chief
Mail, 24 April 2012

"New regulations on internet cookies which come into force tomorrow will cost UK businesses Ł10billion, researchers have claimed. The EU Privacy and Communications Directive will force businesses to obtain explicit consent for all forms of website tracking from users. The study claims that UK businesses could lose Ł10 billion due to a combination of lost sales, damage to existing technology and advertising businesses and the migration of online businesses overseas as they seek to avoid the costs of compliance. The latest guidelines suggest that website owners will need to ask for varying degrees of consent to differentiate between cookies that they need simply to make a website work, those that provide enhanced functionality, and those that exist simply to gather information about you for the site’s own purposes. When the draft code was launched at the beginning of the month, Robert Bond of law firm Speechly Bircham said 'The impact of the new law is far-reaching and incredibly onerous for website owners. This will affect all UK companies.' QuBit, which carried out the study, said 'This law will have a massive impact on a broad swathe of digital marketing and optimisation techniques and is one of the most important changes in web development in the last five years.''
EU cookie law ‘will cost businesses Ł10billion’
Telegraph, 24 April 2012

"In our report Are We Safer? .... reporter Dana Priest investigated how, in the post-9/11 era, the government has turned to expanded and shared intelligence databases to connect the dots and detect terrorist threats before they emerge. The problem, Priest found, is that many states have yet to use their vast and growing anti-terror apparatus to capture any terrorists; instead the government has built a massive database that collects, stores and analyzes information on thousands of U.S. citizens and residents, many of whom have not been accused of any wrongdoing. For example, Are We Safer profiled a Maryland case in which 53 activists primarily affiliated with anti-death penalty, environmental, racial justice and anti-war groups — including several Catholic nuns — were the subjects of an elaborate 14-month covert surveillance program by the Maryland State Police. Because of the new shared databases, their files were available to state and federal officials. The incident became an example of what Maryland Governor Martin O’Malley (D) described as 'the cowboy excesses' of surveillance programs. Today, the Associated Press published a report revealing surveillance by the New York Police Department’s intelligence unit that it says echoes the Maryland case. According to the AP, NYPD officers kept intelligence files on activists in liberal political organizations opposed to U.S. immigration policy, labor laws and racial profiling."
New Counterterrorism Guidelines Allow U.S. to Hold Americans’ Data Longer
PBS, 23 March 2012

"The News of the World ordered it reporters to dig up dirt on the private lives of MPs on a committee investigating the phone hacking scandal as part of a campaign by Rupert Murdoch’s News International to thwart their inquiries, a new book on the saga claims. Neville Thurlbeck, the former chief reporter on the defunct Sunday tabloid, said that in 2009 an 'edict' was delivered from a senior member of editorial staff to find out 'every single thing' about the members of the House of Common’s media select committee and that a team of six journalists was established to carry out the operation. Mr Thurlbeck, who has been arrested in connection with phone hacking, said: 'An edict came down... and it was [to] find out every single thing you can about every single member: who was gay, who had affairs, anything we can use.' The incendiary claim that the paper at the heart of the voicemail interception revelations that have tainted the Murdoch empire set out to undermine MPs investigating it is contained in Dial M for Murdoch, a book about the scandal by Labour MP Tom Watson, a member of the media committee and key campaigner on phone hacking, and Martin Hickman, an award-winning journalist on The Independent. At a Westminster launch of the title, Mr Watson said News Corporation was a 'toxic institution' and that the allegedcampaign intimidation had been successful and was part of a wider attempt to cover up the hacking scandal by the Murdoch empire. He said: 'I am sorry to say that this tactic was successful, the committee’s legitimate investigation was undermined and Parliament was, in effect, intimidated. 'News International thought they could do this, that they could get away with it, that no-one could touch them; and they actually did it, and it worked.' He added: 'We conclude that the web of influence which News Corporation spun in Britain, which effectively bent politicians, police and many others in public life to its will, amounted to a shadow state.''
News of the World asked reporters to 'dig dirt on MPs', claims book
Independent, 19 April 2012

"The European Parliament has voted in favour of controversial new legislation which gives US authorities access to information about airline passengers. MEPs meeting in Strasbourg decided to allow the US Department of Homeland Security to see data routinely collected by airlines including passenger names, addresses, credit card details and seat numbers. Sensitive data such as a person's religious beliefs, sexual orientation and racial origin could also be used in 'exceptional' circumstances. The EU-US Passenger Name Record (PNR) agreement was adopted with 409 votes in favour, 226 against and 33 abstentions. A proposal to refer the agreement to the European Court of Justice was rejected by MEPs. The deal covers all flights to or from the US and under the agreement US authorities can retain the data for up to 15 years. While proponents of the legislation believe it is essential in order to counter terrorism and serious transnational crimes, opponents claim the data retention period is too long and that data protection safeguards in the agreement are not up to EU standards. The European commission's own lawyers said last year that the agreement is unlawful and expressed 'grave doubts' that the deal would comply with the fundamental right to data protection. The agreement, which has been held up for two years due to privacy concerns, replaces another deal applied provisionally since 2007."
EU approves data sharing deal
Irish Times, 19 April 2012

"The principles of openness and universal access that underpinned the creation of the internet three decades ago are under greater threat than ever, according to Google co-founder Sergey Brin. In an interview with the Guardian, Brin warned there were 'very powerful forces that have lined up against the open internet on all sides and around the world'. 'I am more worried than I have been in the past,' he said. 'It's scary.' The threat to the freedom of the internet comes, he claims, from a combination of governments increasingly trying to control access and communication by their citizens, the entertainment industry's attempts to crack down on piracy, and the rise of 'restrictive' walled gardens such as Facebook and Apple, which tightly control what software can be released on their platforms..... Brin's comments come on the first day of a week-long Guardian investigation of the intensifying battle for control of the internet being fought across the globe between governments, companies, military strategists, activists and hackers.'.... Brin acknowledged that some people were anxious about the amount of their data that was now in the reach of US authorities because it sits on Google's servers. He said the company was periodically forced to hand over data and sometimes prevented by legal restrictions from even notifying users that it had done so."
Web freedom faces greatest threat ever, warns Google's Sergey Brin
Guardian, 15 April 2012

"When Tom Cruise had to break into police headquarters in Minority Report, the futuristic crime thriller, he got past the iris scanners with ease: He just swapped out his eyeballs. CIA agents may find that just a little beyond the call of duty. But meanwhile, they’ve got to come up with something else: The increasing deployment of iris scanners and biometric passports at worldwide airports, hotels and business headquarters, designed to catch terrorists and criminals, are playing havoc with operations that require CIA spies to travel under false identities. Busy spy crossroads such as Dubai, Jordan, India and many E.U. points of entry are employing iris scanners to link eyeballs irrevocably to a particular name. Likewise, the increasing use of biometric passports, which are embedded with microchips containing a person’s face, sex, fingerprints, date and place of birth, and other personal data, are increasingly replacing the old paper ones. For a clandestine field operative, flying under a false name could be a one-way ticket to a headquarters desk, since they’re irrevocably chained to whatever name and passport they used. 'If you go to one of those countries under an alias, you can’t go again under another name,' explains a career spook, who spoke on condition of anonymity because he remains an agency consultant. 'So it’s a one-time thing — one and done. The biometric data on your passport, and maybe your iris, too, has been linked forever to whatever name was on your passport the first time. You can’t show up again under a different name with the same data.' The issue is exceedingly sensitive to agency operatives and intelligence officials, past and present. 'I think you have finally found a topic I can’t talk about,' said Charles Faddis, a CIA operations officer who retired in 2008."
CIA’s Secret Fear: High-Tech Border Checks Will Blow Spies’ Cover
Wired, 12 April 2012

"Soon, Congress will begin drafting legislation reauthorizing the Foreign Intelligence Surveillance Act, which serves as the legal framework for domestic espionage against external threats. And while FISA doesn't affect spy activities overseas, the attention it generates will shift scrutiny to the National Security Agency and its growing and astonishing capabilities. The NSA, the intelligence arm of the United States responsible for eavesdropping and code breaking, weathered criticism and high-profile legal challenges in 2005 for its warrantless wiretapping program, and now we have a decent idea of the sophisticated and controversial methods the NSA employs to penetrate global telecommunications networks. Still in the shadows, however, is a secretive joint program with the Central Intelligence Agency codenamed F6, but better known as the Special Collection Service. The men and women of the Special Collection Service are responsible for placing super-high-tech bugs in unbelievably hard-to-reach places. Data collected is then transmitted to the National Security Agency for decryption and analysis. John Pike of the Federation of American Scientists put it best: 'When you think of NSA, you think satellites. When you think CIA, you think James Bond and microfilm. But you don't really think of an agency whose sole purpose is to get up real close and use the best technology there is to listen and transmit. That's SCS.' Officially, the Special Collection Service doesn't exist, and isn't headquartered in a guarded complex on a densely forested 300-acre lot outside of Beltsville, Md. But according to journalist James Bamford, the organization was founded in 1978 to bridge the NSA's ability to infiltrate foreign networks and the CIA's ability to penetrate foreign countries. (Its leadership alternates between the director of the NSA and the director of the CIA.) At the Beltsville facility, special tactics for tradecraft are devised, and a kind of mad scientist's laboratory develops new technologies for use in the field. The Special Collection Service is everywhere. In 1999, teams known as Special Collection Elements infiltrated Afghanistan to monitor al Qaeda training camps near Khost. That same year, they tapped Pakistan's communications grid to listen for traffic on its nuclear arsenal. After the U.S. invasion of Iraq in 2003, General Keith Alexander, director of the National Security Agency, sent Special Collection Elements to supplement the U.S. Joint Special Operations Command in Balad. .... But long before al Qaeda pinged U.S. radars, the Special Collection Service was invading communications networks of friend and foe alike, performing what journalist Bob Woodward described as 'espionage miracles, delivering verbatim transcripts from high-level foreign-government meetings in Europe, the Middle East, and Asia.' As far back as the 1980s, Special Collections Elements were using a technique whereby invisible lasers are pointed at windows from safe houses hundreds of feet away. Conversations are then deciphered and recorded by measuring only the vibrations in the glass of the target windowpane. How exactly do these missions go down? Based on what we know, they look something like this: Special Collection Elements made up of two to five people rotate into U.S. embassies around the world, working undercover as Foreign Service officers or members of the Diplomatic Telecommunications Service. When State Department cover is impossible, the agents enter countries under the guise of businesspeople. Some U.S. embassies are known to house dedicated facilities for Special Collection Elements to use as bases of operations. In other situations, and when circumstances dictate, they work surreptitiously, assembling elaborate listening devices from discrete, seemingly everyday components.... Once deployed, Special Collection Elements put technology developed in Beltsville into practice. One such known system is ORATORY, first used extensively during the Gulf War, and likely still operational in some variation. After locating mission objectives, Special Collection Elements place antennas in nondescript locations and ORATORY goes 'up' on the target. The device is given key words to listen for, and when those topics come up by phone or in person, the system captures the conversations for analysis. The Special Collection Service also completes so-called 'black bag jobs.' Intercepts are often encrypted, and it takes time to decipher, translate, and identify useful information. So sometimes, it's easier to simply break into a building and install a hidden microphone, whereupon intelligence can be gathered and voices recorded before encryption ever takes place. Sensitive listening devices can be dropped into computer keyboards, recording the unique clicks of each key for use in reconstructing everything typed. When a lock pick is too risky, however, locals are sometimes bribed to do the dirty work. Agents might be tasked with something as small as planting a bug, or as large as compromising a nation's entire information infrastructure."
Inside the secret world of America's top eavesdropping spies
The Week, 12 April 2012

