Entries Tagged "privacy"

Page 129 of 145

The Analog Hole

Nice essay on the human dimension of the problem of securing information. “Analog hole” is a good name for it.

Along the same lines, here’s a story about the security risks of talking loudly:

About four seats away is a gentleman (on this occasion pronounced ‘fool’) with a BlackBerry mobile device and a very loud voice. He is obviously intent on selling a customer something and is briefing his team. It seems he is the leader as he defines the strategy and assigns each of his unseen team with specific tasks and roles.

Customer products, names, preferences, relationships and monies are being broadcast to everyone within earshot. The strategy for the conference call is discussed, and the specific customer now identified by name and company, and openly described as a BlackBerry nut!

Posted on March 8, 2006 at 12:48 PMView Comments

The Future of Privacy

Over the past 20 years, there’s been a sea change in the battle for personal privacy.

The pervasiveness of computers has resulted in the almost constant surveillance of everyone, with profound implications for our society and our freedoms. Corporations and the police are both using this new trove of surveillance data. We as a society need to understand the technological trends and discuss their implications. If we ignore the problem and leave it to the “market,” we’ll all find that we have almost no privacy left.

Most people think of surveillance in terms of police procedure: Follow that car, watch that person, listen in on his phone conversations. This kind of surveillance still occurs. But today’s surveillance is more like the NSA’s model, recently turned against Americans: Eavesdrop on every phone call, listening for certain keywords. It’s still surveillance, but it’s wholesale surveillance.

Wholesale surveillance is a whole new world. It’s not “follow that car,” it’s “follow every car.” The National Security Agency can eavesdrop on every phone call, looking for patterns of communication or keywords that might indicate a conversation between terrorists. Many airports collect the license plates of every car in their parking lots, and can use that database to locate suspicious or abandoned cars. Several cities have stationary or car-mounted license-plate scanners that keep records of every car that passes, and save that data for later analysis.

More and more, we leave a trail of electronic footprints as we go through our daily lives. We used to walk into a bookstore, browse, and buy a book with cash. Now we visit Amazon, and all of our browsing and purchases are recorded. We used to throw a quarter in a toll booth; now EZ Pass records the date and time our car passed through the booth. Data about us are collected when we make a phone call, send an e-mail message, make a purchase with our credit card, or visit a website.

Much has been written about RFID chips and how they can be used to track people. People can also be tracked by their cell phones, their Bluetooth devices, and their WiFi-enabled computers. In some cities, video cameras capture our image hundreds of times a day.

The common thread here is computers. Computers are involved more and more in our transactions, and data are byproducts of these transactions. As computer memory becomes cheaper, more and more of these electronic footprints are being saved. And as processing becomes cheaper, more and more of it is being cross-indexed and correlated, and then used for secondary purposes.

Information about us has value. It has value to the police, but it also has value to corporations. The Justice Department wants details of Google searches, so they can look for patterns that might help find child pornographers. Google uses that same data so it can deliver context-sensitive advertising messages. The city of Baltimore uses aerial photography to surveil every house, looking for building permit violations. A national lawn-care company uses the same data to better market its services. The phone company keeps detailed call records for billing purposes; the police use them to catch bad guys.

In the dot-com bust, the customer database was often the only salable asset a company had. Companies like Experian and Acxiom are in the business of buying and reselling this sort of data, and their customers are both corporate and government.

Computers are getting smaller and cheaper every year, and these trends will continue. Here’s just one example of the digital footprints we leave:

It would take about 100 megabytes of storage to record everything the fastest typist input to his computer in a year. That’s a single flash memory chip today, and one could imagine computer manufacturers offering this as a reliability feature. Recording everything the average user does on the Internet requires more memory: 4 to 8 gigabytes a year. That’s a lot, but “record everything” is Gmail’s model, and it’s probably only a few years before ISPs offer this service.

The typical person uses 500 cell phone minutes a month; that translates to 5 gigabytes a year to save it all. My iPod can store 12 times that data. A “life recorder” you can wear on your lapel that constantly records is still a few generations off: 200 gigabytes/year for audio and 700 gigabytes/year for video. It’ll be sold as a security device, so that no one can attack you without being recorded. When that happens, will not wearing a life recorder be used as evidence that someone is up to no good, just as prosecutors today use the fact that someone left his cell phone at home as evidence that he didn’t want to be tracked?

In a sense, we’re living in a unique time in history. Identification checks are common, but they still require us to whip out our ID. Soon it’ll happen automatically, either through an RFID chip in our wallet or face-recognition from cameras. And those cameras, now visible, will shrink to the point where we won’t even see them.

