Sun4.jpg (8555 bytes)

NLPWESSEX, natural law publishing

nlpwessex.org

"I don't think in the last two or three hundred years we've faced such a concatenation
of  problems all at the same time.... If we are to solve the issues that are ahead of us,

we are going to need to think in completely different ways."

 Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 -2006

BBC Radio 4, 'Start The Week', 30 April 2007
SURVEILLANCE SOCIETY NEWS
www.nlpwessex.org/docs/surveillancesocietynews.htm

Resources

News - News - News
**
To Go Direct To Current Surveillance Society News Reports - Click Here **

Home

Surveillance Society News Reports

Current

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008 & Earlier

Introduction
'Surveillance & The Corrosion Of Democracy'

"Fears that the United States, Britain and other English-speaking countries are using a cold-war eavesdropping network to gain a commercial edge roused passions across Europe today, even after Washington and London roundly denied the notion. The subject kept the European Parliament in Brussels entranced for hours and drew banner headlines across the continent. One political cartoon showed Britain in bed with the United States, despite Britain's membership in the European Union. The hubbub grew from a report prepared for the European Parliament that found that communications intercepted by a network called Echelon twice helped American companies gain an advantage over Europeans. "
An Electronic Spy Scare Is Alarming Europe
New York Times, 24 February 2000

"Everywhere in the world, every day, people's phone calls, emails and faxes are monitored by Echelon, a secret government surveillance network. No, it's not fiction straight out of George Orwell's 1984. It's reality, says former spy Mike Frost in an interview broadcast on 60 Minutes on Sunday, Feb. 27. 'It's not the world of fiction. That's the way it works. I've been there,' Frost tells CBS News 60 Minutes Correspondent Steve Kroft. 'I was trained by you guys,' says the former Canadian intelligence agent, referring to the United States' National Security Agency.  The NSA runs Echelon with Canada, Britain, Australia and New Zealand as a series of listening posts around the world that eavesdrop on terrorists, drug lords and hostile foreign governments.  But to find out what the bad guys are up to, all electronic communications, including those of the good guys, must be captured and analyzed for key words by super computers. That is a fact that makes Frost uncomfortable, even though he believes the world needs intelligence gathering capabilities like Echelon. 'My concern is no accountability and nothing, no safety net in place for the innocent people who fall through the cracks,' he tells Kroft... Democracies usually have laws against spying on citizens. But Frost says Echelon members could ask another member to spy for them in an end run around those laws.  For example, Frost tells Kroft that his Canadian intelligence boss spied on British government officials for Prime Minister Margaret Thatcher. '(Thatcher) had two ministers that she said, quote, 'they weren't on side,' unquote...So my boss...went to McDonald House in London and did intercept traffic from these two ministers,' claims Frost.  'The British Parliament now have total deniability. They didn't do anything. We did it for them.'   America politicians may also have been eavesdropped on, says Margaret Newsham, a woman who worked at Menwith Hill in England, the NSA's largest spy station. She says she was shocked to hear the voice of U.S. Sen. Strom Thurmond (R.-S.C.) on a surveillance headset about 20 years ago. 'To my knowledge, all (the intercepted voices)...would be...Russian, Chinese... foreign,' she tells Kroft. The exposing of such possible abuses of Echelon will surely add to the growing firestorm in Europe over the system. On Feb. 23, the European Parliament issued a report accusing the U.S. of using Echelon for commercial spying on two separate occasions, to help American companies win lucrative contracts over European competitors. The U.S. State Department denies such spying took place and will not even acknowledge the existence of the top secret Echelon project. Rep. Porter Goss (R.-Fla), chairman of the House Intelligence Committee, which has oversight of the NSA, does acknowledge that the U.S. has the capability to pick up any phone call, and that even his own conversations could have been monitored."
Ex-Snoop Confirms Echelon Network
CBS News (60 Minutes), 24 February 2000

More About Echelon
  • Watch CBS documentary on Echelon.
  • The ACLU has an extensive site about Echelon. Click here for Echelonwatch.
  • The New York Times covered the hubbub at the European Parliament. Click here for the Feb. 24 2000 story.
  • The Bulletin of Atomic Scientists has more about Echelon. Click here to see its report.


"There is a huge difference between legal programs, legitimate spying, legitimate law enforcement - where individuals are targeted based on a reasonable, individualized suspicion - and these programs of dragnet mass surveillance that put entire populations under an all-seeing eye and save copies forever. These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power."
Snowden’s open letter to Brazil: Read the text
Washington Post, 17 December 2015

"The head of MI6 has said the information revolution represents both an "existential threat and a golden opportunity". In rare public comments Alex Younger, who took over as Chief of the Secret Intelligence Service in 2014, said it had fundamentally changed the operating environment for the intelligence community.... Intelligence officials also warned the "internet of things" would bring new threats. Chris Inglis, former deputy director of the US National Security Agency, said people should "just say no" to having household appliances hooked up to the internet."
MI6 chief says information revolution is 'existential threat and golden opportunity'
Telegraph, 20 September 2016

"The majority of the UK cabinet were never told the security services had been secretly harvesting data from the phone calls, texts and emails of a huge number of British citizens since 2005, Nick Clegg has disclosed. Clegg says he was informed of the practice by a senior Whitehall official soon after becoming David Cameron’s deputy in 2010, but that“only a tiny handful” of cabinet ministers were also told – likely to include the home secretary, the foreign secretary and chancellor. He said he was astonished to learn of the capability and asked for its necessity to be reviewed. The former deputy prime minister’s revelation in the Guardian again raises concerns about the extent to which the security services felt they were entitled to use broadly drawn legislative powers to carry out intrusive surveillance and keep this information from democratically elected politicians. The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act. It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament."
Only 'tiny handful' of ministers knew of mass surveillance, Clegg reveals
Guardian, 5 November 2015

"British spooks intercepted emails from US and UK media organisations and rated ‘investigative journalists’ alongside terrorists and hackers as potential security threats, secret documents reveal. Internal advice circulated by intelligence chiefs at the Government spy centre GCHQ claims ‘journalists and reporters representing all types of news media represent a potential threat to security’. Intelligence documents leaked by the fugitive US whistleblower Edward Snowden also show that British security officers scooped up 70,000 emails in just 10 minutes during one interception exercise in 2008. "
British spooks tapped emails from UK and US media
Mail, 19 January 2015

"Given that spies can routinely break through just about any security software, virtually all Internet users are at risk of a data attack.... Intelligence agencies have adopted 'plausible deniability' as their guiding principle for Internet operations. To ensure their ability to do so, they seek to make it impossible to trace the author of the attack. It's a stunning approach with which the digital spies deliberately undermine the very foundations of the rule of law around the globe. This approach threatens to transform the Internet into a lawless zone in which superpowers and their secret services operate according to their own whims with very few ways to hold them accountable for their actions."
The Digital Arms Race: NSA Preps America for Future Battle
Der Speigel, 17 January 2015

"Even if you power off your cell phone, the U.S. government can turn it back on. That's what ex-spy Edward Snowden revealed in last week's interview with NBC's Brian Williams. "
How the NSA can 'turn on' your phone remotely
CNN, 6 June 2014

"The head of the FBI says he understands why people worry about the scope of the government's powers, and in fact, he agrees with them. 'I believe people should be suspicious of government power. I am,' Director James Comey told the Senate Judiciary Committee on Wednesday morning. 'I think this country was founded by people who were worried about government power so they divided it among three branches,' he added. ...Comey assumed his top post shortly after the Snowden revelations came to light last summer. "
FBI chief: ‘Be suspicious’ of government power
The Hill, 21 May 2014

"When it comes to communication [former US President Jimmy] Carter is evidently a man of his generation, shunning electronic devices for snail mail. He told [satirist Stephen] Colbert that he had recently written a letter to Pope Francis.... and steers clear of e-mail for fear of being monitored by the National Security Agency. The suggestion caused something of a stir in America and prompted a swift denial from the intelligence agency's director. Carter is yet to be convinced, noting that regulations controlling the Government's scope to spy on private communications had been significantly relaxed since he passed them. 'They are not monitoring me now but they record every message that you transmit in America - and probably in Great Britain as well - and later if they want to monitor that message they can do so,' he says."
Did the other presidents call?
London Times, Times2 Section, 9 April 2014, Print Edition, P6

".... in reality NSA has been collecting word for word 'content' of the American citizens. So that is something the NSA is lying about. And they've lied about the abuses in the past. NSA has targeted congress, they've targeted the Supreme Court. They've targeted top level generals and admirals. They've targeted the press and the media. And a whole bunch of other folks: lawyers and law firms. This was between 2002 and 2005 which I was witness to when I held that sort of information in my hand. NSA is not talking about that either.... The meat of the issue is the network to do this is still intact. So the capability exists. Even if you believe this President is the most benevolent in the world, what about the next President, and the one after that and the one after that, and the potential for abuse with future Presidents? When this system, this monster that we've set up, still exists, anyone down the line can use that monster to basically turn our country into a totalitarian police state. I mean 'all the way' police state. So in my opinion we have to kill this baby in the cradle right now. That means unplug all these nodes around the country and say we will not go after domestic communications, except when we have a warrant ... [against an] individual because we have 'probable cause' they've committed a crime.... Like Ben Franklin [one of the 'founding fathers' of the United States] said, if you're going to give up your freedom and liberty for security you deserve neither .... When I made my oath [of office] it was to make sure I protected the constitution of the United States 'against enemies both foreign and domestic'.... The agency I worked for [the NSA] is now an domestic enemy of our constitution. And it's just a horrific thing that's happened. It has to stop."
Russ Tice, former NSA official and whistleblower
(Interview following speech by President Barack Obama's on NSA 'reform')
NSA whistleblower: Obama reforms won't cage 'this monster'
Reuters, 17 January 2014

"A US official has acknowledged that the NSA likely scoops up data on congressional telephone communications but stopped short of saying whether such action extended to calls made by President Barack Obama. The tense exchange occurred on Tuesday during a hearing on the status of the administration's reforms of the bulk data collection programme exposed last year by former National Security Agency contractor Edward Snowden. "
NSA 'probably' collects US Congress telephone call data, official admits
Agence France Presse, 6 February 2014

"MacAskill asked Snowden, almost as an afterthought, whether there was a UK role in this mass data collection. It didn't seem likely to him. MacAskill knew that GCHQ had a longstanding intelligence-sharing relationship with the US, but he was taken aback by Snowden's vehement response. 'GCHQ is worse than the NSA,' Snowden said. 'It's even more intrusive.'.'"
How Edward Snowden went from loyal NSA contractor to whistleblower
Guardian, 1 February 2014

"The power to secretly create government propaganda is among the many hacking tools revealed in the latest batch of Edward Snowden documents. British spies can manipulate online polls -- or trick the world into thinking a video or web page is going viral.  A collection of hacking tools -- some of which are specifically suited to spreading disinformation -- were exposed in a leaked 2012 document provided by Snowden to The Intercept. "
Secret propaganda: British spies can manipulate polls
CNN, 15 July 2014

"GCHQ, Britain’s electronic spying agency, intercepted and stored images of 1.8m Yahoo users taken from their personal webcams even though most of them were not suspected of wrongdoing, documents leaked by the whistleblower Edward Snowden show. A secret programme called 'Optic Nerve', run in conjunction with the US National Security Agency, recorded millions of webcam images from ordinary internet users as many as one in 10 of them sexually explicit 'in bulk', the UK’s Guardian newspaper reported on Thursday. 'Optic Nerve' tapped into Yahoo users’ accounts and took still images from their computer webcams every five minutes. Yahoo reacted angrily to the revelations, denying all knowledge. A spokesperson for the company said the covert surveillance programme represented 'a whole new level of violation of our users’ privacy'. "
Leaks show GCHQ captured ordinary internet users’ webcam images
Financial Times, 27 February 2014

'The Death Pangs Of Democracy'

"Former U.S. president Jimmy Carter is so concerned about the NSA spying scandal that he thinks it has essentially resulted in a suspension of American democracy. 'America does not at the moment have a functioning democracy,' he said at an event in Atlanta on Tuesday sponsored by the Atlantik Bruecke, a private nonprofit association working to further the German-U.S. relationship. The association's name is German for 'Atlantic bridge.' Carter’s remarks didn't appear in the American mainstream press but were reported from Atlanta by the German newsmagazine Der Spiegel, whose Washington correspondent Gregor Peter Schmitz said on Twitter he was present at the event. The story doesn't appear in the English-language section of the Spiegel website and is only available in German."
NSA Controversy: Jimmy Carter Says U.S. 'Has No Functioning Democracy'
International Business Times, 18 July 2013

"Brazil's president, Dilma Rousseff, has launched a blistering attack on US espionage at the UN general assembly.....She was imprisoned and tortured for her role in a guerilla movement opposed to Brazil's military dictatorship in the 1970s. 'In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy. In the absence of the respect for sovereignty, there is no basis for the relationship among nations.'"
Brazilian president: US surveillance a 'breach of international law'
Guardian, 24 September 2013

In The Pre-Digital Age

"MI5 used hidden electronic surveillance equipment to secretly monitor 10 Downing Street, the Cabinet and at least five Prime Ministers... The extraordinary disclosure comes despite a succession of parliamentary statements that no such bugging ever took place. And it follows a behind-the-scenes row in which senior Whitehall civil servants – backed by Prime Minister Gordon Brown – attempted to suppress the revelation..... top-secret files held by the Security Service show it installed electronic listening devices in three highly sensitive areas of No10 – the Cabinet Room, the Waiting Room and the Prime Minister’s study. It means that for nearly 15 years, all Cabinet meetings, the offices of senior officials and all visitors to the Prime Minister – including foreign leaders – were being bugged. The disclosure is highly shocking in its own right but it will also bring genuine concerns as to why the Cabinet Office still wants to suppress it. Comments from MI5 chief Jonathan Evans suggest that the attempted block was not done on grounds of national security but for wider public interest reasons.This must raise the possibility that the bugging was carried out for political purposes and officials do not want to admit it went on in the past because similar operations are continuing today.... the eavesdropping devices that were first installed in Downing Street in July 1963 at the request of the then Prime Minister, Harold Macmillan. It is unclear why Macmillan made the extraordinary request...  In all, the equipment monitored the most sensitive areas of Downing Street for around 15 years. It was finally removed on the orders of James Callaghan in about 1977, the year after he took office. The files do not make it clear whether Prime Ministers Heath and Wilson knew there were surveillance devices in No10.... After Wilson stepped down, he co-operated with a book suggesting there had been a plot by Right-wing intelligence officers to undermine him. The claim was later supported by former senior MI5 officer Peter Wright in his banned Spycatcher memoir. It also prompted Callaghan, Wilson’s successor, to launch an investigation into the allegations. The MI5 files indicate that it was Callaghan who finally ordered the surveillance devices to be removed from Downing Street. Despite this, Callaghan made a statement to the House of Commons denying that No10 had ever been bugged."
How MI5 bugged 10 Downing Street, the Cabinet and at least five Prime Ministers for 15 YEARS
Mail On Sunday, 18 April 2010

"When Harold Macmillan called in MI5 in 1963 and asked it to bug his office, he thought the whole world was coming apart.... Macmillan felt he could not trust anybody – but turned for counsel to Dick White, director-general of foreign intelligence service MI6. It is possible that White suggested installing the listening devices in No10 as some kind of insurance policy..... The level of official paranoia at the time cannot be underestimated. But it is the revelation that the bugs were still in place in Downing Street during Harold Wilson’s two administrations, between 1964 and 1970 and 1974 to 1976, which is the most startling. Wilson believed that elements of the Establishment and members of MI5 and MI6 were plotting against him.... Now, despite countless official denials, it appears that Wilson – whose claims that he was under surveillance are often dismissed as the ramblings of an ill and paranoid man – was right."
Stephen Dorril, author of 'MI6 – Fifty Years of Special Operations'
So was Wilson right to be ‘paranoid’ about being spied on?
Mail On Sunday, 18 April 2010

"Paul Scott, the late syndicated columnist, was so paranoid about the CIA wiretapping his Prince George’s County home in the 1960s that he’d make important calls from his neighbor’s house. His teenage son Jim Scott figured his dad was either a shrewd reporter or totally nuts. Not until nearly 45 years later did the son learn that his father’s worries were justified. The insight came in 2007 when the CIA declassified a trove of documents popularly called 'the family jewels.' The papers detailed the agency’s unlawful activities from long ago, including wiretapping the Scott home in District Heights. The operation even had a code name: 'Project Mockingbird.' Jim was floored: The CIA really did eavesdrop on Dad. Now Jim, 64, a retired Navy public relations officer who lives in Anne Arundel County, is waging an operation of his own against the agency. For the past five years, he has sought to declassify and make public any documents Langley might still have on his father and why he was wiretapped..... Between March 12, 1963, and June 15, 1963, phone bugs were installed at the Allen and Scott homes and their Capitol Hill office. But this was no rogue operation: CIA Director John McCone approved the operation 'under pressure,' the documents said, from Attorney General Robert F. Kennedy. And Kennedy planned it with Robert McNamara, the defense secretary and Vietnam War architect. The wiretap identified many of the reporting team’s sources: a dozen senators; six congressmen; 11 congressional staffers; 16 'government employees,' including a staff member at the White House and some at the vice president’s office; and 'other well-placed individuals,' the documents said. "
Long-ago wiretap inspires a battle with the CIA for more information
Washington Post, 3 March 2013

So What's It Like Now?

"The House of Commons office of Damian Green, the Tories' immigration spokesman, is routinely swept for electronic bugging devices, along with other offices belonging to senior Conservatives, amid fears of covert monitoring, The Independent on Sunday has discovered. Anger surrounding the shadow immigration minister's arrest last week escalated dramatically last night over suspicions of a major bugging scandal inside the Palace of Westminster. The IoS understands that even before his surprise arrest on Thursday Mr Green was aware that his Commons office, phone calls and emails could be under surveillance because of the sensitive nature of his job. The fresh revelations rocked the Commons just days before the high point of the parliamentary calendar, the Queen's Speech, which takes place on Wednesday. Tory leader David Cameron last night said the Prime Minister must denounce the arrest of Mr Green or risk charges of hypocrisy because he 'made his career' from Whitehall leaks. Writing in the News of the World, Mr Cameron added: 'If this approach had been in place in the 1990s, then Gordon Brown would have spent most of his time under arrest.' Several offices within the Commons and Portcullis House belonging to senior Tory MPs and officials are checked regularly by security experts for listening devices and other surveillance equipment. The IoS has learnt that there are 'major concerns' at the highest levels of the Tory party over suspected monitoring by the authorities. Any such monitoring may not be illegal but would be hugely controversial. Last night, a Conservative MP wrote to Gordon Brown demanding an urgent review of the Wilson doctrine, the convention that protects MPs from phonetapping but does not cover other surveillance techniques. It is not known whether a covert device has ever been found during searches. But if the suspicions are proved right, it would have major implications for the protection of parliamentary privilege. Ben Wallace, the Conservative MP for Lancaster & Wyre, said the Wilson doctrine, which dates back to 1966, needed to be changed to cover all forms of surveillance, not just intercepting of calls. He said: 'It is disturbing that the authorities may have exploited the difference between surveillance and intercept in order to pursue Members of Parliament over the past 10 years.'"
Bugging scandal inside the Commons
Independent On Sunday, 30 November 2008

The Arrival Of 'Turnkey Totalitarianism'

"People think, well, yeah, I use Facebook, and maybe the FBI if they made a request, could come and get it, and everyone is much more aware of that because of [former CIA Director] Petraeus. But that’s not the problem. The problem is that all the time nearly everything people do on the internet is permanently recorded, every web search. Do you know what you were thinking one year, two days, three months ago? No, you don’t know, but Google knows, it remembers.... You know, the Stasi had a 10 per cent penetration of East German society, with up to 1 in 10 people being informants at some time in their life. Now in countries that have the highest internet penetration, like Iceland, more than 80 per cent of people are on Facebook, informing about their friends. That information doesn’t [simply] go nowhere. It’s not kept in Iceland, it’s sent back into the US where it IS accessed by US intelligence and where it is given out to any friends or cronies of US intelligence – hundreds of national security letters every day publicly declared and being issued by the US government.... We have this position where as we know knowledge is power, and there’s a mass transfer as a result of literally billions of interceptions per day going from everyone, the average person, into the data vaults of state spying agencies for the big countries, and their cronies – the corporations that help build them that infrastructure. Those groups are already powerful, that’s why they are able to build this infrastructure to intercept on everyone. So they are growing more powerful, concentrating the power in the hands of smaller and smaller groups of people at once, which isn’t necessarily bad, but it’s extremely dangerous once there is any sort of corruption occurring in the power. Because absolute power corrupts, and when it becomes corrupt, it can affect a lot of people very quickly. Bill Binney, National Security Agency whistleblower, who was the research head of the National Security Agency’s Signals Intelligence Division, describes this as a ‘turnkey totalitarianism’, that all the infrastructure has been built for absolute totalitarianism. It’s just the matter of turning the key..... in general I think the prognosis is very grim. .... What's necessary is that the critical accountability components of society that stop it from going down the tubes entirely, that those people are protected. Those include corruption investigators, journalists, activists, and political parties. These have got to be protected. If they are not protected, then it's all lost.... if we are not able to protect a significant number of people from mass state spying, then the basic democratic and civilian institutions that we are used to – not in the West, I am no glorifier of the West, but in all societies – are going to crumble away. They will crumble away, and they will do so all at once. And that's an extremely dangerous phenomenon. "
Julian Assange
Assange to RT: Entire nations intercepted online, key turned to totalitarian rule
RT, 30 November 2012

"James Bamford has a way of digging up the facts that lend credence to America’s worst privacy fears about its own government. Now the author and investigative reporter who wrote the definitive portraits of the National Security Agency in his books The Puzzle Palace, Body of Secrets and The Shadow Factory has drawn a picture of ubiquitous surveillance that seems mind-boggling even by NSA standards. In his just-published cover story for Wired, Bamford lays out the NSA’s plans for a vast new facility in Bluffdale, Utah that aims to become a storage and analysis hub for the record-breakingly massive collections of Internet traffic data that the NSA hopes to gather in coming years not from just foreign networks, but domestic ones as well. The story adds confirmation to what the New York Times revealed in 2005: that the NSA has engaged in widespread wiretapping of Americans with the consent of firms like AT&T and Verizon. But more interestingly–and more troubling in the eyes of many who value their privacy–it details the Agency’s plans to crack AES encryption, the cryptographic standard certified by the NSA itself in 2009 for military and government use and until now considered uncrackable in any amount of time relevant to mortals. ..... The NSA project now aims to break the 'exaflop barrier' by building a supercomputer a hundred times faster than the fastest existing today, the Japanese 'K Computer.' That code-breaking system is projected to use 200 megawatts of power, about as much as would power 200,000 homes."
NSA's New Data Center And Supercomputer Aim To Crack World's Strongest Encryption
Forbes, 16 March 2012


Each Year It Gets Worse


2018

"Microsoft's president Brad Smith said facial recognition technology needs to be regulated so the world doesn't turn into a Nineteen Eighty-Four scenario with everyone's actions tracked and scrutinised. He told attendees at WebSummit in Lisbon, Portugal that the way in which facial recognition technology is developing and being used by more businesses could be detrimental to the average person's privacy.. "For the first time, the world is on the threshold of technology that would give a government the ability to follow anyone anywhere, and everyone everywhere. It could know exactly where you are going, where you have been and where you were yesterday as well," Smith said. "And this has profound potential ramifications for even just the fundamental civil liberties on which democratic societies rely. Before we wake up and find that the year 2024 looks like the book '1984', let’s figure out what kind of world we want to create, and what are the safeguards and what are the limitations of both companies and governments for the use of this technology."
Microsoft's president says we need to regulate facial recognition to avoid a 'Nineteen Eighty-Four' scenario
IT Pro, 9 November 2018

2017

"Mobile phone data could be used in place of census questions in the future, a report from the Office for National Statistics (ONS) suggests. The information would allow the ONS to track where people live and work. The ONS tested the idea as part of a government-backed project looking at other data sources for the census. The report said it used commuter flow data from Vodafone users, collected over four weeks in March and April 2016, in three London boroughs.... Commuter flows starting or ending in the south London boroughs of Southwark, Croydon and Lambeth were analysed and compared to data from the last census in 2011. An individual's home location was based on where the phone was located during the night or when switched on in the morning, while a work location was set to where a phone was found between standard working hours, Monday to Friday."
Census 'could use mobile phone data instead of questions'
BBC, 7 November 2017

2016

"Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air. According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.... As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data. It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time. To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”... roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ....  a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.... Fabian Hamilton, a member of Parliament based in the nearby city of Leeds.......told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”"
Inside Menwith Hill
The Intercept, 6 September 2016

"A secretive police unit tasked with spying on alleged extremists intent on committing serious crimes has been monitoring leading members of the Green party, the Guardian has learned. Newly released documents show that the intelligence unit has been tracking the political activities of the MP Caroline Lucas and Sian Berry, the party’s candidate for London mayor. Some of the monitoring took place as recently as last year and seemed to contradict a pledge from Sir Bernard Hogan-Howe, the Metropolitan police commissioner, that the unit would only target serious criminals rather than peaceful protesters. Extracts from the files show that the police have chronicled how the Green politicians had been speaking out about issues such as government cuts, the far right, police violence, and the visit of the pope. The police’s actions have been described as “chilling” and come weeks after it was accused of abusing its powers by pursuing prominent people over sex abuse claims. The disclosures bring to four the number of elected Green party politicians whose political movements are known to have been recorded in the files of the unit. The files give no indication that they were involved in serious criminal activity. The file on Lucas, which stretches over eight years, records how she gave a speech at an anti-austerity demonstration last June in London. Lucas accused the government of conducting an “ideological war on welfare” at the rally, attended by thousands. Another entry records how she attended a demonstration in February 2014 against disability cuts in Brighton where she has been an MP since 2010. Police noted she “spoke with some of the assembled” journalists. ..... Peter Francis, a whistleblower who worked undercover for the Met, has alleged that the police kept secret files in the 1990s on 10 Labour MPs, including the Labour leader, Jeremy Corbyn, after they had been elected to parliament."
Police anti-extremism unit monitoring senior Green party figures
Guardian, 28 April 2016

