Archive for the ‘surveillance’ tag
FBI Director James Comey continues his public obfuscation tour, blaming the upcoming Joker and Riddler crime spree in Gotham on the fairly new ability of consumers to encrypt data on their own phones against unwilling intrusions by governments and other entities.
The director of the F.B.I., James B. Comey, said on Thursday that the “post-Snowden pendulum” that has driven Apple and Google to offer fully encrypted cellphones had “gone too far.” He hinted that as a result, the administration might seek regulations and laws forcing companies to create a way for the government to unlock the photos, emails and contacts stored on the phones.
But Mr. Comey appeared to have few answers for critics who have argued that any portal created for the F.B.I. and the police could be exploited by the National Security Agency, or even Russian and Chinese intelligence agencies or criminals. And his position seemed to put him at odds with a White House advisory committee that recommended against any effort to weaken commercial encryption.
Apple and Google have announced new software that would automatically encrypt the contents of cellphones, using codes that even the companies could not crack. Their announcement followed a year of disclosures from Edward J. Snowden, the former government contractor who revealed many government programs that collect electronic data, including information on Americans.
The new encryption would hinder investigations involving phones taken from suspects, recovered at crime scenes or discovered on battlefields. But it would not affect information obtained by real-time wiretaps, such as phone conversations, emails or text messages. And the government could still get information that is stored elsewhere, including emails, call logs and, in some cases, old text messages.
(click here to continue reading James Comey, F.B.I. Director, Hints at Action as Cellphone Data Is Locked – NYTimes.com.)
You know what isn’t mentioned in this long article? Warrants. I wonder why that is? Could it be that most criminal masterminds do not store their plans to rob Gotham National Bank solely upon their encrypted cellphones, leaving law enforcement completely in the dark? Possibly The Joker leaves other traces of his plan elsewhere? Or discusses his machinations with co-conspirators? According to Mr. Comey, without the government retaining the ability to tap into each and every one of our cellphones at any time, The Joker will win. He’ll win! He’ll win, Batman!
or as Marcy Wheeler rightfully notes, this seems to really be about warrantless searching, especially at the US border:
Encrypting iPhones might have the biggest impact on law enforcement searches that don’t involve warrants, contrary to law enforcement claims this is about warranted searches. As early as 2010, Customs and Border Patrol was searching around 4,600 devices a year and seizing up to 300 using what is called a “border exception.” That is when CBP takes and searches devices from people it is questioning at the border. Just searching such devices does not even require probable cause (though seizing them requires some rationale). These searches increasingly involve smart phones like the iPhone.
These numbers suggest border searches of iPhones may be as common as warranted searches of the devices. Apple provided account content to U.S. law enforcement 155 times last year. It responded to 3,431 device requests, but the “vast majority” of those device requests involved customers seeking help with a lost or stolen phone, not law enforcement trying to get contents off a cell phone (Consumer Reports estimates that 3.1 million Americans will have their smart phones stolen this year). Given that Apple has by far the largest share of the smart phone market in the U.S., a significant number of border device searches involving a smart phone will be an iPhone. Apple’s default encryption will make it far harder for the government to do such searches without obtaining a warrant, which they often don’t have evidence to get.
If law enforcement wants to retain this access, they should be honest about what they might lose and why every iPhone user should be asked to carry a phone that is susceptible to criminal targeting as a result. Trading default encryption for a limited law enforcement purpose is just that — a trade-off — and officials should be prepared to discuss it as such. And, as forensics expert Jonathan Zdziarski explains, there’s a mountain of other data still available to help law enforcement solve crimes. “There is such a mount of peripheral evidence out there that only a small handful of cases are even likely to have the iPhone be the sole smoking gun to begin with,” he explained. “Cops have iCloud data, iCloud backups, call records, voicemail records, text messages from the carrier (if obtained within a certain retention period), gmail, email, web logs, trap and trace, proxy logs, not to mention copies of data from other people involved or from the victims themselves, desktop backups (if available), sometimes even a desktop (as many criminals don’t use encryption at all). Add to that they’re eavesdropping on the whole damn Internet.”
(click here to continue reading America’s huge iPhone lie: Why Apple is being accused of coddling child molesters – Salon.com.)