"Broadcom has just rolled out a chip for smart phones that promises to indicate location ultra-precisely, possibly within a few centimeters, vertically and horizontally, indoors and out. The unprecedented accuracy of the Broadcom 4752 chip results from the sheer breadth of sensors from which it can process information. It can receive signals from global navigation satellites, cell-phone towers, and Wi-Fi hot spots, and also input from gyroscopes, accelerometers, step counters, and altimeters. The variety of location data available to mobile-device makers means that in our increasingly radio-frequency-dense world, location services will continue to become more refined. In theory, the new chip can even determine what floor of a building you're on, thanks to its ability to integrate information from the atmospheric pressure sensor on many models of Android phones. The company calls abilities like this 'ubiquitous navigation,' and the idea is that it will enable a new kind of e-commerce predicated on the fact that shopkeepers will know the moment you walk by their front door, or when you are looking at a particular product, and can offer you coupons at that instant. The integration of new kinds of location data opens up the possibility of navigating indoors, where GPS signals are weak or nonexistent."
A New Microchip Knows Just Where You Are, Indoors and Out
Technology Review, 9 April 2012

"Britain is exporting surveillance technology to countries run by repressive regimes, sparking fears it is being used to track political dissidents and activists. The UK’s enthusiastic role in the burgeoning but unregulated surveillance market is becoming an urgent concern for human rights groups, who want the government to ensure that exports are regulated in a similar way to arms. Much of the technology, which allows regimes to monitor internet traffic, mobile phone calls and text messages, is similar to that which the government has controversially signalled it wants to use in the UK.The campaign group, Privacy International, which monitors the use of surveillance technology, claims equipment being exported includes devices known as 'IMSI catchers' that masquerade as normal mobile phone masts and identify phone users and malware – software that can allow its operator to control a target’s computer, while allowing the interception to remain undetected. Trojan horse software that allows hackers to remotely activate the microphone and camera on another person’s phone, and 'optical cyber solutions' that can tap submarine cable landing stations, allowing for the mass surveillance of entire populations, are also being exported, according to the group. Privacy International said it had visited international arms and security fairs and identified at least 30 UK companies that it believes have exported surveillance technology to countries including Syria, Iran, Yemen and Bahrain. A further 50 companies exporting similar technology from the US were also identified. Germany and Israel were also identified as big exporters of surveillance technology, in what is reportedly a Ł3bn a year industry. Last month Privacy International asked 160 companies about sales of equipment to repressive regimes. So far fewer than 10 have written back to deny selling to nations with poor human rights records. The campaign group warns: 'The emerging information and communications infrastructures of developing countries are being hijacked for surveillance purposes, and the information thereby collected is facilitating unlawful interrogation practices, torture and extrajudicial executions.' Many of the brochures, presentations and marketing videos used by surveillance companies to promote their technology have now been posted on the WikiLeaks website, while a list of firms identified by Privacy International as a cause for concern has been provided to the Department for Business, Innovation and Skills. The trade minister, Mark Prisk, has been briefed on the situation."
UK ‘exporting surveillance technology to repressive nations’
Observer, 7 April 2012

"Mr Williams, one of GCHQ’s codebreakers, is reported to have been sent to the NSA to work on encryption programmes that filter millions of communications every day. In 2010, the FBI was called in to investigate Mr Williams’s death as a possible NSA security compromise..... William Hague has ruled that key evidence in the ‘body-in-the-bag’ inquest into the death of an MI6 officer be heard in secret. The Foreign Secretary signed an order prohibiting disclosure about details of the agent’s work with the British and US secret services."
Hague orders 'body in a bag' spy evidence to be heard in secret so MI6 agent's work in U.S cannot be reported
Mail, 7 April 2012

"A new computer trojan has infected 550,000 machines running Apple's Mac OS X - and many could still be vulnerable. The infected machines are now part of a 'botnet' of zombie machines which can be controlled by cyber criminals and 'told' to download new malicious software. The attack has been described as a 'rude awakening' for Mac users."
'Rude awakening' for Mac users as cyber attack infects 550,000 of Apple's 'virus free' machines - with UK and U.S. worst hit
Mail, 6 April 2012

"A quantum computer created inside a diamond is the first of its kind to include protection against 'decoherence' – noise that prevents it from functioning properly. The team used the diamond's impurities to create the computer's two qubits. The spin in a rogue nitrogen nucleus became the first qubit, with an electron in a second flaw forming the second."
Working quantum computer built inside a diamond
TG Daily, 5 April 2011

"There was an intriguing detail that emerged in the season of programmes on Radio 3 last week that was devoted entirely to Schubert. Apparently the reason that so few of his important letters survive is that the secret police in Vienna in those days went around opening everyone's mail – so no one wrote any important letters. We are now approaching something like the same conditions of state surveillance, and will definitely be there if proposed legislation comes into force. The Government would like to be able to monitor, thanks to the services of GCHQ, the records of every email and every website visit of every person in the country. Ministers 'stress' that email contents will not be looked at – just who we're sending them to. Warrants will still be needed to open them. And if you believe that, I have a bridge to sell you..... It is, in a way, unsurprising news. Britons are already living in the most snooped-on society that the earth has ever known.... It is very interesting indeed that objections to this policy are raised only by opposition parties – Labour tried this when in power. The machinery for a very vicious administration is being cobbled together under our very noses."
Nicholas Lezard: Leave my web browsing history alone
Independent, 2 April 2012

"Police and intelligence officers are to be handed the power to monitor people's messages online in what has been described as an 'attack on the privacy' of vast numbers of Britons. The Home Secretary, Theresa May, intends to introduce legislation in next month's Queen's Speech which would allow law-enforcement agencies to check on citizens using Facebook, Twitter, online gaming forums and the video-chat service Skype. Regional police forces, MI5 and GCHQ, the Government's eavesdropping centre, would be given the right to know who speaks to whom 'on demand' and in 'real time'. Home Office officials said the new law would keep crime-fighting abreast of developments in instant communications – and that a warrant would still be required to view the content of messages. But civil liberties groups expressed grave concern at the move. Nick Pickles, director of the Big Brother Watch campaign group, described it as 'an unprecedented step that will see Britain adopt the same kind of surveillance as in China and Iran.' 'This is an absolute attack on privacy online and it is far from clear this will actually improve public safety, while adding significant costs to internet businesses,' he said. David Davis, the former Conservative shadow Home Secretary, said the state was unnecessarily extending its power to 'snoop' on its citizens. 'It is not focusing on terrorists or on criminals,' the MP said. 'It is absolutely everybody. Historically, governments have been kept out of our private lives. They don't need this law to protect us. This is an unnecessary extension of the ability of the state to snoop on ordinary innocent people in vast numbers.'.... According to The Sunday Times, which broke the story, the Internet Service Provider's Association, which represents communications firms, was unhappy with the proposal when it was briefed by the Government last month. A senior industry official told the paper: 'The network operators are going to be asked to put probes in the network and they are upset about the idea... it's expensive, it's intrusive to your customers, it's difficult to see it's going to work and it's going to be a nightmare to run legally.' Google and BT declined to comment."
Police and MI5 get power to watch you on the web
Independent, 2 April 2012

"Cell phone tracking, previously associated with federal agents, now seems to have become routine for many police departments. A recent report by the American Civil Liberties Union (ACLU) shows that police have not only grown into the practice, but also drop the court warrant stage from the procedure. Over 200 police departments nationwide responded to the ACLU’s pubic requests virtually acknowledging that they track cell phones. But only very few of the interviewed departments says they obtain a court warrant to tune in on a phone. Dozens of cell traces can be logged every month for both emergencies and routine investigations. This mainly includes following a phone registered with the network as it gets a wireless signal, a function which runs several times a minute and just cannot be turned off. Even this may expose a lot. 'A person who knows all of another's travels can deduce whether he is a weekly churchgoer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups – and not just one such fact about a person, but all such facts,' the Federal Appeals Court in Washington, D.C., explained in 2010. In other instances of phone tracking, Californian local police were recommended by state prosecutors to download text messages from a turned-off phone by creating its 'clone.' Still, the ACLU’s documents reveal no evidence of actual wiretapping. This comes as no surprise, especially with the same report remarking that many departments try to keep cell tracking secret. 'Do not mention to the public or the media the use of cell phone technology or equipment used to locate the targeted subject,' the Iowa City Police Department warned staff in a training manual quoted by The New York Times. It should also be kept out of police reports, advises the manual."
Cop’s 'ear' in your pocket: Cell phone tracking routine with US police
RT, 1 April 2012

"Law enforcement tracking of cellphones, once the province mainly of federal agents, has grown into a powerful and widely used surveillance tool for local police officials as well, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, new documents show. The practice has become big business for cellphone companies, too, with a handful of carriers marketing a catalog of 'surveillance fees' to police departments to determine a suspect’s location, trace phone calls and texts or provide other services. Some departments log dozens of traces a month for both emergencies and routine investigations. With cellphones now ubiquitous, the police describe phone tracing as an increasingly valuable weapon in a range of cases, including emergencies like child abductions and suicide calls, and investigations into drug cases, sex crimes and murders. One California police training manual describes cellphones as 'the virtual biographer of our daily activities,' providing a rich hunting ground for learning someone’s contacts and travels. But civil liberties advocates say the widening use of cell tracking raises legal and constitutional questions, particularly when the police act without judicial orders. While many departments require court warrants to use phone tracking in nonemergencies, others claim broad discretion to get the records on their own, according to 5,500 pages of internal records obtained by the American Civil Liberties Union from 205 police departments nationwide. The internal documents, which were provided to The New York Times by the ACLU, open a window into a cloak-and-dagger practice that police officials are wary about discussing publicly. While cell tracking by local police departments has received some limited public attention in the past few years, the ACLU documents show that the practice is in much wider use — with far looser safeguards — than officials have previously acknowledged."
Police are using phone tracking as a routine tool
New York Times, 1 April 2012

