NLPWESSEX, natural law publishing |
nlpwessex.org |
"I don't think in the last two or three hundred years we've faced
such a concatenation of problems all at the same time.... If we are to solve the issues that are ahead of us, we are going to need to think in completely different ways." Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 - 2006 BBC Radio 4, 'Start The Week', 30 April 2007 |
SURVEILLANCE SOCIETY NEWS ARCHIVE 2018 |
||
To Go Direct To Current Surveillance
Society News Reports - Click Here To Go Direct To 2018 Surveillance
Society News Reports - Click Here |
||
Surveillance Society News Reports |
Some Highlights From 2018 "With indecent speed, and after the barest nod to debate, the
Australian Parliament has now passed the Assistance and Access Act,
unopposed and unamended. The bill is a cousin to the United Kingdom’s Investigatory Powers Act,
passed in 2016. The two laws vary in their details, but both now
deliver a panoptic new power to their nation’s governments. Both
countries now claim the right
to secretly compel tech companies and individual technologists,
including network administrators, sysadmins, and open source developers –
to re-engineer software and hardware under their control, so that it
can be used to spy on their users. Engineers can be penalized for
refusing to comply with fines and prison; in Australia, even counseling a
technologist to oppose these orders is a crime.We don’t know – because it is a state secret – whether the UK has
already taken advantage of its powers, but this month we had some strong
statements from GCHQ about what they plan to do with them. ..... Levy explained that GCHQ wants secure messaging services, like
WhatsApp, Signal, Wire, and iMessage, to create deceitful user
interfaces that hide who private messages are being sent to. In the case
of Apple’s iMessage, Apple would be compelled to silently
add new devices to the list apps think you own: when someone sends you a
message, it will no longer just go to, say, your iPhone, your iPad, and
your MacBook – it will go to those devices, and a new addition, a
spying device owned by the government. ."
In the New Fight for Online Privacy and Security, Australia Falls: What Happens Next?
Electronic Frontier Foundation, 6 December 2018 "China’s plan to judge each of its 1.3 billion people based on their
social behavior is moving a step closer to reality, with Beijing set to
adopt a lifelong points program by 2021 that assigns personalized
ratings for each resident. The
capital city will pool data from several departments to reward and
punish some 22 million citizens based on their actions and reputations
by the end of 2020, according to a plan
posted on the Beijing municipal government’s website on Monday. Those
with better so-called social credit will get “green channel” benefits
while those who violate laws will find life more difficult. The
Beijing project will improve blacklist systems so that those deemed
untrustworthy will be “unable to move even a single step,” according to
the government’s plan." "Vehicles are increasingly coming connected
with Wi-Fi and may know
more about you than you think – where you've been, what you're listening
to and what kind of coffee you like. All information that privacy
advocates are warning may end up in the hands of advertisers or even
your insurance company, reports CBS News correspondent Kris Van
Cleave. ......
Privacy advocates point out that it's on us to start thinking about cars
for what they've become: data-generating devices."
"Microsoft's president Brad Smith said facial recognition technology needs to be regulated so the world doesn't turn into a Nineteen Eighty-Four
scenario with everyone's actions tracked and scrutinised. He told
attendees at WebSummit in Lisbon, Portugal that the way in
which facial recognition technology is developing and being used by more
businesses could be detrimental to the average person's privacy.. "For
the first time, the world is on the threshold of technology that
would give a government the ability to follow anyone anywhere, and
everyone everywhere. It could know exactly where you are going, where
you have been and where you were yesterday as well," Smith said. "And
this has profound potential ramifications for even just the
fundamental civil liberties on which democratic societies rely. Before
we wake up and find that the year 2024 looks like the book '1984',
let’s figure out what kind of world we want to create, and what are the
safeguards and what are the limitations of both companies and
governments for the use of this technology."
"The U.K.’s domestic security service MI5 looked at private data about
a group that campaigns against mass surveillance, a London judge has
found. The agency held and “accessed or examined” data about the campaign group Privacy International,
judge Michael Burton said in court Tuesday. He didn’t say what the data
was or why the security service viewed it. London-based Privacy
International campaigns against what it
calls “overreaching state and corporate surveillance.” Tuesday’s case
showed the group had been “caught up in the surveillance dragnet,”
Caroline Wilson Palow, the organization’s general counsel, said in a
statement..... In a separate ruling this month, the European Court of Human
Rights found some U.K. surveillance programs, including the bulk
interception of communications exposed by whistle-blower Edward Snowden,
violate rules that protect privacy and family life." "The West Midlands is to become the first UK urban 5G testbed area at a
cost of up to £50m – with one use for the new tech being China-style
AI-powered CCTV cameras with automated facial recognition, according to
the government....AI-powered CCTV for automated facial recognition and population
monitoring is widely used in China, with English-language propaganda
from the Communist country being carefully sanitised
to make it appear that the tech is only used to catch criminals and
boost public safety. In reality the system is used by the State to hunt down and capture those who might embarrass officials, among others."
"The system that allowed spy agency
GCHQ access to vast amounts of personal data from telecoms companies was
unlawful for more than a decade, a surveillance watchdog has ruled. The
Investigatory Powers Tribunal said that successive foreign secretaries
had delegated powers without oversight..... Under security rules introduced after the attacks on 11
September 2001, the UK's foreign secretary had the power to direct GCHQ
to obtain data from telecoms companies, with little oversight of what
they were subsequently asking for."
"Campaign group Big Brother Watch has accused HMRC of creating ID
cards by stealth after it was revealed the UK taxman has amassed a
database of 5.1 million people's voiceprints.The department introduced its Voice ID system in
January 2017. This requires taxpayers calling HMRC to record a key
phrase, which is used to create a digital signature that the system uses
to unlock the right account when they phone back. According to a Freedom of Information request,
submitted by Big Brother Watch and published today, the department now
has more than 5.1 million people's voiceprints on record. However, the group argued that users haven't been
given enough information on the scheme, how to opt in or out, or details
on how their data would be deleted. " "The
American Civil Liberties Union and other privacy activists are asking
Amazon to stop marketing a powerful facial recognition tool to police,
saying law enforcement agencies could use the technology to "easily
build a system to automate the identification and tracking of anyone."...privacy
advocates have been concerned about expanding the use of facial
recognition to body cameras worn by officers or safety and traffic
cameras that monitor public areas, allowing police to identify and track
people in real time.The
tech giant's entry into the market could vastly accelerate such
developments, the privacy advocates fear, with potentially dire
consequences for minorities who are already arrested at disproportionate
rates, immigrants who may be in the country illegally or political
protesters."People
should be free to walk down the street without being watched by the
government," the groups wrote in a letter to Amazon on Tuesday. "Facial
recognition in American communities threatens this freedom."." "Large public places, such as airports or shopping malls, have already
been turned into surveillance free-for-alls, where people’s every move
is catalogued for the sake of profit. Now, one prominent company is
ready to help governments spread that same surveillance technology over
entire cities. Israeli company Jenovice Cyber Labs is poised to launch new products
that monitor everything from prisons to heavily populated areas,
depending on what exactly customers want, CyberScoop has learned. It’s a
particularly provocative product coming in the wake of DHS detecting Stingray cellphone spying devices across Washington, D.C., but all too easy to fathom based on the way companies make millions off
the collection of location-based data. Jenovice’s Metropolink, which is
only available for law enforcement and intelligence agencies, is sold
as an “autonomous”
surveillance system meant to monitor entire metropolitan areas. The
capabilities list reads like hacker tech from a Jason Bourne movie: It’s
advertised as being able to locate, list, map, track, analyze and
visualize all Wi-Fi networks and identities across whatever environment a
customer chooses. The product works thanks to a network of
sensors placed around a
large populated area that track devices by
identifiers including, but
not limited to, MAC address
and geolocation. Targets are usually phones that are broadcasting and
collecting Wi-Fi information by default. Product advertising lists the
technology as “passive,” an important
distinction that’s subject to less regulatory oversight than active
attacks and exploits found in other products. Similarly, in many
countries, Metropolink doesn’t require a warrant, the company says."
"South Wales Police has been testing an automated facial recognition
system since June 2017 and has used it in the real-world at more than
ten events. In the majority of cases, the system has made more incorrect
matches than the times it has been able to correctly identify a
potential suspect or offender. ..... Automatic systems that scan people's faces in public and try to make
matches are at an early stage in the UK. In China, systems are more
advanced with a BBC News reporter being located, during a stunt, within just seven minutes...... South Wales Police, in its privacy assessment
of the technology, says it is a "significant advantage" that no
"co-operation" is required from a person. ...... In the future, the police force says, it may be possible to integrate
the facial recognition technology with databases from other sources. It
says the Police National Database (which has more than 19 million
images), the Automatic Number Plate Recognition database, passport or
driving licence could be added to its system..... In
2012, the High Court ruled it was unlawful for millions of photos of
innocent people to be kept on police databases. At present, these can
only be removed if a person makes a complaint to police." "Seeking
to build an identification system of unprecedented scope, India is
scanning the fingerprints, eyes and faces of its 1.3 billion residents
and connecting the data to everything from welfare benefits to mobile
phones. Civil
libertarians are horrified, viewing the program, called Aadhaar, as
Orwell’s Big Brother brought to life. To the government, it’s more like
“big brother,” a term of endearment used by many Indians to address a
stranger when asking for help. For
other countries, the technology could provide a model for how to track
their residents. And for India’s top court, the ID system presents
unique legal issues that will define what the constitutional right to
privacy means in the digital age. ....
Technology has given governments around the world new tools to monitor
their citizens. In China, the government is rolling out ways to use facial recognition and big data
to track people, aiming to inject itself further into everyday life.
Many countries, including Britain, deploy closed-circuit cameras to
monitor their populations....The potential uses — from surveillance to managing government benefit
programs — have drawn interest elsewhere. Sri Lanka is planning a
similar system, and Britain, Russia and the Philippines are studying it,
according to the Indian government...." "...declassified documents provided by former NSA contractor Edward
Snowden
reveal that the NSA has developed technology not just to record and
transcribe private conversations but to automatically identify the
speakers.
Americans most regularly encounter this technology, known as speaker
recognition, or speaker identification, when they wake up Amazon’s Alexa
or call their bank.... Civil liberties experts are worried that
these and other
expanding uses of speaker recognition imperil the right to privacy.
“This creates a new intelligence capability and a new capability for
abuse,” explained Timothy Edgar, a former White House adviser to the
Director of National Intelligence. A major concern of civil libertarians is the potential to
chill speech.
Trevor Timm, executive director of the Freedom of the Press Foundation,
noted how the NSA’s speaker recognition technology could hypothetically
be used to track journalists, unmask sources, and discourage anonymous
tips. While people handling sensitive materials know they should encrypt
their phone calls, Timm pointed to the many avenues — from televisions
to headphones to internet-enabled devices — through which voices might
be surreptitiously recorded. “There are microphones all around us all
the time. We all carry around a microphone 24 hours a day, in the form
of our cellphones,” Timm said. “And we know that there are ways for the
government to hack into phones and computers to turn those devices
on.”.... “Despite the many [legislative] changes that have happened
since the
Snowden revelations,” he continued, “the American people only have a
partial understanding of the tools the government can use to conduct
surveillance on millions of people worldwide. It’s important that this
type of information be debated in the public sphere.” But debate is
difficult, he noted, if the public lacks a meaningful sense of the
technology’s uses — let alone its existence.... | |
Latest Developments In 'Turnkey Totalitarianism' |
||
Current - 2018 - 2017 - 2016 - 2015 - 2014 - 2013 - 2012 - 2011 - 2010 - 2009 - 2008 & Earlier |
||
2018 |
"Increasing
numbers of women are being secretly filmed on spy cameras
as covert recording technology becomes cheaper and more readily
available, experts have warned. Peeping toms are installing clandestine
cameras in rental and
student properties or public spaces including toilets, swimming
pool
cubicles, changing rooms and tanning salons, in an attempt to capture
explicit photos of women without their consent....experts say the hidden
nature of the crime means most women will never
be aware they have been captured on camera – and also makes
it very
difficult to accurately predict the scale of the problem.... Advanced
Sweeping, a company that detects spycams and bugs, said such incidents
had risen due to the gadgets becoming less expensive and more
technologically advanced. Keith Roberts, who runs the company, said his
cases ranged from detecting spy cameras placed in homes by partners or
exes, to instances of people using the equipment to snoop on strangers.
“It has grown exponentially in the last five to seven years,” he said.
“Our caseload is going up, which comes from these things being readily
easy to buy. They used to have to go to spy shops but now it’s all on
eBay and Amazon. It is shocking. Tech can lead people down some dark
roads. It is terrifying. You have got to be very vigilant these days. We
check businesses, residential homes, boats, vehicles.”... “People put
[spy cams] in because they want to be nosy and then
they turn into a voyeur. It is the leaking of information which makes
people realise they are being spied on, but lots are spied on and never
know.” He
said advances in technology meant some camera devices were very
difficult to detect because they only send imagery or audio from the
particular room to the voyeur at certain times of day such as 3am –
meaning the wifi will not be transmitting when firms do a “sweep”,
and
therefore will be more difficult to detect. However, he said
his company was able to get round this by using highly sensitive
scientific equipment. A search for spy cameras on Amazon shows
everything from
watches to water battles, alarm clock radios, glasses and pens,
priced
anywhere from £7 to £70, which contain hidden spy cameras. ...
Alisdair A Gillespie, an academic who specialises in cybercrime and
sexual offences, said it was tremendously difficult for the police to
catch voyeurs, and even when footage was discovered it was difficult to
work out who the people in the videos were as you may not be able to see
their faces. “The problem with voyeurism is, because it is
secret, you only
ever stumble across it. It will only be if you happen to find someone
installing the camera or you discover the footage,” he said. “If footage
is from a changing room in a shop or leisure centre, all you might see
is the genitalia.”... Samantha Pegg, a senior lecturer at Nottingham Law
School who
specialises in sexual offences and pornography, said voyeurs tend to be
given sexual harm prevention orders that stop offenders buying
electronic equipment that can be used as a camera. She said she always
checked for secret cameras in hotels, adding
that she looked at smoke alarms to work out if they look “suspicious”
and switched the lights off to see if anything can be seen. “I do
make an effort to check but maybe I am giving myself a false sense of
security,” she said." "Beijing is speeding up the
adoption of facial recognition-enabled smart locks in its public housing
programmes as part of efforts to clamp down on tenancy abuse, such as
illegal subletting. The face-scanning system is expected to cover all of
Beijing’s public housing projects, involving a total of 120,000
tenants, by the end of June 2019, according toThe Beijing News. By
combining facial recognition with smart locks, the Beijing authorities
hope to not only improve the security of public housing communities but
also prevent illegal subletting, to make sure the limited housing
resources are only allocated to those in genuine need. The move is the
latest example of the use of facial recognition technology by the
Chinese authorities to keep an eye on its citizens. Many Chinese cities
are already relying on facial recognition cameras to catch jaywalkers.