Remind me again why warrantless searching of personal information is a good thing again? Oh, right, TERROR, and that old shibboleth, kidnapping. Yeah, count me in the “Why not just get a warrant” camp…
The National Security Agency and the nation’s law enforcement agencies have a different concern: that the smartphone is the first of a post-Snowden generation of equipment that will disrupt their investigative abilities.
The phone encrypts emails, photos and contacts based on a complex mathematical algorithm that uses a code created by, and unique to, the phone’s user — and that Apple says it will not possess.
The result, the company is essentially saying, is that if Apple is sent a court order demanding that the contents of an iPhone 6 be provided to intelligence agencies or law enforcement, it will turn over gibberish, along with a note saying that to decode the phone’s emails, contacts and photos, investigators will have to break the code or get the code from the phone’s owner.
Breaking the code, according to an Apple technical guide, could take “more than 5 1/2 years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.” (Computer security experts question that figure, because Apple does not fully realize how quickly the N.S.A. supercomputers can crack codes.)
Already the new phone has led to an eruption from the director of the F.B.I., James B. Comey.
(click here to continue reading Signaling Post-Snowden Era, New iPhone Locks Out N.S.A. – NYTimes.com.)
If the NSA and related agencies hadn’t been so damn aggressive circumventing American law, perhaps Apple wouldn’t have had to taken this additional step.
Or as Vikas Bajaj writes:
But that’s not good enough for Mr. Comey and others. They want Apple (and Google, which makes the Android mobile phone software) to do the hacking for them.
Furthermore, investigators can often get information stored on phones and tablets through other means. For example, they could get the calling history from wireless phone companies like AT&T; same with text messages. And companies like Google and Yahoo would have to turnover messages on their servers if presented with a search warrant. Lastly, law enforcement agencies could also access any photos and videos stored on the phone have been backed up to Apple’s iCloud servers from the company.
(click here to continue reading Using Scare Tactics to Fight Apple – NYTimes.com.)
Plus there is the issue of a dysfunctional Congress, too mired in partisan bickering to actually update the laws for a modern age. Mostly on the Republican side, but not exclusively.
The move raises a critical issue, the intelligence officials say: Who decides what kind of data the government can access? Until now, those decisions have largely been a matter for Congress, which passed the Communications Assistance for Law Enforcement Act in 1994, requiring telecommunications companies to build into their systems an ability to carry out a wiretap order if presented with one. But despite intense debate about whether the law should be expanded to cover email and other content, it has not been updated, and it does not cover content contained in a smartphone.
At Apple and Google, company executives say the United States government brought these changes on itself. The revelations by the former N.S.A. contractor Edward J. Snowden not only killed recent efforts to expand the law, but also made nations around the world suspicious that every piece of American hardware and software — from phones to servers made by Cisco Systems — have “back doors” for American intelligence and law enforcement.
Surviving in the global marketplace — especially in places like China, Brazil and Germany — depends on convincing consumers that their data is secure.
Timothy D. Cook, Apple’s chief executive, has emphasized that Apple’s core business is to sell devices to people. That distinguishes Apple from companies that make a profit from collecting and selling users’ personal data to advertisers, he has said.
and a bit of rationality:
Mr. Zdziarski (Jonathan Zdziarski, a security researcher who has taught forensics courses to law enforcement agencies on collecting data from iPhones) said that concerns about Apple’s new encryption to hinder law enforcement seemed overblown. He said there were still plenty of ways for the police to get customer data for investigations. In the example of a kidnapping victim, the police can still request information on call records and geolocation information from phone carriers like AT&T and Verizon Wireless.
“Eliminating the iPhone as one source I don’t think is going to wreck a lot of cases,” he said. “There is such a mountain of other evidence from call logs, email logs, iCloud, Gmail logs. They’re tapping the whole Internet.”
(click here to continue reading Signaling Post-Snowden Era, New iPhone Locks Out N.S.A. – NYTimes.com.)
Jeff Bezos introduced the latest Amazon hardware device yesterday, the Fire, an entry into the smartphone category. I’m only half finished reading Brad Stone’s biography of Bezos, The Everything Store, but one thing has been made clear: Jeff Bezos is a long-term thinker who makes no small plans.
