Mobiles used to surveil shoppers..

Times Online: "Customers in shopping centres are having their every move tracked by a new type of surveillance that listens in on the whisperings of their mobile phones.

The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around.

The device cannot access personal details about a person’s identity or contacts, but privacy campaigners expressed concern about potential intrusion should the data fall into the wrong hands."


Seems like this would be easy enough to correlate with time-coded surveillance video on premises... Speaking of which, aren't they already doing this with the cameras?

Terrorists have officially won.

27BStroke6: "The Senate overwhelming voted Tuesday evening to legalize President Bush's warrantless wiretapping program and grant amnesty to the phone companies that helped out with the domestic spying..

The 68 to 29 vote is a major step in radically re-configuring 30 year-old limits on how the nation's spying services operate inside America's borders. The vote also deals a severe blow to civil liberties groups that are suing companies such as AT&T and Verizon for turning over millions of American's phone records to the government, and for helping the government wiretap American's phone and internet communications without a court order."


Sad. Predictable, but sad.

FBI data mines consumer grocery records for 'signs of terrorists'

CQ Politics: "Like Hansel and Gretel hoping to follow their bread crumbs out of the forest, the FBI sifted through customer data collected by San Francisco-area grocery stores in 2005 and 2006, hoping that sales records of Middle Eastern food would lead to Iranian terrorists.

The idea was that a spike in, say, falafel sales, combined with other data, would lead to Iranian secret agents in the south San Francisco-San Jose area. The brainchild of top FBI counterterrorism officials Phil Mudd and Willie T. Hulon, according to well-informed sources, the project didn’t last long. It was torpedoed by the head of the FBI’s criminal investigations division, Michael A. Mason, who argued that putting somebody on a terrorist list for what they ate was ridiculous — and possibly illegal.

A check of federal court records in California did not reveal any prosecutions developed from falafel trails. "


As 27BStroke6 points out - "It's not clear how the FBI got the records to sift through in the first place - did grocery stores volunteer the data or get served with national security letters or the dread Section 215 of the Patriot Act."

Not going to say we told you so...

Really.

RFID implants linked to animal tumors

AP: "When the U.S. Food and Drug Administration approved implanting microchips in humans, the manufacturer said it would save lives, letting doctors scan the tiny transponders to access patients' medical records almost instantly. The FDA found 'reasonable assurance' the device was safe, and a sub-agency even called it one of 2005's top 'innovative technologies.'

But neither the company nor the regulators publicly mentioned this: A series of veterinary and toxicology studies, dating to the mid-1990s, stated that chip implants had 'induced' malignant tumors in some lab mice and rats. 'The transponders were the cause of the tumors,' said Keith Johnson, a retired toxicologic pathologist, explaining in a phone interview the findings of a 1996 study he led at the Dow Chemical Co. in Midland, Mich."


Um. Whoops. More on the back-story, including hints of political corruption and coverup of the risks at 27bStroke6... Un-chip your pets.

So Democrats and Republicans both hate freedom after all...

27bStroke6: "A new law expanding the government's spying powers gives the Bush Administration a six-month window to install possibly permanent back doors in the nation's communication networks. The legislation was passed hurriedly by Congress over the weekend and signed into law Sunday by President Bush."

"In short, the law gives the Administration the power to order the nation's communication service providers -- which range from Gmail, AOL IM, Twitter, Skype, traditional phone companies, ISPs, internet backbone providers, Federal Express, and social networks -- to create possibly permanent spying outposts for the federal government."


Let the Noise to Signal ratio increase in 3...2...1... now. Not even going out on a limb to say that this infrastructure will absolutely be used in routine wholesale surveillance of US citizens, our actions, our thoughts, and our interconnections.

So the meta-theme is that people want freedom, and governments want control. Looks like we're well on our way to joining the ranks of nations we would have ridiculed as being 'not free' even 20 years ago.