"The blandly named Utah Data Center is being built for the US National Security Agency (NSA). A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyse and store vast amounts of the world's communications from satellites and underground and undersea cables of international, foreign and domestic networks. The heavily fortified $2 billion (Ł1.25 billion) centre should be operational in September 2013. Stored in near-bottomless databases will be all forms of communication, including private emails, mobile phone calls and Google searches, as well as personal data trails -- travel itineraries, purchases and other digital 'pocket litter'. It is the realisation of the 'total information awareness' programme created by the Bush administration -- which was killed by Congress in 2003 after an outcry over its potential for invading privacy. But 'this is more than just a data centre', says one senior intelligence official who until recently was involved with the programme. The mammoth Bluffdale centre will have another important and far more secret role. It is also critical, he says, for breaking codes, which is crucial because much of the data that the centre will handle -- financial information, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications -- will be heavily encrypted. According to another top official also involved, the NSA made a breakthrough several years ago in cryptanalysis, or breaking complex encryption systems used not only by governments around the world but also average computer users. The upshot, says this official, is that 'everybody's a target; everybody with communication is a target.... The data stored in Bluffdale will go far beyond the world's billions of public web pages. The NSA is more interested in the invisible web, also known as the deep web or deepnet -- data beyond the reach of the public. This includes password-protected data, US and foreign government communications, and non-commercial file-sharing between trusted peers. 'The deep web contains government reports, databases and other sources of information of high value to DoD and the intelligence community,' according to a 2010 Defense Science Board report. 'Tools are needed to find and index data in the deep web…Stealing the classified secrets of a potential adversary is where the [intelligence] community is most comfortable.'.... For the first time, a former NSA official has gone on the record to describe the programme, codenamed Stellar Wind, in detail. William Binney was a senior crypto-mathematician responsible for automating the agency's worldwide listening network. A tall man with dark, determined eyes behind thick-rimmed glasses, the 68-year-old spent nearly four decades breaking codes and finding new ways to channel billions of private phone calls and email messages from around the world into the NSA's bulging databases. As chief and one of the two cofounders of the agency's Signals Intelligence Automation Research Center, Binney and his team designed much of the infrastructure that's still probably in use. He explains that the agency could have installed its gear at the nation's cable landing stations -- the two dozen or so sites where fibre-optic cables come ashore. If it had, the NSA could have limited its eavesdropping to international communications, which at that time was all that was allowed under US law. Instead it put wiretapping rooms at key junctions throughout the country, thus gaining access to most of the domestic traffic. The network of intercept stations, or 'switches', goes far beyond the room in an AT&T building in San Francisco exposed by a whistleblower in 2006. 'I think there's ten to 20 of them,' Binney says. 'Not just San Francisco; they have them in the middle of the country and on the East Coast.' Listening in doesn't stop at the telecom switches. To capture satellite communications, the agency also monitors AT&T's powerful earth stations, satellite receivers in locations that include Roaring Creek and Salt Creek. .... Binney left the NSA in late 2001, shortly after the agency launched its warrantless-wiretapping programme. 'They violated the [US] Constitution setting it up,' he says. 'But they didn't care. They were going to do it, and they were going to crucify anyone who stood in the way. When they started violating the Constitution, I couldn't stay.' Binney says Stellar Wind was larger than has been disclosed and included listening to domestic phone calls as well as inspecting domestic email. At the outset the programme recorded 320 million calls a day, he says -- about 73 to 80 per cent of the total volume of the agency's worldwide intercepts..... The software, created by a company called Narus that's now part of Boeing, is controlled from NSA headquarters at Fort Meade in Maryland and searches US sources for addresses, locations, countries and phone numbers, as well as watch-listed names, keywords and phrases in emails. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, is recorded and transmitted to the NSA. The scope expands from there, Binney says. Once a name is entered into the Narus database, all communications to and from that person are routed to the NSA's recorders. 'If your number's in there? Routed and gets recorded.' And when Bluffdale is completed, whatever is collected will be routed there...... According to Binney, one of the deepest secrets of the Stellar Wind programme -- again, never confirmed until now -- was that the NSA gained warrantless access to AT&T's domestic and international billing records. As of 2007, AT&T had more than 2.8 trillion records in a database at its Florham Park, New Jersey, complex. Verizon was also part of the programme. 'That multiplies the call rate by at least a factor of five,' Binney says. 'So you're over a billion and a half calls a day.'....Once communications are stored, the datamining begins. 'You can watch everybody all the time with datamining,' Binney says. Everything a person does is charted on a graph, 'financial transactions or travel or anything', he says. Thus the NSA is able to paint a detailed picture of someone's life. The NSA can also eavesdrop on phone calls directly and in real time. According to Adrienne Kinne, who worked before and after 9/11 as a voice interceptor at the NSA facility in Georgia, in the wake of the World Trade Center attacks 'basically all rules were thrown out the window, and they would use any excuse to justify a waiver to spy on Americans'. Even journalists calling home from overseas were included. 'A lot of time you could tell they were calling their families,' she says. 'Intimate, personal conversations.' Kinne found eavesdropping on innocent citizens distressing. 'It's like finding somebody's diary,' she says. But there is reason for everyone to be distressed about the practice. Once the door is open for the government to spy on US citizens, there are temptations to abuse that power for political purposes, as when Richard Nixon eavesdropped on his political enemies during Watergate and ordered the NSA to spy on anti-war protesters. Those and other abuses prompted Congress to enact prohibitions in the mid-1970s against domestic spying. Before he left the NSA, Binney tried to persuade officials to create a more targeted system that could be authorised by a court. At the time, the agency had 72 hours to obtain a legal warrant; Binney devised a method to computerise the system. But such a system would have required close co-ordination with the courts, and NSA officials weren't interested, Binney says. Asked how many communications -- 'transactions', in NSA's lingo -- the agency has intercepted since 9/11, Binney estimates 'between 15 and 20 trillion over 11 years'. Binney hoped that Barack Obama's new administration might be open to addressing constitutional concerns. He and another former senior NSA analyst, J Kirk Wiebe, tried to explain an automated warrant-approval system to the Department of Justice's inspector general. They were given the brush-off. 'They said, oh, OK, we can't comment,' Binney says. Sitting in a restaurant not far from NSA headquarters, the place where he spent nearly 40 years of his life, Binney held his thumb and forefinger close together. 'We are, like, that far from a turnkey totalitarian state,' he says..... In his 1941 story The Library of Babel, Jorge Luis Borges imagined a collection of information where the entire world's knowledge is stored but barely a single word is understood. In Bluffdale the NSA is constructing a library on a scale that even Borges might not have contemplated. And to hear the masters of the agency tell it, it's only a matter of time until every word is illuminated."
The black box: Inside America's massive new surveillance centre
Wired Magazine, 30 March 2012

"Millions more British bank customers have been exposed to fraud through the latest credit and debit card technology, writes Channel 4 News technology producer Geoff White. Millions more British bank customers have been exposed to fraud through the latest credit and debit card technology. On Friday Channel 4 News reported that Barclays Visa contactless cards (ones which bear the symbol pictured) can be read using an off-the-shelf mobile phone running a special app. ViaForensics, the company which carried out the research for Channel 4 News, has now shown the same technique works on a Visa debit card issued by Lloyds. And banking industry insiders have told us that all Visa contactless cards can potentially be read in this way. The app reads the full name, number and expiry date from the card. Channel 4 News was able to use just these three details to order goods through Amazon; setting up an account under a dummy email address and having the goods shipped to an address which does not match that of the cardholder. There are around 19 million contactless cards in circulation in the UK - Barclays accounts for around 13 million of those. Visa, which provides credit facilities for Barclays, Lloyds and other banks, said it takes cardholder security very seriously. It acknowledges that the details are transmitted by the cards without encryption, but said these details can be gained 'by a number of methods' and should not be usable without the three-digit CVV number on the back of the card.... Channel 4 News has been shown a list of hundreds of websites which do not require the three-digit CVV number to make a transaction. These lists are passed around among credit card fraudsters who use them to process stolen cards."
Fraud fears grow over contactless bank card technology
Channel 4 News, 29 March 2012

"There have been several cases reported in the US of people being asked for their Facebook passwords while being interviewed for a role. Justin Bassett, a New York-based statistician, had just finished answering some standard character questions in a job interview, when he was asked to hand over his Facebook login information after his interviewer could not find his profile on the site, according to the Boston Globe. Bassett refused and withdrew his job application, as he did not want to be employed by a business which would invade his privacy to such an extent. While Lee Williams, an online retail worker from the Midlands, told The Telegraph that he was asked by his managing director for his Facebook login details, after his boss had looked him up on the social network and could not see any details about him as his privacy settings were locked down. The boss thought that Williams was hiding something by not having his profile publicly available. Williams refused to hand his password over. His boss persisted with his request, but then let it go without taking any further action. Williams still works for the company, but did not wish to name it. Sarah Veale, head of equality and employment rights for the TUC, has warned that the practice is likely to start happening more and more in the UK. 'Once something like this starts happening in the US, it is likely to come over here – especially in American businesses which have outposts in UK. If interviewers in the US are adopting this practice of asking prospective staff for access to their Facebook accounts, they will start doing it over here.' She described the request as both 'dangerous and unnecessary'."
Facebook passwords 'fair game in job interviews'
Telegraph, 23 March 2012

"Step one of achieving a dystopia is having the physical infrastructure to monitor large amounts of people at all times. Step two is having the software (or manpower, I guess) to parse it all. A Japanese surveillance company has just made huge strides on that second step. The company, Hitachi Kokusai Electric, is just finishing development of a facial recognition system that, given enough footage, can scan and index around 36 million faces in just around 1 second. You’d need a pretty insane amount of video before that calculation time became non-trivial. The scanning technology is pretty versatile. While it can’t identify people who are facing away from a camera — who could, really — when it comes to people who aren’t looking dead on, the software can handle 30 degrees of give, both horizontally and vertically, in either direction. It also requires the faces to be at least 40 by 40 pixels, but other than that, you’re good to go, and there is plenty you can do with the indexed information. Once you have a face identified with the system, you can click the thumbnail and receive a wealth of search results, including every other clip the identified individual is in. This allows you to pick out someone sketchy in one scene and immediately see where they were before and after, plus it also allows you to upload a suitable photo and then use the system to see if the person is, or isn’t, in the area. That is, so long as they’ve glanced towards a camera..... the fact remains that anyone who has ever thought 'man, I’d love to install 1,000 more cameras, but I can’t sift through all that video' will have a potential solution very soon."
Eric Limer - Japanese Surveillance System Can Scan 36 Million Faces in a Second
Geeko System, 23 March 2012