And so what seems to be Amazon’s long term goal here? Basically, to sell more items at Amazon.com. The Fire is a hand-held cash register customized to selling you more things. Uhh, yay? Are there people out there who are irritated that it takes 10 seconds to order replacement razor blades at Amazon.com? Not to mention there already is an iOS Amazon app that scans either a bar code or the text on a package. I’ve found it occasionally useful, but frequently the scan yields zero results.
The Fire is not really a phone, per say:
Although he did not show the feature onstage, Mr. Bezos confirmed that his expensive new phone does makes calls. “I haven’t made a phone call on my phone in a long time,” he said. “But I know people still make phone calls.”
(click here to continue reading Amazon Fire Phone’s Missed Opportunities – NYTimes.com.)
and skeptics abound:
At the outset, Fire looks to be an attempt to rope Amazon shoppers deeper into its world — the phone is, above all, an enhanced shopping tool. It’s not a realistic shot at the smartphone market.
(click here to continue reading Amazon Phone Is An Enhanced Shopping Tool | Digital – Advertising Age.)
and my second, nearly immediate thought about the Amazon Fire – it seems like an NSA dream! So while the Fire encourages you to purchase more consumer goods, it will allow Amazon.com to collect more meta data about your house, your office, your car, your friends, your neighbors, and so on.
The WSJ notes:
Amazon squeezed a number of new technologies into the Fire, but it seems its biggest innovation may be new uses it found for an old technology: cameras. The Fire doesn’t just take nice photos–it watches you, and what’s around you, to customize what you see and how you interact with the world.
(click here to continue reading First Look: Amazon’s Fire Phone Is Watching You – Personal Tech News – WSJ.)
John Koetsier agrees with me that this sounds a bit creepy, and writes:
How do you think it recognizes those things, including text on images, which Amazon says it will offer language translation features for later this year?
Well, the Firefly button and the camera button are one and the same. Meaning that whenever you use the camera, you’re using Firefly. And whenever you’re using Firefly, you’re using the camera. Plus, of course, you’re turning on audio sensors that capture ambient sound.
And then you’re transmitting all those pictures and sound files to the grandaddy and still global leader in connected cloud technology, the company that pretty much invented what we now call big data analytics for customer insights, and the largest online retailer in the wild wild west.
Amazon.com, of course.
All of those pictures require processing, analysis, and matching, presumably at a level — if they can identify 100 million objects — that can only be done in the cloud, and not on a small handheld device with 2 GB of RAM and 32 GB of on-board storage.
Fortunately for you, dear consumer, Amazon has kindly consented to storing all your photos, forever, in its vast cloudy server farms. How gracious Amazon is, providing that massive service for free! How lucky are you, getting all that for free!
Probably not as lucky as Amazon.
(click here to continue reading Amazon’s Fire Phone might be the biggest privacy invasion ever (and no-one’s noticed) | VentureBeat | Marketing | by John Koetsier.)
I think I’ll pass…
At the May Day rally at the Haymarket Riot Memorial Statue…
More on that surveillance tool: "’Stingray': Increased and Secretive Cell Phone Surveillance by Local Police Raises Alarms
ACLU calls technology the "electronic equivalent of dragnet searches" prohibited by the Fourth Amendment"
embiggen by clicking
I took City of Chicago Emergency Management Surveillance Vehicle on May 01, 2014 at 02:54PM
and processed it in my digital darkroom on May 02, 2014 at 03:37PM
Ahh, our National Security State keeps chugging along, snatching us up in its tentacles…
Police across the country may be intercepting phone calls or text messages to find suspects using a technology tool known as Stingray. But they’re refusing to turn over details about its use or heavily censoring files when they do.
Police say Stingray, a suitcase-size device that pretends it’s a cell tower, is useful for catching criminals, but that’s about all they’ll say.
For example, they won’t disclose details about contracts with the device’s manufacturer, Harris Corp., insisting they are protecting both police tactics and commercial secrets. The secrecy – at times imposed by nondisclosure agreements signed by police – is pitting obligations under private contracts against government transparency laws.
Even in states with strong open records laws, including Florida and Arizona, little is known about police use of Stingray and any rules governing it.