Question: Why do we feel like the 'war on terrr' is merely a pretext? Why do those charged with preserving individual freedom seem driven to curtail it at every available opportunity? Republican. Democrat. Doesn't seem to matter. The motivations and actions of our elected representatives appear counter to what they should be as leaders of a free society.

Unless we're over that?

Windows Vista streams personal data to Microsoft

Softpedia: "Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company. "

So on the plus side, Microsoft is pretty open about the fact that they're watching you - although we'd wager that most Vista users are utterly unaware that a steady stream of personal info is phoning home. Is it a spyware OS? Maybe. Maybe not. We're not using it, so we don't really care.

The real question is "who does your computer, your property, serve? You, or others?"

AT&T expands domestic surveillance to include 'copyright violations'...

Via 27BStroke6: "AT&T, one of the nation's largest ISPs and internet backbone providers, is now working with Hollywood and the recording industry to create a network-based solution to police copyright infringement, according to the Los Angeles Times."

Well, since they have the deep packet inspection technologies riding on the backbone, and since their collaboration with the NSA (and the tech used) is in the open, why not resell the service... Discounting the invasive nature of sniffing customer's (and potentially non-customer's) internet traffic, there's the issue of privacy, security, false positives, and of course, the ever-present issue that an IP address doesn't equal identity. Will they start filtering porn next? Or spam? Or offers from competing ISPs?

Once they've demonstrated the capability, will they be compelled to try to identify and block fraud, threats, or other activities? What about corporate data? What about legitimate fair use of copyright works (e.g. streaming MP3s of CDs you own from your home PC to your work PC? Or, god forbid Trent Reznor tries to upload one of his own tracks to his web site)...

And will it all be moot once this hits the public eye, and session encryption tools like Tor become more mainstream? Blah.

AT&T sucks. Seriously. They should be ashamed of spying on their own customers - and AT&T customers suck too. At least the ones who continue to subscribe to AT&T services knowing the open hostility that AT&T exhibits toward its customers.


Oh, and in related AT&T wholesale surveillance news, The SpyRoom docs have been released. Also from Wired: "A civil liberties group suing telecom giant AT&T for allegedly installing illegal secret surveillance rooms in its internet facilities at the behest of the National Security Agency published substantial portions of long-sealed case documents Tuesday."

Step 1. Aquire ad companies. Step 2. Wholesale surveillance. Step 3. Profit.

Interesting duo-fecta of announcements this week from two competing retardo-level market cap companies in the computing world. Both Micro$oft and Google have acquired ad-serving companies that extend reach beyond their own properties - and curiously, both have plans to do the deep cross-property profiling of individuals and their online activities.


From the Financial Times, on Google's 'do no evil' plan: "Google’s ambition to maximise the personal information it holds on users is so great that the search engine envisages a day when it can tell people what jobs to take and how they might spend their days off. Eric Schmidt, Google’s chief executive, said gathering more personal data was a key way for Google to expand... Fears have been stoked by the potential for Google to build up a detailed picture of someone’s behaviour by combining its records of web searches with the information from DoubleClick’s “cookies”, the software it places on users’ machines to track which sites they visit."


From New Scientist on Micro$oft's continued push to assimilation: "If you thought you could protect your privacy on the web by lying about your personal details, think again. In online communities at least, entering fake details such as a bogus name or age may no longer prevent others from working out exactly who you are. That is the spectre raised by new research conducted by Microsoft. The computing giant is developing software that could accurately guess your name, age, gender and potentially even your location, by analysing telltale patterns in your web browsing history. But experts say the idea is a clear threat to privacy - and may be illegal in some places."


Spiffy. Inescapable pervasive wholesale surveillance, by Micro$oft, Google, the federal government, and ISPs.. Let the countdown to investigative subpoenas begin? Pleh. Time to start a new internet. This one's been infected.

Total Information Awareness - more lives than a cat.

Washington Times: "Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.

