laws Archives - Page 24 of 35 - Schneier on Security

Entries Tagged "laws"

Page 24 of 35

Automated Targeting System

If you’ve traveled abroad recently, you’ve been investigated. You’ve been assigned a score indicating what kind of terrorist threat you pose. That score is used by the government to determine the treatment you receive when you return to the U.S. and for other purposes as well.

Curious about your score? You can’t see it. Interested in what information was used? You can’t know that. Want to clear your name if you’ve been wrongly categorized? You can’t challenge it. Want to know what kind of rules the computer is using to judge you? That’s secret, too. So is when and how the score will be used.

U.S. customs agencies have been quietly operating this system for several years. Called Automated Targeting System, it assigns a “risk assessment” score to people entering or leaving the country, or engaging in import or export activity. This score, and the information used to derive it, can be shared with federal, state, local and even foreign governments. It can be used if you apply for a government job, grant, license, contract or other benefit. It can be shared with nongovernmental organizations and individuals in the course of an investigation. In some circumstances private contractors can get it, even those outside the country. And it will be saved for 40 years.

Little is known about this program. Its bare outlines were disclosed in the Federal Register in October. We do know that the score is partially based on details of your flight record—where you’re from, how you bought your ticket, where you’re sitting, any special meal requests—or on motor vehicle records, as well as on information from crime, watch-list and other databases.

Civil liberties groups have called the program Kafkaesque. But I have an even bigger problem with it. It’s a waste of money.

The idea of feeding a limited set of characteristics into a computer, which then somehow divines a person’s terrorist leanings, is farcical. Uncovering terrorist plots requires intelligence and investigation, not large-scale processing of everyone.

Additionally, any system like this will generate so many false alarms as to be completely unusable. In 2005 Customs & Border Protection processed 431 million people. Assuming an unrealistic model that identifies terrorists (and innocents) with 99.9% accuracy, that’s still 431,000 false alarms annually.

The number of false alarms will be much higher than that. The no-fly list is filled with inaccuracies; we’ve all read about innocent people named David Nelson who can’t fly without hours-long harassment. Airline data, too, are riddled with errors.

The odds of this program’s being implemented securely, with adequate privacy protections, are not good. Last year I participated in a government working group to assess the security and privacy of a similar program developed by the Transportation Security Administration, called Secure Flight. After five years and $100 million spent, the program still can’t achieve the simple task of matching airline passengers against terrorist watch lists.

In 2002 we learned about yet another program, called Total Information Awareness, for which the government would collect information on every American and assign him or her a terrorist risk score. Congress found the idea so abhorrent that it halted funding for the program. Two years ago, and again this year, Secure Flight was also banned by Congress until it could pass a series of tests for accuracy and privacy protection.

In fact, the Automated Targeting System is arguably illegal, as well (a point several congressmen made recently); all recent Department of Homeland Security appropriations bills specifically prohibit the department from using profiling systems against persons not on a watch list.

There is something un-American about a government program that uses secret criteria to collect dossiers on innocent people and shares that information with various agencies, all without any oversight. It’s the sort of thing you’d expect from the former Soviet Union or East Germany or China. And it doesn’t make us any safer from terrorism.

This essay, without the links, was published in Forbes. They also published a rebuttal by William Baldwin, although it doesn’t seen to rebut any of the actual points.

Here’s an odd division of labor: a corporate data consultant argues for more openness, while a journalist favors more secrecy.

It’s only odd if you don’t understand security.

Posted on December 22, 2006 at 11:38 AM • View Comments

Tracking People by their Sneakers

Researchers at the University of Washington have demonstrated a surveillance system that automatically tracks people through the Nike+iPod Sport Kit. Basically, the kit contains a transmitter that you stick in your sneakers and a receiver you attach to your iPod. This allows you to track things like time, distance, pace, and calories burned. Pretty clever.

However, it turns out that the transmitter in your sneaker can be read up to 60 feet away. And because it broadcasts a unique ID, you can be tracked by it. In the demonstration, the researchers built a surveillance device (at a cost of about $250) and interfaced their surveillance system with Google Maps. Details are in the paper. Very scary.