A Stingray device tricks all cellphones in an area into electronically identifying themselves and transmitting data to police rather than the nearest phone company’s tower. Because documents about Stingrays are regularly censored, it’s not immediately clear what information the devices could capture, such as the contents of phone conversations and text messages, what they routinely do capture based on how they’re configured or how often they might be used.
(click here to continue reading POLICE KEEP QUIET ABOUT CELL-TRACKING TECHNOLOGY, BY JACK GILLUM, News from The Associated Press.)
Note that this works on everyone’s cellphones, regardless if you are a criminal suspect, or just a teenage girl texting your friends. Who needs warrants, right? The old United States that celebrated civil liberties as a constitution right has been superseded by 9-11 and the War on Terra.
ACLU Staff Attorney Nathan Freed Wessler writes:
It appears that at least one police department in Florida has failed to tell judges about its use of a cell phone tracking device because the department got the device on loan and promised the manufacturer to keep it all under wraps. But when police use invasive surveillance equipment to surreptitiously sweep up information about the locations and communications of large numbers of people, court oversight and public debate are essential. The devices, likely made by the Florida-based Harris Corporation, are called “stingrays,” and unfortunately this is not the first time the government has tried to hide their use.
So the ACLU and ACLU of Florida have teamed up to break through the veil of secrecy surrounding stingray use by law enforcement in the Sunshine State, last week filing a motion for public access to sealed records in state court, and submitting public records requests to nearly 30 police and sheriffs’ departments across Florida seeking information about their acquisition and use of stingrays.
As two judges noted during the oral argument, as of 2010 the Tallahassee Police Department had used stingrays a staggering 200 times without ever disclosing their use to a judge to get a warrant.
Potentially unconstitutional government surveillance on this scale should not remain hidden from the public just because a private corporation desires secrecy. And it certainly should not be concealed from judges. That’s why we have asked the Florida court that originally sealed the transcript to now make it available to the public. And that’s also why we have asked police departments throughout Florida to tell us whether they use stingrays, what rules they have in place to protect innocent third parties from unjustified invasions of privacy, and whether they obtain warrants from judges before deploying the devices.
Although secret stingray use has increasingly been exposed by the press (and by the ACLU), public details are still scant. Our new work in Florida is part of national efforts to understand how law enforcement is using these devices, and whether reforms are needed to protect our privacy from law enforcement overreach.
(click here to continue reading Police Hide Use of Cell Phone Tracker From Courts Because Manufacturer Asked | American Civil Liberties Union.)
Photo Republished at Government Accuses Sprint Of Overcharging By $21M For Its Wiretapping Services – Consumerist
My photo was used to illustrate this post
What is a Sprint?!? Are they listening now?!? I’m a cat. (swanksalot) The White House has gotten its tab from Sprint for wiretapping expenses and is sending it back with a big old frowny face on it, saying the company is overcharging it by more than $21 million. And by “sending it back,” of course I mean it’s suing Sprint. Feds claim in the lawsuit (PDF) that Sprint inflated charges by about 58% between 2007 and 2010, reports Wired.com.
click here to keep reading :
Government Accuses Sprint Of Overcharging By $21M For Its Wiretapping Services – Consumerist
automatically created via Delicious and IFTTT
Photo Republished at When the FBI asks you to weaken your security so it can spy on your users – Boing Boing
Nico Sell is the CEO of Wickr, a privacy-oriented mobile messaging system that’s been deliberately designed so that the company can’t spy on its users, even if they’re ordered to do so. As we know from the Snowden leaks, spooks hate this kind of thing, and spend $250M/year sabotaging security so that they can spy on everyone, all the time. After a recent presentation, she was approached by an FBI agent who asked her if she’d put a back-door into Wickr.
click here to keep reading :
When the FBI asks you to weaken your security so it can spy on your users – Boing Boing
automatically created via Delicious and IFTTT
We’ve long been dismayed by how powerful and secretive the massive data broker corporations have become. Our data is collected, often surreptitiously, then repackaged and sold to other corporations, and we don’t get a percentage of the profits, nor any real notice that this is happening.
Good news, maybe, from Washington, as reported by Kate Kaye of AdAge:
Today the Senate Commerce Committee held a long-awaited hearing about the consumer-data-broker industry.