"Everything we do on the Internet leaves a trail back to us. Search engine entries, shopping lists, e-mail addresses and so much more which is ripe for the taking. Now governments and their intelligence agencies want a piece of that action and they have new tools to ascertain our intentions and possible future actions.... There have been a series of related and interesting developments in the field of global intelligence gathering. The NSA is building a brand new data center in Utah in order to connect with some new intelligence sharing systems such as the Defense Intelligence Enterprise and the Global Information Grid.... most people would not appreciate their private conversations end up on foreign military or intelligence networks.... It goes on all the time, you could look at Project Echelon, Project Groundbreaker, Project Trailblazer and many others. Why do you think that the head of the CIA is gloating about being about to glean intelligence through your devices and net-centric applications. It is a gold mine for them and they have reaped a bonanza from it. CIA director David Petraeus put his cards on the table because he hinted about the next target, it will be all of data from the smart meters that have been put in place in the past few years. It wouldn’t be hard to tell how many people are living in a certain home from electricity records or which appliances are used the most. Will we be deemed terrorists from some poorly programmed profiling software based on our paper and data trail? Mistakes happen all the time, from faulty no-fly lists to swat team wrong door raids."
Trapped In The Grid: How Net-Centric Devices And Appliances Provide Voluminous Information To Intelligence Agencies And Their Business Partners
StratRisks, 22 March 2012

"Is the CIA in your kitchen? If this question had been asked by a fictional character in a spy thriller, it might intrigue you, but you wouldn't imagine that it could be true in reality. If the Constitution means what it says, you wouldn't even consider the plausibility of an affirmative answer. After all, the Fourth Amendment to the Constitution was written to prevent the government from violating on a whim or a hunch or a vendetta that uniquely American right: the right to be left alone....Last year, the court invalidated the police use of warrantless heat-seeking devices aimed at the home, and it will probably soon invalidate the warrantless use of GPS devices secretly planted by cops in cars. Regrettably, unless the government attempts to use the data it has illegally gathered about a person, the person probably will not be aware of the government's spying on him, and thus will not be in a position to challenge the spying in a court. Relying on the Patriot Act, federal agents have written their own search warrants just like the British soldiers did. They have done this more than 250,000 times since 2001. But the government has rarely used any evidence from these warrants in a criminal prosecution for fear that the targeted person would learn of the government's unconstitutional and nefarious behavior, and for fear that the act would be invalidated by federal courts. Now, back to the CIA in your kitchen. When Congress created the CIA in 1947, it expressly prohibited the agency from spying on Americans in America. Nevertheless, it turns out that if your microwave, burglar alarm or dishwasher is of very recent vintage, and if it is connected to your personal computer, a CIA spy can tell when you are in the kitchen and when you are using that device. The person who revealed this last weekend also revealed that CIA software can learn your habits from all of this and then anticipate them. Acting 'diabolically' and hoping to 'change fingerprints and eyeballs' in its 'worldwide mission' to steal and keep secrets, the CIA can then gut the Fourth Amendment digitally, without ever physically entering anyone's home. We already know that your BlackBerry or iPhone can tell a spy where you are and, when the battery is connected, what you are saying. But spies in the kitchen? Can this be true? Who revealed all this last weekend? None other than Gen. David Petraeus himself, President Obama's new director of the CIA."
Is the CIA already in your kitchen?
Fox News, 22 March 2012

"Adverts could soon be tailored according to the background noise around you when using your smartphone, if a patent application by Google becomes reality. The search engine giant has filed for a patent called ‘Advertising based on environmental conditions’. As that title implies, it’s not just background sounds that could be used to determine what adverts you seen on your mobile phone. The patent also describes using ‘temperature, humidity, light and air composition’ to produced targeted adverts....Google has come under fire recently with users becoming increasingly concerned about its attitude to privacy and perceived obsession with making money. Google's controversial new 'privacy policy' allows the search giant to 'pool' information from 60 separate services including Gmail, Google Search and Android phones, to create 'personalised' advertising. Google ignored an international outcry to launch its new privacy policy on March 1 this year, despite concerns it may be illegal in the EU, as well as countries such as Japan and South Korea."
Is nothing off limits? Now Google plans to spy on background noise in your phone calls to bombard you with tailored adverts
Mail, 22 March 2012

"The Pentagon is accelerating efforts to develop a new generation of cyberweapons capable of disrupting enemy military networks even when those networks are not connected to the Internet, according to current and former U.S. officials. The possibility of a confrontation with Iran or Syria has highlighted for American military planners the value of cyberweapons that can be used against an enemy whose most important targets, such as air defense systems, do not rely on Internet-based networks. But adapting such cyberweapons can take months or even years of arduous technical work.... Officials are researching cyberweapons that can target 'offline' military systems in part by harnessing emerging technology that uses radio signals to insert computer coding into networks remotely..... In some cases, as with command-and-control systems, military assets rely on Internet connections, making them theoretically easier to target. Without that connectivity, an attacker would have to rely on other means — for instance, physically inserting into those systems portable devices such as thumb drives or computer components that have been altered."
U.S. accelerating cyberweapon research
Washington Post, 19 March 2012

"Samsung’s 2012 top-of-the-line plasmas and LED HDTVs offer new features never before available within a television including a built-in, internally wired HD camera, twin microphones, face tracking and speech recognition. While these features give you unprecedented control over an HDTV, the devices themselves, more similar than ever to a personal computer, may allow hackers or even Samsung to see and hear you and your family, and collect extremely personal data. While Web cameras and Internet connectivity are not new to HDTVs, their complete integration is, and it’s the always connected camera and microphones, combined with the option of third-party apps (not to mention Samsung’s own software) gives us cause for concern regarding the privacy of TV buyers and their friends and families. Samsung has not released a privacy policy clarifying what data it is collecting and sharing with regard to the new TV sets. And while there is no current evidence of any particular security hole or untoward behavior by Samsung’s app partners, Samsung has only stated that it 'assumes no responsibility, and shall not be liable' in the event that a product or service is not 'appropriate.' Samsung demoed these features to the press earlier this month. The camera and microphones are built into the top if the screen bezel in the 2012 8000-series plasmas and are permanently attached to the top of the 7500- and 8000ES-series LED TVs. A Samsung representative showed how, once set up and connected to the Internet, these models will automatically talk to the Samsung cloud and enable viewers to use new and exciting apps. These Samsung TVs locate and make note of registered viewers via sophisticated face recognition software. This means if you tell the TV whose faces belong to which users in your family, it personalizes the experience to each recognized family member. If you have friends over, it could log these faces as well. In addition, the TV listens and responds to specific voice commands. To use the feature, the microphone is active. What concerns us is the integration of both an active camera and microphone. A Samsung representative tells us you can deactivate the voice feature; however this is done via software, not a hard switch like the one you use to turn a room light on or off. And unlike other TVs, which have cameras and microphones as add-on accessories connected by a single, easily removable USB cable, you can’t just unplug these sensors. During our demo, unless the face recognition learning feature was activated, there was no indication as to whether the camera (such as a red light) and audio mics are on. And as far as the microphone is concerned the is no way to physically disconnect it or be assured it is not picking up your voice when you don’t intend it to do so...... Don’t assume a TV is an un-hackable island! Samsung does not disclose what operating system is within its TVs, therefore we cannot confirm if it is Android and/or any other that might have a prior history of hacking. It has been widely reported Android phones have been hacked allowing outside control of phones, via third party apps. Countless companies have had their networks hacked, causing thousands of customers’ personal data to be released to the world. If this were to happen to Samsung it is theoretically possible hackers could gain access to names, addresses — and images of the faces of entire families....With so many questions raised and no answers provided, HD Guru recommends you weigh the possibilities and decide whether or not you care about its unknown personal privacy risks before purchasing one of these HDTVs."
Is Your New HDTV Watching You?
Guru, 19 March 2012

"Confidential personal data on hundreds of thousands of Britons is being touted by corrupt Indian call centre workers, an undercover investigation has discovered. Credit card information, medical and financial records are being offered for sale to criminals and marketing firms for as little as 2p.Two ‘consultants’, claiming to be IT workers at several call centres, met undercover reporters from The Sunday Times and boasted of having 45 different sets of personal information on nearly 500,000 Britons. Data included names, addresses, and phone numbers of credit card holders, start and expiry dates as well as the three-digit security verification codes. The information – much of which related to customers at major financial companies, including HSBC and NatWest - would be a goldmine for criminals, allowing fraudsters to syphon thousands of pounds from bank accounts within minutes. IT consultant Naresh Singh met the undercover reporters in a hotel room in Gurgaon, a town near Delhi, carrying a laptop full of data. He told them: ‘These [pieces of data] are ones that have been sold to somebody already. This is Barclays, this is Halifax, this is Lloyds TSB. We’ve been dealing so long we can tell the bank by just the card number.’"
Indian call centres selling YOUR credit card details and medical records for just 2p
Mail, 18 March 2012

"The National Security Center is building a highly fortified $2 Billion highly top secret complex simply named the 'Utah Data Center' which will soon be home to the Hydrogen bomb of cybersecurity – A 512 Qubit Quantum Computer — which will revitalize the the 'total information awareness' program originally envisioned by George Bush in 2003. The news of the data center comes after Department of Defense contractor Lockheed Martin secured a contract with D-Wave for $10 million for a 512 qubit Quantum Computer code-named Vesuvius. Vesuvius is capable of executing a massive number of computations at once, more than 100,000,000,000,000,000,000,000,000,000,000,000,000, which is would take millions of years on a standard desktop. The computer will be able to crack even the most secure encryption and will give the US government a quantum leap into technologies once only dreamed of including the rise of the world’s very first all-knowing omniscient self-teaching artificial intelligence."
NSA data center to house a 512 qubit quantum computer capable of learning, reproducing the brain’s cognitive functions, and programming itself
Alexander Higgins Blog, 18 March 2012