The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations. "

" The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior. Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information"


Notice a pattern here? Aside from the academic and civil rights arguments against pervasive monitoring of pretty much everything, and aside from the 'bad science' behind this approach as a preventative security apparatus, we're seeing a pattern of disregard.. Executive branch starts it up, Legislative shuts it down. Executive branch moves it to another agency, gives it a new name. Legislative shuts it down. Ad infinitum.

It's a bad idea, open to massive abuse, inaccuracy, and is unlikely to be effective at much more than wasting time and money - at least in the 'war on terrrr'.. Human intelligence and traditional law enforcement is a better bet here.

The information that one is missing a kidney, makes occasional trips to Cleveland, and prefers Colgate toothpaste in no way susses out criminal or terrorist intent. It's all noise, no signal. But it's a great tool for traditional crimes, drug crimes, etc - that happens to bypass due process protections and thresholds for probable cause. (you know, one or two foundational Constitutional amendments...)

It's also a great way to keep tabs on affiliations, dissidents and those who disagree with the those in power. Opinion crimes.

It's just a question of 'what kind of society do we want'... What freedoms do we value? And even if we trust the party in power not to abuse the systems, what about your least favorite party? Going through mail, monitoring phone calls, tracking behaviors. Not to mention insiders... individuals with searchable access to every fact on everyone. Bah.

House introduces bill to require ISPs to monitor, archive everything forever

CNet: "All Internet service providers would need to track their customers' online activities to aid police in future investigations under legislation introduced Tuesday as part of a Republican 'law and order agenda.'

Employees of any Internet provider who fail to store that information face fines and prison terms of up to one year, the bill says. The U.S. Justice Department could order the companies to store those records forever."

"Because there is no limit on how broad the rules can be, Gonzales would be permitted to force Internet providers to keep logs of Web browsing, instant message exchanges, or e-mail conversations indefinitely."

"That broad wording also would permit the records to be obtained by private litigants in noncriminal cases, such as divorces and employment disputes. That raises additional privacy concerns, civil libertarians say."


It's a given that this is a bad idea for several reasons - from 'this completely guts the notion of personal privacy' to 'the law of unintended consequences'. While surely a boon for storage companies, it pretty much sucks for everyone else.

1. Tremendous privacy implications for individuals, small business, anyone using an ISP for any reason.

2. Giant cyber-criminal target (crack, mine, build profiles for spearphishing, compromise unencrypted passwords, find legal but extortable information, etc)

3. Will trap data of normal people and do exactly zero to trap info on criminals (who are using encryption, other people's connections, blah blah)

4. IP and behavioral data doesn't prove identity or intent. Functionally useless. (see Splunk'd AOL Search Info, wardriving, RIAA/MPAA dragnets, log poisoning and rewriting, etc.)

So how do people (law enforcement, divorce lawyers, lawyers) access the traffic? where is it stored? how is it secured? how does one review the data for accuracy? will slightly different system-times wrongly implicate individuals based on timestamps and IPs ? (See 'DHCP for Dummies). How do we treat wifi hotspots? Open home and business wifi access points? Rogue ISP employees? Worms, botnets and malware infected computers (and whatever they might do)? Compromised law enforcement logins? We could do this all night.

It's retarded, impractical, an abhorrent breach of privacy, and dangerous for everyone.

On the plus side, maybe this will finally negate the 'net neutrality' argument (treating different bits differently) as users start using Tor, anonymizers, tunneling to Russian VPNs, etc. to encrypt all traffic - leaving nothing for ISP logs to grab or interpret. Maybe this is a good thing.

This is the litmus test for "do everyday people value their own privacy - and is the government still of, by, and for the people"...

Canadian company to photograph every house in America to build database for sale

Arizona Daily Star: "Photographers from a Canadian company are going house to house, shooting pictures of the roughly 300,000 houses in metropolitan Tucson. It's part of an effort to photograph and appraise every house in the country, creating a database that can be sold to banks and insurance companies. While the city attorney says the activity is perfectly legal, it has officials and some residents concerned about privacy rights."