“We have a feeling people are getting scammed or screwed,” said Senator Jay Rockefeller, D-W.V., whose office sent inquiries to several data brokers in the past year. He called out data giants Acxiom, Epsilon and Experian, threatening to use more forceful ways of getting them to divulge information about how they do business and with whom.
One concern shared by Mr. Rockefeller and privacy advocates is predatory marketing activity conducted by financial firms or other companies targeting vulnerable groups such as the impoverished or immigrant populations. Another concern is the practice of scoring individuals determined by algorithmic data analysis and serving them with tailored offers. In some cases that could involve higher interest rates for loans or dynamic prices for products based on prior web behavior or demographic data.
“To date they have not given me complete answers,” said Mr. Rockefeller of Acxiom, Epsilon and Experian. “I’m putting these three companies on notice today…that I am considering further steps and I have steps I can use to get this information.”
Mr. Rockefeller sent letters to data companies such as Acxiom, Datalogix, Epsilon, Experian and Transunion in June, then broadened the inquiry to include media firms — typically big collectors of behavioral web data — like About.com, Babycenter.com, Cafemom.com, Time’s Health.com and Conde Nast’s Self.com.
(click here to continue reading Rockefeller to Marketing Data Giants: You’re On Notice | Privacy and Regulation – Advertising Age.)
Bares paying attention to…
Photo Republished at AT&T offers gigabit Internet discount in exchange for your Web history | Ars Technica
My photo was used to illustrate this post
AT&T is watching you browse. AT&T’s “GigaPower” all-fiber network has launched in parts of Austin, Texas, with a price of $70 per month for download speeds of 300Mbps (which will be upgraded to a gigabit at no extra cost in 2014). The $70 price is only available if you agree to see targeted ads from AT&T and its partners, however. Interestingly, AT&T labels the Internet service with targeted ads as its “premier” service while calling the service without targeted ads “standard.”
click here to keep reading :
AT&T offers gigabit Internet discount in exchange for your Web history | Ars Technica
automatically created via Delicious and IFTTT
Harumph. I thought my AT&T bill was on the high side, but seems like my NSA bill trumps that, for usefulness…
Indeed, as the Washington Post revealed when it released portions of the so-called Black Budget, this year’s price tag on America’s spook infrastructure comes out to a whopping $52.6 billion.
This is, of course, a tremendous sum – more than double the size of the Department of Agriculture, more than triple the size of NASA; the list goes on… But, what really puts this number into perspective is its average cost to each American taxpayer, or what I would call the NSA and associated agencies’ “rent.”
Yes, the NSA’s rent, charged to every taxpayer living under its web of surveillance, comes out to an exorbitant $574 per year. If this is the price the federal government is charging American taxpayers to have their own privacy invaded, then I say the NSA’s rent is too damn high.
(click here to continue reading The NSA’s Rent Is Too Damn High | Cato @ Liberty.)
On the bright side, if you add in the 53,676,039 non-taxable returns (from 2011) – i.e., the Takers™ – that means we are only paying $361 a year for the privilege of having our personal information scooped up by the N.S.A. power-vacuum…
We Finally Came To Realize
A troubling tale via Krebs on Security
An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.
Contacted about the reader’s claim, U.S. Info Search CEO Marc Martin said the data sold by the ID theft service was not obtained directly through his company, but rather via Court Ventures, a third-party company with which US Info Search had previously struck an information sharing agreement. Martin said that several years ago US Info Search and CourtVentures each agreed to grant the other company complete access to its stores of information on US consumers.
Founded in 2001, Court Ventures described itself as a firm that “aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources.” Cached, historic copies of courtventures.com are available through archive.org.
THE ROLE OF EXPERIAN
In March 2012, Court Ventures was purchased by Costa Mesa, Calif.-based Experian, one of the three major consumer credit bureaus. According to Martin, the proprietors of Superget.info had gained access to Experian’s databases by posing as a U.S.-based private investigator. In reality, Martin said, the individuals apparently responsible for running Superget.info were based in Vietnam.
Martin said he first learned of the ID theft service after hearing from a U.S. Secret Service agent who called and said the law enforcement agency was investigating Experian and had obtained a grand jury subpoena against the company.
While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.