"James Bamford has a way of digging up the facts that lend credence to America’s worst privacy fears about its own government. Now the author and investigative reporter who wrote the definitive portraits of the National Security Agency in his books The Puzzle Palace, Body of Secrets and The Shadow Factory has drawn a picture of ubiquitous surveillance that seems mind-boggling even by NSA standards. In his just-published cover story for Wired, Bamford lays out the NSA’s plans for a vast new facility in Bluffdale, Utah that aims to become a storage and analysis hub for the record-breakingly massive collections of Internet traffic data that the NSA hopes to gather in coming years not from just foreign networks, but domestic ones as well. The story adds confirmation to what the New York Times revealed in 2005: that the NSA has engaged in widespread wiretapping of Americans with the consent of firms like AT&T and Verizon. But more interestingly–and more troubling in the eyes of many who value their privacy–it details the Agency’s plans to crack AES encryption, the cryptographic standard certified by the NSA itself in 2009 for military and government use and until now considered uncrackable in any amount of time relevant to mortals. Using what will likely be the world’s fastest supercomputer and the world’s largest data storage and analysis facility, the NSA plans to comb unimaginably voluminous troves of messages for patterns they could use to crack AES and weaker encryption schemes, according to Bamford’s story. A few of the facts he’s uncovered: * The $2 billion data center being built in Utah would have four 25,000 square-foot halls filled with servers, as well as another 900,000 square feet for administration. * It will use 65 megawatts of electricity a year, with an annual bill of $40 million, and incorporates a $10 million security system. * Since 2001, the NSA has intercepted and stored between 15 and 20 trillion messages, according to the estimate of ex-NSA scientist Bill Binney. It now aims to store yottabytes of data. A yottabyte is a million billions of gigabytes. According to one storage firm’s estimate in 2009, a yottabyte would cover the entire states of Rhode Island and Delaware with data centers. * When the Department of Energy began a supercomputing project in 2004 that took the title of the world’s fastest known computer from IBM in 2009 with its 'Jaguar' system, it simultaneously created a secret track for the same program focused on cracking codes. The project took place in a $41 million, 214,000 square foot building at Oak Ridge National Lab with 318 scientists and other staff. The supercomputer produced there was faster than the so-called 'world’s fastest' Jaguar. * The NSA project now aims to break the 'exaflop barrier' by building a supercomputer a hundred times faster than the fastest existing today, the Japanese 'K Computer.' That code-breaking system is projected to use 200 megawatts of power, about as much as would power 200,000 homes."
NSA's New Data Center And Supercomputer Aim To Crack World's Strongest Encryption
Forbes, 16 March 2012

"When The Wall Street Journal reporter Margaret Coker visited the Libyan government’s surveillance centre in Tripoli after the city’s fall, she saw that the authorities had been monitoring everything: the internet, mobile phones, satellite phone and internet connections. Some files included emails and online conversations between Gaddafi’s opponents. Notices on the walls revealed that the company which had installed the equipment was Amesys, a subsidiary of French firm Bull (1). The French satirical weekly Le Canard Enchainé later reported that France’s military intelligence directorate had been solicited to help train Libya’s internal spies (2). In Syria, US equipment helps Bashar al-Assad’s regime censor the internet, and retrieve logins and passwords to access people’s emails or Facebook and Twitter pages. This tool is particularly useful for tracking the communications of opponents with internal or foreign connections. The technology is innocuously named 'deep packet inspection' (DPI). When someone sends an email, a series of servers relays it to its destination. Each server sends the message on to the next, looking only at the recipient’s address, and not at the contents. An expert on internet law, Jonathan Zittrain, explained: 'It’s a bit like being at a party with polite friends. If you’re too far from the bar, or there are too many people in the way, you ask the person next to you to get you a beer. They ask the person next to them, who is a bit closer to the bar, and so on. Eventually your order reaches the bar and your beer arrives via the same route back. Since everyone is polite, no one will have drunk your beer along the way.' But DPI is less polite. How would you feel if the person next to you analysed your order, and started lecturing you about it? Or if they tampered with your drink, adding water or something stronger? This is exactly what DPI technology can do: it allows people to read the content of internet traffic, modify it, and even send it to someone else. Amesys is not alone in this market. US press agency Bloomberg recently reported that another French company, Qosmos, had provided DPI technology to a consortium equipping Syria to the same standard as Gaddafi’s Libya (3). DPI is also at the heart of China’s firewall, which allows the government to censor internet traffic and spy on its citizens. The recent Wikileaks publication of numerous internal documents from these companies shows that monitoring communication networks is 'a secret new industry spanning 25 countries ... In traditional spy stories, intelligence agencies like MI5 bug the phone of one or two people of interest. In the last 10 years systems of indiscriminate, mass surveillance have become the norm' (4). A little earlier The Wall Street Journal had published more than 200 marketing documents from 36 companies offering the US anti-terrorist agency various surveillance and computer hacking tools (5). DPI entered the spotlight in May 2006 when Mark Klein, a former technician with US internet provider AT&T, leaked the fact that the company had installed DPI technology at the heart of the county’s internet network, in cooperation with the US National Security Agency (which invented the Echelon system in the 1980s and 1990s). The technology was provided by internet surveillance company Narus (slogan 'See Clearly, Act Swiftly'). Narus was set up in 1997, has 150 employees, earned $30m in 2006, and was bought up by Boeing in 2010. The Mubarak regime was reported to have installed Narus equipment in Egypt (6). The flow of information over the internet includes the web, emails, synchronous exchanges (instant messaging) and asynchronous exchanges (blogs, discussion forums), phone conversations, video, raw data, etc. Most of this communication is not encrypted, so it is easy for both the casual hacker and state security services to monitor it."
Watching over you
Le Monde Diplomatique, 16 March 2012

"Google is to face new investigations in both America and the EU over using hidden computer code to violate iPhone users' privacy settings. The search giant is alleged to have 'tricked' the web browser in iPhone, iPad and PC into sending information to Google. The information was used to build up advertising profiles on Google account users, and caused outrage among privacy groups. Google has faced increasing public hostility over its use of private data this year after its new 'privacy policy' allowed wholesale sharing of people's information. The search giant is to be investigated by America's Federal Trade Commission over whether the 'trick', uncovered earlier this year, violates agreements about openness and privacy. The current European Union probe into Google's new privacy policy will also investigate the practice, according to a report in the Wall Street Journal."
Google faces fresh privacy investigations in Europe and U.S. after 'bypassing' security to spy on iPhone users
Mail, 16 March 2012

"When people download a film from Netflix to a flatscreen, or turn on web radio, they could be alerting unwanted watchers to exactly what they are doing and where they are. Spies will no longer have to plant bugs in your home - the rise of 'connected' gadgets controlled by apps will mean that people 'bug' their own homes, says CIA director David Petraeus. The CIA claims it will be able to 'read' these devices via the internet - and perhaps even via radio waves from outside the home. Everything from remote controls to clock radios can now be controlled via apps - and chip company ARM recently unveiled low-powered, cheaper chips which will be used in everything from fridges and ovens to doorbells. The resultant chorus of 'connected' gadgets will be able to be read like a book - and even remote-controlled, according to CIA Director David Petraeus, according to a recent report by Wired's 'Danger Room' blog. Petraeus says that web-connected gadgets will 'transform' the art of spying - allowing spies to monitor people automatically without planting bugs, breaking and entering or even donning a tuxedo to infiltrate a dinner party. ' 'Transformational’ is an overused word, but I do believe it properly applies to these technologies,' said Petraeus. 'Particularly to their effect on clandestine tradecraft. Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters - all connected to the next-generation internet using abundant, low-cost, and high-power computing.' Petraeus was speaking to a venture capital firm about new technologies which aim to add processors and web connections to previously 'dumb' home appliances such as fridges, ovens and lighting systems. This week, one of the world's biggest chip companies, ARM, has unveiled a new processor built to work inside 'connected' white goods."
The CIA wants to spy on you through your TV
Mail, 16 March 2012

"More and more personal and household devices are connecting to the internet, from your television to your car navigation systems to your light switches. CIA Director David Petraeus cannot wait to spy on you through them."
CIA Chief: We’ll Spy on You Through Your Dishwasher
Wired (Danger Room), 15 March 2012

"Now that one in 25 motorists in Britain is driving uninsured – and these drivers are involved in collisions which kill about three people a week – the Government is considering cutting off their access to petrol or diesel by using ‘spies at the pumps’.Accountants Ernst & Young are working with the Prime Minister’s Office on plans to identify uninsured drivers on garage forecourts and at fuel pumps via automatic number plate recognition (ANPR). The cameras, already installed to prevent motorists driving off without paying for fuel, could be used to cross-reference number plates against the Driver and Vehicle Licensing Agency (DVLA) database. A positive match, showing that a vehicle is without insurance or tax, would mean it is prevented from filling up. Graeme Swan, a partner at Ernst & Young, said: 'Following a presentation with officials at Number 10, where we suggested the approach, Government is now looking to move this policy forward. The key to this is simplicity. Connecting the existing technology and is relatively inexpensive and wouldn’t be a big information technology programme. There shouldn’t be concerns about ‘big brother’ because there is no new database, no vehicles are tracked and no record is kept. It’s simply a new rule of no insurance equals no fuel."
Garage ‘spies at the pumps’ could cut off fuel supply for uninsured drivers
Telegraph, 13 March 2012

"Cameras at petrol stations will automatically stop uninsured or untaxed vehicles from being filled with fuel, under new government plans. Downing Street officials hope the hi-tech system will crack down on the 1.4million motorists who drive without insurance. Automatic number plate recognition (ANPR) cameras are already fitted in thousands of petrol station forecourts. Drivers can only fill their cars with fuel once the camera has captured and logged the vehicle’s number plate. Currently the system is designed to deter motorists from driving off without paying for petrol. But under the new plans, the cameras will automatically cross-refererence with the DVLA’s huge database. When a car is flagged as being uninsured or untaxed, the system will prevent the fuel pump being used on that vehicle."
CCTV at petrol stations will automatically stop uninsured cars being filled with fuel
Mirror, 12 March 2012

"Hackers have defeated Google Chrome first in an annual competition to test the security of the most popular web browsers. At the Pwn2own competition in Canada, a group of French hackers were able to bypass Google’s vaunted security features to take control of a Windows PC in less than five minutes. The result is a reversal of last year’s Pwn2own, when Chrome stood undefeated at the end of the competition. This year it was beaten by Vupen, a French firm controversial in security circles for selling the software vulnerabilities it discovers to government spy agencies. 'We wanted to show that Chrome was not unbreakable,' the firm’s head of research Chaouki Bekrar told ZDNet. 'Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year.''
Hackers beat Google Chrome security
Telegraph, 8 March 2012

"Sir John Sawers spoke to more than 20 ministers about the latest top-secret intelligence on the Iranian threat and the growing expectation that Israel is poised to launch a pre-emptive strike against the regime. The highly unusual briefing is thought to have raised questions about Israel’s military capacity to destroy Iranian nuclear sites, which are buried deep underground. The MI6 chief is also understood to have warned about the potential threat to Britain from a nuclear arms race in the Middle East. The secrecy around the briefing, which contained so-called 'strap' intelligence shared only with top officials, was so high that ministers were ordered to leave their mobile phones outside the Cabinet room. There are claims that basic mobile phones, without specialist anti-eavesdropping security, can be converted into 'listening devices' by foreign intelligence agencies."
MI6 chief briefs Cabinet on Iranian nuclear threat
Telegraph, 6 March 2012

