Schneier on Security: Tagged privacy

Entries Tagged "privacy"

Page 127 of 138

Cell Phone Surveillance

Missouri will track people’s movements through their cell phones.

Posted on October 27, 2005 at 7:48 AM • View Comments

Eavesdropping Through a Wall

With half a century’s experience of listening to feeble radio signals from space, NASA is helping US security services squeeze super-weak bugging data from Earth-bound buildings.

It is easy to defeat ordinary audio eavesdropping, just by sound-proofing a room. And simply drawing the curtains can defeat newer systems, which shine a laser beam onto a glass window and decode any modulation of the reflected beam caused by sound vibrations in the room.

So the new “through-the-wall audio surveillance system” uses a powerful beam of very high frequency radio waves instead of light. Radio can penetrate walls – if they didn’t, portable radios wouldn’t work inside a house.

The system uses a horn antenna to radiate a beam of microwave energy –between 30 and 100 gigahertz – through a building wall. If people are speaking inside the room, any flimsy surface, such as clothing, will be vibrating. This modulates the radio beam reflected from the surface.

Although the radio reflection that passes back through the wall is extremely faint, the kind of electronic extraction and signal cleaning tricks used by NASA to decode signals in space can be used to extract speech.

Here’s the patent, and here’s a Slashdot thread on the topic.

Wow. (If it works, that is.)

Posted on October 26, 2005 at 3:12 PM • View Comments

FBI Abuses of the USA Patriot Act

Since the Patriot Act was passed, administration officials have repeatedly assured the public and Congress that there have not been improper uses of that law. As recently as April 27, 2005, Attorney General Alberto Gonzales testified that “there has not been one verified case of civil liberties abuse.”

However:

Documents obtained by EPIC from the FBI describe thirteen cases of possible misconduct in intelligence investigations. The case numbering suggests that there were at least 153 investigations of misconduct at the FBI in 2003 alone.

These documents reveal that the Intelligence Oversight Board has investigated many instances of alleged abuse, and perhaps most critically, may not have disclosed these facts to the Congressional oversight committees charged with evaluating the Patriot Act.

According to The Washington Post

In one case, FBI agents kept an unidentified target under surveillance for at least five years—including more than 15 months without notifying Justice Department lawyers after the subject had moved from New York to Detroit. An FBI investigation concluded that the delay was a violation of Justice guidelines and prevented the department “from exercising its responsibility for oversight and approval of an ongoing foreign counterintelligence investigation of a U.S. person.”

In other cases, agents obtained e-mails after a warrant expired, seized bank records without proper authority and conducted an improper “unconsented physical search,” according to the documents.

Although heavily censored, the documents provide a rare glimpse into the world of domestic spying, which is governed by a secret court and overseen by a presidential board that does not publicize its deliberations. The records are also emerging as the House and Senate battle over whether to put new restrictions on the controversial USA Patriot Act, which made it easier for the government to conduct secret searches and surveillance but has come under attack from civil liberties groups.

EPIC received these documents under FOIA, and has written to the Senate Judiciary Committee to urge hearings on the matter, and has recommended that the Attorney General be required to report to Congress when the Intelligence Oversight Board receives allegations of unlawful intelligence investigations.

This week marks the four-year anniversary of the enactment of the Patriot Act. Does anyone feel safer because of it?

EDITED TO ADD: There’s a New York Times article on the topic.

Posted on October 25, 2005 at 7:09 AM • View Comments

Supermarket Loyalty Program Used to Pinpoint Location

This is an interesting (six-month-old) story about a supermarket loyalty program.

Person 1 loses a valuable watch in a supermarket. Person 2 finds it and, instead of returning it as required by law, keeps it. Two years later, he brings it in for repair. The repairman checks the serial number against a lost/stolen database. Person 2 doesn’t admit he found the watch, but instead claims that he bought it in some sort of used watch store. The police check the loyalty-program records from the supermarket and find that Person 2 was in the supermarket within hours of when Person 1 said he lost the watch.

EDITED TO ADD: Earlier confusion about video surveillance fixed, and two comments pointing out the error deleted. Thank you.

Posted on October 24, 2005 at 1:30 PM • View Comments

Private Webcams and the Police

Our surveillance society marches on:

Commercial burglaries have risen in Corona in the past few years. At the same time, security-camera technology has improved, allowing business owners to use Web sites to view their shops or offices from home or while on a trip.

Now the Corona Chamber of Commerce and the Police Department are encouraging businesses with such systems to provide police dispatchers a password so they can see what’s going on during an emergency.

How soon before there’s a law requiring these webcams to be built with a police backdoor?

Posted on October 20, 2005 at 3:25 PM • View Comments

Passport Required to Use the Internet in Italy

Why? Terrorism.

After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax.

Posted on October 18, 2005 at 8:09 AM • View Comments

RFID and Privacy

Boston Globe editorial on RFID and privacy:

It’s one of the cutest of those cute IBM Corp. TV commercials, the ones that feature the ever-present help desk. This time, the desk appears smack in the middle of a highway, blocking the path of a big rig.

”Why are you blocking the road?” the driver asks. ”Because you’re going the wrong way,” replies the cheerful Help Desk lady. ”Your cargo told me so.” It seems the cartons inside the truck contained IBM technology that alerted the company when the driver made a wrong turn.