"The UK's security services, including GCHQ, MI5 and MI6, have been unlawfully collecting and using mass datasets of personal information for more than 10 years. The Investigatory Powers Tribunal has ruled in a judgement published online that the bodies had been collecting data without safeguards or supervision. The setups of 'Bulk Communications Data' (BCD) and 'Bulk Personal Datasets' by the agencies did not comply with the right to privacy (Article 8) in the European Convention on Human Rights..... Both types of datasets have been used as part of criminal investigations, but have been criticised by privacy advocates for being overly intrusive.  The tribunal added that the massive datasets (BPD) "include considerable volumes of data about biographical details, commercial and financial activities, communications and travel"........ The court's ruling comes as the government's Investigatory Powers Bill (IP Bill) is in the final stages of becoming law – it is currently passed through the House of Commons and is being debated by the House of Lords. The Bill has been heavily criticised by numerous committees and officials. Powers included in the IP Bill include bulk collection of data, the ability to remotely hack mobile phones and computers, and the storing of website history. The law is the first time these powers have been specifically written into law."
MI6, MI5 and GCHQ 'unlawfully collected private data for 10 years'
Wired, 17 October 2016

2015

"The British government quietly changed anti-hacking laws to exempt GCHQ and other law enforcement agencies from criminal prosecution, it has been claimed. Details of the change were revealed at the Investigatory Powers Tribunal which is hearing a challenge to the legality of computer hacking by UK law enforcement and intelligence agencies. The Government amended the Computer Misuse Act (CMA) two months ago."
UK government rewrites surveillance law to get away with hacking and allow cyber attacks, campaigners claim
Independent, 15 May 2015

2014

"Britain's signals intelligence division is stealing screenshots from hundreds of thousands of innocent Yahoo users' webcam videos, according to the Guardian newspaper, which also reported that the years-long operation has swept up a huge haul of intimate photographs. The newspaper said GCHQ has been scooping up the sensitive images by intercepting video chats such as the kind offered by Yahoo Messenger, an effort codenamed OPTIC NERVE. ........The Guardian said that OPTIC NERVE was intended at least in part to identify targets using automatic facial recognition software as they stared into their computer's webcams. But the stockpiling of sexually explicit images of ordinary people had uncomfortable echoes of George Orwell's 'Nineteen Eighty-Four,' where the authorities — operating under the aegis of 'Big Brother' — fit homes with cameras to monitor the intimate details of people's personal lives. 'At least Big Brother had the decency to install his own cameras,' British media lawyer David Banksy said in a message posted to Twitter after the revelations broke. 'We've had to buy them ourselves.' The collection of nude photographs also raises questions about potential for blackmail. America's National Security Agency has already acknowledged that some analysts have been caught trawling databases for inappropriate material on partners or love interests. Other leaked documents have revealed how U.S. and British intelligence discussed leaking embarrassing material online to blacken the reputations of their targets. GCHQ refused to answer a series of questions about OTPIC NERVE, instead returning the same boilerplate answer it has given to reporters for months."
Report: UK spies collect massive store of nude photos after intercepting Yahoo webcam service
Associated Press, 27 February 2014

2013

“There are a lot more stories to come, a lot more documents that will be covered. It’s important that we understand what it is we’re publishing, so what we say about them is accurate.... It is literally true, without hyperbole, that the goal of the NSA and its partners in the English-speaking world is to eliminate privacy globally. They want to make sure there is no communication that evades their net.”
Glen Grenwald, the journalist who broke the Snowden NSA revelations
‘A Lot’ More NSA Documents to Come
Wired, 27 December 2013

"Edward Snowden is to deliver this year’s Channel 4 Alternative Christmas Message, the broadcaster has confirmed. The whistleblower, who revealed the mass surveillance programmes organised by the US and other governments, will broadcast his message at 4.15pm on Christmas Day. In his first TV interview since [fleeing] to Russia in May, Snowden lays out his vision for why privacy matters and why he believes mass indiscriminate surveillance by governments of their people is wrong....  During his address, Snowden says: 'Great Britain’s George Orwell warned us of the danger of this kind of information. The types of collection in the book – microphones and video cameras, TVs that watch us are nothing compared to what we have available today. We have sensors in our pockets that track us everywhere we go. Think about what this means for the privacy of the average person. A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment to themselves an unrecorded, unanalysed thought. And that’s a problem because privacy matters, privacy is what allows us to determine who we are and who we want to be.'...The Alternative Christmas Message will broadcast on Channel 4 at 4.15pm on Christmas Day. It will be available to view on 4oD later today."
Edward Snowden will deliver Channel 4’s Alternative Christmas Message
Independent, 24 December 2013

"James Goodale has a message for journalists: Wake up. In his new book, Fighting for the Press (CUNY Journalism Press, 2013), Goodale, chief counsel to The New York Times when its editors published the Pentagon Papers in 1971, argues that President Obama is worse for press freedom than former President Richard Nixon was. The Obama administration has prosecuted more alleged leakers of national security information under the 1917 Espionage Act than all previous administrations combined, a course critics say is overly aggressive. Former New York Times executive editor Bill Keller wrote in a March op-ed that the administration 'has a particular, chilling intolerance' for those who leak. If the Obama administration indicts WikiLeaks founder Julian Assange for conspiracy to violate the Espionage Act, Goodale argues, the president will have succeeded where Nixon failed by using the act to 'end-run' the First Amendment.'"
James Goodale: It’s a bad time for press freedoms
Columbia Journalism Review, 19 March 2013

"Europeans, take note: The U.S. government has granted itself authority to secretly snoop on you. That’s according to a new report produced for the European Parliament, which has warned that a U.S. spy law renewed late last year authorizes 'purely political surveillance on foreigners' data' if it is stored using U.S. cloud services like those provided by Google, Microsoft and Facebook.... According to [Caspar] Bowden, the 2008 FISA amendment created a power of 'mass surveillance' specifically targeted at the data of non-U.S. persons located outside America, which applies to cloud computing. This means that U.S. companies with a presence in the EU can be compelled under a secret surveillance order, issued by a secret court, to hand over data on Europeans. Because non-American citizens outside the United States have been deemed by the court not to fall under the search and seizure protections of the Fourth Amendment, it opens the door to an unprecedented kind of snooping. 'It's like putting a mind control drug in the water supply, which only affects non-Americans,' says Bowden... Most countries’ spy agencies routinely monitor real-time communications like emails and phone calls of groups under suspicion on national security grounds. However, what makes FISA different is that it explicitly authorizes the targeting of real-time communications and dormant cloud data linked to 'foreign-based political organizations'—not just suspected terrorists or foreign government agents. Bowden says FISA is effectively 'a carte blanche for anything that furthers U.S. foreign policy interests' and legalizes the monitoring of European journalists, activists, and politicians who are engaged in any issue in which the United States has a stake. FISA, according to Bowden, expressly makes it lawful for the United States to do 'continuous mass-surveillance of ordinary lawful democratic political activities,' and could even go as far as to force U.S. cloud providers like Google to provide a live 'wiretap' of European users’ data."
FISA renewal: Report suggests spy law allows mass surveillance of European citizens
Slate (Blog), 8 January 2013

2012

"[British] Home Secretary Theresa May said the proposed surveillance law would 'save lives' .... But the committee's MPs and peers are likely to encourage the police and law enforcement agencies to work out a much simpler scheme that the public can trust. The message is likely to be 'go back to the drawing board and come and talk to us when you have something fresh'. As regular Register readers will know, the surveillance plans now being re-examined have been touted to successive governments by the intelligence services for years with little change to any details other than the name. The MPs are likely to offer fierce opposition to the proposals, which would allow the Home Office to wire network traffic probes into the public internet anywhere it chose, for this or any successor government to use for any purpose it chose....The report will be another setback for the Home Secretary: in 2010 the former Director of Public Prosecutions Lord Macdonald was asked to review her plan to monitor citizens online. He previously called the project to mine the UK internet: A paranoid fantasy which would destroy everything that makes living worthwhile. This database would be an unimaginable hellhouse of personal private information. It would be a complete readout of every citizen's life in the most intimate and demeaning detail.... The two panels' highly critical reports will be an expected disappointment for the Home Office. They are the latest in a series of spectacular disasters for career spy Charles Farr, who three years ago had hoped to land the top job at the Secret Intelligence Service (MI6) and become 'C'."
Parliament to unleash barrage of criticism on Snoopers' Charter
The Register, 10 December 2012

"The cable boxes of the future could be able to detect when viewers are cuddling on the sofa and automatically serve adverts for contraceptives. U.S. cable provider Verizon has applied to patent a set-top box technology that can observe what's going on in the room and show viewers adverts based on what it detects. In U.S. Patent Application 20120304206 the company suggests it could detect when people are 'cuddling' then show 'a commercial for a romantic getaway vacation, a commercial for a contraceptive, a commercial for flowers [...] etc.'. The technology would integrate a range of sensors into their products, including thermal imaging cameras, microphones and motion sensors, to detect the mood their audience and tailor media content to suit. Privacy campaigners called the new technology a 'privacy nightmare waiting around the corner' and called for it to be reined in 'before consumers lose control for good'. It has disturbing echoes of George Orwell's dystopia 1984, where the population were constantly watched by authorities through cameras integrated in their television screens....  This needs to be reined in before consumers lose control for good.'"
The TV box that can detect when you're cuddling on the sofa and show you an advert for condoms
Mail, 6 December 2012

"Everything we do on the Internet leaves a trail back to us. Search engine entries, shopping lists, e-mail addresses and so much more which is ripe for the taking. Now governments and their intelligence agencies want a piece of that action and they have new tools to ascertain our intentions and possible future actions.... There have been a series of related and interesting developments in the field of global intelligence gathering. The NSA is building a brand new data center in Utah in order to connect with some new intelligence sharing systems such as the Defense Intelligence Enterprise and the Global Information Grid.... most people would not appreciate their private conversations end up on foreign military or intelligence networks.... It goes on all the time, you could look at Project Echelon, Project Groundbreaker, Project Trailblazer and many others. Why do you think that the head of the CIA is gloating about being about to glean intelligence through your devices and net-centric applications. It is a gold mine for them and they have reaped a bonanza from it. CIA director David Petraeus put his cards on the table because he hinted about the next target, it will be all of data from the smart meters that have been put in place in the past few years. It wouldn’t be hard to tell how many people are living in a certain home from electricity records or which appliances are used the most. Will we be deemed terrorists from some poorly programmed profiling software based on our paper and data trail? Mistakes happen all the time, from faulty no-fly lists to swat team wrong door raids."
Trapped In The Grid: How Net-Centric Devices And Appliances Provide Voluminous Information To Intelligence Agencies And Their Business Partners
StratRisks, 22 March 2012

"When people download a film from Netflix to a flatscreen, or turn on web radio, they could be alerting unwanted watchers to exactly what they are doing and where they are. Spies will no longer have to plant bugs in your home - the rise of 'connected' gadgets controlled by apps will mean that people 'bug' their own homes, says CIA director David Petraeus. The CIA claims it will be able to 'read' these devices via the internet - and perhaps even via radio waves from outside the home. Everything from remote controls to clock radios can now be controlled via apps - and chip company ARM recently unveiled low-powered, cheaper chips which will be used in everything from fridges and ovens to doorbells. The resultant chorus of 'connected' gadgets will be able to be read like a book - and even remote-controlled, according to CIA Director David Petraeus, according to a recent report by Wired's 'Danger Room' blog. Petraeus says that web-connected gadgets will 'transform' the art of spying - allowing spies to monitor people automatically without planting bugs, breaking and entering or even donning a tuxedo to infiltrate a dinner party.  ' 'Transformational’ is an overused word, but I do believe it properly applies to these technologies,' said Petraeus. 'Particularly to their effect on clandestine tradecraft. Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters - all connected to the next-generation internet using abundant, low-cost, and high-power computing.' Petraeus was speaking to a venture capital firm about new technologies which aim to add processors and web connections to previously 'dumb' home appliances such as fridges, ovens and lighting systems. This week, one of the world's biggest chip companies, ARM, has unveiled a new processor built to work inside 'connected' white goods."
The CIA wants to spy on you through your TV
Mail, 16 March 2012

2011

"Sir Richard Dearlove, Britain’s former chief spymaster has said the country should start spying on its Eurozone neighbours to protect the economy as the common currency is wracked by national defaults. Sir Richard Dearlove, who served as head of MI6 until 2004, said that Britain must not be 'squeamish' about using the intelligence services to defend its economic interests. The former C said central banks like the Bank of England maintained extensive networks of contacts to secure information on future developments. But specialist intelligence agencies should also undertake the task of financial security. 'I am addressing the future of the euro and how defaults affect us economically,' he told the Global Strategy Forum. 'Efficient central bankers should be able to handle themselves but I am indicating they could and might need help from time to time on the currency issue.' Sir Richard added that 2008 financial crisis had changed his views on the role of intelligence agencies in protecting the economy. Britain needed to be 'forewarned and forearmed’ in anticipation of a future crisis. He said: 'I don’t think we should be squeamish about using all means to protect ourselves financially.'.... As one of the highest regarded global spy agencies, the Secret Intelligence Service, or MI6, has deep ties with its intelligence counterparts across Europe. Sir Richard acknowledged that MI6 was a leader in efforts to integrate Europe’s intelligence agencies. By ordering the foreign intelligence agency to actively spy on its partners, the government would risk a backlash from the country’s closest neighbours and allies. Countries vulnerable to quitting the euro would be sure to view the move as an act of selfishness at a time of national weakness.... Sir Richard noted that the Bank of England had effectively intelligence capabilities – though it did not classify these activities as spying. As such MI6 would play a subordinate role to the Bank. Sir Richard was appointed head of MI6 in 1999 and was head of the organisation during the September 11 attacks on the US by al Qaeda. When he retired in 2004, the final year of his career had been overshadowed by controversy over the dossier used by the government to accuse Iraq of pursuing a secret Weapons of Mass Destruction programme.'
Britain should start spying on Eurozone neighbours, former MI6 chief says
Telegraph, 5 July 2011

2010

"The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.... In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings - about 17 million square feet of space."
A hidden world, growing beyond control
Washington Post, 19 July 2010

"Fraudulent bankers are more of a danger to society than terrorists and the failure to reassure people that their money is safe is an 'absolute failure of public policy', a former Director of Public Prosecutions says today. Writing in The Times, Sir Ken Macdonald says that the systems for regulating markets and for prosecuting market crime have completely broken down...In his article, Sir Ken lambasts the 'liberty-sapping addictions' of the Home Office and the 'paranoiac paraphernalia of national databases and ID cards'. He also attacks the rush to 'bring in lots of terror law, the tougher the better'. Rather than ensuring that people's money and financial security 'will not be stolen from them', legislators wanted 'criminal justice to be an auction of fake toughness', he says. Sir Ken has previously criticised government plans to extend the time that terrorism suspects could be held without charge beyond 28 days; and, recently, plans for increased surveillance and data retention."
Sir Ken Macdonald rounds on Britain's banking robbers
London Times, 23 February 2009

2009

"A former head of MI5 has accused the government of exploiting the fear of terrorism and trying to bring in laws that restrict civil liberties. In an interview in a Spanish newspaper, published in the Daily Telegraph, Dame Stella Rimington, 73, also accuses the US of 'tortures'....Dame Stella, who stood down as the director general of the security service in 1996, has previously been critical of the government's policies, including its attempts to extend pre-charge detention for terror suspects to 42 days and the controversial plan to introduce ID cards. 'It would be better that the government recognised that there are risks, rather than frightening people in order to be able to pass laws which restrict civil liberties, precisely one of the objects of terrorism - that we live in fear and under a police state,' she told the Spanish newspaper La Vanguardia...."
Ministers 'using fear of terror'
BBC Online, 17 February 2009

"With Google’s Latitude, parents will be able to swoop down like helicopters on their children, whirr around their heads and chase them away from the games arcade and back to do their French verbs....However Orwellian it sounds, don’t worry. The police and security services can already track you down from your phone without any help from Google..."
Sloping off could soon be a thing of the past
London Times, 5 February 2009

"Over the past few days, at trade fairs from Las Vegas to Seoul, a constant theme has been the unstoppable advance of 'FRT', the benign abbreviation favoured by industry insiders. We learnt that Apple's iPhoto update will automatically scan your photos to detect people's faces and group them accordingly, and that Lenovo's new PC will log on users by monitoring their facial patterns....So let's understand this: governments and police are planning to implement increasingly accurate surveillance technologies that are unnoticeable, cheap, pervasive, ubiquitous, and searchable in real time. And private businesses, from bars to workplaces, will also operate such systems, whose data trail may well be sold on or leaked to third parties - let's say, insurance companies that have an interest in knowing about your unhealthy lifestyle, or your ex-spouse who wants evidence that you can afford higher maintenance payments. Rather than jump up and down with rage - you never know who is watching through the window - you have a duty now, as a citizen, to question this stealthy rush towards permanent individual surveillance. A Government already obsessed with pursuing an unworkable and unnecessary identity-card database must be held to account."
Let's face it, soon Big Brother will have no trouble recognising you
London Times, 13 January 2009

2008

"Our privacy is being invaded by the world's security services in every second of every day, as a routine matter. Vast quantities of information are collected by commercial enterprises such as Google or Tesco. Against these invasions of our privacy we have little or no protection."
Lord Rees-Mogg
London Times, 25 July 2008

'Stalin's Delight'
Smart Phones For Not So Smart People

"The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. ......Kaplan's opinion said that the eavesdropping technique 'functioned whether the phone was powered on or off.' Some handsets can't be fully powered down without removing the battery.....Security-conscious corporate executives routinely remove the batteries from their cell phones, he added....A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. 'A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug,' the article said, 'enabling them to be activated at a later date to pick up sounds even when the receiver is down.'........ A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations. When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored. Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings."
FBI taps cell phone mic as eavesdropping tool
ZDNetNews, 1 December 2006

"Cellphone users say they want more privacy, and app makers are listening. No, they're not listening to user requests. They're literally listening to the sounds in your office, kitchen, living room and bedroom. A new class of smartphone app has emerged that uses the microphone built into your phone as a covert listening device -- a 'bug,' in common parlance. But according to app makers, it's not a bug. It's a feature! The apps use ambient sounds to figure out what you're paying attention to. It's the next best thing to reading your mind. The issue was brought to the world's attention recently on a podcast called This Week in Tech. Host Leo Laporte and his panel shocked listeners by unmasking three popular apps that activate your phone's microphone to collect sound patterns from inside your home, meeting, office or wherever you are. The apps are Color, Shopkick and IntoNow, all of which activate the microphones in users' iPhone or Android devices in order to gather contextual information that provides some benefit to the user.   Color uses your iPhone's or Android phone's microphone to detect when people are in the same room. The data on ambient noise is combined with color and lighting information from the camera to figure out who's inside, who's outside, who's in one room, and who's in another, so the app can auto-generate spontaneous temporary social networks of people who are sharing the same experience. ... So, what's possible with current technology? By listening in on your phone, capturing 'patterns,' then sending that data back to servers, marketers can determine the following: * Your gender, and the gender of people you talk to. * Your approximate age, and the ages of the people you talk to. * What time you go to bed, and what time you wake up. * What you watch on TV and listen to on the radio. * How much of your time you spend alone, and how much with others. * Whether you live in a big city or a small town. *What form of transportation you use to get to work."
Snooping: It's not a crime, it's a feature
Computerworld, 16 April 2011

"Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised. The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program. For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010. 'Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you've been,' said Pete Warden, one of the researchers. Only the iPhone records the user's location in this way, say Warden and Alasdair Allan, the data scientists who discovered the file and are presenting their findings at the Where 2.0 conference in San Francisco on Wednesday. 'Alasdair has looked for similar tracking code in [Google's] Android phones and couldn't find any,' said Warden."
iPhone keeps record of everywhere you go
Guardian, 20 April 2011



'We Need A New Way Of Thinking' - Consciousness-Based Education



Latest Developments In 'Turnkey Totalitarianism'
KEEP UP TO DATE WITH SURVEILLANCE SOCIETY NEWS MEDIA REPORTS

Current - 2018 - 2017 - 2016 - 2015 - 2014 - 2013 - 2012 - 2011 - 2010 - 2009 - 2008 & Earlier


2019
"For those out of the loop, Xi has made it abundantly clear during his iconic speech that the Chinese blockchain community should rule the roost by setting policies and conventions globally, as BeInCrypto had reported previously.... the Chinese government is notorious for blatantly misusing technology to suppress dissent and infringe on the civil rights of nearly 1.5 billion people. Case in point — the mass surveillance system with highly sophisticated facial recognition, the Great Firewall, and the truly Orwellian social credit scoring system. Going by these past trends, it would be too presumptuous to think that President Xi’s government will refrain from reinforcing these draconian systems with blockchain technology and its offshoots. The likelihood of just the opposite unfolding is going stronger by the day with the government being ever so close to releasing its own digital currency. Despite all the obvious benefits, a cashless economy also has its fair share of drawbacks — especially when an authoritarian regime controls all facets of the digital monetary system. In the case of China, it’s soon-to-be-released will be a yuan-pegged digital currency built atop a permissioned ledger. That is quite unlike any blockchain-powered digital asset such as Bitcoin or Ethereum. Because the underlying ledger itself is permissioned and issued by a centralized authority, the Chinese government will enjoy total control over the network. Furthermore, the digital wallets required to store this digital currency will also be issued by the central bank, giving the government unrestricted access to all transaction data. Once the government has total command over this enforced-cashless economy, the use of blockchain for tightening its grip over the population becomes even easier. The government in China already controls the country’s cyberspace with an iron fist. State-sponsored censorship of content critical of the government is rampant and so is the unapologetic monitoring of online traffic. A blockchain-based system in the disguise of social welfare schemes can further add to these diabolical practices. For example, any such system can allow the government to store digital identities of citizens on a blockchain and then use the same system to conduct real-time monitoring of their movement, financial transactions, social media accounts, and other digital footprints. With a whole range of interconnected databases, any such network is likely to be a lot more comprehensive as compared to even the most intrusive surveillance programs in Western democracies, or for that matter, in most parts of the world. Worse even, a blockchain network capable of tracking citizens in real-time will add more to teeth to the Chinese government’s social credit score system, which basically ranks citizens based on their ‘social value’ and loyalty to the government."
China is Becoming a Blockchain-Powered Orwellian Dystopia

Beincrypto, 30 October 2019

"For more than half a decade, the vulnerability of our computers and computer networks has been ranked the number one risk in the US Intelligence Community’s Worldwide Threat Assessment – that’s higher than terrorism, higher than war. Your bank balance, the local hospital’s equipment, and the 2020 US presidential election, among many, many other things, all depend on computer safety. And yet, in the midst of the greatest computer security crisis in history, the US government, along with the governments of the UK and Australia, is attempting to undermine the only method that currently exists for reliably protecting the world’s information: encryption. Should they succeed in their quest to undermine encryption, our public infrastructure and private lives will be rendered permanently unsafe.In the simplest terms, encryption is a method of protecting information, the primary way to keep digital communications safe. Every email you write, every keyword you type into a search box – every embarrassing thing you do online – is transmitted across an increasingly hostile internet. Earlier this month the US, alongside the UK and Australia, called on Facebook to create a “backdoor”, or fatal flaw, into its encrypted messaging apps, which would allow anyone with the key to that backdoor unlimited access to private communications. So far, Facebook has resisted this. If internet traffic is unencrypted, any government, company, or criminal that happens to notice it can – and, in fact, does – steal a copy of it, secretly recording your information for ever. If, however, you encrypt this traffic, your information cannot be read: only those who have a special decryption key can unlock it... When I came forward in 2013, the US government wasn’t just passively surveilling internet traffic as it crossed the network, but had also found ways to co-opt and, at times, infiltrate the internal networks of major American tech companies. At the time, only a small fraction of web traffic was encrypted: six years later, Facebook, Google and Apple have made encryption-by-default a central part of their products, with the result that today close to 80% of web traffic is encrypted. Even the former director of US national intelligence, James Clapper, credits the revelation of mass surveillance with significantly advancing the commercial adoption of encryption. The internet is more secure as a result. Too secure, in the opinion of some governments. Donald Trump’s attorney general, William Barr, who authorised one of the earliest mass surveillance programmes without reviewing whether it was legal, is now signalling an intention to halt – or even roll back – the progress of the last six years. WhatsApp, the messaging service owned by Facebook, already uses end-to-end encryption (E2EE): in March the company announced its intention to incorporate E2EE into its other messaging apps – Facebook Messenger and Instagram – as well. Now Barr is launching a public campaign to prevent Facebook from climbing this next rung on the ladder of digital security. This began with an open letter co-signed by Barr, UK home secretary Priti Patel, Australia’s minister for home affairs and the US secretary of homeland security, demanding Facebook abandon its encryption proposals. If Barr’s campaign is successful, the communications of billions will remain frozen in a state of permanent insecurity: users will be vulnerable by design. And those communications will be vulnerable not only to investigators in the US, UK and Australia, but also to the intelligence agencies of China, Russia and Saudi Arabia – not to mention hackers around the world. End-to-end encrypted communication systems are designed so that messages can be read only by the sender and their intended recipients, even if the encrypted – meaning locked – messages themselves are stored by an untrusted third party, for example, a social media company such as Facebook.The central improvement E2EE provides over older security systems is in ensuring the keys that unlock any given message are only ever stored on the specific devices at the end-points of a communication – for example the phones of the sender or receiver of the message – rather than the middlemen who own the various internet platforms enabling it. Since E2EE keys aren’t held by these intermediary service providers, they can no longer be stolen in the event of the massive corporate data breaches that are so common today, providing an essential security benefit. In short, E2EE enables companies such as Facebook, Google or Apple to protect their users from their scrutiny: by ensuring they no longer hold the keys to our most private conversations, these corporations become less of an all-seeing eye than a blindfolded courier. It is striking that when a company as potentially dangerous as Facebook appears to be at least publicly willing to implement technology that makes users safer by limiting its own power, it is the US government that cries foul. This is because the government would suddenly become less able to treat Facebook as a convenient trove of private lives....The true explanation for why the US, UK and Australian governments want to do away with end-to-end encryption is less about public safety than it is about power: E2EE gives control to individuals and the devices they use to send, receive and encrypt communications, not to the companies and carriers that route them. This, then, would require government surveillance to become more targeted and methodical, rather than indiscriminate and universal. What this shift jeopardises is strictly nations’ ability to spy on populations at mass scale, at least in a manner that requires little more than paperwork. By limiting the amount of personal records and intensely private communications held by companies, governments are returning to classic methods of investigation that are both effective and rights-respecting, in lieu of total surveillance. In this outcome we remain not only safe, but free."
Without encryption, we will lose all privacy. This is our new battleground
Guardian, 15 October 2019

