Entries Tagged "surveillance"

Page 75 of 92

Security Risks of Wholesale Telephone Eavesdropping

A handful of prominent security researchers have published a report on the security risks of the large-scale eavesdropping made temporarily legal by the “Protect America Act” passed in the U.S. in August, and which may be made permanently legal soon. “Risking Communications Security: Potential Hazards of the ‘Protect America Act’“—dated October 1, 2007, and marked “draft”—is well worth reading:

The civil-liberties concern is whether the new law puts Americans at risk of spurious—and invasive—surveillance by their own government. The security concern is whether the new law puts Americans at risk of illegitimate surveillance by others. We focus on security. How will the collection system determine that communications have one end outside the United States? How will the surveillance be secured? We examine the risks and put forth recommendations to address them.

Not surprising, the risks are considerable. And difficult to address.

We see three serious security risks that have not been adequately addressed (or perhaps not even addressed at all): the danger that the system can be exploited by unauthorized users, the danger of criminal misuse by a trusted insider, and the danger of misuse by the U.S. government. Our recommendations are based on these concern.

The group has two basic recommendations: data minimization, and oversight:

Minimization is critical. Allowing collection of calls on U.S. territory necessarily entails greater access to the communications of U.S. persons; the architecture must minimize collection of both the call details and the content of these communications. The best way to prevent problems is to intercept as early as possible: at the cableheads; such a solution, by decreasing the number of interception points will simplify the security problem. Surveilling at the cableheads will help minimize collection but it is not sufficient. Intercepted traffic should be studied (by geo-location and any other available techniques) to determine whether it comes from non-targeted U.S. persons and if so, discarded before any further processing is done.

[…]

Oversight is necessary to prevent abuse and ensure information assurance. Independent oversight of operations is also essential and is a fundamental tenet of security. To assure independence the overseeing authority should be as far removed from the intercepting authority as practical.

More in the report, of course.

EDITED TO ADD (2/4/08): Here’s the final report.

Posted on October 16, 2007 at 7:07 AMView Comments

Hacking Security Cameras

Clever:

If you’ve seen a Hollywood caper movie in the last 20 years you know the old video-camera-spoofing trick. That’s where the criminal mastermind taps into a surveillance camera system and substitutes his own video stream, leaving hapless security guards watching an endless loop of absolutely-nothing-happening while the bank robber empties the vault.

Now white-hat hackers have demonstrated a technique that neatly replicates that old standby.

Amir Azam and Adrian Pastor, researchers at London-based security firm ProCheckUp, discovered that they can redirect what video file is played back by an AXIS 2100 surveillance camera, a common industrial security camera that boasts a web interface, allowing guards to monitor a building from anywhere in the world.

Posted on October 8, 2007 at 6:39 AMView Comments

NSA's Public Relations Campaign Targets Reporters

Your tax dollars at work:

Frustrated by press leaks about its most sensitive electronic surveillance work, the secretive National Security Agency convened an unprecedented series of off-the-record “seminars” in recent years to teach reporters about the damage caused by such leaks and to discourage reporting that could interfere with the agency’s mission to spy on America’s enemies.

The half-day classes featured high-ranking NSA officials highlighting objectionable passages in published stories and offering “an innocuous rewrite” that officials said maintained the “overall thrust” of the articles but omitted details that could disclose the agency’s techniques, according to course outlines obtained by The New York Sun.

Posted on October 4, 2007 at 3:11 PMView Comments

Government Employee Uses DHS Database to Track Ex-Girlfriend

When you build a surveillance system, you invite trusted insiders to abuse that system:

According to the indictment, Robinson, began a relationship with an unidentified woman in 2002 that ended acrimoniously seven months later. After the breakup, federal authorities allege Robinson accessed a government database known as the TECS (Treasury Enforcement Communications System) at least 163 times to track the travel patterns of the woman and her family.

What I want to know is how he got caught. It can be very hard to catch insiders like this; good audit systems are essential, but often overlooked in the design process.