We’re never going to stop the march of technology, but we can enact legislation to protect our privacy: comprehensive laws regulating what can be done with personal information about us, and more privacy protection from the police. Today, personal information about you is not yours; it’s owned by the collector. There are laws protecting specific pieces of personal data—videotape rental records, health care information—but nothing like the broad privacy protection laws you find in European countries. That’s really the only solution; leaving the market to sort this out will result in even more invasive wholesale surveillance.

Most of us are happy to give out personal information in exchange for specific services. What we object to is the surreptitious collection of personal information, and the secondary use of information once it’s collected: the buying and selling of our information behind our back.

In some ways, this tidal wave of data is the pollution problem of the information age. All information processes produce it. If we ignore the problem, it will stay around forever. And the only way to successfully deal with it is to pass laws regulating its generation, use and eventual disposal.

This essay was originally published in the Minneapolis Star-Tribune.

Posted on March 6, 2006 at 5:41 AMView Comments

AT&T's 1.9-Trillion-Call Database

This whole article is worth reading, but I found this tidbit particularly interesting:

He was alluding to databases maintained at an AT&T data center in Kansas, which now contain electronic records of 1.92 trillion telephone calls, going back decades. The Electronic Frontier Foundation, a digital-rights advocacy group, has asserted in a lawsuit that the AT&T Daytona system, a giant storehouse of calling records and Internet message routing information, was the foundation of the N.S.A.’s effort to mine telephone records without a warrant.

An AT&T spokeswoman said the company would not comment on the claim, or generally on matters of national security or customer privacy.

But the mining of the databases in other law enforcement investigations is well established, with documented results. One application of the database technology, called Security Call Analysis and Monitoring Platform, or Scamp, offers access to about nine weeks of calling information. It currently handles about 70,000 queries a month from fraud and law enforcement investigators, according to AT&T documents.

A former AT&T official who had detailed knowledge of the call-record database said the Daytona system takes great care to make certain that anyone using the database – whether AT&T employee or law enforcement official with a subpoena – sees only information he or she is authorized to see, and that an audit trail keeps track of all users. Such information is frequently used to build models of suspects’ social networks.

The official, speaking on condition of anonymity because he was discussing sensitive corporate matters, said every telephone call generated a record: number called, time of call, duration of call, billing category and other details. While the database does not contain such billing data as names, addresses and credit card numbers, those records are in a linked database that can be tapped by authorized users.

New calls are entered into the database immediately after they end, the official said, adding, “I would characterize it as near real time.”

According to a current AT&T employee, whose identity is being withheld to avoid jeopardizing his job, the mining of the AT&T databases had a notable success in helping investigators find the perpetrators of what was known as the Moldovan porn scam.

In 1997 a shadowy group in Moldova, a former Soviet republic, was tricking Internet users by enticing them to a pornography Web site that would download a piece of software that disconnected the computer user from his local telephone line and redialed a costly 900 number in Moldova.

While another long-distance carrier simply cut off the entire nation of Moldova from its network, AT&T and the Moldovan authorities were able to mine the database to track the culprits.

Posted on March 3, 2006 at 11:45 AMView Comments

More on Greek Wiretapping

Earlier this month I blogged about a wiretapping scandal in Greece.

Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister.

Details are sketchy, but it seems that a piece of malicious code was discovered by Ericsson technicians in Vodafone’s mobile phone software. The code tapped into the conference call system. It “conference called” phone calls to 14 prepaid mobile phones where the calls were recorded.

More details are emerging. It turns out that the “malicious code” was actually code designed into the system. It’s eavesdropping code put into the system for the police.

The attackers managed to bypass the authorization mechanisms of the eavesdropping system, and activate the “lawful interception” module in the mobile network. They then redirected about 100 numbers to 14 shadow numbers they controlled. (Here are translations of some of the press conferences with technical details. And here are details of the system used.)

There is an important security lesson here. I have long argued that when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes. That’s exactly what happened here.

UPDATED TO ADD (3/2): From a reader: “I have an update. There is some news from the ‘Hellenic Authority for the Information and Communication Security and Privacy’ with a few facts and I got a rumor that there is a root backdoor in the telnetd of Ericssons AXE backdoor. (No, I can’t confirm the rumor.)”

Posted on March 1, 2006 at 8:04 AMView Comments

Face Recognition Comes to Bars

BioBouncer is a face recognition system intended for bars:

Its camera snaps customers entering clubs and bars, and facial recognition software compares them with stored images of previously identified troublemakers. The technology alerts club security to image matches, while innocent images are automatically flushed at the end of each night, Dussich said. Various clubs can share databases through a virtual private network, so belligerent drunks might find themselves unwelcome in all their neighborhood bars.