One Beijing park even installed toilet paper dispensers equipped with
facial recognition functions to discourage visitors from taking too much
loo roll. The face-scanning system has already been installed in 47 public housing
projects across Beijing. As many as 100,000 facial scans comprising
tenants and their family members have been collected." "How can Facebook monitor billions of posts per day in over 100
languages, all without disturbing the endless expansion that is core to
its business? The company’s solution: a network of workers using a maze
of PowerPoint slides spelling out what’s forbidden. Every other Tuesday
morning, several dozen Facebook employees gather over breakfast to come
up with the rules, hashing out what the site’s two billion users should
be allowed to say. The guidelines that emerge from these meetings are
sent out to 7,500-plus moderators around the world. (After publication
of this article, Facebook said it had increased that number to around
15,000.) The closely held rules are extensive, and they make the company
a far more powerful arbiter of global speech than has been publicly
recognized or acknowledged by the company itself, The New York Times has
found. The Times was provided with more than 1,400 pages from the
rulebooks by an employee who said he feared that the company was
exercising too much power, with too little oversight — and making too
many mistakes. An examination of the files revealed numerous gaps,
biases and outright errors. As Facebook employees grope for the right
answers, they have allowed extremist language to flourish in some
countries while censoring mainstream speech in others." Chinese schools monitor students activities, targeting truancy with 'intelligent uniforms' Global Times, 20 December 2018 "...surveillance images are typically obtained by officers and
detectives
knocking on doors, asking business owners and homeowners if a
surveillance camera might have captured a particular incident. Now, the
locations of homes and businesses that register with the
Camera Registration Program appear as blue dots on a satellite map of
Renton. Mathews said other police agencies have databases of available
cameras on printed pages, but not on a computer-generated map. She
believes Renton PD’s is the first. The Camera Registration Program is
volunteer-only and does not allow police officers to see images in real
time. It simply lets investigators know a camera is in the area and that
its owner is willing to cooperate with police officers. Those officers
can then “log in from their cars and see there are three houses in this
area, and the suspect fled this way, so maybe these three cameras will
show something,” Mathews explained. Wes Henry is Pastor at City View
Church, which has a very clear,
brand-new digital surveillance system. On Thursday morning, he signed up
to partner with the Renton PD should anything suspicious happen within
sight of his cameras. Henry told KIRO 7 he has no concerns about the
program invading his or his congregation members’ privacy. “They are
putting us on the map,” Henry explained about his willingness to partner
with Renton police. Officers “don’t have access to our cameras. They’re
not coming to tap
in. They don’t actually have any way to get the feed unless I give it
to them.” "... as smartphones have become ubiquitous and technology more accurate, an
industry of snooping on people’s daily habits has spread and grown more
intrusive.
At least 75 companies receive anonymous, precise location data from apps
whose users enable location services to get local news and weather or
other information, The Times found. Several of those businesses claim to
track up to 200 million mobile devices in the United States — about
half those in use last year. The database reviewed by The Times — a
sample of information gathered in 2017 and held by one company — reveals
people’s travels in startling detail, accurate to within a few yards
and in some cases updated more than 14,000 times a day. These companies sell, use or analyze the data to
cater to advertisers, retail outlets and even hedge funds seeking
insights into consumer behavior. It’s a hot market, with sales of
location-targeted advertising reaching an estimated $21 billion this year. IBM has gotten into the industry, with its purchase of the Weather Channel’s apps. The social network Foursquare remade itself as a location marketing company. Prominent investors in location start-ups include Goldman Sachs and Peter Thiel, the PayPal co-founder. Businesses say their interest is in the
patterns, not the identities, that the data reveals about consumers.
They note that the information apps collect is tied not to someone’s
name or phone number but to a unique ID. But those with access to the
raw data — including employees or clients — could still identify a
person without consent. They could follow someone they knew, by
pinpointing a phone that regularly spent time at that person’s home
address. Or, working in reverse, they could attach a name to an
anonymous dot, by seeing where the device spent nights and using public
records to figure out who lived there. Many location companies say that when phone
users enable location services, their data is fair game. But, The Times
found, the explanations people see when prompted to give permission are
often incomplete or misleading. An app may tell users that granting
access to their location will help them get traffic information, but not
mention that the data will be shared and sold. That disclosure is often
buried in a vague privacy policy."
Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret
New York Times, 10 December 2018 "With indecent speed, and after the barest nod to debate, the Australian Parliament has now passed the Assistance and Access Act, unopposed and unamended. The bill is a cousin to the United Kingdom’s Investigatory Powers Act, passed in 2016. The two laws vary in their details, but both now deliver a panoptic new power to their nation’s governments. Both countries now claim the right to secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.We don’t know – because it is a state secret – whether the UK has already taken advantage of its powers, but this month we had some strong statements from GCHQ about what they plan to do with them. And because the “Five Eyes” coalition of intelligence-gathering countries have been coordinating this move for some time, we can expect Australia to shortly make the same demands.Ian Levy, GCHQ’s Technical Director, recently posted on the Lawfare blog what GCHQ wants tech companies to do. Buried in a post full of justifications (do a search for “crocodile clips” to find the meat of the proposal, or read EFF’s Cindy Cohn’s analysis), Levy explained that GCHQ wants secure messaging services, like WhatsApp, Signal, Wire, and iMessage, to create deceitful user interfaces that hide who private messages are being sent to. In the case of Apple’s iMessage, Apple would be compelled to silently add new devices to the list apps think you own: when someone sends you a message, it will no longer just go to, say, your iPhone, your iPad, and your MacBook – it will go to those devices, and a new addition, a spying device owned by the government. With messaging systems like WhatsApp, the approach will be slightly different: your user interface will claim you’re in a one-on-one conversation, but behind the scenes, the company will be required to silently switch you into a group chat. Two of the people in the group chat will be you and your friend. The other will be invisible, and will be operated by the government. The intelligence services call it “the ghost"; a stalking ghost that requires the most secure tech products available today to lie to their users, via secret orders that their designers cannot refuse without risking prosecution. So this is the first step, after this Australian bill becomes law. We can imagine Facebook and Apple and other messaging services fighting these orders as best as they can. Big tech companies are already struggling with a profound collapse in trust among their customers; the knowledge that they may be compelled to lie to those users will only add to their problems." In the New Fight for Online Privacy and Security, Australia Falls: What Happens Next? Electronic Frontier Foundation, 6 December 2018 "UK spies are planning to increase their use of bulk equipment interference, as the range of encrypted hardware and software applications they can't tap into increases. Equipment interference (EI) – formerly known as computer network exploitation – is the phrase used for spies poking around in devices, like phones or computers, and media like USB sticks. It allows them to gather up info they claim would otherwise be "lost" as it can't be obtained other ways – crucially, it means they can access encrypted data they cannot grab via the more traditional route of interception. At the time the Investigatory Powers Bill was passing through Parliament – it was signed into law in 2016 – EI hadn't been used, but it was already seen an alternative to bulk interception. However, it was expected to be authorised through targeted or targeted thematic warrants; as then-independent reviewer of terrorism David Anderson wrote at the time, "bulk EI is likely to be only sparingly used". Since then, though, GCHQ's use of these bulk powers has "evolved", according to a letter (PDF) to members of parliament’s Intelligence and Security Committee, by security minister Ben Wallace. During the passage of the Investigatory Powers legislation, he said, the government anticipated bulk EI warrants would be "the exception", and "be limited to overseas 'discovery' based EI operations". But with encryption increasingly commonplace, the spies want the exception to edge towards becoming the rule. "Since the passage of the Bill, the communications environment has continued to evolve, particularly in terms of the range of hardware devices and software applications which need to be targeted," Wallace said. "In addition, the deployment of less traditional devices, and usage of these technologies by individuals of interest has advanced significantly." Wallace said GCHQ had reviewed "current operational and technical realities" and "revisited" its previous position. "It will be necessary to conduct a higher proportion of ongoing overseas focused operational activity using the bulk EI regime than was originally envisaged," he said. This was predicted by David Anderson, QC in his 2016 report (PDF), as he acknowledged that the logic of bulk interception could apply to bulk EI. "There will be foreign-focused cases where there is significant value to be gained, operationally, from it - but in which it won’t be possible to make a sufficiently precise assessment to proceed on the basis of the thematic EU power," he said. Anderson added that bulk EU would require "particularly rigorous and technically-informed oversight" from both the secretary of state and the judicial commissioners who form the other part of the recently introduced "double lock" mechanism." UK spies: You know how we said bulk device hacking would be used sparingly? Well, things have 'evolved' The Register, 6 December 2018 "[In Australia] Businesses using fingerprint scanners to monitor their workforce can
legally sack employees who refuse to hand over biometric information on
privacy grounds, the Fair Work Commission has ruled. The ruling, which will be appealed, was made in the case
of Jeremy Lee, a Queensland sawmill worker who refused to comply with a
new fingerprint scanning policy introduced at his work in Imbil, north
of the Sunshine Coast, late last year. Fingerprint scanning was used to monitor the clock-on and clock-off
times of about 150 sawmill workers at two sites and was preferred to
swipe cards because it prevented workers from fraudulently signing in on
behalf of their colleagues to mask absences. The company, Superior Woods, had no privacy policy covering workers and failed to comply with a requirement
to properly notify individuals about how and why their data was being
collected and used. The biometric data was stored on servers located
off-site, in space leased from a third party. Lee argued the business
had never sought its workers’ consent to use
fingerprint scanning, and feared his biometric data would be accessed by
unknown groups and individuals. “I am unwilling to consent to have my
fingerprints scanned because I
regard my biometric data as personal and private,” Lee wrote to his
employer last November. “Information technology companies gather as much
information/data on people as they can. “Whether they admit to it or
not. (See Edward Snowden) Such information is used as currency between
corporations.” Lee was neither antagonistic or belligerent in his
refusals,
according to evidence before the commission. He simply declined to have
his fingerprints scanned and continued using a physical sign-in booklet
to record his attendance. He had not missed a shift in more than three
years. The employer warned him about his stance repeatedly, and claimed
the
fingerprint scanner did not actually record a fingerprint, but rather “a
set of data measurements which is processed via an algorithm”. The
employer told Lee there was no way the data could be “converted or used
as a finger print”, and would only be used to link to his payroll number
to his clock-on and clock-off time. It said the fingerprint scanners
were also needed for workplace safety, to accurately identify which
workers were on site in the event of an accident.... Lee was sacked in
February, and lodged an unfair dismissal claim in the Fair Work
Commission.
He argued he was sacked for failing to comply with an unreasonable
direction, because the fingerprint scanning was in breach of Australian
privacy laws. His biometric information was sent to a separate corporate
entity that was not his employer, Lee argued..... Lee told Guardian
Australia he planned to appeal. He said the ruling
implied that Australians only owned their biometric data until an
employer demanded it, at which point they could be sacked if they
refused to consent.“My biometric data is inherently mine and inseparable
from me,” Lee
said. “My employer can’t demand it or sack me for refusing to give it.”"
"China’s plan to judge each of its 1.3 billion people based on their
social behavior is moving a step closer to reality, with Beijing set to
adopt a lifelong points program by 2021 that assigns personalized
ratings for each resident. The
capital city will pool data from several departments to reward and
punish some 22 million citizens based on their actions and reputations
by the end of 2020, according to a plan
posted on the Beijing municipal government’s website on Monday. Those
with better so-called social credit will get “green channel” benefits
while those who violate laws will find life more difficult. The
Beijing project will improve blacklist systems so that those deemed
untrustworthy will be “unable to move even a single step,” according to
the government’s plan. Xinhua reported on the proposal Tuesday, while
the report posted on the municipal government’s website is dated July
18.China has long experimented with systems that grade its citizens,
rewarding good behavior with streamlined services while punishing bad
actions with restrictions and penalties. Critics say such moves are
fraught with risks and could lead to systems that reduce humans to
little more than a report card....According to the Beijing government’s plan, different agencies will link
databases to get a more detailed picture of every resident’s
interactions across a swathe of services. The proposal calls for
agencies including tourism bodies, business regulators and transit
authorities to work together....The tracking of individual behavior in China has become easier as
economic life moves online, with apps such as Tencent’s WeChat and Ant
Financial’s Alipay a central node for making payments, getting loans and
organizing transport. Accounts are generally linked to mobile phone
numbers, which in turn require government IDs." "Vehicles are increasingly coming connected
with Wi-Fi and may know
more about you than you think – where you've been, what you're listening
to and what kind of coffee you like. All information that privacy
advocates are warning may end up in the hands of advertisers or even
your insurance company, reports CBS News correspondent Kris Van
Cleave. Under the hood of one car, Ford's former head of
tech John Ellis found
four computers. Inside the car, he hooked up his smart phone to show the
data streaming in real time. "With enough data, I can discern patterns
that seem to be almost non-existent to the human eye," Ellis said.
From the brakes to the windshield wipers, with as many as 100 points
that generate data, today's cars pack the power of 20 personal computers
and can process up to 25 gigs of data every hour – some of it beamed
back. Now, carmakers are rushing to turn your car's data into a
revenue stream, reselling blocks of location information and, one day,
information from cars' on-board cameras and sensors could be bought by
mapping companies or apps that monitor traffic conditions. Seventy-two
percent of car owners said they had no idea was happening. "We
know how tired you are because we have cameras inside of the car
looking at the driver to look for eyelid movement," Ellis said. "Some of
the cars have an ability to detect alcohol…are you weaving? Are you
moving? Are you harsh-braking?" Good drivers who agree to
share their data can also get a better deal. Soon, a car's data may be
worth more than the vehicle itself, according to one car data company.
Driver data could add up to three-quarters of a trillion dollars
industry-wide by 2030. GM uses that data – with drivers' consent –
to put popular brands at their fingertips. GM calls it marketplace, an
attempt to cash in on the 46 minutes per day the average American spends
in a car. "Your driving behavior, the person in the car. We do
have that data," said Rick Ruskin of GM Marketplace. "You've created
this connection with merchants and brands. They know your data. We're
bringing that onto the dashboard of the car." Low on gas? It'll
point you to the closest gas station and let you pay from the dash where
you can also, order food or make reservations on the go, all based on
what's close to the car's current location." Ruskin said drivers are
asked to opt in to the program the very first time they tap the screen
on the dashboard. "You'd accept other terms and conditions.
And we'd let you know….that
we may be using the location of your car to serve you," Ruskin said.
Privacy advocates point out that it's on us to start thinking about cars
for what they've become: data-generating devices." "Britain’s biggest employer organisation and main trade union
body
have sounded the alarm over the prospect of British companies implanting
staff with microchips to improve security. UK firm BioTeq, which offers
the implants to businesses and individuals, has already fitted 150
implants in the UK. The tiny chips, implanted in the flesh between the
thumb and
forefinger, are similar to those for pets. They enable people to open
their front door, access their office or start their car with a wave of
their hand, and can also store medical data. Another company, Biohax of
Sweden, also provides human chip implants the size of a grain of rice.
