Page 69 of 92
This is scary:
Sir David Omand, the former Whitehall security and intelligence co-ordinator, sets out a blueprint for the way the state will mine data—including travel information, phone records and emails—held by public and private bodies and admits: “Finding out other people’s secrets is going to involve breaking everyday moral rules.”
In short: it’s immoral, but we’re going to do it anyway.
Use it to catch the lovers of cheating spouses. (The site has a wide variety of hidden cameras in common household objects.)
Note: This isn’t the first time I have written about this topic, and it surely won’t be the last. I think I did a particularly good job summarizing the issues this time, which is why I am reprinting it.
Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data.
Data is the pollution of the information age. It’s a natural byproduct of every computer-mediated interaction. It stays around forever, unless it’s disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic.
And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we’re ignoring data in our rush to build the Information Age.
Increasingly, you leave a trail of digital footprints throughout your day. Once you walked into a bookstore and bought a book with cash. Now you visit Amazon, and all of your browsing and purchases are recorded. You used to buy a train ticket with coins; now your electronic fare card is tied to your bank account. Your store affinity cards give you discounts; merchants use the data on them to reveal detailed purchasing patterns.
Data about you is collected when you make a phone call, send an e-mail message, use a credit card, or visit a website. A national ID card will only exacerbate this.
More computerized systems are watching you. Cameras are ubiquitous in some cities, and eventually face recognition technology will be able to identify individuals. Automatic license plate scanners track vehicles in parking lots and cities. Color printers, digital cameras, and some photocopy machines have embedded identification codes. Aerial surveillance is used by cities to find building permit violators and by marketers to learn about home and garden size.
As RFID chips become more common, they’ll be tracked, too. Already you can be followed by your cell phone, even if you never make a call. This is wholesale surveillance; not “follow that car,” but “follow every car.”
Computers are mediating conversation as well. Face-to-face conversations are ephemeral. Years ago, telephone companies might have known who you called and how long you talked, but not what you said. Today you chat in e-mail, by text message, and on social networking sites. You blog and you Twitter. These conversations – with family, friends, and colleagues – can be recorded and stored.
It used to be too expensive to save this data, but computer memory is now cheaper. Computer processing power is cheaper, too; more data is cross-indexed and correlated, and then used for secondary purposes. What was once ephemeral is now permanent.
Who collects and uses this data depends on local laws. In the US, corporations collect, then buy and sell, much of this information for marketing purposes. In Europe, governments collect more of it than corporations. On both continents, law enforcement wants access to as much of it as possible for both investigation and data mining.
Regardless of country, more organizations are collecting, storing, and sharing more of it.
More is coming. Keyboard logging programs and devices can already record everything you type; recording everything you say on your cell phone is only a few years away.
A “life recorder” you can clip to your lapel that’ll record everything you see and hear isn’t far behind. It’ll be sold as a security device, so that no one can attack you without being recorded. When that happens, will not wearing a life recorder be used as evidence that someone is up to no good, just as prosecutors today use the fact that someone left his cell phone at home as evidence that he didn’t want to be tracked?
You’re living in a unique time in history: the technology is here, but it’s not yet seamless. Identification checks are common, but you still have to show your ID. Soon it’ll happen automatically, either by remotely querying a chip in your wallets or by recognizing your face on camera.
And all those cameras, now visible, will shrink to the point where you won’t even see them. Ephemeral conversation will all but disappear, and you’ll think it normal. Already your children live much more of their lives in public than you do. Your future has no privacy, not because of some police-state governmental tendencies or corporate malfeasance, but because computers naturally produce data.
Cardinal Richelieu famously said: “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” When all your words and actions can be saved for later examination, different rules have to apply.
Society works precisely because conversation is ephemeral; because people forget, and because people don’t have to justify every word they utter.
Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a BlackBerry, are not official correspondence. A data pattern indicating “terrorist tendencies” is no substitute for a real investigation. Being constantly scrutinized undermines our social norms; furthermore, it’s creepy. Privacy isn’t just about having something to hide; it’s a basic right that has enormous value to democracy, liberty, and our humanity.
We’re not going to stop the march of technology, just as we cannot un-invent the automobile or the coal furnace. We spent the industrial age relying on fossil fuels that polluted our air and transformed our climate. Now we are working to address the consequences. (While still using said fossil fuels, of course.) This time around, maybe we can be a little more proactive.
Just as we look back at the beginning of the previous century and shake our heads at how people could ignore the pollution they caused, future generations will look back at us – living in the early decades of the information age – and judge our solutions to the proliferation of data.
We must, all of us together, start discussing this major societal change and what it means. And we must work out a way to create a future that our grandchildren will be proud of.