"Tens of thousands of families are being tracked in a multi-million-pound government scheme to let tech firms access their smart meter data. At least 20 companies are being given a share of £20million to develop products that can be used alongside smart meters. Those involved say the aim is to help households make further energy savings — but one of the firms entrusted with taxpayers' money has previously boasted of being able to 'monetise' highly personalised consumer data. The same company is currently working with Amazon to enable customers to ask its virtual assistant Alexa how much power they have used and when. The Government wants all UK homes to have a smart meter to monitor power usage by 2024, but the bodged rollout is set to cost at least £13billion. It is running three trials to develop technology that analyses smart meter data. Tech firms team up with energy suppliers to bid for funds after getting consent from customers."
The smart meter snoopers... already in homes as part of a little-known £20m plan to track energy habits
Mail, 15 October 2019

"With a trip to Google’s activity controls page, you can choose to purge that data on a rolling three-month or 18-month basis. The company pitches this tool, along with the ability to manually delete data through Google’s activity pages, as one of many ways users can control their privacy.... In reality, these auto-delete tools accomplish little for users, even as they generate positive PR for Google. Experts say that by the time three months rolls around, Google has already extracted nearly all the potential value from users’ data, and from an advertising standpoint, data becomes practically worthless when it’s more than a few months old. “Anything up to one month is extremely valuable,” says David Dweck, the head of paid search at digital ad firm WPromote. “Anything beyond one month, we probably weren’t going to target you anyway.”"
Google’s auto-delete tools are practically worthless for privacy
Fast Company, 15 October 2019

"It's an admission that appears to have caught Google's devices chief by surprise. After being challenged as to whether homeowners should tell guests smart devices - such as a Google Nest speaker or Amazon Echo display - are in use before they enter the building, he concludes that the answer is indeed yes. "Gosh, I haven't thought about this before in quite this way," Rick Osterloh begins. "It's quite important for all these technologies to think about all users... we have to consider all stakeholders that might be in proximity." And then he commits. "Does the owner of a home need to disclose to a guest? I would and do when someone enters into my home, and it's probably something that the products themselves should try to indicate.""
Google chief: I'd disclose smart speakers before guests enter my home
BBC, 15 October 2019

"The web giant Amazon has cornered more than a third of the lucrative UK market in storing and processing government-held information, including sensitive biometric details and tax records, figures leaked to The Telegraph suggest. The details come as Amazon is due to announce financial results this week that will highlight how important this part of the business, known as Amazon Web Services, is to the profitability of a company much better known for its online superstore. In the first six months of this year, for example, AWS made $4.3bn (£3.33bn) on global revenues of $16bn, while the more famous part of Amazon made only $3.1bn on global revenues of $107bn. AWS profits have been driven by rocketing demand for its “cloud” services – where customers pay to store data or buy processing power on computers owned and run by Amazon. AWS revenues from UK government contracts grew by more than 50pc last year, the leaked figures suggest. Such is the pace of the growth that some critics claim that the UK Government’s reliance on AWS poses a systemic risk, should AWS servers crash. Last year, a Lloyd’s of London report estimated that even a temporary shutdown at a major cloud provider like AWS could wreak almost $20bn in business losses. Amazon says its service is designed to diffuse the potential for systemic risk and minimise downtime. There are also questions about Amazon’s tax status. AWS recently created a Luxembourg-based subsidiary whose accounts for 2018 show it paid just €10m (£8.6m) tax on €1.9bn revenues. In the same year, HMRC business to AWS was worth £15m....In Britain, its leading position in cloud provision to the public sector, including government departments like the Home Office, Department of Work and Pensions, and the Cabinet Office, as well as NHS Digital and the National Crime Agency, is also entrenched. Figures obtained by The Sunday Telegraph suggest that AWS has captured more than a third of the UK public sector market with revenues of more than £100m in the last financial year."
Special report: Amazon's extraordinary grip on British data
Te1egraph, 9 October 2019

"France is poised to become the first European country to use facial recognition technology to give citizens a secure digital identity -- whether they want it or not. Saying it wants to make the state more efficient, President Emmanuel Macron’s government is pushing through plans to roll out an ID program, dubbed Alicem, in November, earlier than an initial Christmas target. The country’s data regulator says the program breaches the European rule of consent and a privacy group is challenging it in France’s highest administrative court. It took a hacker just over an hour to break into a “secure” government messaging app this year, raising concerns about the state’s security standards.... With the move, France will join states around the world rushing to create “digital identities” to give citizens secure access to everything from their taxes and banks to social security and utility bills. Singapore uses facial recognition and has signed an accord to help the U.K. prepare its own ID system. India uses iris scans. France says the ID system won’t be used to keep tabs on residents. Unlike in China and Singapore, the country won’t be integrating the facial recognition biometric into citizens’ identity databases. In fact, the interior ministry, which developed the Alicem app, says the facial recognition data collected will be deleted when the enrollment process is over. That hasn’t stopped people from worrying about its potential misuse. “Rushing into facial recognition at this point is a major risk” because of uncertainties on its final use, said Didier Baichere, a governing-party lawmaker who sits on the Parliament’s “future technologies” commission and is the author of a July report on the subject. Allowing mass-usage before putting in place proper checks and balances is “ludicrous,” he said.... The Android-only app with the blazon of the French republic, which Bloomberg was able to consult, will be the only way for residents to create a legal digital ID and facial recognition will be its sole enabler. An ID will be created through a one-time enrollment that works by comparing a user’s photo in their biometric passport to a selfie video taken on the app that will capture expressions, movements and angles. The phone and the passport will communicate through their embedded chips. Opponents say the app potentially violates Europe’s General Data Protection Regulation, which makes free choice mandatory. Emilie Seruga-Cau, who heads the law enforcement unit at the CNIL, the country’s independent privacy regulator, said it has made its concerns “very clear.” Opposition lawmakers worry about the integration of facial recognition into laws to track violent protesters like during Yellow Vests demonstrations. Drago, who’s challenging government plans on privacy and consent issues, said the absence of a debate “lets the state move ahead, without roadblocks.” Meanwhile, facial recognition tests are multiplying. Live camera surveillance in the streets of Wales was judged legal this month by a London court. Germany, The Netherlands and Italy use it for fast tracking borders checks. In August, Sweden’s Data Protection Authority fined the municipality of Skelleftea for testing facial recognition on high school students to measure attendance. Apple Inc. trivialized its use as a biometric to unlock mobile phones. The EU’s new Commission, whose mandate begins in November, has among its goals the building of a “Europe fit for the Digital Age.” An internal policy document by the Commission detailed the steps the EU should take to master Artificial Intelligence technologies, including facial recognition."
France Set to Roll Out Nationwide Facial Recognition ID Program
Bloomberg, 3 October 2019

"Electronic Frontier Foundation (EFF) and the American Civil Liberties Union Foundation of Southern California (ACLU SoCal) have reached an agreement with Los Angeles law enforcement agencies under which the police and sheriff’s departments will turn over license plate data they indiscriminately collected on millions of law-abiding drivers in Southern California. The data, which has been deidentified to protect drivers’ privacy, will allow EFF and ACLU SoCal to learn how the agencies are using automated license plate reader (ALPR) systems throughout the city and county of Los Angeles and educate the public on the privacy risks posed by this intrusive technology. A weeks’ worth of data, composed of nearly 3 million data points, will be examined...ALPR systems include cameras mounted on police cars and at fixed locations that scan every license plate that comes into view—up to 1,800 plates per minute. They record data on each plate, including the precise time, date, and place it was encountered. The two Los Angeles agencies scan about 3 million plates every week and store the data for years at a time. Using this data, police can learn where we were in the past and infer intimate details of our daily lives such as where we work and live, who our friends are, what religious or political activities we attend, and much more."
EFF Wins Access to License Plate Reader Data to Study How Law Enforcement Uses the Privacy Invasive Technology
EFF, 3 October 2019

"Millions of vehicles across the country have had their license plates scanned by police—and more than 99% of them weren’t associated with any crimes. Yet law enforcement agencies often share ALPR information with their counterparts in other jurisdictions, as well as with border agents,  airport security, and university police. EFF and ACLU SoCal reached the agreement with the Los Angeles Police and Sheriff’s Departments after winning a precedent-setting decision in 2017 from the California Supreme Court in our public records lawsuit against the two agencies. The court held that the data are not investigative records under the California Public Records Act that law enforcement can keep secret....The California Supreme Court ruling has significance beyond the ALPR case. It set a groundbreaking precedent that mass, indiscriminate data collection by the police can’t be withheld just because the information may contain some data related to criminal investigations."
Victory! EFF Wins Access to License Plate Reader Data to Study How Law Enforcement Uses the Privacy Invasive Technology
EFF, 3 October 2019

"Amazon's low-power, low-cost wireless standard was introduced to us via the first Sidewalk reference design, the Ring Fetch dog tracker, which will alert you when your dog leaves your geofenced garden when it launches in 2020. Compared to the nugget buried in Apple's most recent keynote, though, this could be viewed as hyperbole. Apple's U1 chip - which allows precise, indoor positional tracking via the latest iPhones and will power, at the very least, directional AirDrop file-sharing - popped up on screen but was never even mentioned. The interest-piquing phrase "GPS at the scale of your living room" was saved for the online iPhone product pages rather than the bombast of the Steve Jobs Theater. As modest at these two announcements were, then, it's clear that both Amazon and Apple have embarked on similar missions to extend their control of their customers' connectivity in and around the home. Amazon's Sidewalk, which operates on the 900MHz band typically used for amateur radio and emergency services, and Apple's close-range, ultra-wideband positioning with the U1 are designed to get Amazon out of the home and Apple inside it....Why so muted then from the two tech giants?... It could be that with the privacy-focused techlash of recent years, both are treading carefully in the launch stages. Just look at how Amazon's acquisition of mesh networking company eero was received earlier this year or the widespread interest in Huawei's level of involvement with 5G networks."
Amazon and Apple are quietly building networks that know the location of everything
Wired, 28 September 2019

"Edward Snowden doesn’t share new state secrets in his memoir, Permanent Record, which The Daily Beast obtained a copy of ahead of its release Tuesday. But he does offer some personal ones....  Snowden mentions a rare public speech [by] Ira “Gus” Hunt, the CIA’s chief technology officer, delivered a week after then-Director of National Intelligence James Clapper had lied to Congress about the NSA’s collection of bulk communications. In the speech, covered only by the Huffington Post, Hunt flatly declared that we “try to collect everything and hang on to it forever.” “You’re already a walking sensor platform,” he said. “It is nearly within our grasp to be able to compute on all human generated information”). As Snowden notes, a video of the talk has less than 1,000 views. After that, Snowden recounts his efforts to reach out to journalists....[Snowden] took what he saw as a less prestigious new position to gain access to the XKEYSCORE system, which he’d learned about but not used himself, and, he writes, is “perhaps best understood as a search engine that lets an analyst search through the records of your life.” “It was, simply put, the closest thing to science fiction I’ve ever seen in science fact,” he writes, allowing users to put in someone’s basic information and then go through their online history, even playing back recordings of their online settings and watching people as they searched, character by character. “Everyone’s communications were in the system—everyone’s,” including the president’s, he writes. The potential for abuse was obvious. NSA workers even had a word, “LOVEINT” for “love intelligence,” to describe analysts cyber-stalking current, former and prospective lovers, while among male analysts “intercepted nudes were a kind of informal office currency,” Snowden writes. “This was how you knew you could trust each other: you had shared in one another’s crimes.”"
Edward Snowden Is Exposing His Own Secrets This Time
Daily Beast, 16 September 2019

"Attention airline bathroom loiterers: The next generation of Airbus aircraft will track how long you’ve been in there. It’s all part of an effort to make commercial cabins a digitally aware domain. The program is Airbus’s bid to raise the Internet of Things — that buzz-phrase for connected household gadgets — to cruising altitude. The Airbus Connected Experience aims to give flight attendants a more detailed survey of the cabin..."
The next generation of aircraft will track your bathroom visits
Bloomberg, 12 September 2019

"Period tracker apps are sending deeply personal information about women’s health and sexual practices to Facebook, new research has found. UK-based advocacy group Privacy International, sharing its findings exclusively with BuzzFeed News, discovered period-tracking apps including MIA Fem and Maya sent women’s use of contraception, the timings of their monthly periods, symptoms like swelling and cramps, and more, directly to Facebook.... The data sharing with Facebook happens via Facebook’s Software Development Kit (SDK), which helps app developers incorporate particular features and collect user data so Facebook can show them targeted ads, among other functions.... The app also shares data users enter about their use of contraception, the analysis found, as well as their moods. It also asks users to enter information about when they’ve had sex and what kind of contraception they used, and also includes a diarylike section for users to write their own notes. That information is also shared with Facebook. Advertisers are often interested in people’s moods because it helps them strategically target ads to them at times they might be more likely to buy."
Period Tracker Apps Used By Millions Of Women Are Sharing Incredibly Sensitive Data With Facebook
Buzzfeed, 9 September 2019

"With the new Nest Hub Max, Google is adding an eye to its talking artificial intelligence. When I flash my palm at the device, a camera spots me and immediately pauses my music. Talk to the hand, robot! When I walk by a Hub Max, the Google Assistant greets me on its screen, "Good afternoon, Geoffrey." This wizardry is made possible by facial recognition. The $230 Nest Hub Max offers a glimpse of how this controversial tech might be used in our homes - if people aren't too turned off by the privacy implications. Living with Google's latest creation for a few days embodied the cognitive dissonance of being a gadget guy in 2019. You can appreciate the fun and wonder of new technology that you also know brings new concerns. I kept wondering: Do any of these camera functions make it worth bringing face surveillance inside my home? ... the Hub Max suffers from the same affliction as many new Google products: It's frighteningly advanced technology that hasn't identified the problem in our lives that needs solving. None of the camera functions the Hub Max offers today make it worth bringing surveillance inside my house. Google and all the other companies pushing face tech are going to have to keep working on uses that cross the chasm from creepy to can't-live-without-it."
Google is always listening. Now it's watching, too, with the Nest Hub Max
Washington Post (Geoffrey Fowler), 9 September 2019

"A number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims, TechCrunch has learned. Sources familiar with the matter said the websites were part of a state-backed attack — likely China — designed to target the Uyghur community in the country’s Xinjiang state. It’s part of the latest effort by the Chinese government to crack down on the minority Muslim community in recent history. In the past year, Beijing has detained more than a million Uyghurs in internment camps, according to a United Nations human rights committee."
Sources say China used iPhone hacks to target Uyghur Muslims
Techcrunch, 31 August 2019

"An unprecedented iPhone hacking operation, which attacked 'thousands of users a week' until it was disrupted in January, has been revealed by researchers at Google’s external security team. The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones. Once hacked, the user’s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database. The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.”
Google says hackers have put ‘monitoring implants’ in iPhones for years
Guardian, 30 August 2019

"After a long delay, Facebook is releasing a tool that will allow people to see what kind of information it has collected about their online activity beyond its borders — from the news they read to the shopping websites they visit to the porn they watch — along with an option to dissociate that data from their accounts. Facebook collects information about its users in two ways: first, through the information you input into its website and apps, and second, by tracking which websites you visit while you’re not on Facebook. That’s why, after you visit a clothing retailer’s website, you’ll likely see an ad for it in your Facebook News Feed or Instagram feed. Basically, Facebook monitors where you go, all across the internet, and uses your digital footprints to target you with ads. But Facebook users have never been able to view this external data Facebook collected about them, until now. Facebook tracks your browsing history via the “Login with Facebook” button, the “like” button, Facebook comments, and little bits of invisible code, called the Facebook pixel, embedded on other sites (including BuzzFeed News). Today the company will start to roll out a feature called “Off-Facebook Activity” that allows people to manage that external browsing data — finally delivering on a promise it made over a year ago when CEO Mark Zuckerberg announced at a company event that it would develop a feature then called “Clear History.”... However, it’s important to note that neither Facebook’s announcement nor screenshots of the feature mention the word “delete” — and that’s because the browsing information isn’t being deleted, it’s simply dissociated from your Facebook account, according to a Facebook spokesperson. In other words, Facebook will still hold on to the data but will anonymize it rather than pair it with your profile. For example, although your browsing history won’t be used to advertise a discount to an online store you’ve visited before, the activity will still appear in aggregated audience data shown to developers using Facebook’s analytics tools.... the data isn’t being removed from Facebook servers. Just as Facebook still collects aggregated, anonymous browsing information from people who are logged out or don’t have Facebook accounts, Facebook will treat people who have opted out of external website tracking similarly, a Facebook spokesperson confirmed to BuzzFeed News."
You Can Finally See All Of The Info Facebook Collected About You From Other Websites
Buzzfeed, 20 August 2019

"Breaking a long silence about a high-profile National Security Agency program that sifts records of Americans’ telephone calls and text messages in search of terrorists, the Trump administration on Thursday acknowledged for the first time that the system has been indefinitely shut down — but asked Congress to extend its legal basis anyway. In a letter to Congress delivered on Thursday and obtained by The New York Times, the administration urged lawmakers to make permanent the legal authority for the National Security Agency to gain access to logs of Americans’ domestic communications, the USA Freedom Act. The law, enacted after the intelligence contractor Edward J. Snowden revealed the existence of the program in 2013, is set to expire in December, but the Trump administration wants it made permanent."
Trump Administration Asks Congress to Reauthorize N.S.A.’s Deactivated Call Records Program
New York Times, 15 August 2019

"The fingerprints of over 1 million people, as well as facial recognition information, unencrypted usernames and passwords, and personal information of employees, was discovered on a publicly accessible database for a company used by the likes of the UK Metropolitan police, defence contractors and banks. Suprema is the security company responsible for the web-based Biostar 2 biometrics lock system that allows centralised control for access to secure facilities like warehouses or office buildings. Biostar 2 uses fingerprints and facial recognition as part of its means of identifying people attempting to gain access to buildings. Last month, Suprema announced its Biostar 2 platform was integrated into another access control system – AEOS. AEOS is used by 5,700 organisations in 83 countries, including governments, banks and the UK Metropolitan police. The Israeli security researchers Noam Rotem and Ran Locar working with vpnmentor, a service that reviews virtual private network services, have been running a side project to scans ports looking for familiar IP blocks, and then use these blocks to find holes in companies’ systems that could potentially lead to data breaches. In a search last week, the researchers found Biostar 2’s database was unprotected and mostly unencrypted. They were able to search the database by manipulating the URL search criteria in Elasticsearch to gain access to data. The researchers had access to over 27.8m records, and 23 gigabytes-worth of data including admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff. Much of the usernames and passwords were not encrypted, Rotem told the Guardian. “We were able to find plain-text passwords of administrator accounts,” he said. “The access allows first of all seeing millions of users are using this system to access different locations and see in real time which user enters which facility or which room in each facility, even.” “We [were] able to change data and add new users,” he said. This would mean that he could edit an existing user’s account and add his own fingerprint and then be able to access whatever building that user is authorised to access, or he could just add himself as a user with his photo and fingerprints."
Major breach found in biometrics system used by banks, UK police and defence firms
Guardian, 14 August 2019

"Researchers from SMU’s Darwin Deason Institute for Cybersecurity found that acoustic signals, or sound waves, produced when we type on a computer keyboard can successfully be picked up by a smartphone. The sounds intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing. The researchers were able to decode much of what was being typed using common keyboards and smartphones – even in a noisy conference room filled with the sounds of other people typing and having conversations.... The study was published in the June edition of the journal Interactive, Mobile, Wearable and Ubiquitous Technologies. Co-authors of the study are Tyler Giallanza, Travis Siems, Elena Sharp, Erik Gabrielsen and Ian Johnson – all current or former students at the Deason Institute. It might take only a couple of seconds to obtain information on what you’re typing, noted lead author Mitch Thornton, director of SMU’s Deason Institute and professor of electrical and computer engineering.... The researchers wanted to create a scenario that would mimic what might happen in real life. So they arranged several people in a conference room, talking to each other and taking notes on a laptop. Placed on the same table as their laptop or computer, were as many as eight mobile phones, kept anywhere from three inches to several feet feet away from the computer, Thornton said. Study participants were not given a script of what to say when they were talking, and were allowed to use shorthand or full sentences when typing. They were also allowed to either correct typewritten errors or leave them, as they saw fit.... There are some caveats, though. “An attacker would need to know the material type of the table,” Larson said, because different tables create different sound waves when you type.  For instance, a wooden table like the kind used in this study sounds different than someone typing on a metal tabletop. Larson said, “An attacker would also need a way of knowing there are multiple phones on the table and how to sample from them.” A successful interception of this sort could potentially be very scary, Thornton noted, because “there’s no way to know if you’re being hacked this way.”"
Attackers could be listening to what you type
SMU, 12 August 2019

"Most people don’t think twice about picking up a phone charging cable and plugging it in. But one hacker’s project wants to change that and raise awareness of the dangers of potentially malicious charging cables. A hacker who goes by the online handle MG took an innocent-looking Apple USB Lightning cable and rigged it with a small Wi-Fi-enabled implant, which, when plugged into a computer, lets a nearby hacker run commands as if they were sitting in front of the screen. Dubbed the O.MG cable, it looks and works almost indistinguishably from an iPhone charging cable. But all an attacker has to do is swap out the legitimate cable for the malicious cable and wait until a target plugs it into their computer. From a nearby device and within Wi-Fi range (or attached to a nearby Wi-Fi network), an attacker can wirelessly transmit malicious payloads on the computer, either from pre-set commands or an attacker’s own code. Once plugged in, an attacker can remotely control the affected computer to send realistic-looking phishing pages to a victim’s screen, or remotely lock a computer screen to collect the user’s password when they log back in. MG focused his first attempt on an Apple Lightning cable, but the implant can be used in almost any cable and against most target computers. “This specific Lightning cable allows for cross-platform attack payloads, and the implant I have created is easily adapted to other USB cable types,” MG said. “Apple just happens to be the most difficult to implant, so it was a good proof of capabilities.”.... “Suddenly we now have victim-deployed hardware that may not be noticed for much longer periods of time,” he explained. “This changes how you think about defense tactics. We have seen that the NSA has had similar capabilities for over a decade, but it isn’t really in most people’s threat models because it isn’t seen as common enough.” “Most people know not to plug in random flash drives these days, but they aren’t expecting a cable to be a threat,” he said. “So this helps drive home education that goes deeper."”
This hacker’s iPhone charging cable can hijack your computer
Techcrunch, 12 August 2019

"Elizabeth Denham, who runs the Information Commissioner's Office, has signed a statement alongside counterparts in the US, Canada, Australia and the European Union. The statement said they have "shared concerns" over "privacy risks posed". Banking chiefs, regulators and US President Donald Trump have also expressed doubts about the currency. Monday's statement from the privacy chiefs calls on Facebook to provide more details about how the tech giant will protect user data. Libra, and its digital wallet Calibra, were announced in June by a group of companies backing it, led by Facebook.Ms Denham said: "The ambition and scope of the Libra project has the potential to change the online payment landscape, and to offer benefits to consumers. "But that ambition must work in tandem with people's privacy expectations and rights. "Facebook's involvement is particularly significant, as there is the potential to combine Facebook's vast reserves of personal information with financial information and cryptocurrency, amplifying privacy concerns about the network's design and data-sharing arrangements." She said that, while Facebook has opened talks with financial regulators, there was little detail about how the social media company will handle customer information. Data protection must be a key part of the dialogue over Libra."
Facebook: UK privacy chief joins warning about cryptocurrency
BBC, 5 August 2019

"A consumer advocacy group has warned that automakers are rolling out new vehicles increasingly vulnerable to hackers, which could result in thousands of deaths in the event of a mass cyberattack. In a new report entitled "Kill Switch: Why Connected Cars Can Be Killing Machines And How To Turn Them Off," Los Angeles-based Consumer Watchdog said cars connected to the internet are quickly becoming the norm but constitute a national security threat. "The troubling issue for industry technologies is that these vehicles' safety-critical systems are being linked to the internet without adequate security and with no way to disconnect them in the event of a fleet-wide hack," the report said. It said industry executives were aware of the risk but were nonetheless pushing ahead in deploying the technology in new vehicles, putting corporate profit ahead of safety. The report was based on a five-month study with the help of more than 20 whistleblowers from within the car industry. The group of car industry technologists and experts speculated that a fleet-wide hack at rush hour could leave about 3,000 people dead. "You can control all sorts of aspects of your car from your smartphone, including starting the engine, starting the air conditioning, checking on its location," said one of the whistleblowers, who were not identified. "Well, if you can do it with your smartphone anybody else can over the internet." The report recommends all connected vehicles be equipped with an internet kill switch and that all new designs should completely isolate safety-critical systems from internet-connected infotainment systems or other networks. "Connecting safety-critical systems to the internet is inherently dangerous design," said Jamie Court, president of Consumer Watchdog. "American car makers need to end the practice or Congress must step in to protect our transportation system and our national security." Representatives from several of the car companies mentioned in the report, including GM, Toyota and Ford, could not immediately be reached for comment."
New Cars Vulnerable To Hacks That Could Leave Thousands Dead
Agence France Presse, 2 August 2019

