Tag: Surveillance

Categories
Writing

Attention shoppers: Retailers can now track you across the mall

While the technology that the IT World article discusses isn’t terribly novel – I was given a paper conducted by grad students on this topic a few years ago, and they had a working prototype of similar systems – I find it incredibly worrying that ambient information that smartphones expel is being used for purposes in excess of why the information is transmitted in the first place. We don’t live in a (Western) world where lacking a cell phone is common; for many people a mobile phone is critical to their business or livelihood. Indeed, when you go to other areas of the world where mobile penetration is even higher because of exorbitant costs associated with laying down fibre, mobiles are even more important on a daily basis.

As such, and any suggestion like “if you don’t want to be tracked, don’t own a phone” misses the point around privacy concerns related to mobile phone tracking. In effect, it shouldn’t be up to the individual to unilaterally defend themselves from further expansions of private surveillance capabilities. Instead, those capabilities should be limited by law, by regulation, and by a minimalistic sense of ethics. Tracking where people are walking, and giving them an option to opt-out of tracking by visiting a website they’ve never heard of and digging into its depths is not a sufficient way to ‘empower’ individuals.

Categories
Links Writing

Lawful Access is Dead, Long Live Lawful Intercept!

So, the takeaway from this post is that Industry Canada’s proposed modifications significantly expand the volume and types of communications that ISPs must be able to intercept and preserve. Further, the Department is considering expanding interception requirements across all wireless spectrum holders; it needn’t just affect the LTE spectrum. We also know that Public Safety is modifying how ISPs have to preserve information related to geolocational, communications content, or transmission data. Together, these Departments’ actions are expanding government surveillance capacities in the absence of the lawful access legislation.

Industry Canada’s and Public Safety’s changes to how communications are intercepted should be put on hold until the government can convince Canadians about the need for these powers, and pass legislation authorizing the expansion of government surveillance. Decisions that are made surrounding interception capabilities are not easily reversed because once the technology is in place it is challenging to remove; as such, the government’s proposed modifications to intercept capabilities should be democratically legitimated before they are instantiated in practice.

Categories
Links Writing

EU citizen warned not to use US cloud services over spying fears

shonelikethesun:

What the title says, basically. I had missed this.

The warning should be heard by non-EU citizen too, with the Cloud, privacy is fucking dead. And what’s sadder is that 90% of people simply don’t care.
Unless it makes more probable for your significant other to see your transsexual porn browser history…

The EU Report is well worth a full read (available here in .pdf). Things to keep in mind that aren’t all that being well discussed:

  • you know about this report – media is covering it – because of the tireless efforts of Caspar Bowden, one of the authors and a noted global privacy advocate. It was out for months before it hit the media.
  • everyone is focused on US intelligence (good) but missing the significance of the FISAAA amendments: it’s not just that you can be spied on. It’s that the spying does not have to happen for national security reasons. No, it’s sufficient to conduct surveillance for political (read: espionage) reasons.
  • a huge aspect of the report – which isn’t touched on, even in the European media that much – is its call for the European Parliament to given EUROPOL and ENISA a direct mandate.

The second point is particularly important for non-Europeans. While it’s a lesser spoken about part of the intelligence world, spooks are routinely engaged in industrial espionage on the grounds that such acts assist the nation-state’s finances. This can include the theft of foreign corporations’ information, or (in extreme cases) the deletion of the same information. It seems that FISAAA’s amendments would only permit the former, and not the latter. However, as a result of these amendments corporations should be more wary of outsourcing their document storage to US-based cloud services, content creation to US hosts and online services, or communications systems to (you guessed it!) American firms. Placing such data in the hands of the Americans is rife with potential economic harms and, no matter how much you like Dropbox, Google, or other cloud provider, they’re all likely to turn on you if the NSA comes knocking.

Source: EU citizen warned not to use US cloud services over spying fears

Categories
Links Writing

A Poignant Comment on Deleting Email

For the past two months I’ve been trying to figure out what to say about something Peter Fleischer, Google’s Global Privacy Counsel, wrote about his personal email retention and deletion policies. After talking about whether people should worry about “covering their tracks” from government snooping, he writes (emphasis added):

In the meantime, as users, we all have to decide if we want to keep thousands of old emails in our inboxes in the cloud.  It’s free and convenient to keep them.  Statistics published by some companies seem to confirm that the risks of governments seeking access to our data are extremely remote for “normal people”.  But the laws, like ECPA, that are meant to protect the privacy of our old emails are obsolete and full of holes.  The choice is yours:  keep or delete.  I’m a pragmatist, and I’m not paranoid, but personally, I’ve gotten in the habit of deleting almost all my daily emails, except for those that I’d want to keep for the future.  Like the rule at my tennis club:  sweep the clay after you play.

His comments struck me as being incredibly poignant when I first read them, and remain so today. I’ve stopped archiving email. I delete email (as best I can, given cloud data retention policies and all…) on a regular basis. Over the Christmas break I removed an aggregate of about 6 GB of mail that had just…accrued…in my various accounts over the past decade. In short, his post motivated me enough to spend the better part of 3 or 4 days sifting and sorting through my digital life. Ultimately I removed an awful lot of what was there.

At some point I hope to spend more time writing about, and thinking through, some of Peter’s points. At the moment, however, I’d just recommend you think about what it means when Google’s Global Privacy Counsel – the guy who is best able to go to the mat to protect the privacy of his own inbox – chooses to routinely delete his email from the cloud. If he takes that precaution, and he has the influence that he does, shouldn’t you at least consider following his lead?