“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the databreach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”
Experian declined multiple requests for an interview.
(click here to continue reading Experian Sold Consumer Data to ID Theft Service — Krebs on Security.)
so if your account was one of the unlucky ones, what was stolen?
These services specialized in selling “fullz” or “fulls,” a slang term that cybercrooks use to describe a package of personally identifiable information that typically includes the following information: an individual’s name, address, Social Security number, date of birth, place of work, duration of work, state driver’s license number, mother’s maiden name, bank account number(s), bank routing number(s), email account(s) and other account passwords. Fulls are most commonly used to take over the identity of a person in order to engage in other fraud, such as taking out loans in the victim’s name or filing fraudulent tax refund requests with the IRS.
All told, findget.me and superget.info acquired or sold fullz information on more than a half million people, the government alleges.
Why exactly do we as a society allow Experian and similar organizations collect this data in the first place? They accumulate the data, and sell it to advertisers, or to scammers, and what benefit does it bestow on us? Other than headache and grief…
especially when Experian will skip away from this investigation with nothing more than a slap on the wrist with a wet noodle…
Meanwhile, it’s not clear what — if any — trouble Experian may face as a result of its involvement in the identity theft scheme. This incident bears some resemblance to a series of breaches at ChoicePoint, a data aggregator that acted as a private intelligence service to government and industry. Beginning in 2004, ChoicePoint suffered several breaches in which personal data on American citizens was accessed by crooks who’d used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. ChoicePoint was later sued by the U.S. Federal Trade Commission, an action that produced a $10 million settlement — the largest in the agency’s history for a violation of federal privacy law.
Experian makes about $500,000,000 in profit a year, btw.
Oh, nothing to worry your pretty heads about
A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools — one document cited a new generation of programs that “revolutionize” data collection and analysis — to unlock as many secrets about individuals as possible.
The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more weapons in the hunt for information about the nation’s adversaries, clearly views its collections of metadata as one of its most powerful resources. N.S.A. analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say.
Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.
(click here to continue reading N.S.A. Gathers Data on Social Connections of U.S. Citizens – NYTimes.com.)
except, as reported by Maureen Dowd of all people, the NSA has built a monster in Utah
The Bluffdale sinkhole, which has quietly started sucking in mountains of data in the shadow of mountains, is the lockbox. This squat, ugly complex of four buildings is the creepy symbol of the N.S.A.’s remorseless reach deep into our lives. I drove onto the Utah National Guard’s Camp Williams base to see the concrete data cloud up close.
Never mind puny terabytes. Or even exabytes, a handful of which can hold all knowledge from the dawn of man, according to estimates.
James Bamford, the chronicler of the untrammeled powers of the “Puzzle Palace,” as he calls the N.S.A., wrote in Wired that the Utah tower of Babel may be able to store a yottabyte. That is equal to a septillion bytes or about 500 quintillion (500,000,000,000,000,000,000) pages of text.
“It’s basically the N.S.A.’s external hard drive,” Bamford told me, noting that our phone call was no doubt being logged by the Bluffdale computers. “It holds more private information than anyplace else on earth.”
Bamford believes that the N.S.A. has transmogrified from an agency that “watched the Soviet Union to make sure it didn’t blow us up with nuclear weapons,” to one “that keeps collecting and collecting and collecting but doesn’t seem to do us any good.”
“They saw 9/11 and all these other terrorist attacks on CNN. They didn’t have a clue. The more electronic hay they stack on their haystack, the more difficult it is to find the needle.”
(click here to continue reading Creeping Cloud – NYTimes.com.)
because, in truth, the NSA doesn’t have to tell the truth about what it does, allegedly in our names:
Democratic Senator Ron Wyden of Oregon told me ruefully that on Thursday, “Alexander put in a lockbox information that he’s told the public he doesn’t have. This is what we’re dealing with.
“They think it’s O.K. to repeatedly say one thing to the public about domestic surveillance and do something completely different in private,” continued Wyden, who pressed Alexander about whether they’re collecting cellphone location information.
The senator is skeptical that the N.S.A. is open to reform, noting, “They’re just putting the same wine in a new bottle.”
We’ve always been at war with Eurasia, right?