It told the Sunday Telegraph
(£) that it is in discussions with several British legal and financial
firms about fitting their employees with microchips, including one major
company with hundreds of thousands of employees. The CBI, which
represents 190,000 UK businesses, voiced concerns about the prospect. A
CBI spokesperson said: “While technology is changing the way we
work, this makes for distinctly uncomfortable reading. Firms should be
concentrating on rather more immediate priorities and focusing on
engaging their employees.” The TUC is worried that staff could be
coerced into being microchipped. Its general secretary Frances O’Grady said:
“We know workers are already concerned that some employers are using
tech to control and micromanage, whittling away their staff’s right to
privacy. “Microchipping would give bosses even more power and control over
their workers. There are obvious risks involved, and employers must not
brush them aside, or pressure staff into being chipped.”" "The US Drug Enforcement Administration (DEA)
and Immigration and Customs Enforcement (ICE) have hidden an undisclosed
number of covert surveillance cameras inside streetlights around the
country, federal contracting documents reveal. According to government procurement data,
the DEA has paid a Houston, Texas company called Cowboy Streetlight
Concealments LLC roughly $22,000 since June 2018 for “video recording
and reproducing equipment.” ICE paid out about $28,000 to Cowboy
Streetlight Concealments over the same period of time. It’s
unclear where the DEA and ICE streetlight cameras have been installed,
or where the next deployments will take place. ICE offices in Dallas,
Houston, and San Antonio have provided funding for recent acquisitions
from Cowboy Streetlight Concealments; the DEA’s most recent purchases
were funded by the agency’s Office of Investigative Technology, which is
located in Lorton, Virginia."
"Microsoft's president Brad Smith said facial recognition technology needs to be regulated so the world doesn't turn into a Nineteen Eighty-Four
scenario with everyone's actions tracked and scrutinised. He told
attendees at WebSummit in Lisbon, Portugal that the way in
which facial recognition technology is developing and being used by more
businesses could be detrimental to the average person's privacy. “It
potentially means every time you walk into a store, a retailer knows
when you were in there last, what good you picked out, what you
purchased,” he said, reported Recode.
“I think even that frankly pales in comparison to what it could do to
relationships between individuals and the state.” Although
Microsoft has built its own facial recognition technology,
Brad recognises that regulating the industry is the most effective way
to make sure it doesn't get out of hands and businesses start misusing
their powers. Of course, he accepts that in some cases, such as finding
criminals and monitoring illegal activities, it's an effective
technology, but warned those applications mustn't get out of hand. "For
the first time, the world is on the threshold of technology that
would give a government the ability to follow anyone anywhere, and
everyone everywhere. It could know exactly where you are going, where
you have been and where you were yesterday as well," Smith said. "And
this has profound potential ramifications for even just the
fundamental civil liberties on which democratic societies rely. Before
we wake up and find that the year 2024 looks like the book '1984',
let’s figure out what kind of world we want to create, and what are the
safeguards and what are the limitations of both companies and
governments for the use of this technology." "[Edward Snowden has suggested] a link between the murder of Saudi journalist Jamal Khashoggi and Saudi use of NSO Group’s Pegasus software... The NSO Group has been the subject of much controversy in recent years, with Canadian internet watchdog Citizen Lab claiming that the Pegasus software marketed by the company is being used by a number of countries 'with dubious human rights records and histories of abusive behavior by state security services.' Pegasus infects individuals’ phones by sending them text messages that tempt them to click an attached link. If the target clicks on the link, the company gains full control over the phone, including its contents and history, and the ability to activate its microphone and camera at will..... 'In today’s world, [NSO Group] are the worst of the worst in selling these burglary tools that are being actively currently used to violate the human rights of dissidents, opposition figure and activists, to some pretty bad players,' he said. Snowden described NSO Group’s activity as a 'kind of predation.'... Snowden told the audience that there was reason to believe the NSO Group’s Pegasus software is connected to the murder of Jamal Khashoggi in Saudi Arabia’s consulate in Istanbul, Turkey.... He also told the audience that it is an open secret that Israel spies on the US. 'Israel has a real leg up in technology, in particular in these kinds of offensive operations. Even the NSA realizes that we get hacked by the Israelis. When we file our counterintelligence priorities matrix, it’s always the same four — China, Russia, Israel and France,' he said. 'If I were going to put them in a ranking I would put Israel above France.'” Israeli tech helped Saudis kill journalist, Snowden tells Tel Aviv confab Times of Israel, 7 November 2018 "Data from the vast majority of apps is harvested and shared with Google, a comprehensive study of the Android ecosystem has revealed. Researchers from Oxford university analysed 959,000 apps from the
UK and US Google Play stores, finding that almost 90 per cent of Android apps share
data with Google. The study also revealed that around half of the apps
transfer data to at least 10 third parties, such as Facebook and
Twitter. The study's authors attribute the mass-data harvesting to the
rise of "freemium" apps that rely on advertising and data sharing for
revenue. Information collected and shared by the apps can include a user's age,
gender and location, with the practice particularly prevalent with apps
aimed at children....The researchers describe the mass data collection and tracking as a
"highly important phenomenon" that presents significant challenges for
both regulators aiming to enforce the law, and for the companies who
must comply with it. Industry figures described the study as "unsurprising", given the
data-based business models that technology companies adopt. The
implications of this, especially concerning communication apps, could be
severe for businesses." "Facial recognition software is to be used in UK supermarkets for the
first time to verify the age of people buying alcohol and cigarettes,
the Telegraph has learned. The pilot scheme is set to be
rolled out at self-service checkouts by
the end of the year and could be applied more widely in 2019. NCR, a US
company which makes self check-out machines for Asda, Tesco
and other UK’s supermarkets, will integrate a camera that will estimate
the age of shoppers when they are buying age restricted items.
The camera will reduce the need for staff to approve purchases by
using AI to scan a person’s face to determine their age and either
accept or deny the sale of the item." "There are two ways for spies to alter the guts of computer equipment.
One, known as interdiction, consists of manipulating devices as they’re
in transit from manufacturer to customer. This approach is favored by
U.S. spy agencies, according to documents leaked by former National
Security Agency contractor Edward Snowden. The other method involves
seeding changes from the very beginning. One country in particular
has an advantage executing this kind of attack: China, which by some
estimates makes 75 percent of the world’s mobile phones and 90 percent
of its PCs. Still, to actually accomplish a seeding attack would mean
developing a deep understanding of a product’s design, manipulating
components at the factory, and ensuring that the doctored devices made
it through the global logistics chain to the desired location—a feat
akin to throwing a stick in the Yangtze River upstream from Shanghai and
ensuring that it washes ashore in Seattle. “Having a well-done,
nation-state-level hardware implant surface would be like witnessing a
unicorn jumping over a rainbow,” says Joe Grand, a hardware hacker and
the founder of Grand Idea Studio Inc. “Hardware is just so far off the radar, it’s almost treated like black magic.” But
that’s just what U.S. investigators found: The chips had been inserted
during the manufacturing process, two officials say, by operatives from a
unit of the People’s Liberation Army. In Supermicro, China’s spies
appear to have found a perfect conduit for what U.S. officials now
describe as the most significant supply chain attack known to have been
carried out against American companies.One official says
investigators found that it eventually affected almost 30 companies,
including a major bank, government contractors, and the world’s most
valuable company, Apple Inc.
Apple was an important Supermicro customer and had planned to order
more than 30,000 of its servers in two years for a new global network of
data centers. Three senior insiders at Apple say that in the summer of
2015, it, too, found malicious chips on Supermicro motherboards. Apple
severed ties with Supermicro the following year, for what it described
as unrelated reasons.... One government official says China’s goal was long-term access to
high-value corporate secrets and sensitive government networks. No
consumer data is known to have been stolen." "One aspect of 5G that has not received much attention is how it will
be seized upon by the murkier side of the global population. Cyber-crime
is a raging battle front and perhaps, before 5G becomes widely
available, governments and regulators should consider how criminals may
utilise the technology. The European Union Agency for Law Enforcement
Cooperation, better
known as Europol, has highlighted that the new technology will threaten
existing techniques for tracking criminals. Europol’s 2018 Internet
Organised Crime Threat Assessment (IOCTA)
has followed on from research begun by the EU’s Public Private
Partnership on 5G and noted that new security concerns will come from
issues related to locating users and GDPR. Firstly, the underlying
virtualisation technology needed to deal
with the complexity and bandwidth of 5G makes it much harder to identify
and locate individual users. 4G technology gives each user a unique
identifier. 5G technology only allocates temporary identifiers.
Artificial intelligence offers a potential way for the police and
security services to overcome this challenge. However, the GDPR laws
designed to protect individual privacy mean that the data bases required
may themselves be illegal.On the plus side, there will be a direct
security benefits from 5G.
Companies and public sector bodies will have more options for encrypting
data, making any potential breaches less likely and less damaging. The
IoT technologies that use 5G will also support improvements to other
aspects of security such as CCTV and object tracking (e.g., stolen
phones/laptops). New technologies always bring new challenges and the
battle
against cyber-crime and organised crime creates dilemmas for governments
and populations. In the UK, the proposed ‘Snoopers Charter’ (the Draft
Communications Data Bill) drew much public criticism and was dropped.
The Investigatory Powers Act that subsequently passed through the UK
Parliament only gained the backing of a majority of British MPs after
concessions to privacy were made. But too much data protection also has
its consequences. It may be
that the EU (and, after Brexit, the UK) will need to consider revisions
to GDPR once 5G goes live across Europe."
What does 5G mean for crime and security? The Verdict, 28 September 2018
"The U.K.’s domestic security service MI5 looked at private data about
a group that campaigns against mass surveillance, a London judge has
found. The agency held and “accessed or examined” data about the campaign group Privacy International,
judge Michael Burton said in court Tuesday. He didn’t say what the data
was or why the security service viewed it. London-based Privacy
International campaigns against what it
calls “overreaching state and corporate surveillance.” Tuesday’s case
showed the group had been “caught up in the surveillance dragnet,”
Caroline Wilson Palow, the organization’s general counsel, said in a
statement. “Should a domestic intelligence agency charged with
protecting national security be spying on a human rights organization
based in London? Shouldn’t such spying, if permitted at all, be subject
to the strictest of safeguards?” she said.... Privacy International said
it wrote to Home Secretary Sajid Javid
Tuesday, asking him to make changes to the country’s laws that cover
internet security, and asking for an explanation of why MI5 wanted the
data it collected. The data that MI5 looked at was categorized as “bulk
personal datasets” and “bulk communications data,” the judge said. Bulk
personal datasets can include the electoral roll, telephone directories
and travel-related data, according to MI5’s website.
Bulk communications data “is the who, where, when, how and with whom of
communications, but not what was written or said,” the website says,
and includes information such as itemized bills. In a separate ruling this month, the European Court of Human
Rights found some U.K. surveillance programs, including the bulk
interception of communications exposed by whistle-blower Edward Snowden,
violate rules that protect privacy and family life." "British spies are likely to have hacked into Belgium’s biggest
telecommunications operator for at least a two-year period on the
instruction of UK ministers, a confidential report submitted by Belgian
prosecutors is said to have concluded. The finding would support an allegation made by the whistleblower Edward Snowden five years ago when he leaked 20 slides exposing the targets of hacking by the British intelligence service GCHQ. According to unconfirmed reports in the Belgian media, the federal
prosecutors’ report suggests the hackers closed their operation within a
matter of minutes of being exposed in August 2013. It is believed the
interception of Belgacom, now Proximus, had been ongoing since at least
2011. The justice minister, Koen Geens, has confirmed he has received the
report and that it will be discussed within the national security
council, led by the prime minister, Charles Michel.... The British spies are said to have targeted the computers of Belgacom
employees working in security and maintenance with faked LinkedIn
messages. There was a particular focus on the Belgian company’s
subsidiary unit, Belgacom International Carrier Services, which handles
phone and data traffic in Africa and the Middle East. It is reported that the espionage – given the the codename Operation
Socialist – was also seeking to target communications made between
roaming smartphones. The interception would
have provided access to communications at Nato
headquarters in Brussels and at key European institutions including the
European commission, European parliament, and the European Council. The
operation was the first documented example of an EU member state
covertly hacking into the critical infrastructure of another. The unpublished prosecutors’ report is said to indicate that the
spying operation must have been authorised at the highest levels of the
British government. In 2011 William Hague was Britain’s foreign
secretary.... The slides leaked five years ago by Snowden, a former contractor for the
US National Security Agency, came from the Network Analysis Centre, a
department of GCHQ."
"Some of the world’s most
sophisticated Android and iPhone spyware has been found floating around
America for the first time. It's one of as many as 45 countries in which
NSO Group malware was uncovered. And together they may represent
breaches of American and other nations' computer crime laws against
cross-border hacking, not to mention a severe concern for citizens’
privacy, according to the researchers who uncovered the professional spy
software. The malware of concern, dubbed Pegasus, is the creation of
NSO Group, an Israeli company valued at close to $1 billion. It can hide
on Apple or Google devices, spying via the camera, listening in on
conversations through the microphone, stealing documents and siphoning
off once-private messages, amongst other surreptitious activities. NSO
has always protested that its tools are designed to be used to track the
most heinous criminals, from terrorists to drug cartels. But the
company has been caught up in spying scandals in Mexico and the United
Arab Emirates. In both cases, civil rights organizations were up in arms
that the iPhone malware had targeted activists, journalists and
lawyers, among others who appeared entirely innocent of any crimes. Just
last month, Forbes reported that an Amnesty researcher focusing on
issues in the UAE had been targeted by NSO spyware. And most recently,
leaked emails included in lawsuits in Israel and Cyprus against NSO
Group appeared to show the company had hacked the phone of a journalist
working at an Arab newspaper."
"The U.S. government can monitor journalists under a foreign
intelligence law that allows invasive spying and operates outside the
traditional court system, according to newly released documents.
Targeting members of the press under the law, known as the Foreign
Intelligence Surveillance Act, requires approval from the Justice
Department’s highest-ranking officials, the documents show. In two 2015 memos for the FBI,
the attorney general spells out “procedures for processing Foreign
Intelligence Surveillance Act applications targeting known media
entities or known members of the media.” The guidelines say the attorney
general, the deputy attorney general, or their delegate must sign off
before the bureau can bring an application to the secretive panel of
judges that approves monitoring under the 1978 act, which governs
intelligence-related wiretapping and other surveillance carried out
domestically and against U.S. persons abroad. The high level of supervision points to the controversy around
targeting members of the media at all. Prior to the release of these
documents, little was known about the use of FISA court orders against
journalists. Previous attention had been focused on the use of National
Security Letters against members of the press; the letters are
administrative orders with which the FBI can obtain certain phone and
financial records without a judge’s oversight. FISA court orders can
authorize much more invasive searches and collection, including the
content of communications, and do so through hearings conducted in
secret and outside the sort of adversarial judicial process that allows
journalists and other targets of regular criminal warrants to eventually
challenge their validity. “This is a huge surprise,” said Victoria Baranetsky, general counsel
with the Center for Investigative Reporting, previously of Reporters
Committee for the Freedom of the Press. “It makes me wonder, what other
rules are out there, and how have these rules been applied? The next
step is figuring out how this has been used.”"
