Surveillance

Link

Co-Founder of Swiss SMS Giant 'Mitto AG' Accused of Government Surveillance

Andrew Orr ·

Swiss tech company Mitto AG is trusted by companies such as Twitter and Google to deliver SMS security codes to users, appointment reminders, sales promotions, and more. It’s co-founder and COO Ilja Gorelik has been accused of selling access to Mitto’s networks for surveillance.

The existence of the alternate service was only known to a small number of people within the company, these former employees said. Gorelik sold the service to surveillance companies which in turn contracted with government agencies, according to the employees.

Link

Contract Lawyers Latest Sector to Face Remote Surveillance Programs

Andrew Orr ·

As WP reports, businesses are increasingly using surveillance software to monitor what their employees do on computers. Contract lawyers are the latest group to face this.

The monitoring is a symptom of “these pervasive employer attitudes that take advantage of these technologies to continue these really vicious cycles … that treat employees as commodities,” she said. “The irony in this situation is that it’s attorneys, who traditionally advocate for employee rights or justice when they’re made aware of intrusions like these.”

Link

'ShadowDragon' Helps Michigan State Police Surveil its Citizens

Andrew Orr ·

An investigation on Thursday shows how Michigan State Police use software called ShadowDragon to collect online data. This helps them identify “persons of interest.”

By providing powerful searches of more than 120 different online platforms and a decade’s worth of archives, the company claims to speed up profiling work from months to minutes. ShadowDragon even claims its software can automatically adjust its monitoring and help predict violence and unrest. Michigan police acquired the software through a contract with another obscure online policing company named Kaseware for an “MSP Enterprise Criminal Intelligence System.”

Link

Examining Apple's Carefree Attitude Towards Employee Privacy

Andrew Orr ·

Zoe Schiffer, writing for The Verge, investigates Apple employees and “the blurring of personal and work accounts.”

This is how it starts: a new Apple employee is told during onboarding that collaborating with their colleagues will require them to make extensive use of iCloud storage, and their manager offers a two terabyte upgrade. This will link their personal Apple ID to their work account — in fact, the instructions for accessing this upgrade explicitly say “you must link your personal Apple ID with your AppleConnect work account.”

Cool Stuff Found

Livestream Recording: Ending Child Surveillance

Andrew Orr ·

On Thursday I joined a livestream from Fight for the Future. Parents and experts talked about the dangers of social media and how many of these companies spy on kids the same way they spy on adults. For kids it also happens in schools with tools like proctor software. With the launch of EndChildSurveillance.com, parents and privacy advocates alike want to fight back. You can watch the livestream recording below.

Link

Court Finds NSA Collects Innocent Americans’ Data Anyway

Andrew Orr ·

The Foreign Intelligence Surveillance Court (FISC) found that the NSA doesn’t follow the law and collections the data of innocent Americans. This is according to a recently declassified document [PDF] from November 2020.

From where we sit, it seems clear that the FISC continues to suffer from a massive case of national security constitutional-itis. That is the affliction (not really, we made it up) where ordinarily careful judges sworn to defend the Constitution effectively ignore the flagrant Fourth Amendment violations that occur when the NSA, FBI, (and to a lesser extent, the CIA, and NCTC) misuse the justification of national security to spy on Americans en mass.

Link

Verkada Security Breach Exposes 150,000 Surveillance Cameras

Andrew Orr ·

Hackers have breached the systems of Verkada, a startup that sells security cameras. The group says it was done to expose how widespread video surveillance is.

A person with knowledge of the matter said Verkada’s chief information security officer, an internal team and an external security firm are investigating the incident. The company is working to notify customers and set up a support line to address questions, said the person, who requested anonymity to discuss an ongoing investigation.

Link

Sony PS4 Update Will Monitor Your Party Chats

Andrew Orr ·

In a 8.00 PS4 update today, players must agree to have their voice chats monitored for moderation purposes. It’s a gross breach of privacy and fans are understandably upset.

Fans noticed that upon downloading PS4 update 8.00, they were greeted by a message telling them that voice chats can now be recorded and subject to moderation. Not only that, but anyone that uses the PS4 party chat system has to agree to their voice being recorded.

Link

Would You Like a Flying Security Drone From Amazon?

Andrew Orr ·

On Thursday, Amazon’s Ring surveillance company revealed a security drone that flies around your house taking photos of everything, because what could go wrong in 2020?

The company’s promotional video highlighting the camera showed a burglar breaking into a home and getting spooked as the drone flew straight at him — “Oh, no!” he exclaimed — while the homeowner watched the encounter on his phone. “Oh, yes,” the ad proclaimed.

I know what you’re thinking. Yes, it’s a real product and not a parody from The Onion.

Link

iOS 14 Reveals Facebook Spying on Your Camera Through Instagram

Andrew Orr ·

Facebook is being accused of accessing peoples’ cameras through Instagram, thanks to a iOS 14 feature that tells you when your camera is active.

Facebook denied the reports and blamed a bug, which it said it was correcting, for triggering what it described as false notifications that Instagram was accessing iPhone cameras.