"Researchers at the University of Michigan have reported that it took them only a short time to break through the security functions of a pilot project for online voting in Washington, D.C. 'Within 48 hours of the system going live, we had gained near complete control of the election server', the researchers wrote in a paper that has now been released. 'We successfully changed every vote and revealed almost every secret ballot.' The hack was only discovered after about two business days – and most likely only because the intruders left a visible trail on purpose....The researchers conclude that it is generally difficult to build secure online voting systems. One small configuration or implementation error would undermine the entire voting process. Even if central servers were not used, which would be prime targets for hacking attempts, there would still be a number of other points of attack. Fundamental advances still need to be made in security, they say, before e-voting will truly be safe."
US e-voting system cracked in less than 48 hours
The H, 5 March 2012

"New information about Facebook’s outsourced moderation process shows that the social network shares more personal information with moderators than it has so far acknowledged. The social network was criticized last week after gossip site Gawker exposed it as employing third-party content moderators in the developing world for one dollar an hour. Facebook responded saying: 'No user information beyond the content in question and the source of the report is shared.' However, new evidence seen by The Telegraph, shows that these moderators, who have to deal with the distressing images and messages which are reported every day, and are clearly able to see the names of the person who uploaded the ‘offensive’ content, the subject of the image or person tagged in a photo - in addition to the person who has reported the content. Moreover, there are currently no security measures in place stopping these moderators taking screen shots of people's personal photos, videos and posts."
Facebook in new row over sharing users’ data with moderators
Telegraph, 3 March 2012

"Turning the tables on Big Brother: Now internet users can watch who is spying on them in blow against Google's new snooping policy. Mozilla, the maker of Firefox, has unveiled a new add-on for the popular web browser that gives web users an instant view of which companies are 'watching' them as they browse. The move comes the same week that Google pushed ahead with its controversial new privacy policy, built to provide even more data for Google's $28 billion advertising business - despite concerns that the massive harvesting of private data might be illegal in many countries. The Collusion add-on will allow users to 'pull back the curtain' on web advertising firms and other third parties that track people's online movements, says Mozilla CEO Gary Kovacs.... Google's new privacy policy allows it to 'streamline' data from Android phones, YouTube, Gmail and web browsing to target its adverts even more precisely towards individual web users.... Google ignored an international outcry to launch its new privacy policy this week - despite concerns the policy may actually be illegal in many territories.... Data from 60 of Google's services will be shared between them - meaning Google account users, owners of Android phones and YouTube viewers will be subjected to even more intrusive 'personalised' adverts from now on. Worried users are trading guides about how to protect sensitive private data such as search histories and the content of emails from Google's new all-encompassing advertising profiles.... A British privacy campaigner, Alex Hanff is suing the search giant for a refund on his Android phone, claiming that the changes to how Android data could be used amount to a change in the terms of his contract. Some Android users claim that they are hardest hit by the policy changes, as they have no way to 'opt out' of mobile phone contracts.... The Japanese government said yesterday it will investigate whether the new policy breaches Japanese privacy laws, according to a report in the Tokyo Times.... The new policy makes it easier for Google to combine the data of one person using different services such as the search engine, YouTube or Gmail if he is logged into his Google account. That allows Google to create a broader profile of that user and target advertising based on that person’s interests and search history more accurately. Advertising is the main way Google makes its money..... The policy change has horrified privacy advocates and bloggers - tech site ZDNet said that Google would 'know more about you than your wife does' and said the policy was 'Big Brother-ish'."
Turning the tables on Big Brother: Now internet users can watch who is spying on them in blow against Google's new snooping policy
Mail, 2 March 2012

"Broadband providers and phone networks are to reveal to authorities your every phone call, text message, email and private social network message. New anti-terror laws could force phone networks and broadband providers to store our digital communications in databases open to security services to check up on us -- and if that doesn't worry you, just wait until the hackers get their hands on it. The Communications Capabilities Development Plan sets out the new scheme, as suggested by MI5, MI6, and GCHQ. The government won't store the data itself, instead requiring Internet service providers and phone networks such as BT, Sky, and O2 to store the information for a year. Anti-terror police and spies could then see the information to see who you've been talking to. Actual phone calls and texts won't be recorded but details of who called or texted who -- and when and where -- will be saved. Your emails and private messages sent through Facebook and Twitter will be saved, as well as your internet browsing history or exchanges between online video gamers. Privacy groups including the Open Rights Group have lambasted the new plans. The Telegraph reports that the government has been holding talks with ISPs for the last two months, ahead of legislation this summer. New laws could be officially unveiled as soon as May. With bitter irony, the plan was criticised by the Tories and Liberal Democrats when it was first proposed by the then ruling Labour government. It was dropped then, only to be resurrected recently by the Coalition under a new name. Labour's Intercept Modernisation Programme was ditched in 2009 amid controversy about the sheer number of people who could access the data, including local councils and unelected quangos. The Conservatives published a report at the time called Reversing the Rise of the Surveillance State -- changed their tune, haven't they?"
Your private messages revealed to government in new plans
CNET, 22 February 2012

"The government has expanded its plans to store and monitor Twitter, Facebook and other personal web communication data, but these are being created without official ISP involvement, according to an ISP representative body. Under the plans, police and intelligence operatives will gain access to records of who has talked to whom on social networks, on instant messaging services, and in online multi-player games. The monitoring and storage are expected to be handled by ISPs, but the government's plans have not been officially shared with these companies, according to the Internet Service Providers Association (ISPA).... Plans to expand existing government interception capabilities are being produced by a Home Office group called the Communications Capabilities Directorate under the Communications Capabilities Development Programme (CCDP), which cost at least Ł14m to set up. The government will publish its web intercept plans by the end of April 2012 and wants legislation by the end of June 2015, according toHome Office documents published in January. After lobbying by the security services, ministers have decided to set aside legislative time for the CCDP via the Queen's Speech in May, The Daily Telegraph said in a report on Saturday."
ISPs kept in dark about UK's plans to intercept Twitter
ZDNet, 20 February 2012

"San Francisco Google announced a new 'feature' of its Google Desktop software that greatly increases the risk to consumer privacy. If a consumer chooses to use it, the new 'Search Across Computers' feature will store copies of the user's Word documents, PDFs, spreadsheets and other text- based documents on Google's own servers, to enable searching from any one of the user's computers. EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password. 'Coming on the heels of serious consumer concern about government snooping into Google's search logs, it's shocking that Google expects its users to now trust it with the contents of their personal computers,' said EFF Staff Attorney Kevin Bankston. 'Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index. The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it. Other litigants--your spouse, your business partners or rivals, whomever--could also try to cut out the middleman (you) and subpoena Google for your files.' The privacy problem arises because the Electronic Communication Privacy Act of 1986, or ECPA, gives only limited privacy protection to emails and other files that are stored with online service providers..."
Google Copies Your Hard Drive - Government Smiles in Anticipation
EFF, 9 February 2012

"Minister for the Environment Phil Hogan this afternoon announced plans to try to sell off the State’s unused 7,500 electronic voting machines. Earlier, Minister for Finance Michael Noonan said the machines, which have cost the State nearly €55 million since 2002, are now 'valueless'....The government agreed to buy the machines for €50 million after they were piloted in a number of constituencies in the 2002 general election and in the Nice referendum. Since then, the bill to taxpayers for the machines has risen to €54.7 million in purchase and storage costs. Dutch firm Nedap made the machines and public concerns in the Netherlands and Germany prompted the decommissioning of thousands of the machines in those countries. Plans to use them nationally in the 2004 European and local elections were abandoned amid controversy over the system’s transparency and whether it was open to manipulation. In April 2009, the then Green Party minister for the environment John Gormley announced that e-voting would be scrapped and the machines disposed of."
E-voting machines 'to be sold off'
Irish Times, 11 January 2012

"Google is tracking users of the Internet Explorer Web browser without their knowledge, Microsoft has asserted. After news emerged last week that Google had bypassed the privacy settings of Apple's (Nasdaq: AAPL) Safari browser, Microsoft researchers began looking into whether the search giant was also playing fast and loose with IE's settings. However, IE 9 has an additional privacy feature called 'Tracking Protection' that blocks the method Google is using, Microsoft said. Users without IE 9 or who have the feature turned off may be susceptible. Google 'basically hacked IE differently than they hacked Safari, but the result is pretty much the same -- they overrode the browsers' capability to block cookies and prevent reporting,' Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld. Google 'appears to be intentionally violating the privacy rights of users of third party products.' Google's actions are 'concerning at any level, being misleading to consumers who expect these [privacy] controls to be honored and working,' Chris Babel, CEO of TrustE, told TechNewsWorld. However, Google spokesperson Rachel Whetstone contended that Microsoft's policy 'is widely non-operational.'"
Microsoft Calls Google a Cookie Monster
TechNewsWorld, 21 February 2012

"Britain's police and MI5 and MI6 spy agencies are understandably living in dread of a world-shaking terror attack on the summer Olympics. Indeed they are so afraid of a new 9/11 that they plan an unprecedented invasion of our individual privacy. All phone calls, texts, tweets and computer keystrokes are to be monitored, kept on file and used as and when seen fit. This massive escalation in intelligence gathering has been condemned even by senior Tory MPs as nothing less than snooping.... But Britain is already one of the most spied-on societies in the free world. Most of us accept CCTV, police drones, satellite trackers and automatic number plate recognition because we have nothing to hide. But we have also learned that blanket surveillance - in the wrong hands - can be a dangerous step too far. Labour was condemned for "recklessly" invading privacy by using anti-terror surveillance as a catch-all for spying. Sneaky council officials abused the power and snooped on families trying to get children into popular schools or breaking garbage collection rules. Last week I raised questions about the risk to a free Press from over-zealous officialdom. Who knows what sort of governments will be elected in the future?"
Blanket snooping is abuse of power
The Sun, 20 February 2012

"Details about text messages, phone calls, emails and every website visited by members of the public will be kept on record in a bid to combat terrorism. The Government will order broadband providers, landline and mobile phone companies to save the information for up to a year under a new security scheme. What is said in the texts, emails or phone calls will not be kept but information on the senders, recipients and their geographical whereabouts will be saved. Direct messages to users of social networking sites like Facebook and Twitter will also be saved and so will information exchanged between players in online video games. The information will be stored by individual companies rather than the government. The news has sparked huge concerns about the risk of hacking and fears that the sensitive information could be used to send spam emails and texts."
Government spy programme will monitor every phone call, text and email... and details will be kept for up to a year
Mail, 19 February 2012