Their FAQ says they don't go on private property. Their 'leaflets' for concerned residents say it's for law enforcement and first responders (not true, according to law enforcement and first responders). Unsavory that a foreign company is using photos of other people's stuff for profit without permission. Not illegal. Just distasteful. Like real-estate paparazzi.

So we have two solutions:

1. Compose an original poem large enough to be seen from the street, and affix it to the front of your house. If your house ends up in the database, sue for copyright infringement and illegal distribution (using arguments made popular by the RIAA and MPAA), issue a DMCA take-down notice to their hosting providers, and Bob's your uncle.


2. Someone please track down the home addresses of executives and investors so we can start collecting and publishing photos of their houses on these Internets. Please observe all local laws in photographing the executive's houses, do not trespass, and do not attempt to photograph people or attempt to collect additional personal information. Follow the same criteria they have published for their own photographers.




Link via /.

U.S. Set to Begin a Vast Expansion of DNA Sampling

New York Times: "The Justice Department is completing rules to allow the collection of DNA from most people arrested or detained by federal authorities, a vast expansion of DNA gathering"

"The goal, justice officials said, is to make the practice of DNA sampling as routine as fingerprinting for anyone detained by federal agents, including illegal immigrants. Until now, federal authorities have taken DNA samples only from convicted felons."

"While the proposed rules have not been finished, justice officials said they were certain to bring a huge new workload for the F.B.I. laboratory that logs, analyzes and stores federal DNA samples. Federal Bureau of Investigation officials said they anticipated an increase ranging from 250,000 to as many as 1 million samples a year. The laboratory currently receives about 96,000 samples a year, said Robert Fram, chief of the agency’s Scientific Analysis Section."


All your DNA are belong to us. Forever.
And still doesn't address the issue of the millions of chimeric twins out there. One body - multiple versions of DNA.

FBI conducting multi-year internet porn study

ZDNet: "The FBI appears to have adopted an invasive Internet surveillance technique that collects far more data on innocent Americans than previously has been disclosed."

"Such a technique is broader and potentially more intrusive than the FBI's Carnivore surveillance system, later renamed DCS1000. It raises concerns similar to those stirred by widespread Internet monitoring that the National Security Agency is said to have done, according to documents that have surfaced in one federal lawsuit, and may stretch the bounds of what's legally permissible." On Monday, a Justice Department representative would not immediately answer questions about this kind of surveillance technique.

"What they're doing is even worse than Carnivore," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation who attended the Stanford event. "What they're doing is intercepting everyone and then choosing their targets."



Only a matter of time before the needle-stack makers legislate full data retention at ISPs.. First for the 'war on terr-r', then 'for the children', and later .. well, it will be too late to matter because they won't care what you think. ISP costs go up due to massive storage requirements, innocent Americans will have ALL internet surfing, communications, etc. stored for later perusal by law enforcement, divorce lawyers, the RIAA/MPAA or anyone else who can hack a massively distributed database.

Meanwhile, terrorists and others are unaffected as the needlestack gets larger. But it's not really about that. It's about control. And in the end, the government has the shiny new law enforcement tool they wanted. We're sure it will be useful, but at what cost to the rest of us? And what happens to checks, balances, the fourth amendment, etc. If anything will spur consumer adoption of encryption and Tor-like objects, this will be it.

Stay tuned.

Brittain planning cottage industry around "crowdporn" cameras

The Sun Online: "As part of the most shocking extension of Big Brother powers ever planned here, lenses in lampposts would snap “naked” pictures of passers-by to trap terror suspects.

The proposal is contained in leaked documents drawn up by the Home Office and presented to PM Tony Blair’s working group on Security, Crime and Justice. But the prospect of the State snooping on individuals’ most private parts is certain to spark national fury. And officials are battling to find a way of dealing with that reaction."

"Officials have agreed one solution would be to allow only women to monitor female subjects — although they admit this would be “very problematic” in crowds... “Privacy is an issue because the machines see through clothing.”"