"San Diego has installed thousands of microphones and cameras in so-called smart streetlamps in recent years as part of a program to assess traffic and parking patterns throughout the city. However, the technology over the last year caught the attention of law enforcement. When police officers picked up Hernandez last summer, they had never used a streetlamp camera in an investigation. Today, such video has been viewed in connection with more than 140 police investigations. Officers have increasingly turned to the footage to help crack cases, as frequently as 20 times a month. Police department officials have said that the video footage has been crucial in roughly 40 percent of these cases.... Privacy groups have voiced concerns about a lack of oversight, as law enforcement has embraced the new technology. Groups, such as the American Civil Liberties Union, have pushed city councils across the country to adopt surveillance oversight ordinances that create strict rules around using everything from license plate readers to gunshot-detection systems to streetlamp cameras.... Authorities said that direct access is currently restricted to roughly 100 investigative officers in the sex crimes, robbery, traffic, internal affairs and homicide units. Other members of the department’s more than 1,800 sworn officers can request access but must be cleared by a designated authority before they view footage. This arrangement has disturbed Matt Cagle, technology and civil liberties attorney with the ACLU. “This sounds like the quote, ‘just trust us’ approach to surveillance technology, which is a recipe for invasive uses and abuse of these systems,” he said. “There needs to be meaningful oversight and accountability. “Decisions about how to use surveillance technology should not be made unilaterally by law enforcement or another city agency,” he added San Diego Mayor Kevin Faulconer declined an interview for this story, but a spokesperson for his office said in an email that a citywide policy to regulate use of the microphones and cameras in streetlamps is “under development.”... Thirteen cities and counties in the United States have adopted a version of the ACLU’s proposed surveillance oversight legislation, including San Francisco, Oakland and Seattle, according to the group’s website. California is also considering a statewide bill. Suggested guidelines include mandating a public process to review technology before it’s implemented, as well as conducting regular audits of existing systems to document how the surveillance technologies are being used and potentially abused.... the cameras do not record private property or use facial recognition or license plate reading technology. The video is stored on the device and erased every five days if not downloaded for an investigation. The smart streetlamps are also not recording audio, Jordon said, although they do have the capability. He said they could be used as part of the gunshot-detection system known as ShotSpotter, but that would be subject to council approval. While video has been shared with federal agents involved in local task forces, Jordon has assured elected leaders that the footage has never been used to enforce immigration rules."
San Diego Police Department ramps up use of streetlamp video cameras, ACLU raises surveillance concerns

San Diego Union-Tribune, 5 August 2019

"British, American and other intelligence agencies from English-speaking countries have concluded a two-day meeting in London amid calls for spies and police officers to be given special, backdoor access to WhatsApp and other encrypted communications. The meeting of the “Five Eyes” nations – the UK, US, Australia, Canada and New Zealand – was hosted by new home secretary, Priti Patel, in an effort to coordinate efforts to combat terrorism and child abuse. Dealing with the challenge faced by increasingly effective encryption was one of the main topics at the summit, officials said, at a time when technology companies want to make their services more secure after a range of security breaches. The meetings, however, were held in private with no agenda being made public, making it difficult to conclude exactly what had been discussed by the ministers, officials and intelligence agencies from the countries involved. However, British ministers have privately voiced particular concerns about WhatsApp, the widely used Facebook-owned messenger service, which was used by, among others, the three plotters in the London Bridge terror attack.... GCHQ, the UK agency which monitors and breaks into communications, has suggested that Silicon Valley companies could develop technology that would silently add a police officer or intelligence agent to conversations or group chats. The controversial so-called “ghost protocol” has been fiercely opposed by companies, civil society organisations and some security experts – but intelligence and law enforcement agencies continue to lobby for it. Police said they had not been able to see or crack open hundreds of WhatsApp messages sent by at least one of those involved in the London Bridge attacks because an acquaintance of theirs had refused to hand over his phone. WhatsApp has also been improving its security after it emerged earlier this year that a flaw had been exploited by an Israeli spyware company, which allowed special software used by intelligence agencies to covertly take control of a person’s phone.... The Five Eyes summit is an annual event, first held in 2013. The anglophone security network has become increasingly important at a time when the UK is planning to leave the European Union."
Calls for backdoor access to WhatsApp as Five Eyes nations meet
Guardian, 30 July 2019

"NSO Group is able to secretly scrape data from the servers of the technology giants in order to steal a person's location information, photos or messages, The Financial Times reported after speaking to people familiar with the firm's sales pitch.In 2018, NSO was accused of placing spyware on the smartphone of murdered Saudi journalist Jamal Khashoggi, though the Israeli firm denies the accusations. According to a lawsuit filed by a friend of Khashoggi, Saudo Arabia used NSO's software to bug the Washington Post columnist's phone and intercept his calls and messages."
Hackers can steal all your private data from Apple, Google, Facebook and Amazon with new malware, report claims
Independent, 20 July 2019

"The Israeli company whose spyware hacked WhatsApp has told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch. NSO Group’s flagship smartphone malware, nicknamed Pegasus, has for years been used by spy agencies and governments to harvest data from targeted individuals’ smartphones. But it has now evolved to capture the much greater trove of information stored beyond the phone in the cloud, such as a full history of a target’s location data, archived messages or photos, according to people who shared documents with the Financial Times and described a recent product demonstration. The documents raise difficult questions for Silicon Valley’s technology giants, which are trusted by billions of users to keep critical personal information, corporate secrets and medical records safe from potential hackers. NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents. The company has always maintained that its software, which is designated by Israel as a weapon, is only sold to responsible governments to help prevent terrorist attacks and crimes. But Pegasus has been traced by researchers to the phones of human rights activists and journalists around the world, raising allegations that it is being abused by repressive regimes. The new technique is said to copy the authentication keys of services such as Google Drive, Facebook Messenger and iCloud, among others, from an infected phone, allowing a separate server to then impersonate the phone, including its location. This grants open-ended access to the cloud data of those apps without “prompting 2-step verification or warning email on target device”, according to one sales document. It works on any device that Pegasus can infect, including many of the latest iPhones and Android smartphones, according to the documents, and allows ongoing access to data uploaded to the cloud from laptops, tablets and phones — even if Pegasus is removed from the initially targeted smartphone. One pitch document from NSO’s parent company, Q-Cyber, which was prepared for the government of Uganda earlier this year, advertised the ability of Pegasus to “retrieve the keys that open cloud vaults” and “independently sync-and-extract data”. Having access to a “cloud endpoint” means eavesdroppers can reach “far and above smartphone content”, allowing information about a target to “roll in” from multiple apps and services, the sales pitch claimed. It is not yet clear if the Ugandan government purchased the service, which costs millions of dollars. Security teams at the Silicon Valley companies potentially affected are now investigating the method, which appears to target the industry-wide authentication techniques that have, until now, been thought to be secure. ... Meanwhile, the $1bn company faces lawsuits in Israel and Cyprus that allege that it shares liability for the abuse of its software by repressive regimes. In May, the FT reported that the company used a vulnerability in Facebook’s WhatsApp messaging system to insert Pegasus on smartphones."
Israeli group’s spyware ‘offers keys to Big Tech’s financial
Financial Times, 19 July 2019

"Schools in the central German state of Hesse have been have been told it's now illegal to use Microsoft Office 365.The state's data-protection commissioner has ruled that using the popular cloud platform's standard configuration exposes personal information about students and teachers "to possible access by US officials". That might sound like just another instance of European concerns about data privacy or worries about the current US administration's foreign policy. But in fact the ruling by the Hesse Office for Data Protection and Information Freedom is the result of several years of domestic debate about whether German schools and other state institutions should be using Microsoft software at all. Besides the details that German users provide when they're working with the platform, Microsoft Office 365 also transmits telemetry data back to the US. Last year, investigators in the Netherlands discovered that that data could include anything from standard software diagnostics to user content from inside applications, such as sentences from documents and email subject lines. All of which contravenes the EU's General Data Protection Regulation, or GDPR, the Dutch said. Germany's own Federal Office for Information Security also recently expressed concerns about telemetry data that the Windows operating system sends. To allay privacy fears in Germany, Microsoft invested millions in a German cloud service, and in 2017 Hesse authorities said local schools could use Office 365. If German data remained in the country, that was fine, Hesse's data privacy commissioner, Michael Ronellenfitsch, said. But in August 2018 Microsoft decided to shut down the German service. So once again, data from local Office 365 users would be data transmitted over the Atlantic. Several US laws, including 2018's CLOUD Act and 2015's USA Freedom Act, give the US government more rights to ask for data from tech companies. It's actually simple, Austrian digital-rights advocate Max Schrems, who took a case on data transfers between the EU and US to the highest European court this week, tells ZDNet. School pupils are usually not able to give consent, he points out. "And if data is sent to Microsoft in the US, it is subject to US mass-surveillance laws. This is illegal under EU law." Even if it weren't, public institutions in Germany – such as schools – have a particular responsibility for what they do with personal data, and how transparent they are about that, Hesse's Ronellenfitsch explained in a statement."
Microsoft Office 365: Banned in German schools over privacy fears
ZDNet, 19 July 2019

"Facebook has become synonymous with privacy violations in the year since Cambridge Analytica came to light. Now in the same week that details of the record $5 billion FTC fine emerged, an Australian cyber researcher has reopened a years-old debate as to whether the social media giant is embedding "hidden codes" in photos uploaded by users onto the site. "Facebook is embedding tracking data inside photos you download," Edin Jusupovic claimed on Twitter, explaining he had "noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained what I now understand is an IPTC special instruction." The IPTC (International Press Telecommunications Council) sets technical publishing standards, including those for image metadata. Jusupovic described this as a "shocking level of tracking," adding that "the take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more)."
Facebook Embeds 'Hidden Codes' To Track Who Sees And Shares Your Photos
Forbes, 14 July 2019

"The FBI wants to gather more information from social media. Today, it issued a call for contracts for a new social media monitoring tool. According to a request-for-proposals (RFP), it's looking for an "early alerting tool" that would help it monitor terrorist groups, domestic threats, criminal activity and the like. The tool would provide the FBI with access to the full social media profiles of persons-of-interest. That could include information like user IDs, emails, IP addresses and telephone numbers. The tool would also allow the FBI to track people based on location, enable persistent keyword monitoring and provide access to personal social media history. According to the RFP, "The mission-critical exploitation of social media will enable the Bureau to detect, disrupt, and investigate an ever growing diverse range of threats to U.S. National interests." But a tool of this nature is likely to raise a few red flags, despite the FBI's call for "ensuring all privacy and civil liberties compliance requirements are met." The government doesn't have the best track record with regard to social media surveillance. Early this year, the ACLU sued the government over its use of social media surveillance of immigrants, and the Trump administration has proposed allowing officials to snoop on the social media accounts of Social Security disability recipients."
The FBI plans more social media surveillance
Endgadget, 12 July 2019

"Agents with the Federal Bureau of Investigation and Immigration and Customs Enforcement have turned state driver’s license databases into a facial-recognition gold mine, scanning through millions of Americans’ photos without their knowledge or consent, newly released documents show. Thousands of facial-recognition requests, internal documents and emails over the past five years, obtained through public-records requests by researchers with Georgetown Law’s Center on Privacy and Technology and provided to The Washington Post, reveal that federal investigators have turned state departments of motor vehicles databases into the bedrock of an unprecedented surveillance infrastructure. Police have long had access to fingerprints, DNA and other “biometric data” taken from criminal suspects. But the DMV records contain the photos of a vast majority of a state’s residents, most of whom have never been charged with a crime. Neither Congress nor state legislatures have authorized the development of such a system, and growing numbers of Democratic and Republican lawmakers are criticizing the technology as a dangerous, pervasive and error-prone surveillance tool.... San Francisco and Somerville, Mass., have banned their police and public agencies from using facial-recognition software, citing concerns about governmental overreach and a breach of public trust, and the subject is being hotly debated in Washington.... The records show the technology already is tightly woven into the fabric of modern law enforcement.... Vermont officials said they stopped using facial-recognition software in 2017. That year, a local chapter of the American Civil Liberties Union revealed records showing that the state DMV had been conducting the searches in violation of a state law that banned technology involving “the use of biometric identifiers.” The state’s governor and attorney general came out against the face-scanning software, citing a need to balance public safety with residents’ privacy rights."
FBI, ICE find state driver’s license photos are a gold mine for facial-recognition searches
Washington Post, 7 July 2019

"Tesco, a UK firm doing business in 11 countries, is testing a cashierless store design that goes beyond Amazon's Go. Tesco is not dependent on bar codes, RFID smart tags, or customer scanning [but on in store cameras]."
Pick and Go: Scanning No Longer Required, Supermarkets Swap Cashiers for Cameras
Mish Talk, 7 July 2019

"Sen. Chris Coons, a Democrat from Delaware, sent a letter to Amazon CEO Jeff Bezos in May, demanding answers on Alexa and how long it kept voice recordings and transcripts, as well as what the data gets used for. The letter came after CNET's report that Amazon kept transcripts of interactions with Alexa, even after people deleted the voice recordings. The deadline for answers was June 30, and Amazon's vice president of public policy, Brian Huseman, sent a response on June 28. In the letter, Huseman tells Coons that Amazon keeps transcripts and voice recordings indefinitely, and only removes them if they're manually deleted by users. Huseman also noted that Amazon had an "ongoing effort to ensure those transcripts do not remain in any of Alexa's other storage systems." But there are still records from some conversations with Alexa that Amazon won't delete, even if people remove the audio, the letter revealed.Privacy concerns aren't just limited to voice assistants, not with smart technology finding its way into more household items like doorbells and locks. And tech companies aren't always up front about what kind of data they collect or how much control you have over it.  .... In the letter to Coons, Amazon noted that for Alexa requests that involve a transaction, like ordering a pizza or hailing a rideshare, Amazon and the skill's developers can keep a record of that transaction. That means that there's a record of nearly every purchase you make on Amazon's Alexa, which can be considered personal information. Other requests, including setting reminders and alarms, would also remain saved, Huseman noted, saying that this was a feature customers wanted. ... Amazon said it uses the transcripts for training its voice assistant, and also so customers can know what Alexa thought it heard for voice commands. Those transcripts aren't anonymized --  Amazon explained that they're associated with every user's account."
Amazon Alexa keeps your data with no expiration date, and shares it too
Cnet, 2 July 2019

"Bus passengers in Bristol will be able to see how crowded the bus they are hoping to catch will be. Google has just rolled out a new programme called ‘transit crowdedness predictions’ so passengers at bus stops will get an indication of whether they will be squashed like sardines or have the back seat to themselves on their bus into town or work. The internet giant has launched the feature on Google Maps and Google search when people plan a route, or click on a bus stop and a specific approaching bus. It’s being rolled out in 18 cities and towns, including Bristol, today, and 200 cities across the world.   Google traffic maps already show up-to-the-second information on traffic jams on the roads - and does that using the location of people’s mobile phones as they are stuck in traffic or moving more slowly than the road normally expects. But Google hasn’t quite worked out yet how to transfer that information to the number of people sitting on actual buses - the predictions won’t contain live data, but will use predictions on reports of how crowded or empty the buses usually are at that time of day. But the up-to-the-minute data WILL be used to provide something many bus passengers will long for - telling people how and why their buses will be delayed."
Google can now tell you how many people are on your bus and if it's late
Bristol Post, 28 June 2019


"Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018, deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.The malware, called Regin, is known to be used by the “Five Eyes” intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada, the sources said. Intelligence agencies in those countries declined to comment. Western cyberattacks against Russia are seldom acknowledged or spoken about in public. It could not be determined which of the five countries was behind the attack on Yandex, said sources in Russia and elsewhere, three of whom had direct knowledge of the hack. The breach took place between October and November 2018. Yandex spokesman Ilya Grabovsky acknowledged the incident in a statement to Reuters, but declined to provide further details. ... The company, widely known as “Russia’s Google” for its array of online services from internet search to email and taxi reservations, says it has more than 108 million monthly users in Russia. It also operates in Belarus, Kazakhstan and Turkey. The sources who described the attack to Reuters said the hackers appeared to be searching for technical information that could explain how Yandex authenticates user accounts. Such information could help a spy agency impersonate a Yandex user and access their private messages. The hack of Yandex’s research and development unit was intended for espionage purposes rather than to disrupt or steal intellectual property, the sources said. The hackers covertly maintained access to Yandex for at least several weeks without being detected, they said.... Reports by The Intercept, in partnership with a Dutch and Belgian newspaper, tied an earlier version of Regin to a hack at Belgian telecom firm Belgacom in 2013 and said British spy agency Government Communications Headquarters (GCHQ) and the NSA were responsible. At the time GCHQ declined to comment and the NSA denied involvement."
Western intelligence hacked 'Russia's Google' Yandex to spy on accounts - sources
Reuters, 27 June 2019

"The National Security Agency collected records about U.S. calls and text messages that it wasn’t authorized to obtain last year, in a second such incident, renewing privacy concerns surrounding the agency’s maligned phone-surveillance program, according to government documents and people familiar with the matter."
NSA Improperly Collected U.S. Phone Records a Second Time
Wall St Journal, 26 June 2019

"Mandatory SIM card registration laws require people to provide personal information, including a valid ID or even their biometrics, as a condition for purchasing or activating a SIM card. Such a requirement allows the state to identify the owner of a SIM card and infer who is most likely making a call or sending a message at any given time. SIM card registration laws are proliferating, but there is no uniform approach. By December 2018, approximately 150 governments required some form of proof of identity before a person could purchase a SIM card, but what form of ID and what other information may be required varies. In 2012, the European Commission requested that EU states provide evidence of actual or potential benefits from mandatory SIM card registration measures and, after examining the responses it received, concluded there was no benefit either to assisting criminal investigations or to the common market to having a single EU approach. .... As of February 2019, the following countries do not have mandatory SIM card registration laws: Andorra, Bahamas, Bosnia and Herzegovina, Cabo Verde, Canada, Colombia, Comoros, Croatia, Czech Republic, Denmark, Estonia, Finland, Georgia, Hong Kong, Iceland, Ireland, Israel, Kiribati, Liechtenstein, Lithuania, Maldives, Marshall Islands, Mexico, Micronesia, Moldova, New Zealand, Nicaragua, Portugal, Romania, Slovenia, Solomon Islands, Sweden, United Kingdom, United States of America. SIM card registration undermines peoples’ ability to communicate anonymously, organise, and associate with others, and it infringes their rights to privacy and freedom of expression. By making it easier for law enforcement authorities to track and monitor people, these laws threaten vulnerable groups and facilitate generalised surveillance. People who lack ID, or who do not want to or are unable to disclose such personal information, are excluded from important spheres for formulating and sharing ideas: roughly 1 billion people around the world lack a valid form of government ID and could be prevented from purchasing a SIM card as a result, and journalists, human rights defenders, and people from marginalized or minority communities may fear harassment, intimidation, violence, or persecution if they register. Challenging SIM card registration laws is therefore important to preserving our civic spaces and defending democracy."
Timeline of SIM Card Registration Laws
Privacy International, 11 June 2019

"A legal challenge to the UK’s controversial mass surveillance regime has revealed shocking failures by the main state intelligence agency, which has broad powers to hack computers and phones and intercept digital communications, in handling people’s information. The challenge, by rights group Liberty, led last month to an initial finding that MI5 had systematically breached safeguards in the UK’s Investigatory Powers Act (IPA) — breaches the Home Secretary, Sajid Javid, euphemistically couched as “compliance risks” in a carefully worded written statement that was quietly released to parliament. Today Liberty has put more meat on the bones of the finding of serious legal breaches in how MI5 handles personal data, culled from newly released (but redacted) documents that it says describe the “undoubtedly unlawful” conduct of the UK’s main security service which has been retaining innocent people’s data for years. The series of 10 documents and letters from MI5 and the Investigatory Powers Commissioner’s Office (IPCO), the body charged with overseeing the intelligence agencies’ use of surveillance powers, show that the spy agency has failed to meet its legal duties for as long as the IPA has been law, according to Liberty. The controversial surveillance legislation passed into UK law in November 2016 — enshrining a system of mass surveillance of digital communications which includes a provision that logs of all Internet users’ browsing activity be retained for a full year, accessible to a wide range of government agencies (not just law enforcement and/or spy agencies). The law also allows the intelligence agencies to maintain large databases of personal information on UK citizens, even if they are not under suspicion of any crime. And sanctions state hacking of devices, networks and services, including bulk hacking on foreign soil. It also gives U.K. authorities the power to require a company to remove encryption, or limit the rollout of end-to-end encryption on a future service. In a statement, Liberty’s lawyer, Megan Goulding, said: “These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so. This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history. “It is unacceptable that the public is only learning now about these serious breaches after the Government has been forced into revealing them in the course of Liberty’s legal challenge. In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the Government’s surveillance regime. And, despite a light being shone on this deplorable violation of our rights, the Government is still trying to keep us in the dark over further examples of MI5 seriously breaching the law.”"
Liberty’s challenge to UK state surveillance powers reveals shocking failures
TechCrunch, 11 June 2019

"The Driver and Vehicle Licensing Agency (DVLA) could face an inquiry by the information watchdog after it emerged that it released personal details of 23 million motorists last year. The Information Commissioner’s Office (ICO) has confirmed that it is looking into issues around the sharing of driver data to third parties after motoring groups questioned the scale of information sharing and the legitimacy of some of the requests. According to the Times, half of the requests were made by local councils but the DVLA also made almost £20 million in 2018 from sharing vehicle keeper details with other groups such as private parking firms, bailiffs and private investigators. The data represents the records of almost two thirds of vehicle owners in the country and the level of sharing has led to questions about whether it abides by the General Data Protection Regulation (GDPR) introduced last year. Anyone can request information about a vehicle or its keeper if they have “reasonable cause” such as trying to find out who was responsible for an accident, issuing parking tickets or tracing the keeper of an abandoned vehicle. As well as councils, bailiffs chasing unpaid traffic fines were responsible for 1.9m record requests and private parking firms for 6.8m last year."
DVLA could face watchdog inquiry into sharing of driver details
inews, 10 June 2019

"Security experts have clashed with the new reviewer of terrorism laws over his fears that relying on technology to stop atrocities puts civil liberties at risk. Jonathan Hall, QC, said that police and the security services were increasingly turning to artificial intelligence and algorithms to predict when, where and by whom terrorist attacks might be committed. In his first interview since assuming the role Mr Hall told The Times that “a large amount of our liberty” had been sacrificed by citizens after “we’ve given all our data to big tech companies”. Anti-terrorism specialists said that his views were deeply unsettling. They claimed that in a world where terrorists were using technology, the police and security services should not be hampered by misplaced liberal ideology."
Experts clash with terror chief over AI threat to civil liberties
Times, 8 June 2019

"The Open Technology Institute (OTI) has responded to GCHQ/NCSC's article on 'Principles for a More Informed Exceptional Access Debate' with an 'Open Letter to GCHQ on the Threats Posed by the Ghost Proposal'. 'Exceptional access' is the law enforcement term for accessing encrypted messages -- the so-called government backdoor into end-to-end encryption services. 'Going dark' is the term law enforcement uses to describe its inability to access encrypted messages between subjects of interest that increasingly use encryption. 'Ghost proposal' is OTI's term for GCHQ's proposed method to prevent going dark.... The authors then propose possible methods of gaining access while conforming to the principles. Encrypted cloud backups are conceptually easy: "If those backups are encrypted, maybe we can do password guessing on big machines," suggest the authors. It would be focused and could be given judicial oversight and legitimacy relatively easy. Of more interest, however, is the proposed possible route into encrypted chats in real time. "It's relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who's who and which devices are involved -- they're usually involved in introducing the parties to a chat or call. You end up with everything still being end-to-end encrypted, but there's an extra 'end' on this particular communication." This is the so-called 'ghost user' solution. The authors state very clearly that this does not interfere with encryption. "We're not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we're normally talking about suppressing a notification on a target's device, and only on the device of the target and possibly those they communicate with." In its open letter (PDF) to GCHQ, the OTI acknowledges that vendors' encryption algorithms will not be manipulated, but suggest that implementing the ghost user will create significant other problems. For example, while the encryption itself does not need to be redeveloped, the method of authenticating users (the check codes to ensure that the chat is between expected users) will have to be rewritten. Susan Landau points out that the ghost proposal "involves changing how the encryption keys are negotiated in order to accommodate the silent listener, creating a much more complex protocol -- raising the risk of an error." On top of this, GCHQ's own principal of transparency over when the option is invoked will demonstrate that it is being invoked -- meaning that users of encryption (for very legitimate purposes such as journalism, conversations between vulnerable people, and more) will never know, nor be able to trust, that their conversations are genuinely confidential."
Inside GCHQ's Proposed Backdoor Into End-to-End Encryption
Security Week, 3 June 2019

"Visa applicants to the United States are required to submit any information about social media accounts they have used in the past five years under a State Department policy that started on Friday. Such account information would give the government access to photos, locations, dates of birth, dates of milestones and other personal data commonly shared on social media. “We already request certain contact information, travel history, family member information, and previous addresses from all visa applicants,” the State Department said in a statement. “We are constantly working to find mechanisms to improve our screening processes to protect U.S. citizens, while supporting legitimate travel to the United States.”.... “This seems to be part and parcel of the same effort to have an extraordinary broad surveillance of citizens and noncitizens,” Elora Mukherjee, director of the Immigrants’ Rights Clinic at Columbia Law School, said on Sunday of the latest development. “Given the scope of the surveillance efforts, it is hard to find a rational basis for the broad surveillance the Department of State and the Department of Homeland Security have been doing for almost two years.” The added requirement could dissuade visa applicants, who may see it as a psychological barrier to enter the United States. “This is a dangerous and problematic proposal, which does nothing to protect security concerns but raises significant privacy concerns and First Amendment issues for citizens and immigrants,” Hina Shamsi, the director of the American Civil Liberties Union’s National Security Project, said on Sunday. “Research shows that this kind of monitoring has chilling effects, meaning that people are less likely to speak freely and connect with each other in online communities that are now essential to modern life.” The social media web today is a map of our contacts, associations, habits and preferences. This kind of requirement will result in suspicion of surveillance of travelers and their networks of friends, families and business associates, Ms. Shamsi said, adding that the government had failed to explain how it would use this information."
U.S. Requiring Social Media Information From Visa Applicants
New York Times, 2 June 2019