Government Can Spy on Journalists in the U.S. Using Invasive Foreign Intelligence Process Intercept, 17 September 2018
"GCHQ’s methods for bulk interception of online communications
violated privacy and failed to provide sufficient surveillance
safeguards, the European court of human rights has ruled. But the ECHR found that GCHQ’s regime for sharing sensitive digital
intelligence with foreign governments was not illegal, and it explicitly
confirmed that bulk interception with tighter safeguards was
permissible. The ruling, which follows Edward Snowden’s whistleblowing revelations,
is a comprehensive assessment by the ECHR of interception operations
carried out until recently by UK intelligence agencies. The legal
claims, which had already been heard by the UK’s
investigatory powers tribunal, were brought by a coalition of 14 human
rights groups and privacy organisations including Amnesty International,
Liberty, Privacy International and Big Brother Watch, as well as journalists. The case concerned the interception regime previously operated by GCHQ. Updated regulations are coming into force under the Investigatory Powers Act 2016."
"The West Midlands is to become the first UK urban 5G testbed area at a
cost of up to £50m – with one use for the new tech being China-style
AI-powered CCTV cameras with automated facial recognition, according to
the government....AI-powered CCTV for automated facial recognition and population
monitoring is widely used in China, with English-language propaganda
from the Communist country being carefully sanitised
to make it appear that the tech is only used to catch criminals and
boost public safety. In reality the system is used by the State to hunt down and capture those who might embarrass officials, among others."
"Facebook has begun to assign its
users a reputation score, predicting their trustworthiness on a scale
from zero to 1. The previously unreported ratings system, which Facebook
has developed over the past year, shows that the fight against the
gaming of tech systems has evolved to include measuring the credibility
of users to help identify malicious actors. Facebook developed its
reputation assessments as part of its effort against fake news, Tessa
Lyons, the product manager who is in charge of fighting misinformation,
said in an interview. ...It is unclear what other criteria Facebook
measures to determine a user’s score, whether all users have a score and
in what ways the scores are used....“Not knowing how [Facebook is]
judging us is what makes us uncomfortable,” said Claire Wardle, director
of First Draft, a research lab within the Harvard Kennedy School that
focuses on the impact of misinformation and that is a fact-checking
partner of Facebook. “But the irony is that they can’t tell us how they
are judging us — because if they do, the algorithms that they built will
be gamed.” "Millions of us have welcomed Alexa into our homes by
purchasing one of Amazon’s Echo smart speakers. The handy gadgets can be
used for playing music, shopping and – on some models – even watching
video clips. But they can also be turned against you if a hacker is
sufficiently
motivated to crack through Amazon’s security and access the device’s
microphone and recording ability. A team of expert hackers from the
Tencent corporation in China have
demonstrated a worrying technique for turning Amazon’s Echo into a
snooping device. ‘After several months of research, we successfully
break the Amazon
Echo by using multiple vulnerabilities in the Amazon Echo system, and
[achieve] remote eavesdropping,’ a spokesperson for the company told Wired. They revealed the fruits of their labour at the DefCon security
conference on Sunday. But before you start panicking and scrambling to
unplug your Echo, the team had already disclosed what they’d found to
Amazon who pushed out security fixes last month." "Google wants to know where you go so badly that it records
your movements even when you explicitly tell it not to. An Associated
Press investigation found
that many Google services on Android devices and iPhones store your
location data even if you've used privacy settings that say they will
prevent it from doing so. Computer-science researchers at Princeton
confirmed these findings at the AP's request. For the most part, Google
is upfront about asking permission to use your location information. An
app like Google Maps will remind you to allow access to location if you
use it for navigating. If you agree to let it record your location over
time, Google Maps will display that history for you in a "timeline"
that maps out your daily movements. Storing your minute-by-minute
travels carries privacy risks and has been used by police to determine
the location of suspects — such as a warrant that police in Raleigh,
North Carolina, served on Google last year to find devices near a murder
scene. So the company will let you "pause" a setting called Location
History. Google says that will
prevent the company from remembering where you've been. Google's support
page on the subject states: "You can turn off Location History at any
time. With Location History off, the places you go are no longer
stored." That isn't true. Even
with Location History paused, some Google apps automatically store
time-stamped location data without asking. For example, Google
stores a snapshot of where you are when you merely open its Maps app.
Automatic daily weather updates on Android phones pinpoint roughly where
you are. And some searches that have nothing to do with location, like
"chocolate chip cookies," or "kids science kits," pinpoint your precise
latitude and longitude — accurate to the square foot — and save it to
your Google account. The privacy issue affects
some two billion users of devices that run Google's Android operating
software and hundreds of millions of worldwide iPhone users who rely on
Google for maps or search.... To stop Google from saving these location markers, the company says,
users can turn off another setting, one that does not specifically
reference location information. Called "Web and App Activity" and
enabled by default, that setting stores a variety of information from
Google apps and websites to your Google account. When paused, it will prevent activity on any device from being saved to
your account. But leaving "Web & App Activity" on and turning
"Location History" off only prevents Google from adding your movements
to the "timeline," its visualization of your daily travels. It does not
stop Google's collection of other location markers. You can delete these location markers by hand, but it's a painstaking
process since you have to select them individually, unless you want to
delete all of your stored activity. You can see the stored location markers on a page in your Google account at myactivity.google.com,
although they're typically scattered under several different headers,
many of which are unrelated to location. To demonstrate how powerful
these other markers can be, the AP
created a visual map of the movements of Princeton postdoctoral
researcher Gunes Acar, who carried an Android phone with Location
history off, and shared a record of his Google account. The map includes
Acar's
train commute on two trips to New York and visits to The High Line park,
Chelsea Market, Hell's Kitchen, Central Park and Harlem. To protect his
privacy, The AP didn't plot the most telling and frequent marker — his
home address. Huge tech companies are
under increasing scrutiny over their data practices, following a series
of privacy scandals at Facebook and new data-privacy rules recently
adopted by the European Union. Last year, the business news site Quartz
found that Google was tracking Android users by collecting the addresses
of nearby cellphone towers even if all location services were off.
Google changed the practice and insisted it never recorded the data
anyway. Critics say Google's insistence on tracking its users' locations stems from its drive to boost advertising revenue." "U.S. lawmakers and the Trump administration have pressured U.S. companies to not sell Huawei or ZTE (000063.SZ) products, saying they potentially could be used to spy on Americans. Earlier this year they pushed AT&T (T.N)
to drop a deal with Huawei to sell its smartphones in the
United States. The source said Bob Lord, the DNC’s chief security
officer, said in a
email that it was important for party and campaign workers to be
vigilant about the warnings. “Please make sure that
you are not using or purchasing ZTE or Huawei devices anywhere within
your staff - for personal or work-related use,” Lord said. Federal
Communications Commission Chairman Ajit Pai told Congress in March he
shared the concerns of U.S. lawmakers about espionage threats
from Huawei. “Hidden ‘back doors’ to our networks in routers,
switches - and virtually any other type of telecommunications equipment -
can provide an avenue for hostile governments to inject viruses, launch
denial-of-service attacks, steal data, and more,” Pai said at the time.
The U.S. Department of Defense has already stopped selling
mobile phones and modems made by Huawei and ZTE in stores
on its
military bases, citing potential security risks." "Google is planning to launch a censored version of its search
engine in China that will blacklist websites and search terms about
human rights, democracy, religion, and peaceful protest, The Intercept
can reveal. The project – code-named Dragonfly – has been underway since spring
of last year, and accelerated following a December 2017 meeting between
Google’s CEO Sundar Pichai and a top Chinese government official,
according to internal Google documents and people familiar with the
plans. Teams of programmers and engineers at Google have created a custom
Android app, different versions of which have been named “Maotai” and
“Longfei.” The app has already been demonstrated to the Chinese
government; the finalized version could be launched in the next six to
nine months, pending approval from Chinese officials.... Google’s search service cannot currently be accessed by most internet
users in China because it is blocked by the country’s so-called Great
Firewall. The app Google is building for China will comply with the
country’s strict censorship laws, restricting access to content that Xi
Jinping’s Communist Party regime deems unfavorable....The Chinese government blocks information on the internet about
political opponents, free speech, sex, news, and academic studies. It
bans websites about the 1989 Tiananmen Square massacre, for instance,
and references to “anticommunism” and “dissidents.” Mentions of books
that negatively portray authoritarian governments, like George Orwell’s
1984 and Animal Farm, have been prohibited on Weibo, a Chinese social media website...... Documents seen by The Intercept, marked “Google confidential,” say
that Google’s Chinese search app will automatically identify and filter
websites blocked by the Great Firewall. When a person carries out a
search, banned websites will be removed from the first page of results,
and a disclaimer will be displayed stating that “some results may have
been removed due to statutory requirements.” Examples cited in the
documents of websites that will be subject to the censorship include
those of British news broadcaster BBC and the online encyclopedia
Wikipedia. The search app will also “blacklist sensitive queries” so that “no
results will be shown” at all when people enter certain words or
phrases, the documents state. The censorship will apply across the
platform: Google’s image search, automatic spell check and suggested
search features will incorporate the blacklists, meaning that they will
not recommend people information or photographs the government has
banned..... Patrick Poon, a Hong Kong-based researcher with human rights group
Amnesty International, told The Intercept that Google’s decision to
comply with the censorship would be “a big disaster for the information
age.” “This has very serious implications not just for China, but for all
of us, for freedom of information and internet freedom,” said Poon. “It
will set a terrible precedent for many other companies who are still
trying to do business in China while maintaining the principles of not
succumbing to China’s censorship. The biggest search engine in the world
obeying the censorship in China is a victory for the Chinese government
– it sends a signal that nobody will bother to challenge the censorship
any more.”"
"The world's most powerful governments are today accused of
bankrolling surveillance kit and training for smaller and dubious
nations – and the tech industry stands to benefit. In a dossier published on Tuesday,
civil-rights warriors Privacy International said that top governments –
from the US, UK and China to France, Germany, and the European Union –
are financing, training and equipping
countries, including authoritarian regimes, with surveillance
capabilities. By doing so, the countries with the most extensive
security and military agencies are “transferring their electronic
surveillance capabilities, practices, and legislation around the world,”
the report said. It said that some of the funds for such programmes
were being badged as development. The US spent more than $20bn in
security aid in 2017, with recipients of training and kit over the years
including African nations and Afghanistan. Privacy International said that despite such efforts
boosting recipients’ security capacities, it can also play “a defining
role in maintaining the ability of recipient governments to exercise
functions of the state and political control.”" "The system that allowed spy agency
GCHQ access to vast amounts of personal data from telecoms companies was
unlawful for more than a decade, a surveillance watchdog has ruled. The
Investigatory Powers Tribunal said that successive foreign secretaries
had delegated powers without oversight. But it added there was no
evidence GCHQ had misused the system. Privacy International criticised
the "cavalier manner" in which personal data was shared. The
group brought the legal challenge and solicitor Millie Graham Wood said
it was "proof positive" that the system set up to protect personal data
was flawed. "The foreign secretary was supposed to protect access
to our data by personally authorising what is necessary and
proportionate for telecommunications companies to provide to the
agencies. "The way that these directions were drafted risked
nullifying that safeguard by delegating that power to GCHQ - a violation
that went undetected by the system of commissioners for years and was
seemingly consented to by all of the telecommunications companies
affected." Under security rules introduced after the attacks on 11
September 2001, the UK's foreign secretary had the power to direct GCHQ
to obtain data from telecoms companies, with little oversight of what
they were subsequently asking for." "Earlier this month it came out that among Facebook’s myriad
algorithmically induced advertising categories was an entry for users
whom the platform’s data mining systems believed might be interested in
treason against their government. The label had been applied to more
than 65,000 Russian citizens, placing them at grave risk should their
government discover the label. Similarly, the platform’s algorithms
silently observe its two billion users’ actions and words, estimating
which users it believes may be homosexual and quietly placing a label on
their account recording that estimate. What happens when governments
begin using these labels to surveil, harass, detain and even execute
their citizens based on the labels produced by an American company’s
black box algorithms? One of the challenges with the vast automated
machine that is Facebook’s advertising engine is that its sheer scale
and scope means it could never possibly be completely subject to human
oversight. Instead, it hums along in silence, quietly watching the
platform’s two billion users as Big Brother, silently assigning labels
to them indicating its estimates of everything from their routine
commercial interests to the most sensitive and intimate elements of
their personality, beliefs and medical conditions that could be used by
their governments to manipulate, arrest or execute them. Such concerns
are unfortunately far from hypothetical. .... many governments across the world that very much aware of the
potential of Facebook’s advertising tools for surveillance and indeed
use them actively to track specific demographics and interests, using
the company’s built-in reporting tools to identify geographic areas and
demographics to target for further surveillance.... The public
availability of Facebook’s targeting tools means intelligence agencies
need no court orders to leverage them, foreign intelligence services can
use them to track and surveil on foreign soil and even local law
enforcement agencies can use them with few restrictions....
Facebook is increasingly playing as a tool for law enforcement,
intelligence agencies and repressive regimes to crack down on legitimate
dissent or internationally recognized human rights. It also raises
important questions about the company’s legal exposure if it knowingly
assists a repressive regime track down and execute citizens based on
internationally protected statuses.... its international reach, massive
centralized data warehouse and algorithms that can divine the most
sensitive and intimate elements of our lives are likely to increasingly
become a go-to one-stop shop for the world’s intelligence agencies to
spy on and influence the world while governments themselves increasingly
leverage their legal powers to force Facebook to help them hunt down
dissent and those different from themselves. Welcome to a world even
Orwell could not have imagined."