This essay originally appeared on the BBC.com website.
At least, according to an anonymous “industry source”:
The spybiz exec, who preferred to remain anonymous, confirmed that Skype continues to be a major problem for government listening agencies, spooks and police. This was already thought to be the case, following requests from German authorities for special intercept/bugging powers to help them deal with Skype-loving malefactors. Britain’s GCHQ has also stated that it has severe problems intercepting VoIP and internet communication in general.
Skype in particular is a serious problem for spooks and cops. Being P2P, the network can’t be accessed by the company providing it and the authorities can’t gain access by that route. The company won’t disclose details of its encryption, either, and isn’t required to as it is Europe based. This lack of openness prompts many security pros to rubbish Skype on “security through obscurity” grounds: but nonetheless it remains a popular choice with those who think they might find themselves under surveillance. Rumour suggests that America’s NSA may be able to break Skype encryption—assuming they have access to a given call or message—but nobody else.
The NSA may be able to do that: but it seems that if so, this uses up too much of the agency’s resources at present.
I’m sure this is a real problem. Here’s an article claiming that Italian criminals are using Skype more than the telephone because of eavesdropping concerns.
This is interesting:
I had been curious about what’s in my travel dossier, so I made a Freedom of Information Act (FOIA) request for a copy. I’m posting here a few sample pages of what officials sent me.
My biggest surprise was that the Internet Protocol (I.P.) address of the computer used to buy my tickets via a Web agency was noted. On the first document image posted here, I’ve circled in red the I.P. address of the computer used to buy my pair of airline tickets.
[…]
The rest of my file contained details about my ticketed itineraries, the amount I paid for tickets, and the airports I passed through overseas. My credit card number was not listed, nor were any hotels I’ve visited. In two cases, the basic identifying information about my traveling companion (whose ticket was part of the same purchase as mine) was included in the file. Perhaps that information was included by mistake.
This is not surprising at all; when money is scarce, these sorts of things go unfunded. Perhaps the biggest surprise is that people thought the cameras were ever monitored—generally, they’re not.
Worth reading. One excerpt:
The problem is that NSA was never designed for what it’s doing. It was designed after World War II to prevent another surprise attack from another nation-state, particularly the Soviet Union. And from 1945 or ’46 until 1990 or ’91, that’s what its mission was. That’s what every piece of equipment, that’s what every person recruited to the agency, was supposed to do, practically—find out when and where and if the Russians were about to launch a nuclear attack. That’s what it spent 50 years being built for. And then all of a sudden the Soviet Union is not around anymore, and NSA’s got a new mission, and part of that is going after terrorists. And it’s just not a good fit. They missed the first World Trade Center bombing, they missed the attack on the U.S.S. Cole, they missed the attack on the U.S. embassies in Africa, they missed 9/11. There’s this string of failures because this agency was not really designed to do this. In the movies, they’d be catching terrorists all the time. But this isn’t the movies, this is reality.
The big difference here is that when they were focused on the Soviet Union, the Soviets communicated over dedicated lines. The army communicated over army channels, the navy communicated over navy channels, the diplomats communicated over foreign-office channels. These were all particular channels, particular frequencies, you knew where they were; the main problem was breaking encrypted communications. [The NSA] had listening posts ringing the Soviet Union, they had Russian linguists that were being pumped out from all these schools around the U.S.
Then the Cold War ends and everything changes. Now instead of a huge country that communicated all the time, you have individuals who hop from Kuala Lampur to Nairobi or whatever, from continent to continent, from day to day. They don’t communicate [electronically] all the time—they communicate by meetings. [The NSA was] tapping Bin Laden’s phone for three years and never picked up on any of these terrorist incidents. And the [electronic] communications you do have are not on dedicated channels, they’re mixed in with the world communication network. First you’ve got to find out how to extract that from it, then you’ve got to find people who can understand the language, and then you’ve got to figure out the word code. You can’t use a Cray supercomputer to figure out if somebody’s saying they’re going to have a wedding next week whether it’s really going to be a wedding or a bombing.
So that’s the challenge facing the people there. So even though I’m critical about them for missing these things, I also try in the book to give an explanation as to why this is. It’s certainly not because the people are incompetent. It’s because the world has changed.
I think the problem is more serious than people realize. I talked to the people at Fort Gordon [in Georgia], which is the main listening post for the Middle East and North Africa. What was shocking to me was the people who were there were saying they didn’t have anybody [at the time] who spoke Pashtun. We’re at war in Afghanistan and the main language of the Taliban is Pashtun.
