US Court Rules NSA Mass Surveillance Program Illegal

· Andrew Orr · Link

Edward Snowden

Seven years after NSA whistleblower Edward Snowden exposed the agency’s mass surveillance of Americans, a U.S. appeals court has deemed it illegal.

The ruling will not affect the convictions of Moalin and his fellow defendants; the court ruled the illegal surveillance did not taint the evidence introduced at their trial. Nevertheless, watchdog groups including the American Civil Liberties Union, which helped bring the case to appeal, welcomed the judges’ verdict on the NSA’s spy program.

FBI Worries That Doorbell Cameras Could Give Early Warning of Police Searches

· Andrew Orr · Link

A leaked FBI bulletin reveals that doorbell cameras like Ring are being used to alert people when police show up for searches. It’s a funny turn of events since law enforcement agencies actively encourage people to install these cameras.

Subjects likely use IoT devices to hinder LE [law enforcement] investigations and possibly monitor LE activity. If used during the execution of a search, potential subjects could learn of LE’s presence nearby, and LE personnel could have their images captured, thereby presenting a risk to their present and future safety.

Secret Service Purchased ‘Location X’ Product to Track Phones

· Andrew Orr · Link

A Secret Service document reveals the purchase of “Location X” a product that uses location data harvested from apps. The product is from a company called Babel Street. If that name sounds familiar it’s because two employees left the company to form “Anomaly Six” another location tracking company.

“The purpose of this modification is to add 1 licenses [sic] to CLIN 0003 and incorporate the Master Subscription Agreement and Locate X Addendum as attached,” the contract document reads. Motherboard obtained the document through a Freedom of Information Act (FOIA) request.

Electronic Frontier Foundation Unveils ‘Atlas of Surveillance’

· Andrew Orr · Link

Atlas of surveillance logo

The EFF unveiled the Atlas of Surveillance today. It’s a database of surveillance tech used by law enforcement across the country. Anyone can use it to see what spying technology their state’s LE uses. You can download datasets, too.

We specifically focused on the most pervasive technologies, including drones, body-worn cameras, face recognition, cell-site simulators, automated license plate readers, predictive policing, camera registries, and gunshot detection. Although we have amassed more than 5,000 datapoints in 3,000 jurisdictions, our research only reveals the tip of the iceberg and underlines the need for journalists and members of the public to continue demanding transparency from criminal justice agencies.

Cellebrite Pitches its iPhone Hacking Tools as COVID-19 Surveillance Solution

· Andrew Orr · Link

Cellebrite logo

Cellebrite, a company known for its iPhone hacking tools, is pitching its products to governments as a surveillance alternative to contact tracing.

When someone tests positive, authorities can siphon up the patient’s location data and contacts, making it easy to “quarantine the right people,” according to a Cellebrite email pitch to the Delhi police force this month.

This would usually be done with consent, the email said. But in legally justified cases, such as when a patient violates a law against public gatherings, police could use the tools to break into a confiscated device, Cellebrite advised.

I get the feeling that there are many who are unhappy that Apple and Google’s solution is private and opt-in. Companies like Cellebrite and Palantir can’t pass up such an opportunity.

The FBI is Collecting Your Data Through its ‘FitTest’ App

· Andrew Orr · Link

The FBI has been promoting its fitness app called FitTest to help people exercise at home. It’s also collecting your data.

…an FBI spokesperson reiterated the app’s privacy statement, adding that “the app does not gather or save any personal information other than what you select for your profile.”

But the app’s privacy statement makes room for some tracking: When FitTest accesses pages from the official FBI website, it says, “fbi.gov’s privacy policy applies.” The fbi.gov privacy policy states that “individuals using this computer system are subject to having all of their activities monitored and recorded.”

I can’t wait for the FBIPhone and FBIMessage apps.

Lawyers: Turn off Alexa and Google Home Before Confidential Meetings

· Andrew Orr · Link

Lawyers who are working from home are encouraged to turn off devices like Amazon Alexa and Google Home because these products may eavesdrop.

“Perhaps we’re being slightly paranoid, but we need to have a lot of trust in these organizations and these devices,” Hancock said. “We’d rather not take those risks.”

The firm worries about the devices being compromised, less so with name-brand products like Alexa, but more so for cheap knock-off devices, he added.

It’s definitely not just cheap knock-offs.

Not Wanting Surveillance Competition, Facebook Tells Clearview AI to Back Off

· Andrew Orr · Link

Last month, we got word that a company called Clearview AI helped law enforcement with its facial recognition technology. Now, Facebook and Google, which also use facial recognition, told Clearview AI to stop scraping images from each one’s website.

Ton-That argued that his firm’s work is protected by the First Amendment and also that Clearview doesn’t do anything Google doesn’t.

“The way we have built our system is to only take publicly available information and index it that way,” he said.

Ton-That added, “Google can pull in information from all different websites… So if it’s public and it’s out there and could be inside Google search engine, it can be inside ours as well.”

