Entries Tagged "surveillance"

Page 24 of 93

Using Wi-Fi Signals to Identify People by Body Shape

Another paper on using Wi-Fi for surveillance. This one is on identifying people by their body shape. “FreeSense:Indoor Human Identification with WiFi Signals“:

Abstract: Human identification plays an important role in human-computer interaction. There have been numerous methods proposed for human identification (e.g., face recognition, gait recognition, fingerprint identification, etc.). While these methods could be very useful under different conditions, they also suffer from certain shortcomings (e.g., user privacy, sensing coverage range). In this paper, we propose a novel approach for human identification, which leverages WIFI signals to enable non-intrusive human identification in domestic environments. It is based on the observation that each person has specific influence patterns to the surrounding WIFI signal while moving indoors, regarding their body shape characteristics and motion patterns. The influence can be captured by the Channel State Information (CSI) time series of WIFI. Specifically, a combination of Principal Component Analysis (PCA), Discrete Wavelet Transform (DWT) and Dynamic Time Warping (DTW) techniques is used for CSI waveform-based human identification. We implemented the system in a 6m*5m smart home environment and recruited 9 users for data collection and evaluation. Experimental results indicate that the identification accuracy is about 88.9% to 94.5% when the candidate user set changes from 6 to 2, showing that the proposed human identification method is effective in domestic environments.

EDITED TO ADD (9/13): Related paper.

Posted on August 30, 2016 at 12:57 PMView Comments

The Difficulty of Routing around Internet Surveillance States

Interesting research: “Characterizing and Avoiding Routing Detours Through Surveillance States,” by Anne Edmundson, Roya Ensafi, Nick Feamster, and Jennifer Rexford.

Abstract: An increasing number of countries are passing laws that facilitate the mass surveillance of Internet traffic. In response, governments and citizens are increasingly paying attention to the countries that their Internet traffic traverses. In some cases, countries are taking extreme steps, such as building new Internet Exchange Points (IXPs), which allow networks to interconnect directly, and encouraging local interconnection to keep local traffic local. We find that although many of these efforts are extensive, they are often futile, due to the inherent lack of hosting and route diversity for many popular sites. By measuring the country-level paths to popular domains, we characterize transnational routing detours. We find that traffic is traversing known surveillance states, even when the traffic originates and ends in a country that does not conduct mass surveillance. Then, we investigate how clients can use overlay network relays and the open DNS resolver infrastructure to prevent their traffic from traversing certain jurisdictions. We find that 84% of paths originating in Brazil traverse the United States, but when relays are used for country avoidance, only 37% of Brazilian paths traverse the United States. Using the open DNS resolver infrastructure allows Kenyan clients to avoid the United States on 17% more paths. Unfortunately, we find that some of the more prominent surveillance states (e.g., the U.S.) are also some of the least avoidable countries.

Posted on July 7, 2016 at 6:47 AMView Comments

Security and Human Behavior (SHB 2016)

Earlier this week, I was at the ninth Workshop on Security and Human Behavior, hosted at Harvard University.

SHB is a small invitational gathering of people studying various aspects of the human side of security. The fifty or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, philosophers, political scientists, neuroscientists, lawyers, anthropologists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

These are the most intellectually stimulating two days of my year; this year someone called it “Bruce’s brain in conference form.”

The goal is maximum interaction and discussion. We do that by putting everyone on panels. There are eight six-person panels over the course of the two days. Everyone gets to talk for ten minutes about their work, and then there’s half an hour of discussion in the room. Then there are lunches, dinners, and receptions—all designed so people meet each other and talk.

This page lists the participants and gives links to some of their work. As usual, Ross Anderson liveblogged the talks.

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, and eighth SHB workshops. Follow those links to find summaries, papers, and audio recordings of the workshops.

Posted on June 3, 2016 at 1:36 PMView Comments

Identifying People from Their Metadata

Jonathan Mayer, Patrick Mutchler, and John C. Mitchell, “Evaluating the privacy properties of telephone metadata“:

Abstract: Since 2013, a stream of disclosures has prompted reconsideration of surveillance law and policy. One of the most controversial principles, both in the United States and abroad, is that communications metadata receives substantially less protection than communications content. Several nations currently collect telephone metadata in bulk, including on their own citizens. In this paper, we attempt to shed light on the privacy properties of telephone metadata. Using a crowdsourcing methodology, we demonstrate that telephone metadata is densely interconnected, can trivially be reidentified, and can be used to draw sensitive inferences.

