surveillance Archives - Page 86 of 93

Entries Tagged "surveillance"

Page 86 of 93

More on Greek Wiretapping

Earlier this month I blogged about a wiretapping scandal in Greece.

Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister.

Details are sketchy, but it seems that a piece of malicious code was discovered by Ericsson technicians in Vodafone’s mobile phone software. The code tapped into the conference call system. It “conference called” phone calls to 14 prepaid mobile phones where the calls were recorded.

More details are emerging. It turns out that the “malicious code” was actually code designed into the system. It’s eavesdropping code put into the system for the police.

The attackers managed to bypass the authorization mechanisms of the eavesdropping system, and activate the “lawful interception” module in the mobile network. They then redirected about 100 numbers to 14 shadow numbers they controlled. (Here are translations of some of the press conferences with technical details. And here are details of the system used.)

There is an important security lesson here. I have long argued that when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes. That’s exactly what happened here.

UPDATED TO ADD (3/2): From a reader: “I have an update. There is some news from the ‘Hellenic Authority for the Information and Communication Security and Privacy’ with a few facts and I got a rumor that there is a root backdoor in the telnetd of Ericssons AXE backdoor. (No, I can’t confirm the rumor.)”

Posted on March 1, 2006 at 8:04 AM • View Comments

Face Recognition Comes to Bars

BioBouncer is a face recognition system intended for bars:

Its camera snaps customers entering clubs and bars, and facial recognition software compares them with stored images of previously identified troublemakers. The technology alerts club security to image matches, while innocent images are automatically flushed at the end of each night, Dussich said. Various clubs can share databases through a virtual private network, so belligerent drunks might find themselves unwelcome in all their neighborhood bars.

Anyone want to guess how long that “automatically flushed at the end of each night” will last? This data has enormous value. Insurance companies will want to know if someone was in a bar before a car accident. Employers will want to know if their employees were drinking before work—think airplane pilots. Private investigators will want to know who walked into a bar with whom. The police will want to know all sorts of things. Lots of people will want this data—and they’ll all be willing to pay for it.

And the data will be owned by the bars thatcollect it. They can choose to erase it, or they can choose to sell it to data aggregators like Acxiom.

It’s rarely the initial application that’s the problem. It’s the follow-on applications. It’s the function creep. Before you know it, everyone will know that they are identified the moment they walk into a commercial building. We will all lose privacy, and liberty, and freedom as a result.

Posted on February 28, 2006 at 3:47 PM • View Comments

Police Cameras in Your Home

This is so nutty that I wasn’t even going to blog it. But too many of you are e-mailing the article to me.

Houston’s police chief on Wednesday proposed placing surveillance cameras in apartment complexes, downtown streets, shopping malls and even private homes to fight crime during a shortage of police officers.

“I know a lot of people are concerned about Big Brother, but my response to that is, if you are not doing anything wrong, why should you worry about it?” Chief Harold Hurtt told reporters Wednesday at a regular briefing.

One of the problems we have in the privacy community is that we don’t have a crisp answer to that question. Any suggestions?

Posted on February 23, 2006 at 1:12 PM • View Comments

Gary Marx on Surveillance

Gary T. Marx is a sociology professor at MIT, and a frequent writer on privacy issues. I find him both clear and insightful, as well as interesting and entertaining.

This new paper is worth reading: “Soft Surveillance: The Growth of Mandatory Volunteerism in Collecting Personal Information—’Hey Buddy Can You Spare a DNA?’”

You can read a whole bunch of his other articles here.

Posted on February 15, 2006 at 12:21 PM • View Comments

WiFi Tracking

“…a few hundred meters away….”

Forget RFID. Well, don’t, but National Scientific Corporation has a prototype of a WiFi tagging system that, like RFID, lets you track things in real-time and space. The advantage that the WiFi Tracker system has over passive RFID tracking is that you can keep tabs on objects with WiFi Tracker tags (which can hold up to 256K of data) from as far as a few hundred meters away (the range of passive RFID taggers is just a few meters). While you can do something similar with active RFID tags, with WiFi Tracker companies can use their pre-existing WiFi network to track things rather than having to build a whole new RFID system.