So Big Data is not only collecting, and selling your information online, but in retail stores too. I know we are being trained to just shrug our shoulders and chalk it up to living in the 21st C.E., but I can’t quite get comfortable with the idea that corporations have accumulated so much information about me and you that the information is a commodity. We’ve discussed how prevalent this activity is, a few times, or more.
The technology that allows stores to track shoppers’ cellphones, for instance, works even when customers do not log on to the Wi-Fi networks of stores. The only way a cellphone user can avoid being tracked is to turn off the Wi-Fi feature on their phones, which few are likely to do if they are unaware of the monitoring in the first place. While a few retailers like Nordstrom have posted signs telling customers that they were being monitored in this way, many others do not do so. (Nordstrom stopped tracking cellphones in May, partly as a result of complaints from customers.)
If stores want to track their customers, they should tell the public what they are doing and give people the ability to opt out of monitoring. Many shoppers say they are willing to give information about themselves in exchange for special deals and promotions. But some consumers go to physical stores because they want to protect their privacy. Traditional retailers would be smart not to alienate customers by surreptitiously tracking them.
(click here to continue reading You (and Your Cellphone) on Candid Camera – NYTimes.com.)
especially since technology to track us is advancing quickly:
Pam Dixon, executive director of the World Privacy Forum, says that although most of the focus in the media has been on how companies are tracking us through Internet browsers and smart phones, there is actually more danger of invasions of privacy occurring in physical retail outlets, mostly because consumers are unaware of the extent to which they are being tracked. “This is an entire business model that has sprung up that I think maybe three people in the entire country know about outside the industry,” she says.
And though analytics firms and retailers claim they aren’t using technology to personally identify shoppers or pair that information with financial histories, it is very much possible to do so. In 2010, the Association of Marketing in Retail produced a voluntary code of conduct for marketers and retailers to use as a guide in their tracking and marketing efforts. The code outlines the various tracking capabilities available and rates them on a scale from low risk to high risk. According to the code of conduct, a low-risk tracking method would include “infrared or laser or laser beam motion detectors” that can give retailers an idea of how many people are in a store and where they are traveling but “are not able to track or record individual consumer paths.” The high-risk end of the spectrum includes methods that allow retailers to individually track consumers by recognizing a smart phone wi-fi signal or through interpreting visual data from facial-recognition technology.
That kind of tracking is, according to Dixon, unethical and contrary to shoppers’ expectation of privacy. “Legally, stores have the right to put up security cameras, but the consumer expectation of privacy is being circumvented here,” she says. “Because when a consumer looks into that camera, they expect it’s being used for security, not marketing purposes.”
According to Mark Eichorn of the Division of Privacy and Identity Protection at the Federal Trade Commission, the FTC has been monitoring this type of consumer tracking but hasn’t found that firms are using facial-recognition software to create individual profiles of customers. Last December, the FTC held a workshop on facial-recognition technology in the retail space
(click here to continue reading Are Retailers Using Facial-Recognition Software to Track Customers? | TIME.com.)
To me, a government agency such as the FTC saying “we haven’t seen this activity” does not make me confident. The federal government is not proactive in most instances, preferring to Not Know, so that nobody can complain that Nothing Is Being Done. In other words, I’m guessing some corporations are using facial recognition software and merging that with databases of financial history and who knows what else. The NSA is one thing, but do you really want Home Depot or Macy’s to be able to profit off of you in this way? Where do you opt out? Nowhere, other than moving to Frostpocket and going off the grid…
Continuous Recording in Progress
This does not make me warm and fuzzy…
The immigration reform measure the Senate began debating yesterday would create a national biometric database of virtually every adult in the U.S., in what privacy groups fear could be the first step to a ubiquitous national identification system.
Buried in the more than 800 pages of the bipartisan legislation (PDF) is language mandating the creation of the innocuously-named “photo tool,” a massive federal database administered by the Department of Homeland Security and containing names, ages, Social Security numbers and photographs of everyone in the country with a driver’s license or other state-issued photo ID.
Employers would be obliged to look up every new hire in the database to verify that they match their photo.