New research, but not a new result. There have been several similar studies over the years. This one uses only anonymized call and SMS metadata to identify people who volunteered for the study.

Four assorted news articles.

Posted on May 19, 2016 at 6:10 AMView Comments

Documenting the Chilling Effects of NSA Surveillance

In Data and Goliath, I talk about the self-censorship that comes along with broad surveillance. This interesting research documents this phenomenon in Wikipedia: “Chilling Effects: Online Surveillance and Wikipedia Use,” by Jon Penney, Berkeley Technology Law Journal, 2016.

Abstract: This article discusses the results of the first empirical study providing evidence of regulatory “chilling effects” of Wikipedia users associated with online government surveillance. The study explores how traffic to Wikipedia articles on topics that raise privacy concerns for Wikipedia users decreased after the widespread publicity about NSA/PRISM surveillance revelations in June 2013. Using an interdisciplinary research design, the study tests the hypothesis, based on chilling effects theory, that traffic to privacy-sensitive Wikipedia articles reduced after the mass surveillance revelations. The Article finds not only a statistically significant immediate decline in traffic for these Wikipedia articles after June 2013, but also a change in the overall secular trend in the view count traffic, suggesting not only immediate but also long-term chilling effects resulting from the NSA/PRISM online surveillance revelations. These, and other results from the case study, not only offer compelling evidence for chilling effects associated with online surveillance, but also offer important insights about how we should understand such chilling effects and their scope, including how they interact with other dramatic or significant events (like war and conflict) and their broader implications for privacy, U.S. constitutional litigation, and the health of democratic society. This study is among the first to demonstrate—using either Wikipedia data or web traffic data more generally­ how government surveillance and similar actions impact online activities, including access to information and knowledge online.

Two news stories.

Posted on April 29, 2016 at 6:28 AM

Mass Surveillance Silences Minority Opinions

Research paper: Elizabeth Stoycheff, “Under Surveillance: Examining Facebook’s Spiral of Silence Effects in the Wake of NSA Internet Monitoring“:

Abstract: Since Edward Snowden exposed the National Security Agency’s use of controversial online surveillance programs in 2013, there has been widespread speculation about the potentially deleterious effects of online government monitoring. This study explores how perceptions and justification of surveillance practices may create a chilling effect on democratic discourse by stifling the expression of minority political views. Using a spiral of silence theoretical framework, knowing one is subject to surveillance and accepting such surveillance as necessary act as moderating agents in the relationship between one’s perceived climate of opinion and willingness to voice opinions online. Theoretical and normative implications are discussed.

No surprise, and something I wrote about in Data and Goliath:

Across the US, states are on the verge of reversing decades-old laws about homosexual relationships and marijuana use. If the old laws could have been perfectly enforced through surveillance, society would never have reached the point where the majority of citizens thought those things were okay. There has to be a period where they are still illegal yet increasingly tolerated, so that people can look around and say, “You know, that wasn’t so bad.” Yes, the process takes decades, but it’s a process that can’t happen without lawbreaking. Frank Zappa said something similar in 1971: “Without deviation from the norm, progress is not possible.”

The perfect enforcement that comes with ubiquitous government surveillance chills this process. We need imperfect security­—systems that free people to try new things, much the way off-the-record brainstorming sessions loosen inhibitions and foster creativity. If we don’t have that, we can’t slowly move from a thing’s being illegal and not okay, to illegal and not sure, to illegal and probably okay, and finally to legal.

This is an important point. Freedoms we now take for granted were often at one time viewed as threatening or even criminal by the past power structure. Those changes might never have happened if the authorities had been able to achieve social control through surveillance.

This is one of the main reasons all of us should care about the emerging architecture of surveillance, even if we are not personally chilled by its existence. We suffer the effects because people around us will be less likely to proclaim new political or social ideas, or act out of the ordinary. If J. Edgar Hoover’s surveillance of Martin Luther King Jr. had been successful in silencing him, it would have affected far more people than King and his family.

Slashdot thread.

EDITED TO ADD (4/6): News article.

Posted on March 29, 2016 at 12:58 PMView Comments

Observations on the Surveillance that Resulted in the Capture of Salah Abdeslam

Interesting analysis from The Grugq:

Bottom Line Up Front

  • Intelligence agencies must cooperate more rapidly and proactively to counter ISIS’ rapid and haphazard operational tempo.
  • Clandestine operatives must rely on support networks that include overt members of the public. These networks are easily mapped out based on metadata available to nation state level security forces.
  • Fugitives should learn to cook if they want to minimize their footprint and improve their security.
  • Exposure of clandestine networks is inevitable, given modern data sources. Only extremely disciplined non-organic organizations can hope to survive for long.

