Entries Tagged "surveillance"

Page 84 of 87

RFID and Privacy

Boston Globe editorial on RFID and privacy:

It’s one of the cutest of those cute IBM Corp. TV commercials, the ones that feature the ever-present help desk. This time, the desk appears smack in the middle of a highway, blocking the path of a big rig.

”Why are you blocking the road?” the driver asks. ”Because you’re going the wrong way,” replies the cheerful Help Desk lady. ”Your cargo told me so.” It seems the cartons inside the truck contained IBM technology that alerted the company when the driver made a wrong turn.

It’s clever, all right—and creepy. Because the technology needn’t be applied only to cases of beer. The trackers could be attached to every can of beer in the case, and allow marketers to track the boozing habits of the purchasers. Or if the cargo is clothing, those little trackers could have been stitched inside every last sweater. Then some high-tech busybody could keep those wearing them under surveillance.

If this sounds paranoid, take it up with IBM. The company filed a patent application in 2001 which contemplates using this wireless snooping technology to track people as they roam through ”shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, rest rooms, sports arenas, libraries, theaters, museums, etc.” An IBM spokeswoman insisted the company isn’t really prepared to go this far. Patent applications are routinely written to include every possible use of a technology, even some the company doesn’t intend to pursue. Still, it’s clear somebody at IBM has a pretty creepy imagination.

There’s a Slashdot thread on the topic.

Posted on October 14, 2005 at 7:11 AMView Comments

Domestic Spying in the U.S.

There are two bills in Congress that would grant the Pentagon greater rights to spy on Americans in the U.S.:

The Pentagon would be granted new powers to conduct undercover intelligence gathering inside the United States—and then withhold any information about it from the public—under a series of little noticed provisions now winding their way through Congress.

Citing in part the need for “greater latitude” in the war on terror, the Senate Intelligence Committee recently approved broad-ranging legislation that gives the Defense Department a long sought and potentially crucial waiver: it would permit its intelligence agents, such as those working for the Defense Intelligence Agency (DIA), to covertly approach and cultivate “U.S. persons” and even recruit them as informants—without disclosing they are doing so on behalf of the U.S. government.

[…]

At the same time, the Senate intelligence panel also included in the bill two other potentially controversial amendments—one that would allow the Pentagon and other U.S. intelligence agencies greater access to federal government databases on U.S. citizens, and another granting the DIA new exemptions from disclosing any “operational files” under the Freedom of Information Act (FOIA).

Posted on October 13, 2005 at 11:47 AMView Comments

Automatic License Plate Scanners

The Boston Transportation Department, among other duties, hands out parking tickets. If a car has too many unpaid parking tickets, the BTD will lock a Denver Boot to one of the wheels, making the car unmovable. Once the tickets are paid up, the BTD removes th boot.

The white SUV in this photo is owned by the Boston Transportation Department. Its job is to locate cars that need to be booted. The two video cameras on top of the vehicle are hooked up to a laptop computer running license plate scanning software. The vehicle drives around the city scanning plates and comparing them with the database of unpaid parking tickets. When a match is found, the BTD officers jump out and boot the offending car. You can sort of see the boot on the front right wheel of the car behind the SUV in the photo.

This is the kind of thing I call “wholesale surveillance,” and I’ve written about license plate scanners in that regard last year.

Technology is fundamentally changing the nature of surveillance. Years ago, surveillance meant trench-coated detectives following people down streets. It was laborious and expensive, and was only used when there was reasonable suspicion of a crime. Modern surveillance is the policeman with a license-plate scanner, or even a remote license-plate scanner mounted on a traffic light and a policeman sitting at a computer in the station. It’s the same, but it’s completely different. It’s wholesale surveillance.

And it disrupts the balance between the powers of the police and the rights of the people.

[…]

Like the license-plate scanners, the electronic footprints we leave everywhere can be automatically correlated with databases. The data can be stored forever, allowing police to conduct surveillance backwards in time.

The effects of wholesale surveillance on privacy and civil liberties is profound; but unfortunately, the debate often gets mischaracterized as a question about how much privacy we need to give up in order to be secure. This is wrong. It’s obvious that we are all safer when the police can use all techniques at their disposal. What we need are corresponding mechanisms to prevent abuse, and that don’t place an unreasonable burden on the innocent.

Throughout our nation’s history, we have maintained a balance between the necessary interests of police and the civil rights of the people. The license plate itself is such a balance. Imagine the debate from the early 1900s: The police proposed affixing a plaque to every car with the car owner’s name, so they could better track cars used in crimes. Civil libertarians objected because that would reduce the privacy of every car owner. So a compromise was reached: a random string of letter and numbers that the police could use to determine the car owner. By deliberately designing a more cumbersome system, the needs of law enforcement and the public’s right to privacy were balanced.

The search warrant process, as prescribed in the Fourth Amendment, is another balancing method. So is the minimization requirement for telephone eavesdropping: the police must stop listening to a phone line if the suspect under investigation is not talking.

For license-plate scanners, one obvious protection is to require the police to erase data collected on innocent car owners immediately, and not save it. The police have no legitimate need to collect data on everyone’s driving habits. Another is to allow car owners access to the information about them used in these automated searches, and to allow them to challenge inaccuracies.