This piece of the Border Security, Economic Opportunity, and Immigration Modernization Act is aimed at curbing employment of undocumented immigrants. But privacy advocates fear the inevitable mission creep, ending with the proof of self being required at polling places, to rent a house, buy a gun, open a bank account, acquire credit, board a plane or even attend a sporting event or log on the internet. Think of it as a government version of Foursquare, with Big Brother cataloging every check-in.
(click here to continue reading Biometric Database of All Adult Americans Hidden in Immigration Reform | Threat Level | Wired.com.)
I imagine that if people hear of this proposed plan, there will be bipartisan, vehement objection to it.
Funny how this works: databases containing all sorts of data about you is compiled by giant, somewhat secretive corporations, and then rented out to corporations so marketers can sell their goods and services to you, and yet you have no access to the data. For what it’s worth, I took the time to opt out of Acxiom’s system, based on my email address, but who knows if they really removed me. I doubt it, but there is no way to verify or confirm in any case. We are just numbers to them, not people.
I recently asked to see the information held about me by the Acxiom Corporation, a database marketing company that collects and sells details about consumers’ financial status, shopping and recreational activities to banks, retailers, automakers and other businesses. In investor presentations and interviews, Acxiom executives have said that the company — the subject of a Sunday Business article last month — has information on about 500 million active consumers worldwide, with about 1,500 data points per person. Acxiom also promotes a program for consumers who wish to see the information the company has on them.
As a former pharmaceuticals industry reporter who has researched all kinds of diseases, drugs and quack cures online, I wanted to learn, for one, whether Acxiom had pegged me as concerned about arthritis, diabetes or allergies. Acxiom also has a proprietary household classification system that places people in one of 70 socioeconomic categories, like “Downtown Dwellers” or “Flush Families,” and I hoped to discover the caste to which it had assigned me.
But after I filled out an online request form and sent a personal check for $5 to cover the processing fee, the company simply sent me a list of some of my previous residential addresses. In other words, rather than learning the details about myself that marketers might use to profile and judge me, I received information I knew already.
It turns out that Acxiom, based in Little Rock, Ark., furnishes consumers only with data related to risk management, like their own prison records, tax liens, bankruptcy filings and residential histories. For a corporate client, the company is able to match customers by name with, say, the social networks or Internet providers they use, but it does not offer consumers the same information about themselves.
(click here to continue reading Acxiom Consumer Data, Often Unavailable to Consumers – NYTimes.com.)
and I’m totally in favor of the FTC forcing these companies to become more transparent, based upon the historical precedent of the credit card industry’s standard practice:
Now federal regulators are pressuring data brokers to operate more transparently. In a report earlier this year, the Federal Trade Commission recommended that the industry set up a public Web portal that would display the names and contact information of data brokers, as well as describe consumers’ data access rights and other choices.
Julie Brill, a member of the Federal Trade Commission, said consumers should have access to all the details that data brokers collect on them, as well as any analyses that the companies sell about their behavior.
“I include in that not just the raw data, but also how that information has been analyzed to place the consumer into certain categories for marketing or other purposes,” she said. “I believe that giving consumers this kind of granularity will greatly increase consumer trust in the information flow process and will lead to more accurate marketing.”
At the moment, however, information brokers have wildly different policies. Acxiom lets people opt out of its marketing databases, while Epsilon, another marketing services firm, allows people to opt out of having their data rented to third parties. Epsilon says it will also furnish individuals, upon request, with general information about their past retail transactions — including the categories and years of purchase. But it does not include exact product or retailer names.
Commissioner Brill of the F.T.C. said she could not comment on specific companies. But she said the reluctance of the data broker industry to show consumers their own records reminded her of an earlier era, when consumer reporting agencies — companies that track and sell information about people’s credit histories — protested that it would be too expensive and time-consuming for them to show individuals the same reports that creditors could see. In 1996, Congress updated the Fair Credit Reporting Act of 1970, giving people greater access to the files that those agencies held about them. Today, consumers can easily gain access to their credit reports online.
“What the credit reporting industry did was change their point of view from client-oriented to consumer-oriented, and develop the tools and technology to allow consumers to see what’s in their reports and ensure it is accurate,” Ms. Brill said. “The data broker industry could do the exact same thing.”
(click here to continue reading Acxiom Consumer Data, Often Unavailable to Consumers – NYTimes.com.)