Details at the link.

That third item is related to the “unusually large” pizza order that alerted the police that there were more people in the house than should be.

The bottom bottom line is that tracking people, and tracing groups of people, has become easy because of all the unencrypted metadata we generate everywhere.

Posted on March 22, 2016 at 6:37 AMView Comments

Brennan Center Report on NSA Overseas Spying and Executive Order 12333

The Brennan Center has released a report on EO 12333, the executive order that regulates the NSA’s overseas surveillance. Much of what the NSA does here is secret and, even though the EO is designed for foreign surveillance, Americans are regularly swept up in the NSA’s collection operations:

Despite a series of significant disclosures, the scope of these operations, as well as critical detail about how they are regulated, remain secret. Nevertheless, an analysis of publicly available documents reveals several salient features of the EO 12333 regime:

  • Bulk collection of information: The NSA engages in bulk collection overseas—for example, gathering all of the telephone calls going into or out of certain countries. These programs include the data of Americans who are visiting those countries or communicating with their inhabitants. While recent executive branch reforms place some limits on how the government may use data collected in bulk, these limits do not apply to data that is collected in bulk and held for a temporary (but unspecified) period of time in order to facilitate “targeted” surveillance.
  • Treating subjects of discussion as “targets”: When the NSA conducts surveillance under EO 12333 that it characterizes as “targeted,” it is not limited to obtaining communications to or from particular individuals or groups, or even communications that refer to specified individuals or groups (such as e-mails that mention “ISIS”). Rather, the selection terms used by the NSA may include broad subjects, such as “Yemen” or “nuclear proliferation.”
  • Weak limits on the retention and sharing of information: Despite recent reforms, the NSA continues to exercise significant discretion over how long it may retain personal data gathered under EO 12333 and the circumstances under which it may share such information. While there is a default five-year limit on data retention, there is an extensive list of exceptions. Information sharing with law enforcement authorities threatens to undermine traditional procedural safeguards in criminal proceedings. Current policies disclosed by the government also lack specific procedures for mitigating the human rights risks of intelligence sharing with foreign governments, particularly regimes with a history of repressive and abusive conduct.
  • Systemic lack of meaningful oversight: Operations that are conducted solely under EO 12333 (i.e., those that are not subject to any statutory law) are not vetted or reviewed by any court. Members of the congressional intelligence committees have cited challenges in overseeing the NSA’s network of EO 12333 programs. While the Agency has argued that its privacy processes are robust, overreliance on internal safeguards fails to address the need for external and independent oversight. It also leaves Congress and the public without sufficient means to assess the risks and benefits of EO 12333 operations.

The report concludes with a list of major unanswered questions about EO 12333 and the array of surveillance activities conducted under its rules and policies. While many operational aspects of surveillance programs are necessarily secret, the NSA can and should share the laws and regulations that govern EO 12333 programs, significant interpretations of those legal authorities, and information about how EO 12333 operations are overseen both within the Executive Branch and by Congress. It should clarify internal definitions of terms such as “collection,” “targeted,” and “bulk” so that the scope of its operations is understandable rather than obscured. And it should provide more information on how its overseas operations impact Americans’ privacy, by releasing statistics on data collection and by specifying in greater detail the instances in which it shares information with other U.S. and foreign agencies and the relevant safeguards.

Here’s an article from the Intercept.

And this is me from Data and Goliath on EO 12333:

Executive Order 12333, the 1981 presidential document authorizing most of NSA’s surveillance, is incredibly permissive. It is supposed to primarily allow the NSA to conduct surveillance outside the US, but it gives the agency broad authority to collect data on Americans. It provides minimal protections for Americans; data collected outside the US, and even less for the hundreds of millions of innocent non-Americans whose data is incidentally collected. Because this is a presidential directive and not a law, courts have no jurisdiction, and congressional oversight is minimal. Additionally, at least in 2007, the president believed he could modify or ignore it at will and in secret. As a result, we know very little about how Executive Order 12333 is being interpreted inside the NSA.

Posted on March 21, 2016 at 6:53 AMView Comments

1 22 23 24 25 26 93

Sidebar photo of Bruce Schneier by Joe MacInnis.