"As data collection systems continue to proliferate throughout everyday life, it’s likely that networked bar ID surveillance systems like PatronScan will roll out in even more cities. And with the addition of more biometric tools, demographic data gathering, and machine learning, your favorite bar could soon wave you in to your favorite seat and hand you your favorite cocktail, all without glancing at your ID. To some onlookers, PatronScan’s product raises a number of concerns about privacy, surveillance, and discrimination. PatronScan’s reports reveal the company logged where customers live, the household demographics for that area, how far each customer travelled to a bar, and how many different bars they had visited. According to the company’s own policies, the company readily shares the information it collects on patrons, both banned and not, at the request of police. In addition to selling its kiosks to individual bars and nightlife establishments, PatronScan also advertises directly to cities, suggesting that they mandate the adoption of their service. PatronScan represents an extreme example of the growing adoption of data collection at bars and restaurants... once a bar adopts an ID scanning system, even innocent patrons may never know where their ID data will end up, or how it will be used....Like many similar systems, the PatronScan kiosk scans a government-issued ID’s barcode to make sure it’s legitimate and that it hasn’t already been used by another customer at the bar. The company claims that its system can recognize 5,000 different types of ID from around the world. ... In its marketing materials, PatronScan includes price quotes for widescale ID scanning implementation in Austin, Seattle, and Charleston. Representatives for Austin and Seattle said those cities had no such contract or mandate. Officials from Charleston did not respond to requests for comment. Among other municipalities, Sacramento and Pomona, California both require certain bars to use ID scanners. The entire state of Utah also requires an ID scan of any customer who appears to be under 35. But the majority of states do not have laws specifically regulating how and when IDs can be scanned, or how that data can be retained or used..... In 2018, California passed a law that updated existing rules limiting the data collection powers of ID scanner services and the businesses that use them. The legislation was written and championed by Assemblymember Jim Cooper, who was alarmed by PatronScan’s roll-out in Sacramento. ..... PatronScan is far from the only company hawking restaurant and nightlife surveillance services, but other firms in the sector mostly focus on business services rather than law enforcement aid. Several competing ID scanner services and point of sale system add-ons, such as TokenWorks and Vemos, also allow a venue to create and maintain internal digitized ban lists.... Handing over an ID for inspection and scanning is data collection laid far more bare than usual. But in the context of bar-hopping, it’s become almost wholly normalized. After all, people already give up their information in exchange for access and convenience several times every day, readily and witlessly, obviously and obliviously. They might, one day, just as easily let your health insurer, your boss, and the police know that you’re there — and whether you were suddenly, and unfortunately, eighty-sixed."
This ID Scanner Company is Collecting Sensitive Data on Millions of Bargoers
OneZero, 29 May 2019

"NSA whistleblower Edward Snowden said Thursday that people in systems of power have exploited the human desire to connect in order to create systems of mass surveillance. Snowden appeared at Dalhousie University in Halifax, Nova Scotia via livestream from Moscow to give a keynote address for the Canadian university's Open Dialogue Series. Right now, he said, humanity is in a sort of "atomic moment" in the field of computer science. "We're in the midst of the greatest redistribution of power since the Industrial Revolution, and this is happening because technology has provided a new capability," Snowden said. "It's related to influence that reaches everyone in every place," he said. "It has no regard for borders. Its reach is unlimited, if you will, but its safeguards are not." Without such defenses, technology is able to affect human behavior.... Institutions can "monitor and record private activities of people on a scale that's broad enough that we can say it's close to all-powerful," said Snowden. They do this through "new platforms and algorithms," through which "they're able to shift our behavior. In some cases they're able to predict our decisions—and also nudge them—to different outcomes. And they do this by exploiting the human need for belonging."... "And now," he added, "these institutions, which are both commercial and governmental, have built upon that and... have structuralized that and entrenched it to where it has become now the most effective means of social control in the history of our species." "Maybe you've heard about it," Snowden said. "This is mass surveillance." Listen to Snowden's full remarks below. (He begins speaking around the 25-minute mark.)"
Edward Snowden: With Technology, Institutions Have Made 'Most Effective Means of Social Control in the History of Our Species'
Common Dreams, 31 May 2019

"The world’s lawmakers have a duty to protect children from being turned into “voodoo dolls” by the “surveillance capitalism” of major high-tech companies, says the Canadian chair of the international grand committee on big data, privacy and democracy. Conservative MP Bob Zimmer offered that summary as the multinational group of legislators wrapped its third and final day of hearings on Parliament Hill on Wednesday. The committee is examining the role of internet giants in safeguarding privacy and democratic rights. Over three days, the MPs have grilled representatives from Facebook, Amazon and other tech titans, and they lamented the fact the household names that head those and other organizations ignored requests to testify. They were replaced by lower-level officials who, in some cases, declined to answer questions because they said they didn’t have the big-picture knowledge of their celebrity bosses. Zimmer said the hearings have been useful as he watches his own four children, aged 15 to 21, “getting more and more addicted to these phones.” “When you see from surveillance capitalism, the whole drive, the whole business model is to keep them glued to that phone despite the bad health that that brings to those children – our kids. It’s all for a buck,” said Zimmer. “We’re responsible to do something about that. We care about our kids. We don’t want to see them turned into voodoo dolls, to be controlled by the almighty dollar and capitalism.” Liberal and New Democrat MPs on the committee shared that view in a rare show of domestic political unity. That was evident across international lines as well. British MP Damian Collins, the committee co-chair, said the hearings have shown how the companies were “unwilling to answer direct questions about how they gather data and how they use it.” That includes testimony by witnesses who couldn’t explain how Facebook and Amazon interact, or how data from the LinkedIn networking site and Microsoft (which bought it in 2016) are integrated, said Collins. “I don’t understand why companies are unwilling to talk openly about the tools they put in place. People may consent to use these tools but do they understand the extent of the data they’re sharing when they do,” said Collins. The privacy implications of one popular online tool came under scrutiny during Wednesday’s testimony. A security executive for the internet-browser company Mozilla said he was shocked by the recordings of his family that were collected and retained by Amazon’s popular Alexa voice-activated interactive speakers. Alan Davidson, Mozilla’s vice-president of global policy, trust and security, said the Amazon Echo, the hardware that runs the Alexa service, is a wonderful product but when he recently examined what his family had recorded and stored, he found the archive included conversations among his young children. “I was shocked, honestly, and my family was shocked to see these recordings of our young children from years ago that are in the cloud and stored about us. It’s not to say that something was done wrong, or unlawfully,” Davidson said. “But users have no idea – they have no idea this data is out there and they don’t know how it’s going to be used in the future either.”"
Big data committee wraps up third and final day of hearings on Parliament Hill
Globe and Mail, 30 May 2019

"Next week, a school district in western New York will become the first in the United States to pilot a facial recognition system on its students and faculty. On Monday, June 3, the Lockport City School District will light up its Aegis system as part of a pilot project that will make it broadly operational by Sept. 1, 2019. The district has eight schools.The Lockport pilot comes amid increased scrutiny of facial recognition’s efficacy across the US, including growing civil rights concerns and worries that the tech may serve to further entrench societal biases. Earlier this month, San Francisco banned police from using facial recognition, and similar bills in the US hope to do the same. Amazon has endured persistent pressure — including from its own shareholders — for its aggressive salesmanship of its facial Rekognition system to law enforcement agencies. Rep. Alexandria Ocasio-Cortez expressed concern that facial recognition could be used as a form of social control in a congressional hearing on the technology last week....After Lockport’s initial announcement, the New York Civil Liberties Union investigated the effort and wrote letters to the New York State Education Department, asking it to intervene and block the project. “This is opening the floodgates,“ Stefanie Coyle, education counsel for NYCLU, told BuzzFeed News in an interview. “San Francisco banned this tech, and it’s this major city closest to all the people who understand this tech the best. Why in the world would we want this to come to New York, and in a place where there are children?
The First Public Schools In The US Will Start Using Facial Recognition Next Week
Buzzfeed, 29 May 2019

"It’s 3 a.m. Do you know what your iPhone is doing? Mine has been alarmingly busy. Even though the screen is off and I’m snoring, apps are beaming out lots of information about me to companies I’ve never heard of. Your iPhone probably is doing the same — and Apple could be doing more to stop it. On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with. And all night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address -— once every five minutes." Our data has a secret life in many of the devices we use every day, from talking Alexa speakers to smart TVs. But we’ve got a giant blind spot when it comes to the data companies probing our phones. You might assume you can count on Apple to sweat all the privacy details. After all, it touted in a recent ad, “What happens on your iPhone stays on your iPhone.” My investigation suggests otherwise. IPhone apps I discovered tracking me by passing information to third parties — just while I was asleep — include Microsoft OneDrive, Intuit’s Mint, Nike, Spotify, The Washington Post and IBM’s the Weather Channel. One app, the crime-alert service Citizen, shared personally identifiable information in violation of its published privacy policy. And your iPhone doesn’t only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T. “This is your data. Why should it even leave your phone? Why should it be collected by someone when you don’t know what they’re going to do with it?” says Patrick Jackson, a former National Security Agency researcher who is chief technology officer for Disconnect. He hooked my iPhone into special software so we could examine the traffic. “I know the value of data, and I don’t want mine in any hands where it doesn’t need to be,” he told me. In a world of data brokers, Jackson is the data breaker. He developed an app called Privacy Pro that identifies and blocks many trackers. If you’re a little bit techie, I recommend trying the free iOS version to glimpse the secret life of your iPhone. Yes, trackers are a problem on phones running Google’s Android, too. Google won’t even let Disconnect’s tracker-protection software into its Play Store. .... Jackson’s biggest concern is transparency: If we don’t know where our data is going, how can we ever hope to keep it private?... Privacy policies don’t necessarily provide protection. Citizen, the app for location-based crime reports, published that it wouldn’t share “your name or other personally identifying information.” Yet when I ran my test, I found it repeatedly sent my phone number, email and exact GPS coordinates to the tracker Amplitude....The problem is, the more places personal data flies, the harder it becomes to hold companies accountable for bad behavior — including inevitable breaches....What disappoints me is that the data free-for-all I discovered is happening on an iPhone. Isn’t Apple supposed to be better at privacy?"
It’s the middle of the night. Do you know who your iPhone is talking to?
Washington Post, 28 May 2019

"For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services. But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case. Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard. It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs. The N.S.A. connection to the attacks on American cities has not been previously reported, in part because the agency has refused to discuss or even acknowledge the loss of its cyberweapon, dumped online in April 2017 by a still-unidentified group calling itself the Shadow Brokers. Years later, the agency and the Federal Bureau of Investigation still do not know whether the Shadow Brokers are foreign spies or disgruntled insiders. Thomas Rid, a cybersecurity expert at Johns Hopkins University, called the Shadow Brokers episode “the most destructive and costly N.S.A. breach in history,” more damaging than the better-known leak in 2013 from Edward Snowden, the former N.S.A. contractor. “The government has refused to take responsibility, or even to answer the most basic questions,” Mr. Rid said. “Congressional oversight appears to be failing. The American people deserve an answer.”" The N.S.A. and F.B.I. declined to comment. Since that leak, foreign intelligence agencies and rogue actors have used EternalBlue to spread malware that has paralyzed hospitals, airports, rail and shipping operators, A.T.M.s and factories that produce critical vaccines. Now the tool is hitting the United States where it is most vulnerable, in local governments with aging digital infrastructure and fewer resources to defend themselves. Before it leaked, EternalBlue was one of the most useful exploits in the N.S.A.’s cyberarsenal. According to three former N.S.A. operators who spoke on the condition of anonymity, analysts spent almost a year finding a flaw in Microsoft’s software and writing the code to target it. Initially, they referred to it as EternalBluescreen because it often crashed computers — a risk that could tip off their targets. But it went on to become a reliable tool used in countless intelligence-gathering and counterterrorism missions. EternalBlue was so valuable, former N.S.A. employees said, that the agency never seriously considered alerting Microsoft about the vulnerabilities, and held on to it for more than five years before the breach forced its hand.... Today, Baltimore remains handicapped as city officials refuse to pay, though workarounds have restored some services. Without EternalBlue, the damage would not have been so vast, experts said. The tool exploits a vulnerability in unpatched software that allows hackers to spread their malware faster and farther than they otherwise could. North Korea was the first nation to co-opt the tool, for an attack in 2017 — called WannaCry — that paralyzed the British health care system, German railroads and some 200,000 organizations around the world. Next was Russia, which used the weapon in an attack — called NotPetya — that was aimed at Ukraine but spread across major companies doing business in the country. The assault cost FedEx more than $400 million and Merck, the pharmaceutical giant, $670 million.".... Until a decade or so ago, the most powerful cyberweapons belonged almost exclusively to intelligence agencies — N.S.A. officials used the term “NOBUS,” for “nobody but us,” for vulnerabilities only the agency had the sophistication to exploit. But that advantage has hugely eroded, not only because of the leaks, but because anyone can grab a cyberweapon’s code once it’s used in the wild. Some F.B.I. and Homeland Security officials, speaking privately, said more accountability at the N.S.A. was needed. A former F.B.I. official likened the situation to a government failing to lock up a warehouse of automatic weapons."
In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
New York Times, 25 May 2019

"The maker of vehicle license plate readers used extensively by the US government and cities to identify and track citizens and immigrants has been hacked. Its internal files were pilfered, and are presently being offered for free on the dark web to download. Tennessee-based Perceptics prides itself as "the sole provider of stationary LPRs [license plate readers] installed at all land border crossing lanes for POV [privately owned vehicle] traffic in the United States, Canada, and for the most critical lanes in Mexico." In fact, Perceptics recently announced, in a pact with Unisys Federal Systems, it had landed "a key contract by US Customs and Border Protection to replace existing LPR technology, and to install Perceptics next generation License Plate Readers (LPRs) at 43 US Border Patrol check point lanes in Texas, New Mexico, Arizona, and California." On Thursday this week, however, an individual using the pseudonym "Boris Bullet-Dodger" contacted The Register, alerting us to the hack, and provided a list of files exfiltrated from Perceptics' corporate network as proof. We're assuming this is the same "Boris" involved in the CityComp hack last month. Boris declined to answer our questions. The file names and accompanying directories – numbering almost 65,000 – fit with the focus of the surveillance technology biz. They include .xlsx files named for locations and zip codes, .jpg files with names that refer to "driver" and "scene," .docx files associated with presumed government clients like ICE, and date-and-time stamped .jpgs and .mp4 files. And there many other types of files: .htm, .html, .txt, .doc, .asp, .tdb, .mdb, .json, .rtf, .xls, and .tif among others. Many of the image files, we're guessing, are license plate captures."
Maker of US border's license-plate scanning tech ransacked by hacker, blueprints and files dumped online
The Register, 23 May 2019

"The use of "dystopian" new facial recognition technology by British police is to be challenged in the courts for the first time. Liberty, the human rights group, has launched a case against South Wales police, the UK force which has pioneered technology capable of mapping faces and comparing them to a database in real time. Supporters claim facial recognition technology will boost the safety of citizens and could help police catch criminals and potential terrorists. Critics have labelled it "Orwellian" and say police have not been transparent about how it will use people's data."
Police use of 'Orwellian' facial recognition technology faces UK legal challenge
Telegraph, 21 May 2019

"UK Home Secretary Sajid Javid has announced an Espionage Bill, charging ahead with new laws intended to criminalise any British copycats of Edward Snowden – and allowing a future crackdown on Huawei. The bill, said Javid, "will bring together new and modernised powers, giving our security services the legal authority they need" to tackle foreign spies operating on UK soil. "The areas this work will consider includes whether we follow allies in adopting a form of foreign agent registration and how we update our Official Secrets Acts for the 21st century," the Home Secretary said at New Scotland Yard earlier today. He also called for new treason laws, which he said would be aimed at people who "betray" Britain, whether at home or abroad. Announced during a wide-ranging speech delivered to police and spy agency personnel at the Metropolitan Police's London HQ, few details were given about the proposed Espionage Bill's contents. Much more, however, can be found in a Law Commission consultation dating back to 2015, titled Protection of Official Data, and discussing what was then considered a potential future Espionage Bill. Although it was supposed to be published back in 2017, having been closed to new submissions years ago, the commission's final report on that bill has been stuck in limbo for the last two years. Now, it seems, we know why. Most of the commission's full consultation (a 326-page PDF accessible via the link above) is concerned with what the British state calls "unauthorised disclosures", as well as a truly obscene section (between PDF pages 146-149) discussing legal ways and means of letting state prosecutors carry out "authorised checks" on juries sitting in national security and terrorism cases. These, it is stated, should be done with a view to throwing out any jurors who might return the wrong verdict by sympathising with the accused."
UK's planned Espionage Act will crack down on Snowden-style Brit whistleblowers, suspected backdoored gear (cough, Huawei)
The Register, 20 May 2019

"Civil Liberties Activists trying to inspire alarm about the authoritarian potential of facial recognition technology often point to China, where some police departments use systems that can spot suspects who show their faces in public. A report from Georgetown researchers on Thursday suggests Americans should also focus their concern closer to home. The report says agencies in Chicago and Detroit have bought real-time facial recognition systems. Chicago claims it has not used its system; Detroit says it is not using its system currently. But no federal or state law would prevent use of the technology. According to contracts obtained by the Georgetown researchers, the two cities purchased software from a South Carolina company, DataWorks Plus, that equips police with the ability to identify faces from surveillance footage in real time. A description on the company’s website says the technology, called FaceWatch Plus, “provides continuous screening and monitoring of live video streams.” DataWorks confirmed the existence of the systems, but did not elaborate further. Facial recognition has long been used on static images to identify arrested suspects and detect driver’s license fraud, among other things. But using the technology with real-time video is less common. It has become practical only through recent advances in AI and computer vision, although it remains significantly less accurate than facial recognition under controlled circumstances. Privacy advocates say ongoing use of the technology in this way would redefine the traditional anonymity of public spaces. “Historically we haven’t had to regulate privacy in public because it’s been too expensive for any entity to track our whereabouts,” says Evan Selinger, a professor at the Rochester Institute of Technology. “This is a game changer.”"
Cities Are Adopting Real-Time Facial Surveillance Systems
Technocracy News and Trends, 20 May 2019

"Among the mega-corporations that surveil you, your cellphone carrier has always been one of the keenest monitors, in constant contact with the one small device you keep on you at almost every moment. A confidential Facebook document reviewed by The Intercept shows that the social network courts carriers, along with phone makers — some 100 different companies in 50 countries — by offering the use of even more surveillance data, pulled straight from your smartphone by Facebook itself. Offered to select Facebook partners, the data includes not just technical information about Facebook members’ devices and use of Wi-Fi and cellular networks, but also their past locations, interests, and even their social groups. This data is sourced not just from the company’s main iOS and Android apps, but from Instagram and Messenger as well. The data has been used by Facebook partners to assess their standing against competitors, including customers lost to and won from them, but also for more controversial uses like racially targeted ads. Some experts are particularly alarmed that Facebook has marketed the use of the information — and appears to have helped directly facilitate its use, along with other Facebook data — for the purpose of screening customers on the basis of likely creditworthiness. Such use could potentially run afoul of federal law, which tightly governs credit assessments. Facebook said it does not provide creditworthiness services and that the data it provides to cellphone carriers and makers does not go beyond what it was already collecting for other uses. Facebook’s cellphone partnerships are particularly worrisome because of the extensive surveillance powers already enjoyed by carriers like AT&T and T-Mobile: Just as your internet service provider is capable of watching the data that bounces between your home and the wider world, telecommunications companies have a privileged vantage point from which they can glean a great deal of information about how, when, and where you’re using your phone. AT&T, for example, states plainly in its privacy policy that it collects and stores information “about the websites you visit and the mobile applications you use on our networks.” Paired with carriers’ calling and texting oversight, that accounts for just about everything you’d do on your smartphone."
Thanks to Facebook, Your Cellphone Company Is Watching You More Closely Than Ever
The Intercept, 20 May 2019

"Cars produced today are essentially smartphones with wheels. For drivers, this has meant many new features: automatic braking, turn-by-turn directions, infotainment. But for all the things we’re getting out of our connected vehicles, carmakers are getting much, much more: They’re constantly collecting data from our vehicles. Today’s cars are equipped with telematics, in the form of an always-on wireless transmitter that constantly sends vehicle performance and maintenance data to the manufacturer. Modern cars collect as much as 25 gigabytes of data per hour, the consulting firm McKinsey estimates, and it’s about much more than performance and maintenance. Cars not only know how much we weigh but also track how much weight we gain. They know how fast we drive, where we live, how many children we have — even financial information. Connect a phone to a car, and it knows who we call and who we text. But who owns and, ultimately, controls that data? And what are carmakers doing with it? The issue of ownership is murky. Drivers usually sign away their rights to data in a small-print clause buried in the ownership or lease agreement. It’s not unlike buying a smartphone. The difference is that most consumers have no idea vehicles collect data. We know our smartphones, Nests and Alexas collect data, and we’ve come to accept an implicit contract: We trade personal information for convenience. With cars, we have no such expectation."
Your Car Knows When You Gain Weight
New York Times, 20 May 2019

"Google has been quietly keeping track of nearly every single online purchase you’ve ever made, thanks to purchase receipts sent to your personal Gmail account, according to a new report today from CNBC. Even stranger: this information is made available to you via a private web tool that’s been active for an indeterminate amount of time.....Google, like Facebook, knows an immense amount of information about you, your personal habits, and, yes, what you buy on the internet. And like the social network it dominates the online advertising industry alongside, Google gets this information mostly through background data collection using methods and tools its users may not be fully aware of, like Gmail purchase receipts."
Google has been tracking nearly everything you buy online — see for yourself with this tool
The Verge, 17 May 2019

"Google tracks a lot of what you buy, even if you purchased it elsewhere, like in a store or from Amazon. Last week, CEO Sundar Pichai wrote a New York Times op-ed that said “privacy cannot be a luxury good.” But behind the scenes, Google is still collecting a lot of personal information from the services you use, such as Gmail, and some of it can’t be easily deleted. A page called “Purchases ” shows an accurate list of many — though not all — of the things I’ve bought dating back to at least 2012. I made these purchases using online services or apps such as Amazon, DoorDash or Seamless, or in stores such as Macy’s, but never directly through Google. But because the digital receipts went to my Gmail account, Google has a list of info about my buying habits. Google even knows about things I long forgot I’d purchased... "
Google uses Gmail to track a history of things you buy — and it’s hard to delete
CNBC, 17 May 2019

"As San Francisco’s Board of Supervisors prepared to vote Tuesday on an ordinance forbidding city agencies to use facial recognition technology, some proponents of the measure were uncertain if they had the necessary support. Two of the legislators who were for it had called in sick. But Brian Hofer, a paralegal who had drafted the ordinance, seemed unfazed. Sitting in the back of a chamber in City Hall, he wrote and rewrote a draft of a post for Twitter in which he would proclaim victory after the ban passed.... Mr. Hofer is little known outside California, but his anti-surveillance measures have been making waves in the state. He successfully pressed the Northern California cities of Richmond and Berkeley, which have sanctuary policies, to end their contracts with tech companies like Amazon and Vigilant Solutions that do business with Immigration and Customs Enforcement. In Santa Clara County, in Oakland and elsewhere, he has secured transparency laws around surveillance technology. His campaigns are just beginning. In Berkeley and Oakland, Mr. Hofer is pushing for more facial recognition bans. He has two additional privacy proposals winding their way through the state’s legislative process, focused on reining in surveillance technology. And he is establishing a nonprofit, Secure Justice, that will grapple with technology issues. “My primary concern is when the state abuses its power, and because of the age we live in, it’s probably going to occur through technology and data mining,” Mr. Hofer said. “That’s where I see the most potential harm occurring. So I just wanted to jump right in.”... Mr. Hofer started to hold technology accountable in 2014 when he heard about a new surveillance system in Oakland. The system, the Domain Awareness Center, was designed to aggregate data from security cameras, license plate readers, gunshot detectors and other technology....Mr. Hofer took on a range of anti-surveillance initiatives. He began drafting legislation that would force cities to be transparent about the surveillance systems they deployed, or to cut technological ties with ICE. He said he did not consider himself anti-tech and was just trying to prevent the authorities from abusing the power of technology. The facial recognition bans are Mr. Hofer’s latest cause, partly because he sees an opportunity to cut off the technology before it becomes widespread and entrenched, he said. “On balance, it’s such a dramatic shift in power that for the first time, aggressively, I want to say this is where we draw the line,” said Mr. Hofer, who worked with the American Civil Liberties Union and others to push the San Francisco ordinance through.Last Thanksgiving, Mr. Hofer experienced the surveillance technology he has been examining firsthand. Police officers in Contra Costa County, using an automated license plate reader tool, pulled him over and accused him of stealing the rental car he was driving. Mr. Hofer said he had recognized the tool — it was made by Vigilant Solutions, a target of his sanctuary city ordinances. “It showed me the real-world consequences of these sometimes speculative, hypothetical arguments that I’ve been making,” he said. Eventually, the officers realized that the car had been stolen months earlier and that, when it was recovered, its plates were not removed from a list of stolen vehicles, Mr. Hofer said. He was released and is suing the Contra Costa County sheriff’s department, claiming civil rights violations. On Tuesday, Catherine Stefani was the lone supervisor to vote against the ban, which passed 8 to 1. The legislation was “well intentioned” but required more work before it could be put into effect, she said. She worried that city departments would need to hire new staff to manage the transparency requirements and that the ordinance would create budget problems. After the vote, Mr. Hofer and other supporters huddled in the hallway to debrief. He sent his victory tweet, crediting Mr. Peskin for championing the ban and noting that it was the first of its kind. Matt Cagle, an attorney with the A.C.L.U. who worked with Mr. Hofer on the ordinance, said he had already received phone calls from regulators across the country who were curious about it. “The desire not to be tracked when you walk down the street or watch-listed by a secret algorithm, these are shared values across the United States,” Mr. Cagle said. “We fully expect this vote and this ordinance to inspire other communities to take control of these important decisions.”
The Man Behind San Francisco’s Facial Recognition Ban Is Working on More. Way More.
New York Times, 15 May 2019