Huawei Equipment Backdoor Found in HiSilicon Chips

· Andrew Orr · Link

Hardware researcher Vladislav Yarmak found a Huawei equipment backdoor used in video recorders and security cameras.

To be clear, this security vulnerability is said to be present in the software HiSilicon provides with its system-on-chips to customers. These components, backdoor and all, are then used by an untold number of manufacturers in network-connected recorders and cameras.

It’s not a major threat, or anything people need to fret about, it’s just another indicator of Huawei’s piss-poor approach to security.

AKA do not let Huawei build your 5G infrastructure.

Amazon’s Ring Surveillance App is Loaded With Trackers

· Andrew Orr · Link

Not only are Ring doorbell cameras used as surveillance, but the app itself too. Like many apps, it’s loaded with third-party trackers and analytics tools. The EFF examined the Android app.

As we’ve mentioned, this includes information about your device and carrier, unique identifiers that allow these companies to track you across apps, real-time interaction data with the app, and information about your home network. In the case of MixPanel, it even includes your name and email address.

Privacy, Parenting, and Monitoring Your Kids’ Electronics

· Andrew Orr · Link

Wired is publishing a series on parenting, and this article is written by a father who monitors his teens’ electronics.

Later, after discovering my daughter had secreted a contraband Chromebook in her room to watch late-night Friends, all devices would be sequestered in the master bedroom overnight.

And this rule was above all else: The devices all belong to me and my wife, and we are entitled to see anything and everything on them.

I didn’t get a cell phone until I was in college, so my parents didn’t have to worry about me blasting my teenage cringe online. At the same time, this guy sounds like the type to physically remove the door to his kid’s room so they can’t hide from him.

Clearview AI Helps Law Enforcement With Facial Recognition

· Andrew Orr · Link

In a long read from NYT, Kashmir Hill writes about a startup called Clearview AI that works with law enforcement on facial recognition.

You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system — whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants.

Techno Artist Curtis Wallen Created a ‘Clandestine Communication Network’

· Andrew Orr · Link

Dramatic interpretation of a hacker plying his trade

Curtis Wallen’s latest project, called Proposition For An On Demand Clandestine Communication Network, tells people how to avoid surveillance and make a secret phone call.

This is not easy, of course. In fact, it’s really, comically hard. “If the CIA can’t even keep from getting betrayed by their cell phones, what chance do we have?” he says. Still, Wallen believes PropCom could theoretically keep users’ activities hidden. It’s hard, he emphasizes, but not impossible.

He basically uses a prepaid burner phone, a Faraday bag, and an encrypted phone number. I hope he bought the phone from a place that doesn’t use cameras or facial recognition, because that could help trace him.

VICE Tests Amazon Ring’s Security, and it’s Not Good

· Andrew Orr · Link

Journalists at VICE tested the security of Amazon Ring security cameras, and they call it “awful.”

Ring is not offering basic security precautions, such as double-checking whether someone logging in from an unknown IP address is the legitimate user, or providing a way to see how many users are currently logged in—entirely common security measures across a wealth of online services.

School Surveillance: How Millions of Kids are Spied On

· Andrew Orr · Link

When we hear the word “surveillance” we usually think about the NSA, or perhaps tech companies like Facebook and Google. What we probably don’t think about is school surveillance used to spy on kids.

The new school surveillance technology doesn’t turn off when the school day is over: anything students type in official school email accounts, chats or documents is monitored 24 hours a day, whether students are in their classrooms or their bedrooms.

Tech companies are also working with schools to monitor students’ web searches and internet usage, and, in some cases, to track what they are writing on public social media accounts.

Should You Warn Your Guests About Smart Devices?

· Andrew Orr · Link

David Murphy asks if people are morally obligated to inform their guests that their home contains smart devices like HomePod, Amazon Alexa, and Google Home. Given the fact that these devices can listen to you, should you post a sign in your house that says, “Warning: This Area Under Surveillance?”

If you’re simply sporting a smart speaker, I think announcing its presence is less of a deal—overkill, really. But if a camera is recording me at any point, and that’s something you can view later, I think it’s the friendly thing to do to let me know before I start gossiping…or worse.

What do you mean by worse??

Your Kids' Photos Power Surveillance Technology

· Andrew Orr · Link

Kids lining up against the wall with smartphones

The New York Times has a nice feature out today about how a mother found photos of her kids in a machine learning database.

None of them could have foreseen that 14 years later, those images would reside in an unprecedentedly huge facial-recognition database called MegaFace. Containing the likenesses of nearly 700,000 individuals, it has been downloaded by dozens of companies to train a new generation of face-identification algorithms, used to track protesters, surveil terrorists, spot problem gamblers and spy on the public at large. The average age of the people in the database, its creators have said, is 16.

I can’t imagine the gross feeling you get when you see your kids in a database like this.