In the complaint filed Thursday in federal court in San Francisco, New Jersey Instagram user Brittany Conditi contends the app’s use of the camera is intentional and done for the purpose of collecting “lucrative and valuable data on its users that it would not otherwise have access to.”

Facebook: “It’s a bug because you weren’t supposed to know we were doing this.”

Link

US Court Rules NSA Mass Surveillance Program Illegal

Andrew Orr ·

Seven years after NSA whistleblower Edward Snowden exposed the agency’s mass surveillance of Americans, a U.S. appeals court has deemed it illegal.

The ruling will not affect the convictions of Moalin and his fellow defendants; the court ruled the illegal surveillance did not taint the evidence introduced at their trial. Nevertheless, watchdog groups including the American Civil Liberties Union, which helped bring the case to appeal, welcomed the judges’ verdict on the NSA’s spy program.

Link

FBI Worries That Doorbell Cameras Could Give Early Warning of Police Searches

Andrew Orr ·

A leaked FBI bulletin reveals that doorbell cameras like Ring are being used to alert people when police show up for searches. It’s a funny turn of events since law enforcement agencies actively encourage people to install these cameras.

Subjects likely use IoT devices to hinder LE [law enforcement] investigations and possibly monitor LE activity. If used during the execution of a search, potential subjects could learn of LE’s presence nearby, and LE personnel could have their images captured, thereby presenting a risk to their present and future safety.

Link

Secret Service Purchased ‘Location X’ Product to Track Phones

Andrew Orr ·

A Secret Service document reveals the purchase of “Location X” a product that uses location data harvested from apps. The product is from a company called Babel Street. If that name sounds familiar it’s because two employees left the company to form “Anomaly Six” another location tracking company.

“The purpose of this modification is to add 1 licenses [sic] to CLIN 0003 and incorporate the Master Subscription Agreement and Locate X Addendum as attached,” the contract document reads. Motherboard obtained the document through a Freedom of Information Act (FOIA) request.

Link

Electronic Frontier Foundation Unveils ‘Atlas of Surveillance’

Andrew Orr ·

The EFF unveiled the Atlas of Surveillance today. It’s a database of surveillance tech used by law enforcement across the country. Anyone can use it to see what spying technology their state’s LE uses. You can download datasets, too.

We specifically focused on the most pervasive technologies, including drones, body-worn cameras, face recognition, cell-site simulators, automated license plate readers, predictive policing, camera registries, and gunshot detection. Although we have amassed more than 5,000 datapoints in 3,000 jurisdictions, our research only reveals the tip of the iceberg and underlines the need for journalists and members of the public to continue demanding transparency from criminal justice agencies.

Link

Cellebrite Pitches its iPhone Hacking Tools as COVID-19 Surveillance Solution

Andrew Orr ·

Cellebrite, a company known for its iPhone hacking tools, is pitching its products to governments as a surveillance alternative to contact tracing.

When someone tests positive, authorities can siphon up the patient’s location data and contacts, making it easy to “quarantine the right people,” according to a Cellebrite email pitch to the Delhi police force this month.

This would usually be done with consent, the email said. But in legally justified cases, such as when a patient violates a law against public gatherings, police could use the tools to break into a confiscated device, Cellebrite advised.

I get the feeling that there are many who are unhappy that Apple and Google’s solution is private and opt-in. Companies like Cellebrite and Palantir can’t pass up such an opportunity.

Link

The FBI is Collecting Your Data Through its ‘FitTest’ App

Andrew Orr ·

The FBI has been promoting its fitness app called FitTest to help people exercise at home. It’s also collecting your data.

…an FBI spokesperson reiterated the app’s privacy statement, adding that “the app does not gather or save any personal information other than what you select for your profile.”

But the app’s privacy statement makes room for some tracking: When FitTest accesses pages from the official FBI website, it says, “fbi.gov’s privacy policy applies.” The fbi.gov privacy policy states that “individuals using this computer system are subject to having all of their activities monitored and recorded.”

I can’t wait for the FBIPhone and FBIMessage apps.

Link

Lawyers: Turn off Alexa and Google Home Before Confidential Meetings

Andrew Orr ·

Lawyers who are working from home are encouraged to turn off devices like Amazon Alexa and Google Home because these products may eavesdrop.

“Perhaps we’re being slightly paranoid, but we need to have a lot of trust in these organizations and these devices,” Hancock said. “We’d rather not take those risks.”

The firm worries about the devices being compromised, less so with name-brand products like Alexa, but more so for cheap knock-off devices, he added.

It’s definitely not just cheap knock-offs.

Link

Not Wanting Surveillance Competition, Facebook Tells Clearview AI to Back Off

Andrew Orr ·

Last month, we got word that a company called Clearview AI helped law enforcement with its facial recognition technology. Now, Facebook and Google, which also use facial recognition, told Clearview AI to stop scraping images from each one’s website.

Ton-That argued that his firm’s work is protected by the First Amendment and also that Clearview doesn’t do anything Google doesn’t.

“The way we have built our system is to only take publicly available information and index it that way,” he said.

Ton-That added, “Google can pull in information from all different websites… So if it’s public and it’s out there and could be inside Google search engine, it can be inside ours as well.”