Thursday, December 29, 2005

Hackers Prod Spy Cams for Privacy Protection

Wired News story about surveillance cameras in Austria being hacked by privacy advocating hackers in order to protect privacy of those monitored by the cameras. The action came as Austrian government passed a law allowing police to monitor public places with CCTV cameras without a court order and the activists decided to hack the systems to prevent this.

The action starts with web searches for URL's leading to links of security camera systems, then uses facial recognition software to place black stripes over eyes of those who appear on monitors - thus thwarting the surveillance systems they target. The government will no doubt find a workaround to thwart the hackers, but the incident serves to illustrate excessive eye in the sky "watchers" overseeing everything, everywhere and always.

We've come to expect the first move of law enforcement in criminal investigations to be checking for surveillance or security camera video. Very often, we're glad that those cameras capture criminal behavior and lead to prosecution of criminals. But there is something very distasteful about being watched when there is no need or value in it. This would be probably 99.99% of the time for most surveillance cameras.

Public warning signs of surveillance cameras hang in public building lobbies, elevators, passageways and garages. The intent is most often deterrance, rather than ID and capture of bad guys. Maybe it works to deter them, but it makes the rest of us squirm in discomfort to know we're being stared at by that all seeing single eye of surveillance cameras.

How often are watchers less than upstanding citizens and how often do they use those cameras to plan or carry out their own illicit activity? Knowing camera range of view or on/off cycles could be abused by those with access, who could also turn the lenses on or off at will and mess with time-stamps, or feedback bogus views to those videos. Who is watching those surveillance cameras and can the watchers always be trusted? Who is watching the watchers?

Save To    Digg! Digg This!
posted by RealitySEO at 10:38 AM 0 comments

NSA Spy Tool: Cookies Follow Privacy Advocate

This Wired News story discusses the latest in a string of US government domestic spying scandals in which the National Security Administration (NSA) was caught handing out persistent cookies to web visitors. Privacy advocate Daniel Brandt pointed out the little computer tracking snacks to NSA staff and the Associated Press started asking questions of NSA spooks this week.

Thanks to Daniel Brandt for keeping the government honest, but I wonder who goes to the NSA web site anyway. What would one be looking for there - other than cookies?

Interestingly, NSA spokespersons say it was a goof, hidden in a software upgrade where cookies are turned on by default to persist until 2035. They fail to name that software or how it slipped by the tech who installed it - and what consequences the employee and the agency face. "It was a mistake - we didn't know!" is often pooh-poohed in court with the standard retort of, "Ignorance of the law is no excuse." Who pays and how much? It never works in traffic court to say, "Ooops, I didn't notice I was speeding officer!"

Save To    Digg! Digg This!
posted by RealitySEO at 9:12 AM 0 comments

Wednesday, December 28, 2005

How To Make A RFID Blocking Wallet

Obviously a joke, this RFID blocking wallet, made with Duct Tape, is the reaction of a self described "multi-disciplinary Interaction Designer." Who's designed a wallet with tin foil inside duct tape that blocks the signal of RFID tags carried within. Thank you Dustin A. Kirk for protecting our privacy interests. ;-)

Save To    Digg! Digg This!
posted by RealitySEO at 9:04 PM 0 comments

Tuesday, December 27, 2005

Total Surveillance with RFID Tags

Total Surveillance is nearer than ever with the cost of RFID tags dropping as more and more uses are discovered. This is a Mother Jones recap article and interview with Katherine Albrecht of NoCards, and SpyChips. She has also written a book opposing RFID tracking with Spychips name. I've been aware of the work of Albrecht for some time but just noted a comment made in this interview that shocks me due to the dramatic privacy implications if it is ever implemented.
Let’s say I buy a pair of size 7 women’s Nike running shoes with a credit card. Currently, most major national chains are recording information about what people are buying. In the future, however, my pair of size 7 Nike running shoes will have a unique ID number in an RFID tag embedded in the sole—unless we stop it—so anytime that I step on carpeting or a floor tile that’s been equipped with an RFID reader, it can scan that number and know: “Hey, I’m at the Atlanta courthouse, and I just saw shoe number 308247 step by. Let me cross-reference that in the database. That’s the shoe that was purchased by Katherine Albrecht.”