This is a great demonstration for anyone who is skeptical that RFID chips can be used to track people. It’s a good example because the chips have no personal identifying information, yet can still be used to track people. As long as the chips have unique IDs, those IDs can be used for surveillance.

To me, the real significance of this work is how easy it was. The people who designed the Nike/iPod system put zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they’re evil—just because it’s easier to ignore the externality than to worry about it.

Posted on December 12, 2006 at 1:11 PM • View Comments

Buying Fake European Passports

Interesting story of a British journalist buying 20 different fake EU passports. She bought a genuine Czech passport with a fake name and her real picture, a fake Latvian passport, and a stolen Estonian passport.

Despite information on stolen passports being registered to a central Interpol database, her Estonian passport goes undetected.

Note that harder-to-forge RFID passports would only help in one instance; it’s certainly not the most important problem to solve.

Also, I am somewhat suspicious of this story. I don’t know about the UK laws, but in the US this would be a major crime—and I don’t think being a reporter would be an adequate defense.

Posted on December 5, 2006 at 1:38 PM •

Remotely Eavesdropping on Cell Phone Microphones

I give a talk called “The Future of Privacy,” where I talk about current and future technological developments that erode our privacy. One of the things I talk about is auditory eavesdropping, and I hypothesize that a cell phone microphone could be turned on surreptitiously and remotely.

I never had any actual evidence one way or the other, but the technique has surfaced in an organized crime prosecution:

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the “roving bug” was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect’s cell phone.

Kaplan’s opinion said that the eavesdropping technique “functioned whether the phone was powered on or off.” Some handsets can’t be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

Seems that the technique is to download eavesdropping software into the phone:

The U.S. Commerce Department’s security office warns that “a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone.” An article in the Financial Times last year said mobile providers can “remotely install a piece of software on to any handset, without the owner’s knowledge, which will activate the microphone even when its owner is not making a call.”

Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. “They can be remotely accessed and made to transmit room audio all the time,” he said. “You can do that without having physical access to the phone.”

[…]

Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a “listening device placed in the cellular telephone.” That phrase could refer to software or hardware.

One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

“They had to have physical possession of the phone to do it,” Porteous said. “There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by.”

But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere “within the United States”—in other words, outside the range of a nearby FBI agent armed with a radio receiver.

In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner’s affidavit seeking a court order lists Ardito’s phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted.

A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activation method. “A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug,” the article said, “enabling them to be activated at a later date to pick up sounds even when the receiver is down.”

For its part, Nextel said through spokesman Travis Sowders: “We’re not aware of this investigation, and we weren’t asked to participate.”

EDITED TO ADD (12/12): Another article.

Posted on December 5, 2006 at 6:29 AM •

American Authorities Secretly Give International Travellers Terrorist "Risk" Score

From the Associated Press:

Without notifying the public, federal agents for the past four years have assigned millions of international travelers, including Americans, computer-generated scores rating the risk they pose of being terrorists or criminals.

The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years.

The scores are assigned to people entering and leaving the United States after computers assess their travel records, including where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meal they ordered.

The program’s existence was quietly disclosed earlier in November when the government put an announcement detailing the Automated Targeting System, or ATS, for the first time in the Federal Register, a fine-print compendium of federal rules. Privacy and civil liberties lawyers, congressional aides and even law enforcement officers said they thought this system had been applied only to cargo.

Like all these systems, we are all judged in secret, by a computer algorithm, with no way to see or even challenge our score. Kafka would be proud.

“If this catches one potential terrorist, this is a success,” Ahern said.

That’s just too idiotic a statement to even rebut.

EDITED TO ADD (12/3): More commentary.

Posted on December 1, 2006 at 12:12 PM • View Comments

New DMCA Exemptions

Last week the U.S. Copyright Office released a new list of exemptions to the DMCA. Commentary here. And an article.