"Janne Kytömäki, a Finnish software developer, was cruising Google’s Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen King’s name had vanished from the covers of his books, replaced by an unknown author. Kytömäki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online. Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. 'It was sort of unreal, watching something like that unfold,' says Kytömäki, who makes dice simulator apps. Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple, and Amazon all have the ability to reach into devices to delete illicit content or edit code without users’ permission. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine. With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons. The feature was publicized in a widely cited Computerworld article in December when Microsoft posted the terms of use for its new application store, a feature in Windows 8 that will allow users to download software from a Microsoft-controlled portal. Windows smartphones, like those of its competitors, have included kill switches for several years, though software deletion 'is a last resort, and it’s uncommon,' says Todd Biggs, director of product management for Windows Phone Marketplace."
The Kill Switch Comes to the PC
Businessweek, 16 February 2012

"Anyone with about $10, physical access to a Diebold voting machine and rudimentary knowledge of electronics can remotely hack into the device, according to experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois. A hacker could potentially change a person’s votes without them ever knowing about it. 'We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines,' said Roger Johnston, leader of the assessment team. 'We think we can do similar things on pretty much every electronic voting machine.''
Diebold voting machines hacked with $10 in parts
RawReplay, 27 September 2011

"... a bill Congress passed this week to make it easier for the government to fly unmanned spy planes in U.S. airspace. The FAA Reauthorization Act, which President Obama is expected to sign, also orders the Federal Aviation Administration to develop regulations for the testing and licensing of commercial drones by 2015. Privacy advocates say the measure will lead to widespread use of drones for electronic surveillance by police agencies across the country and eventually by private companies as well. 'There are serious policy questions on the horizon about privacy and surveillance, by both government agencies and commercial entities,' said Steven Aftergood, who heads the Project on Government Secrecy at the Federation of American Scientists. The Electronic Frontier Foundation also is 'concerned about the implications for surveillance by government agencies,' said attorney Jennifer Lynch. The provision in the legislation is the fruit of 'a huge push by lawmakers and the defense sector to expand the use of drones' in American airspace, she added. According to some estimates, the commercial drone market in the United States could be worth hundreds of millions of dollars once the FAA clears their use. The agency projects that 30,000 drones could be in the nation’s skies by 2020. The highest-profile use of drones by the United States has been in the CIA’s armed Predator-drone program, which targets al Qaeda terrorist leaders. But the vast majority of U.S. drone missions, even in war zones, are flown for surveillance. Some drones are as small as model aircraft, while others have the wingspan of a full-size jet. In Afghanistan, the U.S. use of drone surveillance has grown so rapidly that it has created a glut of video material to be analyzed."
The highest-profile use of drones by the United
Washington Times, 7 February 2012

"The US government has developed massive surveillance capabilities to monitor communications, travel and financial transactions in this country and abroad. But, even the government cannot monitor everything Americans do—not directly, anyway. Thus, it created the Communities Against Terrorism (CAT) program to enlist your friendly local businesses as spies for the Federal Bureau of Investigation (FBI). The CAT program, funded by the State and Local Anti-Terrorism Training program (SLATT) is described as a 'tool to engage members of the local community in the fight against terrorism.' The program interprets 'local community' to mean businesses, and only registered businesses may access the program’s flyers listing 'potential indicators' of terrorist activity. Each flyer is designed for a particular kind of business. For example, this list was prepared for owners of internet cafes. Unquestionably, someone planning a terrorist attack has engaged in one or more of the 'suspicious' activities on that list. But so, too, have most of the estimated 289 million computer users in this country. The government’s flyer designates people as suspicious if they 'always pay cash' at an internet café. That’s a jaw-dropping assumption considering that we’re talking about businesses that sell $2 cups of joe, not $600 airline tickets. Good luck paying with a credit card for a purchase under $10. Evidence that one has a 'residential based internet provider' (such as Comcast or AOL) is another pretext for government snooping. If your home internet connection is unreliable, if you are on travel, or if you simply relish a good cup of coffee with your internet browsing, you run the risk of acquiring an FBI file. Trying to shield personal information on your computer screen from the prying eyes of others will mark you as a potential terrorist, also."
FBI Enlists Internet Café Owners to Spy on Customers
Boiling Frogs, 6 February 2012

"Google+ has made Google unfriendly. In its new privacy policy, which all Google users must accept on Mar. 1, Google says in plain language: When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. So this is not at all a 'privacy' policy. It is a 'publicity' policy. It is the exact opposite of a privacy policy. What is really says is quite simple: 'Our policy is that there isn't any privacy; everything is public.'"
Another Blow to Privacy -- Now It's Google!
Huffington Post, 26 January 2012

"Hawaii's legislature is weighing an unprecedented proposal to curb the privacy of Aloha State residents: requiring Internet providers to keep track of every Web site their customers visit. John Mizuno, a Democratic state legislator in Hawaii, wants to require virtual dossiers to be compiled on state residents: two years' worth of their Internet browsing. Its House of Representatives has scheduled a hearing this morning on a new bill (PDF) requiring the creation of virtual dossiers on state residents. The measure, H.B. 2288, says 'Internet destination history information' and 'subscriber's information' such as name and address must be saved for two years. H.B. 2288, which was introduced Friday, says the dossiers must include a list of Internet Protocol addresses and domain names visited. Democratic Rep. John Mizuno of Oahu is the lead sponsor; Mizuno also introduced H.B. 2287, a computer crime bill, at the same time last week."
Hawaii may keep track of all Web sites visited
CNET, 26 January 2012

"Embarrassing, inaccurate or simply personal data will have to be deleted from the internet and company databases if consumers ask, under a new set of European laws. The move will mean that social networks such as Facebook or Twitter will have to comply with users' requests to delete everything they have ever published about themselves online. It will also mean that consumers will be able to force companies that hold data about them, such as for Tesco's Clubcard, to remove it. The changes, which could take more than two years to implement, also include a new EU power to fine companies up to 2 per cent of their global turnover if they breach the rules. Businesses will also have a new duty to inform regulators and anyone affected by data breaches 'as soon as possible'. Commentators and lawyers have warned that in the case of large scale hacks, informing millions of users that their data is at risk could impose an unreasonable burden on firms, and risks dissuading the development of innovative services."
Digital ‘right to be forgotten’ will be made EU law
Telegraph, 25 January 2012

"The Food and Drug Administration secretly monitored the personal e-mail of a group of its own scientists and doctors after they warned Congress that the agency was approving medical devices that they believed posed unacceptable risks to patients, government documents show. The surveillance — detailed in e-mails and memos unearthed by six of the scientists and doctors, who filed a lawsuit against the FDA in U.S. District Court in Washington last week — took place over two years as the plaintiffs accessed their personal Gmail accounts from government computers. Information garnered this way eventually contributed to the harassment or dismissal of all six of the FDA employees, the suit alleges. All had worked in an office responsible for reviewing devices for cancer screening and other purposes. Copies of the e-mails show that, starting in January 2009, the FDA intercepted communications with congressional staffers and draft versions of whistleblower complaints complete with editing notes in the margins. The agency also took electronic snapshots of the computer desktops of the FDA employees and reviewed documents they saved on the hard drives of their government computers. FDA computers post a warning, visible when users log on, that they should have 'no reasonable expectation of privacy' in any data passing through or stored on the system, and that the government may intercept any such data at any time for any lawful government purpose. But in the suit, the doctors and scientists say the government violated their constitutional privacy rights by gazing into personal e-mail accounts for the purpose of monitoring activity that they say was lawful. 'Who would have thought that they would have the nerve to be monitoring my communications to Congress?' said Robert C. Smith, one of the plaintiffs in the suit, a former radiology professor at Yale and Cornell universities who worked as a device reviewer at the FDA until his contract was not renewed in July 2010. 'How dare they?''
FDA staffers sue agency over surveillance of personal e-mail
Washington Post, 23 January 2012

"The U.S. Supreme Court ruled unanimously Monday that police must get a search warrant before using GPS technology to track criminal suspects. The decision was a defeat for the government and police agencies, and it raises the possibility of serious complications for law enforcement nationwide, which increasingly relies on high tech surveillance of suspects including the use of various types of GPS technology. A GPS device installed by police on Washington, D.C., nightclub owner Antoine Jones' Jeep helped them link him to a suburban house used to stash money and drugs. He was sentenced to life in prison before the appeals court overturned the conviction. Associate Justice Antonin Scalia said the government's installation of a GPS device and its use to monitor the vehicle's movements constitutes a search, meaning that a warrant is required....All nine justices agreed that the GPS monitoring on the Jeep violated the Fourth Amendment's protection against unreasonable search and seizure, a decision the American Civil Liberties Union said was an 'important victory for privacy.'"
Supreme Court: Warrant Needed for GPS Tracking
Associated Press, 23 January 2012

"Thousands of British email addresses and encrypted passwords, including those of defence, intelligence and police officials as well as politicians and Nato advisers, have been revealed on the internet following a security breach by hackers. Among the huge database of private information exposed by self-styled 'hacktivists' are the details of 221 British military officials and 242 Nato staff. Civil servants working at the heart of the UK government – including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation, which acts as the prime minister's eyes and ears on sensitive information – have also been exposed. The hackers, who are believed to be part of the Anonymous group, gained unauthorised access over Christmas to the account information of Stratfor, a consultancy based in Texas that specialises in foreign affairs and security issues. The database had recorded in spreadsheets the user IDs – usually email addresses – and encrypted passwords of about 850,000 individuals who had subscribed to Stratfor's website.... John Bumgarner, an expert in cyber-security at the US Cyber Consequences Unit, a research body in Washington, has analysed the Stratfor breach for the Guardian. He has identified within the data posted by the hackers the details of hundreds of UK government officials, some of whom work in sensitive areas..... Among the leaked email addresses are those of 221 Ministry of Defence officials identified by Bumgarner, including army and air force personnel. Details of a much larger group of US military personnel were leaked. The database has some 19,000 email addresses ending in the .mil domain of the US military...... In the US case, Bumgarner has found, 173 individuals deployed in Afghanistan and 170 in Iraq can be identified. Personal data from former vice-president Dan Quayle and former secretary of state Henry Kissinger were also released. Other UK government departments have been affected: seven officials in the Cabinet Office have had their details exposed, 45 Foreign Office officials, 14 from the Home Office, 67 Scotland Yard and other police officials, and two employees with the royal household. There are also 23 people listed who work in the houses of parliament, including Jeremy Corbyn, Labour MP for Islington North, Lady Nicholson and Lord Roper....The hacking has had a big impact because Stratfor offers expert analysis of international affairs, including security issues, and attracts subscribers from sensitive government departments. The British victims include officials with the Joint Intelligence Organisation (JIO) responsible for assessing intelligence from all sources, including MI6 secret agents.... Stratfor has taken down its website while it investigates the security breach. The company says it is 'working diligently to prevent it from ever happening again'."
Hackers expose defence and intelligence officials in US and UK
Guardian, 8 January 2012