It’s clever, all right—and creepy. Because the technology needn’t be applied only to cases of beer. The trackers could be attached to every can of beer in the case, and allow marketers to track the boozing habits of the purchasers. Or if the cargo is clothing, those little trackers could have been stitched inside every last sweater. Then some high-tech busybody could keep those wearing them under surveillance.

If this sounds paranoid, take it up with IBM. The company filed a patent application in 2001 which contemplates using this wireless snooping technology to track people as they roam through ”shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, rest rooms, sports arenas, libraries, theaters, museums, etc.” An IBM spokeswoman insisted the company isn’t really prepared to go this far. Patent applications are routinely written to include every possible use of a technology, even some the company doesn’t intend to pursue. Still, it’s clear somebody at IBM has a pretty creepy imagination.

There’s a Slashdot thread on the topic.

Posted on October 14, 2005 at 7:11 AM • View Comments

Domestic Spying in the U.S.

There are two bills in Congress that would grant the Pentagon greater rights to spy on Americans in the U.S.:

The Pentagon would be granted new powers to conduct undercover intelligence gathering inside the United States—and then withhold any information about it from the public—under a series of little noticed provisions now winding their way through Congress.

Citing in part the need for “greater latitude” in the war on terror, the Senate Intelligence Committee recently approved broad-ranging legislation that gives the Defense Department a long sought and potentially crucial waiver: it would permit its intelligence agents, such as those working for the Defense Intelligence Agency (DIA), to covertly approach and cultivate “U.S. persons” and even recruit them as informants—without disclosing they are doing so on behalf of the U.S. government.

[…]

At the same time, the Senate intelligence panel also included in the bill two other potentially controversial amendments—one that would allow the Pentagon and other U.S. intelligence agencies greater access to federal government databases on U.S. citizens, and another granting the DIA new exemptions from disclosing any “operational files” under the Freedom of Information Act (FOIA).

Posted on October 13, 2005 at 11:47 AM • View Comments

Theme Parks and Privacy

EPIC has information here, mostly on Walt Disney World.

EDITED TO ADD: Disneyworld scans hand geometry, not fingerprints.

Posted on October 11, 2005 at 12:14 PM • View Comments

Automatic License Plate Scanners

The Boston Transportation Department, among other duties, hands out parking tickets. If a car has too many unpaid parking tickets, the BTD will lock a Denver Boot to one of the wheels, making the car unmovable. Once the tickets are paid up, the BTD removes th boot.

The white SUV in this photo is owned by the Boston Transportation Department. Its job is to locate cars that need to be booted. The two video cameras on top of the vehicle are hooked up to a laptop computer running license plate scanning software. The vehicle drives around the city scanning plates and comparing them with the database of unpaid parking tickets. When a match is found, the BTD officers jump out and boot the offending car. You can sort of see the boot on the front right wheel of the car behind the SUV in the photo.

This is the kind of thing I call “wholesale surveillance,” and I’ve written about license plate scanners in that regard last year.

Technology is fundamentally changing the nature of surveillance. Years ago, surveillance meant trench-coated detectives following people down streets. It was laborious and expensive, and was only used when there was reasonable suspicion of a crime. Modern surveillance is the policeman with a license-plate scanner, or even a remote license-plate scanner mounted on a traffic light and a policeman sitting at a computer in the station. It’s the same, but it’s completely different. It’s wholesale surveillance.

And it disrupts the balance between the powers of the police and the rights of the people.

[…]

Like the license-plate scanners, the electronic footprints we leave everywhere can be automatically correlated with databases. The data can be stored forever, allowing police to conduct surveillance backwards in time.

The effects of wholesale surveillance on privacy and civil liberties is profound; but unfortunately, the debate often gets mischaracterized as a question about how much privacy we need to give up in order to be secure. This is wrong. It’s obvious that we are all safer when the police can use all techniques at their disposal. What we need are corresponding mechanisms to prevent abuse, and that don’t place an unreasonable burden on the innocent.

Throughout our nation’s history, we have maintained a balance between the necessary interests of police and the civil rights of the people. The license plate itself is such a balance. Imagine the debate from the early 1900s: The police proposed affixing a plaque to every car with the car owner’s name, so they could better track cars used in crimes. Civil libertarians objected because that would reduce the privacy of every car owner. So a compromise was reached: a random string of letter and numbers that the police could use to determine the car owner. By deliberately designing a more cumbersome system, the needs of law enforcement and the public’s right to privacy were balanced.

The search warrant process, as prescribed in the Fourth Amendment, is another balancing method. So is the minimization requirement for telephone eavesdropping: the police must stop listening to a phone line if the suspect under investigation is not talking.

For license-plate scanners, one obvious protection is to require the police to erase data collected on innocent car owners immediately, and not save it. The police have no legitimate need to collect data on everyone’s driving habits. Another is to allow car owners access to the information about them used in these automated searches, and to allow them to challenge inaccuracies.

The Boston Globe has written about this program.

Richard M. Smith, who took this photo, made a public request to the BTD last summer for the database of scanned license plate numbers that is being collected by this vehicle. The BTD told him at the time that the database is not a public record, because the database is owned by AutoVu, the Canadian company that makes the license plate scanner software used in the vehicle. This software is being “loaned” to the City of Boston as part of a “beta” test program.

Anyone doubt that AutoVu is going to sell this data to a company like ChoicePoint?

Posted on October 7, 2005 at 1:49 PM • View Comments

←Previous 1 … 125 126 127 128 129 … 138 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.