Anyone want to guess how long that “automatically flushed at the end of each night” will last? This data has enormous value. Insurance companies will want to know if someone was in a bar before a car accident. Employers will want to know if their employees were drinking before work—think airplane pilots. Private investigators will want to know who walked into a bar with whom. The police will want to know all sorts of things. Lots of people will want this data—and they’ll all be willing to pay for it.

And the data will be owned by the bars thatcollect it. They can choose to erase it, or they can choose to sell it to data aggregators like Acxiom.

It’s rarely the initial application that’s the problem. It’s the follow-on applications. It’s the function creep. Before you know it, everyone will know that they are identified the moment they walk into a commercial building. We will all lose privacy, and liberty, and freedom as a result.

Posted on February 28, 2006 at 3:47 PMView Comments

Police Cameras in Your Home

This is so nutty that I wasn’t even going to blog it. But too many of you are e-mailing the article to me.

Houston’s police chief on Wednesday proposed placing surveillance cameras in apartment complexes, downtown streets, shopping malls and even private homes to fight crime during a shortage of police officers.

“I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?” Chief Harold Hurtt told reporters Wednesday at a regular briefing.

One of the problems we have in the privacy community is that we don’t have a crisp answer to that question. Any suggestions?

Posted on February 23, 2006 at 1:12 PMView Comments

WiFi Tracking

…a few hundred meters away….”

Forget RFID. Well, don’t, but National Scientific Corporation has a prototype of a WiFi tagging system that, like RFID, lets you track things in real-time and space. The advantage that the WiFi Tracker system has over passive RFID tracking is that you can keep tabs on objects with WiFi Tracker tags (which can hold up to 256K of data) from as far as a few hundred meters away (the range of passive RFID taggers is just a few meters). While you can do something similar with active RFID tags, with WiFi Tracker companies can use their pre-existing WiFi network to track things rather than having to build a whole new RFID system.

In other news, Apple is adding WiFi to the iPod.

And, of course, you can be tracked from your cellphone:

But the FBI and the U.S. Department of Justice have seized on the ability to
locate a cellular customer and are using it to track Americans’ whereabouts
surreptitiously—even when there’s no evidence of wrongdoing.

A pair of court decisions in the last few weeks shows that judges are split
on whether this is legal. One federal magistrate judge in Wisconsin on Jan.
17 ruled it was unlawful, but another nine days later in Louisiana decided
that it was perfectly OK.

This is an unfortunate outcome, not least because it shows that some judges
are reluctant to hold federal agents and prosecutors to the letter of the
law.

It’s also unfortunate because it demonstrates that the FBI swore never to
use a 1994 surveillance law to track cellular phones—but then, secretly,
went ahead and did it, anyway.

Posted on February 14, 2006 at 1:29 PMView Comments

Valentine's Day Security

Last Friday, the Wall Street Journal ran an article (unfortunately, the link is only for paid subscribers) about how Valentine’s Day is the day when cheating spouses are most likely to trip up:

Valentine’s Day is the biggest single 24-hour period for florists, a huge event for greeting-card companies and a boon for candy makers. But it’s also a major crisis day for anyone who is having an affair. After all, Valentine’s Day is the one holiday when everyone is expected to do something romantic for their spouse or lover—and if someone has both, it’s a serious problem.

So, of course, private detectives work overtime.

“If anything is going on, it will be happening on that day,” says Irene Smith, who says business at her Discreet Investigations detective agency in Golden, Colo., as much as doubles—to as many as 12 cases some years—on Valentine’s Day.

Private detectives are expensive—about $100 per hour, according to the article—and might not be worth it.

The article suggests some surveillance tools you can buy at home: a real-time GPS tracking system you can hide in your spouse’s car, a Home Evidence Collection Kit you can use to analyze stains on “clothing, car seats or elsewhere,” Internet spying software, a telephone recorder, and a really cool buttonhole camera.

But even that stuff may be overkill:

Ruth Houston, author of a book called Is He Cheating on You?—829 Telltale Signs, says she generally recommends against spending money on private detectives to catch cheaters because the indications are so easy to read. (Sign No. 3 under “Gifts”: He tries to convince you he bought expensive chocolates for himself.)

I hope I don’t need to remind you that cheaters should also be reading that book, familiarizing themselves with the 829 telltale signs they should avoid making.

The article has several interesting personal stories, and warns that “planning a ‘business trip’ that falls over Valentine’s Day is a typical mistake cheaters make.”

So now I’m wondering why the RSA Conference is being held over Valentine’s Day.

EDITED TO ADD (2/14): Today’s Washington Post has a similar story.

Posted on February 14, 2006 at 8:35 AMView Comments

1 127 128 129 130 131 145

Sidebar photo of Bruce Schneier by Joe MacInnis.