"A group of researchers and students at MIT have developed an
intelligent radar-like technology that makes it possible to see through
walls to track people as they move around, a development that could
prove useful for monitoring the elderly or sick as well as for other
applications — but that also raises privacy concerns. Tests show
that the technology, known as RF-Pose, can reveal whether someone is
walking, sitting, standing or even waving — and can identify individuals
from a known group with a success rate of 83 percent. Its developers
say it could prove useful for law enforcement, search and rescue, and —
perhaps most important — health care....Ginés Hidalgo, a research
associate at the Robotics Institute of
Carnegie Mellon University in Pittsburgh, told NBC News MACH in an email
that it was of limited use at this point because the radio signals it
uses are unable to pass through thick walls. "It could become a
breakthrough" if that limitation can be addressed, said Hidalgo, who was
not involved in the project. But
Hidalgo said the technology also raises privacy concerns. "If a normal
camera is recording me, it means I am able to see the camera, too," he
said in the email. "If this camera can be hidden behind or even inside
any object, I would never be able to know when I am being monitored."" "It’s the smartphone conspiracy theory that just won’t go away: Many, many people are convinced that their phones are listening to their conversations to target them with ads. Vice recently fueled the paranoia with an article that declared “Your phone is listening and it’s not paranoia,”
a conclusion the author reached based on a 5-day experiment where he
talked about “going back to uni” and “needing cheap shirts” in front of
his phone and then saw ads for shirts and university classes on
Facebook....They found no evidence of an app unexpectedly activating the
microphone or sending audio out when not prompted to do so. Like good
scientists, they refuse to say that their study definitively proves that
your phone isn’t secretly listening to you, but they didn’t find a
single instance of it happening. Instead, they discovered a different disturbing practice: apps recording a phone’s screen and sending that information out to third parties.Of
the 17,260 apps the researchers looked at, over 9,000 had permission to
access the camera and microphone and thus the potential to overhear the
phone’s owner talking about their need for cat litter or about how much
they love a certain brand of gelato. Using 10 Android phones, the
researchers used an automated program to interact with each of those
apps and then analyzed the traffic generated.The strange practice they started to see was that screenshots and
video recordings of what people were doing in apps were being sent to
third party domains. For example, when one of the phones used an app
from GoPuff,
a delivery start-up for people who have sudden cravings for junk food,
the interaction with the app was recorded and sent to a domain
affiliated with Appsee, a mobile analytics company. The video included a
screen where you could enter personal information—in this case, their
zip code. This wasn’t a total surprise: Appsee proudly touts its ability
to record what users are doing in an app on its website. What bothered
the researchers was that it wasn’t evident to the user that their
behavior was being recorded, something which wasn’t disclosed in
GoPuff’s privacy policy. After the researchers contacted GoPuff, it
added a disclosure to the policy acknowledging that “ApSee” might receive users PII.
“As an added precaution, we also pulled Appsee SDK from the latest
Android and iOS builds,” said the start-up’s spokesperson by email....
In other words, until smartphone makers notify you when your screen is
being recorded or give you the power to turn that ability off, you have a
new thing to be paranoid about. The researchers will be presenting their work at the Privacy Enhancing Technology Symposium Conference in Barcelona next month... The researchers weren’t comfortable saying for sure that your phone
isn’t secretly listening to you in part because there are some scenarios
not covered by their study." "Officials with Customs and Border Protection’s Entry/Exit
have a way to shorten the long lines at airline gates while improving
security and meeting an almost 15-year-old mandate from Congress.
Officials announced June 21 that Orlando International would be the
first airport in the country to screen every international passenger
using facial recognition technology. CBP has been running biometric pilots—including
facial recognition—at 13 airports across the country but Orlando will
be the first to use the system on all travelers. In 2004, Congress charged the CBP with
finding a way to apply biometric screening at all border
crossings—including land, air and sea. The agency has struggled to
comply, citing difficulties in finding the right technology to improve
security without adding significant travel delays. “We are at a critical turning point in the implementation of a
biometric entry-exit system, and we’ve found a path forward that
transforms travel for all travelers,” CBP
Commissioner Kevin McAleenan said at a June 21 press conference. “The
valuable collaboration with stakeholder partners like [the Greater
Orlando Aviation Authority] has resulted in real momentum and it has
brought us to where we are today, the first fully biometric entry-exit
deployment at an airport.”"
"The secrets are hidden behind fortified walls in
cities across the United States, inside towering, windowless
skyscrapers and fortress-like concrete structures that were built to
withstand earthquakes and even nuclear attack. Thousands of people pass
by the buildings each day and rarely give them a second glance, because
their function is not publicly known. They are an integral part of one
of the world’s largest telecommunications networks – and they are also
linked to a controversial National Security Agency surveillance program.
Atlanta, Chicago, Dallas, Los Angeles, New York City, San Francisco,
Seattle, and Washington, D.C. In each of these cities, The Intercept has
identified an AT&T facility containing networking equipment that
transports large quantities of internet traffic across the United States
and the world. A body of evidence – including classified NSA documents,
public records, and interviews with several former AT&T employees –
indicates that the buildings are central to an NSA spying initiative
that has for years monitored billions of emails, phone calls, and online
chats passing across U.S. territory.... According to the NSA’s documents,
it values AT&T not only because it “has access to information that
transits the nation,” but also because it maintains unique relationships
with other phone and internet providers. The NSA exploits these
relationships for surveillance purposes, commandeering AT&T’s
massive infrastructure and using it as a platform to covertly tap into
communications processed by other companies. Much has previously been reported about the NSA’s surveillance programs.
But few details have been disclosed about the physical infrastructure
that enables the spying. Last year, The Intercept highlighted
a likely NSA facility in New York City’s Lower Manhattan. Now, we are
revealing for the first time a series of other buildings across the U.S.
that appear to serve a similar function, as critical parts of one of
the world’s most powerful electronic eavesdropping systems, hidden in
plain sight."
"Campaign group Big Brother Watch has accused HMRC of creating ID
cards by stealth after it was revealed the UK taxman has amassed a
database of 5.1 million people's voiceprints.The department introduced its Voice ID system in
January 2017. This requires taxpayers calling HMRC to record a key
phrase, which is used to create a digital signature that the system uses
to unlock the right account when they phone back. According to a Freedom of Information request,
submitted by Big Brother Watch and published today, the department now
has more than 5.1 million people's voiceprints on record. However, the group argued that users haven't been
given enough information on the scheme, how to opt in or out, or details
on how their data would be deleted. The FoI revealed that no customers
have opted out in the 30 days to 13 March, but the department refused to
respond to set out exactly how the erasure process would work. Director Silkie Carlo said that taxpayers have been
"railroaded into a mass ID scheme" and that the government was "imposing
biometric ID cards on the public by the back door". The FoI response also raises questions about the
lawfulness of the collection and storage of the data, and whether it is
in line with the General Data Protection Regulation that came into force
on 25 May. Under the GDPR,
a system that allows people to be identified by their voice would
likely meet the definition of processing of biometric data. This places
certain demands on the organisation beyond those made for other forms of
personal data. "Where [biometric processing] takes place, GDPR says
that the person must give 'explicit consent'. 'Consent' also means a
'freely given, specific, informed and unambiguous' indication of the
person's wishes, and it must be a 'clear, affirmative action'," said Jon
Baines, a data protection advisor at law firm Mischon de Reya.... HMRC
also refused to divulge information on who else has access to Voice ID in its FoI response (PDF), saying it risked prejudicing the prevention or detection of crime. Big Brother Watch also slammed Whitehall's decision
to create another database of sensitive biometric material, describing
it as another step towards the "database state". The FoI response from
HMRC also shows that the department did not consult the biometrics
commissioner on its Voice ID plans. The government is already under pressure over its custody image database
– which contains around 21 million shots of faces and identifying
features – because the pictures are stored even if the subject is not
charged. This is despite a 2012 High Court judgment that said
keeping images of presumed innocent people on file was unlawful. The
Home Office has blamed outdated and clunky IT systems for the prolonged
retention but hasn't committed to specifically address this issue."
"Facebook is working on controversial software which
lets it secretly
order users’ smartphones to start recording audio whenever they hear
inaudible messages hidden in television adverts.The social network has
always denied rumours that it listens into
people’s private conversations and analyses what they talk about so it
can show advertising that interests them. But in a patent application
published on June 14 this year, Big
Zucker’s research division revealed a system which lets it quietly tell
people’s mobile phones to capture ‘ambient audio’. It allows Facebook to
conceal ‘a non-human hearable digital sound’ in the audio of a TV ad or
other content. Although people won’t be able to hear this sound, it
contains a
‘machine recognizable’ set of Morse code-style sounds which let it tap
out a message to your smartphone and order it to begin recording. The
secret sound could be a very high-pitched voice, Facebook wrote, pitched
just above the limit of human hearing. When it hears this signal, a
phone will then start capturing ambient
audio, which Facebook describes as the ‘distinct and subtle sounds of a
particular location created by the environment of the location, such as
machinery noise, the sound of distant human movement and speech, creaks
from thermal contraction, and air conditioning and plumbing noises in a
household’. Now, you might think this sounds like an Orwellian nightmare
technology
which will let Big Zucker intrude upon our lives in unprecedentedly
terrifying ways. But Facebook designed it with a specific purpose in
mind. The tech is built to monitor what people watch on their
‘broadcasting
device’ so that the adverts they are shown on Facebook are likely to
appeal to them." Facebook wants to hide secret inaudible messages in TV ads that can force your phone to record audio Metro, 22 June 2018
"The
Supreme Court on Friday said the government generally needs a
warrant if it wants to track an individual's location through cell phone
records over an extended period of time. In a highly anticipated
decision released Friday, the US Supreme Court updated Fourth Amendment
protections for the digital era. In a 5-4 ruling, the court decided in Carpenter v. United States
that the government generally needs a warrant in order to access cell
site location information, which is automatically generated whenever a
mobile phone connects to a cell tower and is stored by wireless carriers
for years. The ruling does leave the door open for law enforcement to
obtain such information without a warrant in some instances.
Still, the court recognizes that cell phones are not voluntary but
necessary for modern life, and that their technology poses some unique
circumstances for the law. “We decline to grant the state
unrestricted access to a wireless carrier’s database of physical
location information,” Chief Justice John Roberts wrote in the majority
opinion. “In light of the deeply revealing nature of CSLI, its depth,
breadth, and comprehensive reach, and the inescapable and automatic
nature of its collection, the fact that such information is gathered by a
third party does not make it any less deserving of Fourth Amendment
protection.” Roberts was joined by Justices Ruth
Bader Ginsburg, Stephen Breyer, Sonia Sotomayor, and Elena Kagan.
Justices Anthony Kennedy, Clarence Thomas, Samuel Alito, and Neil
Gorsuch dissented. The court’s ruling represents a win for digital privacy
advocates, and, while narrow, it may have implications for all sorts of
information held by third parties, including browsing data, text
messages, emails, and bank records. Three years later, in 1979, the court ruled in Smith v. Maryland that the third-party doctrine also extends to call records collected by phone companies. But
on Friday, the Supreme Court said that cell site location information
is a “qualitatively different category” of information. CSLI allows law
enforcement to paint a nearly complete picture of Americans' movements.
Last year, AT&T and Verizon jointly received nearly 125,000 requests
from law enforcement for CSLI data, according to their transparency reports.
Law enforcement officials will now only be able to make such requests
after obtaining a warrant, which will require them to demonstrate
probable cause. The court has expressed uneasiness about the collection
of vast amounts of digital data before. In the 2014 case Riley v.
California, it ruled that police generally need a warrant to search the
cell phone of a person under arrest. And in 2012, in United States v.
Jones, the court said that it does violate a person's Fourth Amendment rights for the government to place a GPS tracker on their car without a warrant.In Carpenter,
Roberts left the door open for courts to obtain
location information without a warrant in two circumstances. The court
declined to decide on whether law enforcement seeking a smaller window
of records—fewer than seven days, which is what the government requested
from Sprint in the case—constitutes a Fourth Amendment search. The
opinion also allows for exceptions for emergencies, like “bomb threats,
active shootings, and child abductions.... Fourteen of the
largest US tech companies—including Google, Apple, Facebook, and
Microsoft—filed a brief
in support of updating the Fourth Amendment for the digital era. It was
technically not filed in support of either party, but largely backed
Carpenter's position. The cohort even included Verizon,
which cooperated with the National Security Agency as part of its broad
bulk surveillance programs for years. Verizon's stance is particularly
notable because the company holds the specific kind of location records
that were at issue in the case. Cyrus Farivar, a reporter at Ars Technica and the author of Habeas Data,
a new book about privacy laws and the rise of surveillance technology,
says the ruling shows that the court views cell phones differently. “They’re
an entirely separate class of devices that provide a very intimate look
into the most detailed elements of our life, not only where we go
generally, but where we go extremely specifically,” he says. He
also notes that the court was split and that it took a long time for it
to come to its decision, which was unusually released on a Friday.
“That suggests that this is an issue that the court came to with a great
deal of thought, discussion, and deliberation. This is not an easy
decision to reach.” We
don’t yet know how the ruling might impact other forms of government
surveillance. Justice Roberts was careful to note that the ruling is
intended to be narrow in its scope, writing that the court does not
“call into question conventional surveillance techniques and tools, such
as security cameras. Nor do we address other business records that
might incidentally reveal location information. Further, our opinion
does not consider other collection techniques involving foreign affairs
or national security.” “The
government can no longer claim that the mere act of using technology
eliminates the Fourth Amendment’s protections. Today’s decision rightly
recognizes the need to protect the highly sensitive location data from
our cell phones, but it also provides a path forward for safeguarding
other sensitive digital information in future cases—from our emails,
smart-home appliances, and technology that is yet to be invented,” ACLU
attorney Nathan Freed Wessler, who argued the case before the court,
said in a statement. At
issue was an antiquated legal principle called the third-party
doctrine, which holds that information customers voluntarily provide to a
third party—such as a telecom company or a bank—is outside the bounds
of Fourth Amendment protections. The doctrine comes from United States v. Miller, a 1976 case
in which the court ruled that law enforcement doesn't need a warrant in
order to access bank records because "the Fourth Amendment does not
prohibit the obtaining of information revealed to a third party.”" "The creepy ways Facebook
spies on its users have been detailed in a bumper document presented to
Congress. They
include tracking mouse movements, logging battery levels and monitoring
devices close to a user that are on the same network. The
454-page report was created in response to questions Mark Zuckerberg
was asked during his appearance before Congress in April. Lawmakers
gave Zuckerberg a public grilling over the Cambridge Analytica scandal,
but he failed to answer many of their queries. The
new report is Facebook's attempt to address their questions, although
it sheds little new light on the Cambridge Analytica scandal.
However, it does contain multiple disclosures about the way Facebook
collects data....Facebook tracks what device you are using to access the
network. To
do this, it will log the hardware manufacturer of your smartphone,
connected television, tablet, computer, or other internet-connected
devices. Facebook also tracks the operating system, software versions
and web browser. If
you're using a smartphone, it will keep a record of the mobile carrier,
while internet service providers (ISPs) will be stored for users using a
Wi-Fi or Ethernet connection to access Facebook. In some cases, it will
monitor devices that are using the same network as you. 'Facebook’s
services inherently operate on a cross-device basis: understanding when
people use our services across multiple devices helps us provide the
same personalized experience wherever people use Facebook,' the firm
wrote in the lengthy document. According
to Facebook, this is done, for example, 'to ensure that a person’s News
Feed or profile contains the same content whether they access our
services on their mobile phone or in a desktop computer’s web browser.'
Facebook also says this information is used to curate more personalized
ads." "Google will
not allow its artificial intelligence software to be used in weapons or
'unreasonable surveillance' efforts. Following a major backlash from
employees, the Alphabet unit has laid out new rules for its AI
software. The
new restrictions could help Google management defuse months of protest
by thousands of employees against the company's work with the U.S.
military to identify objects in drone video. Google will pursue other
government
contracts including around cybersecurity, military recruitment and
search and rescue, Chief Executive Sundar Pichai said in a blog post
Thursday. 'We recognize that such powerful technology raises equally
powerful questions about its use. 'How AI is developed and used
will have a significant impact on society for many years to come. ...
