May 10
2020

Apps That Use Location Data

spreadsheet-Artboard_3

When you give an app permission to access location data, it is usually for a sensible reason – for example an app that lets you find where you parker your car. So you allow it to do its thing.

What you don’t realise is that your location data is valuable, and there is a good chance the app developer will sell that data to whoever wants it.

And this could be the location of your children being tracked…

In the decade since Apple’s App Store was created, Americans have, app by app, consented to just such a system run by private companies. Now, as the decade ends, tens of millions of Americans, including many children, find themselves carrying spies in their pockets during the day and leaving them beside their beds at night — even though the corporations that control their data are far less accountable than the government would be.
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

Today, it’s perfectly legal to collect and sell all this information. In the United States, as in most of the world, no federal law limits what has become a vast and lucrative trade in human tracking. Only internal company policies and the decency of individual employees prevent those with access to the data from, say, stalking an estranged spouse or selling the evening commute of an intelligence officer to a hostile foreign power.

A key factor in all of this is that the data is anonymised. The location data is not attached to your name or your cell number. However there is a kink in the armour of that anonymity – nobody else visits your home and work every day. And the more well-known the person, the easier it is to join the dots.

Protestors can be tracked…

Companies say the data is shared only with vetted partners. As a society, we’re choosing simply to take their word for that, displaying a blithe faith in corporate beneficence that we don’t extend to far less intrusive yet more heavily regulated industries. Even if these companies are acting with the soundest moral code imaginable, there’s ultimately no foolproof way they can secure the data from falling into the hands of a foreign security service. Closer to home, on a smaller yet no less troubling scale, there are often few protections to stop an individual analyst with access to such data from tracking an ex-lover or a victim of abuse.

The solution is simple, if you can be bothered. Have a 2nd phone, that is never turned on within a mile of your home. Use it for all those location-based apps that you think your need. And turn it off at a set place on the way home, preferably some random home.

 

 

 

Posted in Avoiding Detection, Corporate Surveillance | Leave a comment
May 07
2020

Facial Recognition for Australian Govt Services

digital-identity-ecosystem

It is coming, it is Big Brother, and it is un-necessary.

https://www.dta.gov.au/our-projects/digital-identity/digital-identity-ecosystem

This is terrible news, and hopefully will cause Australians to draw a line in the sand.

As has long been the case, when you wish to access government services or receive payments from the state, you need to identify yourself.

These days they are using 2FA, and that works fine. Log in to your MyGov account, get a text message, enter the code. A recent update for the business tax portal lets me use Touch ID on my phone – not a problem, the government doesn’t get my fingerprint.

But for citizens to access more confidential services – under what the DTA calls identity proofing level three (IP3) – requires that facial verification and liveness detection – or a proof-of-life test – be embedded in the app.
https://www.itnews.com.au/news/mygovid-facial-recognition-trials-slated-for-mid-2020-539020

This can only work if the government stores your likeness in their servers.

The government says it will be optional, but that being realistic depends on how hard achieving the same result would be using other methods. For example, real world appointments with a many-week queue, or phone lines that are always busy.

The other concern is it “represents a whole-of-economy solution” – the same system used to verify your ID to banking and utilities, with those businesses never seeing your biometrics.

The concern: once we are used to using our face for these things, the government will expand the usage. For example, scan your face to take out a library book. Scan your face to enter a sports stadium. Scan your face to clock on and off at work.

The existing systems work fine. We don’t need any extra efficiency if the trade off is privacy.

Note: all Australian government agencies can access each other’s data if they have a genuine need to. They can already access your image via your driver’s license photo or passport photo on file, which is a major issue, but hasn’t been highlighted to the general public.

Posted in Biometrics, Government Surveillance, Identification and Personal Data | Leave a comment
Apr 30
2020

Sheffield, UK: 9 Million Road Journeys Viewable

Anyone would presume that this could never happen. Basically if you knew someone’s number plate, you could see where they had travelled, simply by visiting the system’s URL.

Sheffield City Council’s automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people.

The ANPR camera system’s internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates, travel through Sheffield’s road network.
The Register

Posted in Government Surveillance | Leave a comment
Dec 01
2019

“Gridding” with License Plate Readers

alpr-on-police-car-777x437

Basically, when police aren’t needed for something else, they drive around neighbourhoods and their equipment records the license plate of every vehicle they drive past, and records the location and time. This also occurs when they are to and from police business.

The massive database they create is useful for proving when and where a vehicle was as evidence for crimes. Of course that is good.

It is also surveillance of mostly innocent people, and such data could be used unlawfully.

It is the equivalent of phone-tapping everyone, except phone calls are “private” and your car being somewhere is “public”.

More here:
https://www.technocracy.news/police-use-license-plate-readers-to-grid-neighborhoods/

 

Posted in Government Surveillance | Leave a comment
Jun 29
2019

Cardiac signature at 200 meters

So, supposedly, our heartbeats form a “cardiac signature” that is more unique than our faces.

An individual’s cardiac signature is unique, though, and unlike faces or gait, it remains constant and cannot be altered or disguised.

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser.

…the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).

So, won’t work so good during winter. Otherwise, kinda hard to avoid unless you have some kind of vibrating device built into your clothing.