"Cops would also get the power to build a database of everyone in the land. Three-dimensional CCTV pictures would be coupled with records of people’s mobile phones and even their travel cards to get details of their movements and habits. Facial recognition systems to help track individuals’ movements are also being considered."


And UK parents want some perv behind a government camera looking through their children's clothes because....?

Bush says feds can open mail without warrant

The Seattle Times: "President Bush quietly has claimed sweeping new powers to open Americans' mail without a judge's warrant."


Slippery slope has become an open shaft.

Face search engine will let anyone find every picture of you on the Internets...

New Scientist: "A search engine that uses sophisticated facial recognition to allow users to identify and find people in online images will launch next month. But civil liberties groups say the biometric-style tool could compromise the privacy of anyone who has their picture online."


Yikes. And people have called us paranoid for years because we chose not to be in photographs or put our mugs on the Internets... Nice search tool for stalkers, ID thieves and governments.. Not to mention blackmailers. Or employers who want to pre-screen candidates for 'youthful indiscretions'..

Come to think of it, this is a huge risk to undercover officers, CIA or other covert operatives... Take a picture of someone who's past or loyalty or identity may be suspect, post it to the web, then run a cross index for every photo of this person -- turning up any family photos (and in the process, identifying family members), further leveraging any surrounding ID or metadata to suss out the real identity of the individual in question... This could go very dark very quickly.

It's like a huge internet-wide social network that you can't opt out of.

The idea's out there now (and was originally developed for governments), but it should still die a fiery death on principal.

RFID passports less useful to machines too...

EPIC: "A document obtained by EPIC from the State Department reveals that 2004 government tests found passports with radio frequency identification (RFID) chips that are read 27% to 43% less successfully than the previous Machine Readable Zone technology (two lines of text printed at the bottom of the first page of a passport)."

"Recent reports by the Department of Homeland Security Data Privacy and Integrity Advisory Committee and European experts also recommend against the use of RFID tags in identity documents."


Not particularly surprising on the face of it. What is surprising is that in spite of the above reports (even within DHA), we're all marching headlong into requirements for a fundamentally flawed and insecure system in the name of theater. Blech.


(link via Schneier)

Voting Machines. Need we say more?

AP: "Voting machines began wreaking havoc the minute the polls opened Tuesday, delaying voters in dozens of Indiana and Ohio precincts and leaving some in Florida with little choice but turn to paper ballots instead.

In Cleveland, voters rolled their eyes as election workers fumbled with new voting machines that they couldn't get to start properly.

'We got five machines _ one of them's got to work,' said Willette Scullank, a trouble shooter from the Cuyahoga County, Ohio, elections board.

Election officials in Delaware County, Ind., planned to seek a court order to extend voting after an apparent computer error prevented voters from casting ballots in 75 precincts. Delaware County Clerk Karen Wenger said the cards that activate the machines were programmed incorrectly.

'We are working with precincts one-by-one over the telephone to get the problem fixed,' Wenger said.""


Oh, this is going to go well. There are apparently tens of thousands of lawyers on standby, and the EFF will be taking calls on 'irregularities' at 1-866-OUR-VOTE. Of course, if these horribly insecure boxes are hacked with minimal effort to swing elections, we'll probably never know.

New 'contactless' credit cards are like wearing your data on a t-shirt...

New York Times: "The demonstration revealed potential security and privacy holes in a new generation of credit cards — cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine. Tens of millions of the cards have been issued, and equipment for their use is showing up at a growing number of locations, including CVS pharmacies, McDonald’s restaurants and many movie theaters.

The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate “128-bit encryption,” and J. P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.”

But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder’s name and other data was being transmitted without encryption and in plain text. They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150."

We'd touched on this topic back in '03 when 'Paypass' was announced, but it's good to see that the card companies continue to spend millions on a solution in search of a problem. Even better that they've found a way to make ID theft and credit card fraud easier than it already is.