The answer here is to change our foreign policy so that we don’t have to depend on agencies like NSA to try to protect the country. You try to protect the country by having reasonable policies so that we won’t have to worry about terrorism so much. It’s just getting harder and harder to find them.
Also worth reading is his new book.
As the first digital president, Barack Obama is learning the hard way how difficult it can be to maintain privacy in the information age. Earlier this year, his passport file was snooped by contract workers in the State Department. In October, someone at Immigration and Customs Enforcement leaked information about his aunt’s immigration status. And in November, Verizon employees peeked at his cell phone records.
What these three incidents illustrate is not that computerized databases are vulnerable to hacking—we already knew that, and anyway the perpetrators all had legitimate access to the systems they used—but how important audit is as a security measure.
When we think about security, we commonly think about preventive measures: locks to keep burglars out of our homes, bank safes to keep thieves from our money, and airport screeners to keep guns and bombs off airplanes. We might also think of detection and response measures: alarms that go off when burglars pick our locks or dynamite open bank safes, sky marshals on airplanes who respond when a hijacker manages to sneak a gun through airport security. But audit, figuring out who did what after the fact, is often far more important than any of those other three.
Most security against crime comes from audit. Of course we use locks and alarms, but we don’t wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that’s audit.
Audit helps ensure that people don’t abuse positions of trust. The cash register, for example, is basically an audit system. Cashiers have to handle the store’s money. To ensure they don’t skim from the till, the cash register keeps an audit trail of every transaction. The store owner can look at the register totals at the end of the day and make sure the amount of money in the register is the amount that should be there.
The same idea secures us from police abuse, too. The police have enormous power, including the ability to intrude into very intimate aspects of our life in order to solve crimes and keep the peace. This is generally a good thing, but to ensure that the police don’t abuse this power, we put in place systems of audit like the warrant process.
The whole NSA warrantless eavesdropping scandal was about this. Some misleadingly painted it as allowing the government to eavesdrop on foreign terrorists, but the government always had that authority. What the government wanted was to not have to submit a warrant, even after the fact, to a secret FISA court. What they wanted was to not be subject to audit.
That would be an incredibly bad idea. Law enforcement systems that don’t have good audit features designed in, or are exempt from this sort of audit-based oversight, are much more prone to abuse by those in power—because they can abuse the system without the risk of getting caught. Audit is essential as the NSA increases its domestic spying. And large police databases, like the FBI Next Generation Identification System, need to have strong audit features built in.
For computerized database systems like that—systems entrusted with other people’s information—audit is a very important security mechanism. Hospitals need to keep databases of very personal health information, and doctors and nurses need to be able to access that information quickly and easily. A good audit record of who accessed what when is the best way to ensure that those trusted with our medical information don’t abuse that trust. It’s the same with IRS records, credit reports, police databases, telephone records – anything personal that someone might want to peek at during the course of his job.
Which brings us back to President Obama. In each of those three examples, someone in a position of trust inappropriately accessed personal information. The difference between how they played out is due to differences in audit. The State Department’s audit worked best; they had alarm systems in place that alerted superiors when Obama’s passport files were accessed and who accessed them. Verizon’s audit mechanisms worked less well; they discovered the inappropriate account access and have narrowed the culprits down to a few people. Audit at Immigration and Customs Enforcement was far less effective; they still don’t know who accessed the information.
Large databases filled with personal information, whether managed by governments or corporations, are an essential aspect of the information age. And they each need to be accessed, for legitimate purposes, by thousands or tens of thousands of people. The only way to ensure those people don’t abuse the power they’re entrusted with is through audit. Without it, we will simply never know who’s peeking at what.
This essay first appeared on the Wall Street Journal website.
Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement. Most previous descriptions of the technology, however, suggested that because of range limitations, triggerfish were only useful for zeroing in on a phone's precise location once cooperative cell providers had given a general location.
This summer, however, the American Civil Liberties Union and Electronic Frontier Foundation sued the Justice Department, seeking documents related to the FBI's cell-phone tracking practices. Since August, they've received a stream of documents—the most recent batch on November 6—that were posted on the Internet last week. In a post on the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew attention to language in several of those documents implying that triggerfish have broader application than previously believed.
First terrorists, then trash cans:
More than half of town halls admit using anti-terror laws to spy on families suspected of putting their rubbish out on the wrong day.
Their tactics include putting secret cameras in tin cans, on lamp posts and even in the homes of ‘friendly’ residents.
The local authorities admitted that one of their main aims was to catch householders who put their bins out early.
EDITED TO ADD (11/13): A better article on the subject.
Sidebar photo of Bruce Schneier by Joe MacInnis.