Source: https://www.technologyreview.com/s/613891/the-pentagon-has-a-laser-that-can-identify-people-from-a-distanceby-their-heartbeat/

Posted in Government Surveillance | Leave a comment
Mar 30
2019

Terahertz Scanners

In mid-August the Los Angeles County Metropolitan Transportation Authority and the Transportation Security Administration announced Metro has paid $100,000 each for several TSA-approved portable terahertz millimeter-wave screening devices. Made by the U.K.-based company ThruVision, the devices will be deployed within the city’s metro rail system to detect at a distance weapons capable of causing mass casualties.

https://medium.com/scientific-american/will-l-a-s-anti-terrorist-subway-scanners-be-adopted-everywhere-4db8a4de1c22

Operators compare CCTV footage with what the scanners see – which is cold patches around the body that could mean a suicide vest or weapon. Someone suspicious will be assessed by sniffer dogs.

And the scanners have a range of 10 metres, which is handy, and works on people in motion.

But the technology seems to have some serious problems:

The device cannot see inside bodies, backpacks or shoes.

In a demonstration of the system at ThruVision’s offices, the operator immediately spotted the large bunch of keys in my back left pocket but didn’t notice the closed medium-size Swiss Army knife in my back right pocket until told it was there. He was unsurprised: the knife is about the smallest size they expect to be detectable at that distance and resolution, and it is not among the items LA Metro wants to detect.

 

 

Posted in Government Surveillance | Leave a comment
Feb 12
2019

Remote Hacking of iPhones is Real

This is big. Most hacking requires the phone user to click on something. This doesn’t, and the suggestion is that many government agencies have been using it.

Karma reportedly didn’t work on Android devices, but was deemed especially powerful as it could plant malware on an iPhone without requiring an action from the target. Three former operatives said the tool relied partially on a flaw in iMessage. All it supposedly took to trigger the breach was for a text message to be sent to the target device using the cyber-tool.

…Ultimately, the tool was apparently used to gain entry into the accounts of hundreds of prominent Middle Eastern political figures and activists across the region and in Europe.

In a separate Reuters exposé, Lori Stroud (a former NSA staffer who later joined Project Raven) said Karma was also used to spy on American citizens.

https://www.engadget.com/2019/01/30/uae-surveillance-iphone-hacking/

Posted in Government Surveillance, Spy Equipment | Leave a comment
Dec 11
2018

Anonymous Location Data – Not Anonymous

If all of your details are removed from your location data, is it anonymous?

Screen Shot 2018-12-11 at 9.19.32 pm

No, because people have homes and jobs that they go to most days. And pretty much every combination of home and job location is unique and identifiable.

Marketers won’t care about individuals, but data can be resold to bad actors or governments.

Excellent article from the NY Times:

Yet another [anonymised journey data] leaves a house in upstate New York at 7 a.m. and travels to a middle school 14 miles away, staying until late afternoon each school day. Only one person makes that trip: Lisa Magrin, a 46-year-old math teacher. Her smartphone goes with her.

An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than a million phones in the New York area that was reviewed by The New York Times. While Ms. Magrin’s identity was not disclosed in those records, The Times was able to easily connect her to that dot.

The app tracked her as she went to a Weight Watchers meeting and to her dermatologist’s office for a minor procedure. It followed her hiking with her dog and staying at her ex-boyfriend’s home, information she found disturbing.

Posted in Avoiding Detection, Corporate Surveillance, Identification and Personal Data | Leave a comment
Jul 14
2018

Regulating Facial Recognition

surveillanc

While privacy laws around such thinks as spam email have evolved alongside the technological advancements, the same cannot be said about real world privacy.

Current laws were drafted when hand-held video cameras had poor resolution, before surveillance cameras were everywhere, and of course before smart phones.

It used to be that your public movements and actions were never recorded. Now it is almost the opposite – before long they will always be recorded.

New laws are required to stop the misuse of such recordings.

If you, specifically, are being recorded, your permission is required. Exceptions would be law enforcement, licensed security firms, and licensed news reporters. Specifically, means the purpose of the filming, as opposed to you incidentally being filmed.

You own the rights of your public activities for commercial purposes. If you are filmed doing something, say falling down escalators, others cannot sell that footage without your approval. Again, licensed reporters are exempt.

Facial recognition is illegal for commercial purposes, without your prior, specific approval. It can’t be buried away in terms and conditions.

There’d probably also need to be restrictions against some non-commercial use, like Neighbourhood Watch.

Microsoft today predicted such laws, by asking for them:
https://www.wired.com/story/microsoft-calls-for-federal-regulation-of-facial-recognition

 

 

Posted in Corporate Surveillance, Facial Recognition | Leave a comment
Jun 13
2018

Stingray & Parallel Constructions

The police in the USA use stingrays to illegally snoop on suspects, recording calls and precisely locating them. The problem is, they can’t use it as evidence. So they then pretend to have received their intel from more legitimate sources, often other law enforcement agencies.

First described in government documents obtained by Reuters in 2013, parallel construction is when law enforcement originally obtains evidence through a secret surveillance program, then tries to seek it out again, via normal procedure. In essence, law enforcement creates a parallel, alternative story for how it found information. That way, it can hide surveillance techniques from public scrutiny and would-be criminals.

However, if a clever defence lawyer can deduce this is happening, they have a lot of bargaining power.

IN 2013, 18-YEAR-OLD Tadrae McKenzie robbed a marijuana dealer for $130 worth of pot at a Taco Bell in Tallahassee, Florida. He and two friends had used BB guns to carry out the crime, which under Florida law constitutes robbery with a deadly weapon. McKenzie braced himself to serve the minimum four years in prison.

But in the end, a state judge offered McKenzie a startlingly lenient plea deal: He was ordered to serve only six months’ probation, after pleading guilty to a second-degree misdemeanor.

Story: Wired

Posted in Government Surveillance, Spy Equipment | Leave a comment