"An Israeli firm accused of supplying tools for spying on human-rights activists and journalists now faces claims that its technology can use a security hole in WhatsApp, the messaging app used by 1.5 billion people, to break into the digital communications of iPhone and Android phone users. Security researchers said they had found so-called spyware — designed to take advantage of the WhatsApp flaw — that bears the characteristics of technology from the company, the NSO Group. WhatsApp engineers worked around the clock to patch the vulnerability and released a patch on Monday. They encouraged customers to update their apps as quickly as possible.....The spyware was used to break into the phone of a London lawyer who has been involved in lawsuits that accused the company of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists, the researchers said. There may have been other targets, they said. Digital attackers could use the vulnerability to insert malicious code and steal data from an Android phone or an iPhone simply by placing a WhatsApp call, even if the victim did not pick up the call. As WhatsApp’s engineers examined the vulnerability, they concluded that it was similar to other tools from the NSO Group, because of its digital footprint. The lawyer, who spoke on the condition of anonymity because he feared retribution, said he had grown suspicious that his phone had been hacked when he started missing WhatsApp video calls from Norwegian telephone numbers at odd hours. The lawyer contacted Citizen Lab at the Munk School of Global Affairs at the University of Toronto, which has helped uncover the use of NSO Group products in attacks on journalists, dissidents and activists. Ten days ago, as Citizen Lab was looking into the incident, engineers at WhatsApp discovered what they described as abnormal voice calling activity on their systems, said a WhatsApp employee familiar with the investigation, who spoke on the condition of anonymity because the investigation was continuing. WhatsApp alerted human-rights organizations about the threat and learned from Citizen Lab that the vulnerability had been used to target the lawyer. WhatsApp said it had alerted the Justice Department to the attack. The WhatsApp flaw was first reported Monday by The Financial Times. The products of the NSO Group, which operated in secret for years, were found in 2016 as part of a spying campaign on the iPhone of a now-jailed human-rights activist in the United Arab Emirates through undisclosed Apple security vulnerabilities. Since then, the NSO Group’s spyware has been found on the iPhones of journalists, dissidents and even nutritionists. The company has long advertised that its products are sold to government agencies solely for fighting terrorism and aiding law enforcement investigations. The NSO Group said in a statement on Monday that its spyware was strictly licensed to government agencies and that it would investigate any “credible allegations of misuse.” The company said it would not be involved in identifying a target for its technology, including the lawyer at the center of the latest accusations. NSO’s response is consistent with previous responses from the Israeli firm, which claims to have an in-house ethics committee that decides whether or not to sell to countries based on their human-rights records. But increasingly, NSO’s spyware has been discovered in use by governments with questionable human-rights records like the United Arab Emirates, Saudi Arabia and Mexico. The Israeli company sold a stake to Novalpina, a British private equity firm, in a leveraged buyout deal last year that valued it at nearly $1 billion."
Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists|
New York Times, 13 May 2019

"A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial Israeli spyware on to phones, the company and a spyware technology dealer said. WhatsApp, which is used by 1.5bn people worldwide, discovered in early May that attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s phone call function. The malicious code, developed by the secretive Israeli company NSO Group, could be transmitted even if users did not answer their phones, and the calls often disappeared from call logs, said the spyware dealer, who was recently briefed on the WhatsApp hack. WhatsApp is too early into its own investigations of the vulnerability to estimate how many phones were targeted using this method, a person familiar with the issue said. As late as Sunday, as WhatsApp engineers raced to close the loophole, a UK-based human rights lawyer’s phone was targeted using the same method. Researchers at the University of Toronto’s Citizen Lab said they believed that the spyware attack on Sunday was linked to the same vulnerability that WhatsApp was trying to patch. NSO’s flagship product is Pegasus, a program that can turn on a phone’s microphone and camera, trawl through emails and messages and collect location data. NSO advertises its products to Middle Eastern and Western intelligence agencies, and says Pegasus is intended for governments to fight terrorism and crime. NSO was recently valued at $1bn in a leveraged buyout that involved the UK private equity fund Novalpina Capital. In the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones.... Amnesty International, which identified an attempt to hack into the phone of one its researchers, is backing a group of Israeli citizens and civil rights group in a filing in Tel Aviv asking the ministry of defence to cancel NSO’s export licence. “NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” said Danna Ingleton, deputy director of Amnesty Tech. “The Israeli ministry of defence has ignored mounting evidence linking NSO Group to attacks on human rights defenders. As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International’s staff and that of other activists, journalists and dissidents around the world is at risk."
WhatsApp voice calls used to inject Israeli spyware on phones
Financial Times, 13 May 2019

"In a very short time, China’s surveillance capability has become immensely sophisticated and now extends beyond keeping tabs on political dissidents to developing a system for monitoring the behavior of the entire population. You could, in fact, argue that the technologies that once promised to be a liberating force are now just as easily deployed to stifle dissent, entrench authoritarianism and shame and prosecute those the Orwellian government of President Xi Jinping deems out of line..... While we once hoped the internet would deliver us freedom of expression, the ability to communicate freely across borders and even be a channel for dissenting views, we now see the very opposite is occurring. Worse, the Chinese model is now being exported. Wired magazine has reported that China is “exporting its techno-dystopian model to other counties … Since January 2017, Freedom House counted 38 countries where Chinese firms have built internet infrastructure, and 18 countries using AI surveillance developed by the Chinese.” The scale of China’s domestic surveillance apparatus is extraordinary. The country is in the process of developing a “social credit” system which has been described as Big Brother, Black Mirror and every dystopian future sci-fi writers have ever dreamed up all rolled into one, and which is due to be operational next year. The social credit system will enable the government and others to access details of people’s behavior, rate them and make them publicly available. The potential to “name and shame” people for minor lapses such as late-paying of bills is obvious but so is the way such ratings could also be employed to deny citizens employment or to justify detaining them for political reasons. Both in the west and in China, the use of the internet to track individuals is facilitating oppression and paving the way towards authoritarianism. The scale of China’s domestic surveillance apparatus is extraordinary. The country is in the process of developing a “social credit” system which has been described as Big Brother, Black Mirror and every dystopian future sci-fi writers have ever dreamed up all rolled into one, and which is due to be operational next year....What is happening in Orwellian China today is a warning to us in the west that the freedoms we have so blithely taken for granted are already being compromised...."
Is Chinese-style surveillance coming to the west?
Guardian, 7 May 2019

"Apple CEO Tim Cook is calling out fellow tech industry titans for violating users’ privacy rights and expressing concern about he much time iPhone customers and their children are spending using Apple products. Cook also mentioned Facebook and Google after criticizing sites that sell people’s data, saying such sites can obtain more information in secret than a ‘peeping Tom.’ His highly-critical comments were made during an exclusive ABC News interview with Diane Sawyer that aired on Friday. ....Cook previously denounced Facebook and other tech companies for hoarding ‘industrial’ amounts of users’ private data during a privacy conference at the European Parliament in Brussels in October.  He characterized the issue of online privacy as a ‘crisis’ on Friday. ‘Privacy in itself has become a crisis. I think it’s a crisis,’ he said."
Apple CEO Tim Cook slams ‘Peeping Tom’ website
Infosurhoy, 7 May 2019

"A NEW commodity spawns a lucrative, fast-growing industry, prompting antitrust regulators to step in to restrain those who control its flow. A century ago, the resource in question was oil. Now similar concerns are being raised by the giants that deal in data, the oil of the digital era. These titans—Alphabet (Google’s parent company), Amazon, Apple, Facebook and Microsoft—look unstoppable. They are the five most valuable listed firms in the world. Their profits are surging: they collectively racked up over $25bn in net profit in the first quarter of 2017. Amazon captures half of all dollars spent online in America. Google and Facebook accounted for almost all the revenue growth in digital advertising in America last year. Such dominance has prompted calls for the tech giants to be broken up, as Standard Oil was in the early 20th century. This newspaper has argued against such drastic action in the past. Size alone is not a crime. The giants’ success has benefited consumers.... But there is cause for concern. Internet companies’ control of data gives them enormous power. Old ways of thinking about competition, devised in the era of oil, look outdated in what has come to be called the “data economy” (see Briefing). A new approach is needed. What has changed? Smartphones and the internet have made data abundant, ubiquitous and far more valuable. Whether you are going for a run, watching TV or even just sitting in traffic, virtually every activity creates a digital trace—more raw material for the data distilleries. As devices from watches to cars connect to the internet, the volume is increasing: some estimate that a self-driving car will generate 100 gigabytes per second. Meanwhile, artificial-intelligence (AI) techniques such as machine learning extract more value from data. Algorithms can predict when a customer is ready to buy, a jet-engine needs servicing or a person is at risk of a disease. Industrial giants such as GE and Siemens now sell themselves as data firms. This abundance of data changes the nature of competition. Technology giants have always benefited from network effects: the more users Facebook signs up, the more attractive signing up becomes for others. With data there are extra network effects. By collecting more data, a firm has more scope to improve its products, which attracts more users, generating even more data, and so on. The more data Tesla gathers from its self-driving cars, the better it can make them at driving themselves—part of the reason the firm, which sold only 25,000 cars in the first quarter, is now worth more than GM, which sold 2.3m. Vast pools of data can thus act as protective moats.... The nature of data makes the antitrust remedies of the past less useful. Breaking up a firm like Google into five Googlets would not stop network effects from reasserting themselves: in time, one of them would become dominant again. A radical rethink is required—and as the outlines of a new approach start to become apparent, two ideas stand out. The first is that antitrust authorities need to move from the industrial era into the 21st century. When considering a merger, for example, they have traditionally used size to determine when to intervene. They now need to take into account the extent of firms’ data assets when assessing the impact of deals. The purchase price could also be a signal that an incumbent is buying a nascent threat. On these measures, Facebook’s willingness to pay so much for WhatsApp, which had no revenue to speak of, would have raised red flags. ... The second principle is to loosen the grip that providers of online services have over data and give more control to those who supply them. More transparency would help: companies could be forced to reveal to consumers what information they hold and how much money they make from it. Governments could encourage the emergence of new services by opening up more of their own data vaults or managing crucial parts of the data economy as public infrastructure, as India does with its digital-identity system, Aadhaar."
The world’s most valuable resource is no longer oil, but data
Economist, 6 May 2017

"Apple CEO Tim Cook called online privacy a "crisis" in an interview with ABC News, reaffirming the company's stance on privacy as companies like Facebook and Google have come under increased scrutiny regarding their handling of consumer data. "Privacy in itself has become a crisis," Cook told ABC's Diane Sawyer. "It's of that proportion — a crisis." Unlike companies such as Google and Facebook, Apple's business isn't focused on advertising, and therefore it does not benefit from collecting data to improve ad targeting. "You are not our product," he said. "Our products are iPhones and iPads. We treasure your data. We wanna help you keep it private and keep it safe." Cook cited the vast amount of personal information available online when explaining why privacy has become such an important issue to address. "The people who track on the internet know a lot more about you than if somebody's looking in your window," he said. "A lot more." "
Apple CEO Tim Cook says digital privacy 'has become a crisis'
Business Insider, 4 May 2019


"The intelligence community’s annual transparency report revealed a spike in the number of warrantless searches of Americans’ data in 2018. The data, published Tuesday by the Office of the Director of National Intelligence (ODNI), revealed a 28% rise in the number of targeted search terms used to query massive databases of collected Americans’ communications. Some 9,637 warrantless search queries of the contents of Americans’ calls, text messages, emails and other communications were conducted by the NSA during 2018, up from 7,512 searches on the year prior, the report said....The NSA conducts these searches under its so-called Section 702 powers, reauthorized in 2018 despite heated opposition by a bipartisan group of pro-privacy senators. These powers allow the NSA to collect intelligence on foreigners living overseas by tapping into the phone networks and undersea cables owned by U.S. phone companies. The powers also allow the government to obtain data in secret from U.S. tech companies. But the massive data collection effort also inadvertently vacuums up Americans’ data, who are typically protected from unwarranted searches under the Fourth Amendment. The report also noted a 27% increase in the number of foreigners whose communications were targeted by the NSA during the year. In total, an estimated 164,770 foreign individuals or groups were targeted with search terms used by the NSA to monitor their communications, up from 129,080 on the year prior. It’s the largest year-over-year leap in foreign surveillance to date. The report also said the NSA collected at most 434.2 million phone records on Americans, down from 534.3 million records on the year earlier. The government said the figures likely had duplicates. The phone records collection program was the first classified NSA program disclosed by whistleblower Edward Snowden, which revealed a secret court order compelling Verizon — which owns TechCrunch — to turn over daily phone records on millions of Americans. The program was later curtailed following the introduction of the Freedom Act. Earlier this month, the NSA reportedly asked the White House to end the program altogether, citing legal troubles. Despite the apparent rollback of the program, the NSA still reported 164,770 queries of Americans’ phone records, more than a five-fold increase on the year earlier. Last week, the Trump administration revealed it had been denied 30 surveillance applications by the Foreign Intelligence Surveillance Court, a specialist closed-door court that grants the government authority to spy inside the U.S., where surveillance is typically prohibited. Since figures were made available in 2015 following the Edward Snowden disclosures, the number of denials has trended upwards."

NSA says warrantless searches of Americans’ data rose in 2018

TechCrunch, 30 April 2019

"In a blow to consumers' privacy, the addresses and demographic details of more than 80 million US households were exposed on an unsecured database stored on the cloud, independent security researchers have found. The details included names, ages and genders as well as income levels and marital status. The researchers, led by Noam Rotem and Ran Locar, were unable to identify the owner of the database, which until Monday was online and required no password to access. Some of the information was coded, like gender, marital status and income level. Names, ages and addresses were not coded. The data didn't include payment information or Social Security numbers. The 80 million households affected make up well over half of the households in the US, according to Statista.... It's one more example of a widespread problem with cloud data storage, which has revolutionized how we store valuable information. Many organizations don't have the expertise to secure the data they keep on internet-connected servers, resulting in repeated exposures of sensitive data. Earlier in April, a researcher revealed that patient information from drug addiction treatment centers was exposed on an unsecured database. Another researcher found a giant cache of Facebook user data stored by third-party companies on another database that was publicly visible.... The cache of demographic information included data about adults aged 40 and older. Many people listed are elderly, which Rotem said could put them at risk from scammers tempted to use the information to try to defraud them."
Cloud database removed after exposing details on 80 million US households
Cnet, 29 April 2019

"Eyeing that can of soda in the supermarket cooler? Or maybe you're craving a pint of ice cream? A camera could be watching you. But it's not there to see if you're stealing. These cameras want to get to know you and what you're buying. It's a new technology being trotted out to retailers, where cameras try to guess your age, gender or mood as you walk by. The intent is to use the information to show you targeted real-time ads on in-store video screens. Companies are pitching retailers to bring the technology into their physical stores as a way to better compete with online rivals like Amazon that are already armed with troves of information on their customers and their buying habits. With store cameras, you may not even realize you are being watched unless you happen to notice the penny-sized lenses. And that has raised concerns over privacy. "The creepy factor here is definitely a 10 out of 10," said Pam Dixon, the executive director of the World Privacy Forum, a nonprofit that researches privacy issues....Jon Reily, vice president of commerce strategy at consultancy Publicis.Sapient, said retailers risk offending customers who may be shown ads that are aimed at a different gender or age group. Nonetheless, he expects the embedded cameras to be widely used in the next four years as the technology gets more accurate, costs less and shoppers become used to it. For now, he said, "we are still on the creepy side of the scale."
Kroger, Walgreens testing cameras that guess your age, sex
Associated Press, 23 April 2019

"The US immigration system was designed to track who comes into the country, not who leaves. For more than two decades, authorities have been trying to find an effective way to keep tabs on departing foreigners—and those who overstay their visas. US Customs and Border Protection (CBP) now says it’s found a solution: facial recognition. It expects to be able to scan 97% of commercial passengers within the next four years, according to a report released by the Department of Homeland Security today.... Critics say this CBP use of artificial intelligence is an invasion to privacy. They worry about how the information could be used. CBP says the images are encrypted and that it only keeps them for a brief period of time."
The US wants to scan the faces of all air passengers leaving the country
Quartz, 17 April 2019

"If you're one of the millions of people with a Google account, you have a Google Maps Timeline. It might be blank — it's tied to the Location History setting that caused more confusion than needed because of its name, and it checks in periodically on every mobile device tied to your account once you've agreed and opted in. For some people, this is helpful for things like calculating mileage, for others, it may be a cool thing to see where you've been. For law enforcement, though, it's become a way to cast a very wide net when looking to see just who might have been around during a crime according to an eye-opening piece by the New York Times. It's not a foolproof way to catch the bad guys and a lot of the details about how officials can use the information is a bit cryptic. But a recent case in Phoenix sheds a little light on how the service is being used, or abused, depending on your point of view. Google, like every company in the U.S., has to provide any information that is accompanied by a lawful subpoena. The company has a fairly good history of fighting these subpoenas, but in the end, a lot of data gets handed over when requested. Google's database of where you've been, internally known as Sensorvault, helps the company show you location based interests and ads. A new breed of warrant, which the NYT aptly calls geofence warrants, taps into the Sensovault database in a way that would make the framers of the fourth amendment shiver. Law enforcement can take the location and time of a crime and have Google tell them who was in the area. Google has a novel way to attempt to anonymize the data — the company provides a set of tokens that portray an account that police can track and then ask for more precise and identifying data for the ones that fit the scope of an investigation based on other evidence, such as video or eye-witnesses. The case profiled by the Times shows how this can backfire — a man who lent his car to a person who committed a crime and was unlucky enough to be in the vicinity when it was committed was arrested and spent a week in jail as a suspect in a murder case."
Police are using the Google Maps Timeline to collect location information for cases
Android Central, 14 April 2019

"Sneezes and homophones – words that sound like other words – are tripping smart speakers into allowing strangers to hear recordings of your private conversations. These strangers live an eerie existence, a little like the Stasi agent in the movie The Lives of Others. They're contracted to work for the device manufacturer – machine learning data analysts – and the snippets they hear were never intended for third-party consumption. Bloomberg has unearthed the secrets of Amazon's analysts in Romania, reporting on their work for the first time. "A global team reviews audio clips in an effort to help the voice-activated assistant respond to commands," the newswire wrote. Amazon has not previously acknowledged the existence of this process, or the level of human intervention. The Register asked Apple, Microsoft and Google, which all have smart search assistants, for a statement on the extent of human involvement in reviewing these recordings – and their retention policies. None would disclose the information by the time of publication."
As Alexa's secret human army is revealed, we ask: Who else has been listening in on you?
Register, 11 April 2019

"Security researchers have discovered a powerful surveillance app first designed for Android devices can now target victims with iPhones. The spy app, found by researchers at mobile security firm Lookout, said its developer abused their Apple-issued enterprise certificates to bypass the tech giant’s app store to infect unsuspecting victims. The disguised carrier assistance app once installed can silently grab a victim’s contacts, audio recordings, photos, videos and other device information — including their real-time location data. It can be remotely triggered to listen in on people’s conversations, the researchers found. Although there was no data to show who might have been targeted, the researchers noted that the malicious app was served from fake sites purporting to be cell carriers in Italy and Turkmenistan. Researchers linked the app to the makers of a previously discovered Android app, developed by the same Italian surveillance app maker Connexxa, known to be in use by the Italian authorities. The Android app, dubbed Exodus, ensnared hundreds of victims — either by installing it or having it installed. Exodus had a larger feature set and expanded spying capabilities by downloading an additional exploit designed to gain root access to the device, giving the app near complete access to a device’s data, including emails, cellular data, Wi-Fi passwords and more, according to Security Without Borders."
A powerful spyware app now targets iPhone owners
TechCrunch, 8 April 2019

"China has quite the reputation for monitoring its citizens, and it feels like various parts of the country are constantly figuring out new ways to use gadgets to that end — RFID chips in cars, facial recognition sunglasses, and location-tracking uniforms for students each made headlines in the past year. Now, you can add sanitation workers with GPS-equipped tracking bracelets to the list. On April 3rd, news broke that sanitation workers in Nanjing, China’s Hexi district were being required to wear GPS-tracking smart bracelets to not only monitor their location at all times, but audibly prod them if they stopped moving for more than 20 minutes. Just one day later, the South China Morning Post reports, public pressure had mounted to the point that the local sanitation company decided to walk things back a bit — but only by removing the most obnoxious part of the system. Now, the bracelets will no longer say “please continue working” if a worker decides to stay in one place, but they’ll reportedly still track workers just the same."
These Chinese sanitation workers have to wear location-tracking bracelets now
The Verge, 6 April 2019

"The European Commission is onboard with new road-safety regulations that will mandate that vehicles are equipped with life-saving tech, which it says could have as much impact as laws forcing car makers to install seat belts. The new laws would require auto-makers to equip new vehicles with cameras and sensors to control speed, assist drivers with lane keeping and reversing, and monitor drowsiness and distractions from smartphones.  The laws would also mandate that cars, vans, trucks and buses are equipped with an aircraft-like 'blackbox' to retain data about accidents after they occur.  Safety features covered under the proposal are already available in many luxury models from the likes of Tesla and BMW, but the rules would force manufacturers to include them in cheaper vehicles, too.... As per The Guardian, despite Brexit, the UK intends to adopt the EU regulations if they're approved, which is likely to happen at the European Parliament in September. The speed limiter, known as intelligent speed adaption (ISA), relies on GPS and online maps to restrict the speed of a vehicle to the road speed limit.... The cameras would also detect if a driver is distracted, monitoring for example whether they're looking at a smartphone rather than keeping their eyes on the road."
Mandatory speed limiters for all cars: Europe just agreed to change driving forever
ZDNet, 27 March 2019

"Speed limiting technology looks set to become mandatory for all vehicles sold in Europe from 2022, after new rules were provisionally agreed by the EU. The Department for Transport said the system would also apply in the UK, despite Brexit. The idea that cars will be fitted with speed limiters - or to put it more accurately, "intelligent speed assistance" - is likely to upset a lot of drivers. Many of us are happy to break limits when it suits us and don't like the idea of Big Brother stepping in... Under the ISA system, cars receive information via GPS and a digital map, telling the vehicle what the speed limit is. This can be combined with a video camera capable of recognising road signs.....Safety measures approved by the European Commission included intelligent speed assistance (ISA), advanced emergency braking and lane-keeping technology.... Under the ISA system, cars receive information via GPS and a digital map, telling the vehicle what the speed limit is. This can be combined with a video camera capable of recognising road signs. It's already coming into use. Ford, Mercedes-Benz, Peugeot-Citroen, Renault and Volvo already have models available with some of the ISA technology fitted."
Road safety: UK set to adopt vehicle speed limiters
BBC Online, 27 March 2019

"About 1,600 people have been secretly filmed in motel rooms in South Korea, with the footage live-streamed online for paying customers to watch, police said Wednesday. Two men have been arrested and another pair investigated in connection with the scandal, which involved 42 rooms in 30 accommodations in 10 cities around the country. Police said there was no indication the businesses were complicit in the scheme. In South Korea, small hotels of the type involved in this case are generally referred to as motels or inns. Cameras were hidden inside digital TV boxes, wall sockets and hairdryer holders and the footage was streamed online, the Cyber Investigation Department at the National Police Agency said in a statement. The site had more than 4,000 members, 97 of whom paid a $44.95 monthly fee to access extra features, such as the ability to replay certain live streams. Between November 2018 and this month, police said, the service brought in upward of $6,000. "There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet," police said. South Korea has a serious problem with spy cameras and illicit filming. In 2017, more than 6,400 cases of illegal filming were reported to police, compared to around 2,400 in 2012. Last year, tens of thousands of women took to the streets of Seoul and other cities to protest against the practice and demand action, under the slogan "My Life is Not Your Porn." In response, Seoul launched a special squad of women inspectors who have been conducting regular inspections of the city's 20,000 or so public toilets to search for spy cameras, though some critics have denounced the move as a superficial response to a societal issue."
Hundreds of motel guests were secretly filmed and live-streamed online
CNN, 21 March 2019

"Tim Berners-Lee is credited with creating the World Wide Web March 12, 1989, which means this week it hits its 30th birthday. Monday, the eve of the anniversary, Berners-Lee spoke to a group of reporters, according to AFP, discussing the flaws surrounding his invention, such as misinformation, scams and cybercrime, and the struggle for control over personal data. "You should have complete control of your data. It's not oil. It's not a commodity," Berners-Lee told reporters at CERN, according to AFP. Berners-Lee predicted a grim reality if the public becomes disengaged in the battle for privacy protection. "There is a possible future you can imagine (in which) your browser keeps track of everything that you buy," Berners-Lee warns. He continues by saying in this situation, browsers will hold more information than Amazon. In response to the growing personal data concern, where information could be bought or sold without consent from the owner, Berners-Lee spearheaded the Solid project. “Solid empowers users and organizations to separate their data from the applications that use it. It allows people to look at the same data with different apps at the same time. It opens brand new avenues for creativity, problem-solving, and commerce,” according to project’s website. Users will be able to decide, according to AFP, key factors like where and how they would share their own data. However, during Berners-Lee’s Monday talk with reporters, he expressed the most sensitive of data, like genetic information, would need help from legislation for robust protection. "Sometimes it has to be legislation which says personal data, you know, genetic data, should never be used," Berners-Lee says."
The Web Turns 30, and Its Inventor Strives to Protect Your Personal Data
ECN, 13 March 2019