"The most senior figure in the US military has warned that the number of threats facing his country and its allies have increased over the last decade and that the armed forces must be kept strong to fight back. In his first speech since taking over as chairman of the joint chiefs of staff, General Martin Dempsey told an audience in London on Monday that meeting the new challenges in a time of austerity would require a transformation in military thinking. He highlighted the cyber threat as one of the most pressing, and said more needed to be done to counter the dangers online."
US faces more threats than decade ago, warns head of its military
Guardian, 28 November 2011

"Smartphones are so addictive many users now hear 'phantom vibrations' because they are desperate to receive new messages, a study has found. Blackberries and iPhones are meant to help workers manage their workload by giving them access to messages and alerts while away from the office. But people become so obsessive about checking their email accounts and social networking sites that they actually become more stressed as a result, researchers said. Some are so hooked to their devices that they even begin to experience 'phantom' vibrations where they mistakenly believe their phone is buzzing in their pocket, it was claimed. The findings will be presented to the British Psychological Society’s Division of Occupational Psychology Conference in Chester today. Researchers issued questionnaires and carried out psychometric stress tests on more than 100 volunteers including students and employees from a variety of professions including retail and the public sector.... Their results showed that people's use of smart phones was linked to their levels of stress, but their line of work was not. Stress was directly linked to the number of times people checked their phones on average, and people with the most extreme levels of stress were troubled by 'phantom' vibrations when no message had been received, the survey showed. Researchers said that in most cases people had acquired smart phones to help them keep on top of their work. But after they began using the devices, the benefits they brought to the user's workload were outweighed by a greater pressure for them to stay up to date with messages, emails and social networking sites. This became a vicious cycle in which the more stressed people became, the more they compulsively felt the need to check their phone, the study showed. Richard Balding of the University of Worcester, who led the research, said employers should seriously consider the burden that smart phones put on their workers. He said: 'Smart phone use is increasing at a rapid rate and we are likely to see an associated increase in stress from social networking. Organisations will not flourish if their employees are stressed, irrespective of the source of stress, so it is in their interest to encourage their employees to switch their phones off; cut the number of work emails sent out of hours, and reduce people’s temptation to check their devices.' "
Obsessive smart phone users hear 'phantom vibrations'
Telegraph, 12 January 2012

"Smart electricity meters provide power companies with an accurate and streamlined method of monitoring, reading and controlling a home's power usage. That convenience, however, comes at a steep price and could put homeowners' safety in jeopardy. Researchers examining the privacy implications of smart-meter technology found that one German provider's devices contained vulnerabilities that allowed them to snoop on unencrypted data to determine whether or not the homeowners were home. After signing up with the German smart-meter firm Discovergy, the researchers detected that the company's devices transmitted unencrypted data from the home devices back to the company's servers over an insecure link. The researchers, Dario Carluccio and Stephan Brinkhaus, intercepted the supposedly confidential and sensitive information, and, based on the fingerprint of power usage, were able to tell not only whether or not the homeowners were home, away or even sleeping, but also what movie they were watching on TV. The problem, the researchers explained, stems from Discovergy's monitoring frequency; the devices log homeowners' electricity usage in 2-second intervals, a timeframe they deemed unnecessary and intrusive. The two-second reporting interval provides so much data that they were able to accurately chart power usage spikes and lulls indicative of times a homeowner would be home, asleep or away. Carluccio and Brinkhaus presented their research in a presentation titled 'Smart Hacking for Privacy' at the Chaos Computing Congress in Berlin on Dec. 30."
Smart electricity meters can be used to spy on private homes
NBC News, 10 January 2012

"A new version of the SpyEye 'trojan horse' software not only steals your money, it then offers false reassurance that it's still there. When you visit your online bank, there will be no trace of the transactions that cyber-criminals are using to empty your bank account. Worse, your balance will also be adjusted on screen so it looks as if nothing is happening. The attack - on Windows PCs - has already been detected in the U.S. and the UK. The software - which steals your bank passwords to give access to your account - waits for you to enter the same banking details before 'adjusting' what you see. The idea is that it gives thieves more time to use your debit card details on fraudulent transactions without you realising it's happening. The first you'll learn of the attack is your bank refusing you money, or a paper statement showing you that cyber criminals have been draining money out of your account.The new version of SpyEye has targeted banks in the U.S. and the UK."
New PC virus doesn't just steal your money - it creates fake online bank statements so you even don't know it's gone
Mail, 6 January 2012

"Britain's largest shopping centre owners are all understood to have installed technology that tracks the movement of customers using their mobile phones. The equipment is being used in more than 30 major shopping centres including Lakeside in Essex, Manchester's Trafford Centre, and Cabot Circus in Bristol. Its use has led to privacy fears from groups such as Big Brother Watch that shoppers are being spied on while they walk around shopping centres. The FTSE 100 companies Land Securities, British Land, Hammerson and Capital Shopping Centres are all thought to be using variants of the technology. The British Council of Shopping Centres said establishing how people shop is vital in the battle with online retail and a "key priority" for landlords and retailers. Michael Green, chief executive of the council, said: 'New advances in technology provide new tools – including mobile phone tracking – which town centres need to compete and collaborate with online operations in a digital age.' Landlords insist the data is anonymous and merely maps mobile phone movement."
Shopping centres track customers with mobile technology
Telegraph, 5 January 2012

"Japanese computer scientists say they've developed a computer virus that can be launched online to track down and disable the source of a cyber attack. While many computer experts say they remain skeptical, such a development would solve one of the major problems encountered by the online security community -- the so-called source attribution problem. Attackers can launch malicious viruses or denial of service attacks by using layers of proxy servers or a botnet to disguise their source Internet address, masking the true origination of the attack. The Japanese company Fujitsu, working on a three-year project for the Japanese Ministry of Defense, said it's not only worked out how to solve this attribution problem but also how to destroy any attacking code it meets en route, NewScientist.com reported Wednesday."
Virus could disable cyber attack source
United Press International, 4 January 2012

"Hackers who stole thousands of credit card numbers from U.S. security firm Stratfor have now published the email addresses of more than 860,000 of its clients.The loose-knit Anonymous movement released the data - which included information on former U.S. Vice President Dan Quayle and former Secretary of State Henry Kissinger - online....People working for big corporations, the U.S. military and major defence contractors were all contained on lists stolen from the intelligence company often dubbed the Shadow CIA....In a posting on the data-sharing website pastebin.com, the hackers said the list included information from about 75,000 customers of Stratfor and about 860,000 people who had registered to use its site. It said that included some 50,000 email addresses belonging to the U.S. government's .gov and .mil domains. The list also included addresses at contractors including BAE Systems Plc, Boeing Co, Lockheed Martin Corp and several U.S. government-funded labs that conduct classified research in Oak Ridge, Tennessee; Idaho Falls, Idaho; and Sandia and Los Alamos, New Mexico. Corporations on the list included Bank of America, Exxon Mobil Corp, Goldman Sachs & Co and Thomson Reuters."
Anonymous strikes again: Hackers publish email addresses and passwords of 860,000 clients of shadowy U.S. security firm
Mail, 2 January 2012

MORE SURVEILLANCE INFORMATION
SURVEILLANCE SOCIETY BULLETINS

	SURVEILLANCE SOCIETY NEWS ARCHIVE 2012
Resources	To Go Direct To Current Surveillance News Reports - Click Here To Go Direct To 2012 Surveillance News Reports - Click Here	Home
Surveillance Society News Reports Current 2015 2014 2013 2012 2011 2010 2009 2008	Selected News Extracts 2012 "[British] Home Secretary Theresa May said the proposed surveillance law would 'save lives' .... But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be 'go back to the drawing board and come and talk to us when you have something fresh'. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name. The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose....The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet: A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.... The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become 'C'." Parliament to unleash barrage of criticism on Snoopers' Charter The Register, 10 December 2012 "The cable boxes of the future could be able to detect when viewers are cuddling on the sofa and automatically serve adverts for contraceptives. U.S. cable provider Verizon has applied to patent a set-top box technology that can observe what's going on in the room and show viewers adverts based on what it detects. In U.S. Patent Application 20120304206 the company suggests it could detect when people are 'cuddling' then show 'a commercial for a romantic getaway vacation, a commercial for a contraceptive, a commercial for flowers [...] etc.'. The technology would integrate a range of sensors into their products, including thermal imaging cameras, microphones and motion sensors, to detect the mood their audience and tailor media content to suit. Privacy campaigners called the new technology a 'privacy nightmare waiting around the corner' and called for it to be reined in 'before consumers lose control for good'. It has disturbing echoes of George Orwell's dystopia 1984, where the population were constantly watched by authorities through cameras integrated in their television screens.... This needs to be reined in before consumers lose control for good.'" The TV box that can detect when you're cuddling on the sofa and show you an advert for condoms Mail, 6 December 2012 "Everything we do on the Internet leaves a trail back to us. Search engine entries, shopping lists, e-mail addresses and so much more which is ripe for the taking. Now governments and their intelligence agencies want a piece of that action and they have new tools to ascertain our intentions and possible future actions.... There have been a series of related and interesting developments in the field of global intelligence gathering. The NSA is building a brand new data center in Utah in order to connect with some new intelligence sharing systems such as the Defense Intelligence Enterprise and the Global Information Grid.... most people would not appreciate their private conversations end up on foreign military or intelligence networks.... It goes on all the time, you could look at Project Echelon, Project Groundbreaker, Project Trailblazer and many others. Why do you think that the head of the CIA is gloating about being about to glean intelligence through your devices and net-centric applications. It is a gold mine for them and they have reaped a bonanza from it. CIA director David Petraeus put his cards on the table because he hinted about the next target, it will be all of data from the smart meters that have been put in place in the past few years. It wouldn’t be hard to tell how many people are living in a certain home from electricity records or which appliances are used the most. Will we be deemed terrorists from some poorly programmed profiling software based on our paper and data trail? Mistakes happen all the time, from faulty no-fly lists to swat team wrong door raids." Trapped In The Grid: How Net-Centric Devices And Appliances Provide Voluminous Information To Intelligence Agencies And Their Business Partners StratRisks, 22 March 2012
	MORE SURVEILLANCE INFORMATION SURVEILLANCE SOCIETY BULLETINS

Contact	'We Need A New Way Of Thinking' - Consciousness-Based Education