Posted on November 28, 2006 at 6:18 AM • View Comments

TSA Security Round-Up

Innocent passenger arrested for trying to bring a rubber-band ball onto an airplane.

Woman passes out on plane after her drugs are confiscated.

San Francisco International Airport screeners were warned in advance of undercover test.

And a cartoon.

We have a serious problem in this country. The TSA operates above, and outside, the law. There’s no due process, no judicial review, no appeal.

EDITED TO ADD (11/21): And six Muslim imams removed from a plane by US Airways because…well because they’re Muslim and that scares people. After they were cleared by the authorities, US Airways refused to sell them a ticket. Refuse to be terrorized, people!

Note that US Airways is the culprit here, not the TSA.

EDITED TO ADD (11/22): Frozen spaghetti sauce confiscated:

You think this is silly, and it is, but a week ago my mother caused a small commotion at a checkpoint at Boston-Logan after screeners discovered a large container of homemade tomato sauce in her bag. What with the preponderance of spaghetti grenades and lasagna bombs, we can all be proud of their vigilance. And, as a liquid, tomato sauce is in clear violation of the Transportation Security Administration’s carry-on statutes. But this time, there was a wrinkle: The sauce was frozen.

No longer in its liquid state, the sauce had the guards in a scramble. According to my mother’s account, a supervisor was called over to help assess the situation. He spent several moments stroking his chin. “He struck me as the type of person who spent most of his life traveling with the circus,” says Mom, who never pulls a punch, “and was only vaguely familiar with the concept of refrigeration.” Nonetheless, drawing from his experiences in grade-school chemistry and at the TSA academy, he sized things up. “It’s not a liquid right now,” he observantly noted. “But it will be soon.”

In the end, the TSA did the right thing and let the woman on with her frozen food.

Posted on November 21, 2006 at 12:51 PM • View Comments

Total Information Awareness Is Back

Remember Total Information Awareness?

In November 2002, the New York Times reported that the Defense Advanced Research Projects Agency (DARPA) was developing a tracking system called “Total Information Awareness” (TIA), which was intended to detect terrorists through analyzing troves of information. The system, developed under the direction of John Poindexter, then-director of DARPA’s Information Awareness Office, was envisioned to give law enforcement access to private data without suspicion of wrongdoing or a warrant.

TIA purported to capture the “information signature” of people so that the government could track potential terrorists and criminals involved in “low-intensity/low-density” forms of warfare and crime. The goal was to track individuals through collecting as much information about them as possible and using computer algorithms and human analysis to detect potential activity.

The project called for the development of “revolutionary technology for ultra-large all-source information repositories,” which would contain information from multiple sources to create a “virtual, centralized, grand database.” This database would be populated by transaction data contained in current databases such as financial records, medical records, communication records, and travel records as well as new sources of information. Also fed into the database would be intelligence data.

The public found it so abhorrent, and objected so forcefully, that Congress killed funding for the program in September 2003.

None of us thought that meant the end of TIA, only that it would turn into a classified program and be renamed. Well, the program is now called Tangram, and it is classified:

The government’s top intelligence agency is building a computerized system to search very large stores of information for patterns of activity that look like terrorist planning. The system, which is run by the Office of the Director of National Intelligence, is in the early research phases and is being tested, in part, with government intelligence that may contain information on U.S. citizens and other people inside the country.

It encompasses existing profiling and detection systems, including those that create “suspicion scores” for suspected terrorists by analyzing very large databases of government intelligence, as well as records of individuals’ private communications, financial transactions, and other everyday activities.

The information about Tangram comes from a government document looking for contractors to help design and build the system.

DefenseTech writes:

The document, which is a description of the Tangram program for potential contractors, describes other, existing profiling and detection systems that haven’t moved beyond so-called “guilt-by-association models,” which link suspected terrorists to potential associates, but apparently don’t tell analysts much about why those links are significant. Tangram wants to improve upon these methods, as well as investigate the effectiveness of other detection links such as “collective inferencing,” which attempt to create suspicion scores of entire networks of people simultaneously.