Google and its big technology rivals have
become leading sellers of AI tools, which enable computers to review
large datasets to make predictions and identify patterns and anomalies
faster than humans could. But the
potential of AI systems to pinpoint drone strikes better than military
specialists or identify dissidents through mass collection of online
communications has sparked concerns among academic ethicists and Google
employees....The U.S. military has been looking to incorporate elements
of artificial
intelligence and machine learning into its drone program....The
Pentagon is trying to develop algorithms that would sort through the
material and alert analysts to important finds, according to Air Force
Lieutenant General John N.T. 'Jack' Shanahan, director for defense
intelligence for warfighting support.... Shanahan said his team is
currently trying to teach the system to
recognize objects such as trucks and buildings, identify people and,
eventually, detect changes in patterns of daily life that could signal
significant developments... Similar image recognition technology is being
developed commercially by
firms in Silicon Valley, which could be adapted by adversaries for
military reasons." "A
federal study found signs that surveillance devices for intercepting
cellphone calls and texts were operating near the White House and other
sensitive locations in the Washington area last year. A Department of
Homeland Security program discovered evidence of the surveillance
devices, called IMSI catchers, as part of federal testing last year,
according to a letter from DHS to Sen. Ron Wyden (D-Ore.) on May 22. The
letter didn't specify what entity operated the devices and left open
the possibility that there could be alternative explanations for the
suspicious cellular signals collected by the federal testing program
last year. The discovery bolsters years of independent research
suggesting that foreign intelligence agencies use sophisticated
interception technology to spy on officials working within the hub of
federal power in the nation’s capital. Experts in surveillance
technology say that IMSI catchers — sometimes known by one popular brand
name, StingRay — are a standard part of the tool kit for many foreign
intelligence services, including for such geopolitical rivals as Russia
and China....The devices work by simulating cell towers to trick nearby
phones into connecting, allowing the IMSI catchers to collect calls,
texts and data streams. Unlike some other forms of cellphone
interception, IMSI catchers must be near targeted devices to work.When
they are in range, IMSI catchers also can deliver malicious software to
targeted devices for the purpose of stealing information stored on them
or conducting longer-term monitoring of communications. The same May 22
letter revealed that DHS was aware of reports that a global cellular
network messaging system, called SS7, was being used to spy on Americans
through their cellphones. Such surveillance, which can intercept calls
and locate cellphones from anywhere in the world, is sometimes used in
conjunction with IMSI catchers.... Civil liberties groups have long
warned that IMSI catchers are used with few limits by U.S. authorities,
who collect calls, texts and other data from innocent bystanders as they
conduct surveillance on criminal suspects or other legitimate targets.
Increasingly, though, critics have sought to portray the technology as
posing threats to national security because foreign intelligence
services use them on Americans, both while in the United States and
abroad.... The surveillance devices are hard to counteract, although
encrypted calling and messaging apps — such as Signal, WhatsApp or
Apple's FaceTime — provide protection against IMSI catchers. Some
experts advocate wider deployment of such encrypted communication tools
within the U.S. government, along with a move away from traditional
cellular calling and texting."
"... a couple’s private conversation was recorded by Alexa and then sent
to a random number in their address book. The conversation was about
hardwood floors, apparently, which is not a topic with the potential to
make one blush with shame when recollecting it; but that’s not really
the point. The point is that the private was made public, because a
machine – according to Amazon – malfunctioned. This kind of thing is
going to start happening more, and not because the
machine is malfunctioning; it’s going to happen because the machine is
doing its job properly: its job being to snoop. The mystery is that
people are assenting to this, or considering it as progress.... Never
mind, though, about the possibility of being hacked and/or
spied on. Actually, we should mind very much about that, and it’s a
probability more than a possibility, but there are other problems that
perhaps aren’t being considered often or openly enough. These revolve
around the very purpose of the huge companies who are now running our
lives: simply, to make money out of us, to turn us into nothing more
than the aggregate of our material desires, and to crunch those desires
into data, which can then be sold to whoever wants it; and we now know
that some of these buyers have very sinister agendas indeed. Until
technology like Alexa came along, though, we did at least have
to go to the trouble of actively keying in information. Now, though,
anything we say could be picked up and used in ways we can hardly
imagine. We like to think we are in control of our technology, and this
has more or less always been the case; but very soon, our technology is
going to be in control of us, if it isn’t already." "A couple in Portland, Oregon joked that their
Amazon Alexa might be listening in to their private conversations. The
joke came to an abrupt end when they discovered a conversation was
indeed recorded by Alexa - and then sent to an apparently random person
in their contact list. "Unplug your Alexa devices right now!" warned the
puzzled recipient, according to ABC affiliate station KIRO7, which first reported the story.""
"In late 2016, Amazon introduced
a new online service that could help identify faces and other objects
in images, offering it to anyone at a low cost through its giant cloud
computing division, Amazon Web Services. Not
long after, it began pitching the technology to law enforcement
agencies, saying the program could aid criminal investigations by
recognizing suspects in photos and videos. It used a couple of early
customers, like the Orlando Police Department in Florida and the
Washington County Sheriff’s Office in Oregon, to encourage other
officials to sign up. But now that
aggressive push is putting the giant tech company at the center of an
increasingly heated debate around the role of facial recognition in law
enforcement. Fans of the technology see a powerful new tool for catching
criminals, but detractors see an instrument of mass surveillance. On
Tuesday, the American Civil Liberties Union led a group of more than
two dozen civil rights organizations that asked Amazon to stop selling
its image recognition system, called Rekognition, to law enforcement.
The group says that the police could use it to track protesters or
others whom authorities deem suspicious, rather than limiting it to
people committing crimes." "The
American Civil Liberties Union and other privacy activists are asking
Amazon to stop marketing a powerful facial recognition tool to police,
saying law enforcement agencies could use the technology to "easily
build a system to automate the identification and tracking of anyone."...privacy
advocates have been concerned about expanding the use of facial
recognition to body cameras worn by officers or safety and traffic
cameras that monitor public areas, allowing police to identify and track
people in real time.The
tech giant's entry into the market could vastly accelerate such
developments, the privacy advocates fear, with potentially dire
consequences for minorities who are already arrested at disproportionate
rates, immigrants who may be in the country illegally or political
protesters."People
should be free to walk down the street without being watched by the
government," the groups wrote in a letter to Amazon on Tuesday. "Facial
recognition in American communities threatens this freedom."..... Clare
Garvie, an associate at the Center on Privacy and Technology at
Georgetown University Law Center, said part of the problem with
real-time face recognition is its potential impact on free-speech
rights.While
police might be able to videotape public demonstrations, face
recognition is not merely an extension of photography, but also a
biometric measurement — more akin to police walking through a
demonstration and demanding identification from everyone there." "Large public places, such as airports or shopping malls, have already
been turned into surveillance free-for-alls, where people’s every move
is catalogued for the sake of profit. Now, one prominent company is
ready to help governments spread that same surveillance technology over
entire cities. Israeli company Jenovice Cyber Labs is poised to launch new products
that monitor everything from prisons to heavily populated areas,
depending on what exactly customers want, CyberScoop has learned. It’s a
particularly provocative product coming in the wake of DHS detecting Stingray cellphone spying devices across Washington, D.C., but all too easy to fathom based on the way companies make millions off
the collection of location-based data. Jenovice’s Metropolink, which is
only available for law enforcement and intelligence agencies, is sold
as an “autonomous”
surveillance system meant to monitor entire metropolitan areas. The
capabilities list reads like hacker tech from a Jason Bourne movie: It’s
advertised as being able to locate, list, map, track, analyze and
visualize all Wi-Fi networks and identities across whatever environment a
customer chooses. The product works thanks to a network of
sensors placed around a
large populated area that track devices by
identifiers including, but
not limited to, MAC address
and geolocation. Targets are usually phones that are broadcasting and
collecting Wi-Fi information by default. Product advertising lists the
technology as “passive,” an important
distinction that’s subject to less regulatory oversight than active
attacks and exploits found in other products. Similarly, in many
countries, Metropolink doesn’t require a warrant, the company says.
Metropolink sensors possess a default collection range of about 500
meters, which can be enhanced depending on the hardware. The sensors
then pass the data to a command center where its visualized for easy
consumption. The company also promises that the devices can detect and
track targets moving at high speeds in cars or motorcycles. Another
product Jenovice will launch is Prisonlink, a surveillance
kit designed for the smaller and more specialized environment of
prisons. The product materialized after correctional officers in
multiple countries told Jenovice that prisoners use Wi-Fi connectivity
to communicate with the outside world, which is often against prison
rules. In addition to tracking unauthorized phones and Wi-Fi networks,
Prisonlink can gather information on devices and disconnect a target
device from their Wi-Fi access point. The last entry in Jenovice’s new
product line is perhaps the most
opaque. Achilles Cloud Interception boasts the ability to “use and
connect keys to extract cloud account information” from iCloud and
Google accounts remotely “in a fully automated and silent process.” The
company says the product steals authentication tokens, granting full
access to a targeted account. Credential extraction requires physical
proximity to a system like Metropolink. When asked, Jenovice declined to
further explain how the product
works. Token-based authentication is ubiquitous on the modern web; it’s
how you stay signed in to virtually everything. If Achilles works
as advertised, it’d be a major weapon in a customer’s arsenal.
CyberScoop hasn’t seen or heard of Achilles being successfully
demonstrated in a meaningful way. The new product announcements will be
made at the upcoming June 2018 ISS World conference in Prague, a global conference for
the surveillance and hacking industries. On the second day of the
conference, Jenovice’s vice president for research and development Tal
cis giving a talk on “tactical Wi-Fi interception” focusing
on “identifying targets, acquiring them and manipulating Wi-Fi enabled
devices to extract intelligence.” Gleichger said the company
hasn’t received any outside funding and is already selling its products
“all over the world.” Much of Metropolink echoes the tech from Snoopy,
a 2012 research project from Glenn Wilkinson and Daniel Cuthbert
focused on stealing data from mobile devices by imitating Wi-Fi networks
and intercepting data traffic. That research proved the idea was
possible by snooping on traffic in subway stations across London. A similar surveillance research project is CreepyDOL by
Brendan O’Connor. CreepyDOL tracks Wi-Fi signals as a way to follow
smartphones across a targeted area. Snoopy surveils and identifies
targets by tracking the radio signals — not just Wi-Fi — that virtually
all devices emit."
"Many people have grown accustomed to
talking to their smart devices, asking them to read a text, play a song
or set an alarm. But someone else might be secretly talking to them,
too.Over the last two years,
researchers in China and the United States have begun demonstrating that
they can send hidden commands that are undetectable to the human ear to
Apple’s Siri, Amazon’s Alexa and Google’s Assistant. Inside university
labs, the researchers have been able to secretly activate the artificial
intelligence systems on smartphones and smart speakers, making them
dial phone numbers or open websites. In the wrong hands, the technology
could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio. A
group of students from University of California, Berkeley, and
Georgetown University showed in 2016 that they could hide commands in
white noise played over loudspeakers and through YouTube videos to get
smart devices to turn on airplane mode or open a website. This
month, some of those Berkeley researchers published a research paper
that went further, saying they could embed commands directly into
recordings of music or spoken text. So while a human listener hears
someone talking or an orchestra playing, Amazon’s Echo speaker might
hear an instruction to add something to your shopping list." "Thousands of jails and prisons across the United States use a company called Securus Technologies to provide and monitor calls
to inmates. But the former sheriff of Mississippi County, Mo., used a
lesser-known Securus service to track people’s cellphones, including
those of other officers, without court orders, according to charges
filed against him in state and federal court. The
service can find the whereabouts of almost any cellphone in the country
within seconds. It does this by going through a system typically used
by marketers and other companies to get location data from major
cellphone carriers, including AT&T, Sprint, T-Mobile and Verizon,
documents show. Between 2014 and
2017, the sheriff, Cory Hutcheson, used the service at least 11 times,
prosecutors said. His alleged targets included a judge and members of
the State Highway Patrol. Mr. Hutcheson, who was dismissed last year in
an unrelated matter, has pleaded not guilty in the surveillance cases.
As location tracking has become more accurate, and as more people carry
their phones at every waking moment, the ability of law enforcement officers and companies like Securus to get that data has become an ever greater privacy concern." "South Wales Police has been testing an automated facial recognition
system since June 2017 and has used it in the real-world at more than
ten events. In the majority of cases, the system has made more incorrect
matches than the times it has been able to correctly identify a
potential suspect or offender. ..... Automatic systems that scan people's faces in public and try to make
matches are at an early stage in the UK. In China, systems are more
advanced with a BBC News reporter being located, during a stunt, within just seven minutes...... South Wales Police, in its privacy assessment
of the technology, says it is a "significant advantage" that no
"co-operation" is required from a person. Its system is comprised of two
CCTV cameras that are connected to a laptop or server. The CCTV feed is
recorded and faces are pulled from the footage, which is compared
automatically against a watch list. This list, formed of a database, can
be comprised of thousands of facial images... In the future, the police force says, it may be possible to integrate
the facial recognition technology with databases from other sources. It
says the Police National Database (which has more than 19 million
images), the Automatic Number Plate Recognition database, passport or
driving licence could be added to its system..... But the use of the system raises privacy considerations. "It is accepted
that civil rights [sic] may start to voice concerns over the invasion
of privacy by this technology," the Welsh police force's privacy
assessment of its own system says.... South Wales Police isn't the only UK constabulary that has been testing
facial recognition systems in public places.... The automated facial recognition systems being used at public events are
separate to police uses of face matching technology that uses other
images: such as social media photos, or pre-recorded CCTV footage. In
2012, the High Court ruled it was unlawful for millions of photos of
innocent people to be kept on police databases. At present, these can
only be removed if a person makes a complaint to police." "For several months, [Orlando International] airport has worked with British Airways to
test facial-recognition, or biometric screening. Recently, the Greater
Orlando Aviation Authority moved to equip the airport as the first in
the nation to use the technology for all international flights inbound
and outbound. The experience of the novel technology in an
otherwise timeworn routine was remarked upon by an elderly British
Airways passenger, who clutched a burgundy passport splayed at its photo
page, where a boarding pass was tucked, both ready for the customary
presentation.... John Newsome, the airport’s chief information officer, said all of
the airport’s 25 carriers with foreign flights and the two border
checkpoints will be equipped for biometric screening through this
summer. The decision means spending $4 million on gates and high-definition cameras for departing and arriving international
flights.... In an era of online breaches of privacy, theft of financial
information
and fears of government surveillance, Orlando International and Customs
and Border Protection are readily equipped with talking points about
what happens with those high-definition snapshots taken for biometric
screening....Customs and Border Protection has a suggestion for
passengers with concerns about biometric screening: Request a manual
check. Within the past year, biometric screening also has been piloted
by
Delta at JFK and Atlanta international airports, Lufthansa at Los
Angeles International, and by JetBlue in Boston. Addressing the
accuracy of its facial-recognition technology, the agency has reported
that the “percent of successful matches is in the high 90s.” "The UK government's surveillance regime has been dealt another blow
as the High Court in England today ruled the Snooper's Charter unlawful –
and gave the government six months to fix it. Handing down the judgment, Lord Justice Rabinder Singh said that Part 4 of the Investigatory Powers Act
(IPA), which relates to retention of communications data, was
incompatible with EU law, and gave the government until 1 November 2018
to remedy it. The ruling is the latest instalment in a long-running and complex
legal battle between the government and various privacy campaign groups
over the state's extensive surveillance laws. In this case, brought by civil rights group Liberty,
the court considered the powers granted to the government to force
internet firms and telcos to store data on communications – like
location info and records of when and to whom calls or messages were
made – for up to a year. These powers came into force on 30 December
2016. Lord Justice Singh and Justice David Holgate ruled
that Part 4 was incompatible with the EU Charter of Fundamental Rights
for two reasons: ministers can issue data retention orders without
independent review, and this can be done for reasons other than serious
crime.... The government has refused to see the ruling as a defeat on the grounds that it has already conceded
the Act doesn't comply with European laws. Back in November, it
proposed a set of changes it thinks will bring the Act in line, for
instance by creating a new body, the Office for Communications Data
Authorisation, to review and approve notices. But it did lose its request, made during the February
hearing, that it be given until April 2019 to enact the changes. The
judges today ruled that they "see no reason why the legal framework
cannot be amended before April 2019", even if some practical
arrangements take longer.... Liberty, meanwhile, is already working up the next phase of its
challenges to the IPA – which refers to parts 5, 6 and 7, government
hacking, bulk warrants and bulk personal data set warrants – and has
today launched a crowdfunding campaign to pay for the battle." "Traffic police in the southern Chinese city of Shenzhen have always
had a reputation for strict enforcement of those flouting road rules in
the metropolis of 12 million people. Now with the help of artificial intelligence and facial recognition
technology, jaywalkers will not only be publicly named and shamed, they
will be notified of their wrongdoing via instant messaging – along with
the fine. Intellifusion, a Shenzhen-based AI firm that provides technology to
the city’s police to display the faces of jaywalkers on large LED
screens at intersections, is now talking with local mobile phone
carriers and social media platforms such as WeChat and Sina Weibo to
develop a system where offenders will receive personal text messages as
soon as they violate the rules, according to Wang Jun, the company’s
director of marketing solutions.... Facial recognition technology identifies the individual from a database
and displays a photo of the jaywalking offence, the family name of the
offender and part of their government identification number on large LED
screens above the pavement.... The system will also be able to register how many times a pedestrian has
violated traffic rules in the city and once this number reaches a
certain level, it will affect the offender’s social credit score which
in turn may limit their ability to take out loans from banks, Wang said."