The Boston Globe has written about this program.

Richard M. Smith, who took this photo, made a public request to the BTD last summer for the database of scanned license plate numbers that is being collected by this vehicle. The BTD told him at the time that the database is not a public record, because the database is owned by AutoVu, the Canadian company that makes the license plate scanner software used in the vehicle. This software is being “loaned” to the City of Boston as part of a “beta” test program.

Anyone doubt that AutoVu is going to sell this data to a company like ChoicePoint?

Posted on October 7, 2005 at 1:49 PMView Comments

NSA Watch

Three things.

U.S. Patent #6,947,978:

Method for geolocating logical network addresses

Abstract: Method for geolocating logical network addresses on electronically switched dynamic communications networks, such as the Internet, using the time latency of communications to and from the logical network address to determine its location. Minimum round-trip communications latency is measured between numerous stations on the network and known network addressed equipment to form a network latency topology map. Minimum round-trip communications latency is also measured between the stations and the logical network address to be geolocated. The resulting set of minimum round-trip communications latencies is then correlated with the network latency topology map to determine the location of the network address to be geolocated.

Fact Sheet NSA Suite B Cryptography“:

The entire suite of cryptographic algorithms is intended to protect both classified and unclassified national security systems and information. Because Suite B is a also subset of the cryptographic algorithms approved by the National Institute of Standards, Suite B is also suitable for use throughout government. NSA’s goal in presenting Suite B is to provide industry with a common set of cryptographic algorithms that they can use to create products that meet the needs of the widest range of US Government (USG) needs.

The Case for Elliptic Curve Cryptography“:

Elliptic Curve Cryptography provides greater security and more efficient performance than the first generation public key techniques (RSA and Diffie-Hellman) now in use. As vendors look to upgrade their systems they should seriously consider the elliptic curve alternative for the computational and bandwidth advantages they offer at comparable security.

Posted on September 30, 2005 at 7:31 AMView Comments

Surveillance Via Cell Phones

It captures criminals:

Today, even murderers carry cell phones.

They may have left no witnesses, fingerprints or DNA. But if a murderer makes calls on a cell phone around the time of the crime (and they often do), they leave behind a trail of records that show not only who they called and at what time, but where they were when the call was made.

The cell phone records, which document what tower a caller was nearest when he dialed, can put a suspect at the scene of the crime with as much accuracy as an eyewitness. In urban areas crowded with cell towers, the records can pinpoint someone’s location within a few blocks.

Should a suspect tell detectives he was in another part of town the night of the murder, records from cell phone towers can smash his alibi, giving detectives leverage in an interview.

I am fine with the police using this tool, as long as the warrant process is there to ensure that they don’t abuse the tool.

Posted on September 29, 2005 at 11:36 AMView Comments

Cameras Catch Dry Run of 7/7 London Terrorists

Score one for security cameras:

Newly released CCTV footage shows the 7 July London bombers staged a practice run nine days before the attack.

Detectives reconstructed the bombers’ movements after studying thousands of hours of film as part of the probe into the blasts which killed 52 people.

CCTV images show three of the bombers entering Luton station, before travelling to King’s Cross station where they are also pictured.

Officers are keen to find out if the men met anyone else on the day.

See also The New York Times.

Security cameras certainly aren’t useless. I just don’t think they’re worth it.

Posted on September 21, 2005 at 12:50 PMView Comments

Snooping on Text by Listening to the Keyboard

Fascinating research out of Berkeley. Ed Felten has a good summary:

Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.)

Read the rest.

The paper is on the Web. Here’s the abstract:

We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters. There is no need for a labeled training recording. Moreover the recognizer bootstrapped this way can even recognize random text such as passwords: In our experiments, 90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts. Our attack uses the statistical constraints of the underlying content, English language, to reconstruct text from sound recordings without any labeled training data. The attack uses a combination of standard machine learning and speech recognition techniques, including cepstrum features, Hidden Markov Models, linear classification, and feedback-based incremental learning.

Posted on September 13, 2005 at 8:13 AMView Comments

Cameras in the New York City Subways

New York City is spending $212 million on surveillance technology: 1,000 video cameras and 3,000 motion sensors for the city’s subways, bridges, and tunnels.

Why? Why, given that cameras didn’t stop the London train bombings? Why, when there is no evidence that cameras are effectice at reducing either terrorism and crime, and every reason to believe that they are ineffective?

One reason is that it’s the “movie plot threat” of the moment. (You can hear the echos of the movie plots when you read the various quotes in the news stories.) The terrorists bombed a subway in London, so we need to defend our subways. The other reason is that New York City officials are erring on the side of caution. If nothing happens, then it was only money. But if something does happen, they won’t keep their jobs unless they can show they did everything possible. And technological solutions just make everyone feel better.

If I had $212 million to spend to defend against terrorism in the U.S., I would not spend it on cameras in the New York City subways. If I had $212 million to defend New York City against terrorism, I would not spend it on cameras in the subways. This is nothing more than security theater against a movie plot threat.

On the plus side, the money will also go for a new radio communications system for subway police, and will enable cell phone service in underground stations, but not tunnels.

Posted on August 24, 2005 at 1:10 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.