Data mining for terrorists has always been a dumb idea. And the existence of Tangram illustrates the problem with Congress trying to stop a program by killing its funding; it just comes back under a different name.

Posted on October 31, 2006 at 6:59 AM • View Comments

The Death of Ephemeral Conversation

The political firestorm over former U.S. Rep. Mark Foley’s salacious instant messages hides another issue, one about privacy. We are rapidly turning into a society where our intimate conversations can be saved and made public later. This represents an enormous loss of freedom and liberty, and the only way to solve the problem is through legislation.

Everyday conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Of course, organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was the default assumption.

This has changed. We now type our casual conversations. We chat in e-mail, with instant messages on our computer and SMS messages on our cellphones, and in comments on social networking Web sites like Friendster, LiveJournal, and MySpace. These conversations—with friends, lovers, colleagues, fellow employees—are not ephemeral; they leave their own electronic trails.

We know this intellectually, but we haven’t truly internalized it. We type on, engrossed in conversation, forgetting that we’re being recorded.

Foley’s instant messages were saved by the young men he talked to, but they could have also been saved by the instant messaging service. There are tools that allow both businesses and government agencies to monitor and log IM conversations. E-mail can be saved by your ISP or by the IT department in your corporation. Gmail, for example, saves everything, even if you delete it.

And these conversations can come back to haunt people—in criminal prosecutions, divorce proceedings or simply as embarrassing disclosures. During the 1998 Microsoft anti-trust trial, the prosecution pored over masses of e-mail, looking for a smoking gun. Of course they found things; everyone says things in conversation that, taken out of context, can prove anything.

The moral is clear: If you type it and send it, prepare to explain it in public later.

And voice is no longer a refuge. Face-to-face conversations are still safe, but we know that the National Security Agency is monitoring everyone’s international phone calls. (They said nothing about SMS messages, but one can assume they were monitoring those too.) Routine recording of phone conversations is still rare—certainly the NSA has the capability—but will become more common as telephone calls continue migrating to the IP network.

If you find this disturbing, you should. Fewer conversations are ephemeral, and we’re losing control over the data. We trust our ISPs, employers and cellphone companies with our privacy, but again and again they’ve proven they can’t be trusted. Identity thieves routinely gain access to these repositories of our information. Paris Hilton and other celebrities have been the victims of hackers breaking into their cellphone providers’ networks. Google reads our Gmail and inserts context-dependent ads.

Even worse, normal constitutional protections don’t apply to much of this. The police need a court-issued warrant to search our papers or eavesdrop on our communications, but can simply issue a subpoena—or ask nicely or threateningly—for data of ours that is held by a third party, including stored copies of our communications.

The Justice Department wants to make this problem even worse, by forcing ISPs and others to save our communications—just in case we’re someday the target of an investigation. This is not only bad privacy and security, it’s a blow to our liberty as well. A world without ephemeral conversation is a world without freedom.

We can’t turn back technology; electronic communications are here to stay. But as technology makes our conversations less ephemeral, we need laws to step in and safeguard our privacy. We need a comprehensive data privacy law, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and to delete it as soon as it is no longer needed.

And we need to remember, whenever we type and send, we’re being watched.

Foley is an anomaly. Most of us do not send instant messages in order to solicit sex with minors. Law enforcement might have a legitimate need to access Foley’s IMs, e-mails and cellphone calling logs, but that’s why there are warrants supported by probable cause—they help ensure that investigations are properly focused on suspected pedophiles, terrorists and other criminals. We saw this in the recent UK terrorist arrests; focused investigations on suspected terrorists foiled the plot, not broad surveillance of everyone without probable cause.

Without legal privacy protections, the world becomes one giant airport security area, where the slightest joke—or comment made years before—lands you in hot water. The world becomes one giant market-research study, where we are all life-long subjects. The world becomes a police state, where we all are assumed to be Foleys and terrorists in the eyes of the government.

This essay originally appeared on Forbes.com.

Posted on October 18, 2006 at 3:30 PM • View Comments

←Previous 1 … 22 23 24 25 26 … 35 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.