"Across China, facial-recognition technology that can scan the
country’s entire population is being put to use. In some cases, the
technology can perform the task in just one second. Sixteen cities, municipalities, and provinces are using a
frighteningly fast surveillance system that has an accuracy rate of
99.8%, Global Times reported over the weekend. “The system is fast enough to scan China’s population in just one
second, and it takes two seconds to scan the world’s population,” the
Times reported, citing local Chinese newspaper Worker’s Daily. The system is part of Skynet, a nationwide monitoring program
launched in 2005 to increase the use and capabilities of surveillance
cameras. According to developers, this particular system works regardless of
angle or lighting condition and over the last two years has led to the
arrest of more than 2,000 people. The use of facial-recognition technology is soaring in China where it is being used to increase efficiencies and improve policing. Cameras are used to catch jaywalkers, find fugitives, track people’s regular hangouts, and even predict crime before it happens.
Currently, there are 170 million surveillance cameras in China and,
by 2020, the country hopes to have 570 million – that’s nearly one
camera for every two citizens. Facial recognition technology is just a
small part of the artificial intelligence industry that China wants to
pioneer. According to a report by CB Insights, five times as many AI patents were applied for in China than the US in 2017." "A couple of years after it
happened, Australian citizens are finally
being (indirectly) informed their government harvested cell site
location info to track their daily activities. This isn't the work of an
intelligence agency or a secretive law enforcement effort. Instead,
it's an (unannounced) partnership between the Australian Bureau of
Statistics (which handles the Australian Census) and a cellphone service
provider. The provider apparently willingly turned over cell site info
without a court demand, government mandate, or consultation with its
customers....Supposedly, the information has been anonymized. It
obviously hasn't been completely stripped of personal information. The slide deck
[PDF] detailing the effort notes the data can be broken down by age and
sex. The anonymization claim is made without any support from the ABS,
which still has yet to provide any further info -- much less a privacy
impact assessment -- via its website."
"While the Cambridge Analytica scandal rumbles on,
Facebook is quietly asking users in the EU and Canada to let it use its
facial recognition to scan their faces and suggest tags in photos. It
isn't the first time Mark Zuckerberg's firm has tried to get access to
millions of Europeans' facial data. Facebook tried
to bring facial recognition to people in the EU back in 2011, but it
stopped doing so a year later after privacy campaigners raised concerns
that the feature was not compatible with data protection laws. Now
Facebook is hoping it can bring facial recognition back to the EU, as
long as it secures explicit consent beforehand....But some have criticised Facebook
for making it too easy for users to accept the new requests without
really understanding how their data is being used – which sounds very
similar to how much of Cambridge Analytica scandal started.... Facebook users in the US have had their facial data
tracked since 2011 and if users want to opt out, they have to click
‘manage settings’ and go through another page before changing their
privacy settings. But also in the US, Facebook is being met with resistance over the use of facial recognition technology. The company is facing a class action lawsuit
alleging that it gathered biometric information without users explicit
consent. On April 16, 2018, District Judge James Donato in California
ruled that Facebook users in Illinois are allowed to bring forward a
case arguing that Facebook’s collection of face data violates Illinois’
Biometric Information Privacy Act. If it is found to be violating the
act, Facebook could be faced with a fine of billions of dollars.
Facebook’s facial recognition technology works by analysing images and
videos in which a particular person has been tagged, and then generating
a unique number called a ‘template’. This template is then compared
with other photos and videos on Facebook, and if the algorithm finds a
match then that user’s name may appear as a tag suggestion..... Despite
the backlash against its widespread data collection, Facebook is
also exploring other ways of other ways of using facial recognition
technology. In a patent published in November 2017, the company
described using facial recognition as way of verifying payments in
shops. Last year it also tested using facial recognition to allow people
to recover their account details just by using their face to verify
their identity." ".... over the last five years a secretive
surveillance company founded by a former Israeli intelligence officer
has been quietly building a massive facial recognition database
consisting of faces acquired from the giant social network, YouTube and
countless other websites. Privacy activists are suitably alarmed. That database forms the core of a facial recognition service
called Face-Int, now owned by Israeli vendor Verint after it snapped up
the product's creator, little-known surveillance company Terrogence, in
2017. Both Verint and Terrogence have long been vendors for the U.S.
government, providing bleeding-edge spy tech to the NSA, the U.S. Navy
and countless other intelligence and security agencies....Though
Terrogence is primarily focused on helping intelligence agencies and law
enforcement fight terrorism online, LinkedIn profiles of current and
former employees indicate it's also involved in other, more political
endeavours. One ex-staffer, in describing her role as a Terrogence
analyst, said she'd "conducted public perception management operations
on behalf of foreign and domestic governmental clients," and used "open
source intelligence practices and social media engineering methods to
investigate political and social groups." She was not reachable at the
time of publication. And now concerns have been raised over just how
Terrogence has grabbed all those faces from Facebook and other online
sources. What's apparent, though, is that Terrogence is yet another
company that's been able to clandestinely take advantage of Facebook's
openness, on top of Cambridge Analytica, which acquired information on
as many as 87 million users in 2014 from U.K.-based researcher Aleksandr
Kogan to help target individuals during its work for the Donald Trump
and Ted Cruz presidential campaigns. "It raises the stakes of face
recognition - it intensifies the potential negative consequences,"
warned Jay Stanley, senior policy analyst at the American Civil
Liberties Union (ACLU). "When you contemplate face recognition that's
everywhere, we have to think about what that’s going to mean for us. If
private companies are scraping photos and combining them with personal
info in order to make judgements about people - are you a terrorist, or
how If Terrogence isn't solely focused on terrorism, but has a political
side to its business too, its facial recognition work could sweep up a
vast number of people. That brings up another particularly worrying
aspect of the business in which Terrogence operates: the dawn of "the
privatisation of blacklisting," warned Stanley. "We've been fighting
with the government for years over due process on those lists... people
being put on them without being told why and not being sure how those
lists are being used," he told Forbes.likely are you to be a shoplifter
or anything in between - then it exposes everyone to the risk of being
misidentified, or correctly identified and being misjudged.""
These Ex-Spies Are Harvesting Facebook Photos For A Massive Facial Recognition Database Forbes, 16 April 2018 "Seeking
to build an identification system of unprecedented scope, India is
scanning the fingerprints, eyes and faces of its 1.3 billion residents
and connecting the data to everything from welfare benefits to mobile
phones. Civil
libertarians are horrified, viewing the program, called Aadhaar, as
Orwell’s Big Brother brought to life. To the government, it’s more like
“big brother,” a term of endearment used by many Indians to address a
stranger when asking for help. For
other countries, the technology could provide a model for how to track
their residents. And for India’s top court, the ID system presents
unique legal issues that will define what the constitutional right to
privacy means in the digital age. To Adita Jha, Aadhaar was simply a
hassle. The 30-year-old environmental
consultant in Delhi waited in line three times to sit in front of a
computer that photographed her face, captured her fingerprints and
snapped images of her irises. Three times, the data failed to upload.
The fourth attempt finally worked, and she has now been added to the 1.1
billion Indians already included in the program. Ms.
Jha had little choice but to keep at it. The government has made
registration mandatory for hundreds of public services and many private
ones, from taking school exams to opening bank accounts. “You almost
feel like life is going to stop without an Aadhaar,” Ms. Jha said.
Technology has given governments around the world new tools to monitor
their citizens. In China, the government is rolling out ways to use facial recognition and big data
to track people, aiming to inject itself further into everyday life.
Many countries, including Britain, deploy closed-circuit cameras to
monitor their populations....The potential uses — from surveillance to managing government benefit
programs — have drawn interest elsewhere. Sri Lanka is planning a
similar system, and Britain, Russia and the Philippines are studying it,
according to the Indian government.... Opponents
have filed at least 30 cases against the program in India’s Supreme
Court. They argue that Aadhaar violates India’s Constitution — and, in
particular, a unanimous court decision last year that declared for the
first time that Indians had a fundamental right to privacy. Rahul
Narayan, one of the lawyers challenging the system, said the government
was essentially building one giant database on its citizens. “There has
been a sort of mission creep to it all along,” he said." "The Department of Homeland Security announced a public bid
for third party companies to build a “media influence database” capable
of tracking more than 290,000 news sources across the globe. First spotted by Bloomberg Law,
the public bid would also track journalists and bloggers, compiling
their personal information and the publications for which they write. Posted on April 3rd
as a call for “Media Monitoring Services,” the database has a dual
purpose: monitoring hundreds of thousands of news sources simultaneously
worldwide as well as tracking and categorizing journalists and
bloggers. The “Media Intelligence and Benchmarking Platform,” as the
proposed database is called, would monitor more than 290,000 “online,
print, broadcast, cable, radio, trade and industry” news sources
worldwide. DHS wants the database to rank and categorize news sources
according to a variety of factors, including content and topics covered,
reach, circulation and location, and sentiment. Perhaps
even more chilling given the current media climate, the platform would
also feature a database filled with the personal and social media data
of “journalists, editors, correspondents, social media influencers,
[and] bloggers,” searchable by location, beat, publication, and ad-hoc keywords.It’s
not at all unheard of for the PR wings of big companies to keep lists
of journalists, both friendly and unfriendly, on hand—but not at this
scale. Of course, the FBI has a long history of tracking journalists,
but many questions remain: Will the journalists on the list be notified
they’ve been added? Do they have any control over what data is added
about them?" "This is a wake-up call for a generation. The revelation of Cambridge Analytica’s manipulation of Facebook data to target American voters on behalf of Donald Trump in 2016 shines a torch on the jungle where we have become prey for the online carnivores to which we reveal our secrets. The
chairman of the Commons culture committee yesterday called on
Facebook’s warlord, 33-year-old multi-billionaire Mark Zuckerberg, to
attend personally to give evidence about his company’s behaviour, though
there seems more chance of an appearance by Vladimir Putin.....those of us who spurn social media are almost as vulnerable. Every day
that we place things online, Amazon bombards us with come-ons that
emphasise its omniscience about what we read, watch, spread on the
garden, use in the house.... Cambridge Analytica’s gift to the Trump
victory appears to have been to empower his campaign to target
‘persuadable voters’, sparing canvassers from wasting effort on
irreconcilable Democrats. It has been
said for centuries that knowledge is power, yet Hitler’s Gestapo and
Stalin’s secret police knew far less about their fellow citizens than
does Facebook, which doesn’t have to photograph them outside their home,
tap their phones, or steal government files. Spies seem redundant in
the net age. What matters for us now is
to move beyond shock and disgust about the Cambridge Analytica-Facebook
revelations, and consider what can be done to make such companies
behave better. Investigating and, if appropriate, charging the bosses of Cambridge
Analytica will be the easy part, because they are based in Britain..... Even if Cambridge Analytica, or Facebook,
are damaged as much as they deserve to be by this scandal, there are
countless other online data markets where they came from. If
any of us wishes to conceal anything about ourselves, this can be
achieved only by making sure that information does not appear on a
computer. Yet every detail of our
finances, health record, employment history is stored somewhere out
there, and can never be totally secure." "Computer speakers and headphones make passable microphones and can be used to receive data via ultrasound and send signals back, making the practice of air gapping sensitivite computer systems less secure. In an academic paper published on Friday through preprint service ArXiv, researchers from Israel's Ben-Gurion University of the Negev describe a novel data exfiltration technique that allows the transmission and reception of data – in the form of inaudible ultrasonic sound waves – between two computers in the same room without microphones. The paper, titled, "MOSQUITO: Covert Ultrasonic Transmissions between Two Air-Gapped Computers using Speaker-to-Speaker Communication," was written by Mordechai Guri, Yosef Solwicz, Andrey Daidakulov and Yuval Elovici, who have developed a number other notable side-channel attack techniques. These include: ODINI, a way to pass data between Faraday-caged computers using electrical fields; MAGNETO, a technique for passing data between air-gapped computers and smartphones via electrical fields; and FANSMITTER, a way to send acoustic data between air-gapped computers using fans. Secret data transmissions of this sort expand on prior work done by National Security Agency on TEMPEST attacks, which utilize electromagnetic, magnetic, acoustic, optical and thermal emanations from electronic devices to collect and transmit data. MOSQUITO, the researchers explain, demonstrates that speakers can covertly transmit data between unconnected machines at a distance of up to nine meters. What's more, the technique works between mic-less headphones – the researchers say their work is the first to explore headphone-to-headphone covert communication. Speakers, the paper explains, can be thought of as microphones working in reverse: Speakers turn electrical signals into acoustic signals while microphones turn acoustic signals into electrical ones. And each includes a diaphragm to assist with the conversion, which can help reverse the process. Modern audio chipsets, such as those from Realtek, include an option to alter the function of the audio port via software, the paper explains. This capability is referred to as "jack retasking." "The fact that loudspeakers, headphones, earphones, and earbuds are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically, changing it from output to input, creates a vulnerability which can be abused by attackers," the paper explains. Malware, thus, may be able to reconfigure a speaker or headphone to act as a microphone, provided the device is passive and unpowered. That's a significant caveat since most modern PCs have active, powered speakers; headphones and earbuds generally have passive speakers, as do some older PCs. In an email to The Register, Mordechai Guri, one of the paper's authors, head of R&D at Ben-Gurion University of the Negev’s Cyber-Security Research Center, and chief scientific officer at Morphisec, said, "The main problem involves headphones, earphones and earbuds since they are reversible and can become good pair of microphones (even when they don't have an integrated mic at all)." Using frequencies ranging from 18kHz to 24kHz, the researchers were able to achieve a data transmission rate of 166 bit/sec with a 1 per cent error rate when transmitting a 1Kb binary file over a distance of three meters. At distances ranging from 4 to 9 meters, that same error rate could only be achieved with a 10 bit/sec transmission rate, largely as a consequence of interference from environmental noise. The paper discusses several mitigation techniques, all of which have limitations, including designing headphones and speakers with on-board amplifiers (which prevents use as a mic), using an ultrasonic jammer, scanning for ultrasonic transmissions, preventing jack retasking via software, and completely disabling audio hardware via the UEFI/BIOS. Disconnecting speakers, headphones and the like represents the most practical solution, Guri said, "but this is not always feasible." Monitoring the ultrasonic band is a good theoretical and academic solution, he added, but has potential problems. "In practice, it will raise many false alarms," he said. Guri said ultrasonic malware does not appear to be very common. "A few years ago, a security researcher claimed that he found ultrasonic malware in the wild. It was dubbed BadBios. But in any case, it was claimed to be able to communicate between two laptops with both speakers and microphones." Inaudible audio is more likely to be used for marketing, and has prompted the development of defensive code called Silverdog. It's an ultrasonic firewall in the Google Chrome browser that's designed to block ultrasonic beacons (uBeacons), employed for cross-device tracking." Air gapping PCs won't stop data sharing thanks to sneaky speakers The Register, 12 March 2018
"A security researcher has ported three leaked NSA exploits to work on
all Windows versions released in the past 18 years, starting with
Windows 2000. The three exploits are EternalChampion, EternalRomance, and
EternalSynergy; all three leaked last April by a hacking group known as
The Shadow Brokers who claimed to have stolen the code from the NSA. Now, RiskSense security researcher Sean Dillon (@zerosum0x0)
has modified the source code for some of these lesser-known exploits so
they would be able to work and run SYSTEM-level code on a wide variety
of Windows OS versions." "Secure end-to-end encrypted comms is a desirable technology
that
governments should stop trying to break, especially as there's other
information to slurp up on crims, UK politicians were told this week.