In other news, Apple is adding WiFi to the iPod.

And, of course, you can be tracked from your cellphone:

But the FBI and the U.S. Department of Justice have seized on the ability to
locate a cellular customer and are using it to track Americans’ whereabouts
surreptitiously—even when there’s no evidence of wrongdoing.

A pair of court decisions in the last few weeks shows that judges are split
on whether this is legal. One federal magistrate judge in Wisconsin on Jan.
17 ruled it was unlawful, but another nine days later in Louisiana decided
that it was perfectly OK.

This is an unfortunate outcome, not least because it shows that some judges
are reluctant to hold federal agents and prosecutors to the letter of the
law.

It’s also unfortunate because it demonstrates that the FBI swore never to
use a 1994 surveillance law to track cellular phones—but then, secretly,
went ahead and did it, anyway.

Posted on February 14, 2006 at 1:29 PM • View Comments

Valentine's Day Security

Last Friday, the Wall Street Journal ran an article (unfortunately, the link is only for paid subscribers) about how Valentine’s Day is the day when cheating spouses are most likely to trip up:

Valentine’s Day is the biggest single 24-hour period for florists, a huge event for greeting-card companies and a boon for candy makers. But it’s also a major crisis day for anyone who is having an affair. After all, Valentine’s Day is the one holiday when everyone is expected to do something romantic for their spouse or lover—and if someone has both, it’s a serious problem.

So, of course, private detectives work overtime.

“If anything is going on, it will be happening on that day,” says Irene Smith, who says business at her Discreet Investigations detective agency in Golden, Colo., as much as doubles—to as many as 12 cases some years—on Valentine’s Day.

Private detectives are expensive—about $100 per hour, according to the article—and might not be worth it.

The article suggests some surveillance tools you can buy at home: a real-time GPS tracking system you can hide in your spouse’s car, a Home Evidence Collection Kit you can use to analyze stains on “clothing, car seats or elsewhere,” Internet spying software, a telephone recorder, and a really cool buttonhole camera.

But even that stuff may be overkill:

Ruth Houston, author of a book called Is He Cheating on You?—829 Telltale Signs, says she generally recommends against spending money on private detectives to catch cheaters because the indications are so easy to read. (Sign No. 3 under “Gifts”: He tries to convince you he bought expensive chocolates for himself.)

I hope I don’t need to remind you that cheaters should also be reading that book, familiarizing themselves with the 829 telltale signs they should avoid making.

The article has several interesting personal stories, and warns that “planning a ‘business trip’ that falls over Valentine’s Day is a typical mistake cheaters make.”

So now I’m wondering why the RSA Conference is being held over Valentine’s Day.

EDITED TO ADD (2/14): Today’s Washington Post has a similar story.

Posted on February 14, 2006 at 8:35 AM • View Comments

More on Kish's Classical Security Scheme

Here’s an interesting rebuttal of Laszlo Kish’s theoretically secure classical communications scheme.

EDITED TO ADD (2/18): Kish’s response.

Posted on February 7, 2006 at 4:18 PM • View Comments

Phone Tapping in Greece

Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister.

Details are sketchy, but it seems that a piece of malicious code was discovered by Ericsson technicians in Vodafone’s mobile phone software. The code tapped into the conference call system. It “conference called” phone calls to 14 prepaid mobile phones where the calls were recorded.

Some details are here. See also this news article, and—if you can read Greek—this one.

Posted on February 3, 2006 at 11:27 AM • View Comments

What Can the NSA Do?

Interesting white paper from the ACLU: “Eavesdropping 101: What Can The NSA Do?”

Big Brother Prison

This Dutch prison is the future of surveillance.

At a high-tech prison opening this week inmates wear electronic wristbands that track their every movement and guards monitor cells using emotion-recognition software.

Remember, new surveillance technologies are first used on populations with limited rights: inmates, children, the mentally ill, military personnel.

Posted on February 2, 2006 at 11:23 AM • View Comments