And shoes are a particularly interesting example to think of in that regard because we don’t trade shoes with other people, for a variety of hygiene and fitness reasons, and most of us tend to wear only a few pairs of shoes regularly. So if you can identify a pair of shoes as belonging to an individual and strategically locate reader devices—put them in the entrance to the airport, the entrance to the courthouse, the entrance to the Wal-Mart store—you can pinpoint the time and place at which a person was seen entering that location. That opens up a whole new horizon of tracking capability to watch people, for marketers and homeland security folks.
While this may sound a bit paranoid at first hearing, it really is possible to track people very easily with RFID tags embedded their shoes - very easily done by injecting the tiny tags into the shoes of anyone you want to track and placing readers anywhere you want to confirm their presence. There is no need for government spooks to wait until Nike is embedding tags for them. Law enforcement are restricted from using other surveillance methods and constantly seek new ways to circumvent those restrictions.

Here is one un-regulated method of tracking. Until shoe-tagging is used as a method to track someone and then gets challenged in court, it will be legal to track anyone this way. We all hope that it will only be used to track bad guys, but it's quite likely to lead to misinterpretation of data on an innocent if used consistently.

Save To    Digg! Digg This!
posted by RealitySEO at 7:27 PM 0 comments

Security / Privacy Trends for 2006

This Red Herring story recaps security & privacy breaches for 2005 and predicts growth of threats in 2006 based on interviews with "security experts" whose business is plugging the leaks we rarely see. Mention is made of a growth in VOIP voice spam due to the growth of internet phone networks. Localized targeting for phishing attacks is predicted since many of the larger financial networks are finally getting protections in place after huge losses of data to hackers and theives.

Save To    Digg! Digg This!
posted by RealitySEO at 12:32 PM 0 comments

Friday, December 23, 2005

Ford Motor PC Theft 70,000 Employees At Risk

This AP story discusses the theft of a PC from a Ford Motor Company office and warns employees that their data may be used in identity theft. 70,000 are at risk of loss or sale of their social security numbers and personal information. When do corporations begin to realize they must take extraordinary measures to protect this data?

Save To    Digg! Digg This!
posted by RealitySEO at 8:08 AM 0 comments

Thursday, December 22, 2005

Bush Ends Privacy of US Citizens Phone Calls Illegally

The linked headline above is from a December 16th New York Times Article that was apparently held by the Times for over a year before they finally published it. Bush used executive fiat to bypass the courts and allow wire taps of US citizen phone calls if one party was out of the country.

According to network television coverage of the resulting monitored calls, many calls entirely on US soil were monitored due to glitches in the ability to tell where phones were located. A Boston legal scholar consulted for Nightline claimed the Bush move was outright illegal and that he could very easily be impeached for breaking the law if anyone in Congress had the courage to pursue impeachment proceedings.

The Times article has two effects on me immediately. First, a sigh of relief that the world has now been put on notice of serious privacy breaches in the name of so-called national security - because they will surely be stopped. Second, complete shock at Bush's complete disregard for privacy and the rule of law in conducting warrantless surveillance of US citizens at home. How could he possibly have reviewed and re-approved this criminal activity by a branch of the US government over 30 times since September 11, 2001?

Extremist conservatives attempted impeachment of Bill Clinton because he lied about some oval office hanky-panky. GW Bush now deserves no less for a serious breach of law in conducting warrantless surveillance of American citizens on US soil.

Save To    Digg! Digg This!
posted by RealitySEO at 2:28 PM 0 comments

Thursday, December 01, 2005

Privacy & Ubiquitous Computing Implications

Privacy & Ubiquitous Computing Implications The headline linked article above leads to an ITWorldCanada article which discusses how we are moving to an increasingly networked world where objects "talk" to each other via the web and networks.

The concept has been discussed for years as a potential interconnected dream where your refrigerator knows when the milk is nearing empty or approaching the end of it's freshness date and adds milk to your automated shopping list for delivery before you even know it's needed. Washing machines "talk" to clothes to properly set water temperatures and wash cycles and whether to dry and on what setting.

These imaginings are so "Jetsons" to many until we see it in action. We're remarkably accepting of amazing technology once it is a reality. But the drawbacks to this future dream are the privacy implications - where our actions, purchases and travels are transparent to all databases which share these tiny details of our lives. Every laundry load, grocery purchase and gasoline fill-up shows in a database. Once these multiple databases are interconnected, everything we do becomes an open book to whomever has access to those databases.

Several "Law & Order" and "CSI" episodes have peripherally addressed privacy issues related to technology in our lives, but the potential for abuse of vast stores of information available on each of us will become greater as this ubiquitous computing scenario begins unfolding.

Save To    Digg! Digg This!
posted by RealitySEO at 9:59 AM 0 comments