Categories
Quotations

2013.1.11

But an attempt by Canadian ISPs to garner an all-access pass that would let them secretly install software to monitor potentially illicit user activity was thwarted, at least in part.

According to the note accompanying the draft regulations, industry representatives “had argued for exemptions from the requirement for consent to install software to prevent unauthorized or fraudulent use of a service or system, or to update or upgrade systems on their networks.”

Under the revised rules, service providers would only be permitted to install software “where illegal activities pose a threat to [their] networks.”

Kady O’Malley, “Ottawa’s anti-spam proposals prohibit secret monitoring software
Categories
Quotations

2013.1.10

… Chrome acts as 100 million sensors on the Internet looking for *.google.com MitM attacks. If you are a government wanting to spy on your citizens, as soon as you insert a fraudulent signing certificate into your BlueCoat monitor, one of your citizens using Google Chrome is going to notify the mother ship.

Robert Graham, “Don’t mess with the Google
Categories
Quotations

2013.1.8

The war on terrorism should not be a war on ethics, integrity, technology and the rule of law. Stopping terrorism should not include terrorizing whistleblowers and truth tellers who raise concern when the government cuts corners to electronically surveill, torture and assassinate its own people. And it is not okay for a president to grant himself the power to play prosecutor, judge, jury and executioner of anyone on the entire fucking planet.

Jesselyn Radack, quoted in “US Whistleblowers on Being Targeted by the Secret Security State
Categories
Writing

Could Google+ Depend of Google Now’s Success?

MG Siegler recently argued that:

Google+ is a turd.

I’m not sure why everyone seems afraid to admit this. I think it’s similar to the reason why some seem reluctant to call Windows 8 a turd when it’s already abundantly clear: people are scared that such a bold statement could come back to bite them in the ass. But it won’t. Both are clearly turds.

Google continues to try to cram Google+ down people’s throats, but it just won’t stay down. People are gonna keep puking it right back up. The only compelling feature of Google+ is Hangouts; everything else is a carbon copy of some social activity that people can (and already do) do elsewhere. Google simply made a bad call and started chasing the wrong thing (social) far too late.

I wonder how long it will take Google to admit defeat here? I’m sure we’ll see a lot more of the shoving of Google+ in our faces first — Chrome, you’re next. But I really wish Google would take all the energy being put behind this dog and use it to blow out their truly interesting and innovative products, like Google Now.

I think that the of Google+ could depend on Google’s capability of linking signals from their social networking product with their Now product. Currently, Now can ascertain things like when you’re near certain locations or about to perform certain actions (e.g. near a bus stop/station or about to take a flight) and provide relevant and helpful data to the Android Phone user. This is really cool and, if you’re comfortable with this degree of personalized data mining, potentially convenient.

What Now presently lacks is the ability to tell me that when I’ve a break in my day (based on Google Calendar analysis) and a friend also has a break (based on an analysis of their calendar) that we could mutually meet for coffee or meal. It similarly lacks an awareness of my colleagues and friends to suggest that there are special non-birthday dates coming up. Same thing for mass-mining of check-ins (to figure out what my social community eats, and where they do it often) and preferred news and website content.

The thing is, all of these functionality elements could be implemented if there was widescale adoption and use of Google+. This means that updated version of Android need to get to millions of handsets or, alternately, Chrome need to deploy Now functionality (something that code analyses suggest is imminent). Either/or could encourage people to adopt Google+ to get heightened personalized data mining. Yes, you read that right: (perceived) helpful surveillance could get people to intentionally adopt products that facilitate useful personalized insights.

The key issue – beyond pure legal and regulatory concerns – will be whether this kind of mining is seen as ‘creepy’ or not. If the Now product is seen as cool, feature rich, opt-in, and not privacy infringing – and is adopted by a significant portion of the masses – then Google could offer personalized services in excess of those offered by Twitter and Facebook today. This might be the ‘nudge’ necessary to get a significant portion of the social graph onto Google and consequently elicit a network effect sufficient to turn Google+ into a viable and useful social networking community.

If Google+ is seen as a gateway to improved Now information, and if users see Now as a feature they want more of in their life, then Google+ could see a fresh (if somewhat forced) breath of life. A key question, however, is whether the advantages of a cool product offering are sufficient to get people to ‘jump ship’ onto a largely empty social networking platform. It’ll be curious to watch because if Google is successful they’ll have found a way to create a social graph in a novel manner, one that other companies may subsequently attempt to replicate.

Categories
Links

How foreign firms tried to sell spy gear to Iran

Steve Stecklow is one of the few reporters that has continued to write about Iran’s acquisition of surveillance equipment for the past several years. At this point he has a good grasp of how the technology gets into the country, what’s done with it, and why and how vendors are evading sanctions. His article earlier this year provides a good look at how Huawei and ZTE alike have sold ‘lawful intercept’ equipment to the Iranian government. I’d highly recommend taking a look at what he’s written.

Categories
Quotations

2012.12.11

Life under a national security state is not a life. Living under such a state is simply living like a slave, or at best it is like living in a big prison, albeit one that has invisible bars. While invisible, these bars are, nevertheless, extremely constraining.

Maher Arar, from “What Life Looks Like Under a National Security State