Posted on October 3, 2007 at 3:02 PMView Comments

The Economist on Privacy and Surveillance

Great article from The Economist on data collection, privacy, surveillance, and the future.

Here’s the conclusion:

If the erosion of individual privacy began long before 2001, it has accelerated enormously since. And by no means always to bad effect: suicide-bombers, by their very nature, may not be deterred by a CCTV camera (even a talking one), but security wonks say many terrorist plots have been foiled, and lives saved, through increased eavesdropping, computer profiling and “sneak and peek” searches. But at what cost to civil liberties?

Privacy is a modern “right.” It is not even mentioned in the 18th-century revolutionaries’ list of demands. Indeed, it was not explicitly enshrined in international human-rights laws and treaties until after the second world war. Few people outside the civil-liberties community seem to be really worried about its loss now.

That may be because electronic surveillance has not yet had a big impact on most people’s lives, other than (usually) making it easier to deal with officialdom. But with the collection and centralisation of such vast amounts of data, the potential for abuse is huge and the safeguards paltry.

Ross Anderson, a professor at Cambridge University in Britain, has compared the present situation to a “boiled frog”—which fails to jump out of the saucepan as the water gradually heats. If liberty is eroded slowly, people will get used to it. He added a caveat: it was possible the invasion of privacy would reach a critical mass and prompt a revolt.

If there is not much sign of that in Western democracies, this may be because most people rightly or wrongly trust their own authorities to fight the good fight against terrorism, and avoid abusing the data they possess. The prospect is much scarier in countries like Russia and China, which have embraced capitalist technology and the information revolution without entirely exorcising the ethos of an authoritarian state where dissent, however peaceful, is closely monitored.

On the face of things, the information age renders impossible an old-fashioned, file-collecting dictatorship, based on a state monopoly of communications. But imagine what sort of state may emerge as the best brains of a secret police force—a force whose house culture treats all dissent as dangerous—perfect the art of gathering and using information on massive computer banks, not yellowing paper.

Posted on October 2, 2007 at 11:14 AMView Comments

The Technology of Homeland Security

Reuters has an article on future security technologies. I’ve already talked about automatic license-plate-capture cameras and aerial surveillance (drones and satellites), but there’s some new stuff:

Resembling the seed of a silver maple tree, the single-winged device would pack a tiny two-stage rocket thruster along with telemetry, communications, navigation, imaging sensors and a power source.

The nano air vehicle, or NAV, is designed to carry interchangeable payload modules—the size of an aspirin tablet. It could be used for chemical and biological detection or finding a “needle in a haystack,” according to Ned Allen, chief scientist at Lockheed’s fabled Skunk Works research arm.

Released in organized swarms to fly low over a disaster area, the NAV sensors could detect human body heat and signs of breathing, Allen said.

And this:

Airport screening is another area that could be transformed within 10 years, using scanning wizardry to pinpoint a suspected security threat through biometrics—based on one or more physical or behavioral traits.

“We can read fingerprints from about five meters…all 10 prints,” said Bruce Walker, vice president of homeland security for Northrop Grumman Corp (NOC.N). “We can also do an iris scan at the same distance.”

For a while I’ve been saying that this whole national ID debate will be irrelevant soon. In the future you won’t have to show ID; they’ll already know who you are.

Posted on September 26, 2007 at 6:13 AMView Comments

More on the German Terrorist Plot

This article is a detailed writeup of the actual investigation. While it seems that intercepted emails were instrumental at several points during the investigation, the article doesn’t explain whether the intercepts were the result of some of the wholesale eavesdropping programs or specifically obtained for this case.

The US intelligence agencies, the NSA and CIA, provided the most important information: copies of messages between German Islamists and their contacts in Pakistan. Three people in Germany were apparently the ones maintaining contact. The first was a man with the pseudonym “Muaz,” who investigators suspected was Islamist Attila S., 22. The second was a man named “Zafer,” from the town of Neunkirchen, who they believed was Zafer S., an old friend of Daniel S., one of the three men arrested last week. According to his father, Hizir S., Zafer is currently attending a language course in Istanbul. The third name that kept reappearing in the emails the NSA intercepted was “Abdul Malik,” a.k.a. Fritz Gelowicz, who prosecutors believe was the ringleader of the German cell, a man Deputy Secretary Hanning calls “cold-blooded and full of hate.”