Blighty's former independent reviewer of terrorism legislation, David
Anderson, told the House of Commons Home Affairs Committee
on Tuesday that there are plenty of sources of intelligence for law
enforcement to get their hands on, rather than banging the drum for
backdoors in communications. In what has now become a frustratingly standard question
from politicians about tech companies' role in the war on terror,
Anderson was asked if he thought the state would ever get access to
encrypted messages for security purposes. "No," he replied. "Because end-to-end encryption is
not only a fact of life, it is, on balance, a desirable fact of life.
Any of us who do our banking online, for example, are very grateful for
end-to-end encryption." The debate, Anderson continued, was sometimes wrongly
"portrayed in very black and white terms, as if the world is going dark
and because of end-to-end encryption we're all doomed". He argued that although the loss of information the
state can gather from the content of someone's communications is "very
significant", it is tempered by the mass of other data it can slurp from
elsewhere. "I mean who would have thought 30 years ago you could
track somebody's movements all around London by Oyster card? And you
don't even need the Oyster anymore, because you can get the location
data from the phone company. It's almost as good as having someone on
their tail the whole time." "He said that the most striking of these measures are those contained in the controversial Investigatory Powers Act,
which allow public authorities to gain access to 12 months' worth of a
person's internet connection records from their provider. "The more
people spend their lives online, the more revealing that behaviour
becomes," Anderson said." "...declassified documents provided by former NSA contractor Edward
Snowden
reveal that the NSA has developed technology not just to record and
transcribe private conversations but to automatically identify the
speakers.
Americans most regularly encounter this technology, known as speaker
recognition, or speaker identification, when they wake up Amazon’s Alexa
or call their bank.... Civil liberties experts are worried that
these and other
expanding uses of speaker recognition imperil the right to privacy.
“This creates a new intelligence capability and a new capability for
abuse,” explained Timothy Edgar, a former White House adviser to the
Director of National Intelligence. “Our voice is traveling across all
sorts of communication channels where we’re not there. In an age of mass
surveillance, this kind of capability has profound implications for all
of our privacy....Edgar and other experts pointed to the relatively
stable nature of the
human voice, which is far more difficult to change or disguise than a
name, address, password, phone number, or PIN. This makes it “far
easier” to track people, according to Jamie Williams, an attorney with
the Electronic Frontier Foundation. “As soon as you can identify
someone’s voice,” she said, “you can immediately find them whenever
they’re having a conversation, assuming you are recording or listening
to it.'.... A major concern of civil libertarians is the potential to
chill speech.
Trevor Timm, executive director of the Freedom of the Press Foundation,
noted how the NSA’s speaker recognition technology could hypothetically
be used to track journalists, unmask sources, and discourage anonymous
tips. While people handling sensitive materials know they should encrypt
their phone calls, Timm pointed to the many avenues — from televisions
to headphones to internet-enabled devices — through which voices might
be surreptitiously recorded. “There are microphones all around us all
the time. We all carry around a microphone 24 hours a day, in the form
of our cellphones,” Timm said. “And we know that there are ways for the
government to hack into phones and computers to turn those devices
on.”.... “Despite the many [legislative] changes that have happened
since the
Snowden revelations,” he continued, “the American people only have a
partial understanding of the tools the government can use to conduct
surveillance on millions of people worldwide. It’s important that this
type of information be debated in the public sphere.” But debate is
difficult, he noted, if the public lacks a meaningful sense of the
technology’s uses — let alone its existence.... In October, Human Rights
Watch reported that the Chinese government
has been building a national database of voiceprints so that it could
automatically identify people talking on the phone. The government is
aiming to link the voice biometrics of tens of thousands of people to
their identity number, ethnicity, and home address. According to HRW,
the vendor that manufactures China’s voice software has even patented a
system to pinpoint audio files for “monitoring public opinion.... The
NSA memos provided by Snowden do not indicate how widely Voice RT
was deployed at the time, but minutes from the GCHQ’s Voice/Fax User
Group do.... When its Voice/Fax User Group met with NSA agents in the
fall of 2007, members described
seeing an active Voice RT system providing NSA’s linguists and analysts
with speaker and language identification, speech-to-text transcription,
and phonetic search abilities. “Essentially,” the minutes say of Voice
RT, “it’s a one stop shop. … [A] massive effort has been extended to
improve deployability of the system.” By 2010, the NSA’s Voice RT
program could process recordings in more than 25 foreign languages.....
The NSA soon realized that its ability to process voice
recordings could be used to identify employees within the NSA itself. As
the January 2006 memo that discussed Ronald Pelton’s audio explained,
“Voice matching technologies are being applied to the emerging Insider
Threat initiative, an attempt to catch the ‘spy among us.’” The Insider Threat initiative, which closely monitors the lives of
government employees, was publicly launched by the Obama administration,
following the leaks of U.S. Army whistleblower Chelsea Manning. But
this document seems to indicate that the initiative was well under way
before Obama’s 2011 executive order.
It’s not surprising that the NSA might turn the same biometric
technologies used to detect external threats onto dissenters within its
ranks, according to Freedom of the Press Foundation’s Trevor Timm.” A
former defense intelligence official, who spoke to The Intercept on
the condition of anonymity because they were not authorized to discuss
classified material, believes the technology’s low profile is not an
accident. “The government avoids discussing this technology
because it
raises serious questions they would prefer not to answer,” the official
said. “This is a critical piece of what has happened to us and our
rights since 9/11.” For the technology to work, the official noted,
“you
don’t need to do anything else but open your mouth.” These advocates
fear that without any public discussion or oversight
of the government’s secret collection of our speech patterns, we may be
entering a world in which more and more voices fall silent.... Timm
noted that in the last several years, whistleblowers, sources, and
journalists have taken greater security precautions to avoid exposing
themselves. But that “if reporters are using telephone numbers not
associated with their identity, and the government is scanning their
phone calls via a warrant or otherwise, the technology could also be
used to potentially stifle journalism.'... Andrew Clement, a computer
scientist and expert in surveillance studies, has been mapping the NSA’s
warrantless wiretapping activities
since before Snowden’s disclosures. He strongly believes the agency
would not be restrained in their uses of speaker recognition on U.S.
citizens. The agency has often chosen to classify all of the information
collected up until the point that a human analyst listens to it or
reads it as metadata, he explained. “That’s just a huge loophole,” he
said. “It appears that anything they can derive algorithmically from
content they would classify simply as metadata.”.... At a 2010 conference — described
as an “unprecedented opportunity to understand how the NSA is bringing
all its creative energies to bear on tracking an individual” — top
directors spoke about how to take a “whole life” strategy to their
targets. They described the need to integrate biometric data, like
voiceprints, with biographic information, like social networks and
personal history. In the agency’s own words, “It is all about locating,
tracking, and maintaining continuity on individuals across space and
time. It’s not just the traditional communications we’re after — It’s
taking a ‘full arsenal’ approach.”” * Location-based sound recording through the microphone of an infected device – recording starts when the device enters a specified location * Abuse of Accessibility Services to steal WhatsApp messages * Ability to connect an infected device to Wi-Fi networks controlled by the attackers *...Skygofree is a strain of multi-stage spyware that gives attackers full remote control of an infected device..... "The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device's memory," the firm added. The malware is even programmed to add itself to the list of "protected apps" so that it is not switched off automatically when the screen is off, circumventing a battery-saving feature that might otherwise limit its effectiveness. The attackers also appear to have an interest in Windows users. Researchers found a number of recently developed modules targeting Microsoft's OS." Android snoopwar Skygofree can pilfer WhatsApp messages The Register, 16 January 2018 "Daniel
Dunn was about to sign a lease for a Honda Fit last year when a detail
buried in the lengthy agreement caught his eye. Honda
wanted to track the location of his vehicle, the contract stated,
according to Dunn — a stipulation that struck the 69-year-old Temecula,
Calif., retiree as a bit odd. But Dunn was eager to drive away in his
new car and, despite initial hesitation, he signed the document, a
decision with which he has since made peace. “I don’t care if
they know where I go,” said Dunn, who makes regular trips to the grocery
store and a local yoga studio in his vehicle. “They’re probably
thinking, ‘What a boring life this guy’s got.’ Dunn may
consider his everyday driving habits mundane, but auto and privacy
experts suspect that big automakers like Honda see them as anything but.
By monitoring his everyday movements, an automaker can vacuum up a
massive amount of personal information about someone like Dunn,
everything from how fast he drives and how hard he brakes to how much
fuel his car uses and the entertainment he prefers. The company can
determine where he shops, the weather on his street, how often he wears
his seat belt, what he was doing moments before a wreck — even where he
likes to eat and how much he weighs.Though drivers may not
realize it, tens of millions of American cars are being monitored like
Dunn’s, experts say, and the number increases with nearly every new
vehicle that is leased or sold. The result is that carmakers have
turned on a powerful spigot of precious personal data, often without
owners’ knowledge, transforming the automobile from a machine that helps
us travel to a sophisticated computer on wheels that offers even more
access to our personal habits and behaviors than smartphones do."
"The
House of Representatives voted on Thursday to extend the National
Security Agency’s warrantless surveillance program for six years with
minimal changes, rejecting a push by a bipartisan group of lawmakers to
impose significant privacy limits when it sweeps up Americans’ emails
and other personal communications. The
vote, 256 to 164, centered on an expiring law that permits the
government, without a warrant, to collect communications from United
States companies like Google and AT&T of foreigners abroad — even
when those targets are talking to Americans. Congress had enacted the
law in 2008 to legalize a form of a once-secret warrantless surveillance
program created after the terrorist attacks on Sept. 11, 2001." "British homes are vulnerable to “a staggering level of corporate
surveillance” through common internet-enabled devices, an investigation
has found. Researchers found that a range of connected appliances – increasingly
popular features of the so-called smart home – send data to their
manufacturers and third-party companies, in some cases failing to keep
the information secure. One Samsung
smart TV connected to more than 700 distinct internet addresses in 15
minutes. The investigation, by Which? magazine, found televisions
selling
viewing data to advertisers, toothbrushes with access to smartphone
microphones, and security cameras that could be hacked to let others
watch and listen to people in their homes. The findings have alarmed
privacy campaigners, who warn that
consumers are unknowingly building a “terrifying” world of corporate
surveillance. “Smart devices are increasingly being exposed as soft
surveillance
devices that owners have too little control of,” said Silkie Carlo, the
director of Big Brother Watch. “People are now being subjected to
invasive and unnecessary corporate snooping on an unprecedented scale.
“The very notion of a smart home is one of ambient surveillance and
constant recording, which will without doubt lead people to modify their
behaviour over time. If this current direction is continued, we will
become a society of watched consumers subjected to the most granular,
pervasive and inescapable surveillance. It is a terrifying thought.”
Which? bought more than £3,000 worth of smart home equipment and set
it up in a lab to monitor how much data was being collected and
transferred. As well as the manufacturers, more than 20 other companies
were on the receiving end of data transfers including social networks,
third-party monitoring services, advertising and marketing data brokers.
Just one device – a Samsung smart TV – connected to more than 700
distinct internet addresses after being used for 15 minutes. If the
viewer accepts Samsung’s privacy policy, the company gains the right to
monitor what is being watched and when."
|
".... if you look around and see what the world
is now facing I don't think in the last two or three hundred years we've faced such
a concatenation of problems all at the same time..... if we are to solve the issues
that are ahead of us, we are going to need to think
in completely different ways. " "Individual peace is the unit of world
peace. By offering Consciousness-Based
Education to the coming generation, we can promote a strong foundation for a
healthy, harmonious, and peaceful world.... Consciousness-Based education is not a luxury.
For our children who are growing up in a stressful, often frightening, crisis-ridden
world, it is a necessity." |
||
|
NLPWESSEX,
natural law publishing |