Senate Committee approves pervasive NSA surveillance of US Citizens without warrants

Wired News:: "A bill radically redefining and expanding the government's ability to eavesdrop and search the houses of American citizens without court approval passed a key Senate committee Wednesday, and may be voted on by the full Senate as early as next week.

By a 10-8 vote, the Senate Judiciary Committee approved S.2453, the 'National Security Surveillance Act,' which was co-written by the committee's chairman Senator Arlen Specter (R-Penn) in concert with the White House."


Lovely. Any chance this will be killed?

Mobile phones as physical 'cookies'.. another reason to disable Bluetooth...

New Scientist: "A public advertising screen tailors the ads it shows by monitoring the Bluetooth gadgets being carried by its nearby audience, and avoids repeating the same ad to the same person where possible.

The display detects the presence of devices fitted with Bluetooth wireless transmitters carried by people walking past, such as cellphones and PDAs. Software agents then 'bid' against one another to determine which adverts are then shown to those viewers."

"As each passing device has a unique Bluetooth signal, this enables the screen to identify different individuals passing by. It builds a record of the adverts those people have been previously been shown to make sure messages are not repeated."


Yech. And this is good because...? Isn't the point of annoying, intrusive advertising to beam itself into your consciousness through repetition anyway? Why would an advertiser only want one impression? (confused)... And why on earth would normal people want to voluntarily provide profile information to allow 'targeted' ads to be bounced at them in public spaces?

The genius move for some MIT wonk would be to modify 'augmented reality' glasses to include adblockers that replace advertising in public spaces with pictures of puppies or something...

Judge Shuts Down Warrantless Surveillance

AP: "A federal judge ruled Thursday that the government's warrantless wiretapping program is unconstitutional and ordered an immediate halt to it.

U.S. District Judge Anna Diggs Taylor in Detroit became the first judge to strike down the National Security Agency's program, which she says violates the rights to free speech and privacy."

Well, at least someone over there has read the Consitution...

Prepare for an influx of greasy-headed tourists...

AP: "In major U.S. airports, guards armed with rifles stood at security checkpoints, and passengers were met by signs warning that all liquids were now banned from carry-on luggage."


Well.. one fundamental phase of matter down, only a few more to go. Good luck banning solids. Although it must be pointed out that passengers are now technically banned, as they are mostly comprised of liquid...

License Plate Tracking for All

Wired News: "Jealous lovers may soon have an alternative to sniffing for perfume to catch a cheating mate: Just follow their license plate.

In recent years, police around the country have started to use powerful infrared cameras to read plates and catch carjackers and ticket scofflaws. But the technology will soon migrate into the private sector, and morph into a tool for tracking individual motorists' movements, says former policeman Andy Bucholz, who's on the board of Virginia-based G2 Tactics, a manufacturer of the technology.

Bucholz, who designed some of the first mobile license plate reading, or LPR, equipment, gave a presentation at the 2006 National Institute of Justice conference here last week laying out a vision of the future in which LPR does everything from helping insurance companies find missing cars to letting retail chains chart customer migrations. It could also let a nosy citizen with enough cash find out if the mayor is having an affair, he says.

Giant data-tracking firms such as ChoicePoint, Accurint and Acxiom already collect detailed personal and financial information on millions of Americans. Once they discover how lucrative it is to know where a person goes between the supermarket, for example, and the strip club, the LPR industry could explode, says Bucholz."


Ah, the mission creep of ubiquitous surveillance driven by private firms and governments alike... If the use of popup blockers, cookie blockers, caller-ID blocking and the universal hatred of spyware haven't been obvious enough, let's all say it together: no one likes being tracked. No one likes surreptitious information gathering by persons or groups unknown for purposes unknown.

No group can be trusted with information about you. They lose it, sell it, misuse it, and there's no 'opt out', no visibility, and no control...

This should be the tipping point where we all start talking about significant loophole-free personal privacy laws. The odds are currently violently stacked against Joe and Jane Human...