[…]

While at the Pakistani camp in the spring of 2006, Adem Y. and Gelowicz probably discussed ways to secretly deliver messages from Pakistan to Germany. They used a Yahoo mailbox, but instead of sending messages directly, they would store them in a draft folder through which their fellow Islamists could then access the messages. But it turned out that the method they hit upon had long been known as an al-Qaida ploy. The CIA, NSA and BKA had no trouble monitoring the group’s communications. Two men who went by the aliases “Sule” or “Suley” and “Jaf” kept up the contact from the IJU side.

This is also interesting, given the many discussions on this blog and elsewhere about stopping people watching and photographing potential terrorist targets:

Early in the evening of Dec. 31, 2006, a car containing several passengers drove silently past the Hutier Barracks in Lamboy, a section of the western German city of Hanau. Hanau is known as the home of a major US military base, where thousands of US soldiers live and routinely look forward to celebrating New Year’s Eve in their home away from home. The BfV’s observation team later noted that the car drove back and forth in front of the barracks several times. When German agents finally stopped the car, they discovered that the passengers were Fritz Gelowicz, Attila S. from the southern city of Ulm, Ayhan T. from Langen near Frankfurt and Dana B., a German of Iranian descent from Frankfurt who, when asked what he and the others were doing there, claimed that they had just wanted to see “how the Americans celebrate New Year’s Eve.”

Posted on September 21, 2007 at 4:00 AMView Comments

London's Security Cameras Don't Help

Interesting article. London’s 10,000 security cameras don’t reduce crime:

A comparison of the number of cameras in each London borough with the proportion of crimes solved there found that police are no more likely to catch offenders in areas with hundreds of cameras than in those with hardly any.

In fact, four out of five of the boroughs with the most cameras have a record of solving crime that is below average.

EDITED TO ADD (10/11): This is a follow-up to a 2005 article.

Posted on September 20, 2007 at 2:03 PMView Comments

Federal Judge Strikes Down National-Security-Letter Provision of Patriot Act

Article, ACLU press release, some legal commentary, and actual decision.

From the article:

The ACLU had challenged the law on behalf of an Internet service provider, complaining that the law allowed the FBI to demand records without the kind of court supervision required for other government searches. Under the law, investigators can issue so-called national security letters to entities like Internet service providers and phone companies and demand customers’ phone and Internet records.

In his ruling, Marrero said much more was at stake than questions about the national security letters.

He said Congress, in the original USA Patriot Act and less so in a 2005 revision, had essentially tried to legislate how the judiciary must review challenges to the law. If done to other bills, they ultimately could all “be styled to make the validation of the law foolproof.”

Noting that the courthouse where he resides is several blocks from the fallen World Trade Center, the judge said the Constitution was designed so that the dangers of any given moment could never justify discarding fundamental individual liberties.

He said when “the judiciary lowers its guard on the Constitution, it opens the door to far-reaching invasions of liberty.”

Regarding the national security letters, he said, Congress crossed its boundaries so dramatically that to let the law stand might turn an innocent legislative step into “the legislative equivalent of breaking and entering, with an ominous free pass to the hijacking of constitutional values.”

He said the ruling does not mean the FBI must obtain the approval of a court prior to ordering records be turned over, but rather must justify to a court the need for secrecy if the orders will last longer than a reasonable and brief period of time.

Note that judge immediately stayed his decision, pending appeal.

EDITED TO ADD (9/9): More legal commentary.

Posted on September 7, 2007 at 10:05 AMView Comments

1 73 74 75 76 77 92

Sidebar photo of Bruce Schneier by Joe MacInnis.