"As the algorithms get more advanced — meaning they are better able to identify women and people of color, a task they have historically struggled with — legal experts and civil rights advocates are sounding the alarm on researchers’ use of photos of ordinary people. These people’s faces are being used without their consent, in order to power technology that could eventually be used to surveil them....The latest company to enter this territory was IBM, which in January released a collection of nearly a million photos that were taken from the photo hosting site Flickr and coded to describe the subjects’ appearance..... But some of the photographers whose images were included in IBM’s dataset were surprised and disconcerted when NBC News told them that their photographs had been annotated with details including facial geometry and skin tone and may be used to develop facial recognition algorithms.....“None of the people I photographed had any idea their images were being used in this way,” said Greg Peverill-Conti, a Boston-based public relations executive who has more than 700 photos in IBM’s collection, known as a “training dataset.” ... Despite IBM’s assurances that Flickr users can opt out of the database, NBC News discovered that it’s almost impossible to get photos removed... The company is not alone in using publicly available photos on the internet in this way. Dozens of other research organizations have collected photos for training facial recognition systems, and many of the larger, more recent collections have been scraped from the web. Some experts and activists argue that this is not just an infringement on the privacy of the millions of people whose images have been swept up — it also raises broader concerns about the improvement of facial recognition technology, and the fear that it will be used by law enforcement agencies to disproportionately target minorities. “People gave their consent to sharing their photos in a different internet ecosystem,” said Meredith Whittaker, co-director of the AI Now Institute, which studies the social implications of artificial intelligence. “Now they are being unwillingly or unknowingly cast in the training of systems that could potentially be used in oppressive ways against their communities.”... In the early days of building facial recognition tools, researchers paid people to come to their labs, sign consent forms and have their photo taken in different poses and lighting conditions. Because this was expensive and time consuming, early datasets were limited to a few hundred subjects....As social media and user-generated content took over, photos of regular people were increasingly available. Researchers treated this as a free-for-all, scraping faces from YouTube videos, Facebook, Google Images, Wikipedia and mugshot databases.... To build its Diversity in Faces dataset, IBM says it drew upon a collection of 100 million images published with Creative Commons licenses that Flickr’s owner, Yahoo, released as a batch for researchers to download in 2014. IBM narrowed that dataset down to about 1 million photos of faces that have each been annotated, using automated coding and human estimates, with almost 200 values for details such as measurements of facial features, pose, skin tone and estimated age and gender, according to the dataset obtained by NBC News.... It was difficult to find academics who would speak on the record about the origins of their training datasets; many have advanced their research using collections of images scraped from the web without explicit licensing or informed consent....The dataset does not link the photos of people’s faces to their names, which means any system trained to use the photos would not be able to identify named individuals. But civil liberty advocates and tech ethics researchers have still questioned the motives of IBM, which has a history of selling surveillance tools that have been criticized for infringing on civil liberties.... the company sells a system called IBM Watson Visual Recognition, which IBM says can estimate the age and gender of people depicted in images and, with the right training data, can be used by clients to identify specific people from photos or videos.... An Austrian photographer and entrepreneur, Georg Holzer, uploaded his photos to Flickr to remember great moments with his family and friends, and he used Creative Commons licenses to allow nonprofits and artists to use his photos for free. He did not expect more than 700 of his images to be swept up to study facial recognition technology. “I know about the harm such a technology can cause,” he said over Skype, after NBC News told him his photos were in IBM’s dataset. “Of course, you can never forget about the good uses of image recognition such as finding family pictures faster, but it can also be used to restrict fundamental rights and privacy. I can never approve or accept the widespread use of such a technology.”... In the U.S., some states have laws that could be relevant. Under the Illinois Biometric Information Privacy Act, for example, it can be a violation to capture, store and share biometric information without a person’s written consent. According to the act, biometric information includes fingerprints, iris scans and face geometry. "This is the type of mass collection and use of biometric data that can be easily abused, and appears to be taking place without the knowledge of those in the photos,” said Jay Edelson, a Chicago-based class-action lawyer currently suing Facebook for its use of facial recognition tools. So far neither of these laws has been rigorously tested. IBM declined to comment on the laws....“You’ve really got a rock-and-a-hard-place situation happening here,” said Woody Hartzog, a professor of law and computer science at Northeastern University. “Facial recognition can be incredibly harmful when it’s inaccurate and incredibly oppressive the more accurate it gets.”.... The use of facial recognition surveillance systems by law enforcement is so controversial that a coalition of more than 85 racial justice and civil rights groups have called for tech companies to refuse to sell the technology to governments... “These systems are being deployed in oppressive contexts, often by law enforcement,” said Whittaker, of the AI Now Institute, “and the goal of making them better able to surveil anyone is one we should look at very skeptically.”"
Facial recognition's 'dirty little secret': Millions of online photos scraped without consent
NBC News, 12 March 2019

"Two popular smart alarm systems for cars had major security flaws that allowed potential hackers to track the vehicles, unlock their doors and, in some cases, cut off the engine. The vulnerabilities could be exploited with two simple steps, security researchers from Pen Test Partners, who discovered the flaw, said Friday.... Like smart locks, TVs and cameras, smart car alarms are susceptible to cyberattacks and security flaws. The growth of smart devices, which integrate connected technology into everyday devices, has made the internet of things an easy target and created a new type of security threat. On Pandora's website, the company boasts it "uses a dialog code it is impossible to hack it -- nobody did it yet and for sure nobody will." But Ken Munro, founder of Pen Test Partners, figured out that his team didn't need to hack the smart alarm itself because the Pandora app left a large opening. The researcher found a similar problem with Viper's app. Both apps' API didn't properly authenticate for update requests, including requests to change the password or email address. Munro said that all his team needed to do was send the request to a specific host URL and they were able to change an account's password and email address without notifying the victim that anything happened. Once they had access to the account, the researchers had full control of the smart car alarm. This allowed them to learn where a car was and unlock it. You don't have to be near the car to do this, and the accounts can be taken over remotely, Munro said."
Smart alarms left 3 million cars vulnerable to hackers who could turn off motors
CNet, 8 March 2019

"Philadelphia is the first major U.S. city to ban cashless stores, placing it at the forefront of a debate that pits retail innovation against lawmakers trying to protect all citizens’ access to the marketplace. Starting in July, Philadelphia’s new law will require most retail stores to accept cash. A New York City councilman is pushing similar legislation there, and New Jersey’s legislature recently passed a bill banning cashless stores statewide. A spokesman for New Jersey Gov. Phil Murphy, a Democrat, declined to comment..."
Philadelphia Is First U.S. City to Ban Cashless Stores
Wall St Journal, 7 March 2019

"The National Security Agency is preparing to potentially abandon a controversial surveillance program exposed by former intelligence contractor Edward Snowden, the agency’s director indicated. Paul Nakasone, head of both the NSA and U.S. Cyber Command, vaguely discussed the future of the government’s once-secretive system for obtaining and analyzing domestic telephone records, or metadata, in light of a senior congressional aide recently claiming that it was quietly suspended. “We are in a deliberative process right now,” Mr. Nakasone said Wednesday at the RSA security conference in San Francisco, attendees reported. “We’ll work very, very closely with the administration and Congress to make recommendations on what authority should be reauthorized.” Following the terrorist attacks of Sept. 11, 2001, the NSA began secretly ordering U.S. telecommunication companies to give the government copies of metadata detailing effectively every call and text placed over domestic networks. The efforts were made public through documents leaked to the media by Mr. Snowden in 2013 prior to being significantly reformed through legislation passed by Congress in 2015, the USA Freedom Act, slated to sunset at the end of the year. Luke Murry, a national security adviser to House Minority Leader Kevin McCarthy, California Republican, said during an interview last week that the NSA stopped using the system six months earlier and that it is not guaranteed to be reauthorized by Congress before expiring. NSA representatives previously declined to comment on Mr. Murry’s remarks. Mr. Nakasone said he was “aware” of related reporting on Wednesday but neither confirmed nor denied whether the surveillance program is currently operational, The Daily Beast reported. The Justice Department brought criminal charges against Mr. Snowden, 35, shortly after he identified himself as the source of leaked NSA documents published by news outlets in 2013. He was charged while traveling abroad, granted political asylum by Russia and has not returned."
NSA in 'deliberate process' over future of surveillance program, says spy chief
Washington Times, 7 March 2019

"Is technological progress bad for human autonomy? That’s the question posed by Shoshana Zuboff in “The Age of Surveillance Capitalism,” a book that recounts the ways in which corporations and governments are using technology to influence our behavior. Zuboff is just the latest to chime in on “totalitarian technology” (or “total tech”), a term that describes devices and algorithms by which individuals forfeit their privacy and autonomy for the benefit of either themselves or some third party. In the United States, total tech can be sorted into three different categories, or “spheres” of life: consumer services, the workplace, and government and politics. Total tech is pervasive in the increasingly data-driven world of retail. Many shopping apps tap into your phone’s GPS to access your location, allowing retailers to send you advertisements the moment you’re walking past their storefront. Personalized pricing enables retailers to charge you the exact maximum that you would be willing to pay for a given product. Your personal data isn’t safe at home, either: Digital assistants like Amazon Alexa store your query history, meaning they know everything from your unique shopping history to your travel patterns to your music preferences. Employers are also using total tech to track and monitor their workers. A growing number of companies use biometric time cards that scan an employee’s fingerprint, hand shape, retina, or iris. UPS outfits its trucks with sensors that track the opening and closing of doors, the engine of the vehicle, and the clicking of seat belts. Amazon is patenting an electronic wristband that would be used to track hand movements—making sure, for instance, that a warehouse worker stays busy moving boxes. Global freelancing platform Upwork runs a digital “Work Diary” program that counts keystrokes and takes screenshots of workers’ monitors. Uptake of total tech has been particularly striking in government and politics. The New Orleans Police Department runs a “predictive policing” program that uses Big Data to compile a heat list of potential criminal offenders. The TSA operates its own total tech program, called Quiet Skies, which monitors and flags travelers based on “suspicious” behavior patterns. Travelers can land themselves on the Quiet Skies list by changing their clothes in the restroom, being the last person to board their flight, or even inspecting their reflection in a terminal window. More nefariously, software developed at Stanford University enables anyone to manipulate video footage in real time. Now, anyone with a grudge could alter the facial expressions of a prominent politician making a speech, and then dub in new audio that completely changes the speech’s contents. Abroad, China is the poster child for extreme total tech programs. By 2020, China’s “social credit system” will monitor the behavior of each and every citizen, keeping tabs on everything from speeding tickets to social media posts critical of the state. Everyone will then be assigned their own unique “sincerity score”; a high score will be a requirement for anyone hoping to get the best housing, install the fastest Internet speeds, put their kids into the most prestigious schools, and land the most lucrative jobs."
The Rise Of Totalitarian Technology
Forbes, 6 March 2019

"The Mail Cover Program allows postal employees to photograph and send to federal law enforcement organizations (FBI, DHS, Secret Service, etc.) the front and back of every piece of mail the Post Office processes. It also retains the information digitally and provides it to any government agency that wants it—without a warrant. In 2015, the USPS Inspector General issued a report saying that, “Agencies must demonstrate a reasonable basis for requesting mail covers, send hard copies of request forms to the Criminal Investigative Service Center for processing, and treat mail covers as restricted and confidential…A mail cover should not be used as a routine investigative tool. Insufficient controls over the mail cover program could hinder the Postal Inspection Service’s ability to conduct effective investigations, lead to public concerns over privacy of mail, and harm the Postal Service’s brand.” Not only were the admonitions ignored, the mail cover program actually expanded after the report’s release. Indeed, in the months after that report was issued, there were 6,000 requests for mail cover collection. Only 10 were rejected, according to the Feb. 2019 edition of Prison Legal News (P.34-35) . I have some personal experience with the Mail Cover Program. I served 23 months in prison for blowing the whistle on the CIA’s illegal torture program. After having been locked up for two months, I decided to commission a card from a very artistically-inclined prisoner for my wife’s 40th birthday. I sent it about two weeks early, but she never received it. Finally, about four months later, the card was delivered back to me with a yellow “Return to Sender – Address Not Known” sticker on it. But underneath that sticker was a second yellow sticker. That one read, “Do Not Deliver. Hold For Supervisor. Cover Program.” Why was I under Postal Service Surveillance? I have no idea. I had had my day in court. The case was over. But remember, the Postal Service doesn’t have to answer to anybody – my attorneys, my judge, even its own Inspector General. It doesn’t need a warrant to spy on me (or my family) and it doesn’t have to answer even to a member of Congress who might inquire as to why the spying was happening in the first place. The problem is not just the sinister nature of a government agency (or quasi-government agency) spying on individuals with no probable cause or due process, although those are serious problems. It’s that the program is handled so poorly and so haphazardly that in some cases surveillance was initiated against individuals for no apparent law enforcement reason and that surveillance was initiated by Postal Service employees not even authorized to do so. Again, there is no recourse because the people under surveillance don’t even know that any of this is happening. Perhaps an even more disturbing aspect of the program is the fact that between 2000 and 2012, the Postal Service initiated an average of 8,000 mail cover requests per year. But in 2013, that number jumped to 49,000. Why? Nobody knows and the Postal Service doesn’t have to say. The question, though, is not how many cases are opened under the Mail Cover Program or even how many requests there are for the information. The real question is, “How is this constitutional?” Perhaps a secondary question is, “Why hasn’t anybody challenged the program in the courts?” In general, Americans don’t–or at least haven’t–objected to a gradual loss of civil liberties and constitutional rights. That has to stop. When even the Post Office is spying on you, you know the republic is in trouble."
JOHN KIRIAKOU: Neither Rain, Sleet, nor Snow Will Stop the Post Office From Spying on You
Consortium News, 28 February 2019

"A U.N. human rights expert has published a draft list of questions to measure countries’ privacy safeguards, a first step toward ranking the governments that are potentially doing the most snooping on their own citizens. Cannataci’s role investigating digital privacy was created by the council in 2015 after Edward Snowden’s revelations about U.S. surveillance, and he has strongly criticized surveillance activities by the United States and other countries. As the first person in the job, Cannataci set out an action plan for tackling the task and said he planned to take a methodical approach to monitoring surveillance and privacy laws to help him to decide which countries to investigate..... The last question asks: “Does your country have a police and/or intelligence service which systematically profiles and maintains surveillance on large segments of the population in a manner comparable to that of the STASI in the 1955-1990 GDR (East Germany)?” Any country answering “yes” to that would forfeit 1,000 points and should abolish its system and start again, he wrote."
How much does your government spy on you? U.N. may rank the snoopers
Reuters, 28 February 2019

"If you shop at Westfield, you’ve probably been scanned and recorded by dozens of hidden cameras built into the centres’ digital advertising billboards. The semi-camouflaged cameras can determine not only your age and gender but your mood, cueing up tailored advertisements within seconds, thanks to facial detection technology. Westfield’s Smartscreen network was developed by the French software firm Quividi back in 2015. Their discreet cameras capture blurry images of shoppers and apply statistical analysis to identify audience demographics. And once the billboards have your attention they hit record, sharing your reaction with advertisers. Quividi says their billboards can distinguish shoppers’ gender with 90% precision, five categories of mood from “very happy to very unhappy” and customers’ age within a five-year bracket. Surveillance fears grow after Taylor Swift uses face recognition tech on fans. Mood is a particularly valuable insight for advertisers, revealing shoppers’ general sentiment towards a brand and how they feel in particular stores at certain times of the day. Unlike gender and age, mood is harder to determine, sitting at around 80% accuracy. There are now more than 1,600 billboards installed into 41 Westfield centres across Australia and New Zealand. Scentre Group, Westfield Australia’s parent company, emphasises that all data collected is anonymous and that they are using facial detection, not facial recognition technology (FRT). This means generic information such as a shopper’s age and gender is collected rather than the technology using photo-matching databases to identify who customers are. A spokesperson would not confirm whether or not Westfield would consider using FRT in the future. Retail companies are increasingly turning to facial detection and facial recognition software to attract and engage a distracted audience. Quividi’s host of international clients include Telstra, 7-Eleven, Coca-Cola, oOH Media and HSBC bank. Terry Hartmann, vice president of Cognitec Asia Pacific, the company that develops “market-leading face recognition technologies for customers and government agencies around the world”, says using facial detection commercially is no different to Facebook’s manipulation of users’ online search history for targeted advertising. “You’re not identifying who that person is, you’re just identifying the characteristics of that person. That’s no different to Facebook popping up ads you might be interested in and social media picking up people based on their clicking habits or the shopping that they’ve done.” While facial detection could be considered relatively benign, it is a step closer to the more problematic FRT. Dr Dong Xu is the chair in computer engineering at the University of Sydney. He says that under optimum lighting and using high-quality photo data bases, FRT is more accurate than humans at identifying faces and can now recognise an individual from millions of photographs."
Are you being scanned? How facial recognition technology follows you, even as you shop
Guardian, 24 February 2019

"Now there is one more place where cameras could start watching you — from 30,000 feet. Newer seat-back entertainment systems on some airplanes operated by American Airlines, United Airlines and Singapore Airlines have cameras, and it’s likely they are also on planes used by other carriers. American, United and Singapore all said Friday that they have never activated the cameras and have no plans to use them. However, companies that make the entertainment systems are installing cameras to offer future options such as seat-to-seat video conferencing, according to an American Airlines spokesman. A passenger on a Singapore flight posted a photo of the seat-back display last week, and the tweet was shared several hundred times and drew media notice. Buzzfeed first reported that the cameras are also on some American planes. A United spokeswoman repeatedly told a reporter Friday that none of its entertainment systems had cameras before apologizing and saying that some did. Delta did not respond to repeated questions about some of its entertainment systems, which appear to be identical to those on American and United. The airlines stressed that they didn’t add the cameras — manufacturers embedded them in the entertainment systems. American’s systems are made by Panasonic, while Singapore uses Panasonic and Thales, according to airline representatives. Neither Panasonic nor Thales responded immediately for comment."
There Are Seat-Back Cameras On Some American And United Air Flights Now
Associated Press, 23 February 2019

"The Chinese government blocked 17.5 million would-be plane passengers from buying tickets last year as a punishment for offences including the failure to pay fines, it emerged. Some 5.5 million people were also barred from travelling by train under a controversial “social credit” system which the ruling Communist Party claims will improve public behaviour. The penalties are part of efforts by president Xi Jinping‘s government to use data-processing and other technology to tighten control on society. Human rights activists warn the system is too rigid and may lead to people being unfairly blacklisted without their knowledge, while US vice-president Mike Pence last year denounced it as “an Orwellian system premised on controlling virtually every facet of human life”."
China blocks 17.5 million plane tickets for people without enough 'social credit'
Independent, 22 February 2019

"It was a crowded primary field and Tony Evers, running for governor, was eager to win the support of officials gathered at a Wisconsin state Democratic party meeting, so the candidate did all the usual things: he read the room, he shook hands, he networked. Then he put an electronic fence around everyone there. The digital fence enabled Evers’ team to push ads onto the iPhones and Androids of all those attending the meeting. Not only that, but because the technology pulled the unique identification numbers off the phones, a data broker could use the digital signatures to follow the devices home. Once there, the campaign could use so-called cross-device tracking technology to find associated laptops, desktops and other devices to push even more ads. Welcome to the new frontier of campaign tech — a loosely regulated world in which simply downloading a weather app or game, connecting to Wi-Fi at a coffee shop or powering up a home router can allow a data broker to monitor your movements with ease, then compile the location information and sell it to a political candidate who can use it to surround you with messages. “We can put a pin on a building, and if you are in that building, we are going to get you,” said Democratic strategist Dane Strother, who advised Evers. And they can get you even if you aren’t in the building anymore, but were simply there at some point in the last six months. Campaigns don’t match the names of voters with the personal information they scoop up — although that could be possible in many cases. Instead, they use the information to micro-target ads to appear on phones and other devices based on individual profiles that show where a voter goes, whether a gun range, a Whole Foods or a town hall debate over Medicare. The spots would show up in all the digital places a person normally sees ads — whether on Facebook or an internet browser such as Chrome. As a result, if you have been to a political rally, a town hall, or just fit a demographic a campaign is after, chances are good your movements are being tracked with unnerving accuracy by data vendors on the payroll of campaigns. The information gathering can quickly invade even the most private of moments. Antiabortion groups, for example, used the technology to track women who entered waiting rooms of abortion clinics in more than a half dozen cities. RealOptions, a California-based network of so-called pregnancy crisis centers, along with a partner organization, had hired a firm to track cell phones in and around clinic lobbies and push ads touting alternatives to abortion. Even after the women left the clinics, the ads continued for a month. That effort ended in 2017 under pressure from Massachusetts authorities, who warned it violated the state’s consumer protection laws. But such crackdowns are rare. Data brokers and their political clients operate in an environment in which technology moves much faster than Congress or state legislatures, which are under pressure from Silicon Valley not to strengthen privacy laws. The RealOptions case turned out to be a harbinger for a new generation of political campaigning built around tracking and monitoring even the most private moments of people’s lives. “It is Orwellian,” said Los Angeles City Attorney Mike Feuer, whose office last month filed a lawsuit against the makers of the Weather Channel app, alleging that the app surreptitiously monitors where users live, work and visit 24-hours a day and sells the information to data brokers. The apps on iPhones and Androids are the most prolific spies of user whereabouts and whatabouts. But they aren’t the only ones. Take televisions. In the 2016 election, campaigns began targeting satellite-television ads to particular households. That technology was credited with helping Sen. Bernie Sanders target voters to eke out a surprise victory over Hillary Clinton in Michigan’s presidential primary. Now, a person’s television may be telling candidates a lot more than many people would care to share. Some newer smart-television systems, including units made by Vizio, can monitor everything a person watches and send the information to data brokers. Campaigns can buy that information and use it to beam ads that either complement a narrative broadcast by such networks as FOX News or MSNBC — or counter-program against it. Or a campaign might look for frequent watchers of a particular program — bass fishing championships, perhaps, or maybe “The Bachelor.” Campaigns have long targeted viewers of particular programs as likely to support their positions and have bought ads to air during those shows. Now, however, knowing that a person watches a specific program, a campaign can beam ads to the person’s television that would show up the next time the device is turned on, even if the viewer was watching some other show. Feuer said he was surprised to learn from a reporter that political consulting firms are an eager market for tracking information. “It means suddenly a campaign knows whether you are going to a doctor, an Alcoholics Anonymous meeting, where you worship and who knows what else,” Feuer said. At a time foreign agents are commandeering American campaign tools and using them to sow confusion and distrust among voters, Feuer said, the shift toward more tracking and monitoring is particularly concerning.... Just as the antiabortion organizations did around clinics, political campaigns large and small are building “geo-fences” around locations from which they can fetch the unique identifying information of the smartphones of nearly everyone who attended an event. “I don’t think a lot of people are aware their location data is being sent to whomever,” said Justin Croxton, a managing partner at Propellant Media, an Atlanta-area digital firm that works with political campaigns. “The good news is a lot of those people can opt out,” Croxton said. Privacy advocates, however, say opting out can be nearly impossible, as most device users are not even aware of which apps and phone settings are causing them to be surreptitiously monitored, much less in position to understand the intricacies of disabling all the tracking technology. “It is often embedded in apps you would not expect to be spying on you,” said Sean O’Brien, a technology and privacy scholar at Yale Law School. “There is a question of how much people know is being grabbed from an ethical standpoint, even if from a legal standpoint you have technically agreed to this without knowing it.” Once a data broker has identifying information from one device in hand, they can quickly capture information about other, associated devices, such as routers, laptops and smart televisions. Data brokers collect so much location information off phones that they can track a person’s whereabouts months into the past.... The fences can also be used to narrowly target messages into small geographic areas. “If we are sending out a piece of fundraising mail, we will fence the homes where it is being sent for an entire week before,” McShane said. Alternatively, McShane said, his firm might use a fence to build an “echo chamber” for an advocacy group lobbying politicians. Fences can be built around the homes, workplaces, and hangouts of legislators and their families, enabling a campaign to bombard their devices with a message and leave the impression that a group’s campaign is much bigger in scope than it actually is. There is also now a tool to grab a phone’s ID number as its user approaches a digital billboard, so that a custom-tailored message can be transmitted. Which political campaigns and other clients receive all that tracking information can’t be traced. A group of computer scientists at UC Berkeley monitoring tens of thousands of apps has tried. Serge Egelman, research director of the Usable Security & Privacy Group at UC Berkeley’s International Computer Science Institute, said his team can unearth which opaque data brokerages are amassing information, but not which political campaigns or interest groups buy it from them. “There are a lot of industries buying this data for things that most people are not expecting,” Egelman said. Some might be trying to get you to purchase a Volvo, while others aim to manipulate your vote. But none disclose what they know about you and how. “That is the fundamental problem,” Egelman said. “People can’t find that out.”"
Your phone and TV are tracking you, and political campaigns are listening in
Los Angeles Times, 20 February 2019

"Google has acknowledged that it made an error in not disclosing that one of its home alarm products contained a microphone. Product specifications for the Nest Guard, available since 2017, had made no mention of the listening device. But earlier this month, the firm said a software update would make Nest Guard voice-controlled. On Twitter, concerned Nest owners were told the microphone "has not been used up to this point”. Business Insider was first to report the development. The Nest Guard is one component in the Nest Secure range of home security products. The system includes various sensors that can be monitored remotely by the user. Nest Guard is an all-in-one alarm, keypad, and motion sensor but, despite being announced well over a year ago, the word “microphone” was only added to the product’s specification this month. The change coincided with the announcement that it was now compatible with Google Assistant."
Google admits error over hidden microphone
BBC, 20 February 2019

"A Chinese surveillance firm is tracking the movements of more than 2.5 million people in the far-western Xinjiang region, according to a data leak flagged by a Dutch internet expert. An online database containing names, ID card numbers, birth dates and location data was left unprotected for months by Shenzhen-based facial-recognition technology company SenseNets Technology Ltd, according to Victor Gevers, co-founder of non-profit organization GDI.Foundation, who first noted the vulnerability in a series of social media posts last week. Exposed data also showed about 6.7 million location data points linked to the people which were gathered within 24 hours, tagged with descriptions such as “mosque”, “hotel,” “internet cafe” and other places where surveillance cameras were likely to be found. “It was fully open and anyone without authentication had full administrative rights. You could go in the database and create, read, update and delete anything,” said Gevers.  China has faced an outcry from activists, scholars, foreign governments and U.N. rights experts over what they call mass detentions and strict surveillance of the mostly Muslim Uighur minority and other Muslim groups who call Xinjiang home.(tinyurl.com/y9zzouss). According to its website, SenseNets works with China’s police across several cities. Its Shenzhen-listed parent company NetPosa Technologies Ltd has offices in a majority of Chinese provinces and regions, including Xinjiang."
China surveillance firm tracking millions in Xinjiang: researcher
Reuters, 17 February 2019

"Some apps may track your activity over time, even when you tell them to forget the past. And there's nothing you can do about it. Roughly 17,000 Android apps collect identifying information that creates a permanent record of the activity on your device, according to research from the International Computer Science Institute that was shared with CNET. The data collection appears to violate the search giant's policy on collecting data that can be used to target users for advertising in most cases, the researchers said. The apps can track you by linking your Advertising ID -- a unique but resettable number used to tailor advertising -- with other identifiers on your phone that are difficult or impossible to change. Those IDs are the device's unique signatures: the MAC address, IMEI and Android ID. Less than a third of the apps that collect identifiers take only the Advertising ID, as recommended by Google's best practices for developers. "Privacy disappears" when apps collect those persistent identifiers, said Serge Egelman, who led the research. He said his team, which reported the findings to Google in September, observed most of the apps sending identifying information to advertising services, an apparent violation of Google's policies. The company's policies allow developers to collect the identifiers but forbid them from combining the Advertising ID with hardware IDs without explicit consent of the user, or from using the identifiers that can't be reset, to target ads. What's more, Google's best practices for developers recommend collecting only the Advertising ID. The behavior fits into the tech industry's long history of creating privacy measures that websites and app developers quickly learn to bypass. Adobe, for instance, was forced to address Flash cookies in 2011 after complaints that the snippets of software could survive in your web browser even after you cleared all your cookies. Similar complaints arose in 2014 over Verizon's and AT&T's use of so-called "supercookies," which tracked users across multiple devices and couldn't be cleared. In 2012, Microsoft accused Google of circumventing its P3P web privacy standard, which let users of the Internet Explorer browser set their preferences for cookies....Data collected by mobile apps has provoked even broader scrutiny because of the explosion of smartphones and tablets. In January, Facebook and Google were both found to have used a developer tool to circumvent Apple's privacy rules and build iOS apps that collect user information. Facebook's Cambridge Analytica scandal in 2018 and other privacy controversies have sparked greater scrutiny over how data is being collected and used.... Egelman's team, which previously found around 6,000 children's apps improperly collecting data, said Thursday that big-name apps for adults are sending permanent identifiers to advertising services. The apps included included Angry Birds Classic, the popular smartphone game, as well as Audiobooks by Audible and Flipboard. Clean Master, Battery Doctor and Cheetah Keyboard, all utilities developed by Cheetah Mobile, were also found to send permanent info to advertising networks. All of these apps have been installed on at least 100 million devices. Clean Master, a phone utility that includes antivirus and phone optimization services, has been installed on 1 billion devices.... A Cheetah Mobile spokesman said in an email that its apps send a device's Android ID to a company that helps it track installations of its products. The information isn't used for targeted ads, and the company complies with all relevant Google policies and laws, the spokesman said. He added that the version of Battery Doctor tested by the researchers was out of date; Cheetah Mobile updated the app in 2018 to no longer collect the IMEI....The data collection identified by Egelman and his team is similar to an issue that got Uber in trouble with Apple in 2015. According to The New York Times, Apple CEO Tim Cook was furious to learn that Uber was collecting iOS users' hardware identifiers against Apple's policies and threatened to remove the Uber app from the App Store.... The researchers configured a version of Android that let them track which identifiers an app collected and then ran thousands of apps on the modified software. Egelman said that changing your Advertising ID should serve the same function as clearing out your web browsing data. When you clear cookies, websites you visited in the past won't recognize you. That stops them from building up data about you over time. But you can't reset other identifiers, like the MAC address and IMEI. The MAC address is a unique identifier that your device broadcasts to internet connections like Wi-Fi routers. The IMEI is an identifier for your specific device. Both identifiers can sometimes be used to prevent stolen phones from accessing a cellular network. The Android ID is another identifier that's unique to each device. It can be reset, but only if you run a factory reset of your device."
These Android apps have been tracking you, even when you say stop
CNet, 14 February 2019

"As Amazon.com Inc. and Google work to place their smart speakers at the center of the internet-connected home, both technology giants are expanding the amount of data they gather about customers who use their voice software to control other gadgets. For several years, Amazon and Google have collected data every time someone used a smart speaker to turn on a light or lock a door. Now they’re asking smart-home gadget makers such as Logitech and Hunter Fan Co. to send a continuous stream of information. In other words, after you connect a light fixture to Alexa, Amazon wants to know every time the light is turned on or off, regardless of whether you asked Alexa to toggle the switch. Televisions must report the channel they’re set to. Smart locks must keep the company apprised whether or not the front door bolt is engaged. This information may seem mundane compared with smartphone geolocation software that follows you around or the trove of personal data Facebook Inc. vacuums up based on your activity. But even gadgets as simple as light bulbs could enable tech companies to fill in blanks about their customers and use the data for marketing purposes. Having already amassed a digital record of activity in public spaces, critics say, tech companies are now bent on establishing a beachhead in the home. “You can learn the behaviors of a household based on their patterns,” says Brad Russell, who tracks smart home products for researcher Parks Associates Inc. “One of the most foundational things is occupancy. There’s a lot they could do with that.”.... Smart speakers are among the fastest growing categories of consumer electronics, led by Amazon’s Echo and Google’s Home devices. That’s pushed the companies and their Alexa and Assistant software deeper into debates about the tradeoffs between useful services and the harvesting of personal data."
Your Smart Light Can Tell Amazon and Google When You Go to Bed
Bloomberg, 13 February 2019

"... one of the stories we were able to report using the Snowden documents, one that received less attention that it should have, is an active NSA program to collect the online sex activities, including browsing records of porn site and sex chats, of people regarded by the U.S. Government as radical or radicalizing in order to use their online sex habits to destroy their reputations. This is what and who the NSA, CIA and FBI are and long have been. If [Amazon's Jeff] Bezos were the political victim of surveillance state abuses, it would be scandalous and dangerous. It would also be deeply ironic. That’s because Amazon, the company that has made Bezos the planet’s richest human being, is a critical partner for the U.S. Government in building an ever-more invasive, militarized and sprawling surveillance state. Indeed, one of the largest components of Amazon’s business, and thus one of the most important sources of Bezos’ vast wealth and power, is working with the Pentagon and the NSA to empower the U.S. Government with more potent and more sophisticated weapons, including surveillance weapons. In December, 2017, Amazon boasted that it had perfected new face-recognition software for crowds, which it called Rekognition. It explained that the product is intended, in large part, for use by governments and police forces around the world. The ACLU quickly warned that the product is “dangerous” and that Amazon “is actively helping governments deploy it.” “Powered by artificial intelligence,” wrote the ACLU, “Rekognition can identify, track, and analyze people in real time and recognize up to 100 people in a single image. It can quickly scan information it collects against databases featuring tens of millions of faces.” The group warned: “Amazon’s Rekognition raises profound civil liberties and civil rights concerns.” In a separate advisory, the ACLU said of this face-recognition software that Amazon’s “marketing materials read like a user manual for the type of authoritarian surveillance you can currently see in China.” BuzzFeed obtained documents showing details of Amazon’s work in implementing the technology with the Orlando Police Department, ones that “reveal the accelerated pace at which law enforcement is embracing facial recognition tools with limited training and little to no oversight from regulators or the public.”Numerous lawmakers, including Congress’ leading privacy advocates, wrote a letter in July, 2018, expressing grave concerns about how this software and similar mass-face-recognition programs would be used by government and law enforcement agencies. They posed a series of questions based on their concern that “this technology comes with inherent risks, including the compromising of Americans’ right to privacy, as well as racial and gender bias.” In a separate article about Amazon’s privacy threats, the ACLU explained that the group “and other civil rights groups have repeatedly warned that face surveillance poses an unprecedented threat to civil liberties and civil rights that must be stopped before it becomes widespread.” Amazon’s extensive relationship with the NSA, FBI, Pentagon and other surveillance agencies in the west is multi-faceted, highly lucrative and rapidly growing. Last March, the Intercept reported on a new app that Amazon developers and British police forces have jointly developed to use on the public in police work, just “the latest example of third parties aiding, automating, and in some cases, replacing, the functions of law enforcement agencies — and raises privacy questions about Amazon’s role as an intermediary.”...Then there are the serious privacy dangers posed by Amazon’s “Ring” camera products, revealed in the Intercept last month by Sam Biddle. As he reported, Amazon’s Ring, intended to be a home security system, has “a history of lax, sloppy oversight when it comes to deciding who has access to some of the most precious, intimate data belonging to any person: a live, high-definition feed from around — and perhaps inside — their house.”... Bezos’ relationship with the military and intelligence wings of the U.S. Government is hard to overstate. Just last October, his company, Blue Origin, won a $500 million contract from the U.S. Air Force to help develop military rockets and spy satellites. Bezos personally thanked them in a tweet, proclaiming how “proud” he is “to serve the national security space community.”.... Then there’s the patent Amazon obtained last October, as reported by the Intercept, “that would allow its virtual assistant Alexa to decipher a user’s physical characteristics and emotional state based on their voice.” In particular, it would enable anyone using the product to determine a person’s accent and likely place of origin: “The algorithm would also consider a customer’s physical location — based on their IP address, primary shipping address, and browser settings — to help determine their accent.”... Bezos’ relationship with the military and spying agencies of the U.S. Government, and law enforcement agencies around the world, predates his purchase of the Washington Post and has become a central prong of Amazon’s business growth. Back in 2014, Amazon secured a massive contract with the CIA when the spy agency agreed to pay it $600 million for computing cloud software. As the Atlantic noted at the time, Amazon’s software “will begin servicing all 17 agencies that make up the intelligence community.”... Jeff Bezos is as entitled as anyone else to his personal privacy. The threats from the National Enquirer are grotesque. If Bezos’ preemptive self-publishing of his private sex material reduces the unwarranted shame and stigma around adult consensual sexual activities, that will be a societal good. But Bezos, given how much he works and profits to destroy the privacy of everyone else (to say nothing of the labor abuses of his company), is about the least sympathetic victim imaginable of privacy invasion. In the past, hard-core surveillance cheerleaders in Congress such as Dianne Feinstein, Pete Hoekstra, and Jane Harman became overnight, indignant privacy advocates when they learned that the surveillance state apparatus they long cheered had been turned against them. Perhaps being a victim of privacy invasion will help Jeff Bezos realize the evils of what his company is enabling. Only time will tell. As of now, one of the world’s greatest privacy invaders just had his privacy invaded. As the ACLU put it: “Amazon is building the tools for authoritarian surveillance that advocates, activists, community leaders, politicians, and experts have repeatedly warned against.'”
Jeff Bezos Protests the Invasion of His Privacy, as Amazon Builds a Sprawling Surveillance State for Everyone Else
The Intercept, 8 February 2019

"....any major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission. You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps. Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data. Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers. Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?” The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles. “This gives Air Canada employees — and anyone else capable of accessing the screenshot database — to see unencrypted credit card and password information,” he told TechCrunch."
Many popular iPhone apps secretly record your screen without asking
TechCrunch, 6 February 2019

"A man has been fined after refusing to be scanned by controversial facial recognition cameras being trialled by the Metropolitan Police. The force had put out a statement saying “anyone who declines to be scanned will not necessarily be viewed as suspicious”. However, witnesses said several people were stopped after covering their faces or pulling up hoods. Campaign group Big Brother Watch said one man had seen placards warning members of the public that automatic facial recognition cameras were filming them from a parked police van. “He simply pulled up the top of his jumper over the bottom of his face, put his head down and walked past,” said director Silkie Carlo.“There was nothing suspicious about him at all … you have the right to avoid [the cameras], you have the right to cover your face. I think he was exercising his rights.” Ms Carlo, who was monitoring Thursday’s trial in Romford, London, told The Independent she saw a plainclothed police officer follow the man before a group of officers “pulled him over to one side”. She said they demanded to see the man’s identification, which he gave them, and became “accusatory and aggressive”. “The guy told them to p*** off and then they gave him the £90 public order fine for swearing,” Ms Carlo added. “He was really angry.” A spokesperson said officers were instructed to “use their judgment” on whether to stop people who avoid cameras.... The Metropolitan Police has described the deployments as “overt” and said members of the public were informed facial recognition was being used by posters and leaflets. But no one questioned by The Independent after they passed through a scanning zone in central London in December had seen police publicity material, and campaigners claim the technology is being rolled out “by stealth”."
Police stop people for covering their faces from facial recognition camera then fine man £90 after he protested
Independent, 1 February 2019

"Two weeks after leaving her position as an intelligence analyst for the U.S. National Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker for an Arab monarchy. She had joined Project Raven, a clandestine team that included more than a dozen former U.S. intelligence operatives recruited to help the United Arab Emirates engage in surveillance of other governments, militants and human rights activists critical of the monarchy. Stroud and her team, working from a converted mansion in Abu Dhabi known internally as “the Villa,” would use methods learnt from a decade in the U.S intelligence community to help the UAE hack into the phones and computers of its enemies. Stroud had been recruited by a Maryland cybersecurity contractor to help the Emiratis launch hacking operations, and for three years, she thrived in the job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm named DarkMatter. Before long, Stroud and other Americans involved in the effort say they saw the mission cross a red line: targeting fellow Americans for surveillance. “I am working for a foreign intelligence agency who is targeting U.S. persons,” she told Reuters. “I am officially the bad kind of spy.” The story of Project Raven reveals how former U.S. government hackers have employed state-of-the-art cyber-espionage tools on behalf of a foreign intelligence service that spies on human rights activists, journalists and political rivals. Interviews with nine former Raven operatives, along with a review of thousands of pages of project documents and emails, show that surveillance techniques taught by the NSA were central to the UAE’s efforts to monitor opponents. The sources interviewed by Reuters were not Emirati citizens. The operatives utilized an arsenal of cyber tools, including a cutting-edge espionage platform known as Karma, in which Raven operatives say they hacked into the iPhones of hundreds of activists, political leaders and suspected terrorists. Details of the Karma hack were described in a separate Reuters article today. An NSA spokesman declined to comment on Raven. An Apple spokeswoman declined to comment. A spokeswoman for UAE’s Ministry of Foreign Affairs declined to comment. The UAE’s Embassy in Washington and a spokesman for its National Media Council did not respond to requests for comment."
Special Report - Inside the UAE’s secret hacking team of U.S. mercenaries
Reuters, 30 September 2019

"Desperate for data on its competitors, Facebook  has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms. Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits. Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe. Seven hours after this story was published, Facebook told TechCrunch it would shut down the iOS version of its Research app in the wake of our report. But on Wednesday morning, an Apple spokesperson confirmed that Facebook violated its policies, and it had blocked Facebook’s Research app on Tuesday before the social network seemingly pulled it voluntarily (without mentioning it was forced to do so). You can read our full report on the development here.An Apple spokesperson provided this statement. “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.” Facebook’s Research program will continue to run on Android....Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using....Once installed, users just had to keep the VPN running and sending data to Facebook to get paid."
Facebook pays teens to install VPN that spies on them
Tech Crunch, 30 January 2019

"Walgreens Boots Alliance Inc. is testing a technology that embeds cameras, sensors and digital screens in the cooler doors in its stores, a new network of “smart” displays that marketers can use to target ads for specific types of shoppers.  The refrigerator and freezer doors act as a digital merchandising platform that depicts the food and drinks inside in their best light, but also as an in-store billboard that can serve ads to consumers who approach, based on variables such as the approximate age the technology believes they are, their gender and the weather. This new technology could provide brick-and-mortar stores with a marketplace similar to online advertising. Ice cream brands could duke it out to get the most prominent placement when it is 97 degrees outside; an older man could see ads for different products than a younger woman. Cameras and sensors inside the coolers connected to face-detection technology also can determine which items shoppers picked up or looked at, giving advertisers insight into whether their on-screen promotions worked—and can let a retailer know quickly if a product has gone out of stock. .... The company says it only produces and stores anonymous metadata that describes the size and demographics of an audience, and doesn’t store or transmit image data or unique identifying information about shoppers. Walgreens also is posting a privacy statement and a concierge to answer customer questions near the coolers in its stores that test them, a Walgreens spokesman said. "
Walgreens Tests Digital Cooler Doors With Cameras to Target You With Ads
Wall St Journal, 11 January 2019

"At the tail end of 2018, Michigan approved Public Act 656, making electronic license plates legal. Yes, the stubbornly unchanging, unconnected rectangles that have been identifying cars for well over a century are finally getting a new look. The makeover, which comes courtesy of Silicon Valley startup Reviver Auto, is an Amazon Kindle–like display that bolts onto the front or back of the car, and does more than just show the standard plate number and state-celebrating miscellany. It lets you update the registration stickers on your car through an app instead of dealing with the DMV. It can display Amber alerts. It can be used as a miniature, knee-level billboard (when the car is parked). If someone steals the car, it can read “$NDHLP!” or the more serious “Stolen Vehicle.” It can double as your E-Z Pass, FasTrak, or whatever RFID-based device you use to pay tolls. It can track your car’s location, so you can keep tabs on your teenager. “It’s a platform that supports a lot of different functionality,” says Reviver cofounder and CEO Neville Boston. “I see it less as a license plate and more as a communication portal.” Digital displays have been allowed in California as part of a pilot program since last summer; Texas and Florida also permit them. Reviver hasn’t moved into those last two states yet, but Boston wants to have his product in six states by the end of the year, and is also looking to offer it in Canada and Dubai. His company dominates this market—when the California DMV asked for bids so it could offer this system, Reviver was the only bidder, the San Francisco Chronicle reported.Reviver’s plates, though, don’t come cheap. Deliveries won’t start until the spring, but you can preorder the basic RPlate for $499, or drop $799 on the RPlate Pro, which has more advanced telematics features....Cost and the inevitable privacy concerns that come with another location-tracking device may not slake consumers’ thirst for new gadgets, but it’s not clear that Reviver’s product does anything unique. Consumers who want insights into their travel patterns (plus data on fuel consumption and engine diagnostics) can get cheaper options that plug into the car’s OBD-II port, like Automatic, Autobrain, and Verizon Hum. Lots of automakers offer apps that provide similar data for their cars. The windshield-mounted devices most people use to pay for tolls cost about $30."
Do You Need a Digital License Plate? One Startup Thinks So
Wired, 21 January 2019

"The CEO of Israeli spyware company NSO Group has admitted that its software was used to spy on the Emir of Qatar. In an interview with Yedioth Ahronoth this weekend, Shalev Hulio admitted that his company’s product was used to spy on Emir Tamim Bin Hamad Al-Thani, as well as Qatari Foreign Minister Mohammed Bin Abdulrahman Al-Thani. The interview disclosed that NSO’s “Pegasus” software – which can be used to remotely infect a target’s mobile phone and then relay back data accessed by the device – was used to intercept phone calls and text messages made by both the Qatari foreign minister and the Emir. These conversations reportedly concerned “hundreds of millions of dollars in ransom to Iran and Hezbollah for the release of several Qataris,” some of which was allegedly sent to the commander of the Iranian Revolutionary Guards’ Quds Force, Qasem Soleimani. This spying was seemingly undertaken at the behest of the United Arab Emirates (UAE). Hulio revealed that the Israeli Defense Export Control Agency (DECA) authorised three deals with the UAE for the sale of NSO software, despite the fact that DECA is only supposed to give authorisation for the “purpose of fighting terrorism and crime”. These deals – allegedly mediated by former senior Israeli defence officials with close ties to a senior Emirati official – raised a total of $80 million in revenue for NSO. NSO’s Pegasus software has come under increasing scrutiny in recent months after the product was revealed to be complicit in the murder of Saudi journalist Jamal Khashoggi. Though Hulio stressed in the interview with Yedioth Ahronoth this weekend that “Khashoggi was not targeted by any NSO product or technology, including listening, monitoring, location tracking and intelligence collection,” it appears that Saudi Arabia used NSO software to spy on many of Khashoggi’s friends and associates. US whistle-blower Edward Snowden has been at the forefront of these claims, telling the Israeli newspaper: “I do not pretend that NSO is involved in hacking [directly] into Khashoggi’s phone, so their denial does not take us to a different conclusion. The evidence shows that the company’s products were involved in hacking into the phones of [Khashoggi’s] friends Omar Abdel Aziz, Yahya Assiri, and Ghanem Al-Masarir.”"
Israel company admits spying on Emir of Qatar
Middle East Monitor, 14 January 2019

"One benefit of cities being “smart” is their ability to use communications technology to integrate key industries and infrastructure in a way that generates growth and benefits everyone. London, for example, contributes about a third of all taxes paid in the United Kingdom. However, this makes smart cities attractive targets for large-scale malicious cyberattacks, as a single attack would have widespread implications. In March 2018, a cyberattack on poorly secured public computer systems in Atlanta – a city known for its investment in smart applications – shut down many of the city’s functions, some for months.... In 2019, as more smart cities become established, our urban environments will be even more vulnerable to attacks. The communications networks that underpin smart cities rely on relatively new technologies, such as Internet of Things (IoT) applications. These technologies – particularly sensor networks – are not cyber secure. Many cities, for instance, use smart sensors to reduce transport congestion and to manage smart-parking initiatives. However most wireless sensors used in the public domain are relatively cheap and do not have built in security architecture; they are not secure by design. IoT systems, such as smart-grid technology, are also increasingly interconnected with each other and with the global internet, meaning that access to one can often mean access to many. And, according to Garner, the consultancy company, by 2020 the number of IoT devices in the world will outnumber the world population. Such a level of complex connectivity increases the risks of attack substantially.... As the Atlanta case has shown, a successful cyber-attack can lead to a big disruption to business, daily life for city-dwellers, loss of reputation for companies and declining trust in emerging technologies from end-users. And, as smart systems are interconnected and interdependent, an attack on something as “trivial” as parking sensors, could give an attacker access to nodes that connect with critical national infrastructure, thus endangering national security. Smart cities, of course, also create another challenge: the large amounts of data they generate, which could fall into the wrong hands and be used for malicious purposes. Data about contactless card payments on a public-transport network, for example, can give a good picture of the daily circulation rates in a city, the most commonly used routes and transportation hubs and times when such hubs are most crowded, all of which could be used by malicious actors to cause maximum disruption. Smart-city administrations now have no choice but to understand more comprehensively both the opportunities and risks that emerging technologies present. And, to protect themselves and their citizens, they will have to find ways of forging stronger partnerships with the private sector, which is already playing a significant role in conducting risk assessments and which also has much to lose from a cyberattack on the infrastructure."
Smart cities are an absolute dream for infrastructure cyberattacks
Bloomberg, 14 January 2019

"The “smart home” of the 21st century isn’t just supposed to be a monument to convenience, we’re told, but also to protection, a Tony Stark-like bubble of vigilant algorithms and internet-connected sensors working ceaselessly to watch over us. But for some who’ve welcomed in Amazon’s Ring security cameras, there have been more than just algorithms watching through the lens, according to sources alarmed by Ring’s dismal privacy practices....  Ring unnecessarily provided executives and engineers in the U.S. with highly privileged access to the company’s technical support video portal, allowing unfiltered, round-the-clock live feeds from some customer cameras, regardless of whether they needed access to this extremely sensitive data to do their jobs. For someone who’d been given this top-level access — comparable to Uber’s infamous “God mode” map that revealed the movements of all passengers — only a Ring customer’s email address was required to watch cameras from that person’s home. Although the source said they never personally witnessed any egregious abuses, they told The Intercept “if [someone] knew a reporter or competitor’s email address, [they] could view all their cameras.”.... Despite its mission to keep people and their property secure, the company’s treatment of customer video feeds has been anything but, people familiar with the company’s practices told The Intercept. Beginning in 2016, according to one source, Ring provided its Ukraine-based research and development team virtually unfettered access to a folder on Amazon’s S3 cloud storage service that contained every video created by every Ring camera around the world. This would amount to an enormous list of highly sensitive files that could be easily browsed and viewed. Downloading and sharing these customer video files would have required little more than a click. The Information, which has aggressively covered Ring’s security lapses, reported on these practices last month. At the time the Ukrainian access was provided, the video files were left unencrypted, the source said, because of Ring leadership’s “sense that encryption would make the company less valuable,” owing to the expense of implementing encryption and lost revenue opportunities due to restricted access."
For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching Too
Intercept, 10 January 2019

"This week at CES, the international consumer electronics show in Las Vegas, a host of startup companies will demonstrate to global automakers how the sensor technology that watches and analyzes drivers, passengers and objects in cars will mean enhanced safety in the short-term, and revenue opportunities in the future. Whether by generating alerts about drowsiness, unfastened seat belts or wallets left in the backseat, the emerging technology aims not only to cut back on distracted driving and other undesirable behavior, but eventually help automakers and ride-hailing companies make money from data generated inside the vehicle.....It is not yet clear how consumers in the age of Facebook Inc (FB.O) and virtual assistants like Amazon.com Inc’s (AMZN.O) Alexa will react to the potentially disconcerting idea of being watched - then warned - inside a vehicle, especially as cars become living rooms with the advent of self-driving....Tesla owners have speculated about the Model 3’s currently inoperational interior camera, with some asking in forums whether “Big Brother” was watching.“Put a small piece of scotch tape on it ... and you can nose pick again ...” advised one post."

Move aside, backseat driver! New tech at CES monitors you inside car
Reuters, 8 January 2019
      






".... if you look around and see what the world is now facing I don't think  in the last two or three hundred years we've faced such a concatenation of  problems all at the same time..... if we are to solve the issues that are ahead of us, we are going to need to think in completely different ways. "
Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 -2006

BBC Radio 4, 'Start The Week', 30 April 2007

"Individual peace is the unit of world peace. By offering Consciousness-Based Education to the coming generation, we can promote a strong foundation for a healthy, harmonious, and peaceful world.... Consciousness-Based education is not a luxury. For our children who are growing up in a stressful, often frightening, crisis-ridden world, it is a necessity."
Academy Award Winning Film Producer David Lynch (Elephant Man, Blue Velvet, etc)
David Lynch Foundation





  

NLPWESSEX, natural law publishing
nlpwessex.org